In this commit, the primary change is alphabetizing both the table of
contents as well as the line items for each category. This is done in
order to make it easier for readers to locate their desired information
with their naked eyes. The list is long, and as such should at least
have a consistent scheme for ordering the items within it.
Alphabetization also side-steps the issue of favoritism since the sort
order is lexicographical.
Additionally, this commit changes several headings to more clearly
describe its contents. For example, most of the subheadings under the
"Online Resources" category have been renamed to "Online [Topic]
Resources", where "[Topic]" was the old heading. Similarly, I split the
Docker Container section into two, one for distros and for tools, since
the previous section muddled those two distinct categories of containers
together. (The main list does not do this, so that was anomalous.)
Another major change is the removal of the top-level "Tools" section.
This section had clearly become a catch-all and also prevented us from
being able to use sub-headings to more intelligently categorize the
individual tools without running afoul of the Awesome List guidelines
that restrict us to one level of subheading per category. This continues
the work that was begun in #290 of moving, e.g., the "Network Tools"
section to its own top-level heading.
Further, I have removed several tools that are strictly either forensics
or malware analysis utilities, such as cuckoo sandbox. I feel that this
more accurately aligns this list with its stated purpose: Penetration
Testing. While related, listing forensics of malware analysis tools that
cannot also be used for vulnerability discovery or exploit development
seems like an invitation to suffer from scope creep. Instead of listing
those tools directly, I have therefore added "See also" lines with links
to more appropriate places (often other Awesome lists) for their topic.
Finally, several links were upgraded from their listed HTTP to HTTPS
versions, after I confirmed that those Web servers did indeed respond to
TLS requests. I also removed `www.defcon.org` from the `awesome_bot`'s
white list, since that link works just fine for me as well.
[Legion](https://github.com/GoVanguard/legion) - Open source semi-automated discovery and reconnaissance network penetration testing framework by @GoVanguard
This commit removes the bolding from the Netsparker referral link
because it lints as a heading. (The referral URL itself was not
deleted.) It also adds the word `culture` at the end of the 2600 list
item so that line item won't end in a quotation mark, but a period (as
the pedantic linter requires). This commit also fixes the headline level
for the License section and uses the new Awesome badge SVG sources.
This commit makes a substantial change by moving two sections that were
previously in "Tools" into the "Online Resources" category instead.
Specifically, the "Penetration Testing Report Templates" and "Code
examples for Penetration Testing" sections, each of which contained
references to documents rather than immediately-usable software, were
moved out of the "Tools" category. This was done because there is now a
clear distinction between "places to go to get more information about a
topic" (a resource) and "software to download that is immediately usable
in a pentest" (a tool).
Additionally, this commit adds a new section of Tools for pentests
tentatively called "Collaboration Tools" and adds RedELK, a Red Team's
SIEM, to that section. RedELK is an example of a multiple teamserver
analysis framework intended for use during long-term engagements for
keeping tabs on Blue Team activities, so it is not exactly like any
other tool in this list.
Finally, another tool (Cloakify) was added to the data exfiltration
section.
This commit also adds GhostProject.fr to the whitelist, as they use
CloudFlare's JavaScript DDoS detection and return an HTTP 503 error.
This commit also removes `zoomeye.org` from the whitelist,
because they seem to be returning HTTP 200 OK responses reliably now.
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`
Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
This commit adds a new utility, `shellpop`, which is a Python script
that is used to generate sophisticated shellcode in numerous languages.
It also removes trailing whitespace from several line items, likely
added by mistake, capitalizes the name of the programming language Rust,
and rephrases the description of Hwacha for clarity and conciseness.
https://github.com/stevenaldinger/decker
Decker allows writing declarative "penetration tests as code". It uses the same config language as Terraform and other Hashicorp tools and has a plugin based architecture so the usefulness of the framework will grow as more plugins become available. The [all-the-things](https://github.com/stevenaldinger/decker/blob/master/examples/all-the-things.hcl) example will take a target hostname and run web app scans such as SSL vulnerability and WAF detection as well as general info gathering, ftp, smtp, imap, vnc, mysql, and postgres scans if the relevant ports are found to be open in the nmap scan.
Docker images are also provided and the `stevenaldinger/decker:kali` image is recommended since it has a lot of tools preinstalled.
Hwacha is a post-exploitation (credentials or keys obtained) tool that uses SSH to execute payloads or collect artifacts from one or multiple hosts at a time.
This commit fixes numerous CI build issues related to stale or broken
links. These include:
* Removal of Zoom username enumeration tool, covered by WPScan anyway.
* Removal of old Google dork database that is unmaintained/has vanished.
* Removal of `OSVDB.org` zone, which no longer resolves via DNS.
* Fix link to NoSQLmap tool (domain expired, use GitHub.com link now).
* Update link to Social Engineering in IT book from legacy URL.
* Update link to OWASP's AppSecUSA conference; now uses second-level domain.
Further, this commit simplifies the `.travis.yml` file in order to use a
plainer (more standard) certificates bundle. Two URLs have been added to
the whitelist: `www.shodan.io`, which returns a 403 Forbidden error when
accessed by Awesome Bot, and `www.mhprofessional.com`, which generates
an SSLv3 certificate validation error.
Prior to this commit, a custom SSL certificate bundle was generated and
then placed in the `/tmp` directory for use, but this is no longer
required as the latest `ca-certificates` bundle shipped with Ubuntu
contains the root certificates needed for the domains that once required
this custom bundle to be used.
