Commit Graph

309 Commits

Author SHA1 Message Date
Sai Abhiram
d9d72f8da1 Added Beelogger 2017-10-26 07:23:44 -04:00
Tijme Gommers
70057403e4 Added ACSTIS to Web Scanners
[ACSTIS](https://github.com/tijme/angularjs-csti-scanner) helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
2017-10-25 16:54:52 +02:00
Michael
ba7909d764 Added NoSQL Map and VHostScan 2017-10-24 16:44:28 +10:00
Ryan Shipp
0ba0f8fc4f Add awesome-yara to related lists 2017-10-17 15:16:51 -05:00
Meitar M
3b590db063
Add FireEye's new rVMI dynamic malware analysis tool. 2017-09-19 04:31:36 -04:00
Meitar M
c1030eeb07
Descriptions should have periods at the end for style guide compliance. 2017-09-19 04:31:13 -04:00
phocean
30a4d54e65 Update README.md 2017-09-15 09:45:32 +02:00
Rick Daalhuizen
1897b67ef9 Added New Hash Cracking Tools
jwt-cracker: https://github.com/lmammino/jwt-cracker
rar-crack: https://github.com/ziman/rarcrack
bruteforce-wallet: https://github.com/glv2/bruteforce-wallet
2017-09-08 16:02:55 +02:00
Nick Raienko
d118a65d32 Put back netsparker header 2017-09-07 15:03:46 +03:00
Samar Dhwoj Acharya
c4d1da3874 Update README.md 2017-09-01 12:49:36 -05:00
sheimo
4943d9908c Update README.md
Added a Penetration Testing Report section with links to them respectively.
2017-08-31 16:58:30 -05:00
Devin Calado
0e03ccb91b Added Fluxion to Wireless Network Tools
Fluxion - Suite of automated social engineering based WPA attacks.  

I found this tool to be useful in gaining WPA/WPA2 credentials without needing to crack the handshake.  Automates the process of using social engineering to trick users into giving up their WPA passphrases.  Also confirms the correct passphrase was harvested by automatically comparing the passphrase to a captured handshake. 

