Awesome Penetration Testing

A collection of awesome penetration testing resources, tools, confs, books, magazines and other shiny things.

Resources

Penetration Testing

• Metasploit Unleashed - Free Offensive Security metasploit course.

Social Engineering

• Social Engineering Framework - An information resource for social engineers.

Tools

Penetration Testing

• Kali - A Linux distribution designed for digital forensics and penetration testing.
• Metasploit - World's most used penetration testing software.

Vulnerability Scanners

• Nexpose - Vulnerability Management & Risk Management Software.
• Nessus - Vulnerability, configuration, and compliance assessment.
• OpenVAS - Open Source vulnerability scanner and manager.
• w3af - Web application attack and audit framework.

Networks tools

• nmap - Free Security Scanner For Network Exploration & Security Audits.
• tcpdump/libpcap - A common packet analyzer that runs under the command line.
• Wireshark - A network protocol analyzer for Unix and Windows.
• Network Tools - Different network tools: pink, lookup, whois, etc.

Hex editors

• HexEdit.js - Browser-based hex editing.

Windows utils

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities

DDoS

• LOIC - An open source network stress tool for Windows.
• JS LOIC - JavaScript in-browser version of LOIC.

Social Engineering

• SET - The Social-Engineer Toolkit from TrustedSec

Anonimity

• Tor - The free software for enabling onion routing online anonymity.
• I2P - The Invisible Internet Project

Reverse Engineering

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.
• WDK/WinDbg - Windows Driver Kit and WinDbg.
• OllyDbg - An x86 debugger that emphasizes binary code analysis

Conferences

• DEF CON - An annual hacker convention in Las Vegas.
• Black Hat - An annual security conference in Las Vegas.
• BSides - A framework for organising and holding security conferences.
• CCC - An annual meeting of the international hacker scene in Germany.
• DerbyCon - An annual hacker conference based in Louisville.
• PhreakNIC - A technology conference held annually in middle Tennessee.
• ShmooCon - An annual US east coast hacker convention.
• CarolinaCon - An infosec conference, held annually in North Carolina.
• HOPE - A conference series sponsored by the hacker magazine 2600.
• SummerCon - One of the oldest hacker conventions, held during Summer.
• Hack.lu - An annual conference held in Luxembourg.
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
• Hack3rCon - An annual US hacker conference.
• ThotCon - An annual US hacker conference held in Chicago.
• LayerOne - An annual US security conerence held every spring in Los Angeles.
• DeepSec - Security Conference in Vienna, Austria.
• SkyDogCon - A technology conference in Nashville.

Books

Penetration Testing

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• Violent Python by TJ O'Connor, 2012

Hackers Handbook series

• The Shellcoder's Handbook by Chris Anley and others, 2007
• The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hacker's Handbook by Charlie Miller and others, 2012
• Android Hacker's Handbook by Joshua J. Drake and others, 2014
• The Browser Hacker's Handbook by Wade Alcorn and others, 2014

Network Analysis

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

Reverse Engineering

• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang and others, 2014

Malware Analysis

• Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh and others, 2014

Windows

• Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

Social Engineering

• The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
• No Tech Hacking by Johnny Long, Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014

Magazines

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground".
• Hakin9 - A Polish online, weekly publication on IT Security.