Updated OSInt Tools (added Censys and ZoomEye) and added LFI tools (#64)

* Added Censys and ZoomEye * Added LFI tools + Https for some links
2024-09-27 19:25:47 +00:00 · 2016-07-24 00:22:30 +02:00 · 2016-07-24 00:22:30 +02:00 · 8de8f60642
commit 8de8f60642
parent db36b3995b
1 changed files with 15 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -48,7 +48,7 @@ A collection of awesome penetration testing resources

 ### Online Resources
 #### Penetration Testing Resources
-* [Metasploit Unleashed](http://www.offensive-security.com/metasploit-unleashed/) - Free Offensive Security metasploit course
+* [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/) - Free Offensive Security metasploit course
 * [PTES](http://www.pentest-standard.org/) - Penetration Testing Execution Standard
 * [OWASP](https://www.owasp.org/index.php/Main_Page) - Open Web Application Security Project

@ -60,23 +60,24 @@ A collection of awesome penetration testing resources
 * [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit

 #### Social Engineering Resources
-* [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers
+* [Social Engineering Framework](https://www.social-engineer.org/framework/) - An information resource for social engineers

 #### Lock Picking Resources
-* [Schuyler Towne channel](http://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks
+* [Schuyler Towne channel](https://www.youtube.com/user/SchuylerTowne/) - Lockpicking videos and security talks
 * [/r/lockpicking](https://www.reddit.com/r/lockpicking) - Resources for learning lockpicking, equipment recommendations.

 ### Tools
 #### Penetration Testing Distributions
-* [Kali](http://www.kali.org/) - A Linux distribution designed for digital forensics and penetration testing
-* [BlackArch](http://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers
+* [Kali](https://www.kali.org/) - A Linux distribution designed for digital forensics and penetration testing
+* [ArchStrike](https://archstrike.org/) - An Arch Linux repository for security professionals and enthusiasts
+* [BlackArch](https://www.blackarch.org/) - Arch Linux-based distribution for penetration testers and security researchers
 * [NST](http://networksecuritytoolkit.org/) - Network Security Toolkit distribution
-* [Pentoo](http://www.pentoo.ch/) -  security-focused livecd based on Gentoo
-* [BackBox](http://www.backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments
+* [Pentoo](http://www.pentoo.ch/) - Security-focused livecd based on Gentoo
+* [BackBox](https://www.backbox.org/) - Ubuntu-based distribution for penetration tests and security assessments
 * [Parrot](https://www.parrotsec.org/) - A distribution similar to Kali, with multiple architecture

 #### Basic Penetration Testing Tools
-* [Metasploit Framework](http://www.metasploit.com/) - World's most used penetration testing software
+* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software
 * [Burp Suite](http://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
 * [ExploitPack](http://exploitpack.com/) - Graphical tool for penetration testing with a bunch of exploits
 * [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project
@ -158,6 +159,10 @@ A collection of awesome penetration testing resources
 * [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner
 * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter
 * [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter
+* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
+* [Kadabra](https://github.com/D35m0nd142/Kadabra) - Automatic LFI exploiter and scanner
+* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool
+* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool

 #### Hex Editors
 * [HexEdit.js](http://hexed.it/) - Browser-based hex editing
@ -195,7 +200,9 @@ A collection of awesome penetration testing resources
 * [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool
 * [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
 * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
+* [Censys](https://www.censys.io/) - Collects data on hosts and websites through daily ZMap and ZGrab scans
 * [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
+* [ZoomEye](https://www.zoomeye.org/) - A cyberspace search engine for Internet-connected devices and websites using Xmap and Wmap
 * [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
 * [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak