[Legion](https://github.com/GoVanguard/legion) - Open source semi-automated discovery and reconnaissance network penetration testing framework by @GoVanguard
This commit removes the bolding from the Netsparker referral link
because it lints as a heading. (The referral URL itself was not
deleted.) It also adds the word `culture` at the end of the 2600 list
item so that line item won't end in a quotation mark, but a period (as
the pedantic linter requires). This commit also fixes the headline level
for the License section and uses the new Awesome badge SVG sources.
This commit makes a substantial change by moving two sections that were
previously in "Tools" into the "Online Resources" category instead.
Specifically, the "Penetration Testing Report Templates" and "Code
examples for Penetration Testing" sections, each of which contained
references to documents rather than immediately-usable software, were
moved out of the "Tools" category. This was done because there is now a
clear distinction between "places to go to get more information about a
topic" (a resource) and "software to download that is immediately usable
in a pentest" (a tool).
Additionally, this commit adds a new section of Tools for pentests
tentatively called "Collaboration Tools" and adds RedELK, a Red Team's
SIEM, to that section. RedELK is an example of a multiple teamserver
analysis framework intended for use during long-term engagements for
keeping tabs on Blue Team activities, so it is not exactly like any
other tool in this list.
Finally, another tool (Cloakify) was added to the data exfiltration
section.
This commit also adds GhostProject.fr to the whitelist, as they use
CloudFlare's JavaScript DDoS detection and return an HTTP 503 error.
This commit also removes `zoomeye.org` from the whitelist,
because they seem to be returning HTTP 200 OK responses reliably now.
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`
Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
This commit adds a new utility, `shellpop`, which is a Python script
that is used to generate sophisticated shellcode in numerous languages.
It also removes trailing whitespace from several line items, likely
added by mistake, capitalizes the name of the programming language Rust,
and rephrases the description of Hwacha for clarity and conciseness.
https://github.com/stevenaldinger/decker
Decker allows writing declarative "penetration tests as code". It uses the same config language as Terraform and other Hashicorp tools and has a plugin based architecture so the usefulness of the framework will grow as more plugins become available. The [all-the-things](https://github.com/stevenaldinger/decker/blob/master/examples/all-the-things.hcl) example will take a target hostname and run web app scans such as SSL vulnerability and WAF detection as well as general info gathering, ftp, smtp, imap, vnc, mysql, and postgres scans if the relevant ports are found to be open in the nmap scan.
Docker images are also provided and the `stevenaldinger/decker:kali` image is recommended since it has a lot of tools preinstalled.
