mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-22 21:59:29 -05:00
Add more Web categories.
This commit is contained in:
parent
5ff19fe3ec
commit
e7e4ba0a6d
40
README.md
40
README.md
@ -82,6 +82,9 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [Steganography Tools](#steganography-tools)
|
* [Steganography Tools](#steganography-tools)
|
||||||
* [Vulnerability Databases](#vulnerability-databases)
|
* [Vulnerability Databases](#vulnerability-databases)
|
||||||
* [Web Exploitation](#web-exploitation)
|
* [Web Exploitation](#web-exploitation)
|
||||||
|
* [Intercepting Web proxies](#intercepting-web-proxies)
|
||||||
|
* [Web file inclusion tools](#web-file-inclusion-tools)
|
||||||
|
* [Web injection tools](#web-injection-tools)
|
||||||
* [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
|
* [Web shells and C2 frameworks](#web-shells-and-c2-frameworks)
|
||||||
* [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
|
* [Web-accessible source code ripping tools](#web-accessible-source-code-ripping-tools)
|
||||||
* [Web Exploitation Books](#web-exploitation-books)
|
* [Web Exploitation Books](#web-exploitation-books)
|
||||||
@ -400,6 +403,8 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
|
|
||||||
### Proxies and Machine-in-the-Middle (MITM) Tools
|
### Proxies and Machine-in-the-Middle (MITM) Tools
|
||||||
|
|
||||||
|
See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
|
||||||
|
|
||||||
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
* [BetterCAP](https://www.bettercap.org/) - Modular, portable and easily extensible MITM framework.
|
||||||
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
* [Ettercap](http://www.ettercap-project.org) - Comprehensive, mature suite for machine-in-the-middle attacks.
|
||||||
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
* [Habu](https://github.com/portantier/habu) - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
|
||||||
@ -410,7 +415,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
|
|||||||
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
* [dnschef](https://github.com/iphelix/dnschef) - Highly configurable DNS proxy for pentesters.
|
||||||
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
* [evilgrade](https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
|
||||||
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
|
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
|
||||||
* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
|
||||||
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
|
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
|
||||||
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
|
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
|
||||||
|
|
||||||
@ -785,26 +789,38 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
|
|||||||
|
|
||||||
## Web Exploitation
|
## Web Exploitation
|
||||||
|
|
||||||
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
|
||||||
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
|
||||||
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
|
||||||
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
* [FuzzDB](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
|
||||||
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
|
||||||
* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
|
|
||||||
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
|
|
||||||
* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
|
||||||
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
* [Offensive Web Testing Framework (OWTF)](https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
|
||||||
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
|
* [Raccoon](https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
|
||||||
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
|
||||||
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
* [WPSploit](https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
|
||||||
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
|
||||||
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
|
* [autochrome](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
|
||||||
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
* [badtouch](https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
|
||||||
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
|
||||||
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
|
||||||
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
* [recursebuster](https://github.com/c-sto/recursebuster) - Content discovery tool to perform directory and file bruteforcing.
|
||||||
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
* [sslstrip2](https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
|
||||||
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
|
* [sslstrip](https://www.thoughtcrime.org/software/sslstrip/) - Demonstration of the HTTPS stripping attacks.
|
||||||
|
|
||||||
|
### Intercepting Web proxies
|
||||||
|
|
||||||
|
See also *[Proxies and Machine-in-the-Middle (MITM) Tools](#proxies-and-machine-in-the-middle-mitm-tools)*.
|
||||||
|
|
||||||
|
* [Burp Suite](https://portswigger.net/burp/) - Integrated platform for performing security testing of web applications.
|
||||||
|
* [Fiddler](https://www.telerik.com/fiddler) - Free cross-platform web debugging proxy with user-friendly companion tools.
|
||||||
|
* [OWASP Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
|
||||||
|
* [mitmproxy](https://mitmproxy.org/) - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
|
||||||
|
|
||||||
|
### Web file inclusion tools
|
||||||
|
|
||||||
|
* [Kadimus](https://github.com/P0cL4bs/Kadimus) - LFI scan and exploit tool.
|
||||||
|
* [LFISuite](https://github.com/D35m0nd142/LFISuite) - Automatic LFI scanner and exploiter.
|
||||||
|
* [fimap](https://github.com/kurobeats/fimap) - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
|
||||||
|
* [liffy](https://github.com/hvqzao/liffy) - LFI exploitation tool.
|
||||||
|
|
||||||
|
### Web injection tools
|
||||||
|
|
||||||
|
* [Commix](https://github.com/commixproject/commix) - Automated all-in-one operating system command injection and exploitation tool.
|
||||||
|
* [NoSQLmap](https://github.com/codingo/NoSQLMap) - Automatic NoSQL injection and database takeover tool.
|
||||||
|
* [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool.
|
||||||
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool.
|
||||||
|
|
||||||
### Web shells and C2 frameworks
|
### Web shells and C2 frameworks
|
||||||
|
Loading…
Reference in New Issue
Block a user