From 5c66c6525b3f562d7c84cf691178392c535d8f78 Mon Sep 17 00:00:00 2001
From: nil0x42 <nil0x42@users.noreply.github.com>
Date: Wed, 26 Aug 2020 13:20:46 +0000
Subject: [PATCH 01/20] Add `phpsploit` (C2 framework via PHP oneliner)

Add phpsploit tool (https://github.com/nil0x42/phpsploit):
Full-featured C2 framework which silently persists on webserver via evil PHP oneliner

PhpSploit is a well-known advanced & stealth PHP webshell for persistence & privesc
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index f561153..6e0c7e8 100644
--- a/README.md
+++ b/README.md
@@ -791,6 +791,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
 * [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
 * [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
+* [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
 
 ### Web Exploitation Books
 

From 770f5f46a70bf1d8c59ed94dcf2d3ab9bce3be34 Mon Sep 17 00:00:00 2001
From: Hors <horsicq@gmail.com>
Date: Fri, 2 Oct 2020 21:01:55 +0200
Subject: [PATCH 02/20] Added Detect It Easy(DiE)

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index f561153..e05445d 100644
--- a/README.md
+++ b/README.md
@@ -643,6 +643,7 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
 ### Reverse Engineering Tools
 
 * [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
+* [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - Program for determining types of files for Windows, Linux and MacOS.
 * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
 * [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
 * [Fridax](https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.

From c18963b9fc570e320b5213d15494dafe5366f44e Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sat, 3 Oct 2020 15:28:56 -0400
Subject: [PATCH 03/20] Add angr, a binary analysis platform useful for reverse
 engineering.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index f561153..39c437b 100644
--- a/README.md
+++ b/README.md
@@ -642,6 +642,7 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
 
 ### Reverse Engineering Tools
 
+* [angr](https://angr.io/) - Platform-agnostic binary analysis framework.
 * [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
 * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
 * [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

From fa379c6bfc8644984c373d6232b21513edaffb30 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sat, 3 Oct 2020 15:29:17 -0400
Subject: [PATCH 04/20] Add StegOnline, an open-source port of StegSolve with a
 Web GUI.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 39c437b..8e85c53 100644
--- a/README.md
+++ b/README.md
@@ -733,6 +733,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 ## Steganography Tools
 
 * [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
+* [StegOnline](https://stegonline.georgeom.net/) - Web-based, enhanced, and open-source port of StegSolve.
 * [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.
 
 ## Vulnerability Databases

From a11ff0b2994f66f59495125453867d9f0e2b573b Mon Sep 17 00:00:00 2001
From: Peter Thaleikis <spekulatius@users.noreply.github.com>
Date: Fri, 9 Oct 2020 19:02:44 +0400
Subject: [PATCH 05/20] Removing double "for"

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8e85c53..fa2b23a 100644
--- a/README.md
+++ b/README.md
@@ -382,7 +382,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
 * [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
 * [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
 * [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
-* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
+* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for network sniffing.
 * [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
 * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
 

From 1fc3c18716c558807789949c866f52a31ba0a66c Mon Sep 17 00:00:00 2001
From: duraki <duraki@users.noreply.github.com>
Date: Wed, 21 Oct 2020 09:40:19 +0200
Subject: [PATCH 06/20] Remove deadlink

Remove dead link from the README.
---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index fa2b23a..fbaa30a 100644
--- a/README.md
+++ b/README.md
@@ -85,7 +85,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 
 ## Android Utilities
 
-* [Android Open Pwn Project (AOPP)](https://www.pwnieexpress.com/aopp) - Variant of the Android Open Source Project (AOSP), called Pwnix, is built from the ground up for network hacking and pentesting.
 * [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
 * [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
 

From 66d53c73f2a997a6324ead42f3df6d532067019f Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 6 Dec 2020 14:49:15 -0500
Subject: [PATCH 07/20] Add Awesome Malware list to "Other Lists Online."

