From 065985a32af6e7c96471a5a517b590341e77755a Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 2 Dec 2019 09:30:26 +0100 Subject: [PATCH] add new stuff v2; add 'CTF platforms' chapter - signed-off-by: trimstray --- README.md | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6a643c5..5175ba3 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,7 @@ Only main chapters:

  :small_orange_diamond: PuTTY - is an SSH and telnet client, developed originally by Simon Tatham.
  :small_orange_diamond: nmap - is a free and open source (license) utility for network discovery and security auditing.
+  :small_orange_diamond: zmap - is a fast single packet network scanner designed for Internet-wide network surveys.
  :small_orange_diamond: masscan - is the fastest Internet port scanner, spews SYN packets asynchronously.
  :small_orange_diamond: pbscan - is a faster and more efficient stateless SYN scanner and banner grabber.
  :small_orange_diamond: hping - is a command-line oriented TCP/IP packet assembler/analyzer.
@@ -176,6 +177,7 @@ Only main chapters:   :small_orange_diamond: tcpterm - visualize packets in TUI.
  :small_orange_diamond: bmon - is a monitoring and debugging tool to capture networking related statistics and prepare them visually.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
+  :small_orange_diamond: vnstat - is a network traffic monitor for Linux and BSD.
  :small_orange_diamond: iPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  :small_orange_diamond: ethr - is a Network Performance Measurement Tool for TCP, UDP & HTTP.
  :small_orange_diamond: Etherate - is a Linux CLI based Ethernet and MPLS traffic testing tool.
@@ -192,6 +194,7 @@ Only main chapters: ##### :black_small_square: Network (DNS)

+  :small_orange_diamond: dnsdiag - is a DNS diagnostics and performance measurement tools.
  :small_orange_diamond: fierce - is a DNS reconnaissance tool for locating non-contiguous IP space.
  :small_orange_diamond: subfinder - is a subdomain discovery tool that discovers valid subdomains for websites.
  :small_orange_diamond: sublist3r - is a fast subdomains enumeration tool for penetration testers.
@@ -243,6 +246,7 @@ Only main chapters:   :small_orange_diamond: spiped - is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses.
  :small_orange_diamond: Certbot - is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server.
  :small_orange_diamond: mkcert - simple zero-config tool to make locally trusted development certificates with any names you'd like.
+  :small_orange_diamond: certstrap - tools to bootstrap CAs, certificate requests, and signed certificates.
  :small_orange_diamond: Sublert - is a security and reconnaissance tool to automatically monitor new subdomains.
  :small_orange_diamond: mkchain - open source tool to help you build a valid SSL certificate chain.

@@ -750,6 +754,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: cheatsheet-kubernetes-A4 - Kubernetes CheatSheets in A4.
  :small_orange_diamond: k8s-security - kubernetes security notes and best practices.
  :small_orange_diamond: kubernetes-production-best-practices - checklists with best-practices for production-ready Kubernetes.
+  :small_orange_diamond: kubernetes-production-best-practices - kubernetes security - best practice guide.
  :small_orange_diamond: kubernetes-failure-stories - is a compilation of public failure/horror stories related to Kubernetes.

@@ -854,6 +859,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OWASP Dev Guide - this is the development version of the OWASP Developer Guide.
  :small_orange_diamond: Mozilla Web Security - help operational teams with creating secure web applications.
  :small_orange_diamond: security-bulletins - security bulletins that relate to Netflix Open Source.
+  :small_orange_diamond: API-Security-Checklist - the most important security countermeasures when designing, testing, and releasing your API.
  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
  :small_orange_diamond: Weird Proxies - reverse proxy related attacks; it is a result of analysis of various reverse proxies, cache proxies, etc.
@@ -932,6 +938,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Web Developer Roadmap - roadmaps, articles and resources to help you choose your path, learn and improve.
  :small_orange_diamond: Front-End-Checklist - the perfect Front-End Checklist for modern websites and meticulous developers.
+  :small_orange_diamond: Front-End-Performance-Checklist - the only Front-End Performance Checklist that runs faster than the others.
  :small_orange_diamond: Python's Magic Methods - what are magic methods? They're everything in object-oriented Python.
  :small_orange_diamond: wtfpython - a collection of surprising Python snippets and lesser-known features.
  :small_orange_diamond: js-dev-reads - a list of books and articles for the discerning web developer to read.
@@ -943,6 +950,8 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Awesome Web Security - a curated list of Web Security materials and resources.
  :small_orange_diamond: awesome-cyber-skills - a curated list of hacking environments where you can train your cyber skills.
+  :small_orange_diamond: awesome-devsecops - an authoritative list of awesome devsecops tools.
+  :small_orange_diamond: awesome-osint - is a curated list of amazingly awesome OSINT.
  :small_orange_diamond: awesome-threat-intelligence - a curated list of Awesome Threat Intelligence resources.
  :small_orange_diamond: Red-Teaming-Toolkit - a collection of open source and commercial tools that aid in red team operations.
  :small_orange_diamond: awesome-burp-extensions - a curated list of amazingly awesome Burp Extensions.
@@ -968,6 +977,8 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: awesome-static-analysis - static analysis tools for all programming languages.
  :small_orange_diamond: computer-science - path to a free self-taught education in Computer Science.
  :small_orange_diamond: post-mortems - is a collection of postmortems (config errors, hardware failures, and more).
+  :small_orange_diamond: build-your-own-x - build your own (insert technology here).
+  :small_orange_diamond: Project-Based-Tutorials-in-C - is a curated list of project-based tutorials in C.
  :small_orange_diamond: The-Documentation-Compendium - various README templates & tips on writing high-quality documentation.
  :small_orange_diamond: awesome-python-applications - free software that works great, and also happens to be open-source Python.

