Commit Graph

618 Commits

Author SHA1 Message Date
0xACAB
8f4e5dabba
Merge pull request #363 from meitar/fridax
Rephrase Fridax, alphabetize.
2020-04-06 17:08:11 -04:00
0xACAB
f64f87ac08
Merge pull request #362 from meitar/ghsa
Add GitHub Security Advisories database.
2020-04-06 17:07:47 -04:00
Meitar M
129823c510
Rephrase Fridax, alphabetize. 2020-04-06 17:04:31 -04:00
Meitar M
987a0e6d9a
Add GitHub Security Advisories database. 2020-04-06 16:57:45 -04:00
Tijme Gommers
6c5abf2344
Add Fridax to the Reverse Engineering Tools.
https://github.com/NorthwaveNL/fridax
2020-04-06 12:59:01 +02:00
0xACAB
64e7782611
Merge pull request #359 from meitar/gocrack
Add GoCrack, Web frontend for distributed hashcat cracking jobs.
2020-04-05 14:50:31 -04:00
0xACAB
40d117028c
Add GoCrack, Web frontend for distributed hashcat cracking jobs. 2020-04-04 11:53:31 -04:00
Meitar M
772a0ed63c
Add Tavis Ormandy's Windows ctftool exploration/exploit tool. 2020-03-24 22:24:31 -04:00
Meitar M
9a79d68079
Remove deprected Evilginx, leave only its successor, Evilginx2. 2020-03-18 21:31:13 -04:00
Samar Dhwoj Acharya
3886a7ba2c
Merge pull request #355 from meitar/ncrack
Add Ncrack, an `nmap`-like authentication cracking tool.
2020-03-17 20:31:47 -05:00
Meitar M
b89cf272ca
Closes #288: Props to @lMaxTl.
This is a new commit in the interests in speed and brevity; the original
PR contained numerous extranneous commits. I asked the original
submitter to clean it a little bit, but they never responded, and now
their commit history requires quite a bit of conflict resolution before
it will merge cleanly. I'm taking the initiative to re-do their work in
a single, new commit just to have it done.
2020-03-16 19:40:06 -04:00
Meitar M
ba368240e5
Add Ncrack, an nmap-like authentication cracking tool. 2020-03-16 19:27:59 -04:00
Meitar M
f1d061e61d
OWASP ZAP has a new homepage; update its URL on this list. 2020-03-15 18:36:47 -04:00
Meitar M
9e17d5bff1
Remove DWF; the project ended due to lack of community involvement. 2020-03-13 20:20:19 -04:00
Meitar M
90b5156caa
Add PSKracker, a fast WPA/WPA2/WPS cracking tool for pentesters. 2020-03-13 20:14:42 -04:00
Meitar M
312d7019d7
Add Snyk's vuln DB. 2020-02-27 13:50:03 -05:00
Meitar M
60ff773d44
Closes #345: Use original repository for RsaCtfTool. 2020-02-26 15:58:10 -05:00
Meitar M
92a965fd4c
Add Postenum, a simple privesc suggester for GNU/Linux. 2020-02-23 19:10:27 -05:00
Meitar M
d90ab4440d
Add SGX-Step, a framework for attacking secure enclaves via side channels. 2020-02-20 03:07:37 -05:00
Meitar M
f7178b07d3
Add Thunderclap, an open source DMA and IOMMU auditing platform. 2020-02-10 14:27:44 -05:00
Meitar M
53bd2a5815
Remove numerous whitelisted URLs since they now redirect safely. 2020-01-26 21:34:44 -05:00
Meitar M
b5a6fba17b
Fix HTTP 404 Not Found errors, remove Intel Techniques tools.
The Intel Techniques online tools collection no longer exists and has
been removed by the author.
2020-01-26 21:13:32 -05:00
Meitar M
0ccb2304fd
Add subbrute, move AQUATONE and OWASP Amass to net recon section.
Both AQUATONE and OWASP Amass are not actually direct network device
discovery tools, but OSINT and DNS-specific mass querying tools. A
domain (or subdomain) is not technicall a network device, and thus I
feel like these tools were mis-categorized by being grouped with actual
