Commit Graph

520 Commits

Author SHA1 Message Date
Meitar M
34587c6dac
Provide a useful description for SPARTA.
SPARTA is not really its own tool, it's more like a meta-tool. There are
many "network infrastructure penetration testing tools" on this list,
but what does SPARTA actually do that these other tools don't? The
answer is primarily that SPARTA is a GUI wrapper around arbitrary
command lines with some additional logic to identify results from
well-known tools such as `nmap` and trigger actions based on those
results in other tools. Let's make that clear in the item's description.
2017-07-19 15:58:18 -04:00
Samar Dhwoj Acharya
000b36ecd0 Merge pull request #170 from filinpavel/patch-1
Update README.md
2017-07-18 07:57:55 -05:00
filinpavel
16f3406a0f Update README.md
added pyrebox to RE Tools section
2017-07-18 13:56:58 +07:00
Samar Dhwoj Acharya
4b148568ad Merge pull request #169 from meitar/attifyos
Add AttifyOS, a distro focused on pentesting IoT devices.
2017-07-17 08:16:36 -05:00
Meitar M
222a05baff
Add AttifyOS, a distro focused on pentesting IoT devices. 2017-07-17 04:44:03 -04:00
Samar Dhwoj Acharya
653a227d3e Merge pull request #168 from enaqx/travis-test
default to trusty for travis
2017-07-16 09:44:40 -05:00
Samar Dhwoj Acharya
23bee43ea8 Merge pull request #167 from meitar/unicorn
Add TrustedSec's "Magic Unicorn," a payload generator for Windows.
2017-07-16 09:44:07 -05:00
Meitar M
7e08965e7d
Add TrustedSec's "Magic Unicorn," a payload generator for Windows. 2017-07-16 04:06:18 -04:00
techgaun
d4fa4f0a72
default to trusty 2017-07-15 23:53:27 -05:00
Samar Dhwoj Acharya
d33ead1193 Merge pull request #166 from enaqx/travis-updates
update travis steps to handle dfn subca
2017-07-15 18:35:52 -05:00
techgaun
e7824ca693
update travis steps to handle dfn subca 2017-07-15 18:26:16 -05:00
Samar Dhwoj Acharya
0f33e6394d Merge pull request #163 from meitar/hpi-vdb
Add HPI-VDB, which has a cross-referenced CVE search engine and API.
2017-07-15 18:23:12 -05:00
Samar Dhwoj Acharya
e4ab781511 Merge pull request #165 from meitar/medusa
The name of the Medusa disassembler is just "Medusa."
2017-07-14 18:13:29 -05:00
Meitar M
cb21655e64
The name of the Medusa disassembler is just "Medusa." 2017-07-14 17:00:31 -04:00
Samar Dhwoj Acharya
aa2b5a7698 Merge pull request #164 from paralax/patch-1
spelling fixes
2017-07-14 10:32:06 -05:00
jose nazario
195e2ed79e spelling fixes 2017-07-14 10:13:37 -04:00
Meitar M
72f02c8b6b
Add HPI-VDB, which has a cross-referenced CVE search engine and API. 2017-07-13 14:17:56 -04:00
Samar Dhwoj Acharya
9ff00ba17a Merge pull request #159 from meitar/0xed
Add 0xED, a native macOS hex editor with support for resource forks.
2017-07-13 10:47:51 -05:00
Samar Dhwoj Acharya
6b733bfeeb Merge pull request #160 from meitar/ssl-tls
Move `sslstrip` to Web Exploitation, recategorize SSL as TLS tools.
2017-07-13 10:47:29 -05:00
Samar Dhwoj Acharya
8ab42bb257 Merge pull request #161 from meitar/anonymity-tools
Awesome List style guide compliance pass on the Anonymity Tools section.
2017-07-13 10:46:53 -05:00
Samar Dhwoj Acharya
29acf16652 Merge pull request #162 from meitar/pupy
Add Pupy, a multi-paradigm (scriptable/interactive) cross-platform RAT.
2017-07-13 10:45:16 -05:00
Meitar M
19bfe12cd6
Add Pupy, a multi-paradigm (scriptable/interactive) cross-platform RAT. 2017-07-13 03:45:49 -04:00
Meitar M
a4a1f0ecc6
Awesome List style guide compliance pass on the Anonymity Tools section.
This commit conforms the Anonymity Tools section to the Awesome List
style guide by adding periods and such, plus adds the WEBKAY project to
help defend against identity and privay leaks from mis-configured Web
browsers. It also phrases the Tor project item description more clearly.
2017-07-13 00:20:39 -04:00
Meitar M
bf7a6151a9
Add 0xED, a native macOS hex editor with support for resource forks. 2017-07-12 23:41:23 -04:00
Meitar M
74068f8d34
Move sslstrip to Web Exploitation, recategorize SSL as TLS tools.
This commit updates numerous tools all previously categorized as "SSL"
tools. It updates their descriptions to more accurately describe current
versions by remarking on TLS capabilities, and it does the same with the
section heading. Further, Web-centric exploitation tools related to
SSL/TLS implementations have been moved to the Web Exploitation section,
where they arguably more properly belong, as SSL/TLS implementations may
include application-layer services beyond simply HTTP and "Web" traffic.
2017-07-12 23:32:11 -04:00
Samar Dhwoj Acharya
1c7ee4c923 Merge pull request #158 from meitar/aquatone
Add AQUATONE, "a tool for domain flyovers" that makes a handy report.
2017-07-12 21:48:13 -05:00
Samar Dhwoj Acharya
04e9415204 Merge pull request #157 from meitar/xray
Add XRay, automated network (sub)domain recon and OSINT gathering tool.
2017-07-12 21:47:14 -05:00
Meitar M
6a64b2d78b
Add AQUATONE, "a tool for domain flyovers" that makes a handy report. 2017-07-12 17:02:43 -04:00
Meitar M
0ed418eef0
Add XRay, automated network (sub)domain recon and OSINT gathering tool. 2017-07-12 16:51:11 -04:00
Samar Dhwoj Acharya
6e464e5bb4 Merge pull request #156 from meitar/pret
Better description of PRET through conformity with item link style.
2017-07-12 07:46:51 -05:00
Samar Dhwoj Acharya
77df4413fc Merge pull request #155 from meitar/wireshark-macos
Better description for Wireshark, make clear it is cross-platform.
2017-07-12 07:46:25 -05:00
Samar Dhwoj Acharya
bbffb78c67 Merge branch 'master' into wireshark-macos 2017-07-12 07:46:04 -05:00
Samar Dhwoj Acharya
69ba677983 Merge pull request #154 from meitar/basic-tools
Recategorize "Basic" tools section for clarity and conformity.
2017-07-12 07:43:26 -05:00
Meitar M
e4ac5a1cc1
Better description of PRET through conformity with item link style. 2017-07-12 02:51:49 -04:00
Meitar M
16868763fd
Better description for Wireshark, make clear it is cross-platform. 2017-07-12 02:45:19 -04:00
Meitar M
0e4032c58e
Recategorize "Basic" tools section for clarity and conformity.
This commit removes the "Basic Penetration Testing Tools" section and
moves numerous items listed therein into more appropriate places, based
on existing categories. For instance, BeEF is moved to the Web
Exploitation section, since it is more accurate to describe it as a Web
exploitation tool than a "Basic" tool. The former category is
descriptive while the latter is clearly nondescript.