This list is an important piece of the full pentest puzzle. While this
list focuses primarily on the pre-exploitation and exploitation phases
of a penetration test, the Awesome Malware list focuses on
post-exploitation tools and resources, which are needed to make any
meaningful use of success with the tools listed on this list.
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 94618fa..33ae81c 100644
--- a/README.md
+++ b/README.md
@@ -486,6 +486,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
 * [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources.
 * [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security.
 * [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists.
+* [Awesome Malware](https://github.com/fabacab/awesome-malware) - Curated collection of awesome malware, botnets, and other post-exploitation tools.
 * [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries) - Awesome list of useful, funny, and depressing search queries for Shodan.
 * [AWS Tool Arsenal](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - List of tools for testing and securing AWS environments.
 * [Blue Team](https://github.com/fabacab/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams.

From 411e8798c666b54e88d76abbcda959133365ee6e Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 6 Dec 2020 15:26:35 -0500
Subject: [PATCH 08/20] Add new privesc subsection, "Password Spraying" with
 two new tools.

---
 README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 33ae81c..cd2a6bf 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [Periodicals](#periodicals)
 * [Physical Access Tools](#physical-access-tools)
 * [Privilege Escalation Tools](#privilege-escalation-tools)
+  * [Password Spraying Tools](#password-spraying-tools)
 * [Reverse Engineering](#reverse-engineering)
   * [Reverse Engineering Books](#reverse-engineering-books)
   * [Reverse Engineering Tools](#reverse-engineering-tools)
@@ -628,6 +629,11 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
 * [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
 * [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
 
+### Password Spraying Tools
+
+* [DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain.
+* [SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
+
 ## Reverse Engineering
 
 See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools).
@@ -801,7 +807,6 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
 * [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
 
-
 ## Windows Utilities
 
 * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.

From f620cfd8dd36f721fe7c8c6e453dbbb50277f9f1 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Tue, 8 Dec 2020 20:04:47 -0500
Subject: [PATCH 09/20] Add Depix, tool for reversing heavily pixelated text.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index cd2a6bf..c5fb771 100644
--- a/README.md
+++ b/README.md
@@ -528,6 +528,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
 See also [awesome-osint](https://github.com/jivoi/awesome-osint).
 
 * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
+* [Depix](https://github.com/beurtschipper/Depix) - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).
 * [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning.
 * [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
 * [Maltego](http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics.

From dfad0798dc26a45dc0f1db3b4bd6ea0d3981f0c0 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Tue, 15 Dec 2020 15:51:58 -0500
Subject: [PATCH 10/20] Closes #402: Recognize H2HC by adding it to Conferences
 section.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index c5fb771..0eec9cc 100644
--- a/README.md
+++ b/README.md
@@ -214,6 +214,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
 ### South America
 
 * [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
+* [Hackers to Hackers Conference (H2HC)](https://www.h2hc.com.br/) - Oldest security research (hacking) conference in Latin America and one of the oldest ones still active in the world.
 
 ### Zealandia
 

From beb5b1c4a0b7ddacf690a01196f9bd329c244822 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sat, 6 Feb 2021 08:07:22 -0500
Subject: [PATCH 11/20] Add OSV, a vuln DB with an API for open source
 software.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 0eec9cc..40302cb 100644
--- a/README.md
+++ b/README.md
@@ -759,6 +759,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
 * [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
 * [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
+* [Open Source Vulnerabilities (OSV)](https://osv.dev/) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
 * [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
 * [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
 * [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.

From d826fb11051a2be6b1f6ea867819a272aedf139a Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sat, 6 Feb 2021 08:10:14 -0500
Subject: [PATCH 12/20] Add kube-hunter, a Kubernetes pentesting utility.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 40302cb..c3e8ed9 100644
--- a/README.md
+++ b/README.md
@@ -443,6 +443,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
 ## Network Vulnerability Scanners
 
 * [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
+* [kube-hunter](https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
 * [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
 * [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws.
 * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.