network device discovery search engines like Shodan.
2020-01-26 20:56:34 -05:00
Meitar M
b9829cf461
Move Dradis, Lair to Collaboration Tools section. Remove KarmaHostage. 2020-01-16 15:07:16 -05:00
Quinten De Swaef
3890acf0af
Update README.md 2020-01-15 16:03:52 +01:00
Samar Dhwoj Acharya
deda18c6dd
Merge pull request #333 from Dormidera/patch-1
conference: add honeycon.eu
2019-11-26 13:45:32 -06:00
Meitar M
8631ba01b2
Remove old, unmaintained tools shellsploit and Dripcap. 2019-11-26 12:06:42 -05:00
Meitar M
14c03986d8
Add Skiptracer, OSINT scraping framework that avoids data-for-pay needs. 2019-11-26 11:28:33 -05:00
1024Megas
3ea7fac64d
Update README.md 2019-11-25 14:34:06 +01:00
Meitar M
33aa9686ac
Start categorization of OSINT tools list. 2019-11-07 22:45:04 -05:00
Meitar M
4a722fbf64
Add two anonymity and two file format tools. 2019-11-06 13:58:59 -05:00
Meitar M
131b5eef40
Link to conference homepages instead of past year's events. 2019-11-03 23:28:08 -05:00
Meitar M
ff9ab7b5de
Subcategorize "Conferences" section by continent. 2019-11-03 23:18:04 -05:00
Meitar M
a7abf275c4
Fix typo in hacker con name. 2019-11-03 15:48:37 -05:00
Samar Dhwoj Acharya
8de54d12cb
Merge pull request #326 from meitar/hacker-cons
Add two NYC-based hacker cons.
2019-11-03 14:46:29 -06:00
Meitar M
36a30d3738
Add two NYC-based hacker cons. 2019-11-03 15:43:27 -05:00
Meitar M
7533e7dde8 Merge branch 'yar' of https://github.com/aubrel/awesome-pentest into aubrel-yar 2019-11-03 15:37:31 -05:00
aubrel
c04c853ae3
Added Yar, an OSINT tool. 2019-11-03 09:23:40 -05:00
Samar Dhwoj Acharya
e8db1b5ff4
Merge pull request #321 from hangmansROP/patch-1
Add AWS Tool Arsenal
2019-11-03 00:28:13 -05:00
Samar Dhwoj Acharya
7e836fbfe6
Merge pull request #322 from jimender2/jimender2-patch-1-Cyber-Summit
Add National Cyber Summit Conference to the Conference List
2019-11-03 00:27:34 -05:00
Samar Dhwoj Acharya
95cd5cbd9c
Merge pull request #323 from ducksecops/patch-1
Update README.md
2019-11-03 00:26:30 -05:00
Meitar M
c6e1712b67
Update link for dos-over-tor tool. 2019-11-02 22:28:37 -04:00
Meitar M
05a5198fa2
Add SIET, tool for manipulating insecure Cisco Smart Install switches. 2019-11-02 22:20:03 -04:00
ducksecops
9e86c5e764
Update README.md
Co-Authored-By: Samar Dhwoj Acharya <coolsamar207@gmail.com>
2019-10-31 23:53:00 +00:00
ducksecops
7f7a7748c7
Update README.md
Co-Authored-By: Samar Dhwoj Acharya <coolsamar207@gmail.com>
2019-10-31 23:52:43 +00:00
ducksecops
e93ae412de
Update README.md
Added steelcon to list of conference for UK readers and also the excellent collection of sessions recorded by cooper at a range of different security conferences.
2019-10-29 23:06:48 +00:00
Jonathan Meredith
43e2c99ad8
Add National Cyber Summit Conference to the List 2019-10-17 19:34:53 -04:00
hangmansROP
694b0b698d
Add AWS Tool Arsenal
Recommend this list of AWS tools for offensive and defensive teams.
2019-10-17 20:36:30 +01:00
Meitar M
f9a63461b1
Fix URL for CarolinaCon. 2019-10-12 23:21:53 -04:00
Meitar M
4d02410ee6
Add hate_crack, a wrapper for Hashcat to automate cracking methods. 2019-10-12 22:06:28 -04:00
Meitar M
761465cba4
Add pwnagotchi, an "AI" that augments BetterCAP for Wi-Fi cracking. 2019-09-26 12:29:25 -04:00
Samar Dhwoj Acharya
ef6693cb33
Update README.md 2019-09-23 10:05:51 -05:00
SecureThisShit
95811e5046
Add WinPwn, Internal Penetrationtest Script 2019-09-21 21:50:07 +02:00
Meitar M
37235ae8eb
Add dnscat2, a command and control channel over the DNS protocol. 2019-09-21 00:11:24 -04:00
Meitar M
bcd02be15e
Update URL for recon-ng, which has moved to GitHub from BitBucket. 2019-09-12 21:28:20 -04:00
Meitar M
29bb5a5464
Add pivotsuite, a portable, standalone client-server pivot toolkit. 2019-09-12 21:20:48 -04:00
Meitar M
49db1f671c
Add dorkbot, modular CLI tool to find vulnerabilities based on SERPs. 2019-09-04 12:59:59 -04:00
Meitar M
c5208dbb01
Add CarbonCopy code signing spoofer tool used for AV evasion. 2019-08-29 14:56:11 -04:00
Meitar M
1095a01786
Update URL for mitmproxy. 2019-08-10 21:33:12 -04:00
Meitar M
2b22b33b56
Update URLs for No Starch Press (www.nostarch.com -> nostarch.com). 2019-08-07 16:15:16 -04:00
Meitar M
559d7d9001
Add TrevorC2, a masked C2 and data exfil tool using "legitimate" HTTP. 2019-08-07 16:10:33 -04:00
Meitar M
3f96c213e8
Update the URL for Immunity Debugger. 2019-08-05 00:20:53 -04:00
Meitar M
e7f89e9b85
Add new section for Android-based software, and three tools to it. 2019-08-05 00:10:32 -04:00
Meitar M
6a964e150f
Add WhatBreach, script to find database breaches based on email address. 2019-07-30 15:46:29 -04:00
Meitar M
f656127663
Move hping3, pig, and scapy to new, more specific section. 2019-07-26 14:29:24 -04:00
Meitar M
365786a014
Add TraceWrangler, a powerful pcap and pcapng file editor. 2019-07-26 14:26:39 -04:00
Meitar M
fb35ce1de1
Add new section ("Network Packet Replay…") with three tools. 2019-07-26 14:19:22 -04:00
Meitar M
62066aa565
Add Vulmon.com, a vulnerability search engine and database. 2019-07-24 17:27:53 -04:00
Meitar M
980c85e77c
Add sylkie, replace ampersand with full word and. 2019-07-16 14:22:27 -04:00
Meitar M
0943194460
Reword the description of cwe_checker for clarity and style conformance. 2019-07-10 18:55:01 -04:00
Thomas Barabosch
49f8be6734
Added cwe_checker
cwe_checker finds vulnerable patterns in binary executables
2019-07-04 08:47:37 +02:00
Meitar M
a65a9a07d3
Merge pull request #296 from meitar/master
Add celerystalk.
2019-05-07 18:11:27 -04:00
Meitar M
0307260feb
Add celerystalk. 2019-05-07 18:06:45 -04:00
Jake Jarvis
d4875dbe93
Add Shodan search queries list 2019-04-26 09:49:45 -04:00
Meitar M
89b6134ff6
Closes #293: Removes OSINT-SPY. 2019-04-10 12:59:01 -04:00
Meitar M
52a2c73e72
Add "See also" link to another good ICS security list. 2019-04-08 11:34:44 -04:00
Meitar M
2bf587dcad
Add Covenant, fix grammar, move Commando VM to Windows section. 2019-04-03 00:15:44 -04:00
Opentuned
da73b5a93f
Adding Command VM
Saw an article about a new windows VM for red team testing that might be useful...
2019-04-02 09:05:09 +01:00
Meitar M
52db8f18d3
Move oregano to the MITM tools section, alphabetize the Network Tools. 2019-03-29 03:48:11 -04:00
Meitar M
1265b15c53
This commit proposes a massive reorganization of the list categories.
In this commit, the primary change is alphabetizing both the table of
contents as well as the line items for each category. This is done in
order to make it easier for readers to locate their desired information
with their naked eyes. The list is long, and as such should at least
have a consistent scheme for ordering the items within it.
Alphabetization also side-steps the issue of favoritism since the sort
order is lexicographical.

