Additions (#121)

* Update README.md

Adds recon-ng to OSINT tools

* Update README.md

Adds zmap to Network Tools

* Revert "Update README.md"

This reverts commit 51dad977b2.

* Update README.md

Adds several things, moves Burp to Web Exploitation, removes LOIC

* Update README.md

Removes duplicate recon-ng entry in OSInt Tools.

* Update README.md

Adds more DoS tools

* Update README.md

Replaces LOIC at contributor request
This commit is contained in:
tarrenj 2017-04-06 19:24:35 -04:00 committed by Samar Dhwoj Acharya
parent 9971bff13f
commit 4464ded0e7

View File

@ -31,6 +31,7 @@ A collection of awesome penetration testing resources
- [Anonymity Tools](#anonymity-tools) - [Anonymity Tools](#anonymity-tools)
- [Reverse Engineering Tools](#reverse-engineering-tools) - [Reverse Engineering Tools](#reverse-engineering-tools)
- [CTF Tools](#ctf-tools) - [CTF Tools](#ctf-tools)
- [Practice CTFs](#practice-ctfs)
- [Books](#books) - [Books](#books)
- [Penetration Testing Books](#penetration-testing-books) - [Penetration Testing Books](#penetration-testing-books)
- [Hackers Handbook Series](#hackers-handbook-series) - [Hackers Handbook Series](#hackers-handbook-series)
@ -72,12 +73,17 @@ A collection of awesome penetration testing resources
#### Lock Picking Resources #### Lock Picking Resources
* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks * [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks
* [bosnianbill](https://www.youtube.com/user/bosnianbill) - More lockpicking videos
* [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations. * [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations.
#### Operating Systems #### Operating Systems
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems * [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions * [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems * [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
* [cuckoo](https://cuckoosandbox.org/) - Cuckoo Sandbox is a malware analysis system
* [CAINE](http://www.caine-live.net/) - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project
* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS
* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity
### Tools ### Tools
#### Penetration Testing Distributions #### Penetration Testing Distributions
@ -94,7 +100,6 @@ A collection of awesome penetration testing resources
#### Basic Penetration Testing Tools #### Basic Penetration Testing Tools
* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software * [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits * [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits
* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project * [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project
* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform * [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform
@ -184,6 +189,8 @@ A collection of awesome penetration testing resources
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation * [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation
#### Web exploitation #### Web exploitation
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
* [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit * [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit
@ -222,6 +229,7 @@ A collection of awesome penetration testing resources
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials * [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
* [Powershell Empire](https://www.powershellempire.com/) - A pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target * [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner * [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer
@ -235,6 +243,8 @@ A collection of awesome penetration testing resources
#### DDoS Tools #### DDoS Tools
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows * [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures
* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool * [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool
* [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. * [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
@ -290,6 +300,11 @@ A collection of awesome penetration testing resources
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs
* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks * [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks
#### Practice CTFs
* [HackThisSite](hackthissite.org) - An online CTF with short challenges and clear progression
* [HackMethod](https://hackmethod.com/) - An online CTF with short challenges and clear progression
* [VulnHub](https://www.vulnhub.com/) - Hosts vulnerable VMs for downloading and hacking, founded by g0tmi1k
### Books ### Books
#### Penetration Testing Books #### Penetration Testing Books
* [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm) * [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm)