mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-22 21:59:29 -05:00
Merge branch 'enaqx:master' into master
This commit is contained in:
commit
3e25b404d5
111
README.md
111
README.md
@ -54,6 +54,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [Network device discovery tools](#network-device-discovery-tools)
|
* [Network device discovery tools](#network-device-discovery-tools)
|
||||||
* [OSINT Online Resources](#osint-online-resources)
|
* [OSINT Online Resources](#osint-online-resources)
|
||||||
* [Source code repository searching tools](#source-code-repository-searching-tools)
|
* [Source code repository searching tools](#source-code-repository-searching-tools)
|
||||||
|
* [Web application and resource analysis tools](#web-application-and-resource-analysis-tools)
|
||||||
* [Online Resources](#online-resources)
|
* [Online Resources](#online-resources)
|
||||||
* [Online Code Samples and Examples](#online-code-samples-and-examples)
|
* [Online Code Samples and Examples](#online-code-samples-and-examples)
|
||||||
* [Online Exploit Development Resources](#online-exploit-development-resources)
|
* [Online Exploit Development Resources](#online-exploit-development-resources)
|
||||||
@ -66,6 +67,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [Periodicals](#periodicals)
|
* [Periodicals](#periodicals)
|
||||||
* [Physical Access Tools](#physical-access-tools)
|
* [Physical Access Tools](#physical-access-tools)
|
||||||
* [Privilege Escalation Tools](#privilege-escalation-tools)
|
* [Privilege Escalation Tools](#privilege-escalation-tools)
|
||||||
|
* [Password Spraying Tools](#password-spraying-tools)
|
||||||
* [Reverse Engineering](#reverse-engineering)
|
* [Reverse Engineering](#reverse-engineering)
|
||||||
* [Reverse Engineering Books](#reverse-engineering-books)
|
* [Reverse Engineering Books](#reverse-engineering-books)
|
||||||
* [Reverse Engineering Tools](#reverse-engineering-tools)
|
* [Reverse Engineering Tools](#reverse-engineering-tools)
|
||||||
@ -80,12 +82,17 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [Steganography Tools](#steganography-tools)
|
* [Steganography Tools](#steganography-tools)
|
||||||
* [Vulnerability Databases](#vulnerability-databases)
|
* [Vulnerability Databases](#vulnerability-databases)
|
||||||
* [Web Exploitation](#web-exploitation)
|
* [Web Exploitation](#web-exploitation)
|
||||||
|
* [Intercepting Web proxies](#intercepting-web-proxies)
|
||||||
|
* [Web file inclusion tools](#web-file-inclusion-tools)
|
||||||
|
* [Web injection tools](#web-injection-tools)
|
||||||
|
* [Web path discovery and bruteforcing tools](#web-path-discovery-and-bruteforcing-tools)
|
||||||
|
* [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
|
||||||
|
* [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
|
||||||
* [Web Exploitation Books](#web-exploitation-books)
|
* [Web Exploitation Books](#web-exploitation-books)
|
||||||
* [Windows Utilities](#windows-utilities)
|
* [Windows Utilities](#windows-utilities)
|
||||||
|
|
||||||
## Android Utilities
|
## Android Utilities
|
||||||
|
|
||||||
* [Android Open Pwn Project (AOPP)](https://www.pwnieexpress.com/aopp) - Variant of the Android Open Source Project (AOSP), called Pwnix, is built from the ground up for network hacking and pentesting.
|
|
||||||
* [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
|
* [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
|
||||||
* [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
|
* [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
|
||||||
|
|
||||||
@ -114,7 +121,6 @@ See also [awesome-tor](https://github.com/ajvb/awesome-tor).
|
|||||||
* [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
|
* [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
|
||||||
* [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
|
* [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
|
||||||
* [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions.
|
* [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions.
|
||||||
* [peCloak.py](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
|
|
||||||
* [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
|
* [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
|
||||||
|
|
||||||
## Books
|
## Books
|
||||||
@ -161,6 +167,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
|
|||||||
|
|
||||||
* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
|
* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
|
||||||
* [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
|
* [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
|
||||||
|
* [Pentest Collaboration Framework (PCF)](https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
|
||||||
* [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
|
* [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
|
||||||
|
|
||||||
## Conferences and Events
|
## Conferences and Events
|
||||||
@ -214,6 +221,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
|
|||||||
### South America
|
### South America
|
||||||
|
|
||||||
* [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
|
* [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
|
||||||
|
* [Hackers to Hackers Conference (H2HC)](https://www.h2hc.com.br/) - Oldest security research (hacking) conference in Latin America and one of the oldest ones still active in the world.
