Add tools and books (#53)

* Add tools, books & books cleanup

* Add Shodan

* Add tools

* Add tools

* Add tools and books

* Add tools and books

* Add tools and books

* Add Kali tools list

README.md

@@ -16,9 +16,11 @@ A collection of awesome penetration testing resources
   - [Network Tools](#network-tools)
   - [Wireless Network Tools](#wireless-network-tools)
   - [SSL Analysis Tools](#ssl-analysis-tools)
+  - [Web exploitation](#web-exploitation)
   - [Hex Editors](#hex-editors)
   - [Crackers](#crackers)
   - [Windows Utils](#windows-utils)
+  - [Linux Utils](#linux-utils)
   - [DDoS Tools](#ddos-tools)
   - [Social Engineering Tools](#social-engineering-tools)
   - [OSInt Tools](#osint-tools)
@@ -54,6 +56,7 @@ A collection of awesome penetration testing resources
 * [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database
 * [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits
 * [GDB-peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB
+* [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit
 
 #### Social Engineering Resources
 * [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers
@@ -91,6 +94,7 @@ A collection of awesome penetration testing resources
 * [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner
 * [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X
 * [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
+* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework
 
 #### Network Tools
 * [nmap](http://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
@@ -107,12 +111,16 @@ A collection of awesome penetration testing resources
 * [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
 * [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH
 * [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
+* [pwnat](https://github.com/samyk/pwnat) - punches holes in firewalls and NATs
+* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - a collection of tools for network auditing and pentesting
+* [tgcd](http://tgcd.sourceforge.net/) - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
 
 #### Wireless Network Tools
 * [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
 * [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
 * [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup
 * [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
+* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
 
 #### SSL Analysis Tools
 * [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner
@@ -124,6 +132,10 @@ A collection of awesome penetration testing resources
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
 * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
 * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
+* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
+* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner
+* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter
+* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter
 
 #### Hex Editors
 * [HexEdit.js](http://hexed.it/) - Browser-based hex editing
@@ -139,6 +151,12 @@ A collection of awesome penetration testing resources
 * [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
 * [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
 * [PowerSpoit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
+* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
+* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
+* [Empire](https://github.com/PowerShellEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
+
+#### Linux Utils
+* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
 
 #### DDoS Tools
 * [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
@@ -155,6 +173,7 @@ A collection of awesome penetration testing resources
 * [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
 * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
 * [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
+* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
 
 #### Anonymity Tools
 * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
@@ -194,14 +213,18 @@ A collection of awesome penetration testing resources
 * [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http://www.amazon.com/Penetration-Testing-Procedures-Methodologies-EC-Council/dp/1435483677)
 * [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE)
 * [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
+* [Bug Hunter's Diary by Tobias Klein, 2011](https://www.nostarch.com/bughunter)
 
 #### Hackers Handbook Series
+* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
 * [The Shellcoders Handbook by Chris Anley et al., 2007](http://wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
+* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
 * [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
 * [iOS Hackers Handbook by Charlie Miller et al., 2012](http://wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
 * [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
 * [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
 * [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
+* [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
 
 #### Network Analysis Books
 * [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](http://nmap.org/book/)
@@ -211,6 +234,7 @@ A collection of awesome penetration testing resources
 
 #### Reverse Engineering Books
 * [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
+* [Hacking the Xbox by Andrew Huang, 2003](https://www.nostarch.com/xbox.htm)
 * [The IDA Pro Book by Chris Eagle, 2011](http://www.nostarch.com/idapro2.htm)
 * [Practical Reverse Engineering by Bruce Dang et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html)
 * [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386)
@@ -298,6 +322,7 @@ A collection of awesome penetration testing resources
 * [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine
 
 ### Awesome Lists
+* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
 * [SecTools](http://sectools.org/) - Top 125 Network Security Tools
 * [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
 * [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development