mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-23 06:09:22 -05:00
Merge branch 'master' into patch-1
This commit is contained in:
commit
62c302dce7
45
README.md
45
README.md
@ -11,6 +11,7 @@ A collection of awesome penetration testing resources
|
||||
- [Exploit development](#exploit-development)
|
||||
- [Social Engineering Resources](#social-engineering-resources)
|
||||
- [Lock Picking Resources](#lock-picking-resources)
|
||||
- [Operating Systems](#operating-systems)
|
||||
- [Tools](#tools)
|
||||
- [Penetration Testing Distributions](#penetration-testing-distributions)
|
||||
- [Basic Penetration Testing Tools](#basic-penetration-testing-tools)
|
||||
@ -19,9 +20,9 @@ A collection of awesome penetration testing resources
|
||||
- [Network Tools](#network-tools)
|
||||
- [Wireless Network Tools](#wireless-network-tools)
|
||||
- [SSL Analysis Tools](#ssl-analysis-tools)
|
||||
- [Web exploitation](#web-exploitation)
|
||||
- [Web Exploitation](#web-exploitation)
|
||||
- [Hex Editors](#hex-editors)
|
||||
- [Crackers](#crackers)
|
||||
- [Hash Cracking Tools](#hash-cracking-tools)
|
||||
- [Windows Utils](#windows-utils)
|
||||
- [Linux Utils](#linux-utils)
|
||||
- [DDoS Tools](#ddos-tools)
|
||||
@ -73,6 +74,11 @@ A collection of awesome penetration testing resources
|
||||
* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks
|
||||
* [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations.
|
||||
|
||||
#### Operating Systems
|
||||
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
|
||||
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions
|
||||
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
|
||||
|
||||
### Tools
|
||||
#### Penetration Testing Distributions
|
||||
* [Kali](https://www.kali.org/) - A Linux distribution designed for digital forensics and penetration testing
|
||||
@ -82,6 +88,7 @@ A collection of awesome penetration testing resources
|
||||
* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo
|
||||
* [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments
|
||||
* [Parrot](https://www.parrotsec.org/) - A distribution similar to Kali, with multiple architecture
|
||||
* [Buscador](https://inteltechniques.com/buscador/) - A Linux Virtual Machine that is pre-configured for online investigators
|
||||
* [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
|
||||
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.
|
||||
|
||||
@ -95,12 +102,12 @@ A collection of awesome penetration testing resources
|
||||
* [commix](https://github.com/stasinopoulos/commix) - Automated All-in-One OS Command Injection and Exploitation Tool
|
||||
* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router
|
||||
* [redsnarf] (https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials
|
||||
* [Bella](https://github.com/manwhoami/Bella) - Bella is a pure Python post-exploitation data mining & remote administration tool for Mac OS.
|
||||
|
||||
#### Docker for Penetration Testing
|
||||
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
|
||||
* `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy)
|
||||
* `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/)
|
||||
* `docker pull pandrew/metasploit` - [docker-metasploit](https://hub.docker.com/r/pandrew/metasploit/)
|
||||
* `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/)
|
||||
* `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/)
|
||||
* `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/)
|
||||
@ -113,6 +120,7 @@ A collection of awesome penetration testing resources
|
||||
* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/)
|
||||
* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--)
|
||||
* `docker pull kalilinux/kali-linux-docker` - [Kali Linux Docker Image](https://www.kali.org/news/official-kali-linux-docker-images/)
|
||||
* `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/)
|
||||
|
||||
#### Vulnerability Scanners
|
||||
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability Management & Risk Management Software
|
||||
@ -129,6 +137,7 @@ A collection of awesome penetration testing resources
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
|
||||
|
||||
#### Network Tools
|
||||
* [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies
|
||||
* [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
|
||||
* [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
|
||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line
|
||||
@ -176,9 +185,10 @@ A collection of awesome penetration testing resources
|
||||
|
||||
#### Web exploitation
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
|
||||
* [Wordpress Exploit Framework](https://gitbub.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
||||
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
|
||||
* [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit
|
||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
|
||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool
|
||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
|
||||
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
|
||||
@ -189,16 +199,23 @@ A collection of awesome penetration testing resources
|
||||
* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner
|
||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool
|
||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool
|
||||
* [GitTools](https://github.com/internetwache/GitTools) - Automatically find and download Web-accessible `.git` repositories
|
||||
* [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool
|
||||
|
||||
|
||||
#### Hex Editors
|
||||
* [HexEdit.js](https://hexed.it) - Browser-based hex editing
