Commit Graph

584 Commits

Author SHA1 Message Date
Meitar M
abfe33a506
Fix spacing issue in Legion, rephrase its description for clarity. 2019-03-18 23:28:51 -04:00
Robin Rainwalker
5984df5db0
Added Legion to Network Vulnerability Scanners
[Legion](https://github.com/GoVanguard/legion) -  Open source semi-automated discovery and reconnaissance network penetration testing framework by @GoVanguard
2019-03-15 12:58:02 -04:00
Fabian Martinez Portantier
98b783417f Update README.md
Added Habu - Python Network Hacking Toolkit
2019-03-13 18:40:18 -04:00
Samar Dhwoj Acharya
a67537ee04
Merge pull request #278 from Gymmasssorla/patch-2
Offer the "Anevicon" DDoS tool
2019-03-13 10:54:30 -05:00
Samar Dhwoj Acharya
7feb98e35b
Merge pull request #285 from meitar/uefitool
Add UEFITool, a UEFI firmware image viewer, extractor, and editor.
2019-03-13 09:39:46 -05:00
Samar Dhwoj Acharya
8fcdce285b
Merge pull request #286 from meitar/ghidra
Add Ghidra; NSA's SRE tool suite officially released as free software.
2019-03-13 09:39:25 -05:00
Meitar M
88d5f3986b
Add Ghidra; NSA's SRE tool suite officially released as free software. 2019-03-11 13:50:30 -04:00
Meitar M
a017aeef88
Add UEFITool, a UEFI firmware image viewer, extractor, and editor. 2019-03-07 17:20:14 -05:00
Meitar M
e491345460
Address numerous Awesome linter errors for sindresorhus/awesome#1366 PR.
This commit removes the bolding from the Netsparker referral link
because it lints as a heading. (The referral URL itself was not
deleted.) It also adds the word `culture` at the end of the 2600 list
item so that line item won't end in a quotation mark, but a period (as
the pedantic linter requires). This commit also fixes the headline level
for the License section and uses the new Awesome badge SVG sources.
2019-03-04 14:57:58 -05:00
Samar Dhwoj Acharya
df5a353b39
Merge pull request #283 from meitar/resource-reorg
General re-organization of some Tools sections, adds several tools.
2019-03-03 18:04:56 -06:00
Meitar M
fadcb9fc27
General re-organization of some Tools sections, adds several tools.
This commit makes a substantial change by moving two sections that were
previously in "Tools" into the "Online Resources" category instead.
Specifically, the "Penetration Testing Report Templates" and "Code
examples for Penetration Testing" sections, each of which contained
references to documents rather than immediately-usable software, were
moved out of the "Tools" category. This was done because there is now a
clear distinction between "places to go to get more information about a
topic" (a resource) and "software to download that is immediately usable
in a pentest" (a tool).

Additionally, this commit adds a new section of Tools for pentests
tentatively called "Collaboration Tools" and adds RedELK, a Red Team's
SIEM, to that section. RedELK is an example of a multiple teamserver
analysis framework intended for use during long-term engagements for
keeping tabs on Blue Team activities, so it is not exactly like any
other tool in this list.

Finally, another tool (Cloakify) was added to the data exfiltration
section.
2019-03-02 03:17:39 -05:00
Meitar M
e276175b87
Add LinEnum, a privesc and enumeration shell script for GNU/Linux. 2019-02-26 01:19:42 -05:00
Samar Dhwoj Acharya
971bfb2b61
Merge pull request #281 from meitar/fix-build
Fix Awesome-Bot build errors: ComputerSecurityStudent.com is gone.
2019-02-19 22:57:06 -06:00
Meitar M
8f0d4c7ba5
Fix Awesome-Bot build errors: ComputerSecurityStudent.com is gone.
This commit also adds GhostProject.fr to the whitelist, as they use
CloudFlare's JavaScript DDoS detection and return an HTTP 503 error.

This commit also removes `zoomeye.org` from the whitelist,
because they seem to be returning HTTP 200 OK responses reliably now.
2019-02-19 22:32:55 -05:00
Samar Dhwoj Acharya
950dba9668
Merge pull request #280 from meitar/checksec.sh
Add checksec.sh, script to test what Linux security features are used.
2019-02-19 19:50:31 -06:00
Meitar M
3ee5e65e58
Add checksec.sh, script to test what Linux security features are used. 2019-02-19 18:04:31 -05:00
Meitar M
07eb123b4e
Add pwndbg, a GDB plugin with features easing exploit development. 2019-02-19 17:59:46 -05:00
Temirkhan Myrzamadi
1c55162683
Offer the "Anevicon" DDoS tool 2019-02-18 19:04:48 +06:00
Samar Dhwoj Acharya
72c1c6d2ad
Merge pull request #276 from oorryy/master
Added two entries new entries - awesome-serverless-security list, and Lambda-Proxy
2019-02-18 00:59:59 -06:00
Samar Dhwoj Acharya
20bb5ab8b5
Update README.md 2019-02-18 00:59:47 -06:00
Samar Dhwoj Acharya
668da95d26
preserve existing toc 2019-02-18 00:57:26 -06:00
Meitar M
9abf8ffb58
Add GhostProject, searchable index of billions of cleartext passwords. 2019-02-15 23:08:36 -05:00
Ory Segal
3efd3ba124 Added two entries: 1) awesome-serverless-security list. 2) Lambda-Proxy, a simple utility to bridge between SQLMap and AWS Lambda in order to natively test serverless functions for SQL Injection 2019-02-04 21:47:53 +02:00
Pedro Tavares
2375c8573b Update README.md (#275)
* Update README.md