|
||||||
|
|
||||||
### Zealandia
|
### Zealandia
|
||||||
|
|
||||||
@ -227,6 +235,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
|
|||||||
* [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
|
* [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
|
||||||
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
|
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
|
||||||
* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
|
* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
|
||||||
|
* [QueenSono](https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
|
||||||
|
|
||||||
## Exploit Development Tools
|
## Exploit Development Tools
|
||||||
|
|
||||||
@ -266,7 +275,6 @@ See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
|
|||||||
|
|
||||||
## Hex Editors
|
## Hex Editors
|
||||||
|
|
||||||
* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types.
|
|
||||||
* [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
|
* [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
|
||||||
* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows.
|
* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows.
|
||||||
* [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs.
|
* [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs.
|
||||||
@ -330,6 +338,7 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
|
|||||||
* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
|
* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
|
||||||
* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
|
* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
|
||||||
* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
|
* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
|
||||||
|
* [SigPloit](https://github.com/SigPloiter/SigPloit) - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
|
||||||
* [Smart Install Exploitation Tool (SIET)](https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
|
* [Smart Install Exploitation Tool (SIET)](https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
|
||||||
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
||||||
* [Tsunami](https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
|
* [Tsunami](https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
|
||||||
@ -383,7 +392,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
|
* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
|
||||||
* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
|
* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
|
||||||
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
|
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
|
||||||
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
|
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for network sniffing.
|
||||||
* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
|
* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
|
||||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
|
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
|
||||||
|
|
||||||
@ -399,6 +408,8 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
|
|
||||||
### Proxies and Machine-in-the-Middle (MITM) Tools
|
### Proxies and Machine-in-the-Middle (MITM) Tools
|
||||||
|
|
||||||
|
See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
|
||||||
|
|
||||||
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
||||||
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
||||||
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
||||||
@ -409,7 +420,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
||||||
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
||||||
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
|
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
|
||||||
* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
|
||||||
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
|
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
|
||||||
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
|
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
|
||||||
|
|
||||||
@ -443,6 +453,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
## Network Vulnerability Scanners
|
## Network Vulnerability Scanners
|
||||||
|
|
||||||
* [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
|
* [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
|
||||||
|
* [kube-hunter](https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
|
||||||
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
|
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
|
||||||
* [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws.
|
* [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws.
|
||||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
|
||||||
@ -488,6 +499,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
* [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources.
|
* [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources.
|
||||||
* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security.
|
* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security.
|
||||||
* [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists.
|
* [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists.
|
||||||
|
* [Awesome Malware](https://github.com/fabacab/awesome-malware) - Curated collection of awesome malware, botnets, and other post-exploitation tools.
|
||||||
* [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries) - Awesome list of useful, funny, and depressing search queries for Shodan.
|
* [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries) - Awesome list of useful, funny, and depressing search queries for Shodan.
|
||||||
* [AWS Tool Arsenal](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - List of tools for testing and securing AWS environments.
|
* [AWS Tool Arsenal](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - List of tools for testing and securing AWS environments.
|
||||||
* [Blue Team](https://github.com/fabacab/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams.
|
* [Blue Team](https://github.com/fabacab/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams.
|
||||||
@ -528,6 +540,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
See also [awesome-osint](https://github.com/jivoi/awesome-osint).
|
See also [awesome-osint](https://github.com/jivoi/awesome-osint).
|
||||||
|
|
||||||
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
|
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
|
||||||
|
* [Depix](https://github.com/beurtschipper/Depix) - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).
|
||||||
* [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning.
|
* [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning.
|
||||||
* [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
|
* [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
|
||||||
* [Maltego](http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics.
|
* [Maltego](http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics.
|
||||||
@ -589,9 +602,22 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
|
|||||||
|
|
||||||
### Source code repository searching tools
|
### Source code repository searching tools
|
||||||
|
|
||||||
|
See also *[Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)*.
|
||||||
|
|
||||||
* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
|
* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
|
||||||
* [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.
|
* [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.
|
||||||
|
|
||||||
|
### Web application and resource analysis tools
|
||||||
|
|
||||||
|
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
||||||
|
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
|
||||||
|
* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
||||||
|
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
||||||
|
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
||||||
|
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
||||||
|
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
||||||
|
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
|
||||||
|
|
||||||
## Operating System Distributions
|
## Operating System Distributions
|
||||||
|
|
||||||
* [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing.