Additionally, this commit changes several headings to more clearly
describe its contents. For example, most of the subheadings under the
"Online Resources" category have been renamed to "Online [Topic]
Resources", where "[Topic]" was the old heading. Similarly, I split the
Docker Container section into two, one for distros and for tools, since
the previous section muddled those two distinct categories of containers
together. (The main list does not do this, so that was anomalous.)

Another major change is the removal of the top-level "Tools" section.
This section had clearly become a catch-all and also prevented us from
being able to use sub-headings to more intelligently categorize the
individual tools without running afoul of the Awesome List guidelines
that restrict us to one level of subheading per category. This continues
the work that was begun in #290 of moving, e.g., the "Network Tools"
section to its own top-level heading.

Further, I have removed several tools that are strictly either forensics
or malware analysis utilities, such as cuckoo sandbox. I feel that this
more accurately aligns this list with its stated purpose: Penetration
Testing. While related, listing forensics of malware analysis tools that
cannot also be used for vulnerability discovery or exploit development
seems like an invitation to suffer from scope creep. Instead of listing
those tools directly, I have therefore added "See also" lines with links
to more appropriate places (often other Awesome lists) for their topic.

Finally, several links were upgraded from their listed HTTP to HTTPS
versions, after I confirmed that those Web servers did indeed respond to
TLS requests. I also removed `www.defcon.org` from the `awesome_bot`'s
white list, since that link works just fine for me as well.
2019-03-28 15:47:23 -04:00
ZJ
19a96f2e22
regroup some of the netowrk tools, based on awesome-lint headers 2019-03-27 13:06:58 -04:00
ZJ
6f072af3ad
awesome-lint: reformat docker-pull links 2019-03-27 12:56:59 -04:00
ZJ
2dbb9edc6e
awesome-lint: fix header levels 2019-03-27 12:37:31 -04:00
Meitar M
c1b2d06543
Re-add ZoomEye.org to whitelist (403'ing again), remove 404'd ExploitPack link. 2019-03-19 00:09:40 -04:00
Meitar M
abfe33a506
Fix spacing issue in Legion, rephrase its description for clarity. 2019-03-18 23:28:51 -04:00
Robin Rainwalker
5984df5db0
Added Legion to Network Vulnerability Scanners
[Legion](https://github.com/GoVanguard/legion) -  Open source semi-automated discovery and reconnaissance network penetration testing framework by @GoVanguard
2019-03-15 12:58:02 -04:00
Fabian Martinez Portantier
98b783417f Update README.md
Added Habu - Python Network Hacking Toolkit
2019-03-13 18:40:18 -04:00
Samar Dhwoj Acharya
a67537ee04
Merge pull request #278 from Gymmasssorla/patch-2
Offer the "Anevicon" DDoS tool
2019-03-13 10:54:30 -05:00
Samar Dhwoj Acharya
7feb98e35b
Merge pull request #285 from meitar/uefitool
Add UEFITool, a UEFI firmware image viewer, extractor, and editor.
2019-03-13 09:39:46 -05:00
Samar Dhwoj Acharya
8fcdce285b
Merge pull request #286 from meitar/ghidra
Add Ghidra; NSA's SRE tool suite officially released as free software.
2019-03-13 09:39:25 -05:00
Meitar M
88d5f3986b
Add Ghidra; NSA's SRE tool suite officially released as free software. 2019-03-11 13:50:30 -04:00
Meitar M
a017aeef88
Add UEFITool, a UEFI firmware image viewer, extractor, and editor. 2019-03-07 17:20:14 -05:00
Meitar M
e491345460
Address numerous Awesome linter errors for sindresorhus/awesome#1366 PR.
This commit removes the bolding from the Netsparker referral link
because it lints as a heading. (The referral URL itself was not
deleted.) It also adds the word `culture` at the end of the 2600 list
item so that line item won't end in a quotation mark, but a period (as
the pedantic linter requires). This commit also fixes the headline level
for the License section and uses the new Awesome badge SVG sources.
2019-03-04 14:57:58 -05:00
Samar Dhwoj Acharya
df5a353b39
Merge pull request #283 from meitar/resource-reorg
General re-organization of some Tools sections, adds several tools.
2019-03-03 18:04:56 -06:00
Meitar M
fadcb9fc27
General re-organization of some Tools sections, adds several tools.
This commit makes a substantial change by moving two sections that were
previously in "Tools" into the "Online Resources" category instead.
Specifically, the "Penetration Testing Report Templates" and "Code
examples for Penetration Testing" sections, each of which contained
references to documents rather than immediately-usable software, were
moved out of the "Tools" category. This was done because there is now a
clear distinction between "places to go to get more information about a
topic" (a resource) and "software to download that is immediately usable
in a pentest" (a tool).

