From 3efd3ba1243db253dd45330e83ad57094eb8f679 Mon Sep 17 00:00:00 2001 From: Ory Segal Date: Mon, 4 Feb 2019 21:47:53 +0200 Subject: [PATCH] Added two entries: 1) awesome-serverless-security list. 2) Lambda-Proxy, a simple utility to bridge between SQLMap and AWS Lambda in order to natively test serverless functions for SQL Injection --- README.md | 117 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 56 deletions(-) diff --git a/README.md b/README.md index e5409d9..41be829 100644 --- a/README.md +++ b/README.md @@ -10,62 +10,65 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea ## Contents -* [Online Resources](#online-resources) - * [Penetration Testing Resources](#penetration-testing-resources) - * [Exploit Development](#exploit-development) - * [Open Sources Intelligence (OSINT) Resources](#open-sources-intelligence-osint-resources) - * [Social Engineering Resources](#social-engineering-resources) - * [Lock Picking Resources](#lock-picking-resources) - * [Operating Systems](#operating-systems) -* [Tools](#tools) - * [Penetration Testing Distributions](#penetration-testing-distributions) - * [Docker for Penetration Testing](#docker-for-penetration-testing) - * [Multi-paradigm Frameworks](#multi-paradigm-frameworks) - * [Network vulnerability scanners](#network-vulnerability-scanners) - * [Static Analyzers](#static-analyzers) - * [Web Vulnerability Scanners](#web-vulnerability-scanners) - * [Network Tools](#network-tools) - * [Exfiltration Tools](#exfiltration-tools) - * [Network Reconnaissance Tools](#network-reconnaissance-tools) - * [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers) - * [Proxies and MITM Tools](#proxies-and-mitm-tools) - * [Wireless Network Tools](#wireless-network-tools) - * [Transport Layer Security Tools](#transport-layer-security-tools) - * [Web Exploitation](#web-exploitation) - * [Hex Editors](#hex-editors) - * [File Format Analysis Tools](#file-format-analysis-tools) - * [Anti-virus Evasion Tools](#anti-virus-evasion-tools) - * [Hash Cracking Tools](#hash-cracking-tools) - * [Windows Utilities](#windows-utilities) - * [GNU/Linux Utilities](#gnulinux-utilities) - * [macOS Utilities](#macos-utilities) - * [DDoS Tools](#ddos-tools) - * [Social Engineering Tools](#social-engineering-tools) - * [OSINT Tools](#osint-tools) - * [Anonymity Tools](#anonymity-tools) - * [Reverse Engineering Tools](#reverse-engineering-tools) - * [Physical Access Tools](#physical-access-tools) - * [Industrial Control and SCADA Systems](#industrial-control-and-scada-systems) - * [Side-channel Tools](#side-channel-tools) - * [CTF Tools](#ctf-tools) - * [Penetration Testing Report Templates](#penetration-testing-report-templates) - * [Code examples for Penetration Testing](#code-examples-for-penetration-testing) -* [Books](#books) - * [Penetration Testing Books](#penetration-testing-books) - * [Hackers Handbook Series](#hackers-handbook-series) - * [Defensive Development](#defensive-development) - * [Network Analysis Books](#network-analysis-books) - * [Reverse Engineering Books](#reverse-engineering-books) - * [Malware Analysis Books](#malware-analysis-books) - * [Windows Books](#windows-books) - * [Social Engineering Books](#social-engineering-books) - * [Lock Picking Books](#lock-picking-books) - * [Defcon Suggested Reading](#defcon-suggested-reading) -* [Vulnerability Databases](#vulnerability-databases) -* [Security Courses](#security-courses) -* [Information Security Conferences](#information-security-conferences) -* [Information Security Magazines](#information-security-magazines) -* [Awesome Lists](#awesome-lists) +- [Awesome Penetration Testing ![Awesome](https://github.com/sindresorhus/awesome)](#awesome-penetration-testing-awesomehttpsgithubcomsindresorhusawesome) + - [Contents](#contents) + - [Online Resources](#online-resources) + - [Penetration Testing Resources](#penetration-testing-resources) + - [Exploit Development](#exploit-development) + - [Open Sources Intelligence (OSINT) Resources](#open-sources-intelligence-osint-resources) + - [Social Engineering Resources](#social-engineering-resources) + - [Lock Picking Resources](#lock-picking-resources) + - [Operating Systems](#operating-systems) + - [Tools](#tools) + - [Penetration Testing Distributions](#penetration-testing-distributions) + - [Docker for Penetration Testing](#docker-for-penetration-testing) + - [Multi-paradigm Frameworks](#multi-paradigm-frameworks) + - [Network vulnerability scanners](#network-vulnerability-scanners) + - [Static Analyzers](#static-analyzers) + - [Web Vulnerability Scanners](#web-vulnerability-scanners) + - [Network Tools](#network-tools) + - [Exfiltration Tools](#exfiltration-tools) + - [Network Reconnaissance Tools](#network-reconnaissance-tools) + - [Protocol Analyzers and Sniffers](#protocol-analyzers-and-sniffers) + - [Proxies and MITM Tools](#proxies-and-mitm-tools) + - [Wireless Network Tools](#wireless-network-tools) + - [Transport Layer Security Tools](#transport-layer-security-tools) + - [Web Exploitation](#web-exploitation) + - [Hex Editors](#hex-editors) + - [File Format Analysis Tools](#file-format-analysis-tools) + - [Anti-virus Evasion Tools](#anti-virus-evasion-tools) + - [Hash Cracking Tools](#hash-cracking-tools) + - [Windows Utilities](#windows-utilities) + - [GNU/Linux Utilities](#gnulinux-utilities) + - [macOS Utilities](#macos-utilities) + - [DDoS Tools](#ddos-tools) + - [Social Engineering Tools](#social-engineering-tools) + - [OSINT Tools](#osint-tools) + - [Anonymity Tools](#anonymity-tools) + - [Reverse Engineering Tools](#reverse-engineering-tools) + - [Physical Access Tools](#physical-access-tools) + - [Industrial Control and SCADA Systems](#industrial-control-and-scada-systems) + - [Side-channel Tools](#side-channel-tools) + - [CTF Tools](#ctf-tools) + - [Penetration Testing Report Templates](#penetration-testing-report-templates) + - [Code examples for Penetration Testing](#code-examples-for-penetration-testing) + - [Books](#books) + - [Penetration Testing Books](#penetration-testing-books) + - [Hackers Handbook Series](#hackers-handbook-series) + - [Defensive Development](#defensive-development) + - [Network Analysis Books](#network-analysis-books) + - [Reverse Engineering Books](#reverse-engineering-books) + - [Malware Analysis Books](#malware-analysis-books) + - [Windows Books](#windows-books) + - [Social Engineering Books](#social-engineering-books) + - [Lock Picking Books](#lock-picking-books) + - [Defcon Suggested Reading](#defcon-suggested-reading) + - [Vulnerability Databases](#vulnerability-databases) + - [Security Courses](#security-courses) + - [Information Security Conferences](#information-security-conferences) + - [Information Security Magazines](#information-security-magazines) + - [Awesome Lists](#awesome-lists) +- [License](#license) ## Online Resources @@ -263,6 +266,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks. * [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework. * [MITMf](https://github.com/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks. +* [Lambda-Proxy](https://github.com/puresec/lambda-proxy) - A simple utility to help test AWS Lambda serverless functions for SQL Injection vulnerabilities, using a local HTTP proxy, which transforms the SQLMap HTTP-based attacks to AWS Lambda invoke calls. ### Wireless Network Tools @@ -724,6 +728,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [YARA](https://github.com/InQuest/awesome-yara) - YARA rules, tools, and people. * [Blue Team](https://github.com/meitar/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams. * [Android Exploits](https://github.com/sundaysec/Android-Exploits) - Guide on Android Exploitation and Hacks. +* [Serverless Security](https://github.com/puresec/awesome-serverless-security/) - A curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers. # License