gf4
/
awesome-pentest
mirror of https://git.hackliberty.org/Awesome-Mirrors/awesome-pentest
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gf4:d3d556cb1021486f625627e8e5325bee554a4924
Branches Tags
gf4:master
...
compare: gf4:d794400ff4989a268cfe8f812a347c394ab58b8c
Branches Tags
gf4:master

15 Commits
d3d556cb10 ... d794400ff4

Author SHA1 Message Date
Samar Dhwoj Acharya d794400ff4
Merge pull request #425 from stjepanjurekovic/master 
Added 2 titles to Books
 2024-01-25 12:16:33 -06:00
Samar Dhwoj Acharya 3b8ce609b2
Merge pull request #474 from pentesttools-com/patch-1 
Pentest-Ground
 2023-12-20 15:30:01 -06:00
pentesttools-com 8b602b4356
Update README.md 2023-12-19 22:07:22 +02:00
w33ts c099eefdef
Updated Reconmap URL from org to com (#472) 
Reconmap's URL changed from .org to .com, so I have updated it accordingly, since there is no redirect on the .org domain.
 2023-11-03 19:46:29 -04:00
J-Run 6fe0e3d281
Add Hexway Hive into Collaboration Tools section (#469) 
* Add Hexway Hive into Collaboration Tools section

Hive - Self hosted pentest team collaboration framework and reporting tool

* Update README.md

URI and description fix proposal accepted

Co-authored-by: 0xACAB <18677+fabacab@users.noreply.github.com>

---------

Co-authored-by: 0xACAB <18677+fabacab@users.noreply.github.com>
 2023-11-03 19:45:37 -04:00
0xACAB 89ccf0781c
Add GraphQL, a GraphQL API data model visualization tool. (#471) 2023-10-23 03:23:23 -04:00
Valtteri Lehtinen be81587a85
Add OpalOPC (#468) 
* Add OpalOPC

* Move OpalOPC under ICS section
 2023-10-22 16:32:31 -04:00
Michal Válka f1024e994c
Add PETEP (#467) 
https://github.com/Warxim/petep
 2023-10-22 07:45:02 -04:00
0xACAB 08c28480a7
Merge pull request #465 from fabacab/h26forge 
Add H26Forge, a video file exploit development tool. Alphabetize list.
 2023-08-17 05:03:31 -04:00
fabacab 9f344b9a20
Add H26Forge, a video file exploit development tool. Alphabetize list. 2023-08-17 04:56:44 -04:00
0xACAB ef57d57818
Merge pull request #463 from fabacab/cisa-kev 
Add CISA KEV vulnerability database.
 2023-08-02 16:26:32 -04:00
fabacab ed89b66737
Add CISA KEV vulnerability database. 2023-08-02 16:22:31 -04:00
Samar Dhwoj Acharya 51df4b588c
Merge pull request #456 from marcruef/Update-Vulnerbility-Databases 
Added VulDB
 2023-01-03 10:00:29 -06:00
Marc Ruef 6390e24aa6
Added VulDB 2023-01-02 19:21:39 +01:00
Stjepan Jureković 58ffe99358
Added 2 titles to Books 
Hi,

Stjepan from Manning here. I thought these two titles (The Art of Network Penetration Testing & Effective Software Testing) might be a good match for your list of books. Thank you for considering it.

Best,
 2021-11-17 11:18:30 +01:00
1 changed files with 12 additions and 2 deletions
Show Stats Expand all files Collapse all files

14
README.md
View File

@ -136,6 +136,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
* [Bug Hunter's Diary by Tobias Klein, 2011](https://nostarch.com/bughunter)
* [Car Hacker's Handbook by Craig Smith, 2016](https://nostarch.com/carhacking)
* [Effective Software Testing, 2021](https://www.manning.com/books/effective-software-testing)
* [Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007](http://www.fuzzing.org/)
* [Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011](https://nostarch.com/metasploit)
* [Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014](https://nostarch.com/pentesting)
@ -143,6 +144,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [Professional Penetration Testing by Thomas Wilhelm, 2013](https://www.elsevier.com/books/professional-penetration-testing/wilhelm/978-1-59749-993-4)
* [RTFM: Red Team Field Manual by Ben Clark, 2014](http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/)
* [The Art of Exploitation by Jon Erickson, 2008](https://nostarch.com/hacking2.htm)
* [The Art of Network Penetration Testing, 2020](https://www.manning.com/books/the-art-of-network-penetration-testing)
* [The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013](https://www.elsevier.com/books/the-basics-of-hacking-and-penetration-testing/engebretson/978-1-59749-655-1)
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
* [The Hacker Playbook by Peter Kim, 2014](http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636/)
@ -177,9 +179,10 @@ See also *[HackingThe.cloud](https://hackingthe.cloud/)*.
## Collaboration Tools
* [Dradis](https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
* [Hexway Hive](https://hexway.io/hive/) - Commercial collaboration, data aggregation, and reporting framework for red teams with a limited free self-hostable option.
* [Lair](https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
* [Pentest Collaboration Framework (PCF)](https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
* [Reconmap](https://reconmap.org/) - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
* [Reconmap](https://reconmap.com/) - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
* [RedELK](https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
## Conferences and Events
@ -253,10 +256,11 @@ See also *[HackingThe.cloud](https://hackingthe.cloud/)*.
See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
* [H26Forge](https://github.com/h26forge/h26forge) - Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
## File Format Analysis Tools
@ -301,10 +305,12 @@ See also [awesome-industrial-control-system-security](https://github.com/hslatma
* [Industrial Exploitation Framework (ISF)](https://github.com/dark-lbp/isf) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.
* [s7scan](https://github.com/klsecservices/s7scan) - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.
* [OpalOPC](https://opalopc.com/) - Commercial OPC UA vulnerability assessment tool, sold by Molemmat.
## Intentionally Vulnerable Systems
See also [awesome-vulnerable](https://github.com/kaiiyer/awesome-vulnerable).
* [Pentest-Ground](https://pentest-ground.com/).
### Intentionally Vulnerable Systems as Docker Containers
@ -435,6 +441,7 @@ See also *[Intercepting Web proxies](#intercepting-web-proxies)*.
* [mallory](https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
* [oregano](https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
* [sylkie](https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
* [PETEP](https://github.com/Warxim/petep) - Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.
### Transport Layer Security Tools
@ -627,6 +634,7 @@ See also *[Web-accessible source code ripping tools](#web-accessible-source-code
* [BlindElephant](http://blindelephant.sourceforge.net/) - Web application fingerprinter.
* [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
* [GraphQL Voyager](https://graphql-kit.com/graphql-voyager/) - Represent any GraphQL API as an interactive graph, letting you explore data models from any Web site with a GraphQL query endpoint.
* [VHostScan](https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
* [Wappalyzer](https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
* [WhatWaf](https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
@ -791,6 +799,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
## Vulnerability Databases
* [Bugtraq (BID)](http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
* [CISA Known Vulnerabilities Database (KEV)](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) - Vulnerabilities in various systems already known to America's cyber defense agency, the Cybersecurity and Infrastructure Security Agency, to be actively exploited.
* [CXSecurity](https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
* [China National Vulnerability Database (CNNVD)](http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
* [Common Vulnerabilities and Exposures (CVE)](https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
@ -807,6 +816,7 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information.
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.
* [US-CERT Vulnerability Notes Database](https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
* [VulDB](https://vuldb.com) - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)
* [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target.
* [Vulners](https://vulners.com/) - Security database of software vulnerabilities.
* [Vulmon](https://vulmon.com/) - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.