diff --git a/README.md b/README.md index b12afea..fdf6d8e 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ A collection of awesome penetration testing resources - [Anonymity Tools](#anonymity-tools) - [Reverse Engineering Tools](#reverse-engineering-tools) - [CTF Tools](#ctf-tools) + - [Practice CTFs](#practice-ctfs) - [Books](#books) - [Penetration Testing Books](#penetration-testing-books) - [Hackers Handbook Series](#hackers-handbook-series) @@ -72,12 +73,17 @@ A collection of awesome penetration testing resources #### Lock Picking Resources * [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks +* [bosnianbill](https://www.youtube.com/user/bosnianbill) - More lockpicking videos * [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations. #### Operating Systems * [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems * [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions * [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems +* [cuckoo](https://cuckoosandbox.org/) - Cuckoo Sandbox is a malware analysis system +* [CAINE](http://www.caine-live.net/) - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project +* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS +* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity ### Tools #### Penetration Testing Distributions @@ -94,7 +100,6 @@ A collection of awesome penetration testing resources #### Basic Penetration Testing Tools * [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software -* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications * [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits * [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project * [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform @@ -184,6 +189,8 @@ A collection of awesome penetration testing resources * [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation #### Web exploitation +* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications +* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. * [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit @@ -222,6 +229,7 @@ A collection of awesome penetration testing resources * [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework +* [Powershell Empire](https://www.powershellempire.com/) - A pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture * [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target * [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer @@ -235,6 +243,8 @@ A collection of awesome penetration testing resources #### DDoS Tools * [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC +* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side +* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures * [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool * [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. @@ -290,6 +300,11 @@ A collection of awesome penetration testing resources * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs * [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks +#### Practice CTFs +* [HackThisSite](hackthissite.org) - An online CTF with short challenges and clear progression +* [HackMethod](https://hackmethod.com/) - An online CTF with short challenges and clear progression +* [VulnHub](https://www.vulnhub.com/) - Hosts vulnerable VMs for downloading and hacking, founded by g0tmi1k + ### Books #### Penetration Testing Books * [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm)