awesome-pentest/README.md

42 KiB

A collection of awesome penetration testing resources

This project is supported by Netsparker Web Application Security Scanner

Online Resources

Penetration Testing Resources

Exploit development

OSINT Resources

Social Engineering Resources

Lock Picking Resources

Operating Systems

Tools

Penetration Testing Distributions

  • Kali - A Linux distribution designed for digital forensics and penetration testing
  • ArchStrike - An Arch Linux repository for security professionals and enthusiasts
  • BlackArch - Arch Linux-based distribution for penetration testers and security researchers
  • NST - Network Security Toolkit distribution
  • Pentoo - Security-focused livecd based on Gentoo
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments
  • Parrot - A distribution similar to Kali, with multiple architecture
  • Buscador - A Linux Virtual Machine that is pre-configured for online investigators
  • Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
  • The Pentesters Framework - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.

Basic Penetration Testing Tools

  • Metasploit Framework - World's most used penetration testing software
  • ExploitPack - Graphical tool for penetration testing with a bunch of exploits
  • BeeF - The Browser Exploitation Framework Project
  • faraday - Collaborative Penetration Test and Vulnerability Management Platform
  • evilgrade - The update explotation framework
  • commix - Automated All-in-One OS Command Injection and Exploitation Tool
  • routersploit - Automated penetration testing software for router
  • redsnarf - Post-exploitation tool for grabbing credentials
  • Bella - Bella is a pure Python post-exploitation data mining & remote administration tool for Mac OS.

Docker for Penetration Testing

Vulnerability Scanners

  • Nexpose - Vulnerability Management & Risk Management Software
  • Nessus - Vulnerability, configuration, and compliance assessment
  • Nikto - Web application vulnerability scanner
  • OpenVAS - Open Source vulnerability scanner and manager
  • Secapps - Integrated web application security testing environment
  • w3af - Web application attack and audit framework
  • Wapiti - Web application vulnerability scanner
  • WebReaver - Web application vulnerability scanner for Mac OS X
  • DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
  • arachni - Web Application Security Scanner Framework
  • Vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

Network Tools

  • zmap - Open-source network scanner that enables researchers to easily perform Internet-wide network studies
  • nmap - Free Security Scanner For Network Exploration & Security Audits
  • pig - A Linux packet crafting tool
  • tcpdump/libpcap - A common packet analyzer that runs under the command line
  • Wireshark - A network protocol analyzer for Unix and Windows
  • Network Tools - Different network tools: ping, lookup, whois, etc
  • netsniff-ng - A Swiss army knife for for network sniffing
  • Intercepter-NG - a multifunctional network toolkit
  • SPARTA - Network Infrastructure Penetration Testing Tool
  • dnschef - A highly configurable DNS proxy for pentesters
  • DNSDumpster - Online DNS recon and search service
  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
  • dnsmap - Passive DNS network mapper
  • dnsrecon - DNS Enumeration Script
  • dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
  • passivedns-client - Provides a library and a query tool for querying several passive DNS providers
  • passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • Zarp - Zarp is a network attack tool centered around the exploitation of local networks
  • mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
  • mallory - HTTP/HTTPS proxy over SSH
  • Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols
  • DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
  • pwnat - punches holes in firewalls and NATs
  • dsniff - a collection of tools for network auditing and pentesting
  • tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
  • smbmap - a handy SMB enumeration tool
  • scapy - a python-based interactive packet manipulation program & library
  • Dshell - Network forensic analysis framework
  • Debookee (MAC OS X) - Intercept traffic from any device on your network
  • Dripcap - Caffeinated packet analyzer
  • PRET - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing

Wireless Network Tools

  • Aircrack-ng - a set of tools for auditing wireless network
  • Kismet - Wireless network detector, sniffer, and IDS
  • Reaver - Brute force attack against Wifi Protected Setup
  • Wifite - Automated wireless attack tool
  • wifiphisher - Automated phishing attacks against Wi-Fi networks

SSL Analysis Tools

  • SSLyze - SSL configuration scanner
  • sslstrip - a demonstration of the HTTPS stripping attacks
  • sslstrip2 - SSLStrip version to defeat HSTS
  • tls_prober - fingerprint a server's SSL/TLS implementation

Web exploitation

  • OWASP Zed Attack Proxy - Penetration testing tool for web applications
  • Burp Suite - An integrated platform for performing security testing of web applications
  • autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
  • WPScan - Black box WordPress vulnerability scanner
  • Wordpress Exploit Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit - WPSploit - Exploiting Wordpress With Metasploit
  • SQLmap - Automatic SQL injection and database takeover tool
  • tplmap - Automatic server-side template injection and Web server takeover tool
  • weevely3 - Weaponized web shell
  • Wappalyzer - Wappalyzer uncovers the technologies used on websites
  • cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
  • joomscan - Joomla CMS scanner
  • WhatWeb - Website Fingerprinter
  • BlindElephant - Web Application Fingerprinter
  • fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
  • Kadabra - Automatic LFI exploiter and scanner
  • Kadimus - LFI scan and exploit tool
  • liffy - LFI exploitation tool
  • GitTools - Automatically find and download Web-accessible .git repositories
  • Commix - Automated All-in-One OS command injection and exploitation tool

