Awesome-Mirrors/awesome-pentest
1
0
Fork 0
mirror of https://github.com/enaqx/awesome-pentest.git synced 2024-06-13 16:32:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Consoldiate sections, remove redundancies in Docker sections.

Browse Source 
This commit consolidates the Social Engineering resources into a new
dedicated category for SE topics. It also replaces the Docker Containers
section entirely by removing redundant tools and creating a new
"Intentionally Vulnerable Systems" section in which Docker containers of
such setups are now placed. The thinking here is that it should not be
our responsibility to separately track Docker containers for attack
tools independently of the tool itself; we should only list the tool
itself and users can find a Docker image that packages it if they want.

This commit also continues the topical consolidation by moving books
about specifically Web exploitation techniques into a new subsection of
the pre-existing Web Exploitation section.
This commit is contained in:
fabacab 2020-07-07 21:38:17 -04:00
parent 2d67eb6528
commit 7b154ef4b2
No known key found for this signature in database
GPG Key ID: B0303BF6BA36A560
1 changed files with 49 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
README.md
View File

@ -20,7 +20,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Malware Analysis Books](#malware-analysis-books)
* [Network Analysis Books](#network-analysis-books)
* [Penetration Testing Books](#penetration-testing-books)
* [Social Engineering Books](#social-engineering-books)
* [Windows Books](#windows-books)
* [CTF Tools](#ctf-tools)
* [Collaboration Tools](#collaboration-tools)
@ -30,9 +29,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [North America](#north-america)
* [South America](#south-america)
* [Zealandia](#zealandia)
* [Docker Containers](#docker-containers)
* [Docker Containers of Intentionally Vulnerable Systems](#docker-containers-of-intentionally-vulnerable-systems)
* [Docker Containers of Penetration Testing Distributions and Tools](#docker-containers-of-penetration-testing-distributions-and-tools)
* [Exfiltration Tools](#exfiltration-tools)
* [Exploit Development Tools](#exploit-development-tools)
* [File Format Analysis Tools](#file-format-analysis-tools)
@ -40,6 +36,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Hash Cracking Tools](#hash-cracking-tools)
* [Hex Editors](#hex-editors)
* [Industrial Control and SCADA Systems](#industrial-control-and-scada-systems)
* [Intentionally Vulnerable Systems](#intentionally-vulnerable-systems)
* [Intentionally Vulnerable Systems as Docker Containers](#intentionally-vulnerable-systems-as-docker-containers)
* [Lock Picking](#lock-picking)
* [macOS Utilities](#macos-utilities)
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
@ -67,7 +65,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Online Open Sources Intelligence (OSINT) Resources](#online-open-sources-intelligence-osint-resources)
* [Online Operating Systems Resources](#online-operating-systems-resources)
* [Online Penetration Testing Resources](#online-penetration-testing-resources)
* [Online Social Engineering Resources](#online-social-engineering-resources)
* [Other Lists Online](#other-lists-online)
* [Penetration Testing Report Templates](#penetration-testing-report-templates)
* [Operating System Distributions](#operating-system-distributions)
@ -79,11 +76,15 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Reverse Engineering Tools](#reverse-engineering-tools)
* [Security Education Courses](#security-education-courses)
* [Side-channel Tools](#side-channel-tools)
* [Social Engineering Tools](#social-engineering-tools)
* [Social Engineering](#social-engineering)
* [Social Engineering Books](#social-engineering-books)
* [Social Engineering Online Resources](#social-engineering-online-resources)
* [Social Engineering Tools](#social-engineering-tools)
* [Static Analyzers](#static-analyzers)
* [Steganography Tools](#steganography-tools)
* [Vulnerability Databases](#vulnerability-databases)
* [Web Exploitation](#web-exploitation)
* [Web Exploitation Books](#web-exploitation-books)
* [Windows Utilities](#windows-utilities)
## Android Utilities
@ -133,12 +134,10 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [Android Hacker's Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
* [Car Hacker's Handbook by Craig Smith, 2016](https://nostarch.com/carhacking)
* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
* [The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
* [The Shellcoder's Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
* [iOS Hacker's Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
### Malware Analysis Books
@ -174,15 +173,6 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE)
* [Violent Python by TJ O'Connor, 2012](https://www.elsevier.com/books/violent-python/unknown/978-1-59749-957-6)
### Social Engineering Books
* [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/)
* [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7)
* [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group)
* [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html)
* [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html)
* [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html)
### Windows Books
* [Troubleshooting with the Windows Sysinternals Tools by Mark Russinovich & Aaron Margosis, 2016](https://www.amazon.com/Troubleshooting-Windows-Sysinternals-Tools-2nd/dp/0735684448/)
@ -258,31 +248,6 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [CHCon](https://chcon.nz) - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
