This list is an important piece of the full pentest puzzle. While this
list focuses primarily on the pre-exploitation and exploitation phases
of a penetration test, the Awesome Malware list focuses on
post-exploitation tools and resources, which are needed to make any
meaningful use of success with the tools listed on this list.
Add phpsploit tool (https://github.com/nil0x42/phpsploit):
Full-featured C2 framework which silently persists on webserver via evil PHP oneliner
PhpSploit is a well-known advanced & stealth PHP webshell for persistence & privesc
This commit consolidates the Social Engineering resources into a new
dedicated category for SE topics. It also replaces the Docker Containers
section entirely by removing redundant tools and creating a new
"Intentionally Vulnerable Systems" section in which Docker containers of
such setups are now placed. The thinking here is that it should not be
our responsibility to separately track Docker containers for attack
tools independently of the tool itself; we should only list the tool
itself and users can find a Docker image that packages it if they want.
This commit also continues the topical consolidation by moving books
about specifically Web exploitation techniques into a new subsection of
the pre-existing Web Exploitation section.
This commit removes the various areas of the list containing information
about Lock Picking and replaces them with a single top-level section
that refers interested readers to the dedicated Awesome Lockpicking list
because that list contains all the information we had, and more.
This commit fixes several minor issues including the heading levels for
sections such as RE tools, and fixes a broken link to the Online Social
Engineering Resources section, and correctly alphabetizing sections.
It also begins the process of culling the rather uncatgorized "other
lists elsewhere" section by inserting "see also" links to those other
lists in the appropriate section of this Awesome List, as is standard
Awesome List practice.
Additionally, this commit reorganizes several tools into clearer
categories by creating subcategories (for Tor tools, for instance) or
moving subcategories to their own top-level categories (exfil tools).
duplicut is a C tool, highly optimized for a single task:
Removing duplicate entries from a wordlist, without changing the order, and without getting OOM on huge wordlists whose size exceeds available memory.
It's trivial to remove duplicates by sorting, but duplicut is the only tool capable of removing them without changing the order, to assist the creation of statictically optimized wordlists for password cracking purposes.
0xACAB
fabacab
Samar Dhwoj Acharya
duraki
Peter Thaleikis
Hors
Santiago Lizardo
nil0x42
smackhack
Brandon