Additionally, this commit adds a new section of Tools for pentests
tentatively called "Collaboration Tools" and adds RedELK, a Red Team's
SIEM, to that section. RedELK is an example of a multiple teamserver
analysis framework intended for use during long-term engagements for
keeping tabs on Blue Team activities, so it is not exactly like any
other tool in this list.

Finally, another tool (Cloakify) was added to the data exfiltration
section.
2019-03-02 03:17:39 -05:00
Meitar M
e276175b87
Add LinEnum, a privesc and enumeration shell script for GNU/Linux. 2019-02-26 01:19:42 -05:00
Samar Dhwoj Acharya
971bfb2b61
Merge pull request #281 from meitar/fix-build
Fix Awesome-Bot build errors: ComputerSecurityStudent.com is gone.
2019-02-19 22:57:06 -06:00
Meitar M
8f0d4c7ba5
Fix Awesome-Bot build errors: ComputerSecurityStudent.com is gone.
This commit also adds GhostProject.fr to the whitelist, as they use
CloudFlare's JavaScript DDoS detection and return an HTTP 503 error.

This commit also removes `zoomeye.org` from the whitelist,
because they seem to be returning HTTP 200 OK responses reliably now.
2019-02-19 22:32:55 -05:00
Samar Dhwoj Acharya
950dba9668
Merge pull request #280 from meitar/checksec.sh
Add checksec.sh, script to test what Linux security features are used.
2019-02-19 19:50:31 -06:00
Meitar M
3ee5e65e58
Add checksec.sh, script to test what Linux security features are used. 2019-02-19 18:04:31 -05:00
Meitar M
07eb123b4e
Add pwndbg, a GDB plugin with features easing exploit development. 2019-02-19 17:59:46 -05:00
Temirkhan Myrzamadi
1c55162683
Offer the "Anevicon" DDoS tool 2019-02-18 19:04:48 +06:00
Samar Dhwoj Acharya
72c1c6d2ad
Merge pull request #276 from oorryy/master
Added two entries new entries - awesome-serverless-security list, and Lambda-Proxy
2019-02-18 00:59:59 -06:00
Samar Dhwoj Acharya
20bb5ab8b5
Update README.md 2019-02-18 00:59:47 -06:00
Samar Dhwoj Acharya
668da95d26
preserve existing toc 2019-02-18 00:57:26 -06:00
Meitar M
9abf8ffb58
Add GhostProject, searchable index of billions of cleartext passwords. 2019-02-15 23:08:36 -05:00
Ory Segal
3efd3ba124 Added two entries: 1) awesome-serverless-security list. 2) Lambda-Proxy, a simple utility to bridge between SQLMap and AWS Lambda in order to natively test serverless functions for SQL Injection 2019-02-04 21:47:53 +02:00
Pedro Tavares
2375c8573b Update README.md (#275)
* Update README.md

* Update README.md
2019-01-31 00:27:01 -06:00
Samar Dhwoj Acharya
ddc41beee9
Merge pull request #274 from meitar/adape
Add ADAPE.
2019-01-26 08:58:39 -06:00
Meitar M
300fa8ab46
Add ADAPE. 2019-01-23 13:43:29 -05:00
Meitar M
88053dc50a
This commit addresses numerous issues for sindresorhus/awesome#1366.
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`

Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
2019-01-22 19:24:27 -05:00
Meitar M
42bb166b14
Add s7scan, a Siemens S7 PLC network scanner.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
2019-01-09 12:58:19 -05:00
Samar Dhwoj Acharya
be5e56f83d
update formatting 2019-01-08 10:24:58 -06:00
Jim Was Here [a.k.a R3dxpl0it]
d31354e752 Update README.md (#268)
Added an Industrial PT tool
2019-01-08 10:24:28 -06:00
Samar Dhwoj Acharya
f8c952d1fe
Merge pull request #269 from stevenaldinger/patch-1
Add Decker orchestration framework to multi-paradigm frameworks
2019-01-06 23:04:20 -06:00
Meitar M
399088c696
Add shellpop, remove trailing whitespace, fix minor grammar errors.
This commit adds a new utility, `shellpop`, which is a Python script
that is used to generate sophisticated shellcode in numerous languages.

