awesome-social-engineering/README.md

Awesome Social Engineering
===============

[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
<p align="center">
  <img id="awesome-social-engineering" src="images/social_engineering.jpg">
</p>

A curated list of awesome social engineering resources, inspired by the awesome-* trend on GitHub.

Those resources and tools are intended only for cybersecurity professional, penetration testers and educational use in a controlled environment.

**No humans were manipulated to make this list!**


Table of Contents
=================

1. [Online Courses](#online-courses)
2. [Capture the Flag](#capture-the-flag)
3. [Psychology Books](#psychology-books)
4. [Books](#social-engineering-books)
5. [Documentation](#documentation)
6. [Tools](#tools)
7. [Miscellaneus](#miscellaneous)
8. [OSINT](#osint)
9. [Contribution](#contribution)
10. [License](#license)


Online Courses
=================

- [Social-Engineer.com - Social Engineering Training](https://www.social-engineer.com/social-engineering-training/)

- [IntelTechniques.com - Online OSINT Training Course](https://inteltechniques.com/online.aspx)

- [Udemy - Learn Social Engineering from Scratch](https://www.udemy.com/learn-social-engineering-from-scratch)

- [PacktPub - Learn Social Engineering From Scratch by Zaid Sabih](https://www.packtpub.com/application-development/learn-social-engineering-scratch-video)

- [Cybrary - Social Engineering and Manipulation](https://www.cybrary.it/course/social-engineering/) - Free Course



Capture the Flag
=================

#### Social-Engineer.com - The SECTF, DEFCON
- [Social-Engineer.com - DEFCON SECTF](https://www.social-engineer.org/sevillage-def-con/the-sectf/)

Psychology Books
=================
Most of these books covers the basics of psychology useful for a social engineer.

- [How to Win Friends and Influence People - Dale Carnegie](https://www.amazon.co.uk/d/Books/How-Win-Friends-Influence-People-Dale-Carnegie/0091906814/ref=sr_1_1?ie=UTF8&qid=1494621059&sr=8-1&keywords=how+to+win+friends+and+influence+people)

- [The 48 Laws of Power - Robert Greene](https://www.amazon.co.uk/d/Books/48-Laws-Power-Robert-Greene-Collection/1861972784/ref=sr_1_1?ie=UTF8&qid=1494621512&sr=8-1&keywords=the+48+laws+of+power)

- [The Psychology Book](https://www.amazon.co.uk/d/Books/Psychology-Book-Nigel-Benson/1405391243/ref=sr_1_1?ie=UTF8&qid=1494621589&sr=8-1&keywords=psychology)

- [The Power of Habit: Why We Do What We Do, and How to Change - Charles Duhigg](https://www.amazon.co.uk/Power-Habit-Why-What-Change/dp/1847946240/ref=sr_1_1?ie=UTF8&qid=1494621842&sr=8-1&keywords=the+power+of+habit)

- [Influence: The Psychology of Persuasion Paperback – Robert B., PhD Cialdini](https://www.amazon.co.uk/d/cka/Influence-Psychology-Persuasion-Robert-B-PhD-Cialdini/006124189X/ref=sr_1_1?ie=UTF8&qid=1494621912&sr=8-1&keywords=influence)

- [Emotions Revealed: Understanding Faces and Feelings - Prof Paul Ekman](https://www.amazon.co.uk/Emotions-Revealed-Understanding-Faces-Feelings/dp/0753817659/ref=sr_1_1?ie=UTF8&qid=1494622003&sr=8-1&keywords=paul+ekman)

- [The Psychology of Interrogations and Confessions: A Handbook - Gisli H. Gudjonsson](https://www.amazon.co.uk/Psychology-Interrogations-Confessions-Handbook-Policing-x/dp/0470844612/ref=sr_1_1?s=books&ie=UTF8&qid=1494624501&sr=1-1&keywords=psychology+of+interrogation)

- [Mindfucking: A Critique of Mental Manipulation - Colin McGinn](https://www.goodreads.com/book/show/4049997-mindfucking)

- [What Every Body is Saying: An Ex-FBI Agent's Guide to Speed-Reading People -  Joe Navarro, Marvin Karlins](https://www.goodreads.com/book/show/1173576.What_Every_Body_is_Saying)

Social Engineering Books
=================

- [Social Engineering: The Art of Human Hacking - Chris Hadnagy](https://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?ie=UTF8&qid=1494622911&sr=8-1&keywords=chris+hadnagy)

- [Social Engineering: The Science of Human Hacking](https://www.amazon.com/gp/product/111943338X/ref=dbs_a_def_rwt_bibl_vppi_i0)

- [Unmasking the Social Engineer: The Human Element of Security - Christopher Hadnagy, Dr. Ekman Paul](https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577)

- [Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails - Christopher Hadnagy, Michele Fincher, Robin Dreeke ](https://www.amazon.co.uk/Phishing-Dark-Waters-Offensive-Defensive-x/dp/1118958470/ref=sr_1_fkmr0_1?ie=UTF8&qid=1494622911&sr=8-1-fkmr0&keywords=chris+hadnagy)

- [Social Engineering in IT Security: Tools, Tactics, and Techniques, Sharon Conheady](https://www.amazon.com/Social-Engineering-Security-Techniques-Networking/dp/0071818464)

- [No Tech Hacking - Johnny Long, Kevin D. Mitnick](https://www.amazon.co.uk/No-Tech-Hacking-Engineering-Dumpster/dp/1597492159/ref=sr_1_1?ie=UTF8&qid=1494624109&sr=8-1&keywords=no+tech+hacking)

