Awesome Penetration Testing

A collection of awesome penetration testing resources, tools, books, , confs, magazines and other shiny things.

• Online Resources
  • Penetration Testing Resources
  • Shell Scripting Resources
  • Linux Resources
  • Social Engineering Resources
• Tools
  • Penetration Testing Tools
  • Vulnerability Scanners
  • Network Tools
  • Hex Editors
  • Windows Utils
  • DDoS Tools
  • Social Engineering Tools
  • Anonimity Tools
  • Reverse Engineering Tools
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
• Information Security Conferences
• Information Security Magazines
• Awesome Lists
• Contribution
• License

Online Resources

Penetration Testing Resources

• Metasploit Unleashed - Free Offensive Security metasploit course.

Shell Scripting Resources

• LSST - Linux Shell Scripting Tutorial.

Linux resources

• Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels.

Social Engineering Resources

• Social Engineering Framework - An information resource for social engineers.

Tools

Penetration Testing Tools

• Kali - A Linux distribution designed for digital forensics and penetration testing.
• Metasploit - World's most used penetration testing software.
• Burp - An integrated platform for performing security testing of web applications.

Vulnerability Scanners

• Nexpose - Vulnerability Management & Risk Management Software.
• Nessus - Vulnerability, configuration, and compliance assessment.
• OpenVAS - Open Source vulnerability scanner and manager.
• w3af - Web application attack and audit framework.

Networks Tools

• nmap - Free Security Scanner For Network Exploration & Security Audits.
• tcpdump/libpcap - A common packet analyzer that runs under the command line.
• Wireshark - A network protocol analyzer for Unix and Windows.
• Network Tools - Different network tools: pink, lookup, whois, etc.

Hex Editors

• HexEdit.js - Browser-based hex editing.

Windows Utils

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities

DDoS Tools

• LOIC - An open source network stress tool for Windows.
• JS LOIC - JavaScript in-browser version of LOIC.

Social Engineering Tools

• SET - The Social-Engineer Toolkit from TrustedSec

Anonimity Tools

• Tor - The free software for enabling onion routing online anonymity.
• I2P - The Invisible Internet Project

Reverse Engineering Tools

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
• WDK/WinDbg - Windows Driver Kit and WinDbg.
• OllyDbg - An x86 debugger that emphasizes binary code analysis

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
• Violent Python by TJ O'Connor, 2012

Hackers Handbook Series

• The Shellcoders Handbook by Chris Anley and others, 2007
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller and others, 2012
• Android Hackers Handbook by Joshua J. Drake and others, 2014
• The Browser Hackers Handbook by Wade Alcorn and others, 2014

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

Reverse Engineering Books

• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang and others, 2014

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh and others, 2014

Windows Books

• Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
• No Tech Hacking by Johnny Long, Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014

Lock Picking

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012

Information Security Conferences

• DEF CON - An annual hacker convention in Las Vegas.
• Black Hat - An annual security conference in Las Vegas.
• BSides - A framework for organising and holding security conferences.
• CCC - An annual meeting of the international hacker scene in Germany.
• DerbyCon - An annual hacker conference based in Louisville.
• PhreakNIC - A technology conference held annually in middle Tennessee.
• ShmooCon - An annual US east coast hacker convention.
• CarolinaCon - An infosec conference, held annually in North Carolina.
• HOPE - A conference series sponsored by the hacker magazine 2600.
• SummerCon - One of the oldest hacker conventions, held during Summer.
• Hack.lu - An annual conference held in Luxembourg.
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
• Hack3rCon - An annual US hacker conference.
• ThotCon - An annual US hacker conference held in Chicago.
• LayerOne - An annual US security conerence held every spring in Los Angeles.
• DeepSec - Security Conference in Vienna, Austria.
• SkyDogCon - A technology conference in Nashville.

Information Security Magazines

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground".
• Hakin9 - A Polish online, weekly publication on IT Security.

Awesome Lists

• SecTools - Top 125 Network Security Tools
• C/C++ Programming - One of the main language for open source security tools.
• .NET Programming - A software framework for Microsoft Windows platform development.
• Shell Scripting - Command-line frameworks, toolkits, guides and gizmos.
• Ruby Programming by @dreikanter - The de-facto language for writing exploits.
• Ruby Programming by @markets - The de-facto language for writing exploits.
• Ruby Programming by @Sdogruyol - The de-facto language for writing exploits.
• JavaScript Programming - In-browser development and scripting.
• Node.js Programming by @sindresorhus - JavaScript in command-line.
• Node.js Programming by @vndmtrx - JavaScript in command-line.
• Python tools for penetration testers - Lots of pentesting tools are written in Python.
• Python Programming by @svaksha - General Python programming.
• Python Programming by @vinta - General Python programming.
• Andorid Security - A collection of android security related resources.
• Awesome Awesomness - The List of the Lists.

Contribution

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕)

License

This work is licensed under a Creative Commons Attribution 4.0 International License.