It also removes trailing whitespace from several line items, likely
added by mistake, capitalizes the name of the programming language Rust,
and rephrases the description of Hwacha for clarity and conciseness.
2019-01-06 17:02:58 -05:00
Steven Aldinger
f1ca50ed8e
Add Decker orchestration framework to multi-paradigm frameworks
https://github.com/stevenaldinger/decker
Decker allows writing declarative "penetration tests as code". It uses the same config language as Terraform and other Hashicorp tools and has a plugin based architecture so the usefulness of the framework will grow as more plugins become available. The [all-the-things](https://github.com/stevenaldinger/decker/blob/master/examples/all-the-things.hcl) example will take a target hostname and run web app scans such as SSL vulnerability and WAF detection as well as general info gathering, ftp, smtp, imap, vnc, mysql, and postgres scans if the relevant ports are found to be open in the nmap scan.
Docker images are also provided and the `stevenaldinger/decker:kali` image is recommended since it has a lot of tools preinstalled.
2019-01-06 06:35:40 -05:00
kpcyrd
4fff8ec26c
Add sn0int 2018-12-29 16:03:22 +01:00
Samar Dhwoj Acharya
41185c8740
remove unsupported fedora sec lab distro 2018-12-23 20:16:43 -06:00
dreddsa5dies
354b317c13 add code examples 2018-12-17 11:46:53 +03:00
Samar Dhwoj Acharya
5f7d5482d1
Merge pull request #264 from kpcyrd/patch-1
Add badtouch, sniffglue, rshijack and boxxy
2018-11-24 12:58:32 -06:00
kpcyrd
9437337b63 Add badtouch, sniffglue, rshijack and boxxy 2018-11-23 09:03:29 +01:00
n00py
6aa80c89ae
Adding Hwacha to GNU/Linux utilities
Hwacha is a post-exploitation (credentials or keys obtained) tool that uses SSH to execute payloads or collect artifacts from one or multiple hosts at a time.
2018-11-18 20:24:36 +09:00
Samar Dhwoj Acharya
410f64c957
Merge pull request #262 from meitar/periods
Style guide conformance fixes, mostly adding periods to end of lines.
2018-11-10 17:27:07 -06:00
Samar Dhwoj Acharya
3bfdb24a10
Merge pull request #261 from meitar/dwf
Add Distributed Weakness Filing, a researcher-run distributed CNA.
2018-11-10 17:26:38 -06:00
Beyar
ab16921114
Update README.md
Changed the link to their open-source project instead.
2018-11-10 21:55:35 +01:00
Meitar M
55323c516b
Style guide conformance fixes, mostly adding periods to end of lines. 2018-11-09 14:10:49 -05:00
Meitar M
b91c0fdd0c
Add Distributed Weakness Filing, a researcher-run distributed CNA. 2018-11-05 13:02:19 -05:00
Samar Dhwoj Acharya
500664df21
Merge branch 'master' into hak5-tools 2018-11-03 15:09:21 -05:00
Samar Dhwoj Acharya
a327e76a2d
Merge pull request #259 from meitar/ci-fixes
Fix Travis CI build errors, largely due to stale links.
2018-11-03 15:07:27 -05:00
Samar Dhwoj Acharya
2165117198
Merge pull request #258 from meitar/at-commands
Add "AT Commands" Python scripts for exploiting Android devices.
2018-11-03 15:07:07 -05:00
Samar Dhwoj Acharya
93ec5e7b67
Merge pull request #254 from HrushikeshK/master
Add OS in Penetration Testing Distributions
2018-11-03 15:06:44 -05:00
Samar Dhwoj Acharya
a562c85830
Merge pull request #257 from meitar/certgraph
Add CertGraph, crawl TLS certs for certificate alternative names.
2018-11-03 15:04:47 -05:00
Meitar M
d2d1e2d9ff
Add Bash Bunny and Packet Squirrel from Hak5. Closes #203. 2018-11-02 10:49:33 -04:00
Meitar M
3297075b7e
Fix Travis CI build errors, largely due to stale links.
This commit fixes numerous CI build issues related to stale or broken
links. These include:

* Removal of Zoom username enumeration tool, covered by WPScan anyway.
* Removal of old Google dork database that is unmaintained/has vanished.
* Removal of `OSVDB.org` zone, which no longer resolves via DNS.
* Fix link to NoSQLmap tool (domain expired, use GitHub.com link now).
* Update link to Social Engineering in IT book from legacy URL.
* Update link to OWASP's AppSecUSA conference; now uses second-level domain.