|
||||
* [Hexinator](https://hexinator.com/) (commercial) - World's finest Hex Editor
|
||||
|
||||
#### Crackers
|
||||
#### File Format Analysis Tools
|
||||
* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby
|
||||
* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool
|
||||
* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction
|
||||
|
||||
#### Hash Cracking Tools
|
||||
* [John the Ripper](http://www.openwall.com/john/) - Fast password cracker
|
||||
* [Online MD5 cracker](http://www.md5crack.com/) - Online MD5 hash Cracker
|
||||
* [Hashcat](http://hashcat.net/hashcat/) - The more fast hash cracker
|
||||
* [CeWL](https://digi.ninja/projects/cewl.php) - Generates custom wordlists by spidering a target's website and collecting unique words
|
||||
|
||||
#### Windows Utils
|
||||
* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities
|
||||
@ -210,6 +227,7 @@ A collection of awesome penetration testing resources
|
||||
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer
|
||||
* [Empire](https://github.com/PowerShellEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
|
||||
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel
|
||||
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software
|
||||
|
||||
#### Linux Utils
|
||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
|
||||
@ -222,6 +240,7 @@ A collection of awesome penetration testing resources
|
||||
|
||||
#### Social Engineering Tools
|
||||
* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec
|
||||
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content
|
||||
|
||||
#### OSInt Tools
|
||||
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
|
||||
@ -241,11 +260,12 @@ A collection of awesome penetration testing resources
|
||||
* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know
|
||||
* [snitch](https://github.com/Smaash/snitch) - information gathering via dorks
|
||||
* [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool
|
||||
* [Bingoo](https://github.com/Hood3dRob1n/BinGoo) - A Linux bash based Bing and Google Dorking Tool
|
||||
* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner
|
||||
* [Threat Crowd](https://www.threatcrowd.org/) - A search engine for threats
|
||||
* [Virus Total](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
|
||||
|
||||
* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category.
|
||||
* [Intel Techniques](https://inteltechniques.com/menu.html) - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
|
||||
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
|
||||
|
||||
#### Anonymity Tools
|
||||
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
|
||||
@ -267,7 +287,8 @@ A collection of awesome penetration testing resources
|
||||
* [dnSpy](https://github.com/0xd4d/dnSpy) - dnSpy is a tool to reverse engineer .NET assemblies
|
||||
|
||||
#### CTF Tools
|
||||
* [Pwntools](https://github.com/Gallopsled/pwntools) - CTF framework for use in CTFs
|
||||
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs
|
||||
* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks
|
||||
|
||||
### Books
|
||||
#### Penetration Testing Books
|
||||
@ -379,9 +400,10 @@ A collection of awesome penetration testing resources
|
||||
* [PhreakNIC](http://phreaknic.info/) - A technology conference held annually in middle Tennessee
|
||||
* [ShmooCon](http://shmoocon.org/) - An annual US east coast hacker convention
|
||||
* [CarolinaCon](http://www.carolinacon.org/) - An infosec conference, held annually in North Carolina
|
||||
* [CHCon](https://chcon.nz) - Christchurch Hacker Con, Only South Island of New Zealand hacker con
|
||||
* [CHCon](https://2016.chcon.nz/) - Christchurch Hacker Con, Only South Island of New Zealand hacker con
|
||||
* [SummerCon](http://www.summercon.org/) - One of the oldest hacker conventions, held during Summer
|
||||
* [Hack.lu](https://2016.hack.lu/) - An annual conference held in Luxembourg
|
||||
* [Hackfest](https://hackfest.ca) - Largest hacking conference in Canada
|
||||
* [HITB](https://conference.hitb.org/) - Deep-knowledge security conference held in Malaysia and The Netherlands
|
||||
* [Troopers](https://www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany
|
||||
* [Hack3rCon](http://hack3rcon.org/) - An annual US hacker conference
|
||||
@ -391,7 +413,7 @@ A collection of awesome penetration testing resources
|
||||
* [SkyDogCon](http://www.skydogcon.com/) - A technology conference in Nashville
|
||||
* [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul)
|
||||
* [DefCamp](http://def.camp/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
|
||||
* [AppSecUSA](https://appsecusa.org/) - An annual conference organised by OWASP
|
||||
* [AppSecUSA](https://2016.appsecusa.org/) - An annual conference organised by OWASP
|
||||
* [BruCON](http://brucon.org) - An annual security conference in Belgium
|
||||
* [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK
|
||||
* [Nullcon](http://nullcon.net/website/) - An annual conference in Delhi and Goa, India
|
||||
@ -410,6 +432,7 @@ A collection of awesome penetration testing resources
|
||||
### Awesome Lists
|
||||
* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
|
||||
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
|
||||
* [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Awesome Pentest Cheat Sheets
|
||||
* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
|
||||
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development
|
||||
* [Shell Scripting](https://github.com/alebcay/awesome-shell) - Command-line frameworks, toolkits, guides and gizmos
|
||||
|
Loading…
Reference in New Issue
Block a user