Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
https://github.com/shieldfy/awesome-pentest
Last synced: 4 days ago
JSON representation
-
Awesome Penetration Testing
-
Tools
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- Kali - A Linux distribution designed for digital forensics and penetration testing
- BlackArch - Arch Linux-based distribution for penetration testers and security researchers
- NST - Network Security Toolkit distribution
- Pentoo - security-focused livecd based on Gentoo
- BackBox - Ubuntu-based distribution for penetration tests and security assessments
- Metasploit - World's most used penetration testing software
- Burp - An integrated platform for performing security testing of web applications
- Netsparker - Web Application Security Scanner
- Nexpose - Vulnerability Management & Risk Management Software
- Nessus - Vulnerability, configuration, and compliance assessment
- Nikto - Web application vulnerability scanner
- OpenVAS - Open Source vulnerability scanner and manager
- OWASP Zed Attack Proxy - Penetration testing tool for web applications
- Secapps - Integrated web application security testing environment
- Wapiti - Web application vulnerability scanner
- WebReaver - Web application vulnerability scanner for Mac OS X
- nmap - Free Security Scanner For Network Exploration & Security Audits
- tcpdump/libpcap - A common packet analyzer that runs under the command line
- Wireshark - A network protocol analyzer for Unix and Windows
- Network Tools - Different network tools: ping, lookup, whois, etc
- Intercepter-NG - a multifunctional network toolkit
- SPARTA - Network Infrastructure Penetration Testing Tool
- Aircrack-ng - a set of tools for auditing wireless network
- sslstrip - a demonstration of the HTTPS stripping attacks
- HexEdit.js - Browser-based hex editing
- John the Ripper - Fast password cracker
- Online MD5 cracker - Online MD5 hash Cracker
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities
- JS LOIC - JavaScript in-browser version of LOIC
- Tor - The free software for enabling onion routing online anonymity
- I2P - The Invisible Internet Project
- IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- IDA Free - The freeware version of IDA v5.0
- WDK/WinDbg - Windows Driver Kit and WinDbg
- OllyDbg - An x86 debugger that emphasizes binary code analysis
- Radare2 - Opensource, crossplatform reverse engineering framework.
- x64_gdb - An open-source x64/x32 debugger for windows
- John the Ripper - Fast password cracker
- IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- Kali - A Linux distribution designed for digital forensics and penetration testing
- BlackArch - Arch Linux-based distribution for penetration testers and security researchers
- NST - Network Security Toolkit distribution
- Pentoo - security-focused livecd based on Gentoo
- BackBox - Ubuntu-based distribution for penetration tests and security assessments
- Metasploit - World's most used penetration testing software
- Burp - An integrated platform for performing security testing of web applications
- Netsparker - Web Application Security Scanner
- Nessus - Vulnerability, configuration, and compliance assessment
- OpenVAS - Open Source vulnerability scanner and manager
- Wapiti - Web application vulnerability scanner
- nmap - Free Security Scanner For Network Exploration & Security Audits
- tcpdump/libpcap - A common packet analyzer that runs under the command line
- Wireshark - A network protocol analyzer for Unix and Windows
- Network Tools - Different network tools: ping, lookup, whois, etc
- SPARTA - Network Infrastructure Penetration Testing Tool
- HexEdit.js - Browser-based hex editing
- Online MD5 cracker - Online MD5 hash Cracker
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities
- JS LOIC - JavaScript in-browser version of LOIC
- I2P - The Invisible Internet Project
- Radare2 - Opensource, crossplatform reverse engineering framework.
- x64_gdb - An open-source x64/x32 debugger for windows
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- Online MD5 cracker - Online MD5 hash Cracker
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
- JS LOIC - JavaScript in-browser version of LOIC
-
Online Resources
- Metasploit Unleashed - Free Offensive Security metasploit course
- PTES - Penetration Testing Execution Standard
- OWASP - Open Web Application Security Project
- OSSTMM - Open Source Security Testing Methodology Manual
- PCI SSC - Standards and supporting materials to enhance payment card data security
- LSST - Linux Shell Scripting Tutorial
- Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels
- Shellcode Tutorials - Tutorials on how to write shellcode
- Shellcode examples - Shellcodes database
- Social Engineering Framework - An information resource for social engineers
- Schuyler Towne channel - Lockpicking videos and security talks
- Metasploit Unleashed - Free Offensive Security metasploit course
- PTES - Penetration Testing Execution Standard
- OWASP - Open Web Application Security Project
- Social Engineering Framework - An information resource for social engineers
- Schuyler Towne channel - Lockpicking videos and security talks
- PCI SSC - Standards and supporting materials to enhance payment card data security
-
Books
- The Art of Exploitation by Jon Erickson, 2008
- Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
- The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
- Professional Penetration Testing by Thomas Wilhelm, 2013
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
- Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
- Black Hat Python: Python Programming for Hackers and Pentesters, 2014
- Penetration Testing: Procedures & Methodologies (EC-Council Press),2010
- The Shellcoders Handbook by Chris Anley and others, 2007
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller and others, 2012
- Android Hackers Handbook by Joshua J. Drake and others, 2014
- The Browser Hackers Handbook by Wade Alcorn and others, 2014
- Nmap Network Scanning by Gordon Fyodor Lyon, 2009
- Practical Packet Analysis by Chris Sanders, 2011
- Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
- Reverse Engineering for Beginners
- The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
- The IDA Pro Book by Chris Eagle, 2011
- Practical Reverse Engineering by Bruce Dang and others, 2014
- Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
- The Art of Memory Forensics by Michael Hale Ligh and others, 2014
- Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu
- The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
- Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
- Practical Lock Picking by Deviant Ollam, 2012
- Keys to the Kingdom by Deviant Ollam, 2012
- The Art of Exploitation by Jon Erickson, 2008
- Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- The Hacker Playbook by Peter Kim, 2014
- The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
- Professional Penetration Testing by Thomas Wilhelm, 2013
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
- Violent Python by TJ O'Connor, 2012
- Black Hat Python: Python Programming for Hackers and Pentesters, 2014
- Penetration Testing: Procedures & Methodologies (EC-Council Press),2010
- Nmap Network Scanning by Gordon Fyodor Lyon, 2009
- Practical Packet Analysis by Chris Sanders, 2011
- Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
- The IDA Pro Book by Chris Eagle, 2011
- Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
- No Tech Hacking by Johnny Long, Jack Wiles, 2008
- Practical Lock Picking by Deviant Ollam, 2012
- Keys to the Kingdom by Deviant Ollam, 2012
- Reverse Engineering for Beginners
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- Black Hat Python: Python Programming for Hackers and Pentesters, 2014
-
Vulnerability Databases
- NVD - US National Vulnerability Database
- CERT - US Computer Emergency Readiness Team
- OSVDB - Open Sourced Vulnerability Database
- Bugtraq - Symantec SecurityFocus
- Exploit-DB - Offensive Security Exploit Database
- Fulldisclosure - Full Disclosure Mailing List
- MS Bulletin - Microsoft Security Bulletin
- MS Advisory - Microsoft Security Advisories
- Inj3ct0r - Inj3ct0r Exploit Database
- Packet Storm - Packet Storm Global Security Resource
- CXSecurity - CSSecurity Bugtraq List
- Vulnerability Laboratory - Vulnerability Research Laboratory
- ZDI - Zero Day Initiative
- NVD - US National Vulnerability Database
- Exploit-DB - Offensive Security Exploit Database
