Commit Graph

432 Commits

Author SHA1 Message Date
Fabian Martinez Portantier
98b783417f Update README.md
Added Habu - Python Network Hacking Toolkit
2019-03-13 18:40:18 -04:00
Samar Dhwoj Acharya
a67537ee04
Merge pull request #278 from Gymmasssorla/patch-2
Offer the "Anevicon" DDoS tool
2019-03-13 10:54:30 -05:00
Samar Dhwoj Acharya
7feb98e35b
Merge pull request #285 from meitar/uefitool
Add UEFITool, a UEFI firmware image viewer, extractor, and editor.
2019-03-13 09:39:46 -05:00
Samar Dhwoj Acharya
8fcdce285b
Merge pull request #286 from meitar/ghidra
Add Ghidra; NSA's SRE tool suite officially released as free software.
2019-03-13 09:39:25 -05:00
Meitar M
88d5f3986b
Add Ghidra; NSA's SRE tool suite officially released as free software. 2019-03-11 13:50:30 -04:00
Meitar M
a017aeef88
Add UEFITool, a UEFI firmware image viewer, extractor, and editor. 2019-03-07 17:20:14 -05:00
Meitar M
e491345460
Address numerous Awesome linter errors for sindresorhus/awesome#1366 PR.
This commit removes the bolding from the Netsparker referral link
because it lints as a heading. (The referral URL itself was not
deleted.) It also adds the word `culture` at the end of the 2600 list
item so that line item won't end in a quotation mark, but a period (as
the pedantic linter requires). This commit also fixes the headline level
for the License section and uses the new Awesome badge SVG sources.
2019-03-04 14:57:58 -05:00
Samar Dhwoj Acharya
df5a353b39
Merge pull request #283 from meitar/resource-reorg
General re-organization of some Tools sections, adds several tools.
2019-03-03 18:04:56 -06:00
Meitar M
fadcb9fc27
General re-organization of some Tools sections, adds several tools.
This commit makes a substantial change by moving two sections that were
previously in "Tools" into the "Online Resources" category instead.
Specifically, the "Penetration Testing Report Templates" and "Code
examples for Penetration Testing" sections, each of which contained
references to documents rather than immediately-usable software, were
moved out of the "Tools" category. This was done because there is now a
clear distinction between "places to go to get more information about a
topic" (a resource) and "software to download that is immediately usable
in a pentest" (a tool).

Additionally, this commit adds a new section of Tools for pentests
tentatively called "Collaboration Tools" and adds RedELK, a Red Team's
SIEM, to that section. RedELK is an example of a multiple teamserver
analysis framework intended for use during long-term engagements for
keeping tabs on Blue Team activities, so it is not exactly like any
other tool in this list.

Finally, another tool (Cloakify) was added to the data exfiltration
section.
2019-03-02 03:17:39 -05:00
Meitar M
e276175b87
Add LinEnum, a privesc and enumeration shell script for GNU/Linux. 2019-02-26 01:19:42 -05:00
Samar Dhwoj Acharya
971bfb2b61
Merge pull request #281 from meitar/fix-build
Fix Awesome-Bot build errors: ComputerSecurityStudent.com is gone.
2019-02-19 22:57:06 -06:00
Meitar M
8f0d4c7ba5
Fix Awesome-Bot build errors: ComputerSecurityStudent.com is gone.
This commit also adds GhostProject.fr to the whitelist, as they use
CloudFlare's JavaScript DDoS detection and return an HTTP 503 error.

