Awesome Social Engineering =============== [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of awesome social engineering resources, inspired by the awesome-* trend on GitHub. Those resources and tools are intended only for cybersecurity professional, penetration testers and educational use in a controlled environment. **No humans were manipulated to make this list!** Table of Contents ================= 1. [Online Courses](#online-courses) 2. [Capture the Flag](#capture-the-flag) 3. [Psychology Books](#psychology-books) 4. [Books](#social-engineering-books) 5. [Documentation](#documentation) 6. [Tools](#tools) 7. [Miscellaneus](#miscellaneous) 8. [OSINT](#osint) 9. [Contribution](#contribution) 10. [License](#license) Online Courses ================= - [Social-Engineer.com - Social Engineering Training](https://www.social-engineer.com/social-engineering-training/) - [IntelTechniques.com - Online OSINT Training Course](https://inteltechniques.com/online.aspx) - [Udemy - Learn Social Engineering from Scratch](https://www.udemy.com/learn-social-engineering-from-scratch) - [PacktPub - Learn Social Engineering From Scratch by Zaid Sabih](https://www.packtpub.com/application-development/learn-social-engineering-scratch-video) - [Cybrary - Social Engineering and Manipulation](https://www.cybrary.it/course/social-engineering/) - Free Course Capture the Flag ================= #### Social-Engineer.com - The SECTF, DEFCON - [Social-Engineer.com - DEFCON SECTF](https://www.social-engineer.org/sevillage-def-con/the-sectf/) Psychology Books ================= Most of these books covers the basics of psychology useful for a social engineer. - [How to Win Friends and Influence People - Dale Carnegie](https://www.amazon.co.uk/d/Books/How-Win-Friends-Influence-People-Dale-Carnegie/0091906814/ref=sr_1_1?ie=UTF8&qid=1494621059&sr=8-1&keywords=how+to+win+friends+and+influence+people) - [The 48 Laws of Power - Robert Greene](https://www.amazon.co.uk/d/Books/48-Laws-Power-Robert-Greene-Collection/1861972784/ref=sr_1_1?ie=UTF8&qid=1494621512&sr=8-1&keywords=the+48+laws+of+power) - [The Psychology Book](https://www.amazon.co.uk/d/Books/Psychology-Book-Nigel-Benson/1405391243/ref=sr_1_1?ie=UTF8&qid=1494621589&sr=8-1&keywords=psychology) - [The Power of Habit: Why We Do What We Do, and How to Change - Charles Duhigg](https://www.amazon.co.uk/Power-Habit-Why-What-Change/dp/1847946240/ref=sr_1_1?ie=UTF8&qid=1494621842&sr=8-1&keywords=the+power+of+habit) - [Influence: The Psychology of Persuasion Paperback – Robert B., PhD Cialdini](https://www.amazon.co.uk/d/cka/Influence-Psychology-Persuasion-Robert-B-PhD-Cialdini/006124189X/ref=sr_1_1?ie=UTF8&qid=1494621912&sr=8-1&keywords=influence) - [Emotions Revealed: Understanding Faces and Feelings - Prof Paul Ekman](https://www.amazon.co.uk/Emotions-Revealed-Understanding-Faces-Feelings/dp/0753817659/ref=sr_1_1?ie=UTF8&qid=1494622003&sr=8-1&keywords=paul+ekman) - [The Psychology of Interrogations and Confessions: A Handbook - Gisli H. Gudjonsson](https://www.amazon.co.uk/Psychology-Interrogations-Confessions-Handbook-Policing-x/dp/0470844612/ref=sr_1_1?s=books&ie=UTF8&qid=1494624501&sr=1-1&keywords=psychology+of+interrogation) - [Mindfucking: A Critique of Mental Manipulation - Colin McGinn](https://www.goodreads.com/book/show/4049997-mindfucking) - [What Every Body is Saying: An Ex-FBI Agent's Guide to Speed-Reading People - Joe Navarro, Marvin Karlins](https://www.goodreads.com/book/show/1173576.What_Every_Body_is_Saying) Social Engineering Books ================= - [Social Engineering: The Art of Human Hacking - Chris Hadnagy](https://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?ie=UTF8&qid=1494622911&sr=8-1&keywords=chris+hadnagy) - [Social Engineering: The Science of Human Hacking](https://www.amazon.com/gp/product/111943338X/ref=dbs_a_def_rwt_bibl_vppi_i0) - [Unmasking the Social Engineer: The Human Element of Security - Christopher Hadnagy, Dr. Ekman Paul](https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577) - [Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails - Christopher Hadnagy, Michele Fincher, Robin Dreeke ](https://www.amazon.co.uk/Phishing-Dark-Waters-Offensive-Defensive-x/dp/1118958470/ref=sr_1_fkmr0_1?ie=UTF8&qid=1494622911&sr=8-1-fkmr0&keywords=chris+hadnagy) - [Social Engineering in IT Security: Tools, Tactics, and Techniques, Sharon Conheady](https://www.amazon.com/Social-Engineering-Security-Techniques-Networking/dp/0071818464) - [No Tech Hacking - Johnny Long, Kevin D. Mitnick](https://www.amazon.co.uk/No-Tech-Hacking-Engineering-Dumpster/dp/1597492159/ref=sr_1_1?ie=UTF8&qid=1494624109&sr=8-1&keywords=no+tech+hacking) - [Low Tech Hacking: Street Smarts for Security Professionals - Jack Wiles, Terry Gudaitis, Jennifer Jabbusch, Russ Rogers](https://www.amazon.it/Low-Tech-Hacking-Security-Professionals/dp/1597496650) - [The Art of Deception: Controlling the Human Element of Security, Kevin D. Mitnick, William L. Simon](https://www.amazon.co.uk/Art-Deception-Controlling-Element-Security/dp/076454280X/ref=pd_sim_14_1?