Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
https://github.com/eric-erki/awesome-pentest
Last synced: 5 days ago
JSON representation
-
Tools
-
DDoS Tools
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
- T50 - Faster network stress tool.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
- JS LOIC - JavaScript in-browser version of LOIC.
-
Network Tools
- SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
- Intercepter-NG - Multifunctional network toolkit.
- dsniff - Collection of tools for network auditing and pentesting.
- Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
- Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
- zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
- nmap - Free security scanner for network exploration & security audits.
- DNSDumpster - Online DNS recon and search service.
- dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
- Dripcap - Caffeinated packet analyzer.
- BetterCAP - Modular, portable and easily extensible MITM framework.
- Debookee - Simple and powerful network traffic analyzer for macOS.
-
Penetration Testing Distributions
- Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
- ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
- BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
- Parrot - Distribution similar to Kali, with multiple architecture.
- Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
- PentestBox - Opensource pre-configured portable penetration testing environment for Windows OS.
-
Docker for Penetration Testing
-
Multi-paradigm Frameworks
- Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
- Armitage - Java-based GUI front-end for the Metasploit Framework.
- ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
-
Network Vulnerability Scanners
- Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
- Nikto - Noisy but fast black box web server and web application vulnerability scanner.
- SecApps - In-browser web application security testing suite.
- WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
- WPScan - Black box WordPress vulnerability scanner.
- Zoom - Powerful wordpress username enumerator with infinite scanning.
-
Wireless Network Tools
- Aircrack-ng - Set of tools for auditing wireless networks.
- Kismet - Wireless network detector, sniffer, and IDS.
- Reaver - Brute force attack against WiFi Protected Setup.
-
Web Exploitation
- OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
- autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- Wappalyzer - Wappalyzer uncovers the technologies used on websites.
- sslstrip - Demonstration of the HTTPS stripping attacks.
- EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
-
Hex Editors
-
File Format Analysis Tools
- Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- Veles - Binary data visualization and analysis tool.
-
Anti-virus Evasion Tools
- Veil - Generate metasploit payloads that bypass common anti-virus solutions.
- shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
- peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
- UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
- Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
-
Hash Cracking Tools
-
Windows Utilities
-
Social Engineering Tools
- ShellPhish - Social media site cloner and phishing tool built atop SocialFish.
-
OSINT Tools
- Google-dorks - Common Google dorks and others you probably don't know.
- Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
- Shodan - World's first search engine for Internet-connected devices.
- recon-ng - Full-featured Web Reconnaissance framework written in Python.
- Threat Crowd - Search engine for threats.
- ZoomEye - Search engine for cyberspace that lets the user find specific network components.
- Hunter.io - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
- FOCA (Fingerprinting Organizations with Collected Archives) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.
- PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Bro and Suricata IDS signatures under the hood).
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
-
Anonymity Tools
- Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
- OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
- dos-over-tor - Proof of concept denial of service over Tor stress test tool.
-
Reverse Engineering Tools
- Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
- OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
- Immunity Debugger - Powerful way to write exploits and analyze malware.
- Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
- Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
-
Physical Access Tools
-
Penetration Testing Report Templates
- T&VS Pentesting Report Template - Pentest report template provided by Test and Verification Services, Ltd.
-
macOS Utilities
- Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.
-
-
Online Resources
-
Penetration Testing Resources
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- Penetration Testing Framework (PTF) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - Curated knowledge base and model for cyber adversary behavior.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
- XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
-
Exploit Development
- Shellcode Examples - Shellcodes database.
- Exploit Writing Tutorials - Tutorials on how to develop exploits.
-
OSINT Resources
- Intel Techniques - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
- NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
- WiGLE.net - Information about wireless networks world-wide, with user-friendly desktop and web applications.
-
Lock Picking Resources
- /r/lockpicking - Resources for learning lockpicking, equipment recommendations.
-
Operating Systems
- Security related Operating Systems @ Rawsec - Complete list of security related operating systems.
- Digital Evidence & Forensics Toolkit (DEFT) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
-
-
Books
-
Penetration Testing Books
- Btfm: Blue Team Field Manual by Alan J White & Ben Clark, 2017
- Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
- Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
- Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
-
Hackers Handbook Series
- The Database Hacker's Handbook, David Litchfield et al., 2005
- The Shellcoders Handbook by Chris Anley et al., 2007
- The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller et al., 2012
- Android Hackers Handbook by Joshua J. Drake et al., 2014
- The Browser Hackers Handbook by Wade Alcorn et al., 2014
- The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
-
Defensive Development
-
Network Analysis Books
-
Reverse Engineering Books
-
Malware Analysis Books
-
Social Engineering Books
- The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
- The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
- Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
- Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014
-
Lock Picking Books
-
Defcon Suggested Reading
-
Windows Books
-
-
Vulnerability Databases
-
Defcon Suggested Reading
- Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
- National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
- US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
- Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
- Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
- CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
- Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
- Vulners - Security database of software vulnerabilities.
- Inj3ct0r - Exploit marketplace and vulnerability information aggregator.
- Open Source Vulnerability Database (OSVDB) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016.
- HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
- China National Vulnerability Database (CNNVD) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
- SecuriTeam - Independent source of software vulnerability information.
- Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
- Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
-
-
Security Courses
-
Defcon Suggested Reading
- Offensive Security Training - Training from BackTrack/Kali developers.
-
-
Information Security Conferences
-
Defcon Suggested Reading
- CCC - Annual meeting of the international hacker scene in Germany.
- DerbyCon - Annual hacker conference based in Louisville.
- PhreakNIC - Technology conference held annually in middle Tennessee.
- CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
- Hack.lu - Annual conference held in Luxembourg.
- HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
- DeepSec - Security Conference in Vienna, Austria.
- SECUINSIDE - Security Conference in [Seoul](https://en.wikipedia.org/wiki/Seoul).
- AppSecUSA - Annual conference organized by OWASP.
- RSA Conference USA - Annual security conference in San Francisco, California, USA.
- Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
- 44Con - Annual Security Conference held in London.
- SummerCon - One of the oldest hacker conventions, held during Summer.
- DEF CON - Annual hacker convention in Las Vegas.
- Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016.
-
-
Information Security Magazines
-
Defcon Suggested Reading
- 2600: The Hacker Quarterly - American publication about technology and computer "underground."
- Phrack Magazine - By far the longest running hacker zine.
-
-
Awesome Lists
-
Defcon Suggested Reading
- C/C++ Programming - One of the main language for open source security tools.
- .NET Programming - Software framework for Microsoft Windows platform development.
- Shell Scripting - Command line frameworks, toolkits, guides and gizmos.
- Ruby Programming by @markets - The de-facto language for writing exploits.
- JavaScript Programming - In-browser development and scripting.
- Python Programming by @vinta - General Python programming.
- Android Security - Collection of Android security related resources.
- Awesome Awesomness - The List of the Lists.
- AppSec - Resources for learning about application security.
- CTFs - Capture The Flag frameworks, libraries, etc.
- Hacking - Tutorials, tools, and resources.
- Honeypots - Honeypots, tools, components, and more.
- Malware Analysis - Tools and resources for analysts.
- PCAP Tools - Tools for processing network traffic.
- Security - Software, libraries, documents, and other resources.
- ![CC-BY
- Creative Commons Attribution 4.0 International License
- InfoSec § Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.
-
Programming Languages
Categories
Sub Categories
Defcon Suggested Reading
52
DDoS Tools
25
Network Tools
13
Penetration Testing Resources
11
OSINT Tools
10
Hackers Handbook Series
8
Penetration Testing Distributions
6
Penetration Testing Books
6
Social Engineering Books
6
Network Vulnerability Scanners
6
Web Exploitation
6
Reverse Engineering Tools
5
Anti-virus Evasion Tools
5
Anonymity Tools
3
OSINT Resources
3
Wireless Network Tools
3
Reverse Engineering Books
3
Multi-paradigm Frameworks
3
Docker for Penetration Testing
2
Malware Analysis Books
2
Network Analysis Books
2
Windows Books
2
Hash Cracking Tools
2
Defensive Development
2
Lock Picking Books
2
Windows Utilities
2
Exploit Development
2
Operating Systems
2
File Format Analysis Tools
2
Hex Editors
2
Physical Access Tools
2
Lock Picking Resources
1
Social Engineering Tools
1
Penetration Testing Report Templates
1
macOS Utilities
1
Keywords
awesome
10
awesome-list
8
list
5
security
4
python-resources
1
python-library
1
python-framework
1
python
1
collections
1
ruby-libraries
1
ruby
1
curated-list
1
collection
1
zsh
1
shell
1
fish
1
cli
1
bash
1
fsharp
1
dotnet
1
csharp
1
clr
1
resources
1
programming-tutorial
1
lists
1
pentesting
1
libraries
1
cppcon
1
cpp-library
1
cpp
1
c-plus-plus
1
c
1
post-exploitation
1
data-mining
1
threatintel
1
threat-sharing
1
threat-intelligence
1
static-analysis
1
network-traffic
1
malware-samples
1
malware-research
1
malware-collection
1
malware-analysis
1
dynamic-analysis
1
drop-ice
1
domain-analysis
1
chinese-translation
1
chinese
1
automated-analysis
1
analysis-framework
1