the-book-of-secret-knowledge/README.md
trimstray c6c3e840ad README.md - added new chapter
- signed-off-by: trimstray <trimstray@gmail.com>
2018-06-29 13:57:42 +02:00

14 KiB
Raw Blame History

Master


A collection of awesome lists, manuals, blogs, hacks and tools for Awesome Ninja Admins.


Branch Awesome Status License

Created by trimstray and contributors


Who is Ninja Admins?

  • race of pure evil who rule the network through a monarchistic feudelic system
  • they never opened the door for strangers (or anyone at all)
  • they know very nasty piece of code like a fork bombs
  • they can make dd is not a disk destroyer
  • they know that #!/usr/bin/env bash superior to #!/bin/bash
  • they know that su - logs in completely as root
  • they love the old admin nix-world

Ninja Admins Collection

CLI Tools

▪️ Shells

  🔸 Oh My ZSH! - the best framework for managing your Zsh configuration.
  🔸 bash-it - a community Bash framework.

▪️ Managers

  🔸 Midnight Commander - visual file manager, licensed under GNU General Public License.
  🔸 screen - full-screen window manager that multiplexes a physical terminal.
  🔸 tmux - terminal multiplexer, lets you switch easily between several programs in one terminal.

▪️ Network

  🔸 Curl - command line tool and library for transferring data with URLs.
  🔸 HTTPie - a user-friendly HTTP client.
  🔸 gnutls-cli - client program to set up a TLS connection to some other computer.
  🔸 netcat - networking utility which reads and writes data across network connections, using the TCP/IP protocol.
  🔸 tcpdump - powerful command-line packet analyzer.

▪️ Databases

  🔸 pgcli - postgres CLI with autocompletion and syntax highlighting.

Web Tools

▪️ SSL

  🔸 SSL Server Test - free online service performs a deep analysis of the configuration of any SSL web server.
  🔸 SSL Server Test (DEV) - free online service performs a deep analysis of the configuration of any SSL web server.
  🔸 ImmuniWeb® SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST).
  🔸 Report URI - monitoring security policies like CSP and HPKP.
  🔸 CSP Evaluator - allows developers and security experts to check if a Content Security Policy.
  🔸 Common CA Database - repository of information about CAs, and their root and intermediate certificates.
  🔸 CERTSTREAM - real-time certificate transparency log update stream.

▪️ HTTP Headers

  🔸 Security Headers - analyse the HTTP response headers (with rating system to the results).
  🔸 Observatory by Mozilla - set of tools to analyze your website.

▪️ DNS

  🔸 ViewDNS - one source for free DNS related tools and information.
  🔸 DNS Spy - monitor, validate and verify your DNS configurations.
  🔸 DNSlytics - online investigation tool.

▪️ Mail

  🔸 MX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.

▪️ Mass scanners (search engines)

  🔸 Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
  🔸 Shodan - the world's first search engine for Internet-connected devices.
  🔸 GreyNoise - mass scanner (such as Shodan and Censys).
  🔸 Hardenize - deploy the security standards.

▪️ Net-tools

  🔸 Netcraft - detailed report about the site, helping you to make informed choices about their integrity.
  🔸 Security Trails - APIs for Security Companies, Researchers and Teams.
  🔸 Online Curl - curl test, analyze HTTP Response Headers.
  🔸 Ping.eu - online Ping, Traceroute, DNS lookup, WHOIS and others.
  🔸 Network-Tools - network tools for webmasters, IT technicians & geeks.
  🔸 URL Encode/Decode - tool from above to either encode or decode a string of text.

▪️ Performance

  🔸 GTmetrix - analyze your sites speed and make it faster.
  🔸 Sucuri loadtimetester - test here the performance of any of your sites from across the globe.

▪️ Passwords

  🔸 Random.org - generate random passwords.
  🔸 Gotcha? - list of 1.4 billion accounts circulates around the Internet.
  🔸 have i been pwned? - check if you have an account that has been compromised in a data breach.

Manuals/Howtos/Tutorials

▪️ Bash

  🔸 pure-bash-bible - a collection of pure bash alternatives to external processes.
  🔸 The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.

▪️ Unix tutorials

  🔸 nixCraft - linux and unix tutorials for new and seasoned sysadmin.
  🔸 TecMint - the ideal Linux blog for Sysadmins & Geeks.

▪️ Hacking

  🔸 Hacking Articles - LRaj Chandel's Security & Hacking Blog.

Blogs

  🔸 Brendan Gregg's Blog - Brendan Gregg is an industry expert in computing performance and cloud computing.
  🔸 Gynvael "GynDream" Coldwind - Gynvael is a IT security engineer at Google.
  🔸 Michał "lcamtuf" Zalewski - "white hat" hacker, computer security expert.
  🔸 Mattias Geniar - developer, Sysadmin, Blogger, Podcaster and Public Speaker.
  🔸 Nick Craver - Software Developer and Systems Administrator for Stack Exchange.
  🔸 Robert Penz - IT security Expert.
  🔸 Scott Helme - Security Researcher, international speaker and founder of securityheaders.com and report-uri.com.
  🔸 Kacper Szurek - Detection Engineer at ESET.
  🔸 Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.

Systems/Services

▪️ Systems

  🔸 OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  🔸 HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.

▪️ HTTP(s) Services

  🔸 Varnish HTTP Cache - HTTP accelerator designed for content-heavy dynamic web sites.

▪️ Security/hardening

  🔸 Emerald Onion - Seattle-based encrypted-transit internet service provider.

One-liners

  🔸 commandlinefu.com - command line diamonds, created and voted on by our members.
  🔸 Bash One-Liners - practical, well-explained Bash one-liners, and promote best practices in Bash shell scripting.

Lists

  🔸 Awesome Sysadmin - amazingly awesome open source sysadmin resources.
  🔸 Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
  🔸 Awesome-Hacking - awesome lists for hackers, pentesters and security researchers.

Hacking/Penetration testing

▪️ Bounty programs

  🔸 Openbugbounty - allows any security researcher reporting a vulnerability on any website.
  🔸 hackerone - global hacker community to surface the most relevant security issues.
  🔸 bugcrowd - crowdsourced cybersecurity for the enterprise.
  🔸 Crowdshield - crowdsourced Security & Bug Bounty Management.

▪️ Web Training Apps

  🔸 DVWA - PHP/MySQL web application that is damn vulnerable.
  🔸 OWASP Mutillidae II - free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.
  🔸 OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
  🔸 OWASP WebGoat Project - insecure web application maintained by OWASP designed to teach web application security lessons.
  🔸 Security Ninjas - open source application security training program.