* Update README.md
2019-01-31 00:27:01 -06:00
Samar Dhwoj Acharya
ddc41beee9
Merge pull request #274 from meitar/adape
Add ADAPE.
2019-01-26 08:58:39 -06:00
Meitar M
300fa8ab46
Add ADAPE. 2019-01-23 13:43:29 -05:00
Meitar M
88053dc50a
This commit addresses numerous issues for sindresorhus/awesome#1366.
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`

Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
2019-01-22 19:24:27 -05:00
Meitar M
42bb166b14
Add s7scan, a Siemens S7 PLC network scanner.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
2019-01-09 12:58:19 -05:00
Samar Dhwoj Acharya
be5e56f83d
update formatting 2019-01-08 10:24:58 -06:00
Jim Was Here [a.k.a R3dxpl0it]
d31354e752 Update README.md (#268)
Added an Industrial PT tool
2019-01-08 10:24:28 -06:00
Samar Dhwoj Acharya
f8c952d1fe
Merge pull request #269 from stevenaldinger/patch-1
Add Decker orchestration framework to multi-paradigm frameworks
2019-01-06 23:04:20 -06:00
Meitar M
399088c696
Add shellpop, remove trailing whitespace, fix minor grammar errors.
This commit adds a new utility, `shellpop`, which is a Python script
that is used to generate sophisticated shellcode in numerous languages.

It also removes trailing whitespace from several line items, likely
added by mistake, capitalizes the name of the programming language Rust,
and rephrases the description of Hwacha for clarity and conciseness.
2019-01-06 17:02:58 -05:00
Steven Aldinger
f1ca50ed8e
Add Decker orchestration framework to multi-paradigm frameworks
https://github.com/stevenaldinger/decker
Decker allows writing declarative "penetration tests as code". It uses the same config language as Terraform and other Hashicorp tools and has a plugin based architecture so the usefulness of the framework will grow as more plugins become available. The [all-the-things](https://github.com/stevenaldinger/decker/blob/master/examples/all-the-things.hcl) example will take a target hostname and run web app scans such as SSL vulnerability and WAF detection as well as general info gathering, ftp, smtp, imap, vnc, mysql, and postgres scans if the relevant ports are found to be open in the nmap scan.
Docker images are also provided and the `stevenaldinger/decker:kali` image is recommended since it has a lot of tools preinstalled.
2019-01-06 06:35:40 -05:00
kpcyrd
4fff8ec26c
Add sn0int 2018-12-29 16:03:22 +01:00
Samar Dhwoj Acharya
41185c8740
remove unsupported fedora sec lab distro 2018-12-23 20:16:43 -06:00
dreddsa5dies
354b317c13 add code examples 2018-12-17 11:46:53 +03:00
Samar Dhwoj Acharya
5f7d5482d1
Merge pull request #264 from kpcyrd/patch-1
Add badtouch, sniffglue, rshijack and boxxy
2018-11-24 12:58:32 -06:00
kpcyrd
9437337b63 Add badtouch, sniffglue, rshijack and boxxy 2018-11-23 09:03:29 +01:00
n00py
6aa80c89ae
Adding Hwacha to GNU/Linux utilities
Hwacha is a post-exploitation (credentials or keys obtained) tool that uses SSH to execute payloads or collect artifacts from one or multiple hosts at a time.
2018-11-18 20:24:36 +09:00
Samar Dhwoj Acharya
410f64c957
Merge pull request #262 from meitar/periods
Style guide conformance fixes, mostly adding periods to end of lines.
2018-11-10 17:27:07 -06:00
Samar Dhwoj Acharya
3bfdb24a10
Merge pull request #261 from meitar/dwf
Add Distributed Weakness Filing, a researcher-run distributed CNA.
2018-11-10 17:26:38 -06:00
Beyar
ab16921114
Update README.md
Changed the link to their open-source project instead.
2018-11-10 21:55:35 +01:00
Meitar M
55323c516b
Style guide conformance fixes, mostly adding periods to end of lines. 2018-11-09 14:10:49 -05:00
Meitar M
b91c0fdd0c
Add Distributed Weakness Filing, a researcher-run distributed CNA. 2018-11-05 13:02:19 -05:00
Samar Dhwoj Acharya
500664df21
Merge branch 'master' into hak5-tools 2018-11-03 15:09:21 -05:00
Samar Dhwoj Acharya
a327e76a2d
Merge pull request #259 from meitar/ci-fixes
Fix Travis CI build errors, largely due to stale links.
2018-11-03 15:07:27 -05:00
Samar Dhwoj Acharya
2165117198
Merge pull request #258 from meitar/at-commands
Add "AT Commands" Python scripts for exploiting Android devices.
2018-11-03 15:07:07 -05:00
Samar Dhwoj Acharya
93ec5e7b67
Merge pull request #254 from HrushikeshK/master
Add OS in Penetration Testing Distributions
2018-11-03 15:06:44 -05:00
Samar Dhwoj Acharya
a562c85830
Merge pull request #257 from meitar/certgraph
Add CertGraph, crawl TLS certs for certificate alternative names.
2018-11-03 15:04:47 -05:00
Meitar M
d2d1e2d9ff
Add Bash Bunny and Packet Squirrel from Hak5. Closes #203. 2018-11-02 10:49:33 -04:00
Meitar M
3297075b7e
Fix Travis CI build errors, largely due to stale links.
This commit fixes numerous CI build issues related to stale or broken
links. These include:

* Removal of Zoom username enumeration tool, covered by WPScan anyway.
* Removal of old Google dork database that is unmaintained/has vanished.
* Removal of `OSVDB.org` zone, which no longer resolves via DNS.
* Fix link to NoSQLmap tool (domain expired, use GitHub.com link now).
* Update link to Social Engineering in IT book from legacy URL.
* Update link to OWASP's AppSecUSA conference; now uses second-level domain.

Further, this commit simplifies the `.travis.yml` file in order to use a
plainer (more standard) certificates bundle. Two URLs have been added to
the whitelist: `www.shodan.io`, which returns a 403 Forbidden error when
accessed by Awesome Bot, and `www.mhprofessional.com`, which generates
an SSLv3 certificate validation error.

Prior to this commit, a custom SSL certificate bundle was generated and
then placed in the `/tmp` directory for use, but this is no longer
required as the latest `ca-certificates` bundle shipped with Ubuntu
contains the root certificates needed for the domains that once required
this custom bundle to be used.
2018-11-01 14:48:34 -04:00
Meitar M
dcfc07e36b
Add "AT Commands" Python scripts for exploiting Android devices. 2018-11-01 14:22:08 -04:00
Meitar M
ccdba4d647
Add CertGraph, crawl TLS certs for certificate alternative names.
This tool can connect to a domain over HTTP or SMTP, or search Certificate
Transparency (CT) logs in order to create a directed graph that
visualizes a domain's certificate's certificate alternative names. These
are other domain names that the certificate can be used to authenticate,
even if those domain names are not in public DNS records. Can be used as
an OSINT investigative tool as a task in the reconnaisance phase of a
pentesting engagement in order to easily discover additional targets.
2018-10-30 13:42:03 -04:00
Brainfuck
4592571df4
Update README.md 2018-10-24 14:07:13 +02:00
Meitar M
b60ae1b320
Add RegEx-DoS, an analyzer for regular expressions susceptible to DoS attacks. 2018-10-19 14:43:31 -04:00
HrushikeshK
cd27f6c85b
Add OS in Penetration Testing Distributions
Add Android Tamer OS in Penetration Testing Distributions.
2018-10-08 12:26:09 +05:30
Meitar M
18fd39ab5c
Add some good hex editors for GNU/Linux: Bless, wxHexEditor, hexedit. 2018-10-01 15:20:56 -04:00
Meitar M
7b861e1f8a
Amass is now an official OWASP project. Add Python3 port of fierce. 2018-09-18 15:55:50 -04:00
Samar Dhwoj Acharya
1de7eb13ce
Merge branch 'master' into master 2018-09-18 14:42:47 -05:00
Jayson Grace
233d9596e3 Update WebGoat docker entry
Add official WebGoat docker images
- 7.1 (older and best-known by the security community)
- 8.0 (newest release with numerous changes and revisions)
2018-09-10 10:03:20 -07:00
Meitar M
f5d3b0ff04
Fix the Docker for Penetration Testing section: punctuation, etc. 2018-09-06 13:47:24 -04:00
Meitar M
a7e3fdb18e
Fix the Pentesting Report Template.
This commit removes items from the Pentesting Report Template section
that are either not templates or have been removed from the source.
Further, line items are updated to use meaningful descriptions and to
follow the Awesome List style guides (capitalization and punctuation).
2018-09-06 13:44:59 -04:00
PHILEMON SUNDAY JOEL
5688f8dd1e
Added Awesome list
Android Exploitation and Hacks
2018-08-23 10:17:23 +03:00
Samar Dhwoj Acharya
86b673b941
Merge pull request #246 from meitar/evilosx
Add EvilOSX, a macOS RAT with several out-of-the-box exfil tools.
2018-08-08 16:54:39 -05:00
Meitar M
8b73e1251f
Add several new phishing and anonymity tools:
* SocialFish, a social media phishing framework.
* ShellPhish, a social media site cloner built on SocialFish.
* dos-over-tor, a torifid DoS and stress test tool.
* oregano, a MITM proxy that accepts direct Tor client requests.
2018-08-08 16:01:47 -04:00
Meitar M
306458f22e
Add EvilOSX, a macOS RAT with several out-of-the-box exfil tools. 2018-08-08 15:47:16 -04:00
Samar Dhwoj Acharya
c9c1df653f
Merge pull request #245 from meitar/scomdecrypt
Add SCOMDecrypt, a tool to retrieve and decrypt stored RunAs creds.
2018-08-05 17:47:39 -05:00
Meitar M
07e6025a12
Add SCOMDecrypt, a tool to retrieve and decrypt stored RunAs creds. 2018-08-05 17:25:42 -04:00