Hex Editors

File Format Analysis Tools

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby
  • Veles - Binary data visualization and analysis tool
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction

Hash Cracking Tools

  • John the Ripper - Fast password cracker
  • Hashcat - The more fast hash cracker
  • CeWL - Generates custom wordlists by spidering a target's website and collecting unique words

Windows Utils

  • Sysinternals Suite - The Sysinternals Troubleshooting Utilities
  • Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
  • mimikatz - Credentials extraction tool for Windows OS
  • PowerSploit - A PowerShell Post-Exploitation Framework
  • Windows Exploit Suggester - Detects potential missing patches on the target
  • Responder - A LLMNR, NBT-NS and MDNS poisoner
  • Bloodhound - A graphical Active Directory trust relationship explorer
  • Empire - A pure PowerShell post-exploitation agent
  • Fibratus - Tool for exploration and tracing of the Windows kernel
  • wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software

Linux Utils

DDoS Tools

  • LOIC - An open source network stress tool for Windows
  • JS LOIC - JavaScript in-browser version of LOIC
  • SlowLoris - DoS tool that uses low bandwidth on the attacking side
  • HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures
  • T50 - The more fast network stress tool
  • UFONet - UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Social Engineering Tools

  • SET - The Social-Engineer Toolkit from TrustedSec
  • King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content

OSInt Tools

  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
  • theHarvester - E-mail, subdomain and people names harvester
  • creepy - A geolocation OSINT tool
  • metagoofil - Metadata harvester
  • Google Hacking Database - a database of Google dorks; can be used for recon
  • Google-dorks - Common google dorks and others you prolly don't know
  • GooDork - Command line go0gle dorking tool
  • dork-cli - Command-line Google dork tool.
  • Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans
  • Shodan - Shodan is the world's first search engine for Internet-connected devices
  • recon-ng - A full-featured Web Reconnaissance framework written in Python
  • github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak
  • vcsmap - A plugin-based tool to scan public version control systems for sensitive information
  • Spiderfoot - multi-source OSINT automation tool with a Web UI and report visualizations
  • BinGoo - A Linux bash based Bing and Google Dorking Tool
  • fast-recon - Does some google dorks against a domain
  • snitch - information gathering via dorks
  • Sn1per - Automated Pentest Recon Scanner
  • Threat Crowd - A search engine for threats
  • Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
  • DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.

Anonymity Tools

  • Tor - The free software for enabling onion routing online anonymity
  • I2P - The Invisible Internet Project
  • Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools

  • IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • IDA Free - The freeware version of IDA v5.0
  • WDK/WinDbg - Windows Driver Kit and WinDbg
  • OllyDbg - An x86 debugger that emphasizes binary code analysis
  • Radare2 - Opensource, crossplatform reverse engineering framework
  • x64_dbg - An open-source x64/x32 debugger for windows
  • Immunity Debugger - A powerful new way to write exploits and analyze malware
  • Evan's Debugger - OllyDbg-like debugger for Linux
  • Medusa disassembler - An open source interactive disassembler
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
  • peda - Python Exploit Development Assistance for GDB
  • dnSpy - dnSpy is a tool to reverse engineer .NET assemblies

CTF Tools

  • Pwntools - Rapid exploit development framework built for use in CTFs
  • RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks

Practice CTFs

  • HackThisSite - An online CTF with short challenges and clear progression
  • HackMethod - An online CTF with short challenges and clear progression
  • VulnHub - Hosts vulnerable VMs for downloading and hacking, founded by g0tmi1k

Books

Penetration Testing Books

Hackers Handbook Series

Defensive Development

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

Defcon Suggested Reading

Vulnerability Databases

Security Courses

Information Security Conferences

  • DEF CON - An annual hacker convention in Las Vegas
  • Black Hat - An annual security conference in Las Vegas
  • BSides - A framework for organising and holding security conferences
  • CCC - An annual meeting of the international hacker scene in Germany
  • DerbyCon - An annual hacker conference based in Louisville
  • PhreakNIC - A technology conference held annually in middle Tennessee
  • ShmooCon - An annual US east coast hacker convention
  • CarolinaCon - An infosec conference, held annually in North Carolina
  • CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con
  • SummerCon - One of the oldest hacker conventions, held during Summer
  • Hack.lu - An annual conference held in Luxembourg
  • Hackfest - Largest hacking conference in Canada
  • HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
  • Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
  • Hack3rCon - An annual US hacker conference
  • ThotCon - An annual US hacker conference held in Chicago
  • LayerOne - An annual US security conference held every spring in Los Angeles
  • DeepSec - Security Conference in Vienna, Austria
  • SkyDogCon - A technology conference in Nashville
  • SECUINSIDE - Security Conference in Seoul
  • DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
  • AppSecUSA - An annual conference organised by OWASP
  • BruCON - An annual security conference in Belgium
  • Infosecurity Europe - Europe's number one information security event, held in London, UK
  • Nullcon - An annual conference in Delhi and Goa, India
  • RSA Conference USA - An annual security conference in San Francisco, California, USA
  • Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
  • Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
  • Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
  • 44Con - Annual Security Conference held in London
  • BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia
  • FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines

Awesome Lists

Contribution

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details.

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License