mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-22 21:59:29 -05:00
A collection of awesome penetration testing resources, tools and other shiny things
README.md |
Awesome Penetration Testing
A collection of awesome penetration testing resources, tools, confs, books, magazines and other shiny things.
Resources
Penetration Testing
- Metasploit Unleashed - Free Offensive Security metasploit course.
Social Engineering
- Social Engineering Framework - An information resource for social engineers.
Tools
Penetration Testing
- Kali - A Linux distribution designed for digital forensics and penetration testing.
- Metasploit - World's most used penetration testing software.
Vulnerability Scanners
- Nexpose - Vulnerability Management & Risk Management Software.
- Nessus - Vulnerability, configuration, and compliance assessment.
- OpenVAS - Open Source vulnerability scanner and manager.
- w3af - Web application attack and audit framework.
Networks tools
- nmap - Free Security Scanner For Network Exploration & Security Audits.
- tcpdump/libpcap - A common packet analyzer that runs under the command line.
- Wireshark - A network protocol analyzer for Unix and Windows.
- Network Tools - Different network tools: pink, lookup, whois, etc.
Hex editors
- HexEdit.js - Browser-based hex editing.
Windows utils
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities
DDoS
- LOIC - An open source network stress tool for Windows.
- JS LOIC - JavaScript in-browser version of LOIC.
Social Engineering
- SET - The Social-Engineer Toolkit from TrustedSec
Anonimity
- Tor - The free software for enabling onion routing online anonymity.
- I2P - The Invisible Internet Project
Reverse Engineering
- IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
- WDK/WinDbg - Windows Driver Kit and WinDbg.
- OllyDbg - An x86 debugger that emphasizes binary code analysis
Conferences
- DEF CON - An annual hacker convention in Las Vegas.
- Black Hat - An annual security conference in Las Vegas.
- BSides - A framework for organising and holding security conferences.
- CCC - An annual meeting of the international hacker scene in Germany.
- DerbyCon - An annual hacker conference based in Louisville.
- PhreakNIC - A technology conference held annually in middle Tennessee.
- ShmooCon - An annual US east coast hacker convention.
- CarolinaCon - An infosec conference, held annually in North Carolina.
- HOPE - A conference series sponsored by the hacker magazine 2600.
- SummerCon - One of the oldest hacker conventions, held during Summer.
- Hack.lu - An annual conference held in Luxembourg.
- HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
- Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
- Hack3rCon - An annual US hacker conference.
- ThotCon - An annual US hacker conference held in Chicago.
- LayerOne - An annual US security conerence held every spring in Los Angeles.
- DeepSec - Security Conference in Vienna, Austria.
- SkyDogCon - A technology conference in Nashville.
Books
Penetration Testing
- The Art of Exploitation by Jon Erickson, 2008
- Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- The Hacker Playbook by Peter Kim, 2014
- Violent Python by TJ O'Connor, 2012
Hackers Handbook series
- The Shellcoder's Handbook by Chris Anley and others, 2007
- The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hacker's Handbook by Charlie Miller and others, 2012
- Android Hacker's Handbook by Joshua J. Drake and others, 2014
- The Browser Hacker's Handbook by Wade Alcorn and others, 2014
Network Analysis
- Nmap Network Scanning by Gordon Fyodor Lyon, 2009
- Practical Packet Analysis by Chris Sanders, 2011
- Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
Reverse Engineering
Malware Analysis
- Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
- The Art of Memory Forensics by Michael Hale Ligh and others, 2014
Windows
Social Engineering
- The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
- The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
- Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
- No Tech Hacking by Johnny Long, Jack Wiles, 2008
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
Magazines
- 2600: The Hacker Quarterly - An American publication about technology and computer "underground".
- Hakin9 - A Polish online, weekly publication on IT Security.