Meitar M
e3c19c6d98
Add StegCracker, tool that brute forces steganographic data in files. 2018-08-05 17:10:22 -04:00
Florian Heuer
c88b19587d
Added Btfm book 2018-08-01 16:59:22 +02:00
Samar Dhwoj Acharya
16ccc45735
Merge pull request #240 from abhishekbundela/master
Added pentestbox.
2018-07-31 19:48:37 -05:00
Samar Dhwoj Acharya
33dcacdde4
Update README.md 2018-07-31 19:48:15 -05:00
Samar Dhwoj Acharya
c77337ef0e
Merge pull request #241 from meitar/ruler
Add Ruler, a tool to abuse client-side Outlook features to pwn Exchange.
2018-07-31 19:46:06 -05:00
Meitar M
081241efc6
Fix link for Bella, a post-exploitation agent for MacOS. 2018-07-31 17:17:00 -04:00
Meitar M
f0cba27bf0
Add Ruler, a tool to abuse client-side Outlook features to pwn Exchange. 2018-07-31 16:57:03 -04:00
Abhishek bundela
c14d026566
Added pentestbox. 2018-07-31 18:05:47 +05:30
Samar Dhwoj Acharya
e922b9da06
Merge pull request #239 from sundaysec/patch-2
Added MITMF
2018-07-30 12:51:31 -05:00
Samar Dhwoj Acharya
ecab02ad15
Merge pull request #238 from evyatarmeged/patch-1
Add Raccoon under Web Exploitation category
2018-07-30 12:50:45 -05:00
Samar Dhwoj Acharya
7ae9d0ed32
Merge pull request #235 from meitar/blueteam
New awesome list: "Cybersecurity Blue Team"
2018-07-30 12:50:09 -05:00
PHILEMON SUNDAY JOEL
2a8c4a9a46
Added MITMF
A Framework for Man-In-The-Middle attacks
2018-07-27 16:00:23 +03:00
Evyatar Meged
121e9f8872
Add Raccoon under Web Exploitation category
I've added my new tool, Raccoon, to the Web Exploitation tools list
https://github.com/evyatarmeged/Raccoon
2018-07-25 21:22:55 +03:00
Samar Dhwoj Acharya
ccc3b5182d
Merge pull request #237 from meitar/foca
Add FOCA, an OSINT tool that uses three search engines.
2018-07-25 12:13:10 -05:00
Meitar M
60c06a2195
Add FOCA, an OSINT tool that uses three search engines. 2018-07-25 11:17:26 -04:00
Mahdi Makhdumi
a3e481f9a3
Update README.md 2018-07-25 13:42:50 +04:30
Mahdi Makhdumi
bb023efb72
Update README.md 2018-07-25 03:31:34 +04:30
Meitar M
71017d5b2a
New awesome list: "Cybersecurity Blue Team"
This is a companion/sister list to awesome-pentest intended to provide
the same level of quality resources for defenders rather than attackers.
2018-07-24 16:29:17 -04:00
Samar Dhwoj Acharya
d295832e00
Merge pull request #219 from meitar/cnnvd
Add CNNVD to Vulnerability Databases section.
2018-07-24 14:48:59 -05:00
Samar Dhwoj Acharya
8bb617b7d7
Merge pull request #232 from C-Sto/patch-1
Add recursebuster
2018-07-24 14:44:16 -05:00
Samar Dhwoj Acharya
9a2fb6b9c7
Merge pull request #234 from sundaysec/patch-1
Added awesome tools
2018-07-24 14:42:29 -05:00
PHILEMON SUNDAY JOEL
eb69db65bf
Added awesome tools 2018-07-24 22:01:13 +03:00
Meitar M
9040ae7742
Add numerous tools:
* ScanCannon - `masscan` and `nmap` multiplexer.
* RID_ENUM - null session cycling attack for Windows user enumeration.
* MailSniper - recon toolkit for MS Exchange (OWA/EWS) environments.
* FiercePhish - full-fledged phishing campaign management platform.
* Hunter.io - data broker providing internal company emails.
2018-07-23 15:44:49 -04:00
C_Sto
c7d8034e58
Add recursebuster
https://github.com/c-sto/recursebuster

Content discovery/recursive web directory bruteforcer
2018-07-15 14:50:40 +08:00
Florian Heuer
ceb54f3b7d
Update README.md
Added VaaS SambaCry in Docker for Penetration Testing
2018-05-18 15:50:26 +02:00
Meitar M
12b9636a43
Add PacketTotal near Virus Total, a similar service for PCAP analysis. 2018-05-12 12:22:49 -04:00
Meitar M
fc8b826142
Add THC Hydra, a famous online network protocol password cracker. 2018-05-04 22:52:53 -04:00
Samar Dhwoj Acharya
25eac5cd9b
Merge pull request #222 from alichtman/master
Removed Duplicate Kali Linux Docker Link
2018-04-30 09:13:50 -05:00
Meitar M
062e214ebf
Sub-categorize "Network Tools" section, clarify "Defense," add Iodine.
Iodine is a DNS tunnel and useful for data exfiltration.

The Network Tools section became very long, so I chunked it up with
subcategories that pertain to the sort of tool. ("Network Tools" is
itself somewhat vague, and multi-paradigm/multi-function tools were
retained in the root of the category.)