- Fulldisclosure - Full Disclosure Mailing List
- MS Bulletin - Microsoft Security Bulletin
- MS Advisory - Microsoft Security Advisories
- Packet Storm - Packet Storm Global Security Resource
- SecuriTeam - Securiteam Vulnerability Information
- CXSecurity - CSSecurity Bugtraq List
- Vulnerability Laboratory - Vulnerability Research Laboratory
- ZDI - Zero Day Initiative
- Inj3ct0r - Inj3ct0r Exploit Database
-
Security Courses
- Offensive Security Training - Training from BackTrack/Kali developers
- SANS Security Training - Computer Security Training & Certification
- Open Security Training - Training material for computer security classes
- Cybrary - online IT and Cyber Security training platform
- Offensive Security Training - Training from BackTrack/Kali developers
- SANS Security Training - Computer Security Training & Certification
- Open Security Training - Training material for computer security classes
- Offensive Security Training - Training from BackTrack/Kali developers
-
Information Security Conferences
- DEF CON - An annual hacker convention in Las Vegas
- Black Hat - An annual security conference in Las Vegas
- BSides - A framework for organising and holding security conferences
- CCC - An annual meeting of the international hacker scene in Germany
- DerbyCon - An annual hacker conference based in Louisville
- PhreakNIC - A technology conference held annually in middle Tennessee
- ShmooCon - An annual US east coast hacker convention
- HOPE - A conference series sponsored by the hacker magazine 2600
- SummerCon - One of the oldest hacker conventions, held during Summer
- Hack.lu - An annual conference held in Luxembourg
- HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
- Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
- Hack3rCon - An annual US hacker conference
- ThotCon - An annual US hacker conference held in Chicago
- LayerOne - An annual US security conerence held every spring in Los Angeles
- DeepSec - Security Conference in Vienna, Austria
- SkyDogCon - A technology conference in Nashville
- SECUINSIDE - Security Conference in [Seoul](http://en.wikipedia.org/wiki/Seoul)
- Hack.lu - An annual conference held in Luxembourg
- ShmooCon - An annual US east coast hacker convention
- DEF CON - An annual hacker convention in Las Vegas
- Black Hat - An annual security conference in Las Vegas
- BSides - A framework for organising and holding security conferences
- CCC - An annual meeting of the international hacker scene in Germany
- CarolinaCon - An infosec conference, held annually in North Carolina
- HOPE - A conference series sponsored by the hacker magazine 2600
- SummerCon - One of the oldest hacker conventions, held during Summer
- HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
- Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
- ThotCon - An annual US hacker conference held in Chicago
- LayerOne - An annual US security conerence held every spring in Los Angeles
- SkyDogCon - A technology conference in Nashville
- Hack.lu - An annual conference held in Luxembourg
- SummerCon - One of the oldest hacker conventions, held during Summer
- DEF CON - An annual hacker convention in Las Vegas
-
Information Security Magazines
- 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
- Phrack Magazine - By far the longest running hacker zine
- 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
-
Awesome Lists
- SecTools - Top 125 Network Security Tools
- C/C++ Programming - One of the main language for open source security tools
- .NET Programming - A software framework for Microsoft Windows platform development
- Shell Scripting - Command-line frameworks, toolkits, guides and gizmos
- Ruby Programming by @markets - The de-facto language for writing exploits
- JavaScript Programming - In-browser development and scripting
- Node.js Programming by @vndmtrx - JavaScript in command-line
- Python tools for penetration testers - Lots of pentesting tools are written in Python
- Python Programming by @vinta - General Python programming
- Andorid Security - A collection of android security related resources
- Awesome Awesomness - The List of the Lists
- SecTools - Top 125 Network Security Tools
-
License
-
Categories
Sub Categories
Keywords
awesome
6
awesome-list
5
list
3
c
1
c-plus-plus
1
cpp
1
cpp-library
1
cppcon
1
libraries
1
lists
1
programming-tutorial
1
resources
1
clr
1
csharp
1
dotnet
1
fsharp
1
bash
1
cli
1
fish
1
shell
1
zsh
1
collection
1
curated-list
1
ruby
1
ruby-libraries
1
collections
1
python
1
python-framework
1
python-library
1
python-resources
1
android
1
security
1