Awesome-Mirrors/awesome-pentest
1
0
Fork 0
mirror of https://github.com/enaqx/awesome-pentest.git synced 2024-12-23 14:19:23 -05:00
Code Issues Packages Projects Releases Wiki Activity
570 Commits 1 Branch 0 Tags 7.8 MiB
950dba9668
Commit Graph

419 Commits

Author SHA1 Message Date
Meitar M
306458f22e
Add EvilOSX, a macOS RAT with several out-of-the-box exfil tools. 2018-08-08 15:47:16 -04:00
Samar Dhwoj Acharya
c9c1df653f
Merge pull request #245 from meitar/scomdecrypt 
Add SCOMDecrypt, a tool to retrieve and decrypt stored RunAs creds.
 2018-08-05 17:47:39 -05:00
Meitar M
07e6025a12
Add SCOMDecrypt, a tool to retrieve and decrypt stored RunAs creds. 2018-08-05 17:25:42 -04:00
Meitar M
e3c19c6d98
Add StegCracker, tool that brute forces steganographic data in files. 2018-08-05 17:10:22 -04:00
Florian Heuer
c88b19587d
Added Btfm book 2018-08-01 16:59:22 +02:00
Samar Dhwoj Acharya
16ccc45735
Merge pull request #240 from abhishekbundela/master 
Added pentestbox.
 2018-07-31 19:48:37 -05:00
Samar Dhwoj Acharya
33dcacdde4
Update README.md 2018-07-31 19:48:15 -05:00
Samar Dhwoj Acharya
c77337ef0e
Merge pull request #241 from meitar/ruler 
Add Ruler, a tool to abuse client-side Outlook features to pwn Exchange.
 2018-07-31 19:46:06 -05:00
Meitar M
081241efc6
Fix link for Bella, a post-exploitation agent for MacOS. 2018-07-31 17:17:00 -04:00
Meitar M
f0cba27bf0
Add Ruler, a tool to abuse client-side Outlook features to pwn Exchange. 2018-07-31 16:57:03 -04:00
Abhishek bundela
c14d026566
Added pentestbox. 2018-07-31 18:05:47 +05:30
Samar Dhwoj Acharya
e922b9da06
Merge pull request #239 from sundaysec/patch-2 
Added MITMF
 2018-07-30 12:51:31 -05:00
Samar Dhwoj Acharya
ecab02ad15
Merge pull request #238 from evyatarmeged/patch-1 
Add Raccoon under Web Exploitation category
 2018-07-30 12:50:45 -05:00
Samar Dhwoj Acharya
7ae9d0ed32
Merge pull request #235 from meitar/blueteam 
New awesome list: "Cybersecurity Blue Team"
 2018-07-30 12:50:09 -05:00
PHILEMON SUNDAY JOEL
2a8c4a9a46
Added MITMF 
A Framework for Man-In-The-Middle attacks
 2018-07-27 16:00:23 +03:00
Evyatar Meged
121e9f8872
Add Raccoon under Web Exploitation category 
I've added my new tool, Raccoon, to the Web Exploitation tools list
https://github.com/evyatarmeged/Raccoon
 2018-07-25 21:22:55 +03:00
Samar Dhwoj Acharya
ccc3b5182d
Merge pull request #237 from meitar/foca 
Add FOCA, an OSINT tool that uses three search engines.
 2018-07-25 12:13:10 -05:00
Meitar M
60c06a2195
Add FOCA, an OSINT tool that uses three search engines. 2018-07-25 11:17:26 -04:00
Mahdi Makhdumi
a3e481f9a3
Update README.md 2018-07-25 13:42:50 +04:30
Mahdi Makhdumi
bb023efb72
Update README.md 2018-07-25 03:31:34 +04:30
Meitar M
71017d5b2a
New awesome list: "Cybersecurity Blue Team" 
This is a companion/sister list to awesome-pentest intended to provide
the same level of quality resources for defenders rather than attackers.
 2018-07-24 16:29:17 -04:00
Samar Dhwoj Acharya
d295832e00
Merge pull request #219 from meitar/cnnvd 
Add CNNVD to Vulnerability Databases section.
 2018-07-24 14:48:59 -05:00
Samar Dhwoj Acharya
8bb617b7d7
Merge pull request #232 from C-Sto/patch-1 
Add recursebuster
 2018-07-24 14:44:16 -05:00
Samar Dhwoj Acharya
9a2fb6b9c7
Merge pull request #234 from sundaysec/patch-1 
Added awesome tools
 2018-07-24 14:42:29 -05:00
PHILEMON SUNDAY JOEL
eb69db65bf
Added awesome tools 2018-07-24 22:01:13 +03:00
Meitar M
9040ae7742
Add numerous tools: 
* ScanCannon - `masscan` and `nmap` multiplexer.
* RID_ENUM - null session cycling attack for Windows user enumeration.
* MailSniper - recon toolkit for MS Exchange (OWA/EWS) environments.
* FiercePhish - full-fledged phishing campaign management platform.
* Hunter.io - data broker providing internal company emails.
 2018-07-23 15:44:49 -04:00
C_Sto
c7d8034e58
Add recursebuster 
https://github.com/c-sto/recursebuster