This commit also removes `zoomeye.org` from the whitelist,
because they seem to be returning HTTP 200 OK responses reliably now.
2019-02-19 22:32:55 -05:00
Samar Dhwoj Acharya
950dba9668
Merge pull request #280 from meitar/checksec.sh
Add checksec.sh, script to test what Linux security features are used.
2019-02-19 19:50:31 -06:00
Meitar M
3ee5e65e58
Add checksec.sh, script to test what Linux security features are used. 2019-02-19 18:04:31 -05:00
Meitar M
07eb123b4e
Add pwndbg, a GDB plugin with features easing exploit development. 2019-02-19 17:59:46 -05:00
Temirkhan Myrzamadi
1c55162683
Offer the "Anevicon" DDoS tool 2019-02-18 19:04:48 +06:00
Samar Dhwoj Acharya
72c1c6d2ad
Merge pull request #276 from oorryy/master
Added two entries new entries - awesome-serverless-security list, and Lambda-Proxy
2019-02-18 00:59:59 -06:00
Samar Dhwoj Acharya
20bb5ab8b5
Update README.md 2019-02-18 00:59:47 -06:00
Samar Dhwoj Acharya
668da95d26
preserve existing toc 2019-02-18 00:57:26 -06:00
Meitar M
9abf8ffb58
Add GhostProject, searchable index of billions of cleartext passwords. 2019-02-15 23:08:36 -05:00
Ory Segal
3efd3ba124 Added two entries: 1) awesome-serverless-security list. 2) Lambda-Proxy, a simple utility to bridge between SQLMap and AWS Lambda in order to natively test serverless functions for SQL Injection 2019-02-04 21:47:53 +02:00
Pedro Tavares
2375c8573b Update README.md (#275)
* Update README.md

* Update README.md
2019-01-31 00:27:01 -06:00
Samar Dhwoj Acharya
ddc41beee9
Merge pull request #274 from meitar/adape
Add ADAPE.
2019-01-26 08:58:39 -06:00
Meitar M
300fa8ab46
Add ADAPE. 2019-01-23 13:43:29 -05:00
Meitar M
88053dc50a
This commit addresses numerous issues for sindresorhus/awesome#1366.
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`

Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
2019-01-22 19:24:27 -05:00
Meitar M
42bb166b14
Add s7scan, a Siemens S7 PLC network scanner.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
2019-01-09 12:58:19 -05:00
Samar Dhwoj Acharya
be5e56f83d
update formatting 2019-01-08 10:24:58 -06:00
Jim Was Here [a.k.a R3dxpl0it]
d31354e752 Update README.md (#268)
Added an Industrial PT tool
2019-01-08 10:24:28 -06:00
Samar Dhwoj Acharya
f8c952d1fe
Merge pull request #269 from stevenaldinger/patch-1
Add Decker orchestration framework to multi-paradigm frameworks
2019-01-06 23:04:20 -06:00
Meitar M
399088c696
Add shellpop, remove trailing whitespace, fix minor grammar errors.
This commit adds a new utility, `shellpop`, which is a Python script
that is used to generate sophisticated shellcode in numerous languages.

