awesome-pentest/README.md

Awesome Penetration Testing

A collection of awesome penetration testing resources, tools, books, , confs, magazines and other shiny things.

• Awesome Penetration Testing
  • Online Resources
    • Penetration Testing Resources
    • Social Engineering Resources
  • Tools
    • Penetration Testing Tools
    • Vulnerability Scanners
    • Network Tools
    • Hex Editors
    • Windows Utils
    • DDoS Tools
    • Social Engineering Tools
    • Anonimity Tools
    • Reverse Engineering Tools
  • Books
    • Penetration Testing Books
    • Hackers Handbook Series
    • Network Analysis Books
    • Reverse Engineering Books
    • Malware Analysis Books
    • Windows Books
    • Social Engineering Books
  • Information Security Conferences
  • Information Security Magazines
  • Contribution
  • License

Online Resources

Penetration Testing Resources

• Metasploit Unleashed - Free Offensive Security metasploit course.

Social Engineering Resources

• Social Engineering Framework - An information resource for social engineers.

Tools

Penetration Testing Tools

• Kali - A Linux distribution designed for digital forensics and penetration testing.
• Metasploit - World's most used penetration testing software.

Vulnerability Scanners

• Nexpose - Vulnerability Management & Risk Management Software.
• Nessus - Vulnerability, configuration, and compliance assessment.
• OpenVAS - Open Source vulnerability scanner and manager.
• w3af - Web application attack and audit framework.

Networks Tools

• nmap - Free Security Scanner For Network Exploration & Security Audits.
• tcpdump/libpcap - A common packet analyzer that runs under the command line.
• Wireshark - A network protocol analyzer for Unix and Windows.
• Network Tools - Different network tools: pink, lookup, whois, etc.

Hex Editors

• HexEdit.js - Browser-based hex editing.

Windows Utils

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities

DDoS Tools

• LOIC - An open source network stress tool for Windows.
• JS LOIC - JavaScript in-browser version of LOIC.

Social Engineering Tools

• SET - The Social-Engineer Toolkit from TrustedSec

Anonimity Tools

• Tor - The free software for enabling onion routing online anonymity.
• I2P - The Invisible Internet Project

Reverse Engineering Tools

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
• WDK/WinDbg - Windows Driver Kit and WinDbg.
• OllyDbg - An x86 debugger that emphasizes binary code analysis

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• Violent Python by TJ O'Connor, 2012

Hackers Handbook Series

• The Shellcoders Handbook by Chris Anley and others, 2007
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller and others, 2012
• Android Hackers Handbook by Joshua J. Drake and others, 2014
• The Browser Hackers Handbook by Wade Alcorn and others, 2014

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

Reverse Engineering Books

• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang and others, 2014

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh and others, 2014

Windows Books

• Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
• No Tech Hacking by Johnny Long, Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014

Information Security Conferences

• DEF CON - An annual hacker convention in Las Vegas.
• Black Hat - An annual security conference in Las Vegas.
• BSides - A framework for organising and holding security conferences.
• CCC - An annual meeting of the international hacker scene in Germany.
• DerbyCon - An annual hacker conference based in Louisville.
• PhreakNIC - A technology conference held annually in middle Tennessee.
• ShmooCon - An annual US east coast hacker convention.
• CarolinaCon - An infosec conference, held annually in North Carolina.
• HOPE - A conference series sponsored by the hacker magazine 2600.
• SummerCon - One of the oldest hacker conventions, held during Summer.
• Hack.lu - An annual conference held in Luxembourg.
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
• Hack3rCon - An annual US hacker conference.
• ThotCon - An annual US hacker conference held in Chicago.
• LayerOne - An annual US security conerence held every spring in Los Angeles.
• DeepSec - Security Conference in Vienna, Austria.
• SkyDogCon - A technology conference in Nashville.

Information Security Magazines

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground".
• Hakin9 - A Polish online, weekly publication on IT Security.

Contribution

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕)

License

This work is licensed under a Creative Commons Attribution 4.0 International License.