mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-17 14:10:31 -04:00

👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities, etc.

Find a file

dependabot[bot] 434eb6632b Bump requests (#11 ) Bumps [requests](https://github.com/requests/requests) from 2.3.0 to 2.20.0. - [Release notes](https://github.com/requests/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/requests/requests/compare/v2.3.0...v2.20.0) Signed-off-by: dependabot[bot] <support@github.com>		2019-10-23 07:08:09 -07:00
.github	Update FUNDING.yml	2019-10-11 16:00:59 -07:00
Botnets	Add some fuzzing stuff and wordlists	2015-08-30 12:06:08 -07:00
Cryptography	Bump requests (#11 )	2019-10-23 07:08:09 -07:00
CTFs_and_WarGames	update recon tools (#5 )	2018-10-04 10:02:29 -07:00
Ddos	(feat) add ddos resources (#15 )	2019-10-23 07:06:31 -07:00
Dockerfiles	few additions	2015-09-04 17:17:48 -07:00
Forensics	will finish later	2015-11-26 20:06:00 -08:00
IOCs	Add some fuzzing stuff and wordlists	2015-08-30 12:06:08 -07:00
Linux_Hacking	Update README.md	2016-11-22 00:37:59 -05:00
Memory_Exploits	disclaimer	2015-02-12 18:42:26 -08:00
Mobile	add mobile	2015-07-04 12:53:18 -07:00
Network_and_802.11	Add some fuzzing stuff and wordlists	2015-08-30 12:06:08 -07:00
Other_guides	Add hack back pastebin	2016-08-06 12:50:04 -07:00
Other_Hackings	Add hack back pastebin	2016-08-06 12:50:04 -07:00
Pen_Testing	Add some fuzzing stuff and wordlists	2015-08-30 12:06:08 -07:00
Reverse_Engineering	add talks	2015-08-30 12:11:59 -07:00
Rubber_Duck	Reorganized	2014-11-03 10:49:17 -05:00
Steganography	del ~	2014-12-02 15:18:31 -05:00
Vulnerabilities_and_Exploits	Update README.md	2016-11-22 00:36:48 -05:00
Web_Security	My twitter handled is fixed ::blueheart	2015-01-23 14:03:28 -08:00
.gitignore	Update .gitignore	2014-11-19 12:07:24 -05:00
README.md	clean up	2019-10-12 14:09:58 -07:00
requirements.txt	Bump flask from 0.10.1 to 1.0 (#12 )	2019-10-23 07:07:53 -07:00

README.md

Gray Hacker Resources

For fun or profit.

Resource Links

* CTFs and WARGAMES

* CRYPTOGRAPHY

* FORENSICS

* LINUX HACKING

* MEMORY EXPLOITS

* VULNERABILITIES AND EXPLOITS

* NETWORK and 802.11

* REVERSE ENGINEERING

* RUBBER DUCK

* STEGANOGRAPHY

* WEB EXPLOITS

* OTHER HACKINGS

* PEN TESTING

* MOBILE

* BOTNETS

Post-Exploitation

Useful CLI

Searching

grep word f1

sort | uniq -c

diff f1 f2

find -size f1

Compressed Files

zcat f1 > f2

gzip -d file

bzip2 -d f1

tar -xvf file

Connecting to a Server/Port


nc localhost 30000

echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000

openssl s_client -connect localhost:30001 -quiet

nmap -p 31000-32000 localhost

telnet localhost 3000

References:

Security analyzers and scanners for CI/CD pipelines

Static code security analyzers: SonarQube (Javascript scanner), NodeJsScan.
Package dependency security analyzers: Snyk
Docker image security analyzers: Hadolint, Clair, Anchore
AWS IAM permission analyzers: IAM access advisor APIs, PMapper.
AWS S3 permission analyzers: s3audit.
Docker runtime anomaly detection: Falco.
Kubernetes policy security analyzers: RBAC.
Policy auditing tools: Rakkess.

Technical

Articles:

Fun

Other Resources

Krebs Series on how to be in InfoSec: Thomas Ptacek, Bruce Schneier, Charlie Miller
How to be a InfoSec Geek
My Blog

License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. When making a reference to my work, please use my website.