I think this tool fits better in the Wireless Network Tools section rather than the Social Engineering section.
2017-08-30 15:44:32 -07:00
Samar Dhwoj Acharya
bb4c3c8c28 Merge pull request #183 from meitar/onionscan
Add OnionScan; tool for finding opsec/netsec issues in Onions.
2017-08-22 21:03:49 -05:00
Meitar M
6adbd8cb80
Add Proxmark hardware/software toolkit for RFID/NFC pentests. 2017-08-22 19:25:11 -04:00
Meitar M
fb5274e1f7
Add OnionScan; tool for finding opsec/netsec issues in Onions. 2017-08-22 18:15:15 -04:00
Meitar M
b352f07525
Add UniByAv, fix typo in Hyperion runtime encryptor. 2017-08-17 16:14:40 -04:00
Samar Dhwoj Acharya
407722478a Update README.md 2017-08-17 10:41:51 -05:00
Samar Dhwoj Acharya
c655eb7a21 Merge pull request #179 from meitar/av-evasion
Add new section "Defense Evasion Tools" with a bunch of relevant tools.
2017-08-17 10:39:49 -05:00
Samar Dhwoj Acharya
e4566021fd Merge pull request #180 from meitar/tools-not-resources
Fixes for miscategorized items.
2017-08-17 10:38:34 -05:00
Meitar M
7909070e79
Better description for Windows Credentials Editor. 2017-08-17 09:23:33 -04:00
Meitar M
ef65ac1e97
Add Capstone, a multi-platform disassembler. 2017-08-17 09:22:09 -04:00
Meitar M
0b2d9f8cd8
Move Voltron to Tools subsection.
Also remove shellsploit, which now links to an empty repository.
2017-08-17 09:21:00 -04:00
Meitar M
7c2a99c219
Add new section "Defense Evasion Tools" with a bunch of relevant tools. 2017-08-17 09:16:31 -04:00
Samar Dhwoj Acharya
e01e2b27ac Merge pull request #177 from meitar/compliance
Move "Awesome OSINT" item into the Awesome Lists section, add a period.
2017-08-10 19:42:01 -05:00
Meitar M
286d0c7c42
Add BetterCAP (and its older cousin, Ettercap) to Network Tools. 2017-08-10 17:56:44 -04:00
Meitar M
7c1f8448ff
Move "Awesome OSINT" item into the Awesome Lists section, add a period. 2017-08-10 17:52:30 -04:00
Patrik Hudak
d837a509a9 Add Awesome OSINT reference and some books 2017-08-10 10:30:03 +02:00
techgaun
4d77c90cab
remove missing lock picking document 2017-08-07 19:38:24 -05:00
Meitar M
93d8cd0622
Expand acronyms, improve descriptions, add OSSTMM item.
This commit focses on the Penetration Testing Resources section and
provides better descriptions for most of the items therein. It also adds
the OSSTMM version 3 pentest methodology manual, which seems fitting as
it is both listed by OWASP and fits nicely with the PTES and PTF items
already listed.
2017-08-07 17:44:04 -04:00
Samar Dhwoj Acharya
ee2e2be848 Merge pull request #172 from meitar/toc
Fix broken intra-page link in the table of contents.
2017-07-28 16:04:57 -05:00
Meitar M
919c1e6113
Add ChipWhisperer, a side-channel attack toolchain, in new section. 2017-07-28 04:02:41 -04:00
Meitar M
20c7af2267
Move license to the bottom, replace the PNG with an SVG. 2017-07-23 03:31:20 -04:00
Meitar M
c9053f6682
Fix broken intra-page link in the table of contents. 2017-07-21 04:04:29 -04:00
Meitar M
34587c6dac
Provide a useful description for SPARTA.
SPARTA is not really its own tool, it's more like a meta-tool. There are
many "network infrastructure penetration testing tools" on this list,
but what does SPARTA actually do that these other tools don't? The
answer is primarily that SPARTA is a GUI wrapper around arbitrary
command lines with some additional logic to identify results from
well-known tools such as `nmap` and trigger actions based on those
results in other tools. Let's make that clear in the item's description.
2017-07-19 15:58:18 -04:00
filinpavel
16f3406a0f Update README.md
added pyrebox to RE Tools section
2017-07-18 13:56:58 +07:00
Meitar M
222a05baff
Add AttifyOS, a distro focused on pentesting IoT devices. 2017-07-17 04:44:03 -04:00
Meitar M
7e08965e7d
Add TrustedSec's "Magic Unicorn," a payload generator for Windows. 2017-07-16 04:06:18 -04:00
Samar Dhwoj Acharya
0f33e6394d Merge pull request #163 from meitar/hpi-vdb
Add HPI-VDB, which has a cross-referenced CVE search engine and API.
2017-07-15 18:23:12 -05:00
Meitar M
cb21655e64
The name of the Medusa disassembler is just "Medusa." 2017-07-14 17:00:31 -04:00
jose nazario
195e2ed79e spelling fixes 2017-07-14 10:13:37 -04:00
Meitar M
72f02c8b6b
Add HPI-VDB, which has a cross-referenced CVE search engine and API. 2017-07-13 14:17:56 -04:00
Samar Dhwoj Acharya
9ff00ba17a Merge pull request #159 from meitar/0xed
Add 0xED, a native macOS hex editor with support for resource forks.
2017-07-13 10:47:51 -05:00
Samar Dhwoj Acharya
6b733bfeeb Merge pull request #160 from meitar/ssl-tls
Move `sslstrip` to Web Exploitation, recategorize SSL as TLS tools.
2017-07-13 10:47:29 -05:00
Samar Dhwoj Acharya
8ab42bb257 Merge pull request #161 from meitar/anonymity-tools
Awesome List style guide compliance pass on the Anonymity Tools section.
2017-07-13 10:46:53 -05:00
Meitar M
19bfe12cd6
Add Pupy, a multi-paradigm (scriptable/interactive) cross-platform RAT. 2017-07-13 03:45:49 -04:00
Meitar M
a4a1f0ecc6
Awesome List style guide compliance pass on the Anonymity Tools section.
This commit conforms the Anonymity Tools section to the Awesome List
style guide by adding periods and such, plus adds the WEBKAY project to
help defend against identity and privay leaks from mis-configured Web
browsers. It also phrases the Tor project item description more clearly.
2017-07-13 00:20:39 -04:00
Meitar M
bf7a6151a9
Add 0xED, a native macOS hex editor with support for resource forks. 2017-07-12 23:41:23 -04:00
Meitar M
74068f8d34
Move sslstrip to Web Exploitation, recategorize SSL as TLS tools.
This commit updates numerous tools all previously categorized as "SSL"
tools. It updates their descriptions to more accurately describe current
versions by remarking on TLS capabilities, and it does the same with the
section heading. Further, Web-centric exploitation tools related to
SSL/TLS implementations have been moved to the Web Exploitation section,
where they arguably more properly belong, as SSL/TLS implementations may
include application-layer services beyond simply HTTP and "Web" traffic.
2017-07-12 23:32:11 -04:00
Samar Dhwoj Acharya
1c7ee4c923 Merge pull request #158 from meitar/aquatone
Add AQUATONE, "a tool for domain flyovers" that makes a handy report.
2017-07-12 21:48:13 -05:00
Meitar M
6a64b2d78b
Add AQUATONE, "a tool for domain flyovers" that makes a handy report. 2017-07-12 17:02:43 -04:00