mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-10 14:39:30 -05:00
Update README.md
This commit is contained in:
Brainfuck
GitHub
parent
85b403f870
commit
4592571df4
29
README.md
29
README.md
@ -76,6 +76,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Penetration Testing Framework (PTF)](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
|
||||
* [XSS-Payloads](http://www.xss-payloads.com) - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
|
||||
* [MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)](https://attack.mitre.org/) - Curated knowledge base and model for cyber adversary behavior.
|
||||
* [InfoSec Institute](http://resources.infosecinstitute.com) - IT & Security Boot Camps
|
||||
|
||||
### Exploit Development
|
||||
|
||||
@ -106,7 +107,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
|
||||
* [cuckoo](https://github.com/cuckoosandbox/cuckoo) - Open source automated malware analysis system.
|
||||
* [Digital Evidence & Forensics Toolkit (DEFT)](http://www.deftlinux.net/) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
|
||||
* [SIFT](https://digital-forensics.sans.org/community/downloads) - Forensic Workstation Made by SANS
|
||||
* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity.
|
||||
* [Qubes OS](https://www.qubes-os.org) - Secure Operating System
|
||||
|
||||
## Tools
|
||||
|
||||
@ -188,7 +191,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [SQLmate](https://github.com/UltimateHackers/sqlmate) - A friend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
|
||||
* [JCS](https://github.com/TheM4hd1/JCS) - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
|
||||
|
||||
|
||||
### Network Tools
|
||||
|
||||
* [pig](https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
|
||||
@ -206,6 +208,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
|
||||
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
||||
* [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
|
||||
* [hping3](https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets
|
||||
|
||||
#### Exfiltration Tools
|
||||
|
||||
@ -265,7 +268,13 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Fluxion](https://github.com/FluxionNetwork/fluxion) - Suite of automated social engineering based WPA attacks.
|
||||
* [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) - Multi-use bash script for Linux systems to audit wireless networks.
|
||||
* [Cowpatty](https://github.com/joswr1ght/cowpatty) - Brute-force dictionary attack against WPA-PSK.
|
||||
|
||||
* [BoopSuite](https://github.com/MisterBianco/BoopSuite) - A Suite of Tools written in Python for wireless auditing
|
||||
* [Bully](http://git.kali.org/gitweb/?p=packages/bully.git;a=summary) - Implementation of the WPS brute force attack, written in C
|
||||
* [infernal-twin](https://github.com/entropy1337/infernal-twin) - This is automated wireless hacking tool
|
||||
* [krackattacks-scripts](https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack Attack Scripts
|
||||
* [KRACK Detector](https://github.com/securingsam/krackdetector) - Detect and prevent KRACK attacks in your network
|
||||
* [wifi-arsenal](https://github.com/0x90/wifi-arsenal) - Resources for WiFi Pentesting
|
||||
* [WiFi-Pumpkin](https://github.com/P0cL4bs/WiFi-Pumpkin) - Framework for Rogue Wi-Fi Access Point Attack
|
||||
|
||||
### Transport Layer Security Tools
|
||||
|
||||
@ -307,6 +316,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - A simple script to take screenshots of list of websites.
|
||||
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
||||
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - A high performance offensive security tool for reconnaissance and vulnerability scanning
|
||||
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems
|
||||
|
||||
### Hex Editors
|
||||
|
||||
@ -346,6 +356,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [BruteForce Wallet](https://github.com/glv2/bruteforce-wallet) - Find the password of an encrypted wallet file (i.e. `wallet.dat`).
|
||||
* [StegCracker](https://github.com/Paradoxis/StegCracker) - Steganography brute-force utility to uncover hidden data inside files.
|
||||
|
||||
|
||||
### Windows Utilities
|
||||
|
||||
* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities.
|
||||
@ -365,10 +376,13 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
|
||||
* [Ruler](https://github.com/sensepost/ruler) - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
|
||||
* [SCOMDecrypt](https://github.com/nccgroup/SCOMDecrypt) - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
|
||||
* [LaZagne](https://github.com/AlessandroZ/LaZagne) - Credentials recovery project
|
||||
|
||||
### GNU/Linux Utilities
|
||||
|
||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
|
||||
* [Lynis](https://cisofy.com/lynis/) - Auditing tool for Unix-based systems
|
||||
* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on Unix systems
|
||||
|
||||
### macOS Utilities
|
||||
|
||||
@ -390,17 +404,22 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [Social Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
|
||||
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
|
||||
* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service.
|
||||
* [Evilginx2](https://github.com/kgretzky/evilginx2) - Standalone man-in-the-middle attack framework
|
||||
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
|
||||
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
|
||||
* [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger.
|
||||
* [FiercePhish](https://github.com/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements.
|
||||
* [SocialFish](https://github.com/UndeadSec/SocialFish) - Social media phishing framework that can run on an Android phone or in a Docker container.
|
||||
* [ShellPhish](https://github.com/thelinuxchoice/shellphish) - Social media site cloner and phishing tool built atop SocialFish.
|
||||
* [Gophish](https://getgophish.com) - Open-Source Phishing Framework
|
||||
* [phishery](https://github.com/ryhanson/phishery) - An SSL Enabled Basic Auth Credential Harvester
|
||||
* [ReelPhish](https://github.com/fireeye/ReelPhish) - A Real-Time Two-Factor Phishing Tool
|
||||
|
||||
### OSINT Tools
|
||||
|
||||
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
|
||||
* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester.
|
||||
* [SimplyEmail](https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy
|
||||
* [creepy](https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
|
||||
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester.
|
||||
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - Database of Google dorks; can be used for recon.
|
||||
@ -428,6 +447,11 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [OWASP Amass](https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
|
||||
* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
|
||||
* [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
|
||||
* [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool
|
||||
* [image-match](https://github.com/ascribe/image-match]) - Quickly search over billions of images
|
||||
* [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email/domain/ip_address/organization
|
||||
* [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping
|
||||
* [surfraw](https://github.com/kisom/surfraw) - a fast UNIX command line interface to a variety of popular WWW search engines
|
||||
|
||||
### Anonymity Tools
|
||||
|
||||
@ -438,6 +462,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
||||
* [What Every Browser Knows About You](http://webkay.robinlinus.com/) - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.
|
||||
* [dos-over-tor](https://github.com/zacscott/dos-over-tor) - Proof of concept denial of service over Tor stress test tool.
|
||||
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
|
||||
* [kalitorify](https://github.com/brainfuckSec/kalitorify) - Transparent proxy through Tor for Kali Linux OS
|
||||
|
||||
### Reverse Engineering Tools
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user