Merge branch 'master' into wireshark-macos

This commit is contained in:
Samar Dhwoj Acharya 2017-07-12 07:46:04 -05:00 committed by GitHub
commit bbffb78c67

View File

@ -17,8 +17,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
- [Operating Systems](#operating-systems) - [Operating Systems](#operating-systems)
- [Tools](#tools) - [Tools](#tools)
- [Penetration Testing Distributions](#penetration-testing-distributions) - [Penetration Testing Distributions](#penetration-testing-distributions)
- [Basic Penetration Testing Tools](#basic-penetration-testing-tools)
- [Docker for Penetration Testing](#docker-for-penetration-testing) - [Docker for Penetration Testing](#docker-for-penetration-testing)
- [Multi-paradigm Frameworks](#multi-paradigm-frameworks)
- [Vulnerability Scanners](#vulnerability-scanners) - [Vulnerability Scanners](#vulnerability-scanners)
- [Static Analyzers](#static-analyzers) - [Static Analyzers](#static-analyzers)
- [Web Scanners](#web-scanners) - [Web Scanners](#web-scanners)
@ -30,6 +30,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
- [Hash Cracking Tools](#hash-cracking-tools) - [Hash Cracking Tools](#hash-cracking-tools)
- [Windows Utilities](#windows-utilities) - [Windows Utilities](#windows-utilities)
- [GNU/Linux Utilities](#gnu-linux-utilities) - [GNU/Linux Utilities](#gnu-linux-utilities)
- [macOS Utilities](#macos-utilities)
- [DDoS Tools](#ddos-tools) - [DDoS Tools](#ddos-tools)
- [Social Engineering Tools](#social-engineering-tools) - [Social Engineering Tools](#social-engineering-tools)
- [OSINT Tools](#osint-tools) - [OSINT Tools](#osint-tools)
@ -107,17 +108,6 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. * [Fedora Security Lab](https://labs.fedoraproject.org/en/security/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
* [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. * [The Pentesters Framework](https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
### Basic Penetration Testing Tools
* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software.
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits.
* [BeEF](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
* [faraday](https://github.com/infobyte/faraday) - Collaborative penetration test and vulnerability management platform.
* [evilgrade](https://github.com/infobyte/evilgrade) - The update explotation framework.
* [routersploit](https://github.com/reverse-shell/routersploit) - Automated penetration testing software for router.
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials.
* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining & remote administration tool for Mac OS.
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
### Docker for Penetration Testing ### Docker for Penetration Testing
* `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/) * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
* `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy) * `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy)
@ -136,6 +126,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* `docker pull kalilinux/kali-linux-docker` - [Kali Linux Docker Image](https://www.kali.org/news/official-kali-linux-docker-images/) * `docker pull kalilinux/kali-linux-docker` - [Kali Linux Docker Image](https://www.kali.org/news/official-kali-linux-docker-images/)
* `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) * `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/)
### Multi-paradigm Frameworks
* [Metasploit](https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
* [Armitage](http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework.
* [Faraday](https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
### Vulnerability Scanners ### Vulnerability Scanners
* [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7. * [Nexpose](https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
* [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable. * [Nessus](https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
@ -166,7 +162,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. * [scanless](https://github.com/vesche/scanless) - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
* [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line. * [tcpdump/libpcap](http://www.tcpdump.org/) - Common packet analyzer that runs under the command line.
* [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer. * [Wireshark](https://www.wireshark.org/) - Widely-used graphical, cross-platform network protocol analyzer.
* [Network Tools](http://network-tools.com/) - Different network tools: ping, lookup, whois, etc. * [Network-Tools.com](http://network-tools.com/) - Website offering an interface to numerous basic network utilities like `ping`, `traceroute`, `whois`, and more.
* [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing. * [netsniff-ng](https://github.com/netsniff-ng/netsniff-ng) - Swiss army knife for for network sniffing.
* [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit. * [Intercepter-NG](http://sniff.su/) - Multifunctional network toolkit.
* [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool. * [SPARTA](http://sparta.secforce.com/) - Network infrastructure penetration testing tool.
@ -193,10 +189,12 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool. * [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool.
* [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library. * [scapy](https://github.com/secdev/scapy) - Python-based interactive packet manipulation program & library.
* [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework. * [Dshell](https://github.com/USArmyResearchLab/Dshell) - Network forensic analysis framework.
* [Debookee (macOS)](http://www.iwaxx.com/debookee/) - Intercept traffic from any device on your network. * [Debookee](http://www.iwaxx.com/debookee/) - Simple and powerful network traffic analyzer for macOS.
* [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer. * [Dripcap](https://github.com/dripcap/dripcap) - Caffeinated packet analyzer.
* [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing. * [PRET](https://github.com/RUB-NDS/PRET) - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing.
* [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments. * [Praeda](http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
* [routersploit](https://github.com/reverse-shell/routersploit) - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
### Wireless Network Tools ### Wireless Network Tools
* [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks. * [Aircrack-ng](http://www.aircrack-ng.org/) - Set of tools for auditing wireless networks.
@ -215,6 +213,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools. * [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications. * [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. * [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
* [Browser Exploitation Framework (BeEF)](https://github.com/beefproject/beef) - Command and control server for delivering exploits to commandeered Web browsers.
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit. * [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool. * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
@ -258,10 +258,14 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent. * [Empire](https://www.powershellempire.com/) - Pure PowerShell post-exploitation agent.
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
* [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. * [wePWNise](https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
### GNU/Linux Utilities ### GNU/Linux Utilities
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.
### macOS Utilities
* [Bella](https://github.com/Trietptm-on-Security/Bella) - Pure Python post-exploitation data mining and remote administration tool for macOS.
### DDoS Tools ### DDoS Tools
* [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows. * [LOIC](https://github.com/NewEraCracker/LOIC/) - Open source network stress tool for Windows.
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC. * [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC.
@ -306,8 +310,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network. * [Nipe](https://github.com/GouveaHeitor/nipe) - Script to redirect all traffic from the machine to the Tor network.
### Reverse Engineering Tools ### Reverse Engineering Tools
* [IDA Pro](https://www.hex-rays.com/products/ida/) - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger. * [Interactive Disassembler (IDA Pro)](https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
* [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml) - The freeware version of IDA v5.0.
* [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg. * [WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis. * [OllyDbg](http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
* [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework. * [Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.
@ -318,6 +321,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
* [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies. * [dnSpy](https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies.
* [binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
### Physical Access Tools ### Physical Access Tools
* [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network. * [LAN Turtle](https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.