## Docker Containers
### Docker Containers of Intentionally Vulnerable Systems
* [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull citizenstig/dvwa`.
* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--) - `docker pull bkimminich/juice-shop`.
* [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull citizenstig/nowasp`.
* [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker-compose build && docker-compose up`.
* [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull ismisepaul/securityshepherd`.
* [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/) - `docker pull webgoat/webgoat-7.1`.
* [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/) - `docker pull webgoat/webgoat-8.0`.
* [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) - `docker pull hmlio/vaas-cve-2014-0160`.
* [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/) - `docker pull vulnerables/cve-2017-7494`.
* [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) - `docker pull hmlio/vaas-cve-2014-6271`.
* [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull wpscanteam/vulnerablewordpress`.
### Docker Containers of Penetration Testing Distributions and Tools
* [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/) - `docker pull diogomonica/docker-bench-security`.
* [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-rolling/) - `docker pull kalilinux/kali-linux-docker`.
* [Official OWASP ZAP](https://github.com/zaproxy/zaproxy) - `docker pull owasp/zap2docker-stable`.
* [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) - `docker pull wpscanteam/wpscan`.
* [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/) - `docker pull opendns/security-ninjas`.
* [docker-metasploit](https://hub.docker.com/r/phocean/msf/) - `docker pull phocean/msf`.
## Exfiltration Tools
* [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
@ -345,6 +310,24 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma
* [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
* [s7scan](https://github.com/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
## Intentionally Vulnerable Systems
See also [awesome-vulnerable](https://github.com/kaiiyer/awesome-vulnerable).
### Intentionally Vulnerable Systems as Docker Containers
* [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull citizenstig/dvwa`.
* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--) - `docker pull bkimminich/juice-shop`.
* [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull citizenstig/nowasp`.
* [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker-compose build && docker-compose up`.
* [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull ismisepaul/securityshepherd`.
* [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/) - `docker pull webgoat/webgoat-7.1`.
* [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/) - `docker pull webgoat/webgoat-8.0`.
* [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) - `docker pull hmlio/vaas-cve-2014-0160`.
* [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/) - `docker pull vulnerables/cve-2017-7494`.
* [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) - `docker pull hmlio/vaas-cve-2014-6271`.
* [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull wpscanteam/vulnerablewordpress`.
## Lock Picking
See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking).
@ -601,10 +584,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
* [Penetration Testing Framework (PTF)](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
* [XSS-Payloads](http://www.xss-payloads.com) - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
### Online Social Engineering Resources
* [Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - Information resource for social engineers.
### Other Lists Online
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - Software framework for Microsoft Windows platform development.
@ -740,7 +719,24 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
* [SGX-Step](https://github.com/jovanbulck/sgx-step) - Open-source framework to facilitate side-channel attack research on Intel x86 processors in general and Intel SGX (Software Guard Extensions) platforms in particular.
* [TRRespass](https://github.com/vusec/trrespass) - Many-sided rowhammer tool suite able to reverse engineer the contents of DDR3 and DDR4 memory chips protected by Target Row Refresh mitigations.
## Social Engineering Tools
## Social Engineering
See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-engineering).
### Social Engineering Books
* [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/)
* [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7)
* [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group)
* [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html)
* [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html)
* [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html)
### Social Engineering Online Resources
* [Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - Information resource for social engineers.
### Social Engineering Tools
* [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger.
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
@ -830,6 +826,12 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
* [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites.
* [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell.
### Web Exploitation Books
* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
## Windows Utilities
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.