Content discovery/recursive web directory bruteforcer
 2018-07-15 14:50:40 +08:00
Florian Heuer
ceb54f3b7d
Update README.md 
Added VaaS SambaCry in Docker for Penetration Testing
 2018-05-18 15:50:26 +02:00
Meitar M
12b9636a43
Add PacketTotal near Virus Total, a similar service for PCAP analysis. 2018-05-12 12:22:49 -04:00
Meitar M
fc8b826142
Add THC Hydra, a famous online network protocol password cracker. 2018-05-04 22:52:53 -04:00
Samar Dhwoj Acharya
25eac5cd9b
Merge pull request #222 from alichtman/master 
Removed Duplicate Kali Linux Docker Link
 2018-04-30 09:13:50 -05:00
Meitar M
062e214ebf
Sub-categorize "Network Tools" section, clarify "Defense," add Iodine. 
Iodine is a DNS tunnel and useful for data exfiltration.

The Network Tools section became very long, so I chunked it up with
subcategories that pertain to the sort of tool. ("Network Tools" is
itself somewhat vague, and multi-paradigm/multi-function tools were
retained in the root of the category.)

Finally, "Defense Evasion Tools" was renamed to "Anti-virus Evasion
Tools" because every utility listed there was actually an AV or
host-based defense evasion tool, which is distinct from the network
evasion tools (exfiltration utilities) already listed in the "Network
Tools" section, above. I believe this clarity will help a reader more
quickly find the specific type of "defense evasion" utility they are
actually looking for.
 2018-04-14 15:27:31 -04:00
Meitar M
ee32aff5c3 Add Shellter dynamic shellcode injection tool (anti-virus evasion tool). (#226) 2018-04-12 17:55:18 -05:00
Meitar M
0929ede5d4 Add PCILeech, a Direct Memory Access attack tool. (#225) 2018-04-04 13:58:10 -05:00
Jeff Foley
46dacfca0a Amass being added to the OSINT category (#224) 
* added Amass to the OSINT section of the list

