Merge branch 'master' into patch-1

This commit is contained in:
Samar Dhwoj Acharya 2017-04-06 17:23:29 -05:00 committed by GitHub
commit 62c302dce7

View File

@ -11,6 +11,7 @@ A collection of awesome penetration testing resources
- [Exploit development](#exploit-development)
- [Social Engineering Resources](#social-engineering-resources)
- [Lock Picking Resources](#lock-picking-resources)
- [Operating Systems](#operating-systems)
- [Tools](#tools)
- [Penetration Testing Distributions](#penetration-testing-distributions)
- [Basic Penetration Testing Tools](#basic-penetration-testing-tools)
@ -19,9 +20,9 @@ A collection of awesome penetration testing resources
- [Network Tools](#network-tools)
- [Wireless Network Tools](#wireless-network-tools)
- [SSL Analysis Tools](#ssl-analysis-tools)
- [Web exploitation](#web-exploitation)
- [Web Exploitation](#web-exploitation)
- [Hex Editors](#hex-editors)
- [Crackers](#crackers)
- [Hash Cracking Tools](#hash-cracking-tools)
- [Windows Utils](#windows-utils)
- [Linux Utils](#linux-utils)
- [DDoS Tools](#ddos-tools)
@ -73,6 +74,11 @@ A collection of awesome penetration testing resources
* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks
* [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations.
#### Operating Systems
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
### Tools
#### Penetration Testing Distributions
* [Kali](https://www.kali.org/) - A Linux distribution designed for digital forensics and penetration testing
@ -82,6 +88,7 @@ A collection of awesome penetration testing resources
* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments
* [Parrot](https://www.parrotsec.org/) - A distribution similar to Kali, with multiple architecture
* [Buscador](https://inteltechniques.com/buscador/) - A Linux Virtual Machine that is pre-configured for online investigators
* [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.
@ -95,12 +102,12 @@ A collection of awesome penetration testing resources
* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool
* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router
* [redsnarf] (https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials
* [Bella](https://github.com/manwhoami/Bella) - Bella is a pure Python post-exploitation data mining & remote administration tool for Mac OS.
#### Docker for Penetration Testing
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
* `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy)
* `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/)
* `docker pull pandrew/metasploit` - [docker-metasploit](https://hub.docker.com/r/pandrew/metasploit/)
* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/)
* `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/)
* `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/)
@ -113,6 +120,7 @@ A collection of awesome penetration testing resources
* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/)
* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--)
* `docker pull kalilinux/kali-linux-docker` - [Kali Linux Docker Image](https://www.kali.org/news/official-kali-linux-docker-images/)
* `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/)
#### Vulnerability Scanners
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability Management & Risk Management Software
@ -129,6 +137,7 @@ A collection of awesome penetration testing resources
* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
#### Network Tools
* [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies
* [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
* [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
* [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line
@ -176,9 +185,10 @@ A collection of awesome penetration testing resources
#### Web exploitation
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
* [Wordpress Exploit Framework](https://gitbub.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
* [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
@ -189,16 +199,23 @@ A collection of awesome penetration testing resources
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories
* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool
#### Hex Editors
* [HexEdit.js](https://hexed.it) - Browser-based hex editing
* [Hexinator](https://hexinator.com/) (commercial) - World's finest Hex Editor
#### Crackers
#### File Format Analysis Tools
* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby
* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool
* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction
#### Hash Cracking Tools
* [John the Ripper](http://www.openwall.com/john/) - Fast password cracker
* [Online MD5 cracker](http://www.md5crack.com/) - Online MD5 hash Cracker
* [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker
* [CeWL](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words
#### Windows Utils
* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities
@ -210,6 +227,7 @@ A collection of awesome penetration testing resources
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer
* [Empire](https://github.com/PowerShellEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software
#### Linux Utils
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
@ -222,6 +240,7 @@ A collection of awesome penetration testing resources
#### Social Engineering Tools
* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content
#### OSInt Tools
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
@ -241,11 +260,12 @@ A collection of awesome penetration testing resources
* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know
* [snitch](https://github.com/Smaash/snitch) - information gathering via dorks
* [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool
* [Bingoo](https://github.com/Hood3dRob1n/BinGoo) - A Linux bash based Bing and Google Dorking Tool
* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner
* [Threat Crowd](https://www.threatcrowd.org/) - A search engine for threats
* [Virus Total](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category.
* [Intel Techniques](https://inteltechniques.com/menu.html) - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
#### Anonymity Tools
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
@ -267,7 +287,8 @@ A collection of awesome penetration testing resources
* [dnSpy](https://github.com/0xd4d/dnSpy) - dnSpy is a tool to reverse engineer .NET assemblies
#### CTF Tools
* [Pwntools](https://github.com/Gallopsled/pwntools) - CTF framework for use in CTFs
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs
* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks
### Books
#### Penetration Testing Books
@ -379,9 +400,10 @@ A collection of awesome penetration testing resources
* [PhreakNIC](http://phreaknic.info/) - A technology conference held annually in middle Tennessee
* [ShmooCon](http://shmoocon.org/) - An annual US east coast hacker convention
* [CarolinaCon](http://www.carolinacon.org/) - An infosec conference, held annually in North Carolina
* [CHCon](https://chcon.nz) - Christchurch Hacker Con, Only South Island of New Zealand hacker con
* [CHCon](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con
* [SummerCon](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer
* [Hack.lu](https://2016.hack.lu/) - An annual conference held in Luxembourg
* [Hackfest](https://hackfest.ca) - Largest hacking conference in Canada
* [HITB](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands
* [Troopers](https://www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany
* [Hack3rCon](http://hack3rcon.org/) - An annual US hacker conference
@ -391,7 +413,7 @@ A collection of awesome penetration testing resources
* [SkyDogCon](http://www.skydogcon.com/) - A technology conference in Nashville
* [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul)
* [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
* [AppSecUSA](https://appsecusa.org/) - An annual conference organised by OWASP
* [AppSecUSA](https://2016.appsecusa.org/) - An annual conference organised by OWASP
* [BruCON](http://brucon.org) - An annual security conference in Belgium
* [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK
* [Nullcon](http://nullcon.net/website/) - An annual conference in Delhi and Goa, India
@ -410,6 +432,7 @@ A collection of awesome penetration testing resources
### Awesome Lists
* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
* [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets
* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development
* [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command-line frameworks, toolkits, guides and gizmos