diff --git a/README.md b/README.md index cf343b5..5220a2a 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Penetration Testing Framework (PTF)](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike. * [XSS-Payloads](http://www.xss-payloads.com) - Ultimate resource for all things cross-site including payloads, tools, games and documentation. * [MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)](https://attack.mitre.org/) - Curated knowledge base and model for cyber adversary behavior. -* [InfoSec Institute](http://resources.infosecinstitute.com) - IT & Security Boot Camps +* [InfoSec Institute](http://resources.infosecinstitute.com) - IT and security bootcamps. ### Exploit Development @@ -88,7 +88,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category. * [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories. -* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html). +* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - Collection of OSINT links and custom Web interfaces to other services. * [WiGLE.net](https://wigle.net/) - Information about wireless networks world-wide, with user-friendly desktop and web applications. * [CertGraph](https://github.com/lanrat/certgraph) - Crawls a domain's SSL/TLS certificates for its certificate alternative names. @@ -108,9 +108,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems. * [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Open source automated malware analysis system. * [Digital Evidence & Forensics Toolkit (DEFT)](http://www.deftlinux.net/) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place. -* [SIFT](https://digital-forensics.sans.org/community/downloads) - Forensic Workstation Made by SANS +* [SIFT](https://digital-forensics.sans.org/community/downloads) - Forensic workstation made by SANS. * [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity. -* [Qubes OS](https://www.qubes-os.org) - Secure Operating System +* [Qubes OS](https://www.qubes-os.org) - High-security Operating System providing strict application isolation. ## Tools @@ -209,7 +209,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. * [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more. * [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities. -* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets +* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets. #### Exfiltration Tools @@ -258,7 +258,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates. * [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks. * [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework. -* [MITMf](https://github.com/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks +* [MITMf](https://github.com/byt3bl33d3r/MITMf) - Framework for Man-In-The-Middle attacks. ### Wireless Network Tools @@ -269,13 +269,13 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks. * [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks. * [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK. -* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - A Suite of Tools written in Python for wireless auditing -* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C -* [infernal-twin](https://github.com/entropy1337/infernal-twin) - This is automated wireless hacking tool -* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack Attack Scripts -* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network -* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for WiFi Pentesting -* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for Rogue Wi-Fi Access Point Attack +* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - Suite of tools written in Python for wireless auditing. +* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C. +* [infernal-twin](https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool. +* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts. +* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network. +* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting. +* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for rogue Wi-Fi access point attack. ### Transport Layer Security Tools @@ -316,8 +316,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. * [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites. * [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing. -* [Raccoon](https://github.com/evyatarmeged/Raccoon) - A high performance offensive security tool for reconnaissance and vulnerability scanning -* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems +* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning. +* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems. ### Hex Editors @@ -376,13 +376,13 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more. * [Ruler](https://github.com/sensepost/ruler) - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server. * [SCOMDecrypt](https://github.com/nccgroup/SCOMDecrypt) - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases. -* [LaZagne](https://github.com/AlessandroZ/LaZagne) - Credentials recovery project +* [LaZagne](https://github.com/AlessandroZ/LaZagne) - Credentials recovery project. ### GNU/Linux Utilities * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. -* [Lynis](https://cisofy.com/lynis/) - Auditing tool for Unix-based systems -* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on Unix systems +* [Lynis](https://cisofy.com/lynis/) - Auditing tool for UNIX-based systems. +* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. ### macOS Utilities @@ -404,22 +404,22 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. * [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. * [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service. -* [Evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework +* [Evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework. * [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks. * [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. * [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger. * [FiercePhish](https://github.com/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements. * [SocialFish](https://github.com/UndeadSec/SocialFish) - Social media phishing framework that can run on an Android phone or in a Docker container. * [ShellPhish](https://github.com/thelinuxchoice/shellphish) - Social media site cloner and phishing tool built atop SocialFish. -* [Gophish](https://getgophish.com) - Open-Source Phishing Framework -* [phishery](https://github.com/ryhanson/phishery) - An SSL Enabled Basic Auth Credential Harvester -* [ReelPhish](https://github.com/fireeye/ReelPhish) - A Real-Time Two-Factor Phishing Tool +* [Gophish](https://getgophish.com) - Open-source phishing framework. +* [phishery](https://github.com/ryhanson/phishery) - TLS/SSL enabled Basic Auth credential harvester. +* [ReelPhish](https://github.com/fireeye/ReelPhish) - Real-time two-factor phishing tool. ### OSINT Tools * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. * [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester. -* [SimplyEmail](https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy +* [SimplyEmail](https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy. * [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool. * [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester. * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon. @@ -430,7 +430,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python. * [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak. * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. -* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations +* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. * [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. * [fast-recon](https://github.com/DanMcInerney/fast-recon) - Perform Google dorks against a domain. * [snitch](https://github.com/Smaash/snitch) - Information gathering via dorks. @@ -446,11 +446,11 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc. * [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company. * [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures. -* [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool -* [image-match](https://github.com/ascribe/image-match]) - Quickly search over billions of images -* [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email/domain/ip_address/organization -* [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping -* [surfraw](https://github.com/kisom/surfraw) - a fast UNIX command line interface to a variety of popular WWW search engines +* [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool. +* [image-match](https://github.com/ascribe/image-match]) - Quickly search over billions of images. +* [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations. +* [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping. +* [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines. ### Anonymity Tools @@ -461,7 +461,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [What Every Browser Knows About You](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks. * [dos-over-tor](https://github.com/zacscott/dos-over-tor) - Proof of concept denial of service over Tor stress test tool. * [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests. -* [kalitorify](https://github.com/brainfuckSec/kalitorify) - Transparent proxy through Tor for Kali Linux OS +* [kalitorify](https://github.com/brainfuckSec/kalitorify) - Transparent proxy through Tor for Kali Linux OS. ### Reverse Engineering Tools @@ -703,7 +703,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [OSINT](https://github.com/jivoi/awesome-osint) - Awesome OSINT list containing great resources. * [YARA](https://github.com/InQuest/awesome-yara) - YARA rules, tools, and people. * [Blue Team](https://github.com/meitar/awesome-cybersecurity-blueteam) - Awesome resources, tools, and other shiny things for cybersecurity blue teams. -* [Android Exploits](https://github.com/sundaysec/Android-Exploits) - Guide on Android Exploitation and Hacks +* [Android Exploits](https://github.com/sundaysec/Android-Exploits) - Guide on Android Exploitation and Hacks. # License