It also removes trailing whitespace from several line items, likely
added by mistake, capitalizes the name of the programming language Rust,
and rephrases the description of Hwacha for clarity and conciseness.
2019-01-06 17:02:58 -05:00
Steven Aldinger
f1ca50ed8e
Add Decker orchestration framework to multi-paradigm frameworks
https://github.com/stevenaldinger/decker
Decker allows writing declarative "penetration tests as code". It uses the same config language as Terraform and other Hashicorp tools and has a plugin based architecture so the usefulness of the framework will grow as more plugins become available. The [all-the-things](https://github.com/stevenaldinger/decker/blob/master/examples/all-the-things.hcl) example will take a target hostname and run web app scans such as SSL vulnerability and WAF detection as well as general info gathering, ftp, smtp, imap, vnc, mysql, and postgres scans if the relevant ports are found to be open in the nmap scan.
Docker images are also provided and the `stevenaldinger/decker:kali` image is recommended since it has a lot of tools preinstalled.
2019-01-06 06:35:40 -05:00
kpcyrd
4fff8ec26c
Add sn0int 2018-12-29 16:03:22 +01:00
Samar Dhwoj Acharya
41185c8740
remove unsupported fedora sec lab distro 2018-12-23 20:16:43 -06:00
dreddsa5dies
354b317c13 add code examples 2018-12-17 11:46:53 +03:00
Samar Dhwoj Acharya
5f7d5482d1
Merge pull request #264 from kpcyrd/patch-1
Add badtouch, sniffglue, rshijack and boxxy
2018-11-24 12:58:32 -06:00
kpcyrd
9437337b63 Add badtouch, sniffglue, rshijack and boxxy 2018-11-23 09:03:29 +01:00
n00py
6aa80c89ae
Adding Hwacha to GNU/Linux utilities
Hwacha is a post-exploitation (credentials or keys obtained) tool that uses SSH to execute payloads or collect artifacts from one or multiple hosts at a time.
2018-11-18 20:24:36 +09:00
Samar Dhwoj Acharya
410f64c957
Merge pull request #262 from meitar/periods
Style guide conformance fixes, mostly adding periods to end of lines.
2018-11-10 17:27:07 -06:00
Samar Dhwoj Acharya
3bfdb24a10
Merge pull request #261 from meitar/dwf
Add Distributed Weakness Filing, a researcher-run distributed CNA.
2018-11-10 17:26:38 -06:00
Beyar
ab16921114
Update README.md
Changed the link to their open-source project instead.
2018-11-10 21:55:35 +01:00
Meitar M
55323c516b
Style guide conformance fixes, mostly adding periods to end of lines. 2018-11-09 14:10:49 -05:00
Meitar M
b91c0fdd0c
Add Distributed Weakness Filing, a researcher-run distributed CNA. 2018-11-05 13:02:19 -05:00
Samar Dhwoj Acharya
500664df21
Merge branch 'master' into hak5-tools 2018-11-03 15:09:21 -05:00
Samar Dhwoj Acharya
a327e76a2d
Merge pull request #259 from meitar/ci-fixes
Fix Travis CI build errors, largely due to stale links.
2018-11-03 15:07:27 -05:00
Samar Dhwoj Acharya
2165117198
Merge pull request #258 from meitar/at-commands
Add "AT Commands" Python scripts for exploiting Android devices.
2018-11-03 15:07:07 -05:00
Samar Dhwoj Acharya
93ec5e7b67
Merge pull request #254 from HrushikeshK/master
Add OS in Penetration Testing Distributions
2018-11-03 15:06:44 -05:00
Samar Dhwoj Acharya
a562c85830
Merge pull request #257 from meitar/certgraph
Add CertGraph, crawl TLS certs for certificate alternative names.
2018-11-03 15:04:47 -05:00
Meitar M
d2d1e2d9ff
Add Bash Bunny and Packet Squirrel from Hak5. Closes #203. 2018-11-02 10:49:33 -04:00
Meitar M
3297075b7e
Fix Travis CI build errors, largely due to stale links.
This commit fixes numerous CI build issues related to stale or broken
links. These include:

* Removal of Zoom username enumeration tool, covered by WPScan anyway.
* Removal of old Google dork database that is unmaintained/has vanished.
* Removal of `OSVDB.org` zone, which no longer resolves via DNS.
* Fix link to NoSQLmap tool (domain expired, use GitHub.com link now).
* Update link to Social Engineering in IT book from legacy URL.
* Update link to OWASP's AppSecUSA conference; now uses second-level domain.

Further, this commit simplifies the `.travis.yml` file in order to use a
plainer (more standard) certificates bundle. Two URLs have been added to
the whitelist: `www.shodan.io`, which returns a 403 Forbidden error when
accessed by Awesome Bot, and `www.mhprofessional.com`, which generates
an SSLv3 certificate validation error.

Prior to this commit, a custom SSL certificate bundle was generated and
then placed in the `/tmp` directory for use, but this is no longer
required as the latest `ca-certificates` bundle shipped with Ubuntu
contains the root certificates needed for the domains that once required
this custom bundle to be used.
2018-11-01 14:48:34 -04:00
Meitar M
dcfc07e36b
Add "AT Commands" Python scripts for exploiting Android devices. 2018-11-01 14:22:08 -04:00