Add tools and books (#53)

* Add tools, books & books cleanup

* Add Shodan

* Add tools

* Add tools

* Add tools and books

* Add tools and books

* Add tools and books

* Add Kali tools list
This commit is contained in:
Patrik Hudák 2016-04-23 19:30:56 +02:00 committed by Samar Dhwoj Acharya
parent 997e980d09
commit e4c072b262

View File

@ -16,9 +16,11 @@ A collection of awesome penetration testing resources
- [Network Tools](#network-tools)
- [Wireless Network Tools](#wireless-network-tools)
- [SSL Analysis Tools](#ssl-analysis-tools)
- [Web exploitation](#web-exploitation)
- [Hex Editors](#hex-editors)
- [Crackers](#crackers)
- [Windows Utils](#windows-utils)
- [Linux Utils](#linux-utils)
- [DDoS Tools](#ddos-tools)
- [Social Engineering Tools](#social-engineering-tools)
- [OSInt Tools](#osint-tools)
@ -54,6 +56,7 @@ A collection of awesome penetration testing resources
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits
* [GDB-peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB
* [shellsploit](https://github.com/b3mb4m/shellsploit-framework) - New Generation Exploit Development Kit
#### Social Engineering Resources
* [Social Engineering Framework](http://www.social-engineer.org/framework/) - An information resource for social engineers
@ -91,6 +94,7 @@ A collection of awesome penetration testing resources
* [Wapiti](http://wapiti.sourceforge.net/) - Web application vulnerability scanner
* [WebReaver](http://www.webreaver.com/) - Web application vulnerability scanner for Mac OS X
* [DVCS Ripper](https://github.com/kost/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
* [arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework
#### Network Tools
* [nmap](http://nmap.org/) - Free Security Scanner For Network Exploration & Security Audits
@ -107,12 +111,16 @@ A collection of awesome penetration testing resources
* [mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH
* [DET](https://github.com/sensepost/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
* [pwnat](https://github.com/samyk/pwnat) - punches holes in firewalls and NATs
* [dsniff](https://www.monkey.org/~dugsong/dsniff/) - a collection of tools for network auditing and pentesting
* [tgcd](http://tgcd.sourceforge.net/) - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
#### Wireless Network Tools
* [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
* [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
* [Aircrack-ng](http://www.aircrack-ng.org/) - a set of tools for auditing wireless network
* [Kismet](https://kismetwireless.net/) - Wireless network detector, sniffer, and IDS
* [Reaver](https://code.google.com/p/reaver-wps/) - Brute force attack against Wifi Protected Setup
* [Wifite](https://github.com/derv82/wifite) - Automated wireless attack tool
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
#### SSL Analysis Tools
* [SSLyze](https://github.com/nabla-c0d3/sslyze) - SSL configuration scanner
@ -124,6 +132,10 @@ A collection of awesome penetration testing resources
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
* [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
* [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
* [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
* [joomscan](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner
* [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Website Fingerprinter
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web Application Fingerprinter
#### Hex Editors
* [HexEdit.js](http://hexed.it/) - Browser-based hex editing
@ -139,6 +151,12 @@ A collection of awesome penetration testing resources
* [Windows Credentials Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/) - security tool to list logon sessions and add, change, list and delete associated credentials
* [mimikatz](http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows OS
* [PowerSpoit](https://github.com/PowerShellMafia/PowerSploit) - A PowerShell Post-Exploitation Framework
* [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target
* [Responder](https://github.com/SpiderLabs/Responder) - A LLMNR, NBT-NS and MDNS poisoner
* [Empire](https://github.com/PowerShellEmpire/Empire) - Empire is a pure PowerShell post-exploitation agent
#### Linux Utils
* [Linux Exploit Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number.
#### DDoS Tools
* [LOIC](https://github.com/NewEraCracker/LOIC/) - An open source network stress tool for Windows
@ -155,6 +173,7 @@ A collection of awesome penetration testing resources
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
#### Anonymity Tools
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
@ -194,14 +213,18 @@ A collection of awesome penetration testing resources
* [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http://www.amazon.com/Penetration-Testing-Procedures-Methodologies-EC-Council/dp/1435483677)
* [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http://www.amazon.com/Unauthorised-Access-Physical-Penetration-Security-ebook/dp/B005DIAPKE)
* [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
* [Bug Hunter's Diary by Tobias Klein, 2011](https://www.nostarch.com/bughunter)
#### Hackers Handbook Series
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
* [The Shellcoders Handbook by Chris Anley et al., 2007](http://wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
* [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
* [iOS Hackers Handbook by Charlie Miller et al., 2012](http://wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
* [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
* [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
* [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
* [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
#### Network Analysis Books
* [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](http://nmap.org/book/)
@ -211,6 +234,7 @@ A collection of awesome penetration testing resources
#### Reverse Engineering Books
* [Reverse Engineering for Beginners by Dennis Yurichev](http://beginners.re/)
* [Hacking the Xbox by Andrew Huang, 2003](https://www.nostarch.com/xbox.htm)
* [The IDA Pro Book by Chris Eagle, 2011](http://www.nostarch.com/idapro2.htm)
* [Practical Reverse Engineering by Bruce Dang et al., 2014](http://wiley.com/WileyCDA/WileyTitle/productCd-1118787315.html)
* [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071832386)
@ -298,6 +322,7 @@ A collection of awesome penetration testing resources
* [Phrack Magazine](http://www.phrack.org/) - By far the longest running hacker zine
### Awesome Lists
* [Kali Linux Tools](http://tools.kali.org/tools-listing) - List of tools present in Kali Linux
* [SecTools](http://sectools.org/) - Top 125 Network Security Tools
* [C/C++ Programming](https://github.com/fffaraz/awesome-cpp) - One of the main language for open source security tools
* [.NET Programming](https://github.com/quozd/awesome-dotnet) - A software framework for Microsoft Windows platform development