Shaw Kaz
31 KiB
Hacking/Penetration Testing [TOC]
▪️ Pentesters arsenal tools
Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
Metasploit - tool and framework for pentesting system, web and many more.
Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
w3af - is a Web Application Attack and Audit Framework.
mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
Faraday - an Integrated Multiuser Pentest Environment.
Photon - incredibly fast crawler designed for OSINT.
XSStrike - most advanced XSS detection suite.
Sn1per - automated pentest framework for offensive security experts.
vuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
tsunami - is a general purpose network security scanner with an extensible plugin system.
aquatone - a tool for domain flyovers.
BillCipher - information gathering tool for a website or IP address.
WhatWaf - detect and bypass web application firewalls and protection systems.
Corsy - CORS misconfiguration scanner.
Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
dirhunt - find web directories without bruteforce.
John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
hashcat - world's fastest and most advanced password recovery utility.
p0f - is a tool to identify the players behind any incidental TCP/IP communications.
ssh_scan - a prototype SSH configuration and policy scanner.
LeakLooker - find open databases - powered by Binaryedge.io
exploitdb - searchable archive from The Exploit Database.
getsploit - is a command line utility for searching and downloading exploits.
ctf-tools - some setup scripts for security research tools.
pwntools - CTF framework and exploit development library.
security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
pentestpackage - is a package of Pentest scripts.
python-pentest-tools - python tools for penetration testers.
fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection.
AFL - is a free software fuzzer maintained by Google.
AFL++ - is AFL with community patches.
syzkaller - is an unsupervised, coverage-guided kernel fuzzer.
pwndbg - exploit development and reverse engineering with GDB made easy.
GDB PEDA - Python Exploit Development Assistance for GDB.
IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
radare2 - framework for reverse-engineering and analyzing binaries.
routersploit - exploitation framework for embedded devices.
Ghidra - is a software reverse engineering (SRE) framework.
Cutter - is an SRE platform integrating Ghidra's decompiler.
Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
Mentalist - is a graphical tool for custom wordlist generation.
archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
Osmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning.
beef - the browser exploitation framework project.
AutoSploit - automated mass exploiter.
SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
yara - the pattern matching swiss knife.
mimikatz - a little tool to play with Windows security.
sherlock - hunt down social media accounts by username across social networks.
OWASP Threat Dragon - is a tool used to create threat model diagrams and to record possible threats.
▪️ Pentests bookmarks collection
PTES - the penetration testing execution standard.
Pentests MindMap - amazing mind map with vulnerable apps and systems.
WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
Brute XSS - master the art of Cross Site Scripting.
XSS cheat sheet - contains many vectors that can help you bypass WAFs and filters.
Offensive Security Bookmarks - security bookmarks collection, all things that author need to pass OSCP.
Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
Hacking Cheat Sheet - author hacking and pentesting notes.
blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
Pentest Bookmarks - there are a LOT of pentesting blogs.
Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
Beginner-Network-Pentesting - notes for beginner network pentesting course.
OSCPRepo - is a list of resources that author have been gathering in preparation for the OSCP.
PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
payloads - git all the Payloads! A collection of web attack payloads.
command-injection-payload-list - command injection payload list.
Awesome Shodan Search Queries - great search queries to plug into Shodan.
AwesomeXSS - is a collection of Awesome XSS resources.
php-webshells - common php webshells.
Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing.
OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
pentest-wiki - is a free online security knowledge library for pentesters/researchers.
DEF CON Media Server - great stuff from DEFCON.
Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
SSRF Tips - a collection of SSRF Tips.
shell-storm repo CTF - great archive of CTFs.
ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
My-CTF-Web-Challenges - collection of CTF Web challenges.
MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
securitum/research - various Proof of Concepts of security research performed by Securitum.
public-pentesting-reports - is a list of public pentest reports released by several consulting security groups.
awesome-bug-bounty - is a comprehensive curated list of available Bug Bounty.
bug-bounty-reference - is a list of bug bounty write-ups.
Awesome-Bugbounty-Writeups - is a curated list of bugbounty writeups.
Bug bounty writeups - list of bug bounty writeups (2012-2020).
hackso.me - a great journey into security.
▪️ Backdoors/exploits
PHP-backdoors - a collection of PHP backdoors. For educational or testing purposes only.
▪️ Wordlists and Weak passwords
Weakpass - for any kind of bruteforce find wordlists or unleash the power of them all at once!
Hashes.org - is a free online hash resolving service incorporating many unparalleled techniques.
SecLists - collection of multiple types of lists used during security assessments, collected in one place.
Probable-Wordlists - sorted by probability originally created for password generation and testing.
skullsecurity passwords - password dictionaries and leaked passwords repository.
Polish PREMIUM Dictionary - official dictionary created by the team on the forum bezpieka.org.* 1
statistically-likely-usernames - wordlists for creating statistically likely username lists.
▪️ Bounty platforms
YesWeHack - bug bounty platform with infosec jobs.
Openbugbounty - allows any security researcher reporting a vulnerability on any website.
hackerone - global hacker community to surface the most relevant security issues.
bugcrowd - crowdsourced cybersecurity for the enterprise.
Crowdshield - crowdsourced security & bug bounty management.
Synack - crowdsourced security & bug bounty programs, crowd security intelligence platform, and more.
Hacktrophy - bug bounty platform.
▪️ Web Training Apps (local installation)
OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
DVWA - PHP/MySQL web application that is damn vulnerable.
metasploitable2 - vulnerable web application amongst security researchers.
metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.
DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
OWASP Node js Goat Project - OWASP Top 10 security risks apply to web apps developed using Node.js.
juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
SecurityShepherd - web and mobile application security training platform.
Security Ninjas - open source application security training program.
hackazon - a modern vulnerable web app.
dvna - damn vulnerable NodeJS application.
django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
Google Gruyere - web application exploits and defenses.
Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
vulhub - pre-built Vulnerable Environments based on docker-compose.
CloudGoat 2 - the new & improved "Vulnerable by Design"
AWS deployment tool.
secDevLabs - is a laboratory for learning secure web development in a practical manner.
CORS-vulnerable-Lab - sample vulnerable code and its exploit code.
RootTheBox - a Game of Hackers (CTF Scoreboard & Game Manager).
KONTRA - application security training (OWASP Top Web & Api).
▪️ Labs (ethical hacking platforms/trainings/CTFs)
Offensive Security - true performance-based penetration testing training for over a decade.
Hack The Box - online platform allowing you to test your penetration testing skills.
Hacking-Lab - online ethical hacking, computer network and security challenge platform.
pwnable.kr - non-commercial wargame site which provides various pwn challenges.
Pwnable.tw - is a wargame site for hackers to test and expand their binary exploiting skills.
picoCTF - is a free computer security game targeted at middle and high school students.
CTFlearn - is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge.
ctftime - CTF archive and a place, where you can get some another CTF-related info.
Silesia Security Lab - high quality security testing services.
Practical Pentest Labs - pentest lab, take your Hacking skills to the next level.
Root Me - the fast, easy, and affordable way to train your hacking skills.
rozwal.to - a great platform to train your pentesting skills.
TryHackMe - learning Cyber Security made easy.
hackxor - is a realistic web application hacking game, designed to help players of all abilities develop their skills.
Hack Yourself First - it's full of nasty app sec holes.
OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
Wizard Labs - is an online Penetration Testing Lab.
PentesterLab - provides vulnerable systems that can be used to test and understand vulnerabilities.
RingZer0 - tons of challenges designed to test and improve your hacking skills.
try2hack - several security-oriented challenges for your entertainment.
Ubeeri - preconfigured lab environments.
Pentestit - emulate IT infrastructures of real companies for legal pen testing and improving pentest skills.
Microcorruption - reversal challenges done in the web interface.
Crackmes - download crackmes to help improve your reverse engineering skills.
DomGoat - DOM XSS security learning and practicing platform.
Stereotyped Challenges - upgrade your web hacking techniques today!
Vulnhub - allows anyone to gain practical 'hands-on' experience in digital security.
W3Challs - is a penetration testing training platform, which offers various computer challenges.
RingZer0 CTF - offers you tons of challenges designed to test and improve your hacking skills.
Hack.me - a platform where you can build, host and share vulnerable web apps for educational purposes.
HackThis! - discover how hacks, dumps and defacements are performed and secure your website.
Enigma Group WebApp Training - these challenges cover the exploits listed in the OWASP Top 10 Project.
Reverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, and more.
0x00sec - the home of the Hacker - Malware, Reverse Engineering, and Computer Science.
We Chall - there are exist a lots of different challenge types.
Hacker Gateway - is the go-to place for hackers who want to test their skills.
Hacker101 - is a free class for web security.
contained.af - a stupid game for learning about containers, capabilities, and syscalls.
flAWS challenge! - a series of levels you'll learn about common mistakes and gotchas when using AWS.
CyberSec WTF - provides web hacking challenges derived from bounty write-ups.
CTF Challenge - CTF Web App challenges.
gCTF - most of the challenges used in the Google CTF 2017.
Hack This Site - is a free, safe and legal training ground for hackers.
Attack & Defense - is a browser-based cloud labs.
Cryptohack - a fun platform for learning modern cryptography.
Cryptopals - the cryptopals crypto challenges.
▪️ CTF platforms
fbctf - platform to host Capture the Flag competitions.
ctfscoreboard - scoreboard for Capture The Flag competitions.
▪️ Other resources
Bugcrowd University - open source education content for the researcher community.
OSCPRepo - a list of resources and scripts that I have been gathering in preparation for the OSCP.
OWASP Top 10: Real-World Examples - test your web apps with real-world examples (two-part series).
phrack.org - an awesome collection of articles from several respected hackers and other thinkers.
Practical-Ethical-Hacking-Resources - compilation of resources from TCM's Udemy Course.