Awesome-Mirrors/awesome-pentest
1
0
Fork 0
mirror of https://github.com/enaqx/awesome-pentest.git synced 2025-01-10 22:49:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

This commit addresses numerous issues for sindresorhus/awesome#1366.

Browse Source 
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`

Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
This commit is contained in:
Meitar M 2019-01-22 19:18:19 -05:00
parent 8133f7076b
commit 88053dc50a
No known key found for this signature in database
GPG Key ID: 07EFAA28AB94BC85
1 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@ -13,7 +13,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Online Resources](#online-resources) * [Online Resources](#online-resources)
* [Penetration Testing Resources](#penetration-testing-resources) * [Penetration Testing Resources](#penetration-testing-resources)
* [Exploit Development](#exploit-development) * [Exploit Development](#exploit-development)
* [Open Source Intelligence (OSINT) Resources](#osint-resources) * [Open Sources Intelligence (OSINT) Resources](#open-sources-intelligence-osint-resources)
* [Social Engineering Resources](#social-engineering-resources) * [Social Engineering Resources](#social-engineering-resources)
* [Lock Picking Resources](#lock-picking-resources) * [Lock Picking Resources](#lock-picking-resources)
* [Operating Systems](#operating-systems) * [Operating Systems](#operating-systems)
@ -21,7 +21,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Penetration Testing Distributions](#penetration-testing-distributions) * [Penetration Testing Distributions](#penetration-testing-distributions)
* [Docker for Penetration Testing](#docker-for-penetration-testing) * [Docker for Penetration Testing](#docker-for-penetration-testing)
* [Multi-paradigm Frameworks](#multi-paradigm-frameworks) * [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
* [Network Vulnerability scanners](#network-vulnerability-scanners) * [Network vulnerability scanners](#network-vulnerability-scanners)
* [Static Analyzers](#static-analyzers) * [Static Analyzers](#static-analyzers)
* [Web Vulnerability Scanners](#web-vulnerability-scanners) * [Web Vulnerability Scanners](#web-vulnerability-scanners)
* [Network Tools](#network-tools) * [Network Tools](#network-tools)
@ -86,7 +86,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database. * [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database.
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. * [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits.
### OSINT Resources ### Open Sources Intelligence (OSINT) Resources
* [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category. * [OSINT Framework](http://osintframework.com/) - Collection of various OSINT tools broken out by category.
* [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories. * [Intel Techniques](https://inteltechniques.com/menu.html) - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
@ -160,7 +160,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query. * [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
* [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others. * [Decker](https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.
### Network Vulnerability Scanners ### Network vulnerability scanners
* [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws. * [Netsparker Application Security Scanner](https://www.netsparker.com/) - Application security scanner to automatically find security flaws.
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
@ -339,7 +339,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby. * [Kaitai Struct](http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
* [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool. * [Veles](https://codisec.com/veles/) - Binary data visualization and analysis tool.
* [Hachoir](http://hachoir3.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction. * [Hachoir](https://hachoir.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
### Anti-virus Evasion Tools ### Anti-virus Evasion Tools
@ -365,11 +365,11 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
### Windows Utilities ### Windows Utilities
* [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities. * [Sysinternals Suite](https://technet.microsoft.com/en-us/sysinternals/bb842062) - The Sysinternals Troubleshooting Utilities.
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets. * [Windows Credentials Editor](https://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system. * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system.
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework.
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target. * [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target.
* [Responder](https://github.com/SpiderLabs/Responder) - LLMNR, NBT-NS and MDNS poisoner. * [Responder](https://github.com/SpiderLabs/Responder) - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.
* [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. * [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent.
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
@ -435,7 +435,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices. * [Shodan](https://www.shodan.io/) - World's first search engine for Internet-connected devices.
* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python. * [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python.
* [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager. * [sn0int](https://github.com/kpcyrd/sn0int) - Semi-automatic OSINT framework and package manager.
* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak. * [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.
* [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information. * [vcsmap](https://github.com/melvinsh/vcsmap) - Plugin-based tool to scan public version control systems for sensitive information.
* [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations. * [Spiderfoot](http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
* [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool. * [BinGoo](https://github.com/Hood3dRob1n/BinGoo) - GNU/Linux bash based Bing and Google Dorking Tool.
@ -454,7 +454,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company. * [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
* [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures. * [FOCA (Fingerprinting Organizations with Collected Archives)](https://www.elevenpaths.com/labstools/foca/) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
* [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool. * [dorks](https://github.com/USSCltd/dorks) - Google hack database automation tool.
* [image-match](https://github.com/ascribe/image-match]) - Quickly search over billions of images. * [image-match](https://github.com/ascribe/image-match) - Quickly search over billions of images.
* [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations. * [OSINT-SPY](https://github.com/SharadKumar97/OSINT-SPY) - Performs OSINT scan on email addresses, domain names, IP addresses, or organizations.
* [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping. * [pagodo](https://github.com/opsdisk/pagodo) - Automate Google Hacking Database scraping.
* [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines. * [surfraw](https://github.com/kisom/surfraw) - Fast UNIX command line interface to a variety of popular WWW search engines.
@ -601,7 +601,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html) * [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764569597.html)
* [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/) * [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http://www.hachettebookgroup.com/titles/kevin-mitnick/ghost-in-the-wires/9780316134477/)
* [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7) * [No Tech Hacking by Johnny Long & Jack Wiles, 2008](https://www.elsevier.com/books/no-tech-hacking/mitnick/978-1-59749-215-7)
* [Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470639539.html)
* [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html) * [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118608577.html)
* [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group) * [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](https://www.mhprofessional.com/9780071818469-usa-social-engineering-in-it-security-tools-tactics-and-techniques-group)
@ -633,7 +632,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target. * [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target.
* [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. * [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
* [Vulners](https://vulners.com/) - Security database of software vulnerabilities. * [Vulners](https://vulners.com/) - Security database of software vulnerabilities.
* [Inj3ct0r](https://www.0day.today/) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. * [Inj3ct0r](https://www.0day.today/) - Exploit marketplace and vulnerability information aggregator. ([Onion service](http://mvfjfugdwgc5uwho.onion/).)
* [HPI-VDB](https://hpi-vdb.de/) - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam. * [HPI-VDB](https://hpi-vdb.de/) - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
* [China National Vulnerability Database (CNNVD)](http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation. * [China National Vulnerability Database (CNNVD)](http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
* [Distributed Weakness Filing (DWF)](https://distributedweaknessfiling.org/) - Federated CNA (CVE Number Authority) mirroring MITRE's CVE database and offering additional CVE-equivalent numbers to otherwise out-of-scope vulnerability disclosures. * [Distributed Weakness Filing (DWF)](https://distributedweaknessfiling.org/) - Federated CNA (CVE Number Authority) mirroring MITRE's CVE database and offering additional CVE-equivalent numbers to otherwise out-of-scope vulnerability disclosures.