* updated the Amass entry within the OSINT category #223
 2018-04-03 22:15:30 -05:00
alichtman
137e8649a0
removed duplicate Kali Linux docker command + link 2018-03-30 02:27:02 -05:00
Emily Ann
9eb26c04ff
Updated 
Added 2 tools to web vulnerability scanning category. 
Zoom- an advanced wordpress username enumerator with infinite scanning (much more powerful than the user name enumeration module in wpscan)
Sqlmate- a friend of sqlmap that identifies sqli vulnerabilities based on given dork and website (optional)
 2018-03-24 12:36:03 -07:00
Meitar M
ddfc8ae7fb
Add Memcrashed DRDoS (Distributed Reflection Denial of Service) attack tool. 2018-03-22 14:20:34 -04:00
Meitar M
dd8ef7a41c
Add CNNVD to Vulnerability Databases section. 2018-03-15 14:43:55 -04:00
Meitar M
3f44886460
Add AutoSploit, automated mass exploit tool. 2018-02-07 12:33:08 -05:00
Samar Dhwoj Acharya
6d5730f286
Update README.md 2018-01-19 17:26:53 -06:00
Nhoya
c3b318062a
Added gOSINT 2018-01-17 20:58:14 +01:00
Samar Dhwoj Acharya
69050dae22
Merge pull request #211 from eric-therond/master 
Add Progpilot
 2018-01-10 22:17:30 -06:00
Samar Dhwoj Acharya
8d2c7a381a
Update README.md 2018-01-10 22:17:13 -06:00
Samar Dhwoj Acharya
ddde98e77f
Merge pull request #214 from meitar/crackpkcs12 
Add crackpkcs12, a fast and multithreaded program to crack p12 (TLS) certs.
 2018-01-10 22:16:44 -06:00
Samar Dhwoj Acharya
8b6377be1c
Merge pull request #212 from meitar/dnstwist 
Add dnstwist.
 2018-01-10 22:16:20 -06:00
Meitar M
06aea06df5
Add crackpkcs12, a fast and multithreaded program to crack p12 (TLS) certs. 2018-01-10 20:51:06 -05:00
Meitar M
66cf701dd0
Add Hex Fiend. 2018-01-10 20:46:34 -05:00
Meitar M
e358a12bc8
Add dnstwist. 
This commit also conforms several other Network Tools line items to the
Awesome List style guide (remove the introductory "A" preposition).
 2018-01-08 12:52:27 -05:00
forgesecurity
43b703abc3 Add Progpilot 2017-12-16 14:54:29 +01:00
Seth
728f8bed4a
Remove Dead Link From List- "Hack3rcon" 
Remove line 562 "* [Hack3rCon](http://hack3rcon.org/) - Annual US hacker conference." because the link leads to a domain squatting website rather than an actual hacker conference.
 2017-12-14 19:45:41 -05:00
Nick Raienko
d924f889f4 Various updates 2017-12-11 08:28:19 +02:00
Samar Dhwoj Acharya
3b0d0cba72
fix formatting 2017-11-28 10:57:00 -06:00
Asaf Hecht
a1a1644ed4
Adding ACLight tool 
Adding ACLight tool - A script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins
 2017-11-28 15:31:11 +02:00
Samar Dhwoj Acharya
6e9599f57c
Merge pull request #199 from DzasterAbz/patch-3 
Added Beelogger
 2017-11-19 22:40:44 -06:00
techgaun
f30958f5b2
fix wappalyzer link 2017-11-19 22:33:45 -06:00
techgaun
5ff68d4970
add various tools suggested on #204 and fix link for sobelow 
closes #204
 2017-11-19 22:31:45 -06:00
Meitar M
02becfc3a1
Add MITRE's ATT&CK, a superbly organized wiki of attack techniques. 2017-11-01 00:11:37 -04:00
Meitar M
4a3bf603c4
Add WiGLE.net, a huge OSINT database about wireless and Wi-Fi networks. 2017-10-31 00:20:22 -04:00
Jonathan Cran
a19f14ac88
Add intrigue to OSINT tools 2017-10-28 20:06:23 -07:00
Sai Abhiram
d9d72f8da1 Added Beelogger 2017-10-26 07:23:44 -04:00
Tijme Gommers
70057403e4 Added ACSTIS to Web Scanners 
[ACSTIS](https://github.com/tijme/angularjs-csti-scanner) helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
 2017-10-25 16:54:52 +02:00
Michael
ba7909d764 Added NoSQL Map and VHostScan 2017-10-24 16:44:28 +10:00
Ryan Shipp
0ba0f8fc4f Add awesome-yara to related lists 2017-10-17 15:16:51 -05:00
Meitar M
3b590db063
Add FireEye's new rVMI dynamic malware analysis tool. 2017-09-19 04:31:36 -04:00
Meitar M
c1030eeb07
Descriptions should have periods at the end for style guide compliance. 2017-09-19 04:31:13 -04:00
phocean
30a4d54e65 Update README.md 2017-09-15 09:45:32 +02:00
Rick Daalhuizen
1897b67ef9 Added New Hash Cracking Tools 
jwt-cracker: https://github.com/lmammino/jwt-cracker
rar-crack: https://github.com/ziman/rarcrack
bruteforce-wallet: https://github.com/glv2/bruteforce-wallet
 2017-09-08 16:02:55 +02:00
Nick Raienko
d118a65d32 Put back netsparker header 2017-09-07 15:03:46 +03:00
Samar Dhwoj Acharya
c4d1da3874 Update README.md 2017-09-01 12:49:36 -05:00
sheimo
4943d9908c Update README.md 
Added a Penetration Testing Report section with links to them respectively.
 2017-08-31 16:58:30 -05:00
Devin Calado
0e03ccb91b Added Fluxion to Wireless Network Tools 
Fluxion - Suite of automated social engineering based WPA attacks.  

I found this tool to be useful in gaining WPA/WPA2 credentials without needing to crack the handshake.  Automates the process of using social engineering to trick users into giving up their WPA passphrases.  Also confirms the correct passphrase was harvested by automatically comparing the passphrase to a captured handshake. 