Further, this commit simplifies the `.travis.yml` file in order to use a
plainer (more standard) certificates bundle. Two URLs have been added to
the whitelist: `www.shodan.io`, which returns a 403 Forbidden error when
accessed by Awesome Bot, and `www.mhprofessional.com`, which generates
an SSLv3 certificate validation error.

Prior to this commit, a custom SSL certificate bundle was generated and
then placed in the `/tmp` directory for use, but this is no longer
required as the latest `ca-certificates` bundle shipped with Ubuntu
contains the root certificates needed for the domains that once required
this custom bundle to be used.
2018-11-01 14:48:34 -04:00
Meitar M
dcfc07e36b
Add "AT Commands" Python scripts for exploiting Android devices. 2018-11-01 14:22:08 -04:00
Meitar M
ccdba4d647
Add CertGraph, crawl TLS certs for certificate alternative names.
This tool can connect to a domain over HTTP or SMTP, or search Certificate
Transparency (CT) logs in order to create a directed graph that
visualizes a domain's certificate's certificate alternative names. These
are other domain names that the certificate can be used to authenticate,
even if those domain names are not in public DNS records. Can be used as
an OSINT investigative tool as a task in the reconnaisance phase of a
pentesting engagement in order to easily discover additional targets.
2018-10-30 13:42:03 -04:00
Brainfuck
4592571df4
Update README.md 2018-10-24 14:07:13 +02:00
Meitar M
b60ae1b320
Add RegEx-DoS, an analyzer for regular expressions susceptible to DoS attacks. 2018-10-19 14:43:31 -04:00
HrushikeshK
cd27f6c85b
Add OS in Penetration Testing Distributions
Add Android Tamer OS in Penetration Testing Distributions.
2018-10-08 12:26:09 +05:30
Meitar M
18fd39ab5c
Add some good hex editors for GNU/Linux: Bless, wxHexEditor, hexedit. 2018-10-01 15:20:56 -04:00
Meitar M
7b861e1f8a
Amass is now an official OWASP project. Add Python3 port of fierce. 2018-09-18 15:55:50 -04:00
Samar Dhwoj Acharya
1de7eb13ce
Merge branch 'master' into master 2018-09-18 14:42:47 -05:00
Jayson Grace
233d9596e3 Update WebGoat docker entry
Add official WebGoat docker images
- 7.1 (older and best-known by the security community)
- 8.0 (newest release with numerous changes and revisions)
2018-09-10 10:03:20 -07:00
Meitar M
f5d3b0ff04
Fix the Docker for Penetration Testing section: punctuation, etc. 2018-09-06 13:47:24 -04:00
Meitar M
a7e3fdb18e
Fix the Pentesting Report Template.
This commit removes items from the Pentesting Report Template section
that are either not templates or have been removed from the source.
Further, line items are updated to use meaningful descriptions and to
follow the Awesome List style guides (capitalization and punctuation).
2018-09-06 13:44:59 -04:00
PHILEMON SUNDAY JOEL
5688f8dd1e
Added Awesome list
Android Exploitation and Hacks
2018-08-23 10:17:23 +03:00
Samar Dhwoj Acharya
86b673b941
Merge pull request #246 from meitar/evilosx
Add EvilOSX, a macOS RAT with several out-of-the-box exfil tools.
2018-08-08 16:54:39 -05:00
Meitar M
8b73e1251f
Add several new phishing and anonymity tools:
* SocialFish, a social media phishing framework.
* ShellPhish, a social media site cloner built on SocialFish.
* dos-over-tor, a torifid DoS and stress test tool.
* oregano, a MITM proxy that accepts direct Tor client requests.
2018-08-08 16:01:47 -04:00
Meitar M
306458f22e
Add EvilOSX, a macOS RAT with several out-of-the-box exfil tools. 2018-08-08 15:47:16 -04:00