This commit also adds GhostProject.fr to the whitelist, as they use
CloudFlare's JavaScript DDoS detection and return an HTTP 503 error.
This commit also removes `zoomeye.org` from the whitelist,
because they seem to be returning HTTP 200 OK responses reliably now.
Some of the issues highlighted by the pull request comment in
https://github.com/sindresorhus/awesome/pull/1366#issuecomment-455992262
are not what I would consider real issues. For instance, the issue
described by "Link to http://mvfjfugdwgc5uwho.onion/ is dead" is not
true; the link is not dead, but the automated linter they use does not
understand how to access Onion sites, so I didn't fix it. `¯\_(ツ)_/¯`
Other issues, however, the ones I consider legitimate, are addressed by
this commit. This includes fixing the letter case of section headings,
matching section headings with their Table of Contents heading, fixing
actually dead links, and so on. What I did not fix were issues that I
consider bugs in the linter.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
This commit further cleans the new Industrial Control and SCADA Systems
section by providing a clearer description of the ISF line item, fixing
minor whitespace spacing issues, and clarifying the section's header.
This commit adds a new utility, `shellpop`, which is a Python script
that is used to generate sophisticated shellcode in numerous languages.
It also removes trailing whitespace from several line items, likely
added by mistake, capitalizes the name of the programming language Rust,
and rephrases the description of Hwacha for clarity and conciseness.
https://github.com/stevenaldinger/decker
Decker allows writing declarative "penetration tests as code". It uses the same config language as Terraform and other Hashicorp tools and has a plugin based architecture so the usefulness of the framework will grow as more plugins become available. The [all-the-things](https://github.com/stevenaldinger/decker/blob/master/examples/all-the-things.hcl) example will take a target hostname and run web app scans such as SSL vulnerability and WAF detection as well as general info gathering, ftp, smtp, imap, vnc, mysql, and postgres scans if the relevant ports are found to be open in the nmap scan.
Docker images are also provided and the `stevenaldinger/decker:kali` image is recommended since it has a lot of tools preinstalled.
Hwacha is a post-exploitation (credentials or keys obtained) tool that uses SSH to execute payloads or collect artifacts from one or multiple hosts at a time.