From a274d4d88c5caba8c3210a175d969a808c86d479 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sat, 6 Feb 2021 08:22:13 -0500
Subject: [PATCH 13/20] Remove 0xED as it now 404's on the official site.

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index c3e8ed9..031ecf7 100644
--- a/README.md
+++ b/README.md
@@ -267,7 +267,6 @@ See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
 
 ## Hex Editors
 
-* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types.
 * [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
 * [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows.
 * [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing  binary diffs.

From 5566085e47e96d2d02266d2cd592a16dc16932ee Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sat, 6 Feb 2021 08:27:10 -0500
Subject: [PATCH 14/20] Remove peCloak.py as its host now consistently returns
 HTTP 500 error.

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 031ecf7..3f18373 100644
--- a/README.md
+++ b/README.md
@@ -114,7 +114,6 @@ See also [awesome-tor](https://github.com/ajvb/awesome-tor).
 * [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
 * [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
 * [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions.
-* [peCloak.py](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
 * [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
 
 ## Books

From 5ff19fe3ecff871bbb82da4107e1f2fa9b4ba718 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 14 Mar 2021 13:22:12 -0400
Subject: [PATCH 15/20] Add categories for Web Exploitation megacategory.

---
 README.md | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 3f18373..a5f9bc9 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
   * [Network device discovery tools](#network-device-discovery-tools)
   * [OSINT Online Resources](#osint-online-resources)
   * [Source code repository searching tools](#source-code-repository-searching-tools)
+  * [Web application and resource analysis tools](#web-application-and-resource-analysis-tools)
 * [Online Resources](#online-resources)
   * [Online Code Samples and Examples](#online-code-samples-and-examples)
   * [Online Exploit Development Resources](#online-exploit-development-resources)
@@ -81,6 +82,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [Steganography Tools](#steganography-tools)
 * [Vulnerability Databases](#vulnerability-databases)
 * [Web Exploitation](#web-exploitation)
+  * [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
+  * [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
   * [Web Exploitation Books](#web-exploitation-books)
 * [Windows Utilities](#windows-utilities)
 
@@ -590,9 +593,21 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
 
 ### Source code repository searching tools
 
+See also *[Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)*.
+
 * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
 * [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.
 
+### Web application and resource analysis tools
+
+* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
+* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
+* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
+* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
+* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
+* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
+* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
+
 ## Operating System Distributions
 
 * [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing.
@@ -770,15 +785,10 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 
 ## Web Exploitation
 
-* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
-* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
 * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
 * [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
-* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
-* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
 * [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
 * [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
-* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
 * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
 * [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
 * [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
@@ -786,11 +796,8 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
 * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
-* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
 * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
-* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
 * [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
-* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
 * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
 * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
 * [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
@@ -799,10 +806,20 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
 * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
 * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
-* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
-* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
-* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
+
+### Web shells and C2 frameworks
+
+* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
+* [DAws](https://github.com/dotcppfile/DAws) - Advanced Web shell.
+* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications.
 * [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
+* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
+
+### Web-accessible source code ripping tools
+
+* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
+* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
+* [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website.
 
 ### Web Exploitation Books
 

From e7e4ba0a6d31c0695ef7fcc29b8957baff38a9cf Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 14 Mar 2021 13:36:24 -0400
Subject: [PATCH 16/20] Add more Web categories.

---
 README.md | 40 ++++++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index a5f9bc9..ebe55e2 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
 * [Steganography Tools](#steganography-tools)
 * [Vulnerability Databases](#vulnerability-databases)
 * [Web Exploitation](#web-exploitation)
+  * [Intercepting Web proxies](#intercepting-web-proxies)
+  * [Web file inclusion tools](#web-file-inclusion-tools)
+  * [Web injection tools](#web-injection-tools)
   * [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
   * [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
   * [Web Exploitation Books](#web-exploitation-books)
@@ -400,6 +403,8 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
 
