diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..0d99365 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,29 @@ +# Contribution Guidelines + +## Table of Contents + +- [Adding to this list](#adding-to-this-list) +- [Updating your Pull Request](#updating-your-pull-request) + +## Adding to this list + +Please ensure your pull request adheres to the following guidelines: + +- Search previous suggestions before making a new one, as yours may be a duplicate. +- Make sure the submission is useful before submitting. +- Make an individual pull request for each suggestion. +- Use [title-casing](http://titlecapitalization.com) (AP style). +- Use the following format: `[List Name](link) - Optional Description`. +- Optional descriptions are useful when the name itself is not descriptive. +- Link additions should be added to the bottom of the relevant category. +- New categories or improvements to the existing categorization are welcome. +- Check your spelling and grammar. +- Make sure your text editor is set to remove trailing whitespace. +- The pull request and commit should have a useful title. +- The body of your commit message should contain a link to the repository. + +## Updating your Pull Request + +Sometimes, a maintainer of an awesome list will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't make any useful addition. + +[Here](https://github.com/RichardLitt/docs/blob/master/amending-a-commit-guide.md) is a write up on how to change a Pull Request, and the different ways you can do that. diff --git a/README.md b/README.md index c1af9a1..2ae95cf 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A collection of awesome penetration testing resources - [Online Resources](#online-resources) - [Penetration Testing Resources](#penetration-testing-resources) - - [Shellcode development](#shellcode-development) + - [Exploit development](#exploit-development) - [Social Engineering Resources](#social-engineering-resources) - [Lock Picking Resources](#lock-picking-resources) - [Tools](#tools) @@ -22,8 +22,9 @@ A collection of awesome penetration testing resources - [DDoS Tools](#ddos-tools) - [Social Engineering Tools](#social-engineering-tools) - [OSInt Tools](#osint-tools) - - [Anonimity Tools](#anonimity-tools) + - [Anonymity Tools](#anonymity-tools) - [Reverse Engineering Tools](#reverse-engineering-tools) + - [CTF Tools](#ctf-tools) - [Books](#books) - [Penetration Testing Books](#penetration-testing-books) - [Hackers Handbook Series](#hackers-handbook-series) @@ -48,9 +49,11 @@ A collection of awesome penetration testing resources * [PTES](http://www.pentest-standard.org/) - Penetration Testing Execution Standard * [OWASP](https://www.owasp.org/index.php/Main_Page) - Open Web Application Security Project -#### Shellcode development -* [Shellcode Tutorials](http://www.projectshellcode.com/?q=node/12) - Tutorials on how to write shellcode +#### Exploit development +* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode * [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database +* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits +* [GDB-peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB #### Social Engineering Resources * [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers @@ -71,6 +74,10 @@ A collection of awesome penetration testing resources * [Metasploit Framework](http://www.metasploit.com/) - World's most used penetration testing software * [Burp Suite](http://portswigger.net/burp/) - An integrated platform for performing security testing of web applications * [ExploitPack](http://exploitpack.com/) - Graphical tool for penetration testing with a bunch of exploits +* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project +* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform +* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework +* [WPScan](http://wpscan.org/) - Black box WordPress vulnerability scanner #### Vulnerability Scanners * [Netsparker](https://www.netsparker.com/communityedition/) - Web Application Security Scanner @@ -83,6 +90,7 @@ A collection of awesome penetration testing resources * [w3af](https://github.com/andresriancho/w3af) - Web application attack and audit framework * [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner * [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X +* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR #### Network Tools * [nmap](http://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits @@ -92,11 +100,14 @@ A collection of awesome penetration testing resources * [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - A Swiss army knife for for network sniffing * [Intercepter-NG](http://intercepter.nerf.ru/) - a multifunctional network toolkit * [SPARTA](http://sparta.secforce.com/) - Network Infrastructure Penetration Testing Tool +* [DNSDumpster](https://dnsdumpster.com/) - Online DNS recond and search service +* [Mass Scan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. #### Wireless Network Tools * [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network * [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS * [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup + * [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool #### SSL Analysis Tools * [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner @@ -108,6 +119,7 @@ A collection of awesome penetration testing resources #### Crackers * [John the Ripper](http://www.openwall.com/john/) - Fast password cracker * [Online MD5 cracker](http://www.md5crack.com/) - Online MD5 hash Cracker +* [Hashcat](http://hashcat.net/oclhashcat/) - The more fast hash cracker #### Windows Utils * [Sysinternals Suite](http://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities @@ -117,6 +129,7 @@ A collection of awesome penetration testing resources #### DDoS Tools * [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC +* [T50](http://sourceforge.net/projects/t50/) - The more fast network stress tool #### Social Engineering Tools * [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec @@ -124,9 +137,10 @@ A collection of awesome penetration testing resources #### OSInt Tools * [Maltego](http://www.paterva.com/web6/products/maltego.php) - Proprietary software for open source intelligence and forensics, from Paterva. -#### Anonimity Tools +#### Anonymity Tools * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity * [I2P](https://geti2p.net) - The Invisible Internet Project +* [Nipe](https://github.com/HeitorG/nipe) - Script to redirect all traffic from the machine to the Tor network. #### Reverse Engineering Tools * [IDA Pro](https://www.hex-rays.com/products/ida/) - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger @@ -139,7 +153,10 @@ A collection of awesome penetration testing resources * [Bokken](https://inguma.eu/projects/bokken) - GUI for Pyew Radare2. * [Immunity Debugger](http://debugger.immunityinc.com/) - A powerful new way to write exploits and analyze malware * [Evan's Debugger](http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for Linux +* [Medusa disassembler](https://github.com/wisk/medusa) - An open source interactive disassembler +#### CTF Tools +* [Pwntools](https://github.com/Gallopsled/pwntools) - CTF framework for use in CTFs ### Books #### Penetration Testing Books @@ -241,11 +258,19 @@ A collection of awesome penetration testing resources * [Troopers](https://www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany * [Hack3rCon](http://hack3rcon.org/) - An annual US hacker conference * [ThotCon](http://thotcon.org/) - An annual US hacker conference held in Chicago -* [LayerOne](http://www.layerone.org/) - An annual US security conerence held every spring in Los Angeles +* [LayerOne](http://www.layerone.org/) - An annual US security conference held every spring in Los Angeles * [DeepSec](https://deepsec.net/) - Security Conference in Vienna, Austria * [SkyDogCon](http://www.skydogcon.com/) - A technology conference in Nashville * [SECUINSIDE](http://secuinside.com) - Security Conference in [Seoul](http://en.wikipedia.org/wiki/Seoul) * [DefCamp](http://defcamp.ro) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania +* [AppSecUSA](https://appsecusa.org/) - An annual conference organised by OWASP +* [BruCON](http://brucon.org) - An annual security conference in Belgium +* [Infosecurity Europe](http://www.infosecurityeurope.com/) - Europe's number one information security event, held in London, UK +* [Nullcon](http://nullcon.net/website/) - An annual conference in Delhi and Goa, India +* [RSA Conference USA](http://www.rsaconference.com/) - An annual security conference in San Francisco, California, USA +* [Swiss Cyber Storm](https://www.swisscyberstorm.com/) - An annual security conference in Lucerne, Switzerland +* [Virus Bulletin Conference](https://www.virusbtn.com/conference/index) - An annual conference going to be held in Denver, USA for 2016 +* [Ekoparty](http://www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina ### Information Security Magazines @@ -269,10 +294,21 @@ A collection of awesome penetration testing resources * [Python Programming by @vinta](https://github.com/vinta/awesome-python) - General Python programming * [Android Security](https://github.com/ashishb/android-security-awesome) - A collection of android security related resources * [Awesome Awesomness](https://github.com/bayandin/awesome-awesomeness) - The List of the Lists +* [AppSec](https://github.com/paragonie/awesome-appsec) - Resources for learning about application security +* [CTFs](https://github.com/apsdehal/awesome-ctf) - Capture The Flag frameworks, libraries, etc +* [Hacking](https://github.com/carpedm20/awesome-hacking) - Tutorials, tools, and resources +* [Honeypots](https://github.com/paralax/awesome-honeypots) - Honeypots, tools, components, and more +* [Infosec](https://github.com/onlurking/awesome-infosec) - Information security resources for pentesting, forensics, and more +* [Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - Tools and resources for analysts +* [PCAP Tools](https://github.com/caesar0301/awesome-pcaptools) - Tools for processing network traffic +* [Security](https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources +* [Awesome List](https://github.com/sindresorhus/awesome) - A curated list of awesome lists +* [SecLists](https://github.com/danielmiessler/SecLists) - Collection of multiple types of lists used during security assessments +* [Security Talks](https://github.com/PaulSec/awesome-sec-talks) - A curated list of security conferences ### Contribution -Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕) +Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](.github/CONTRIBUTING.md) for more details. ### License