mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-23 06:09:22 -05:00
Add tools and books (#53)
* Add tools, books & books cleanup * Add Shodan * Add tools * Add tools * Add tools and books * Add tools and books * Add tools and books * Add Kali tools list
This commit is contained in:
parent
997e980d09
commit
e4c072b262
33
README.md
33
README.md
@ -16,9 +16,11 @@ A collection of awesome penetration testing resources
|
|||||||
- [Network Tools](#network-tools)
|
- [Network Tools](#network-tools)
|
||||||
- [Wireless Network Tools](#wireless-network-tools)
|
- [Wireless Network Tools](#wireless-network-tools)
|
||||||
- [SSL Analysis Tools](#ssl-analysis-tools)
|
- [SSL Analysis Tools](#ssl-analysis-tools)
|
||||||
|
- [Web exploitation](#web-exploitation)
|
||||||
- [Hex Editors](#hex-editors)
|
- [Hex Editors](#hex-editors)
|
||||||
- [Crackers](#crackers)
|
- [Crackers](#crackers)
|
||||||
- [Windows Utils](#windows-utils)
|
- [Windows Utils](#windows-utils)
|
||||||
|
- [Linux Utils](#linux-utils)
|
||||||
- [DDoS Tools](#ddos-tools)
|
- [DDoS Tools](#ddos-tools)
|
||||||
- [Social Engineering Tools](#social-engineering-tools)
|
- [Social Engineering Tools](#social-engineering-tools)
|
||||||
- [OSInt Tools](#osint-tools)
|
- [OSInt Tools](#osint-tools)
|
||||||
@ -54,6 +56,7 @@ A collection of awesome penetration testing resources
|
|||||||
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database
|
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database
|
||||||
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits
|
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits
|
||||||
* [GDB-peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB
|
* [GDB-peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB
|
||||||
|
* [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit
|
||||||
|
|
||||||
#### Social Engineering Resources
|
#### Social Engineering Resources
|
||||||
* [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers
|
* [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers
|
||||||
@ -91,6 +94,7 @@ A collection of awesome penetration testing resources
|
|||||||
* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner
|
* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner
|
||||||
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X
|
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X
|
||||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
|
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
|
||||||
|
* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework
|
||||||
|
|
||||||
#### Network Tools
|
#### Network Tools
|
||||||
* [nmap](http://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
|
* [nmap](http://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
|
||||||
@ -107,12 +111,16 @@ A collection of awesome penetration testing resources
|
|||||||
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
|
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
|
||||||
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH
|
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH
|
||||||
* [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
|
* [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
|
||||||
|
* [pwnat](https://github.com/samyk/pwnat) - punches holes in firewalls and NATs
|
||||||
|
* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - a collection of tools for network auditing and pentesting
|
||||||
|
* [tgcd](http://tgcd.sourceforge.net/) - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
|
||||||
|
|
||||||
#### Wireless Network Tools
|
#### Wireless Network Tools
|
||||||
* [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
|
* [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
|
||||||
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
|
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
|
||||||
* [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup
|
* [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup
|
||||||
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
|
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
|
||||||
|
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
|
||||||
|
|
||||||
#### SSL Analysis Tools
|
#### SSL Analysis Tools
|
||||||
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner
|
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner
|
||||||
@ -124,6 +132,10 @@ A collection of awesome penetration testing resources
|
|||||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
|
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
|
||||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
|
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
|
||||||
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
|
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
|
||||||
|
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
|
||||||
|
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner
|
||||||
|
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter
|
||||||
|
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter
|
||||||
|
|
||||||
#### Hex Editors
|
#### Hex Editors
|
||||||
* [HexEdit.js](http://hexed.it/) - Browser-based hex editing
|
* [HexEdit.js](http://hexed.it/) - Browser-based hex editing
|
||||||
@ -139,6 +151,12 @@ A collection of awesome penetration testing resources
|
|||||||
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
|
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
|
||||||
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
|
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
|
||||||
* [PowerSpoit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
|
* [PowerSpoit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
|
||||||
|
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
|
||||||
|
* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
|
||||||
|
* [Empire](https://github.com/PowerShellEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
|
||||||
|
|
||||||
|
#### Linux Utils
|
||||||
|
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
|
||||||
|
|
||||||
#### DDoS Tools
|
#### DDoS Tools
|
||||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
|
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
|
||||||
@ -155,6 +173,7 @@ A collection of awesome penetration testing resources
|
|||||||
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
|
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
|
||||||
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
|
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
|
||||||
* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
|
* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
|
||||||
|
* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
|
||||||
|
|
||||||
#### Anonymity Tools
|
#### Anonymity Tools
|
||||||
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
|
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
|
||||||
@ -194,14 +213,18 @@ A collection of awesome penetration testing resources
|
|||||||
* [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http://www.amazon.com/Penetration-Testing-Procedures-Methodologies-EC-Council/dp/1435483677)
|
* [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http://www.amazon.com/Penetration-Testing-Procedures-Methodologies-EC-Council/dp/1435483677)
|
||||||
* [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE)
|
* [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE)
|
||||||
* [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
|
* [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
|
||||||
|
* [Bug Hunter's Diary by Tobias Klein, 2011](https://www.nostarch.com/bughunter)
|
||||||
|
|
||||||
#### Hackers Handbook Series
|
#### Hackers Handbook Series
|
||||||
|
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
|
||||||
* [The Shellcoders Handbook by Chris Anley et al., 2007](http://wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
|
* [The Shellcoders Handbook by Chris Anley et al., 2007](http://wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
|
||||||
|
* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
|
||||||
* [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
|
* [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
|
||||||
* [iOS Hackers Handbook by Charlie Miller et al., 2012](http://wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
|
* [iOS Hackers Handbook by Charlie Miller et al., 2012](http://wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
|
||||||
* [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
|
* [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
|
||||||
* [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
|
* [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
|
||||||
* [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
|
* [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
|
||||||
|
* [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
|
||||||
|
|
||||||
#### Network Analysis Books
|
#### Network Analysis Books
|
||||||
* [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](http://nmap.org/book/)
|
* [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](http://nmap.org/book/)
|
||||||
@ -211,6 +234,7 @@ A collection of awesome penetration testing resources
|
|||||||
|
|
||||||
#### Reverse Engineering Books
|
#### Reverse Engineering Books
|
||||||
* [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
|
* [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
|
||||||
|
* [Hacking the Xbox by Andrew Huang, 2003](https://www.nostarch.com/xbox.htm)
|
||||||
* [The IDA Pro Book by Chris Eagle, 2011](http://www.nostarch.com/idapro2.htm)
|
* [The IDA Pro Book by Chris Eagle, 2011](http://www.nostarch.com/idapro2.htm)
|
||||||
* [Practical Reverse Engineering by Bruce Dang et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html)
|
* [Practical Reverse Engineering by Bruce Dang et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html)
|
||||||
* [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386)
|
* [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386)
|
||||||
@ -298,6 +322,7 @@ A collection of awesome penetration testing resources
|
|||||||
* [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine
|
* [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine
|
||||||
|
|
||||||
### Awesome Lists
|
### Awesome Lists
|
||||||
|
* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
|
||||||
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
|
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
|
||||||
* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
|
* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
|
||||||
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development
|
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development
|
||||||
|
Loading…
Reference in New Issue
Block a user