mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2025-01-10 14:39:30 -05:00
Update README.md
Multiple additions, moves Burp to Web Exploitation, removes LOIC
This commit is contained in:
tarrenj
GitHub
parent
766ef74e92
commit
d690331242
18
README.md
18
README.md
@ -31,6 +31,7 @@ A collection of awesome penetration testing resources
|
||||
- [Anonymity Tools](#anonymity-tools)
|
||||
- [Reverse Engineering Tools](#reverse-engineering-tools)
|
||||
- [CTF Tools](#ctf-tools)
|
||||
- [Practice CTFs](#practice-ctfs)
|
||||
- [Books](#books)
|
||||
- [Penetration Testing Books](#penetration-testing-books)
|
||||
- [Hackers Handbook Series](#hackers-handbook-series)
|
||||
@ -80,6 +81,10 @@ A collection of awesome penetration testing resources
|
||||
* [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
|
||||
* [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions
|
||||
* [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
|
||||
* [cuckoo](https://cuckoosandbox.org/) - Cuckoo Sandbox is a malware analysis system
|
||||
* [CAINE](http://www.caine-live.net/) - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project
|
||||
* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS
|
||||
* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity
|
||||
|
||||
### Tools
|
||||
#### Penetration Testing Distributions
|
||||
@ -95,7 +100,6 @@ A collection of awesome penetration testing resources
|
||||
|
||||
#### Basic Penetration Testing Tools
|
||||
* [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software
|
||||
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
|
||||
* [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits
|
||||
* [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project
|
||||
* [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform
|
||||
@ -138,6 +142,7 @@ A collection of awesome penetration testing resources
|
||||
* [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
|
||||
|
||||
#### Network Tools
|
||||
* [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies
|
||||
* [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
|
||||
* [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
|
||||
* [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line
|
||||
@ -184,6 +189,8 @@ A collection of awesome penetration testing resources
|
||||
* [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation
|
||||
|
||||
#### Web exploitation
|
||||
* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications
|
||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
||||
* [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
|
||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
|
||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool
|
||||
@ -219,6 +226,7 @@ A collection of awesome penetration testing resources
|
||||
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
|
||||
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
|
||||
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
|
||||
* [Powershell Empire](https://www.powershellempire.com/) - A pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture
|
||||
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
|
||||
* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
|
||||
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer
|
||||
@ -230,8 +238,6 @@ A collection of awesome penetration testing resources
|
||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
|
||||
|
||||
#### DDoS Tools
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
|
||||
* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC
|
||||
* [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool
|
||||
|
||||
#### Social Engineering Tools
|
||||
@ -239,6 +245,7 @@ A collection of awesome penetration testing resources
|
||||
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content
|
||||
|
||||
#### OSInt Tools
|
||||
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python
|
||||
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
|
||||
* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester
|
||||
* [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool
|
||||
@ -283,6 +290,11 @@ A collection of awesome penetration testing resources
|
||||
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs
|
||||
* [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks
|
||||
|
||||
#### Practice CTFs
|
||||
* [HackThisSite](hackthissite.org) - An online CTF with short challenges and clear progression
|
||||
* [HackMethod](https://hackmethod.com/) - An online CTF with short challenges and clear progression
|
||||
* [VulnHub](https://www.vulnhub.com/) - Hosts vulnerable VMs for downloading and hacking, founded by g0tmi1k
|
||||
|
||||
### Books
|
||||
#### Penetration Testing Books
|
||||
* [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user