Finally, "Defense Evasion Tools" was renamed to "Anti-virus Evasion
Tools" because every utility listed there was actually an AV or
host-based defense evasion tool, which is distinct from the network
evasion tools (exfiltration utilities) already listed in the "Network
Tools" section, above. I believe this clarity will help a reader more
quickly find the specific type of "defense evasion" utility they are
actually looking for.
2018-04-14 15:27:31 -04:00
Meitar M
ee32aff5c3 Add Shellter dynamic shellcode injection tool (anti-virus evasion tool). (#226) 2018-04-12 17:55:18 -05:00
Meitar M
0929ede5d4 Add PCILeech, a Direct Memory Access attack tool. (#225) 2018-04-04 13:58:10 -05:00
Jeff Foley
46dacfca0a Amass being added to the OSINT category (#224)
* added Amass to the OSINT section of the list

* updated the Amass entry within the OSINT category #223
2018-04-03 22:15:30 -05:00
alichtman
137e8649a0
removed duplicate Kali Linux docker command + link 2018-03-30 02:27:02 -05:00
Emily Ann
9eb26c04ff
Updated
Added 2 tools to web vulnerability scanning category. 
Zoom- an advanced wordpress username enumerator with infinite scanning (much more powerful than the user name enumeration module in wpscan)
Sqlmate- a friend of sqlmap that identifies sqli vulnerabilities based on given dork and website (optional)
2018-03-24 12:36:03 -07:00
Meitar M
ddfc8ae7fb
Add Memcrashed DRDoS (Distributed Reflection Denial of Service) attack tool. 2018-03-22 14:20:34 -04:00
Meitar M
dd8ef7a41c
Add CNNVD to Vulnerability Databases section. 2018-03-15 14:43:55 -04:00
Meitar M
3f44886460
Add AutoSploit, automated mass exploit tool. 2018-02-07 12:33:08 -05:00
Samar Dhwoj Acharya
6d5730f286
Update README.md 2018-01-19 17:26:53 -06:00
Nhoya
c3b318062a
Added gOSINT 2018-01-17 20:58:14 +01:00
Samar Dhwoj Acharya
69050dae22
Merge pull request #211 from eric-therond/master
Add Progpilot
2018-01-10 22:17:30 -06:00
Samar Dhwoj Acharya
8d2c7a381a
Update README.md 2018-01-10 22:17:13 -06:00
Samar Dhwoj Acharya
ddde98e77f
Merge pull request #214 from meitar/crackpkcs12
Add crackpkcs12, a fast and multithreaded program to crack p12 (TLS) certs.
2018-01-10 22:16:44 -06:00
Samar Dhwoj Acharya
8b6377be1c
Merge pull request #212 from meitar/dnstwist
Add dnstwist.
2018-01-10 22:16:20 -06:00
Meitar M
06aea06df5
Add crackpkcs12, a fast and multithreaded program to crack p12 (TLS) certs. 2018-01-10 20:51:06 -05:00
Meitar M
66cf701dd0
Add Hex Fiend. 2018-01-10 20:46:34 -05:00
Meitar M
e358a12bc8
Add dnstwist.
This commit also conforms several other Network Tools line items to the
Awesome List style guide (remove the introductory "A" preposition).
2018-01-08 12:52:27 -05:00
forgesecurity
43b703abc3 Add Progpilot 2017-12-16 14:54:29 +01:00
Seth
728f8bed4a
Remove Dead Link From List- "Hack3rcon"
Remove line 562 "* [Hack3rCon](http://hack3rcon.org/) - Annual US hacker conference." because the link leads to a domain squatting website rather than an actual hacker conference.
2017-12-14 19:45:41 -05:00
Nick Raienko
d924f889f4 Various updates 2017-12-11 08:28:19 +02:00
Samar Dhwoj Acharya
3b0d0cba72
fix formatting 2017-11-28 10:57:00 -06:00
Asaf Hecht
a1a1644ed4
Adding ACLight tool
Adding ACLight tool - A script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins
2017-11-28 15:31:11 +02:00
Samar Dhwoj Acharya
6e9599f57c
Merge pull request #199 from DzasterAbz/patch-3
Added Beelogger
2017-11-19 22:40:44 -06:00
techgaun
f30958f5b2
fix wappalyzer link 2017-11-19 22:33:45 -06:00
techgaun
5ff68d4970
add various tools suggested on #204 and fix link for sobelow
closes #204
2017-11-19 22:31:45 -06:00
Meitar M
02becfc3a1
Add MITRE's ATT&CK, a superbly organized wiki of attack techniques. 2017-11-01 00:11:37 -04:00
Meitar M
4a3bf603c4
Add WiGLE.net, a huge OSINT database about wireless and Wi-Fi networks. 2017-10-31 00:20:22 -04:00
Jonathan Cran
a19f14ac88
Add intrigue to OSINT tools 2017-10-28 20:06:23 -07:00
Sai Abhiram
d9d72f8da1 Added Beelogger 2017-10-26 07:23:44 -04:00
Tijme Gommers
70057403e4 Added ACSTIS to Web Scanners
[ACSTIS](https://github.com/tijme/angularjs-csti-scanner) helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
2017-10-25 16:54:52 +02:00
Michael
ba7909d764 Added NoSQL Map and VHostScan 2017-10-24 16:44:28 +10:00
Ryan Shipp
0ba0f8fc4f Add awesome-yara to related lists 2017-10-17 15:16:51 -05:00
Meitar M
3b590db063
Add FireEye's new rVMI dynamic malware analysis tool. 2017-09-19 04:31:36 -04:00
Meitar M
c1030eeb07
Descriptions should have periods at the end for style guide compliance. 2017-09-19 04:31:13 -04:00
phocean
30a4d54e65 Update README.md 2017-09-15 09:45:32 +02:00
Rick Daalhuizen
1897b67ef9 Added New Hash Cracking Tools
jwt-cracker: https://github.com/lmammino/jwt-cracker
rar-crack: https://github.com/ziman/rarcrack
bruteforce-wallet: https://github.com/glv2/bruteforce-wallet
2017-09-08 16:02:55 +02:00
Nick Raienko
d118a65d32 Put back netsparker header 2017-09-07 15:03:46 +03:00
Samar Dhwoj Acharya
c4d1da3874 Update README.md 2017-09-01 12:49:36 -05:00
sheimo
4943d9908c Update README.md
Added a Penetration Testing Report section with links to them respectively.
2017-08-31 16:58:30 -05:00
Devin Calado
0e03ccb91b Added Fluxion to Wireless Network Tools
Fluxion - Suite of automated social engineering based WPA attacks.  

