Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/rutkai/pentest-bookmarks

A collection of penetration testing related sites
https://github.com/rutkai/pentest-bookmarks
Last synced: 3 months ago
JSON representation
A collection of penetration testing related sites
Host: GitHub
URL: https://github.com/rutkai/pentest-bookmarks
Owner: rutkai
Archived: true
Created: 2015-04-28T20:53:48.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2020-09-30T20:11:27.000Z (about 4 years ago)
Last Synced: 2024-04-06T21:38:56.155Z (7 months ago)
Homepage:
Size: 191 KB
Stars: 276
Watchers: 18
Forks: 86
Open Issues: 1
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project

awesome-security-collection - **198**星
README

        Hacking/Penetrating tester bookmark collection

==============================================

This is a collection of Pentest/Hacker sites.

It is originally created by Jason Haddix.

## Blogs worth it

What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.

* [http://carnal0wnage.blogspot.com/](http://carnal0wnage.blogspot.com/)

* [http://www.mcgrewsecurity.com/](http://www.mcgrewsecurity.com/)

* [http://www.gnucitizen.org/blog/](http://www.gnucitizen.org/blog/)

* [http://www.darknet.org.uk/](http://www.darknet.org.uk/)

* [http://spylogic.net/](http://spylogic.net/)

* [http://taosecurity.blogspot.com/](http://taosecurity.blogspot.com/)

* [http://www.room362.com/](http://www.room362.com/)

* [http://blog.sipvicious.org/](http://blog.sipvicious.org/)

* [http://blog.portswigger.net/](http://blog.portswigger.net/)

* [http://pentestmonkey.net/blog/](http://pentestmonkey.net/blog/)

* [http://jeremiahgrossman.blogspot.com/](http://jeremiahgrossman.blogspot.com/)

* [http://i8jesus.com/](http://i8jesus.com/)

* [http://blog.c22.cc/](http://blog.c22.cc/)

* [http://www.skullsecurity.org/blog/](http://www.skullsecurity.org/blog/)

* [http://blog.metasploit.com/](http://blog.metasploit.com/)

* [http://www.darkoperator.com/](http://www.darkoperator.com/)

* [http://blog.skeptikal.org/](http://blog.skeptikal.org/)

* [http://preachsecurity.blogspot.com/](http://preachsecurity.blogspot.com/)

* [http://www.tssci-security.com/](http://www.tssci-security.com/)

* [http://www.gdssecurity.com/l/b/](http://www.gdssecurity.com/l/b/)

* [http://websec.wordpress.com/](http://websec.wordpress.com/)

* [http://bernardodamele.blogspot.com/](http://bernardodamele.blogspot.com/)

* [http://laramies.blogspot.com/](http://laramies.blogspot.com/)

* [http://www.spylogic.net/](http://www.spylogic.net/)

* [http://blog.andlabs.org/](http://blog.andlabs.org/)

* [http://xs-sniper.com/blog/](http://xs-sniper.com/blog/)

* [http://www.commonexploits.com/](http://www.commonexploits.com/)

* [http://www.sensepost.com/blog/](http://www.sensepost.com/blog/)

* [http://wepma.blogspot.com/](http://wepma.blogspot.com/)

* [http://exploit.co.il/](http://exploit.co.il/)

* [http://securityreliks.wordpress.com/](http://securityreliks.wordpress.com/)

* [http://www.madirish.net/index.html](http://www.madirish.net/index.html)

* [http://sirdarckcat.blogspot.com/](http://sirdarckcat.blogspot.com/)

* [http://reusablesec.blogspot.com/](http://reusablesec.blogspot.com/)

* [http://myne-us.blogspot.com/](http://myne-us.blogspot.com/)

* [http://www.notsosecure.com/](http://www.notsosecure.com/)

* [http://blog.spiderlabs.com/](http://blog.spiderlabs.com/)

* [http://www.corelan.be/](http://www.corelan.be/)

* [http://www.digininja.org/](http://www.digininja.org/)

* [http://www.pauldotcom.com/](http://www.pauldotcom.com/)

* [http://www.attackvector.org/](http://www.attackvector.org/)

* [http://deviating.net/](http://deviating.net/)

* [http://www.alphaonelabs.com/](http://www.alphaonelabs.com/)

* [http://www.smashingpasswords.com/](http://www.smashingpasswords.com/)

* [http://wirewatcher.wordpress.com/](http://wirewatcher.wordpress.com/)

* [http://gynvael.coldwind.pl/](http://gynvael.coldwind.pl/)

* [http://www.nullthreat.net/](http://www.nullthreat.net/)

* [http://www.question-defense.com/](http://www.question-defense.com/)

* [http://archangelamael.blogspot.com/](http://archangelamael.blogspot.com/)

* [http://memset.wordpress.com/](http://memset.wordpress.com/)

* [http://sickness.tor.hu/](http://sickness.tor.hu/)

* [http://punter-infosec.com/](http://punter-infosec.com/)

* [http://www.securityninja.co.uk/](http://www.securityninja.co.uk/)

* [http://securityandrisk.blogspot.com/](http://securityandrisk.blogspot.com/)

* [http://esploit.blogspot.com/](http://esploit.blogspot.com/)

* [http://www.pentestit.com/](http://www.pentestit.com/)

## Forums

Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.

* [http://sla.ckers.org/forum/index.php](http://sla.ckers.org/forum/index.php)

* [http://www.ethicalhacker.net/](http://www.ethicalhacker.net/)

* [http://www.backtrack-linux.org/forums/](http://www.backtrack-linux.org/forums/)

* [http://www.elitehackers.info/forums/](http://www.elitehackers.info/forums/)

* [http://www.hackthissite.org/forums/index.php](http://www.hackthissite.org/forums/index.php)

* [http://securityoverride.com/forum/index.php](http://securityoverride.com/forum/index.php)

* [http://www.iexploit.org/](http://www.iexploit.org/)

* [http://bright-shadows.net/](http://bright-shadows.net/)

* [http://www.governmentsecurity.org/forum/](http://www.governmentsecurity.org/forum/)

* [http://forum.intern0t.net/](http://forum.intern0t.net/)

## Magazines

* [http://www.net-security.org/insecuremag.php](http://www.net-security.org/insecuremag.php)

* [http://hakin9.org/](http://hakin9.org/)

## Video

* [http://www.hackernews.com/](http://www.hackernews.com/)

* [http://www.securitytube.net/](http://www.securitytube.net/)

* [http://www.irongeek.com/i.php?page=videos/aide-winter-2011](http://www.irongeek.com/i.php?page=videos/aide-winter-2011)

* [http://avondale.good.net/dl/bd/](http://avondale.good.net/dl/bd/)

* [http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/](http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/)

* [http://www.youtube.com/user/ChRiStIaAn008](http://www.youtube.com/user/ChRiStIaAn008)

* [http://www.youtube.com/user/HackingCons](http://www.youtube.com/user/HackingCons)

## Methodologies

* [http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)

* [http://www.pentest-standard.org/index.php/Main_Page](http://www.pentest-standard.org/index.php/Main_Page)

* [http://projects.webappsec.org/w/page/13246978/Threat-Classification](http://projects.webappsec.org/w/page/13246978/Threat-Classification)

* [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

* [http://www.social-engineer.org/](http://www.social-engineer.org/)

## Presentations

* [http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/](http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/)

* [http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/](http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/)

* [http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/](http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/)

* [http://www.slideshare.net/Laramies/tactical-information-gathering](http://www.slideshare.net/Laramies/tactical-information-gathering)

* [http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974](http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974)

* [http://infond.blogspot.com/2010/05/toturial-footprinting.html](http://infond.blogspot.com/2010/05/toturial-footprinting.html)

## People and Organizational

* [http://www.spokeo.com/](http://www.spokeo.com/)

* [http://www.123people.com/](http://www.123people.com/)

* [http://www.xing.com/](http://www.xing.com/)

* [http://www.zoominfo.com/search](http://www.zoominfo.com/search)

* [http://pipl.com/](http://pipl.com/)

* [http://www.zabasearch.com/](http://www.zabasearch.com/)

* [http://www.searchbug.com/default.aspx](http://www.searchbug.com/default.aspx)

* [http://theultimates.com/](http://theultimates.com/)

* [http://skipease.com/](http://skipease.com/)

* [http://addictomatic.com/](http://addictomatic.com/)

* [http://socialmention.com/](http://socialmention.com/)

* [http://entitycube.research.microsoft.com/](http://entitycube.research.microsoft.com/)

* [http://www.yasni.com/](http://www.yasni.com/)

* [http://tweepz.com/](http://tweepz.com/)

* [http://tweepsearch.com/](http://tweepsearch.com/)

* [http://www.glassdoor.com/index.htm](http://www.glassdoor.com/index.htm)

* [http://www.jigsaw.com/](http://www.jigsaw.com/)

* [http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp](http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp)

* [http://www.tineye.com/](http://www.tineye.com/)

* [http://www.peekyou.com/](http://www.peekyou.com/)

* [http://picfog.com/](http://picfog.com/)

* [http://twapperkeeper.com/index.php](http://twapperkeeper.com/index.php)

## Infrastructure

* [http://uptime.netcraft.com/](http://uptime.netcraft.com/)

* [http://www.serversniff.net/](http://www.serversniff.net/)

* [http://www.domaintools.com/](http://www.domaintools.com/)

* [http://centralops.net/co/](http://centralops.net/co/)

* [http://hackerfantastic.com/](http://hackerfantastic.com/)

* [http://whois.webhosting.info/](http://whois.webhosting.info/)

* [https://www.ssllabs.com/ssldb/analyze.html](https://www.ssllabs.com/ssldb/analyze.html)

* [http://www.clez.net/](http://www.clez.net/)

* [http://www.my-ip-neighbors.com/](http://www.my-ip-neighbors.com/)

* [http://www.shodanhq.com/](http://www.shodanhq.com/)

* [http://www.exploit-db.com/google-dorks/](http://www.exploit-db.com/google-dorks/)

* [http://www.hackersforcharity.org/ghdb/](http://www.hackersforcharity.org/ghdb/)

## Exploits and Advisories

* [http://www.exploit-db.com/](http://www.exploit-db.com/)

* [http://www.cvedetails.com/](http://www.cvedetails.com/)

* [http://www.packetstormsecurity.org/](http://www.packetstormsecurity.org/)

* [http://www.securityforest.com/wiki/index.php/Main_Page](http://www.securityforest.com/wiki/index.php/Main_Page)

* [http://www.securityfocus.com/bid](http://www.securityfocus.com/bid)

* [http://nvd.nist.gov/](http://nvd.nist.gov/)

* [http://osvdb.org/](http://osvdb.org/)

* [http://www.nullbyte.org.il/Index.html](http://www.nullbyte.org.il/Index.html)

* [http://secdocs.lonerunners.net/](http://secdocs.lonerunners.net/)

* [http://www.phenoelit-us.org/whatSAP/index.html](http://www.phenoelit-us.org/whatSAP/index.html)

* [http://secunia.com/](http://secunia.com/)

* [http://cve.mitre.org/](http://cve.mitre.org/)

## Cheatsheets and Syntax

* [http://cirt.net/ports_dl.php?export=services](http://cirt.net/ports_dl.php?export=services)

* [http://www.cheat-sheets.org/](http://www.cheat-sheets.org/)

* [http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/](http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/)

