Merge branch 'enaqx:master' into master

This commit is contained in:
Santiago 2021-10-05 10:41:29 +01:00 committed by GitHub
commit 3e25b404d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

111
README.md
View File

@ -54,6 +54,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Network device discovery tools](#network-device-discovery-tools) * [Network device discovery tools](#network-device-discovery-tools)
* [OSINT Online Resources](#osint-online-resources) * [OSINT Online Resources](#osint-online-resources)
* [Source code repository searching tools](#source-code-repository-searching-tools) * [Source code repository searching tools](#source-code-repository-searching-tools)
* [Web application and resource analysis tools](#web-application-and-resource-analysis-tools)
* [Online Resources](#online-resources) * [Online Resources](#online-resources)
* [Online Code Samples and Examples](#online-code-samples-and-examples) * [Online Code Samples and Examples](#online-code-samples-and-examples)
* [Online Exploit Development Resources](#online-exploit-development-resources) * [Online Exploit Development Resources](#online-exploit-development-resources)
@ -66,6 +67,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Periodicals](#periodicals) * [Periodicals](#periodicals)
* [Physical Access Tools](#physical-access-tools) * [Physical Access Tools](#physical-access-tools)
* [Privilege Escalation Tools](#privilege-escalation-tools) * [Privilege Escalation Tools](#privilege-escalation-tools)
* [Password Spraying Tools](#password-spraying-tools)
* [Reverse Engineering](#reverse-engineering) * [Reverse Engineering](#reverse-engineering)
* [Reverse Engineering Books](#reverse-engineering-books) * [Reverse Engineering Books](#reverse-engineering-books)
* [Reverse Engineering Tools](#reverse-engineering-tools) * [Reverse Engineering Tools](#reverse-engineering-tools)
@ -80,12 +82,17 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Steganography Tools](#steganography-tools) * [Steganography Tools](#steganography-tools)
* [Vulnerability Databases](#vulnerability-databases) * [Vulnerability Databases](#vulnerability-databases)
* [Web Exploitation](#web-exploitation) * [Web Exploitation](#web-exploitation)
* [Intercepting Web proxies](#intercepting-web-proxies)
* [Web file inclusion tools](#web-file-inclusion-tools)
* [Web injection tools](#web-injection-tools)
* [Web path discovery and bruteforcing tools](#web-path-discovery-and-bruteforcing-tools)
* [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
* [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
* [Web Exploitation Books](#web-exploitation-books) * [Web Exploitation Books](#web-exploitation-books)
* [Windows Utilities](#windows-utilities) * [Windows Utilities](#windows-utilities)
## Android Utilities ## Android Utilities
* [Android Open Pwn Project (AOPP)](https://www.pwnieexpress.com/aopp) - Variant of the Android Open Source Project (AOSP), called Pwnix, is built from the ground up for network hacking and pentesting.
* [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities. * [cSploit](https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
* [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques. * [Fing](https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
@ -114,7 +121,6 @@ See also [awesome-tor](https://github.com/ajvb/awesome-tor).
* [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. * [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
* [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key. * [UniByAv](https://github.com/Mr-Un1k0d3r/UniByAv) - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
* [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions. * [Veil](https://www.veil-framework.com/) - Generate metasploit payloads that bypass common anti-virus solutions.
* [peCloak.py](https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
* [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool. * [peCloakCapstone](https://github.com/v-p-b/peCloakCapstone) - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
## Books ## Books
@ -161,6 +167,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals. * [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
* [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor. * [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
* [Pentest Collaboration Framework (PCF)](https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
* [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations. * [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
## Conferences and Events ## Conferences and Events
@ -214,6 +221,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
### South America ### South America
* [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina. * [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
* [Hackers to Hackers Conference (H2HC)](https://www.h2hc.com.br/) - Oldest security research (hacking) conference in Latin America and one of the oldest ones still active in the world.
### Zealandia ### Zealandia
@ -227,6 +235,7 @@ See [awesome-malware-analysis § Books](https://github.com/rshipp/awesome-malwar
* [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network. * [dnscat2](https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
* [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs. * [pwnat](https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
* [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. * [tgcd](http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
* [QueenSono](https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
## Exploit Development Tools ## Exploit Development Tools
@ -266,7 +275,6 @@ See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
## Hex Editors ## Hex Editors
* [0xED](http://www.suavetech.com/0xed/0xed.html) - Native macOS hex editor that supports plug-ins to display custom data types.
* [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#. * [Bless](https://github.com/bwrsandman/Bless) - High quality, full featured, cross-platform graphical hex editor written in Gtk#.
* [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows. * [Frhed](http://frhed.sourceforge.net/) - Binary file editor for Windows.
* [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs. * [Hex Fiend](http://ridiculousfish.com/hexfiend/) - Fast, open source, hex editor for macOS with support for viewing binary diffs.
@ -330,6 +338,7 @@ See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
* [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features. * [Printer Exploitation Toolkit (PRET)](https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
* [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools. * [SPARTA](https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
* [SigPloit](https://github.com/SigPloiter/SigPloit) - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
* [Smart Install Exploitation Tool (SIET)](https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them. * [Smart Install Exploitation Tool (SIET)](https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more. * [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
* [Tsunami](https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. * [Tsunami](https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
@ -383,7 +392,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. * [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
* [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols. * [Netzob](https://github.com/netzob/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols.
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. * [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. * [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for network sniffing.
* [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer. * [sniffglue](https://github.com/kpcyrd/sniffglue) - Secure multithreaded packet sniffer.
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
@ -399,6 +408,8 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
### Proxies and Machine-in-the-Middle (MITM) Tools ### Proxies and Machine-in-the-Middle (MITM) Tools
See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework. * [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks. * [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more. * [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
@ -409,7 +420,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters. * [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. * [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH. * [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests. * [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol. * [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