|
* [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing.
|
||||||
@ -629,6 +655,11 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
|
|||||||
* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
|
* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
|
||||||
* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
|
* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
|
||||||
|
|
||||||
|
### Password Spraying Tools
|
||||||
|
|
||||||
|
* [DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain.
|
||||||
|
* [SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
|
||||||
|
|
||||||
## Reverse Engineering
|
## Reverse Engineering
|
||||||
|
|
||||||
See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools).
|
See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools).
|
||||||
@ -643,7 +674,9 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
|
|||||||
|
|
||||||
### Reverse Engineering Tools
|
### Reverse Engineering Tools
|
||||||
|
|
||||||
|
* [angr](https://angr.io/) - Platform-agnostic binary analysis framework.
|
||||||
* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
|
* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
|
||||||
|
* [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - Program for determining types of files for Windows, Linux and MacOS.
|
||||||
* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
|
* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
|
||||||
* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
|
* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
|
||||||
* [Fridax](https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
|
* [Fridax](https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
|
||||||
@ -733,6 +766,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
|
|||||||
## Steganography Tools
|
## Steganography Tools
|
||||||
|
|
||||||
* [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
|
* [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
|
||||||
|
* [StegOnline](https://stegonline.georgeom.net/) - Web-based, enhanced, and open-source port of StegSolve.
|
||||||
* [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.
|
* [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.
|
||||||
|
|
||||||
## Vulnerability Databases
|
## Vulnerability Databases
|
||||||
@ -749,6 +783,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
|
|||||||
* [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
|
* [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
|
||||||
* [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
|
* [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
|
||||||
* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
|
* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
|
||||||
|
* [Open Source Vulnerabilities (OSV)](https://osv.dev/) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
|
||||||
* [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
|
* [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
|
||||||
* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
|
* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
|
||||||
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.
|
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.
|
||||||
@ -760,45 +795,63 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
|
|||||||
|
|
||||||
## Web Exploitation
|
## Web Exploitation
|
||||||
|
|
||||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
|
|
||||||
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
|
|
||||||
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
|
||||||
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
|
||||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
|
||||||
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
|
|
||||||
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
|
||||||
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
||||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
|
||||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
|
||||||
* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
|
|
||||||
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
|
|
||||||
* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
|
||||||
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
||||||
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
|
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
|
||||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
|
||||||
* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
|
|
||||||
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
||||||
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
|
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
|
||||||
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
|
||||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
|
|
||||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
|
||||||
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
||||||
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
|
||||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
|
||||||
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
|
||||||
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
||||||
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
|
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
|
||||||
|
|
||||||
|
### Intercepting Web proxies
|
||||||
|
|
||||||
|
See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-in-the-middle-mitm-tools)*.
|
||||||
|
|
||||||
|
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
||||||
|
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
||||||
|
* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
||||||
|
* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
||||||
|
|
||||||
|
### Web file inclusion tools
|
||||||
|
|
||||||
|
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
||||||
|
* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
|
||||||
|
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
||||||
|
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
||||||
|
|
||||||
|
### Web injection tools
|
||||||
|
|
||||||
|
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
||||||
|
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
|
||||||
|
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
||||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||||
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
|
|
||||||
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
|
### Web path discovery and bruteforcing tools
|
||||||
|
|
||||||
|
* [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
|
||||||
|
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
||||||
|
|
||||||
|
### Web shells and C2 frameworks
|
||||||
|
|
||||||
|
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
|
||||||
|
* [DAws](https://github.com/dotcppfile/DAws) - Advanced Web shell.
|
||||||
|
* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications.
|
||||||
|
* [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
|
||||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
|
* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
|
||||||
|
|
||||||
|
### Web-accessible source code ripping tools
|
||||||
|
|
||||||
|
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
|
||||||
|
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
|
||||||
|
* [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website.
|
||||||
|
* [git-scanner](https://github.com/HightechSec/git-scanner) - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.
|
||||||
|
|
||||||
### Web Exploitation Books
|
### Web Exploitation Books
|
||||||
|
|
||||||
* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
|
* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
|
||||||
* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
|
* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
|
||||||
|
|
||||||
|
|
||||||
## Windows Utilities
|
## Windows Utilities
|
||||||
|
|
||||||
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.
|
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.
|
||||||
|
Loading…
Reference in New Issue
Block a user