## Agile Hacking

* [http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/](http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/)

* [http://blog.commandlinekungfu.com/](http://blog.commandlinekungfu.com/)

* [http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/](http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/)

* [http://isc.sans.edu/diary.html?storyid=2376](http://isc.sans.edu/diary.html?storyid=2376)

* [http://isc.sans.edu/diary.html?storyid=1229](http://isc.sans.edu/diary.html?storyid=1229)

* [http://ss64.com/nt/](http://ss64.com/nt/)

* [http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html](http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html)

* [http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html](http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html)

* [http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/](http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/)

* [http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst](http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst)

* [http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf](http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf)

* [http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507](http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507)

* [http://www.pentesterscripting.com/](http://www.pentesterscripting.com/)

* [http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583](http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583)

* [http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf](http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf)

## OS and Scripts

* [http://en.wikipedia.org/wiki/IPv4_subnetting_reference](http://en.wikipedia.org/wiki/IPv4_subnetting_reference)

* [http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/](http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/)

* [http://shelldorado.com/shelltips/beginner.html](http://shelldorado.com/shelltips/beginner.html)

* [http://www.linuxsurvival.com/](http://www.linuxsurvival.com/)

* [http://mywiki.wooledge.org/BashPitfalls](http://mywiki.wooledge.org/BashPitfalls)

* [http://rubular.com/](http://rubular.com/)

* [http://www.iana.org/assignments/port-numbers](http://www.iana.org/assignments/port-numbers)

* [http://www.robvanderwoude.com/ntadmincommands.php](http://www.robvanderwoude.com/ntadmincommands.php)

* [http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/](http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/)

## Tools

* [http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf](http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf)

* [http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf](http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf)

* [http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf](http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf)

* [http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf](http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf)

* [http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf](http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf)

* [http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html](http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html)

* [http://h.ackack.net/cheat-sheets/netcat](http://h.ackack.net/cheat-sheets/netcat)

## Distros

* [http://www.backtrack-linux.org/](http://www.backtrack-linux.org/)

* [http://www.matriux.com/](http://www.matriux.com/)

* [http://samurai.inguardians.com/](http://samurai.inguardians.com/)

* [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project](http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project)

* [https://pentoo.ch/](https://pentoo.ch/)

* [http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html](http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html)

* [http://www.piotrbania.com/all/kon-boot/](http://www.piotrbania.com/all/kon-boot/)

* [http://www.linuxfromscratch.org/](http://www.linuxfromscratch.org/)

* [http://sumolinux.suntzudata.com/](http://sumolinux.suntzudata.com/)

* [http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments](http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments)

* [http://www.backbox.org/](http://www.backbox.org/)

## Labs

## ISOs and VMs

* [http://sourceforge.net/projects/websecuritydojo/](http://sourceforge.net/projects/websecuritydojo/)

* [http://code.google.com/p/owaspbwa/wiki/ProjectSummary](http://code.google.com/p/owaspbwa/wiki/ProjectSummary)

* [http://heorot.net/livecds/](http://heorot.net/livecds/)

* [http://informatica.uv.es/~carlos/docencia/netinvm/](http://informatica.uv.es/~carlos/docencia/netinvm/)

* [http://www.bonsai-sec.com/en/research/moth.php](http://www.bonsai-sec.com/en/research/moth.php)

* [http://blog.metasploit.com/2010/05/introducing-metasploitable.html](http://blog.metasploit.com/2010/05/introducing-metasploitable.html)

* [http://pynstrom.net/holynix.php](http://pynstrom.net/holynix.php)

* [http://gnacktrack.co.uk/download.php](http://gnacktrack.co.uk/download.php)

* [http://sourceforge.net/projects/lampsecurity/files/](http://sourceforge.net/projects/lampsecurity/files/)

* [https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html](https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html)

* [http://sourceforge.net/projects/virtualhacking/files/](http://sourceforge.net/projects/virtualhacking/files/)

* [http://www.badstore.net/](http://www.badstore.net/)

* [http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10](http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10)

* [http://www.dvwa.co.uk/](http://www.dvwa.co.uk/)

* [http://sourceforge.net/projects/thebutterflytmp/](http://sourceforge.net/projects/thebutterflytmp/)

## Vulnerable Software

* [http://www.oldapps.com/](http://www.oldapps.com/)

* [http://www.oldversion.com/](http://www.oldversion.com/)

* [http://www.exploit-db.com/webapps/](http://www.exploit-db.com/webapps/)

* [http://code.google.com/p/wavsep/downloads/list](http://code.google.com/p/wavsep/downloads/list)

* [http://www.owasp.org/index.php/Owasp_SiteGenerator](http://www.owasp.org/index.php/Owasp_SiteGenerator)

* [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx](http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx)

* [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx](http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx)

* [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx](http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx)

* [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx](http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx)

## Test Sites

* [http://www.webscantest.com/](http://www.webscantest.com/)

* [http://crackme.cenzic.com/Kelev/view/home.php](http://crackme.cenzic.com/Kelev/view/home.php)

* [http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com](http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com)

* [http://testaspnet.vulnweb.com/](http://testaspnet.vulnweb.com/)

* [http://testasp.vulnweb.com/](http://testasp.vulnweb.com/)

* [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/)

* [http://demo.testfire.net/](http://demo.testfire.net/)

* [http://hackme.ntobjectives.com/](http://hackme.ntobjectives.com/)

## Exploitation Intro

If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.