I found this tool to be useful in gaining WPA/WPA2 credentials without needing to crack the handshake.  Automates the process of using social engineering to trick users into giving up their WPA passphrases.  Also confirms the correct passphrase was harvested by automatically comparing the passphrase to a captured handshake. 

I think this tool fits better in the Wireless Network Tools section rather than the Social Engineering section.
2017-08-30 15:44:32 -07:00
Samar Dhwoj Acharya
bb4c3c8c28 Merge pull request #183 from meitar/onionscan
Add OnionScan; tool for finding opsec/netsec issues in Onions.
2017-08-22 21:03:49 -05:00
Meitar M
6adbd8cb80
Add Proxmark hardware/software toolkit for RFID/NFC pentests. 2017-08-22 19:25:11 -04:00
Meitar M
fb5274e1f7
Add OnionScan; tool for finding opsec/netsec issues in Onions. 2017-08-22 18:15:15 -04:00
Meitar M
b352f07525
Add UniByAv, fix typo in Hyperion runtime encryptor. 2017-08-17 16:14:40 -04:00
Samar Dhwoj Acharya
407722478a Update README.md 2017-08-17 10:41:51 -05:00
Samar Dhwoj Acharya
c655eb7a21 Merge pull request #179 from meitar/av-evasion
Add new section "Defense Evasion Tools" with a bunch of relevant tools.
2017-08-17 10:39:49 -05:00
Samar Dhwoj Acharya
e4566021fd Merge pull request #180 from meitar/tools-not-resources
Fixes for miscategorized items.
2017-08-17 10:38:34 -05:00
Meitar M
7909070e79
Better description for Windows Credentials Editor. 2017-08-17 09:23:33 -04:00
Meitar M
ef65ac1e97
Add Capstone, a multi-platform disassembler. 2017-08-17 09:22:09 -04:00
Meitar M
0b2d9f8cd8
Move Voltron to Tools subsection.
Also remove shellsploit, which now links to an empty repository.
2017-08-17 09:21:00 -04:00
Meitar M
7c2a99c219
Add new section "Defense Evasion Tools" with a bunch of relevant tools. 2017-08-17 09:16:31 -04:00
Samar Dhwoj Acharya
e01e2b27ac Merge pull request #177 from meitar/compliance
Move "Awesome OSINT" item into the Awesome Lists section, add a period.
2017-08-10 19:42:01 -05:00
Meitar M
286d0c7c42
Add BetterCAP (and its older cousin, Ettercap) to Network Tools. 2017-08-10 17:56:44 -04:00
Meitar M
7c1f8448ff
Move "Awesome OSINT" item into the Awesome Lists section, add a period. 2017-08-10 17:52:30 -04:00
Patrik Hudak
d837a509a9 Add Awesome OSINT reference and some books 2017-08-10 10:30:03 +02:00
techgaun
4d77c90cab
remove missing lock picking document 2017-08-07 19:38:24 -05:00
Meitar M
93d8cd0622
Expand acronyms, improve descriptions, add OSSTMM item.
This commit focses on the Penetration Testing Resources section and
provides better descriptions for most of the items therein. It also adds
the OSSTMM version 3 pentest methodology manual, which seems fitting as
it is both listed by OWASP and fits nicely with the PTES and PTF items
already listed.
2017-08-07 17:44:04 -04:00
Samar Dhwoj Acharya
ee2e2be848 Merge pull request #172 from meitar/toc
Fix broken intra-page link in the table of contents.
2017-07-28 16:04:57 -05:00
Meitar M
919c1e6113
Add ChipWhisperer, a side-channel attack toolchain, in new section. 2017-07-28 04:02:41 -04:00
Meitar M
20c7af2267
Move license to the bottom, replace the PNG with an SVG. 2017-07-23 03:31:20 -04:00
Meitar M
c9053f6682
Fix broken intra-page link in the table of contents. 2017-07-21 04:04:29 -04:00
Meitar M
34587c6dac
Provide a useful description for SPARTA.
SPARTA is not really its own tool, it's more like a meta-tool. There are
many "network infrastructure penetration testing tools" on this list,
but what does SPARTA actually do that these other tools don't? The
answer is primarily that SPARTA is a GUI wrapper around arbitrary
command lines with some additional logic to identify results from
well-known tools such as `nmap` and trigger actions based on those
results in other tools. Let's make that clear in the item's description.
2017-07-19 15:58:18 -04:00
filinpavel
16f3406a0f Update README.md
added pyrebox to RE Tools section
2017-07-18 13:56:58 +07:00
Meitar M
222a05baff
