From d5bc3fcc831397b230622acaa122734c085a9424 Mon Sep 17 00:00:00 2001 From: fabacab Date: Mon, 6 Jul 2020 17:44:53 -0400 Subject: [PATCH] New section for privesc tools, remove trailing whitespace. --- README.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ffc779f..57e357a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Awesome Penetration Testing [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re) -> A collection of awesome penetration testing resources. +> A collection of awesome penetration testing and offensive cybersecurity resources. [Penetration testing](https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. @@ -70,6 +70,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Operating System Distributions](#operating-system-distributions) * [Periodicals](#periodicals) * [Physical Access Tools](#physical-access-tools) +* [Privilege Escalation Tools](#privilege-escalation-tools) * [Reverse Engineering Tools](#reverse-engineering-tools) * [Security Education Courses](#security-education-courses) * [Side-channel Tools](#side-channel-tools) @@ -165,6 +166,13 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list * [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE) * [Violent Python by TJ O'Connor, 2012](https://www.elsevier.com/books/violent-python/unknown/978-1-59749-957-6) +### Privilege Escalation Tools + +* [Active Directory and Privilege Escalation (ADAPE)](https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory. +* [LinEnum](https://github.com/rebootuser/LinEnum) - Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming. +* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system. +* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. + ### Reverse Engineering Books * [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386) @@ -197,7 +205,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list ## Collaboration Tools -* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals. +* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals. * [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor. * [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations. @@ -292,12 +300,9 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list ## GNU/Linux Utilities * [Hwacha](https://github.com/n00py/Hwacha) - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously. -* [LinEnum](https://github.com/rebootuser/LinEnum) - Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming. * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Heuristic reporting on potentially viable exploits for a given GNU/Linux system. * [Lynis](https://cisofy.com/lynis/) - Auditing tool for UNIX-based systems. -* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system. * [checksec.sh](https://www.trapkit.de/tools/checksec.html) - Shell script designed to test what standard Linux OS and PaX security features are being used. -* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. ## Hash Cracking Tools @@ -327,7 +332,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list See also [awesome-industrial-control-system-security](https://github.com/hslatman/awesome-industrial-control-system-security). -* [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more. +* [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more. * [s7scan](https://github.com/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network. ## Multi-paradigm Frameworks @@ -812,7 +817,6 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing). ## Windows Utilities -* [Active Directory and Privilege Escalation (ADAPE)](https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory. * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. * [Commando VM](https://github.com/fireeye/commando-vm) - Automated installation of over 140 Windows software packages for penetration testing and red teaming. * [Covenant](https://github.com/cobbr/Covenant) - ASP.NET Core application that serves as a collaborative command and control platform for red teamers.