* [http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html](http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html)

* [http://www.mgraziano.info/docs/stsi2010.pdf](http://www.mgraziano.info/docs/stsi2010.pdf)

* [http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/](http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/)

* [http://www.ethicalhacker.net/content/view/122/2/](http://www.ethicalhacker.net/content/view/122/2/)

* [http://code.google.com/p/it-sec-catalog/wiki/Exploitation](http://code.google.com/p/it-sec-catalog/wiki/Exploitation)

* [http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html](http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html)

* [http://ref.x86asm.net/index.html](http://ref.x86asm.net/index.html)

## Reverse Engineering & Malware

* [http://www.woodmann.com/TiGa/idaseries.html](http://www.woodmann.com/TiGa/idaseries.html)

* [http://www.binary-auditing.com/](http://www.binary-auditing.com/)

* [http://visi.kenshoto.com/](http://visi.kenshoto.com/)

* [http://www.radare.org/y/](http://www.radare.org/y/)

* [http://www.offensivecomputing.net/](http://www.offensivecomputing.net/)

## Passwords and Hashes

* [http://www.irongeek.com/i.php?page=videos/password-exploitation-class](http://www.irongeek.com/i.php?page=videos/password-exploitation-class)

* [http://cirt.net/passwords](http://cirt.net/passwords)

* [http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html](http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html)

* [http://www.foofus.net/~jmk/medusa/medusa-smbnt.html](http://www.foofus.net/~jmk/medusa/medusa-smbnt.html)

* [http://www.foofus.net/?page_id=63](http://www.foofus.net/?page_id=63)

* [http://hashcrack.blogspot.com/](http://hashcrack.blogspot.com/)

* [http://www.nirsoft.net/articles/saved_password_location.html](http://www.nirsoft.net/articles/saved_password_location.html)

* [http://www.onlinehashcrack.com/](http://www.onlinehashcrack.com/)

* [http://www.md5this.com/list.php?](http://www.md5this.com/list.php?)

* [http://www.virus.org/default-password](http://www.virus.org/default-password)

* [http://www.phenoelit-us.org/dpl/dpl.html](http://www.phenoelit-us.org/dpl/dpl.html)

* [http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html](http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html)

## Wordlists

* [http://contest.korelogic.com/wordlists.html](http://contest.korelogic.com/wordlists.html)

* [http://packetstormsecurity.org/Crackers/wordlists/](http://packetstormsecurity.org/Crackers/wordlists/)

* [http://www.skullsecurity.org/wiki/index.php/Passwords](http://www.skullsecurity.org/wiki/index.php/Passwords)

* [http://www.ericheitzman.com/passwd/passwords/](http://www.ericheitzman.com/passwd/passwords/)

## Pass the Hash

* [http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283](http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283)

* [http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219](http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219)

* [http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html](http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html)

## MiTM

* [http://www.giac.org/certified_professionals/practicals/gsec/0810.php](http://www.giac.org/certified_professionals/practicals/gsec/0810.php)

* [http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf](http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf)

* [http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf](http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf)

* [http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data](http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data)

* [http://www.mindcenter.net/uploads/ECCE101.pdf](http://www.mindcenter.net/uploads/ECCE101.pdf)

* [http://toorcon.org/pres12/3.pdf](http://toorcon.org/pres12/3.pdf)

* [http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf](http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf)

* [http://packetstormsecurity.org/papers/wireless/cracking-air.pdf](http://packetstormsecurity.org/papers/wireless/cracking-air.pdf)

* [http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf](http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf)

* [http://www.oact.inaf.it/ws-ssri/Costa.pdf](http://www.oact.inaf.it/ws-ssri/Costa.pdf)

* [http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf](http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf)

* [http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf](http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf)

* [http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf](http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf)

* [http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf](http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf)

* [http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf](http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf)

* [http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf](http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf)

* [http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf](http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf)

* [http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf](http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf)

* [http://articles.manugarg.com/arp_spoofing.pdf](http://articles.manugarg.com/arp_spoofing.pdf)

* [http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf](http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf)

* [http://www.ucci.it/docs/ICTSecurity-2004-26.pdf](http://www.ucci.it/docs/ICTSecurity-2004-26.pdf)

* [http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf](http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf)

* [http://blog.spiderlabs.com/2010/12/thicknet.html](http://blog.spiderlabs.com/2010/12/thicknet.html)

* [http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/](http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/)

* [http://www.go4expert.com/forums/showthread.php?t=11842](http://www.go4expert.com/forums/showthread.php?t=11842)

* [http://www.irongeek.com/i.php?page=security/ettercapfilter](http://www.irongeek.com/i.php?page=security/ettercapfilter)

* [http://openmaniak.com/ettercap_filter.php](http://openmaniak.com/ettercap_filter.php)

* [http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming](http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming)

* [http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate](http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate)

* [http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1](http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1)

* [http://spareclockcycles.org/2010/06/10/sergio-proxy-released/](http://spareclockcycles.org/2010/06/10/sergio-proxy-released/)

## Tools

### OSINT

* [http://www.edge-security.com/theHarvester.php](http://www.edge-security.com/theHarvester.php)

* [http://www.mavetju.org/unix/dnstracer-man.php](http://www.mavetju.org/unix/dnstracer-man.php)

* [http://www.paterva.com/web5/](http://www.paterva.com/web5/)

### Metadata

* [http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974](http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974)

* [http://lcamtuf.coredump.cx/strikeout/](http://lcamtuf.coredump.cx/strikeout/)

* [http://www.sno.phy.queensu.ca/~phil/exiftool/](http://www.sno.phy.queensu.ca/~phil/exiftool/)

* [http://www.edge-security.com/metagoofil.php](http://www.edge-security.com/metagoofil.php)

* [http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html](http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html)

## Google Hacking

* [http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/](http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/)

* [http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads](http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads)

* [http://sqid.rubyforge.org/#next](http://sqid.rubyforge.org/#next)

* [http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html](http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html)

## Web

* [http://www.bindshell.net/tools/beef](http://www.bindshell.net/tools/beef)