Add AttifyOS, a distro focused on pentesting IoT devices. 2017-07-17 04:44:03 -04:00
Meitar M
7e08965e7d
Add TrustedSec's "Magic Unicorn," a payload generator for Windows. 2017-07-16 04:06:18 -04:00
Samar Dhwoj Acharya
0f33e6394d Merge pull request #163 from meitar/hpi-vdb
Add HPI-VDB, which has a cross-referenced CVE search engine and API.
2017-07-15 18:23:12 -05:00
Meitar M
cb21655e64
The name of the Medusa disassembler is just "Medusa." 2017-07-14 17:00:31 -04:00
jose nazario
195e2ed79e spelling fixes 2017-07-14 10:13:37 -04:00
Meitar M
72f02c8b6b
Add HPI-VDB, which has a cross-referenced CVE search engine and API. 2017-07-13 14:17:56 -04:00
Samar Dhwoj Acharya
9ff00ba17a Merge pull request #159 from meitar/0xed
Add 0xED, a native macOS hex editor with support for resource forks.
2017-07-13 10:47:51 -05:00
Samar Dhwoj Acharya
6b733bfeeb Merge pull request #160 from meitar/ssl-tls
Move `sslstrip` to Web Exploitation, recategorize SSL as TLS tools.
2017-07-13 10:47:29 -05:00
Samar Dhwoj Acharya
8ab42bb257 Merge pull request #161 from meitar/anonymity-tools
Awesome List style guide compliance pass on the Anonymity Tools section.
2017-07-13 10:46:53 -05:00
Meitar M
19bfe12cd6
Add Pupy, a multi-paradigm (scriptable/interactive) cross-platform RAT. 2017-07-13 03:45:49 -04:00
Meitar M
a4a1f0ecc6
Awesome List style guide compliance pass on the Anonymity Tools section.
This commit conforms the Anonymity Tools section to the Awesome List
style guide by adding periods and such, plus adds the WEBKAY project to
help defend against identity and privay leaks from mis-configured Web
browsers. It also phrases the Tor project item description more clearly.
2017-07-13 00:20:39 -04:00
Meitar M
bf7a6151a9
Add 0xED, a native macOS hex editor with support for resource forks. 2017-07-12 23:41:23 -04:00
Meitar M
74068f8d34
Move sslstrip to Web Exploitation, recategorize SSL as TLS tools.
This commit updates numerous tools all previously categorized as "SSL"
tools. It updates their descriptions to more accurately describe current
versions by remarking on TLS capabilities, and it does the same with the
section heading. Further, Web-centric exploitation tools related to
SSL/TLS implementations have been moved to the Web Exploitation section,
where they arguably more properly belong, as SSL/TLS implementations may
include application-layer services beyond simply HTTP and "Web" traffic.
2017-07-12 23:32:11 -04:00
Samar Dhwoj Acharya
1c7ee4c923 Merge pull request #158 from meitar/aquatone
Add AQUATONE, "a tool for domain flyovers" that makes a handy report.
2017-07-12 21:48:13 -05:00
Meitar M
6a64b2d78b
Add AQUATONE, "a tool for domain flyovers" that makes a handy report. 2017-07-12 17:02:43 -04:00
Meitar M
0ed418eef0
Add XRay, automated network (sub)domain recon and OSINT gathering tool. 2017-07-12 16:51:11 -04:00
Samar Dhwoj Acharya
6e464e5bb4 Merge pull request #156 from meitar/pret
Better description of PRET through conformity with item link style.
2017-07-12 07:46:51 -05:00
Samar Dhwoj Acharya
bbffb78c67 Merge branch 'master' into wireshark-macos 2017-07-12 07:46:04 -05:00
Samar Dhwoj Acharya
69ba677983 Merge pull request #154 from meitar/basic-tools
Recategorize "Basic" tools section for clarity and conformity.
2017-07-12 07:43:26 -05:00
Meitar M
e4ac5a1cc1
Better description of PRET through conformity with item link style. 2017-07-12 02:51:49 -04:00
Meitar M
16868763fd
Better description for Wireshark, make clear it is cross-platform. 2017-07-12 02:45:19 -04:00
Meitar M
0e4032c58e
Recategorize "Basic" tools section for clarity and conformity.
This commit removes the "Basic Penetration Testing Tools" section and
moves numerous items listed therein into more appropriate places, based
on existing categories. For instance, BeEF is moved to the Web
Exploitation section, since it is more accurate to describe it as a Web
exploitation tool than a "Basic" tool. The former category is
descriptive while the latter is clearly nondescript.