@@ -1129,12 +1140,15 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: BillCipher - information gathering tool for a website or IP address.
  :small_orange_diamond: WhatWaf - detect and bypass web application firewalls and protection systems.
  :small_orange_diamond: Corsy - CORS misconfiguration scanner.
+  :small_orange_diamond: Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
+  :small_orange_diamond: dirhunt - find web directories without bruteforce.
  :small_orange_diamond: John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
  :small_orange_diamond: hashcat - world's fastest and most advanced password recovery utility.
  :small_orange_diamond: p0f - is a tool to identify the players behind any incidental TCP/IP communications.
  :small_orange_diamond: ssh_scan - a prototype SSH configuration and policy scanner.
  :small_orange_diamond: LeakLooker - find open databases - powered by Binaryedge.io
  :small_orange_diamond: exploitdb - searchable archive from The Exploit Database.
+  :small_orange_diamond: getsploit - is a command line utility for searching and downloading exploits.
  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
  :small_orange_diamond: pwntools - CTF framework and exploit development library.
  :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
@@ -1153,6 +1167,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: beef - the browser exploitation framework project.
  :small_orange_diamond: AutoSploit - automated mass exploiter.
  :small_orange_diamond: SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
+  :small_orange_diamond: yara - the pattern matching swiss knife.

##### :black_small_square: Pentests bookmarks collection @@ -1169,18 +1184,24 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
+  :small_orange_diamond: Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
+  :small_orange_diamond: blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
  :small_orange_diamond: Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
  :small_orange_diamond: Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
+  :small_orange_diamond: Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
  :small_orange_diamond: ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
+  :small_orange_diamond: AwesomeXSS - is a collection of Awesome XSS resources.
+  :small_orange_diamond: php-webshells - common php webshells.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
  :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
  :small_orange_diamond: OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
  :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security & computer science resources.
+  :small_orange_diamond: pentest-wiki - is a free online security knowledge library for pentesters/researchers.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
@@ -1197,6 +1218,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
  :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
  :small_orange_diamond: securitum/research - various Proof of Concepts of security research performed by Securitum.
+  :small_orange_diamond: public-pentesting-reports - is a list of public penetration test reports released by several consulting security groups.
  :small_orange_diamond: hackso.me - a great journey into security.

@@ -1234,11 +1256,11 @@ CyberTalks - talks, interviews, and article about cybersecurity.

  :small_orange_diamond: OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
-  :small_orange_diamond: Metasploitable 2 - vulnerable web application amongst security researchers.
  :small_orange_diamond: DVWA - PHP/MySQL web application that is damn vulnerable.
  :small_orange_diamond: DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
  :small_orange_diamond: OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
  :small_orange_diamond: OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
+  :small_orange_diamond: OWASP Node js Goat Project - OWASP Top 10 security risks apply to web applications developed using Node.js.
  :small_orange_diamond: juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
  :small_orange_diamond: SecurityShepherd - web and mobile application security training platform.
  :small_orange_diamond: Security Ninjas - open source application security training program.
@@ -1258,6 +1280,7 @@ AWS deployment tool.
##### :black_small_square: Vulnerable virtual machines

+  :small_orange_diamond: metasploitable 2 - vulnerable web application amongst security researchers.
  :small_orange_diamond: metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.

@@ -1311,6 +1334,13 @@ AWS deployment tool.
  :small_orange_diamond: Attack & Defense - is a browser-based cloud labs.

+##### :black_small_square: CTF platforms + +

+  :small_orange_diamond: fbctf - platform to host Capture the Flag competitions.
+  :small_orange_diamond: ctfscoreboard - scoreboard for Capture The Flag competitions.
+

+ ##### :black_small_square: Other resources