@ -443,6 +453,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
## Network Vulnerability Scanners ## Network Vulnerability Scanners
* [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner. * [celerystalk](https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
* [kube-hunter](https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. * [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
* [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws. * [Netsparker Application Security Scanner](https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws.
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
@ -488,6 +499,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
* [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources. * [Android Security](https://github.com/ashishb/android-security-awesome) - Collection of Android security related resources.
* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security. * [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security.
* [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists. * [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists.
* [Awesome Malware](https://github.com/fabacab/awesome-malware) - Curated collection of awesome malware, botnets, and other post-exploitation tools.
* [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries) - Awesome list of useful, funny, and depressing search queries for Shodan. * [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries) - Awesome list of useful, funny, and depressing search queries for Shodan.
* [AWS Tool Arsenal](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - List of tools for testing and securing AWS environments. * [AWS Tool Arsenal](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - List of tools for testing and securing AWS environments.
* [Blue Team](https://github.com/fabacab/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams. * [Blue Team](https://github.com/fabacab/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams.
@ -528,6 +540,7 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
See also [awesome-osint](https://github.com/jivoi/awesome-osint). See also [awesome-osint](https://github.com/jivoi/awesome-osint).
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
* [Depix](https://github.com/beurtschipper/Depix) - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).
* [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning. * [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning.
* [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI. * [Intrigue](http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
* [Maltego](http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics. * [Maltego](http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics.
@ -589,9 +602,22 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
### Source code repository searching tools ### Source code repository searching tools
See also *[Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)*.
* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
* [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords. * [Yar](https://github.com/Furduhlutur/yar) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.
### Web application and resource analysis tools
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
## Operating System Distributions ## Operating System Distributions
* [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing. * [Android Tamer](https://androidtamer.com/) - Distribution built for Android security professionals that includes tools required for Android security testing.
@ -629,6 +655,11 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system. * [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. * [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
### Password Spraying Tools
* [DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain.
* [SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
## Reverse Engineering ## Reverse Engineering
See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools). See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools).
@ -643,7 +674,9 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
### Reverse Engineering Tools ### Reverse Engineering Tools
* [angr](https://angr.io/) - Platform-agnostic binary analysis framework.
* [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework. * [Capstone](http://www.capstone-engine.org/) - Lightweight multi-platform, multi-architecture disassembly framework.
* [Detect It Easy(DiE)](https://github.com/horsicq/Detect-It-Easy) - Program for determining types of files for Windows, Linux and MacOS.
* [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux. * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
* [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. * [Frida](https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
* [Fridax](https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications. * [Fridax](https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
@ -733,6 +766,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
## Steganography Tools ## Steganography Tools
* [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings. * [Cloakify](https://github.com/TryCatchHCF/Cloakify) - Textual steganography toolkit that converts any filetype into lists of everyday strings.
* [StegOnline](https://stegonline.georgeom.net/) - Web-based, enhanced, and open-source port of StegSolve.
* [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files. * [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.
## Vulnerability Databases ## Vulnerability Databases
@ -749,6 +783,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC). * [Microsoft Security Advisories and Bulletins](https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
* [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. * [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine. * [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
* [Open Source Vulnerabilities (OSV)](https://osv.dev/) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
* [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. * [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information. * [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk. * [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.
@ -760,45 +795,63 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
## Web Exploitation ## Web Exploitation
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. * [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. * [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. * [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker. * [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS. * [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks. * [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
### Intercepting Web proxies
See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-in-the-middle-mitm-tools)*.
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
### Web file inclusion tools
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
### Web injection tools
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
* [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products.
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites. ### Web path discovery and bruteforcing tools
* [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
### Web shells and C2 frameworks
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
* [DAws](https://github.com/dotcppfile/DAws) - Advanced Web shell.
* [SharPyShell](https://github.com/antonioCoco/SharPyShell) - Tiny and obfuscated ASP.NET webshell for C# web applications.
* [PhpSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell. * [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
### Web-accessible source code ripping tools
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories.
* [git-dumper](https://github.com/arthaud/git-dumper) - Tool to dump a git repository from a website.
* [git-scanner](https://github.com/HightechSec/git-scanner) - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.
### Web Exploitation Books ### Web Exploitation Books
* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html) * [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html) * [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
## Windows Utilities ## Windows Utilities
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.