A new section, "Multi-paradigm Frameworks," has been added for items
that were listed under the removed "Basic" section but that do not
cleanly fit into an existing category. Namely, these are Metasploit,
ExploitPack, and Faraday, which are exceptions simply because they are
so versatile. (Hence the choice of the new section, "Multi-paradigm.")

Additionally, the well-known Armitage GUI for Metasploit was added.

Moreover, Bella was moved to a new section, "macOS Utilities," which
provides parity with the existing Windows Utilities and GNU/Linux
Utilities section. Bella is a post-exploitation agent similar to
redsnarf, which likewise has been moved out of the "Basic" section and
into its more appropriate Windows Utilities section.

Other minor touch ups to various item descriptions were also made.
2017-07-12 02:28:12 -04:00
Samar Dhwoj Acharya
24ee7a47b0 Merge pull request #153 from meitar/binwalk
Add `binwalk`, fast and easy tool for reversing firmware images.
2017-07-11 23:26:38 -05:00
Samar Dhwoj Acharya
3ad1b1186f Merge pull request #152 from meitar/ida-pro-free
IDA Pro and IDA Free are basically the same; combine into one item.
2017-07-11 23:25:56 -05:00
Meitar M
2b2996f5ed
IDA Pro and IDA Free are basically the same; combine into one item. 2017-07-12 00:09:27 -04:00
Meitar M
ed7ebf1848
Add binwalk, fast and easy tool for reversing firmware images. 2017-07-12 00:04:18 -04:00
Samar Dhwoj Acharya
8bb8394e20 Merge pull request #151 from meitar/capitalization
Fix inconsistent capitalization in headings; "utils" -> "utilities."
2017-07-11 08:08:35 -05:00
Meitar M
9749c6382d
Fix inconsistent capitalization in headings; "utils" -> "utilities." 2017-07-11 05:49:24 -04:00
Samar Dhwoj Acharya
756ac14ce1 Merge pull request #150 from meitar/osvdb
Drop link to commercial-only VulnDB based off OSVDB.
2017-07-10 17:34:10 -05:00
Meitar M
32ff359418
Drop link to commercial-only VulnDB based off OSVDB. 2017-07-10 16:17:34 -04:00
Samar Dhwoj Acharya
d39cd608c6 Merge pull request #149 from meitar/compliance
Fix minor typos, capitalization issues, and term consistency.
2017-07-08 19:16:31 -05:00
Samar Dhwoj Acharya
ed132d95be Merge pull request #148 from attritionorg/patch-1
touch-ups and clarifications for the VDB section
2017-07-08 19:13:19 -05:00
Meitar M
9b037a9bbf Fix minor typos, capitalization issues, and term consistency. 2017-07-08 20:03:48 -04:00
Jericho
71d146979c touch-ups and clarifications for the VDB section 2017-07-08 16:45:34 -06:00
Samar Dhwoj Acharya
51949983f7 Merge pull request #145 from meitar/vuln-scanners
Reorganize Vulnerability Scanners section, add subheadings.
2017-07-08 15:01:12 -05:00
Meitar M
3c811415bc Style guide compliance pass focused on Vulnerability Databases section. (#144)
* Add CVE List to Vulnerability Databases section, since it was missing.

* Style guide compliance pass focused on Vulnerability Databases section.

* Whitelist the Inj3ct0r URLs.

The `0day.today` website sits behind an extremely aggressive Cloudflare
anti-bot checker, which causes `awesome-bot` to trigger an HTTP 503
response. This fails the build but is actually normal behavior.

Similarly, the Onion service is inaccessible except over Tor and our
Travis CI configuration does not (yet?) support checking Onion service
links. (Although, perhaps it should be updated to do so in a future PR.)
2017-07-08 13:52:24 -05:00