A new section, "Multi-paradigm Frameworks," has been added for items
that were listed under the removed "Basic" section but that do not
cleanly fit into an existing category. Namely, these are Metasploit,
ExploitPack, and Faraday, which are exceptions simply because they are
so versatile. (Hence the choice of the new section, "Multi-paradigm.")

Additionally, the well-known Armitage GUI for Metasploit was added.

Moreover, Bella was moved to a new section, "macOS Utilities," which
provides parity with the existing Windows Utilities and GNU/Linux
Utilities section. Bella is a post-exploitation agent similar to
redsnarf, which likewise has been moved out of the "Basic" section and
into its more appropriate Windows Utilities section.

Other minor touch ups to various item descriptions were also made.
2017-07-12 02:28:12 -04:00
Samar Dhwoj Acharya
24ee7a47b0 Merge pull request #153 from meitar/binwalk
Add `binwalk`, fast and easy tool for reversing firmware images.
2017-07-11 23:26:38 -05:00
Meitar M
2b2996f5ed
IDA Pro and IDA Free are basically the same; combine into one item. 2017-07-12 00:09:27 -04:00
Meitar M
ed7ebf1848
Add binwalk, fast and easy tool for reversing firmware images. 2017-07-12 00:04:18 -04:00
Meitar M
9749c6382d
Fix inconsistent capitalization in headings; "utils" -> "utilities." 2017-07-11 05:49:24 -04:00
Meitar M
32ff359418
Drop link to commercial-only VulnDB based off OSVDB. 2017-07-10 16:17:34 -04:00
Samar Dhwoj Acharya
d39cd608c6 Merge pull request #149 from meitar/compliance
Fix minor typos, capitalization issues, and term consistency.
2017-07-08 19:16:31 -05:00
Meitar M
9b037a9bbf Fix minor typos, capitalization issues, and term consistency. 2017-07-08 20:03:48 -04:00
Jericho
71d146979c touch-ups and clarifications for the VDB section 2017-07-08 16:45:34 -06:00
Samar Dhwoj Acharya
51949983f7 Merge pull request #145 from meitar/vuln-scanners
Reorganize Vulnerability Scanners section, add subheadings.
2017-07-08 15:01:12 -05:00
Meitar M
3c811415bc Style guide compliance pass focused on Vulnerability Databases section. (#144)
* Add CVE List to Vulnerability Databases section, since it was missing.

* Style guide compliance pass focused on Vulnerability Databases section.

* Whitelist the Inj3ct0r URLs.

The `0day.today` website sits behind an extremely aggressive Cloudflare
anti-bot checker, which causes `awesome-bot` to trigger an HTTP 503
response. This fails the build but is actually normal behavior.

Similarly, the Onion service is inaccessible except over Tor and our
Travis CI configuration does not (yet?) support checking Onion service
links. (Although, perhaps it should be updated to do so in a future PR.)
2017-07-08 13:52:24 -05:00
Samar Dhwoj Acharya
42aa8a29a3 Merge pull request #146 from meitar/fiddler
Add Fiddler, provide more detail on OWASP ZAP.
2017-07-08 13:48:46 -05:00
Meitar M
522863e27a
Add wafw00f, a web application firewall fingerprinter. 2017-07-08 01:06:39 -04:00
Meitar M
b1b77f40a9
Add Fiddler, provide more detail on OWASP ZAP. 2017-07-08 00:24:33 -04:00
Meitar M
d2825614c3
Reorganize Vulnerability Scanners section, add subheadings.
This commit provides more detail and context for the vulnerability
scanners section. It groups Web Scanners into its own subheading, and
moves scanning tools from the Web Exploitation section into this section
as these tools do not actually focus on *exploiting* websites.

Additionally, Static Analyzers are grouped, two new static analyzers
(cppcheck and FindBugs) have been added, and commercial tools are
appropriately described as such.
2017-07-07 22:18:09 -04:00
Meitar M
6ac7727def
Further "Awesome List" style guide compliance passes.
This commit focuses on terminological consistency, including:

* Use consistent capitalization for abbreviations (OSInt -> OSINT).
* Consistently expand ambiguous phrases (OS -> operating system).
* Settle on standard names (Wi-Fi -> WiFi, etc.) where a mix was used.
* Expand acronyms in item titles when doing so shortens the description.
* Replace descriptions that merely expanded acronyms with actual text.
* Remove duplicate items that have more than one URL (Commix project).
* Do not Title Case description text when description is simply prose.
2017-07-07 01:42:53 -04:00
Meitar M
266aad7120
Remove "A" at beginning of link description. (Missed from before.) 2017-07-06 01:53:54 -04:00
Meitar M
8a2bfb965b
Make grammar consistent: "command-line" -> "command line" and so on.
This commit tidies some minor issues with pull request #141, namely:

* fix style guide compliance from accidental reversion during merge.
* add a period to the last sentence of the introduction paragraph.
* make the table of contents's content match the headings in the doc.
* consistently spell open source without a dashed word ("open-source").
2017-07-06 01:04:08 -04:00
Samar Dhwoj Acharya
e2fe7cbef6 Merge branch 'master' into awesome-compliant 2017-07-05 23:47:22 -05:00