 ### Proxies and Machine-in-the-Middle (MITM) Tools
 
+See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
+
 * [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
 * [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
 * [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
@@ -410,7 +415,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
 * [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
 * [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
 * [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
-* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
 * [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
 * [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
 
@@ -785,26 +789,38 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 
 ## Web Exploitation
 
-* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
-* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
-* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
 * [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
-* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
-* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
-* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
-* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
 * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
 * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
-* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
 * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
 * [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
-* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
+* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
 * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
-* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
-* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
 * [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
 * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
 * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
+
+### Intercepting Web proxies
+
+See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-in-the-middle-mitm-tools)*.
+
+* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
+* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
+* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
+* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
+
+### Web file inclusion tools
+
+* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
+* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
+* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
+* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
+
+### Web injection tools
+
+* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
+* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
+* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
 * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
 
 ### Web shells and C2 frameworks

From 2defa8281c131dcbdfdc573e8bbfc6aa853f6449 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 14 Mar 2021 13:42:04 -0400
Subject: [PATCH 17/20] Closes #406: Add Pentest Collaboration Framework (PCF).

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 3f18373..78ec861 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
 
 * [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
 * [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
+* [Pentest Collaboration Framework (PCF)](https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
 * [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
 
 ## Conferences and Events

From 9a921bbf49c11e872a22532d9786228e85ecc1e6 Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Sun, 14 Mar 2021 14:20:47 -0400
Subject: [PATCH 18/20] Closes #373: Add dirsearch and git-scanner to
 appropriate Web category.

---
 README.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 00307c4..f89b190 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
   * [Intercepting Web proxies](#intercepting-web-proxies)
   * [Web file inclusion tools](#web-file-inclusion-tools)
   * [Web injection tools](#web-injection-tools)
+  * [Web path discovery and bruteforcing tools](#web-path-discovery-and-bruteforcing-tools)
   * [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
   * [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
   * [Web Exploitation Books](#web-exploitation-books)
@@ -609,6 +610,7 @@ See also *[Web-accessible source code ripping tools](#web-accessible-source-code
 * [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
 * [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
 * [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
+* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
 * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
 * [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
 * [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
@@ -794,10 +796,8 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
 * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
 * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
 * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
-* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
 * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
 * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
-* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
 * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
 * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
 
@@ -824,6 +824,11 @@ See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
 * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
 
+### Web path discovery and bruteforcing tools
+
+* [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
+* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
+
 ### Web shells and C2 frameworks
 
 * [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
@@ -837,6 +842,7 @@ See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-
 * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
 * [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
 * [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website.
+* [git-scanner](https://github.com/HightechSec/git-scanner) - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.
 
 ### Web Exploitation Books
 

From d284f701420f4102ea654d70121e5466df3f3f7c Mon Sep 17 00:00:00 2001
From: fabacab <fabacab@riseup.net>
Date: Fri, 26 Mar 2021 22:42:20 -0400
Subject: [PATCH 19/20] Add SigPloit, cellular/module phone operator telecom
 pentest framework.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index f89b190..06ec253 100644
--- a/README.md
+++ b/README.md
@@ -336,6 +336,7 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
 * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
 * [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
 * [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
+* [SigPloit](https://github.com/SigPloiter/SigPloit) - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
 * [Smart Install Exploitation Tool (SIET)](https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
 * [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
 * [Tsunami](https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

From 098d89b4dcec3a92511f1d5231fe529f43bab115 Mon Sep 17 00:00:00 2001
From: Ariary <ariary9.2@hotmail.fr>
Date: Sat, 25 Sep 2021 10:07:55 +0200
Subject: [PATCH 20/20] Add QueenSono, data exfiltration tool using ICMP
 protocol.

Add QueenSono in data exfiltration tool, as it is based on ICMP protocol
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 06ec253..db21235 100644
--- a/README.md
+++ b/README.md
@@ -235,6 +235,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
 * [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
 * [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
 * [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
+* [QueenSono](https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
 
 ## Exploit Development Tools