Online Penetration Testing Resources

• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - Curated knowledge base and model for cyber adversary behavior.
• Penetration Testing Framework (PTF) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
• XSS-Payloads - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.

Online Operating Systems Resources

• DistroWatch.com's Security Category - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.

Other Lists Online

• .NET Programming - Software framework for Microsoft Windows platform development.
• Android Security - Collection of Android security related resources.
• AppSec - Resources for learning about application security.
• Awesome Awesomness - The List of the Lists.
• Blue Team - Awesome resources, tools, and other shiny things for cybersecurity blue teams.
• C/C++ Programming - One of the main language for open source security tools.
• CTFs - Capture The Flag frameworks, libraries, etc.
• Hacking - Tutorials, tools, and resources.
• Honeypots - Honeypots, tools, components, and more.
• InfoSec § Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.
• JavaScript Programming - In-browser development and scripting.
• Python Programming by @vinta - General Python programming.
• Ruby Programming by @markets - The de-facto language for writing exploits.
• Security - Software, libraries, documents, and other resources.
• Shell Scripting - Command line frameworks, toolkits, guides and gizmos.

Penetration Testing Report Templates

• T&VS Pentesting Report Template - Pentest report template provided by Test and Verification Services, Ltd.

• Metadata Anonymization Toolkit (MAT) - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.

Tor Tools

• OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
• Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.

Tor Tools

• Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
• UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
• Veil - Generate metasploit payloads that bypass common anti-virus solutions.

Tor Tools

• Android Hacker's Handbook by Joshua J. Drake et al., 2014
• BTFM: Blue Team Field Manual by Alan J White & Ben Clark, 2017
• Bug Hunter's Diary by Tobias Klein, 2011
• Car Hacker's Handbook by Craig Smith, 2016
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• The Art of Exploitation by Jon Erickson, 2008
• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015
• iOS Hacker's Handbook by Charlie Miller et al., 2012
• DEF CON Suggested Reading

Malware Analysis Books

• awesome-malware-analysis § Books

Malware Analysis Books

• Lair - Reactive attack collaboration framework and web application built with meteor.

Malware Analysis Books

• CTFTime.org - Directory of upcoming and archive of past Capture The Flag (CTF) competitions with links to challenge writeups.

Asia

• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
• SECUINSIDE - Security Conference in Seoul.
• HITCON - Hacks In Taiwan Conference held in Taiwan.

Europe

• 44Con - Annual Security Conference held in London.
• CCC - Annual meeting of the international hacker scene in Germany.
• DeepSec - Security Conference in Vienna, Austria.
• Hack.lu - Annual conference held in Luxembourg.
• SteelCon - Security conference in Sheffield UK.
• Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
• HoneyCON - Annual Security Conference in Guadalajara, Spain. Organized by the HoneySEC association.

North America

• CarolinaCon - Infosec conference, held annually in North Carolina.
• DerbyCon - Annual hacker conference based in Louisville.
• Hackers Next Door - Cybersecurity and social technology conference held in New York City.
• Hackers On Planet Earth (HOPE) - Semi-annual conference held in New York City.
• National Cyber Summit - Annual US security conference and Capture the Flag event, held in Huntsville, Alabama, USA.
• PhreakNIC - Technology conference held annually in middle Tennessee.
• RSA Conference USA - Annual security conference in San Francisco, California, USA.
• SummerCon - One of the oldest hacker conventions in America, held during Summer.
• DEF CON - Annual hacker convention in Las Vegas.

South America

• Hackers to Hackers Conference (H2HC) - Oldest security research (hacking) conference in Latin America and one of the oldest ones still active in the world.

Zealandia

• Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.

Zealandia

• Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
• peepdf - Python tool to explore PDF files in order to find out if the file can be harmful or not.
• Veles - Binary data visualization and analysis tool.

Zealandia

• Lynis - Auditing tool for UNIX-based systems.

Zealandia

• CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
• Rar Crack - RAR bruteforce cracker.

Zealandia

• Hexinator - World's finest (proprietary, commercial) Hex Editor.
• wxHexEditor - Free GUI hex editor for GNU/Linux, macOS, and Windows.

Intentionally Vulnerable Systems as Docker Containers

• Damn Vulnerable Web Application (DVWA) - `docker pull citizenstig/dvwa`.
• OWASP Mutillidae II Web Pen-Test Practice Application - `docker pull citizenstig/nowasp`.
• OWASP Security Shepherd - `docker pull ismisepaul/securityshepherd`.
• Vulnerability as a service: Heartbleed - `docker pull hmlio/vaas-cve-2014-0160`.
• Vulnerability as a service: Shellshock - `docker pull hmlio/vaas-cve-2014-6271`.
• Vulnerable WordPress Installation - `docker pull wpscanteam/vulnerablewordpress`.

Intentionally Vulnerable Systems as Docker Containers

• awesome-lockpicking

Intentionally Vulnerable Systems as Docker Containers

• Armitage - Java-based GUI front-end for the Metasploit Framework.
• Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.

Intentionally Vulnerable Systems as Docker Containers

• Intercepter-NG - Multifunctional network toolkit.
• Ncrack - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
• Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
• dsniff - Collection of tools for network auditing and pentesting.

Network Reconnaissance Tools

• zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
• DNSDumpster - Online DNS recon and search service.
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
• nmap - Free security scanner for network exploration & security audits.

DDoS Tools

• Anevicon - Powerful UDP-based load generator, written in Rust.
• HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
• T50 - Faster network stress tool.

Protocol Analyzers and Sniffers

• awesome-pcaptools
• Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
• Debookee - Simple and powerful network traffic analyzer for macOS.

Network Traffic Replay and Editing Tools

• TraceWrangler - Network capture file toolkit that can edit and merge `pcap` or `pcapng` files with batch editing features.
• tcpreplay - Suite of free Open Source utilities for editing and replaying previously captured network traffic.

Proxies and Machine-in-the-Middle (MITM) Tools

• BetterCAP - Modular, portable and easily extensible MITM framework.

Wireless Network Tools

• Aircrack-ng - Set of tools for auditing wireless networks.
• BoopSuite - Suite of tools written in Python for wireless auditing.
• Kismet - Wireless network detector, sniffer, and IDS.
• Reaver - Brute force attack against WiFi Protected Setup.

Wireless Network Tools

• Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.

Web Vulnerability Scanners

• Nikto - Noisy but fast black box web server and web application vulnerability scanner.
• SecApps - In-browser web application security testing suite.
• WPScan - Black box WordPress vulnerability scanner.
• WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
• cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.

Data Broker and Search Engine Services

• Hunter.io - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
• Threat Crowd - Search engine for threats.

Metadata harvesting and analysis

• FOCA (Fingerprinting Organizations with Collected Archives) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.

Network device discovery tools

• Shodan - World's first search engine for Internet-connected devices.
• ZoomEye - Search engine for cyberspace that lets the user find specific network components.

OSINT Online Resources

• GhostProject - Searchable database of billions of cleartext passwords, partially visible for free.
• NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services.
• WiGLE.net - Information about wireless networks world-wide, with user-friendly desktop and web applications.

Web application and resource analysis tools

• Wappalyzer - Wappalyzer uncovers the technologies used on websites.
• EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Web application and resource analysis tools

• Android Tamer - Distribution built for Android security professionals that includes tools required for Android security testing.
• ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
• BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
• Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
• Kali - Rolling Debian-based GNU/Linux distribution designed for penetration testing and digital forensics.
• Parrot - Distribution similar to Kali, with support for multiple hardware architectures.
• PentestBox - Open source pre-configured portable penetration testing environment for the Windows Operating System.

Web application and resource analysis tools

• 2600: The Hacker Quarterly - American publication about technology and computer "underground" culture.
• Phrack Magazine - By far the longest running hacker zine.

Web application and resource analysis tools

• AT Commands - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
• Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
• Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
• Thunderclap - Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.

Reverse Engineering Books

• Hacking the Xbox by Andrew Huang, 2003
• Practical Reverse Engineering by Bruce Dang et al., 2014
• The IDA Pro Book by Chris Eagle, 2011

Reverse Engineering Tools

• angr - Platform-agnostic binary analysis framework.
• Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
• Ghidra - Suite of free software reverse engineering tools developed by NSA's Research Directorate originally exposed in WikiLeaks's "Vault 7" publication and now maintained as open source software.
• Immunity Debugger - Powerful way to write exploits and analyze malware.
• OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.

Reverse Engineering Tools

• Offensive Security Training - Training from BackTrack/Kali developers.

Reverse Engineering Tools

• Exploit Writing Tutorials - Tutorials on how to develop exploits.
• Shellcode Examples - Shellcodes database.
• The Shellcoder's Handbook by Chris Anley et al., 2007

Social Engineering Books

• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014
• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014

Social Engineering Tools

• Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
• CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
• China National Vulnerability Database (CNNVD) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
• Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
• Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
• HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
• Inj3ct0r - Exploit marketplace and vulnerability information aggregator. ([Onion service](http://mvfjfugdwgc5uwho.onion/).)
• National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
• Open Source Vulnerabilities (OSV) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
• US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
• Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
• Vulners - Security database of software vulnerabilities.
• Vulmon - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.

Social Engineering Tools

• autochrome - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
• sslstrip - Demonstration of the HTTPS stripping attacks.

Intercepting Web proxies

• Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
• OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
• mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Web Exploitation Books

• The Browser Hacker's Handbook by Wade Alcorn et al., 2014
• The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011

Web Exploitation Books

• Empire - Pure PowerShell post-exploitation agent.
• Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
• wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.

Intentionally Vulnerable Systems as Docker Containers

• Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.