diff --git a/README.md b/README.md index a2d6a4c..bc43839 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea - [Basic Penetration Testing Tools](#basic-penetration-testing-tools) - [Docker for Penetration Testing](#docker-for-penetration-testing) - [Vulnerability Scanners](#vulnerability-scanners) + - [Static Analyzers](#static-analyzers) + - [Web Scanners](#web-scanners) - [Network Tools](#network-tools) - [Wireless Network Tools](#wireless-network-tools) - [SSL Analysis Tools](#ssl-analysis-tools) @@ -135,20 +137,28 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) ### Vulnerability Scanners -* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability management & risk management software. -* [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner) - Vulnerability, configuration, and compliance assessment. -* [Nikto](https://cirt.net/nikto2) - Web application vulnerability scanner. -* [OpenVAS](http://www.openvas.org/) - Open Source vulnerability scanner and manager. -* [Secapps](https://secapps.com/) - Integrated web application security testing environment. -* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. -* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner. -* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for macOS. -* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. -* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework. +* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. +* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. +* [OpenVAS](http://www.openvas.org/) - Free software implementation of the popular Nessus vulnerability assessment system. * [Vuls](https://github.com/future-architect/vuls) - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. + +#### Static Analyzers * [Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications. +* [cppcheck](http://cppcheck.sourceforge.net/) - Extensible C/C++ static analyzer focused on finding bugs. +* [FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code. * [sobelow](https://github.com/techgaun/sobelow) - Security-focused static analysis for the Phoenix Framework. +#### Web Scanners +* [Nikto](https://cirt.net/nikto2) - Noisy but fast black box web server and web application vulnerability scanner. +* [Arachni](http://www.arachni-scanner.com/) - Scriptable framework for evaluating the security of web applications. +* [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework. +* [Wapiti](http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer. +* [SecApps](https://secapps.com/) - In-browser web application security testing suite. +* [WebReaver](https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS. +* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. +* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. +* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. + #### Network Tools * [zmap](https://zmap.io/) - Open source network scanner that enables researchers to easily perform Internet-wide network studies. * [nmap](https://nmap.org/) - Free security scanner for network exploration & security audits. @@ -205,15 +215,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. -* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner. * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool. * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell. * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites. -* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. -* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner. * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter. * [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter. * [wafw00f](https://github.com/EnableSecurity/wafw00f) - Identifies and fingerprints Web Application Firewall (WAF) products. @@ -221,8 +228,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner. * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool. * [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool. -* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. * [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool. +* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. +* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories. ### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing.