diff --git a/README.md b/README.md index 5cb025e..7d16fc7 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Online Resources](#online-resources) * [Penetration Testing Resources](#penetration-testing-resources) * [Exploit Development](#exploit-development) - * [Open Source Intelligence (OSINT) Resources](#osint-resources) + * [Open Sources Intelligence (OSINT) Resources](#open-sources-intelligence-osint-resources) * [Social Engineering Resources](#social-engineering-resources) * [Lock Picking Resources](#lock-picking-resources) * [Operating Systems](#operating-systems) @@ -21,7 +21,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Penetration Testing Distributions](#penetration-testing-distributions) * [Docker for Penetration Testing](#docker-for-penetration-testing) * [Multi-paradigm Frameworks](#multi-paradigm-frameworks) - * [Network Vulnerability scanners](#network-vulnerability-scanners) + * [Network vulnerability scanners](#network-vulnerability-scanners) * [Static Analyzers](#static-analyzers) * [Web Vulnerability Scanners](#web-vulnerability-scanners) * [Network Tools](#network-tools) @@ -86,7 +86,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database. * [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. -### OSINT Resources +### Open Sources Intelligence (OSINT) Resources * [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category. * [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories. @@ -160,7 +160,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query. * [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others. -### Network Vulnerability Scanners +### Network vulnerability scanners * [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. @@ -339,7 +339,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. * [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool. -* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. +* [Hachoir](https://hachoir.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. ### Anti-virus Evasion Tools @@ -365,11 +365,11 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea ### Windows Utilities * [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. -* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets. +* [Windows Credentials Editor](https://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets. * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system. * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. * [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target. -* [Responder](https://github.com/SpiderLabs/Responder) - LLMNR, NBT-NS and MDNS poisoner. +* [Responder](https://github.com/SpiderLabs/Responder) - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner. * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. * [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. @@ -435,7 +435,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices. * [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python. * [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager. -* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak. +* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks. * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. * [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. * [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. @@ -454,7 +454,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company. * [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures. * [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool. -* [image-match](https://github.com/ascribe/image-match]) - Quickly search over billions of images. +* [image-match](https://github.com/ascribe/image-match) - Quickly search over billions of images. * [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations. * [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping. * [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines. @@ -601,7 +601,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html) * [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/) * [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7) -* [Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470639539.html) * [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html) * [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group) @@ -633,7 +632,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target. * [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. * [Vulners](https://vulners.com/) - Security database of software vulnerabilities. -* [Inj3ct0r](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. +* [Inj3ct0r](https://www.0day.today/) - Exploit marketplace and vulnerability information aggregator. ([Onion service](http://mvfjfugdwgc5uwho.onion/).) * [HPI-VDB](https://hpi-vdb.de/) - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam. * [China National Vulnerability Database (CNNVD)](http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation. * [Distributed Weakness Filing (DWF)](https://distributedweaknessfiling.org/) - Federated CNA (CVE Number Authority) mirroring MITRE's CVE database and offering additional CVE-equivalent numbers to otherwise out-of-scope vulnerability disclosures.