diff --git a/README.md b/README.md index 4e7b091..4f2bd41 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ A collection of awesome penetration testing resources - [Anonymity Tools](#anonymity-tools) - [Reverse Engineering Tools](#reverse-engineering-tools) - [CTF Tools](#ctf-tools) + - [Practice CTFs](#practice-ctfs) - [Books](#books) - [Penetration Testing Books](#penetration-testing-books) - [Hackers Handbook Series](#hackers-handbook-series) @@ -80,6 +81,10 @@ A collection of awesome penetration testing resources * [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems * [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions * [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems +* [cuckoo](https://cuckoosandbox.org/) - Cuckoo Sandbox is a malware analysis system +* [CAINE](http://www.caine-live.net/) - (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project +* [DEFT](http://www.deftlinux.net/) - Digital Evidence & Forensics Toolkit Live OS +* [Tails](https://tails.boum.org/) - Live OS aimed at preserving privacy and anonymity ### Tools #### Penetration Testing Distributions @@ -95,7 +100,6 @@ A collection of awesome penetration testing resources #### Basic Penetration Testing Tools * [Metasploit Framework](https://www.metasploit.com/) - World's most used penetration testing software -* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications * [ExploitPack](https://github.com/juansacco/exploitpack) - Graphical tool for penetration testing with a bunch of exploits * [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project * [faraday](https://github.com/infobyte/faraday) - Collaborative Penetration Test and Vulnerability Management Platform @@ -138,6 +142,7 @@ A collection of awesome penetration testing resources * [Vuls](https://github.com/future-architect/vuls) - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go #### Network Tools +* [zmap](https://zmap.io/) - Open-source network scanner that enables researchers to easily perform Internet-wide network studies * [nmap](https://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits * [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool * [tcpdump/libpcap](http://www.tcpdump.org/) - A common packet analyzer that runs under the command line @@ -184,6 +189,8 @@ A collection of awesome penetration testing resources * [tls_prober](https://github.com/WestpointLtd/tls_prober) - fingerprint a server's SSL/TLS implementation #### Web exploitation +* [Burp Suite](https://portswigger.net/burp/) - An integrated platform for performing security testing of web applications +* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool * [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool @@ -219,6 +226,7 @@ A collection of awesome penetration testing resources * [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework +* [Powershell Empire](https://www.powershellempire.com/) - A pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture * [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target * [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - A graphical Active Directory trust relationship explorer @@ -230,8 +238,6 @@ A collection of awesome penetration testing resources * [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number. #### DDoS Tools -* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows -* [JS LOIC](http://metacortexsecurity.com/tools/anon/LOIC/LOICv1.html) - JavaScript in-browser version of LOIC * [T50](https://sourceforge.net/projects/t50/) - The more fast network stress tool #### Social Engineering Tools @@ -239,6 +245,7 @@ A collection of awesome penetration testing resources * [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content #### OSInt Tools +* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Full-featured Web Reconnaissance framework written in Python * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. * [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester * [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool @@ -283,6 +290,11 @@ A collection of awesome penetration testing resources * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs * [RsaCtfTool](https://github.com/sourcekris/RsaCtfTool) - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks +#### Practice CTFs +* [HackThisSite](hackthissite.org) - An online CTF with short challenges and clear progression +* [HackMethod](https://hackmethod.com/) - An online CTF with short challenges and clear progression +* [VulnHub](https://www.vulnhub.com/) - Hosts vulnerable VMs for downloading and hacking, founded by g0tmi1k + ### Books #### Penetration Testing Books * [The Art of Exploitation by Jon Erickson, 2008](https://www.nostarch.com/hacking2.htm)