mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-23 06:09:22 -05:00
Add tools and books (#53)
* Add tools, books & books cleanup * Add Shodan * Add tools * Add tools * Add tools and books * Add tools and books * Add tools and books * Add Kali tools list
This commit is contained in:
parent
997e980d09
commit
e4c072b262
25
README.md
25
README.md
@ -16,9 +16,11 @@ A collection of awesome penetration testing resources
|
||||
- [Network Tools](#network-tools)
|
||||
- [Wireless Network Tools](#wireless-network-tools)
|
||||
- [SSL Analysis Tools](#ssl-analysis-tools)
|
||||
- [Web exploitation](#web-exploitation)
|
||||
- [Hex Editors](#hex-editors)
|
||||
- [Crackers](#crackers)
|
||||
- [Windows Utils](#windows-utils)
|
||||
- [Linux Utils](#linux-utils)
|
||||
- [DDoS Tools](#ddos-tools)
|
||||
- [Social Engineering Tools](#social-engineering-tools)
|
||||
- [OSInt Tools](#osint-tools)
|
||||
@ -54,6 +56,7 @@ A collection of awesome penetration testing resources
|
||||
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database
|
||||
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits
|
||||
* [GDB-peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB
|
||||
* [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit
|
||||
|
||||
#### Social Engineering Resources
|
||||
* [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers
|
||||
@ -91,6 +94,7 @@ A collection of awesome penetration testing resources
|
||||
* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner
|
||||
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X
|
||||
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
|
||||
* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework
|
||||
|
||||
#### Network Tools
|
||||
* [nmap](http://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
|
||||
@ -107,12 +111,16 @@ A collection of awesome penetration testing resources
|
||||
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
|
||||
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH
|
||||
* [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
|
||||
* [pwnat](https://github.com/samyk/pwnat) - punches holes in firewalls and NATs
|
||||
* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - a collection of tools for network auditing and pentesting
|
||||
* [tgcd](http://tgcd.sourceforge.net/) - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
|
||||
|
||||
#### Wireless Network Tools
|
||||
* [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
|
||||
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
|
||||
* [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup
|
||||
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
|
||||
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
|
||||
|
||||
#### SSL Analysis Tools
|
||||
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner
|
||||
@ -124,6 +132,10 @@ A collection of awesome penetration testing resources
|
||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
|
||||
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
|
||||
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
|
||||
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
|
||||
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner
|
||||
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter
|
||||
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter
|
||||
|
||||
#### Hex Editors
|
||||
* [HexEdit.js](http://hexed.it/) - Browser-based hex editing
|
||||
@ -139,6 +151,12 @@ A collection of awesome penetration testing resources
|
||||
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
|
||||
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
|
||||
* [PowerSpoit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
|
||||
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
|
||||
* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
|
||||
* [Empire](https://github.com/PowerShellEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
|
||||
|
||||
#### Linux Utils
|
||||
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
|
||||
|
||||
#### DDoS Tools
|
||||
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
|
||||
@ -155,6 +173,7 @@ A collection of awesome penetration testing resources
|
||||
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
|
||||
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
|
||||
* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
|
||||
* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
|
||||
|
||||
#### Anonymity Tools
|
||||
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
|
||||
@ -194,14 +213,18 @@ A collection of awesome penetration testing resources
|
||||
* [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http://www.amazon.com/Penetration-Testing-Procedures-Methodologies-EC-Council/dp/1435483677)
|
||||
* [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE)
|
||||
* [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
|
||||
* [Bug Hunter's Diary by Tobias Klein, 2011](https://www.nostarch.com/bughunter)
|
||||
|
||||
#### Hackers Handbook Series
|
||||
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
|
||||
* [The Shellcoders Handbook by Chris Anley et al., 2007](http://wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
|
||||
* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
|
||||
* [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
|
||||
* [iOS Hackers Handbook by Charlie Miller et al., 2012](http://wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
|
||||
* [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
|
||||
* [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
|
||||
* [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
|
||||
* [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
|
||||
|
||||
#### Network Analysis Books
|
||||
* [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](http://nmap.org/book/)
|
||||
@ -211,6 +234,7 @@ A collection of awesome penetration testing resources
|
||||
|
||||
#### Reverse Engineering Books
|
||||
* [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
|
||||
* [Hacking the Xbox by Andrew Huang, 2003](https://www.nostarch.com/xbox.htm)
|
||||
* [The IDA Pro Book by Chris Eagle, 2011](http://www.nostarch.com/idapro2.htm)
|
||||
* [Practical Reverse Engineering by Bruce Dang et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html)
|
||||
* [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386)
|
||||
@ -298,6 +322,7 @@ A collection of awesome penetration testing resources
|
||||
* [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine
|
||||
|
||||
### Awesome Lists
|
||||
* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
|
||||
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
|
||||
* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
|
||||
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development
|
||||
|
Loading…
Reference in New Issue
Block a user