diff --git a/README.md b/README.md index d8607e3..96c2f47 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Malware Analysis Books](#malware-analysis-books) * [Network Analysis Books](#network-analysis-books) * [Penetration Testing Books](#penetration-testing-books) - * [Social Engineering Books](#social-engineering-books) * [Windows Books](#windows-books) * [CTF Tools](#ctf-tools) * [Collaboration Tools](#collaboration-tools) @@ -30,9 +29,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [North America](#north-america) * [South America](#south-america) * [Zealandia](#zealandia) -* [Docker Containers](#docker-containers) - * [Docker Containers of Intentionally Vulnerable Systems](#docker-containers-of-intentionally-vulnerable-systems) - * [Docker Containers of Penetration Testing Distributions and Tools](#docker-containers-of-penetration-testing-distributions-and-tools) * [Exfiltration Tools](#exfiltration-tools) * [Exploit Development Tools](#exploit-development-tools) * [File Format Analysis Tools](#file-format-analysis-tools) @@ -40,6 +36,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Hash Cracking Tools](#hash-cracking-tools) * [Hex Editors](#hex-editors) * [Industrial Control and SCADA Systems](#industrial-control-and-scada-systems) +* [Intentionally Vulnerable Systems](#intentionally-vulnerable-systems) + * [Intentionally Vulnerable Systems as Docker Containers](#intentionally-vulnerable-systems-as-docker-containers) * [Lock Picking](#lock-picking) * [macOS Utilities](#macos-utilities) * [Multi-paradigm Frameworks](#multi-paradigm-frameworks) @@ -67,7 +65,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Online Open Sources Intelligence (OSINT) Resources](#online-open-sources-intelligence-osint-resources) * [Online Operating Systems Resources](#online-operating-systems-resources) * [Online Penetration Testing Resources](#online-penetration-testing-resources) - * [Online Social Engineering Resources](#online-social-engineering-resources) * [Other Lists Online](#other-lists-online) * [Penetration Testing Report Templates](#penetration-testing-report-templates) * [Operating System Distributions](#operating-system-distributions) @@ -79,11 +76,15 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Reverse Engineering Tools](#reverse-engineering-tools) * [Security Education Courses](#security-education-courses) * [Side-channel Tools](#side-channel-tools) -* [Social Engineering Tools](#social-engineering-tools) +* [Social Engineering](#social-engineering) + * [Social Engineering Books](#social-engineering-books) + * [Social Engineering Online Resources](#social-engineering-online-resources) + * [Social Engineering Tools](#social-engineering-tools) * [Static Analyzers](#static-analyzers) * [Steganography Tools](#steganography-tools) * [Vulnerability Databases](#vulnerability-databases) * [Web Exploitation](#web-exploitation) + * [Web Exploitation Books](#web-exploitation-books) * [Windows Utilities](#windows-utilities) ## Android Utilities @@ -133,12 +134,10 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list * [Android Hacker's Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html) * [Car Hacker's Handbook by Craig Smith, 2016](https://nostarch.com/carhacking) -* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html) * [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html) * [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html) * [The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html) * [The Shellcoder's Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html) -* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html) * [iOS Hacker's Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html) ### Malware Analysis Books @@ -174,15 +173,6 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list * [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE) * [Violent Python by TJ O'Connor, 2012](https://www.elsevier.com/books/violent-python/unknown/978-1-59749-957-6) -### Social Engineering Books - -* [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/) -* [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7) -* [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group) -* [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html) -* [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html) -* [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html) - ### Windows Books * [Troubleshooting with the Windows Sysinternals Tools by Mark Russinovich & Aaron Margosis, 2016](https://www.amazon.com/Troubleshooting-Windows-Sysinternals-Tools-2nd/dp/0735684448/) @@ -258,31 +248,6 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list * [CHCon](https://chcon.nz) - Christchurch Hacker Con, Only South Island of New Zealand hacker con. -## Docker Containers - -### Docker Containers of Intentionally Vulnerable Systems - -* [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull citizenstig/dvwa`. -* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--) - `docker pull bkimminich/juice-shop`. -* [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull citizenstig/nowasp`. -* [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker-compose build && docker-compose up`. -* [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull ismisepaul/securityshepherd`. -* [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/) - `docker pull