* [http://blindelephant.sourceforge.net/](http://blindelephant.sourceforge.net/)

* [http://xsser.sourceforge.net/](http://xsser.sourceforge.net/)

* [http://sourceforge.net/projects/rips-scanner/](http://sourceforge.net/projects/rips-scanner/)

* [http://www.divineinvasion.net/authforce/](http://www.divineinvasion.net/authforce/)

* [http://andlabs.org/tools.html#sotf](http://andlabs.org/tools.html#sotf)

* [http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf](http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf)

* [http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html](http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html)

* [http://code.google.com/p/pinata-csrf-tool/](http://code.google.com/p/pinata-csrf-tool/)

* [http://xsser.sourceforge.net/#intro](http://xsser.sourceforge.net/#intro)

* [http://www.contextis.co.uk/resources/tools/clickjacking-tool/](http://www.contextis.co.uk/resources/tools/clickjacking-tool/)

* [http://packetstormsecurity.org/files/view/69896/unicode-fun.txt](http://packetstormsecurity.org/files/view/69896/unicode-fun.txt)

* [http://sourceforge.net/projects/ws-attacker/files/](http://sourceforge.net/projects/ws-attacker/files/)

* [https://github.com/koto/squid-imposter](https://github.com/koto/squid-imposter)

## Attack Strings

* [http://code.google.com/p/fuzzdb/](http://code.google.com/p/fuzzdb/)

* [http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements](http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements)

## Shells

* [http://sourceforge.net/projects/yokoso/](http://sourceforge.net/projects/yokoso/)

* [http://sourceforge.net/projects/ajaxshell/](http://sourceforge.net/projects/ajaxshell/)

## Scanners

* [http://w3af.sourceforge.net/](http://w3af.sourceforge.net/)

* [http://code.google.com/p/skipfish/](http://code.google.com/p/skipfish/)

* [http://sqlmap.sourceforge.net/](http://sqlmap.sourceforge.net/)

* [http://sqid.rubyforge.org/#next](http://sqid.rubyforge.org/#next)

* [http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt](http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt)

* [http://code.google.com/p/fimap/wiki/WindowsAttack](http://code.google.com/p/fimap/wiki/WindowsAttack)

* [http://code.google.com/p/fm-fsf/](http://code.google.com/p/fm-fsf/)

## Proxies

### Burp

* [http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214](http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214)

* [http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/](http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/)

* [http://sourceforge.net/projects/belch/files/](http://sourceforge.net/projects/belch/files/)

* [http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools](http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools)

* [http://blog.ombrepixel.com/](http://blog.ombrepixel.com/)

* [http://andlabs.org/tools.html#dser](http://andlabs.org/tools.html#dser)

* [http://feoh.tistory.com/22](http://feoh.tistory.com/22)

* [http://www.sensepost.com/labs/tools/pentest/reduh](http://www.sensepost.com/labs/tools/pentest/reduh)

* [http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project](http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project)

* [http://intrepidusgroup.com/insight/mallory/](http://intrepidusgroup.com/insight/mallory/)

* [http://www.fiddler2.com/fiddler2/](http://www.fiddler2.com/fiddler2/)

* [http://websecuritytool.codeplex.com/documentation?referringTitle=Home](http://websecuritytool.codeplex.com/documentation?referringTitle=Home)

* [http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1](http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1)

## Social Engineering

* [http://www.secmaniac.com/](http://www.secmaniac.com/)

## Password

* [http://nmap.org/ncrack/](http://nmap.org/ncrack/)

* [http://www.foofus.net/~jmk/medusa/medusa.html](http://www.foofus.net/~jmk/medusa/medusa.html)

* [http://www.openwall.com/john/](http://www.openwall.com/john/)

* [http://ophcrack.sourceforge.net/](http://ophcrack.sourceforge.net/)

* [http://blog.0x3f.net/tool/keimpx-in-action/](http://blog.0x3f.net/tool/keimpx-in-action/)

* [http://code.google.com/p/keimpx/](http://code.google.com/p/keimpx/)

* [http://sourceforge.net/projects/hashkill/](http://sourceforge.net/projects/hashkill/)

## Metasploit

* [http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html](http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html)

* [http://code.google.com/p/msf-hack/wiki/WmapNikto](http://code.google.com/p/msf-hack/wiki/WmapNikto)

* [http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html](http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html)

* [http://seclists.org/metasploit/](http://seclists.org/metasploit/)

* [http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html](http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html)

* [http://meterpreter.illegalguy.hostzi.com/](http://meterpreter.illegalguy.hostzi.com/)

* [http://blog.metasploit.com/2010/03/automating-metasploit-console.html](http://blog.metasploit.com/2010/03/automating-metasploit-console.html)

* [http://www.workrobot.com/sansfire2009/561.html](http://www.workrobot.com/sansfire2009/561.html)

* [http://www.securitytube.net/video/711](http://www.securitytube.net/video/711)

* [http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download](http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download)

* [http://vimeo.com/16852783](http://vimeo.com/16852783)

* [http://milo2012.wordpress.com/2009/09/27/xlsinjector/](http://milo2012.wordpress.com/2009/09/27/xlsinjector/)

* [http://www.fastandeasyhacking.com/](http://www.fastandeasyhacking.com/)

* [http://trac.happypacket.net/](http://trac.happypacket.net/)

* [http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf](http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf)

* [http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf](http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf)

### MSF Exploits or Easy

* [http://www.nessus.org/plugins/index.php?view=single&id=12204](http://www.nessus.org/plugins/index.php?view=single&id=12204)

* [http://www.nessus.org/plugins/index.php?view=single&id=11413](http://www.nessus.org/plugins/index.php?view=single&id=11413)

* [http://www.nessus.org/plugins/index.php?view=single&id=18021](http://www.nessus.org/plugins/index.php?view=single&id=18021)

* [http://www.nessus.org/plugins/index.php?view=single&id=26918](http://www.nessus.org/plugins/index.php?view=single&id=26918)

* [http://www.nessus.org/plugins/index.php?view=single&id=34821](http://www.nessus.org/plugins/index.php?view=single&id=34821)

* [http://www.nessus.org/plugins/index.php?view=single&id=22194](http://www.nessus.org/plugins/index.php?view=single&id=22194)

* [http://www.nessus.org/plugins/index.php?view=single&id=34476](http://www.nessus.org/plugins/index.php?view=single&id=34476)

* [http://www.nessus.org/plugins/index.php?view=single&id=25168](http://www.nessus.org/plugins/index.php?view=single&id=25168)

* [http://www.nessus.org/plugins/index.php?view=single&id=19408](http://www.nessus.org/plugins/index.php?view=single&id=19408)

* [http://www.nessus.org/plugins/index.php?view=single&id=21564](http://www.nessus.org/plugins/index.php?view=single&id=21564)

* [http://www.nessus.org/plugins/index.php?view=single&id=10862](http://www.nessus.org/plugins/index.php?view=single&id=10862)

* [http://www.nessus.org/plugins/index.php?view=single&id=26925](http://www.nessus.org/plugins/index.php?view=single&id=26925)

* [http://www.nessus.org/plugins/index.php?view=single&id=29314](http://www.nessus.org/plugins/index.php?view=single&id=29314)

* [http://www.nessus.org/plugins/index.php?view=single&id=23643](http://www.nessus.org/plugins/index.php?view=single&id=23643)

* [http://www.nessus.org/plugins/index.php?view=single&id=12052](http://www.nessus.org/plugins/index.php?view=single&id=12052)

* [http://www.nessus.org/plugins/index.php?view=single&id=12052](http://www.nessus.org/plugins/index.php?view=single&id=12052)

* [http://www.nessus.org/plugins/index.php?view=single&id=34477](http://www.nessus.org/plugins/index.php?view=single&id=34477)

* [http://www.nessus.org/plugins/index.php?view=single&id=15962](http://www.nessus.org/plugins/index.php?view=single&id=15962)

* [http://www.nessus.org/plugins/index.php?view=single&id=42106](http://www.nessus.org/plugins/index.php?view=single&id=42106)

* [http://www.nessus.org/plugins/index.php?view=single&id=15456](http://www.nessus.org/plugins/index.php?view=single&id=15456)

* [http://www.nessus.org/plugins/index.php?view=single&id=21689](http://www.nessus.org/plugins/index.php?view=single&id=21689)

* [http://www.nessus.org/plugins/index.php?view=single&id=12205](http://www.nessus.org/plugins/index.php?view=single&id=12205)

* [http://www.nessus.org/plugins/index.php?view=single&id=22182](http://www.nessus.org/plugins/index.php?view=single&id=22182)

* [http://www.nessus.org/plugins/index.php?view=single&id=26919](http://www.nessus.org/plugins/index.php?view=single&id=26919)

* [http://www.nessus.org/plugins/index.php?view=single&id=26921](http://www.nessus.org/plugins/index.php?view=single&id=26921)

* [http://www.nessus.org/plugins/index.php?view=single&id=21696](http://www.nessus.org/plugins/index.php?view=single&id=21696)

* [http://www.nessus.org/plugins/index.php?view=single&id=40887](http://www.nessus.org/plugins/index.php?view=single&id=40887)

* [http://www.nessus.org/plugins/index.php?view=single&id=10404](http://www.nessus.org/plugins/index.php?view=single&id=10404)

* [http://www.nessus.org/plugins/index.php?view=single&id=18027](http://www.nessus.org/plugins/index.php?view=single&id=18027)

* [http://www.nessus.org/plugins/index.php?view=single&id=19402](http://www.nessus.org/plugins/index.php?view=single&id=19402)

* [http://www.nessus.org/plugins/index.php?view=single&id=11790](http://www.nessus.org/plugins/index.php?view=single&id=11790)

* [http://www.nessus.org/plugins/index.php?view=single&id=12209](http://www.nessus.org/plugins/index.php?view=single&id=12209)

* [http://www.nessus.org/plugins/index.php?view=single&id=10673](http://www.nessus.org/plugins/index.php?view=single&id=10673)

## NSE

* [http://www.securitytube.net/video/931](http://www.securitytube.net/video/931)

* [http://nmap.org/nsedoc/](http://nmap.org/nsedoc/)

## Net Scanners and Scripts

* [http://nmap.org/](http://nmap.org/)

* [http://asturio.gmxhome.de/software/sambascan2/i.html](http://asturio.gmxhome.de/software/sambascan2/i.html)

* [http://www.softperfect.com/products/networkscanner/](http://www.softperfect.com/products/networkscanner/)

* [http://www.openvas.org/](http://www.openvas.org/)

* [http://tenable.com/products/nessus](http://tenable.com/products/nessus)

* [http://www.rapid7.com/vulnerability-scanner.jsp](http://www.rapid7.com/vulnerability-scanner.jsp)

* [http://www.eeye.com/products/retina/community](http://www.eeye.com/products/retina/community)

## Post Exploitation

* [http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py](http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py)

* [http://www.phx2600.org/archive/2008/08/29/metacab/](http://www.phx2600.org/archive/2008/08/29/metacab/)

* [http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html](http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html)

## Netcat

* [http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html](http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html)

* [http://www.radarhack.com/tutorial/ads.pdf](http://www.radarhack.com/tutorial/ads.pdf)

* [http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf](http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf)

* [http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf](http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf)

* [http://www.dest-unreach.org/socat/](http://www.dest-unreach.org/socat/)

* [http://www.antionline.com/archive/index.php/t-230603.html](http://www.antionline.com/archive/index.php/t-230603.html)

* [http://technotales.wordpress.com/2009/06/14/netcat-tricks/](http://technotales.wordpress.com/2009/06/14/netcat-tricks/)

* [http://seclists.org/nmap-dev/2009/q1/581](http://seclists.org/nmap-dev/2009/q1/581)

* [http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/](http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/)

* [http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf](http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf)

* [http://gse-compliance.blogspot.com/2008/07/netcat.html](http://gse-compliance.blogspot.com/2008/07/netcat.html)

## Source Inspection

* [http://www.justanotherhacker.com/projects/graudit.html](http://www.justanotherhacker.com/projects/graudit.html)

* [http://code.google.com/p/javasnoop/](http://code.google.com/p/javasnoop/)

## Firefox Addons

* [https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8](https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8)

* [https://addons.mozilla.org/en-US/firefox/addon/osvdb/](https://addons.mozilla.org/en-US/firefox/addon/osvdb/)

* [https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/](https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/)

* [https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/](https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/)

* [https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/](https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/)

* [https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/](https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/)

* [https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/](https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/)

* [https://addons.mozilla.org/en-US/firefox/addon/hackbar/](https://addons.mozilla.org/en-US/firefox/addon/hackbar/)

## Tool Listings

* [http://packetstormsecurity.org/files/tags/tool](http://packetstormsecurity.org/files/tags/tool)

* [http://tools.securitytube.net/index.php?title=Main_Page](http://tools.securitytube.net/index.php?title=Main_Page)

## Training/Classes

## Sec/Hacking

* [http://pentest.cryptocity.net/](http://pentest.cryptocity.net/)

* [http://www.irongeek.com/i.php?page=videos/network-sniffers-class](http://www.irongeek.com/i.php?page=videos/network-sniffers-class)

* [http://samsclass.info/124/124_Sum09.shtml](http://samsclass.info/124/124_Sum09.shtml)

* [http://www.cs.ucsb.edu/~vigna/courses/cs279/](http://www.cs.ucsb.edu/~vigna/courses/cs279/)

* [http://crypto.stanford.edu/cs142/](http://crypto.stanford.edu/cs142/)

* [http://crypto.stanford.edu/cs155/](http://crypto.stanford.edu/cs155/)

* [http://cseweb.ucsd.edu/classes/wi09/cse227/](http://cseweb.ucsd.edu/classes/wi09/cse227/)

* [http://www-inst.eecs.berkeley.edu/~cs161/sp11/](http://www-inst.eecs.berkeley.edu/~cs161/sp11/)

* [http://security.ucla.edu/pages/Security_Talks](http://security.ucla.edu/pages/Security_Talks)

* [http://www.cs.rpi.edu/academics/courses/spring10/csci4971/](http://www.cs.rpi.edu/academics/courses/spring10/csci4971/)

* [http://cr.yp.to/2004-494.html](http://cr.yp.to/2004-494.html)

* [http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/](http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/)

* [https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot](https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot)

* [http://stuff.mit.edu/iap/2009/#websecurity](http://stuff.mit.edu/iap/2009/#websecurity)

## Metasploit

* [http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training](http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training)

* [http://www.irongeek.com/i.php?page=videos/metasploit-class](http://www.irongeek.com/i.php?page=videos/metasploit-class)

* [http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/](http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/)

* [http://vimeo.com/16925188](http://vimeo.com/16925188)

* [http://www.ustream.tv/recorded/13396511](http://www.ustream.tv/recorded/13396511)

* [http://www.ustream.tv/recorded/13397426](http://www.ustream.tv/recorded/13397426)

* [http://www.ustream.tv/recorded/13398740](http://www.ustream.tv/recorded/13398740)

## Programming

### Python

* [http://code.google.com/edu/languages/google-python-class/index.html](http://code.google.com/edu/languages/google-python-class/index.html)

* [http://www.swaroopch.com/notes/Python_en:Table_of_Contents](http://www.swaroopch.com/notes/Python_en:Table_of_Contents)

* [http://www.thenewboston.com/?cat=40&pOpen=tutorial](http://www.thenewboston.com/?cat=40&pOpen=tutorial)

* [http://showmedo.com/videotutorials/python](http://showmedo.com/videotutorials/python)

* [http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/](http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/)

### Ruby

* [http://www.tekniqal.com/](http://www.tekniqal.com/)

## Other Misc

* [http://www.cs.sjtu.edu.cn/~kzhu/cs490/](http://www.cs.sjtu.edu.cn/~kzhu/cs490/)

* [https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/](https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/)

* [http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/](http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/)

* [http://resources.infosecinstitute.com/](http://resources.infosecinstitute.com/)

* [http://vimeo.com/user2720399](http://vimeo.com/user2720399)

## Web Vectors

## SQLi

* [http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/](http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/)

* [http://isc.sans.edu/diary.html?storyid=9397](http://isc.sans.edu/diary.html?storyid=9397)

* [http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/](http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/)

* [http://www.evilsql.com/main/index.php](http://www.evilsql.com/main/index.php)

* [http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html](http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html)

* [http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections](http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections)

* [http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/](http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/)

* [http://sqlzoo.net/hack/](http://sqlzoo.net/hack/)

* [http://www.sqlteam.com/article/sql-server-versions](http://www.sqlteam.com/article/sql-server-versions)

* [http://www.krazl.com/blog/?p=3](http://www.krazl.com/blog/?p=3)

* [http://www.owasp.org/index.php/Testing_for_MS_Access](http://www.owasp.org/index.php/Testing_for_MS_Access)

* [http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html](http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html)

* [http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html](http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html)

* [http://www.youtube.com/watch?v=WkHkryIoLD0](http://www.youtube.com/watch?v=WkHkryIoLD0)