_encoding=UTF8&psc=1&refRID=37KD2B6G2Q981MB8D2GM) - [Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - Kevin D. Mitnick, William L. Simon, Steve Wozniak](https://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037729/ref=sr_1_1?s=books&ie=UTF8&qid=1494769979&sr=1-1&keywords=ghost+in+the+wires) - [The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data - Kevin Mitnick, Robert Vamosi](https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother/dp/0316380520/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1494770268&sr=1-1) - [The Social Engineer's Playbook: A Practical Guide to Pretexting - Jeremiah Talamantes](https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617/ref=sr_1_1?s=books&ie=UTF8&qid=1494770673&sr=1-1&keywords=The+Social+Engineer%27s+Playbook%3A+A+Practical+Guide+to+Pretexting) - [Learn Social Engineering - Erdal Ozkaya](https://www.packtpub.com/networking-and-servers/learn-social-engineering) Documentation ================= #### Social Engineer resources * [The Social-Engineer portal](https://www.social-engineer.org/) - Everything you need to know as a social engineer is in this site. You will find podcasts, resources, framework, informations about next events, blog ecc... Tools ================= #### Useful tools * [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity * [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec #### Phishing tools * [Gophish](https://getgophish.com/) - Open-Source Phishing Framework * [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. * [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks * [PhishingFrenzy](https://www.phishingfrenzy.com/) - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. * [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service * [Lucy Phishing Server](https://www.lucysecurity.com/) - (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness. Miscellaneous ================= ### Slides * [OWASP Presentation of Social Engineering](https://www.owasp.org/images/5/54/Presentation_Social_Engineering.pdf) - OWASP * [Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf) - Defcon 23 * [Using Social Engineering Tactics For Big Data Espionage](https://www.rsaconference.com/writable/presentations/file_upload/das-301_williams_rader.pdf) - RSA Conference Europe 2012 ### Videos * [Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word](https://www.youtube.com/watch?v=OOQGsFlTHMQ) * [Robert Anderson - US Interrogation Techniques and Social Engineering](https://www.youtube.com/watch?v=nQqp6yqf4Ao) * [Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing](https://www.youtube.com/watch?v=H3gfMkvw76o) * [Chris Hadnagy - Social Engineering for Fun and Profit](https://www.youtube.com/watch?v=cI9xOR7xEi0) * [Chris Hadnagy - Decoding humans live](https://www.youtube.com/watch?v=DoDWBe9atIo) - DerbyCon 2015 * [This is how hackers hack you using simple social engineering](https://www.youtube.com/watch?v=lc7scxvKQOo) ### Articles * [The Limits of Social Engineering](https://www.technologyreview.com/s/526561/the-limits-of-social-engineering/) - MIT, Technology Review * [The 7 Best Social Engineering Attacks Ever](http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411) - DarkReading * [Social Engineering: Compromising Users with an Office Document](http://resources.infosecinstitute.com/social-engineering-compromising-users-using-office-document/) - Infosec Institute * [The Persuasion Reading List](http://blog.dilbert.com/post/129784168866/the-persuasion-reading-list) - Scott Adams' Blog * [How I Socially Engineer Myself Into High Security Facilities](https://motherboard.vice.com/en_us/article/qv34zb/how-i-socially-engineer-myself-into-high-security-facilities) - Sophie Daniel ### Movies * [Tiger Team (TV series)](https://en.wikipedia.org/wiki/Tiger_Team_) * [Catch Me If You Can](http://www.imdb.com/title/tt0264464/) * [Inception](http://www.imdb.com/title/tt1375666/) * [The Sting](https://www.imdb.com/title/tt0070735/) * [Sneakers](https://www.imdb.com/title/tt0105435/) OSINT ================= #### OSINT Resources * [Awesome OSINT](https://github.com/jivoi/awesome-osint) - Awesome list of OSINT * [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category. * [Intel Techniques](https://inteltechniques.com/menu.html) - A collection of OSINT tools. Menu on the left can be used to navigate through the categories. * [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - A collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html). * [Automating OSINT blog](http://www.automatingosint.com/blog/) - A blog about OSINT curated by Justin Seitz, the same author of BHP. #### OSINT Tools * [XRay](https://github.com/evilsocket/xray) - XRay is a tool for recon, mapping and OSINT gathering from public networks. * [Intel Techniques Online Tools](https://inteltechniques.com/menu.html) - Use the links to the left to access all of the custom search tools. * [Buscador](https://inteltechniques.com/buscador/) - A Linux Virtual Machine that is pre-configured for online investigators * [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva. * [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester * [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool * [exiftool.rb](https://github.com/mceachen/exiftool.rb) - A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files. * [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon * [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know * [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool * [dork-cli](https://github.com/jgor/dork-cli) - Command-line Google dork tool. * [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices * [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python * [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak * [vcsmap](https://github.com/melvinsh/vcsmap) - A plugin-based tool to scan public version control systems for sensitive information * [Spiderfoot](http://www.spiderfoot.net/) - multi-source OSINT automation tool with a Web UI and report visualizations * [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes. * [snitch](https://github.com/Smaash/snitch) - information gathering via dorks * [Geotweet_GUI](https://github.com/Pinperepette/Geotweet_GUI) - Track geographical locations of tweets and then export to google maps. Contribution ================ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details. License ================ ### License [![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](https://creativecommons.org/licenses/by/4.0/) This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/)