webgoat/webgoat-7.1`. -* [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/) - `docker pull webgoat/webgoat-8.0`. -* [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) - `docker pull hmlio/vaas-cve-2014-0160`. -* [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/) - `docker pull vulnerables/cve-2017-7494`. -* [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) - `docker pull hmlio/vaas-cve-2014-6271`. -* [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull wpscanteam/vulnerablewordpress`. - -### Docker Containers of Penetration Testing Distributions and Tools - -* [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/) - `docker pull diogomonica/docker-bench-security`. -* [Official Kali Linux](https://hub.docker.com/r/kalilinux/kali-rolling/) - `docker pull kalilinux/kali-linux-docker`. -* [Official OWASP ZAP](https://github.com/zaproxy/zaproxy) - `docker pull owasp/zap2docker-stable`. -* [Official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/) - `docker pull wpscanteam/wpscan`. -* [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/) - `docker pull opendns/security-ninjas`. -* [docker-metasploit](https://hub.docker.com/r/phocean/msf/) - `docker pull phocean/msf`. - ## Exfiltration Tools * [DET](https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. @@ -345,6 +310,24 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma * [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more. * [s7scan](https://github.com/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network. +## Intentionally Vulnerable Systems + +See also [awesome-vulnerable](https://github.com/kaiiyer/awesome-vulnerable). + +### Intentionally Vulnerable Systems as Docker Containers + +* [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/) - `docker pull citizenstig/dvwa`. +* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--) - `docker pull bkimminich/juice-shop`. +* [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/) - `docker pull citizenstig/nowasp`. +* [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker) - `docker-compose build && docker-compose up`. +* [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/) - `docker pull ismisepaul/securityshepherd`. +* [OWASP WebGoat Project 7.1 docker image](https://hub.docker.com/r/webgoat/webgoat-7.1/) - `docker pull webgoat/webgoat-7.1`. +* [OWASP WebGoat Project 8.0 docker image](https://hub.docker.com/r/webgoat/webgoat-8.0/) - `docker pull webgoat/webgoat-8.0`. +* [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) - `docker pull hmlio/vaas-cve-2014-0160`. +* [Vulnerability as a service: SambaCry](https://hub.docker.com/r/vulnerables/cve-2017-7494/) - `docker pull vulnerables/cve-2017-7494`. +* [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) - `docker pull hmlio/vaas-cve-2014-6271`. +* [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/) - `docker pull wpscanteam/vulnerablewordpress`. + ## Lock Picking See [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking). @@ -601,10 +584,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). * [Penetration Testing Framework (PTF)](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike. * [XSS-Payloads](http://www.xss-payloads.com) - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation. -### Online Social Engineering Resources - -* [Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - Information resource for social engineers. - ### Other Lists Online * [.NET Programming](https://github.com/quozd/awesome-dotnet) - Software framework for Microsoft Windows platform development. @@ -740,7 +719,24 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [* * [SGX-Step](https://github.com/jovanbulck/sgx-step) - Open-source framework to facilitate side-channel attack research on Intel x86 processors in general and Intel SGX (Software Guard Extensions) platforms in particular. * [TRRespass](https://github.com/vusec/trrespass) - Many-sided rowhammer tool suite able to reverse engineer the contents of DDR3 and DDR4 memory chips protected by Target Row Refresh mitigations. -## Social Engineering Tools +## Social Engineering + +See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-engineering). + +### Social Engineering Books + +* [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/) +* [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7) +* [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group) +* [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html) +* [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html) +* [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html) + +### Social Engineering Online Resources + +* [Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - Information resource for social engineers. + +### Social Engineering Tools * [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger. * [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. @@ -830,6 +826,12 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [* * [webscreenshot](https://github.com/maaaaz/webscreenshot) - Simple script to take screenshots of websites from a list of sites. * [weevely3](https://github.com/epinna/weevely3) - Weaponized PHP-based web shell. +### Web Exploitation Books + +* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html) +* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html) + + ## Windows Utilities * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.