This tool can connect to a domain over HTTP or SMTP, or search Certificate
Transparency (CT) logs in order to create a directed graph that
visualizes a domain's certificate's certificate alternative names. These
are other domain names that the certificate can be used to authenticate,
even if those domain names are not in public DNS records. Can be used as
an OSINT investigative tool as a task in the reconnaisance phase of a
pentesting engagement in order to easily discover additional targets.
This commit removes items from the Pentesting Report Template section
that are either not templates or have been removed from the source.
Further, line items are updated to use meaningful descriptions and to
follow the Awesome List style guides (capitalization and punctuation).
* SocialFish, a social media phishing framework.
* ShellPhish, a social media site cloner built on SocialFish.
* dos-over-tor, a torifid DoS and stress test tool.
* oregano, a MITM proxy that accepts direct Tor client requests.
Iodine is a DNS tunnel and useful for data exfiltration.
The Network Tools section became very long, so I chunked it up with
subcategories that pertain to the sort of tool. ("Network Tools" is
itself somewhat vague, and multi-paradigm/multi-function tools were
retained in the root of the category.)
Finally, "Defense Evasion Tools" was renamed to "Anti-virus Evasion
Tools" because every utility listed there was actually an AV or
host-based defense evasion tool, which is distinct from the network
evasion tools (exfiltration utilities) already listed in the "Network
Tools" section, above. I believe this clarity will help a reader more
quickly find the specific type of "defense evasion" utility they are
actually looking for.
Added 2 tools to web vulnerability scanning category.
Zoom- an advanced wordpress username enumerator with infinite scanning (much more powerful than the user name enumeration module in wpscan)
Sqlmate- a friend of sqlmap that identifies sqli vulnerabilities based on given dork and website (optional)
Remove line 562 "* [Hack3rCon](http://hack3rcon.org/) - Annual US hacker conference." because the link leads to a domain squatting website rather than an actual hacker conference.
[ACSTIS](https://github.com/tijme/angularjs-csti-scanner) helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
Fluxion - Suite of automated social engineering based WPA attacks.
I found this tool to be useful in gaining WPA/WPA2 credentials without needing to crack the handshake. Automates the process of using social engineering to trick users into giving up their WPA passphrases. Also confirms the correct passphrase was harvested by automatically comparing the passphrase to a captured handshake.
I think this tool fits better in the Wireless Network Tools section rather than the Social Engineering section.
This commit focses on the Penetration Testing Resources section and
provides better descriptions for most of the items therein. It also adds
the OSSTMM version 3 pentest methodology manual, which seems fitting as
it is both listed by OWASP and fits nicely with the PTES and PTF items
already listed.
SPARTA is not really its own tool, it's more like a meta-tool. There are
many "network infrastructure penetration testing tools" on this list,
but what does SPARTA actually do that these other tools don't? The
answer is primarily that SPARTA is a GUI wrapper around arbitrary
command lines with some additional logic to identify results from
well-known tools such as `nmap` and trigger actions based on those
results in other tools. Let's make that clear in the item's description.
This commit conforms the Anonymity Tools section to the Awesome List
style guide by adding periods and such, plus adds the WEBKAY project to
help defend against identity and privay leaks from mis-configured Web
browsers. It also phrases the Tor project item description more clearly.
This commit updates numerous tools all previously categorized as "SSL"
tools. It updates their descriptions to more accurately describe current
versions by remarking on TLS capabilities, and it does the same with the
section heading. Further, Web-centric exploitation tools related to
SSL/TLS implementations have been moved to the Web Exploitation section,
where they arguably more properly belong, as SSL/TLS implementations may
include application-layer services beyond simply HTTP and "Web" traffic.
This commit removes the "Basic Penetration Testing Tools" section and
moves numerous items listed therein into more appropriate places, based
on existing categories. For instance, BeEF is moved to the Web
Exploitation section, since it is more accurate to describe it as a Web
exploitation tool than a "Basic" tool. The former category is
descriptive while the latter is clearly nondescript.
A new section, "Multi-paradigm Frameworks," has been added for items
that were listed under the removed "Basic" section but that do not
cleanly fit into an existing category. Namely, these are Metasploit,
ExploitPack, and Faraday, which are exceptions simply because they are
so versatile. (Hence the choice of the new section, "Multi-paradigm.")
Additionally, the well-known Armitage GUI for Metasploit was added.
Moreover, Bella was moved to a new section, "macOS Utilities," which
provides parity with the existing Windows Utilities and GNU/Linux
Utilities section. Bella is a post-exploitation agent similar to
redsnarf, which likewise has been moved out of the "Basic" section and
into its more appropriate Windows Utilities section.
Other minor touch ups to various item descriptions were also made.
* Add CVE List to Vulnerability Databases section, since it was missing.
* Style guide compliance pass focused on Vulnerability Databases section.
* Whitelist the Inj3ct0r URLs.
The `0day.today` website sits behind an extremely aggressive Cloudflare
anti-bot checker, which causes `awesome-bot` to trigger an HTTP 503
response. This fails the build but is actually normal behavior.
Similarly, the Onion service is inaccessible except over Tor and our
Travis CI configuration does not (yet?) support checking Onion service
links. (Although, perhaps it should be updated to do so in a future PR.)