I think this tool fits better in the Wireless Network Tools section rather than the Social Engineering section.
 2017-08-30 15:44:32 -07:00
Samar Dhwoj Acharya
bb4c3c8c28 Merge pull request #183 from meitar/onionscan 
Add OnionScan; tool for finding opsec/netsec issues in Onions.
 2017-08-22 21:03:49 -05:00
Meitar M
6adbd8cb80
Add Proxmark hardware/software toolkit for RFID/NFC pentests. 2017-08-22 19:25:11 -04:00
Meitar M
fb5274e1f7
Add OnionScan; tool for finding opsec/netsec issues in Onions. 2017-08-22 18:15:15 -04:00
Meitar M
b352f07525
Add UniByAv, fix typo in Hyperion runtime encryptor. 2017-08-17 16:14:40 -04:00
Samar Dhwoj Acharya
407722478a Update README.md 2017-08-17 10:41:51 -05:00
Samar Dhwoj Acharya
c655eb7a21 Merge pull request #179 from meitar/av-evasion 
Add new section "Defense Evasion Tools" with a bunch of relevant tools.
 2017-08-17 10:39:49 -05:00
Samar Dhwoj Acharya
e4566021fd Merge pull request #180 from meitar/tools-not-resources 
Fixes for miscategorized items.
 2017-08-17 10:38:34 -05:00
Meitar M
7909070e79
Better description for Windows Credentials Editor. 2017-08-17 09:23:33 -04:00
Meitar M
ef65ac1e97
Add Capstone, a multi-platform disassembler. 2017-08-17 09:22:09 -04:00
Meitar M
0b2d9f8cd8
Move Voltron to Tools subsection. 
Also remove shellsploit, which now links to an empty repository.
 2017-08-17 09:21:00 -04:00
Meitar M
7c2a99c219
Add new section "Defense Evasion Tools" with a bunch of relevant tools. 2017-08-17 09:16:31 -04:00
Samar Dhwoj Acharya
e01e2b27ac Merge pull request #177 from meitar/compliance 
Move "Awesome OSINT" item into the Awesome Lists section, add a period.
 2017-08-10 19:42:01 -05:00
Meitar M
286d0c7c42
Add BetterCAP (and its older cousin, Ettercap) to Network Tools. 2017-08-10 17:56:44 -04:00
Meitar M
7c1f8448ff
Move "Awesome OSINT" item into the Awesome Lists section, add a period. 2017-08-10 17:52:30 -04:00
Patrik Hudak
d837a509a9 Add Awesome OSINT reference and some books 2017-08-10 10:30:03 +02:00
techgaun
4d77c90cab
remove missing lock picking document 2017-08-07 19:38:24 -05:00
Meitar M
93d8cd0622
Expand acronyms, improve descriptions, add OSSTMM item. 
This commit focses on the Penetration Testing Resources section and
provides better descriptions for most of the items therein. It also adds
the OSSTMM version 3 pentest methodology manual, which seems fitting as
it is both listed by OWASP and fits nicely with the PTES and PTF items
already listed.
 2017-08-07 17:44:04 -04:00
Samar Dhwoj Acharya
ee2e2be848 Merge pull request #172 from meitar/toc 
Fix broken intra-page link in the table of contents.
 2017-07-28 16:04:57 -05:00
Meitar M
919c1e6113
Add ChipWhisperer, a side-channel attack toolchain, in new section. 2017-07-28 04:02:41 -04:00
Meitar M
20c7af2267
Move license to the bottom, replace the PNG with an SVG. 2017-07-23 03:31:20 -04:00
Meitar M
c9053f6682
Fix broken intra-page link in the table of contents. 2017-07-21 04:04:29 -04:00
Meitar M
34587c6dac
Provide a useful description for SPARTA. 
SPARTA is not really its own tool, it's more like a meta-tool. There are
many "network infrastructure penetration testing tools" on this list,
but what does SPARTA actually do that these other tools don't? The
answer is primarily that SPARTA is a GUI wrapper around arbitrary
command lines with some additional logic to identify results from
well-known tools such as `nmap` and trigger actions based on those
results in other tools. Let's make that clear in the item's description.
 2017-07-19 15:58:18 -04:00
filinpavel
16f3406a0f Update README.md 
added pyrebox to RE Tools section
 2017-07-18 13:56:58 +07:00
Meitar M
222a05baff
Add AttifyOS, a distro focused on pentesting IoT devices. 2017-07-17 04:44:03 -04:00
Meitar M
7e08965e7d
Add TrustedSec's "Magic Unicorn," a payload generator for Windows. 2017-07-16 04:06:18 -04:00
Samar Dhwoj Acharya
0f33e6394d Merge pull request #163 from meitar/hpi-vdb 
Add HPI-VDB, which has a cross-referenced CVE search engine and API.
 2017-07-15 18:23:12 -05:00
Meitar M
cb21655e64
The name of the Medusa disassembler is just "Medusa." 2017-07-14 17:00:31 -04:00
jose nazario
195e2ed79e spelling fixes 2017-07-14 10:13:37 -04:00