- [Low Tech Hacking: Street Smarts for Security Professionals - Jack Wiles, Terry Gudaitis, Jennifer Jabbusch, Russ Rogers](https://www.amazon.it/Low-Tech-Hacking-Security-Professionals/dp/1597496650)

- [The Art of Deception: Controlling the Human Element of Security, Kevin D. Mitnick, William L. Simon](https://www.amazon.co.uk/Art-Deception-Controlling-Element-Security/dp/076454280X/ref=pd_sim_14_1?_encoding=UTF8&psc=1&refRID=37KD2B6G2Q981MB8D2GM)

- [Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - Kevin D. Mitnick, William L. Simon, Steve Wozniak](https://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037729/ref=sr_1_1?s=books&ie=UTF8&qid=1494769979&sr=1-1&keywords=ghost+in+the+wires)

- [The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data -  Kevin Mitnick, Robert Vamosi](https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother/dp/0316380520/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1494770268&sr=1-1)

- [The Social Engineer's Playbook: A Practical Guide to Pretexting - Jeremiah Talamantes](https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617/ref=sr_1_1?s=books&ie=UTF8&qid=1494770673&sr=1-1&keywords=The+Social+Engineer%27s+Playbook%3A+A+Practical+Guide+to+Pretexting)

- [Learn Social Engineering - Erdal Ozkaya](https://www.packtpub.com/networking-and-servers/learn-social-engineering)


Documentation
=================
#### Social Engineer resources

* [The Social-Engineer portal](https://www.social-engineer.org/) - Everything you need to know as a social engineer is in this site. You will find podcasts, resources, framework, informations about next events, blog ecc...

Tools
=================

#### Useful tools
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec

#### Phishing tools
* [Gophish](https://getgophish.com/) - Open-Source Phishing Framework
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
* [PhishingFrenzy](https://www.phishingfrenzy.com/) - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service
* [Lucy Phishing Server](https://www.lucysecurity.com/) - (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness.

Miscellaneous
=================

### Slides
* [OWASP Presentation of Social Engineering](https://www.owasp.org/images/5/54/Presentation_Social_Engineering.pdf) - OWASP
* [Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf) - Defcon 23
* [Using Social Engineering Tactics For Big Data Espionage](https://www.rsaconference.com/writable/presentations/file_upload/das-301_williams_rader.pdf) - RSA Conference Europe 2012

### Videos

* [Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word](https://www.youtube.com/watch?v=OOQGsFlTHMQ)
* [Robert Anderson - US Interrogation Techniques and Social Engineering](https://www.youtube.com/watch?v=nQqp6yqf4Ao)
* [Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing](https://www.youtube.com/watch?v=H3gfMkvw76o)
* [Chris Hadnagy - Social Engineering for Fun and Profit](https://www.youtube.com/watch?v=cI9xOR7xEi0)
* [Chris Hadnagy - Decoding humans live](https://www.youtube.com/watch?v=DoDWBe9atIo) - DerbyCon 2015
* [This is how hackers hack you using simple social engineering](https://www.youtube.com/watch?v=lc7scxvKQOo)

### Articles
* [The Limits of Social Engineering](https://www.technologyreview.com/s/526561/the-limits-of-social-engineering/) - MIT, Technology Review
* [The 7 Best Social Engineering Attacks Ever](http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411) - DarkReading
* [Social Engineering: Compromising Users with an Office Document](http://resources.infosecinstitute.com/social-engineering-compromising-users-using-office-document/) - Infosec Institute
* [The Persuasion Reading List](http://blog.dilbert.com/post/129784168866/the-persuasion-reading-list) - Scott Adams' Blog
* [How I Socially Engineer Myself Into High Security Facilities](https://motherboard.vice.com/en_us/article/qv34zb/how-i-socially-engineer-myself-into-high-security-facilities) - Sophie Daniel

### Movies
* [Tiger Team (TV series)](https://en.wikipedia.org/wiki/Tiger_Team_)
* [Catch Me If You Can](http://www.imdb.com/title/tt0264464/)
* [Inception](http://www.imdb.com/title/tt1375666/)
* [The Sting](https://www.imdb.com/title/tt0070735/)
* [Sneakers](https://www.imdb.com/title/tt0105435/)

OSINT
=================

#### OSINT Resources

* [Awesome OSINT](https://github.com/jivoi/awesome-osint) - Awesome list of OSINT
* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category.
* [Intel Techniques](https://inteltechniques.com/menu.html) - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - A collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
* [Automating OSINT blog](http://www.automatingosint.com/blog/) - A blog about OSINT curated by Justin Seitz, the same author of BHP.

#### OSINT Tools

* [XRay](https://github.com/evilsocket/xray) - XRay is a tool for recon, mapping and OSINT gathering from public networks.
* [Intel Techniques Online Tools](https://inteltechniques.com/menu.html) - Use the links to the left to access all of the custom search tools.
* [Buscador](https://inteltechniques.com/buscador/) - A Linux Virtual Machine that is pre-configured for online investigators
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester
* [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool
* [exiftool.rb](https://github.com/mceachen/exiftool.rb) - A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files.
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know
* [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool
* [dork-cli](https://github.com/jgor/dork-cli) - Command-line Google dork tool.
* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak
* [vcsmap](https://github.com/melvinsh/vcsmap) - A plugin-based tool to scan public version control systems for sensitive information
* [Spiderfoot](http://www.spiderfoot.net/) - multi-source OSINT automation tool with a Web UI and report visualizations
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
* [snitch](https://github.com/Smaash/snitch) - information gathering via dorks
* [Geotweet_GUI](https://github.com/Pinperepette/Geotweet_GUI) - Track geographical locations of tweets and then export to google maps.

Contribution
================
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details.


License
================

### License

[![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](https://creativecommons.org/licenses/by/4.0/)

This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/)