mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-23 06:09:22 -05:00
Additions (#121)
* Update README.md
Adds recon-ng to OSINT tools
* Update README.md
Adds zmap to Network Tools
* Revert "Update README.md"
This reverts commit 51dad977b2
.
* Update README.md
Adds several things, moves Burp to Web Exploitation, removes LOIC
* Update README.md
Removes duplicate recon-ng entry in OSInt Tools.
* Update README.md
Adds more DoS tools
* Update README.md
Replaces LOIC at contributor request
This commit is contained in:
parent
9971bff13f
commit
4464ded0e7
17
README.md
17
README.md
@ -31,6 +31,7 @@ A collection of awesome penetration testing resources
|
||||
- [Anonymity Tools](#anonymity-tools)
|
||||
- [Reverse Engineering Tools](#reverse-engineering-tools)
|
||||
- [CTF Tools](#ctf-tools)
|
||||
- [Practice CTFs](#practice-ctfs)
|
||||
- [Books](#books)
|
||||
- [Penetration Testing Books](#penetration-testing-books)
|
||||
- [Hackers Handbook Series](#hackers-handbook-series)
|
||||
@ -72,12 +73,17 @@ A collection of awesome penetration testing resources
|
||||
|
||||
#### Lock Picking Resources
|
||||
* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks
|
||||
* [bosnianbill](https://www.youtube.com/user/bosnianbill) - More lockpicking videos
|
||||
* [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations.
|
||||
|
||||
#### Operating Systems
|
||||
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
|
||||
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions
|
||||
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
|
||||
* [cuckoo](https://cuckoosandbox.org/) - Cuckoo Sandbox is a malware analysis system
|
||||
* [CAINE](http://www.caine-live.net/) - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project
|
||||
* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS
|
||||
* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity
|
||||
|
||||
### Tools
|
||||
#### Penetration Testing Distributions
|
||||
@ -94,7 +100,6 @@ A collection of awesome penetration testing resources
|
||||
|
||||
#### Basic Penetration Testing Tools
|
||||
* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software
|
||||
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
|
||||
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits
|
||||
* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project
|
||||
* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform
|
||||
@ -184,6 +189,8 @@ A collection of awesome penetration testing resources
|
||||
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation
|
||||
|
||||
#### Web exploitation
|
||||
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
|
||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
|
||||
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
||||
* [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit
|
||||
@ -222,6 +229,7 @@ A collection of awesome penetration testing resources
|
||||
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
|
||||
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
|
||||
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
|
||||
* [Powershell Empire](https://www.powershellempire.com/) - A pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture
|
||||
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
|
||||
* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
|
||||
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer
|
||||
@ -235,6 +243,8 @@ A collection of awesome penetration testing resources
|
||||
#### DDoS Tools
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC
|
||||
* [SlowLoris](https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side
|
||||
* [HOIC](https://sourceforge.net/projects/high-orbit-ion-cannon/) - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures
|
||||
* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool
|
||||
* [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
|
||||
|
||||
@ -290,6 +300,11 @@ A collection of awesome penetration testing resources
|
||||
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs
|
||||
* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks
|
||||
|
||||
#### Practice CTFs
|
||||
* [HackThisSite](hackthissite.org) - An online CTF with short challenges and clear progression
|
||||
* [HackMethod](https://hackmethod.com/) - An online CTF with short challenges and clear progression
|
||||
* [VulnHub](https://www.vulnhub.com/) - Hosts vulnerable VMs for downloading and hacking, founded by g0tmi1k
|
||||
|
||||
### Books
|
||||
#### Penetration Testing Books
|
||||
* [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm)
|
||||
|
Loading…
Reference in New Issue
Block a user