* [http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf](http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf)

* [http://vimeo.com/3418947](http://vimeo.com/3418947)

* [http://sla.ckers.org/forum/read.php?24,33903](http://sla.ckers.org/forum/read.php?24,33903)

* [http://websec.files.wordpress.com/2010/11/sqli2.pdf](http://websec.files.wordpress.com/2010/11/sqli2.pdf)

* [http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/](http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/)

* [http://ha.ckers.org/sqlinjection/](http://ha.ckers.org/sqlinjection/)

* [http://lab.mediaservice.net/notes_more.php?id=MSSQL](http://lab.mediaservice.net/notes_more.php?id=MSSQL)

## Upload Tricks

* [http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972](http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972)

* [http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html](http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html)

* [http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/](http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/)

* [http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/](http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/)

* [http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/](http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/)

* [http://www.ravenphpscripts.com/article2974.html](http://www.ravenphpscripts.com/article2974.html)

* [http://www.acunetix.com/cross-site-scripting/scanner.htm](http://www.acunetix.com/cross-site-scripting/scanner.htm)

* [http://www.vupen.com/english/advisories/2009/3634](http://www.vupen.com/english/advisories/2009/3634)

* [http://msdn.microsoft.com/en-us/library/aa478971.aspx](http://msdn.microsoft.com/en-us/library/aa478971.aspx)

* [http://dev.tangocms.org/issues/237](http://dev.tangocms.org/issues/237)

* [http://seclists.org/fulldisclosure/2006/Jun/508](http://seclists.org/fulldisclosure/2006/Jun/508)

* [http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/](http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/)

* [http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html](http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html)

* [http://shsc.info/FileUploadSecurity](http://shsc.info/FileUploadSecurity)

## LFI/RFI

* [http://pastie.org/840199](http://pastie.org/840199)

* [http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/](http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/)

* [http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter](http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter)

* [http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/](http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/)

* [http://www.digininja.org/blog/when_all_you_can_do_is_read.php](http://www.digininja.org/blog/when_all_you_can_do_is_read.php)

## XSS

* [http://www.infosecwriters.com/hhworld/hh8/csstut.htm](http://www.infosecwriters.com/hhworld/hh8/csstut.htm)

* [http://www.technicalinfo.net/papers/CSS.html](http://www.technicalinfo.net/papers/CSS.html)

* [http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx](http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx)

* [http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html](http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html)

* [https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf](https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf)

* [http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html](http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html)

* [http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/](http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/)

* [http://heideri.ch/jso/#javascript](http://heideri.ch/jso/#javascript)

* [http://www.reddit.com/r/xss/](http://www.reddit.com/r/xss/)

* [http://sla.ckers.org/forum/list.php?2](http://sla.ckers.org/forum/list.php?2)

## Coldfusion

* [http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/](http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/)

* [http://zastita.com/02114/Attacking_ColdFusion..html](http://zastita.com/02114/Attacking_ColdFusion..html)

* [http://www.nosec.org/2010/0809/629.html](http://www.nosec.org/2010/0809/629.html)

* [http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964](http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964)

* [http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf](http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf)

## Sharepoint

* [http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678](http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678)

## Lotus

* [http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security](http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security)

* [http://seclists.org/pen-test/2002/Nov/43](http://seclists.org/pen-test/2002/Nov/43)

* [http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?](http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?)

## JBoss

* [http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf](http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf)

* [http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html](http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html)

## VMWare Web

* [http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav](http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav)

## Oracle App Servers

* [http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html](http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html)

* [http://www.owasp.org/index.php/Testing_for_Oracle](http://www.owasp.org/index.php/Testing_for_Oracle)

* [http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx](http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx)

* [http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx](http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx)

* [http://www.ngssoftware.com/papers/hpoas.pdf](http://www.ngssoftware.com/papers/hpoas.pdf)

## SAP

* [http://www.onapsis.com/research.html#bizploit](http://www.onapsis.com/research.html#bizploit)

* [http://marc.info/?l=john-users&m=121444075820309&w=2](http://marc.info/?l=john-users&m=121444075820309&w=2)

* [http://www.phenoelit-us.org/whatSAP/index.html](http://www.phenoelit-us.org/whatSAP/index.html)

## Wireless

* [http://code.google.com/p/pyrit/](http://code.google.com/p/pyrit/)

## Capture the Flag/Wargames

* [http://intruded.net/](http://intruded.net/)

* [http://smashthestack.org/](http://smashthestack.org/)

* [http://flack.hkpco.kr/](http://flack.hkpco.kr/)

* [http://ctf.hcesperer.org/](http://ctf.hcesperer.org/)

* [http://ictf.cs.ucsb.edu/](http://ictf.cs.ucsb.edu/)

* [http://capture.thefl.ag/calendar/](http://capture.thefl.ag/calendar/)

## Conferences

* [https://www.google.com/calendar/[email protected]&gsessionid=OK](https://www.google.com/calendar/[email protected]&gsessionid=OK)

## Misc/Unsorted

* [http://www.ikkisoft.com/stuff/SMH_XSS.txt](http://www.ikkisoft.com/stuff/SMH_XSS.txt)

* [http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter](http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter)

* [http://whatthefuckismyinformationsecuritystrategy.com/](http://whatthefuckismyinformationsecuritystrategy.com/)

* [http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#](http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#)

* [http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#](http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#)

* [http://www.sensepost.com/blog/4552.html](http://www.sensepost.com/blog/4552.html)

* [http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html](http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html)

* [http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210](http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210)

* [http://carnal0wnage.attackresearch.com/node/410](http://carnal0wnage.attackresearch.com/node/410)

* [http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf](http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf)

* [http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf](http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf)

* [http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/](http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/)