awesome-pentest

A collection of awesome penetration testing resources, tools and other shiny things
https://github.com/eric-erki/awesome-pentest

Last synced: 5 days ago
JSON representation

Tools
- DDoS Tools
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
  - T50 - Faster network stress tool.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
  - JS LOIC - JavaScript in-browser version of LOIC.
- Penetration Testing Distributions
  - Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
  - ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
  - BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
  - Parrot - Distribution similar to Kali, with multiple architecture.
  - Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
  - PentestBox - Opensource pre-configured portable penetration testing environment for Windows OS.
- Docker for Penetration Testing
  - Official Kali Linux
  - Vulnerable WordPress Installation
- Multi-paradigm Frameworks
  - Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
  - Armitage - Java-based GUI front-end for the Metasploit Framework.
  - ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
- Network Vulnerability Scanners
  - Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  - Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  - SecApps - In-browser web application security testing suite.
  - WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
  - WPScan - Black box WordPress vulnerability scanner.
  - Zoom - Powerful wordpress username enumerator with infinite scanning.
- Network Tools
  - Intercepter-NG - Multifunctional network toolkit.
  - dsniff - Collection of tools for network auditing and pentesting.
  - Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
  - Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
  - zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  - nmap - Free security scanner for network exploration & security audits.
  - DNSDumpster - Online DNS recon and search service.
  - dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  - Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
  - Dripcap - Caffeinated packet analyzer.
  - BetterCAP - Modular, portable and easily extensible MITM framework.
- Wireless Network Tools
  - Aircrack-ng - Set of tools for auditing wireless networks.
  - Kismet - Wireless network detector, sniffer, and IDS.
  - Reaver - Brute force attack against WiFi Protected Setup.
- Web Exploitation
  - OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  - Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
  - autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
  - Wappalyzer - Wappalyzer uncovers the technologies used on websites.
  - sslstrip - Demonstration of the HTTPS stripping attacks.
  - EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- Hex Editors
  - Hexinator - World's finest (proprietary, commercial) Hex Editor.
  - 0xED - Native macOS hex editor that supports plug-ins to display custom data types.
- File Format Analysis Tools
  - Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  - Veles - Binary data visualization and analysis tool.
- Anti-virus Evasion Tools
  - Veil - Generate metasploit payloads that bypass common anti-virus solutions.
  - shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
  - peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
  - UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
  - Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
- Hash Cracking Tools
  - CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
  - Rar Crack - RAR bruteforce cracker.
- Windows Utilities
  - Empire - Pure PowerShell post-exploitation agent.
  - wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
- Social Engineering Tools
  - ShellPhish - Social media site cloner and phishing tool built atop SocialFish.
- OSINT Tools
  - Google-dorks - Common Google dorks and others you probably don't know.
  - Shodan - World's first search engine for Internet-connected devices.
  - recon-ng - Full-featured Web Reconnaissance framework written in Python.
  - Threat Crowd - Search engine for threats.
  - ZoomEye - Search engine for cyberspace that lets the user find specific network components.
  - Hunter.io - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
  - FOCA (Fingerprinting Organizations with Collected Archives) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
- Anonymity Tools
  - Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
  - OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
  - dos-over-tor - Proof of concept denial of service over Tor stress test tool.
- Reverse Engineering Tools
  - OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  - Immunity Debugger - Powerful way to write exploits and analyze malware.
  - Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  - Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
- Physical Access Tools
  - Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
  - Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
- Penetration Testing Report Templates
  - T&VS Pentesting Report Template - Pentest report template provided by Test and Verification Services, Ltd.
- macOS Utilities
  - Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
Online Resources
- Penetration Testing Resources
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - Penetration Testing Framework (PTF) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - Curated knowledge base and model for cyber adversary behavior.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
  - Metasploit Unleashed - Free Offensive Security Metasploit course.
- Exploit Development
  - Shellcode Examples - Shellcodes database.
  - Exploit Writing Tutorials - Tutorials on how to develop exploits.
- OSINT Resources
  - Intel Techniques - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
  - NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
  - WiGLE.net - Information about wireless networks world-wide, with user-friendly desktop and web applications.
- Lock Picking Resources
  - /r/lockpicking - Resources for learning lockpicking, equipment recommendations.
- Operating Systems
  - Security related Operating Systems @ Rawsec - Complete list of security related operating systems.
  - Digital Evidence & Forensics Toolkit (DEFT) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
Books
Vulnerability Databases
- Defcon Suggested Reading
  - Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
  - National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
  - US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
  - Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
  - Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
  - CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
  - Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
  - Vulners - Security database of software vulnerabilities.
  - Inj3ct0r - Exploit marketplace and vulnerability information aggregator.
  - Open Source Vulnerability Database (OSVDB) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016.
  - HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
  - China National Vulnerability Database (CNNVD) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
Security Courses
- Defcon Suggested Reading
  - Offensive Security Training - Training from BackTrack/Kali developers.
Information Security Conferences
- Defcon Suggested Reading
  - CCC - Annual meeting of the international hacker scene in Germany.
  - DerbyCon - Annual hacker conference based in Louisville.
  - PhreakNIC - Technology conference held annually in middle Tennessee.
  - CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
  - Hack.lu - Annual conference held in Luxembourg.
  - HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
  - DeepSec - Security Conference in Vienna, Austria.
  - SECUINSIDE - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul).
  - AppSecUSA - Annual conference organized by OWASP.
  - RSA Conference USA - Annual security conference in San Francisco, California, USA.
  - Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
  - 44Con - Annual Security Conference held in London.
  - DEF CON - Annual hacker convention in Las Vegas.
Information Security Magazines
- Defcon Suggested Reading
  - 2600: The Hacker Quarterly - American publication about technology and computer "underground."
  - Phrack Magazine - By far the longest running hacker zine.
Awesome Lists
- Defcon Suggested Reading
  - C/C++ Programming - One of the main language for open source security tools.
  - .NET Programming - Software framework for Microsoft Windows platform development.
  - Shell Scripting - Command line frameworks, toolkits, guides and gizmos.
  - Ruby Programming by @markets - The de-facto language for writing exploits.
  - JavaScript Programming - In-browser development and scripting.
  - Python Programming by @vinta - General Python programming.
  - Android Security - Collection of Android security related resources.
  - Awesome Awesomness - The List of the Lists.
  - AppSec - Resources for learning about application security.
  - CTFs - Capture The Flag frameworks, libraries, etc.
  - Hacking - Tutorials, tools, and resources.
  - Honeypots - Honeypots, tools, components, and more.
  - Malware Analysis - Tools and resources for analysts.
  - PCAP Tools - Tools for processing network traffic.
  - Security - Software, libraries, documents, and other resources.
  - ![CC-BY
  - Creative Commons Attribution 4.0 International License
  - InfoSec § Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.

Programming Languages

Python 4 JavaScript 1 PHP 1 Ruby 1 Shell 1

awesome-pentest

Tools

DDoS Tools

Penetration Testing Distributions

Docker for Penetration Testing

Multi-paradigm Frameworks

Network Vulnerability Scanners

Network Tools

Wireless Network Tools

Web Exploitation

Hex Editors

File Format Analysis Tools

Anti-virus Evasion Tools

Hash Cracking Tools

Windows Utilities

Social Engineering Tools

OSINT Tools

Anonymity Tools

Reverse Engineering Tools

Physical Access Tools

Penetration Testing Report Templates

macOS Utilities

Online Resources

Penetration Testing Resources

Exploit Development

OSINT Resources

Lock Picking Resources

Operating Systems

Books

Penetration Testing Books

Hackers Handbook Series

Defensive Development

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Social Engineering Books

Lock Picking Books

Defcon Suggested Reading

Vulnerability Databases

Defcon Suggested Reading

Security Courses

Defcon Suggested Reading

Information Security Conferences

Defcon Suggested Reading

Information Security Magazines

Defcon Suggested Reading

Awesome Lists

Defcon Suggested Reading