From 6af514de34b61c6b7b5db2d125f1dbca9dd5c4d8 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 5 Feb 2017 23:44:35 -0700 Subject: [PATCH] updated with a nice number of goodies updated w some goodies; wpsploit, wordpress-exploit-framework, some OSITs, a DDoS tool... Enjoy! --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9609b55..993790e 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ A collection of awesome penetration testing resources * [OWASP](https://www.owasp.org/index.php/Main_Page) - Open Web Application Security Project * [PENTEST-WIKI](https://github.com/nixawk/pentest-wiki) - A free online security knowledge library for pentesters / researchers. * [Vulnerability Assessment Framework](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Penetration Testing Framework. -* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. * [XSS-Payloads](http://www.xss-payloads.com) - Ultimate resource for all things cross-site including payloads, tools, games and documentation. #### Exploit development @@ -84,6 +83,7 @@ A collection of awesome penetration testing resources * [BackBox](https://backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments * [Parrot](https://www.parrotsec.org/) - A distribution similar to Kali, with multiple architecture * [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. +* [The Pentesters Framework](https://github.com/trustedsec/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. #### Basic Penetration Testing Tools * [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software @@ -176,6 +176,8 @@ A collection of awesome penetration testing resources #### Web exploitation * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner +* [Wordpress Exploit Framework](https://gitbub.com/rastating/wordpress-exploit-framework) - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. +* [WPSploit](https://github.com/espreto/wpsploit) - WPSploit - Exploiting Wordpress With Metasploit * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites @@ -188,6 +190,7 @@ A collection of awesome penetration testing resources * [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool * [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool + #### Hex Editors * [HexEdit.js](https://hexed.it) - Browser-based hex editing * [Hexinator](https://hexinator.com/) (commercial) - World's finest Hex Editor @@ -215,6 +218,7 @@ A collection of awesome penetration testing resources * [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC * [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool +* [UFONet](https://github.com/epsylon/ufonet) - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. #### Social Engineering Tools * [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec @@ -237,6 +241,11 @@ A collection of awesome penetration testing resources * [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know * [snitch](https://github.com/Smaash/snitch) - information gathering via dorks * [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool +* [Bingoo](https://github.com/Hood3dRob1n/BinGoo) - A Linux bash based Bing and Google Dorking Tool +* [Sn1per](https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner +* [Threat Crowd](https://www.threatcrowd.org/) - A search engine for threats +* [Virus Total](https://www.virustotal.com/) - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. + #### Anonymity Tools * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity