Skip to content

plo-/bookmarks

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 

Repository files navigation

Online Resources

Penetration Testing Resources

  • Metasploit Unleashed - Free Offensive Security metasploit course
  • PTES - Penetration Testing Execution Standard
  • OWASP - Open Web Application Security Project

Shellcode development

Social Engineering Resources

Lock Picking Resources

Tools

Penetration Testing Distributions

  • Kali - A Linux distribution designed for digital forensics and penetration testing
  • BlackArch - Arch Linux-based distribution for penetration testers and security researchers
  • NST - Network Security Toolkit distribution
  • Pentoo - security-focused livecd based on Gentoo
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments

Basic Penetration Testing Tools

  • Metasploit Framework - World's most used penetration testing software
  • Burp Suite - An integrated platform for performing security testing of web applications
  • ExploitPack - Graphical tool for penetration testing with a bunch of exploits

Vulnerability Scanners

  • Netsparker - Web Application Security Scanner
  • Nexpose - Vulnerability Management & Risk Management Software
  • Nessus - Vulnerability, configuration, and compliance assessment
  • Nikto - Web application vulnerability scanner
  • OpenVAS - Open Source vulnerability scanner and manager
  • OWASP Zed Attack Proxy - Penetration testing tool for web applications
  • Secapps - Integrated web application security testing environment
  • w3af - Web application attack and audit framework
  • Wapiti - Web application vulnerability scanner
  • WebReaver - Web application vulnerability scanner for Mac OS X

Network Tools

  • nmap - Free Security Scanner For Network Exploration & Security Audits
  • tcpdump/libpcap - A common packet analyzer that runs under the command line
  • Wireshark - A network protocol analyzer for Unix and Windows
  • Network Tools - Different network tools: ping, lookup, whois, etc
  • netsniff-ng - A Swiss army knife for for network sniffing
  • Intercepter-NG - a multifunctional network toolkit
  • SPARTA - Network Infrastructure Penetration Testing Tool

Wireless Network Tools

  • Aircrack-ng - a set of tools for auditing wireless network
  • Kismet - Wireless network detector, sniffer, and IDS
  • Reaver - Brute force attack against Wifi Protected Setup

SSL Analysis Tools

  • SSLyze - SSL configuration scanner
  • sslstrip - a demonstration of the HTTPS stripping attacks

Hex Editors

Crackers

Windows Utils

DDoS Tools

  • LOIC - An open source network stress tool for Windows
  • JS LOIC - JavaScript in-browser version of LOIC

Social Engineering Tools

  • SET - The Social-Engineer Toolkit from TrustedSec

OSInt Tools

  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.

Anonymity Tools

  • Tor - The free software for enabling onion routing online anonymity
  • I2P - The Invisible Internet Project

Reverse Engineering Tools

  • IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • IDA Free - The freeware version of IDA v5.0
  • WDK/WinDbg - Windows Driver Kit and WinDbg
  • OllyDbg - An x86 debugger that emphasizes binary code analysis
  • Radare2 - Opensource, crossplatform reverse engineering framework.
  • x64_dbg - An open-source x64/x32 debugger for windows.
  • Pyew - A Python tool for static malware analysis.
  • Bokken - GUI for Pyew Radare2.
  • Immunity Debugger - A powerful new way to write exploits and analyze malware
  • Evan's Debugger - OllyDbg-like debugger for Linux

Books

Penetration Testing Books

Hackers Handbook Series

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

Vulnerability Databases

Security Courses

Information Security Conferences

  • DEF CON - An annual hacker convention in Las Vegas
  • Black Hat - An annual security conference in Las Vegas
  • BSides - A framework for organising and holding security conferences
  • CCC - An annual meeting of the international hacker scene in Germany
  • DerbyCon - An annual hacker conference based in Louisville
  • PhreakNIC - A technology conference held annually in middle Tennessee
  • ShmooCon - An annual US east coast hacker convention
  • CarolinaCon - An infosec conference, held annually in North Carolina
  • HOPE - A conference series sponsored by the hacker magazine 2600
  • SummerCon - One of the oldest hacker conventions, held during Summer
  • Hack.lu - An annual conference held in Luxembourg
  • HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
  • Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
  • Hack3rCon - An annual US hacker conference
  • ThotCon - An annual US hacker conference held in Chicago
  • LayerOne - An annual US security conerence held every spring in Los Angeles
  • DeepSec - Security Conference in Vienna, Austria
  • SkyDogCon - A technology conference in Nashville
  • SECUINSIDE - Security Conference in Seoul
  • DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania

Information Security Magazines

# System ## Tutorials * [Corelan Team's Exploit writing tutorial](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) * [Exploit Writing Tutorials for Pentesters](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/) ## Tools * [Metasploit](https://github.com/rapid7/metasploit-framework) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. * [mimikatz](https://github.com/gentilkiwi/mimikatz) - A little tool to play with Windows security ## General * [Exploit database](https://www.exploit-db.com/) - An ultimate archive of exploits and vulnerable software # Reverse Engineering ## Tutorials * [Lenas Reversing for Newbies](https://tuts4you.com/download.php?list.17) * [Malware Analysis Tutorials: a Reverse Engineering Approach](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html) ## Tools * [IDA](https://www.hex-rays.com/products/ida/) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger * [OllyDbg](http://www.ollydbg.de/) - A 32-bit assembler level analysing debugger for Windows * [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with android .dex and java .class files * [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of “.class” files * [androguard](https://code.google.com/p/androguard/) - Reverse engineering, Malware and goodware analysis of Android applications * [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler * [dotPeek](https://www.jetbrains.com/decompiler/) - a free-of-charge .NET decompiler from JetBrains * [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables * [radare2](https://github.com/radare/radare2) - A portable reversing framework ## General * [Open Malware](http://www.offensivecomputing.net/) # Web ## Tools * [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool # Network ## Tools * [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer * [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT) * [tcpdump](http://www.tcpdump.org/) - a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture * [Paros](http://sourceforge.net/projects/paros/) - A Java based HTTP/HTTPS proxy for assessing web application vulnerability * [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications * [mitmproxy](https://mitmproxy.org/) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface * [mitmsocks4j](https://github.com/Akdeniz/mitmsocks4j) - Man in the Middle SOCKS Proxy for JAVA * [nmap](https://nmap.org/) - Nmap (Network Mapper) is a security scanner * [Aircrack-ng](http://www.aircrack-ng.org/) - An 802.11 WEP and WPA-PSK keys cracking program # Forensic ## Tools * [Autospy](http://www.sleuthkit.org/autopsy/) - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools * [sleuthkit](https://github.com/sleuthkit/sleuthkit) - A library and collection of command line digital forensics tools * [EnCase](https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx) - the shared technology within a suite of digital investigations products by Guidance Software * [malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool * [PEview](http://wjradburn.com/software/) - a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files * [HxD](http://mh-nexus.de/en/hxd/) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size * [WinHex](http://www.winhex.com/winhex/) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security * [BinText](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx) - A small, very fast and powerful text extractor that will be of particular interest to programmers

Tools

  • xortool - A tool to analyze multi-byte xor cipher
  • John the Ripper - A fast password cracker
  • Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
# Wargame ## System * [OverTheWire - Semtex](http://overthewire.org/wargames/semtex/) * [OverTheWire - Vortex](http://overthewire.org/wargames/vortex/) * [OverTheWire - Drifter](http://overthewire.org/wargames/drifter/) * [pwnable.kr](http://pwnable.kr/) - Provide various pwn challenges regarding system security * [Exploit Exercises - Nebula](https://exploit-exercises.com/nebula/) * [SmashTheStack](http://smashthestack.org/) ## Reverse Engineering * [Reversing.kr](http://www.reversing.kr/) - This site tests your ability to Cracking & Reverse Code Engineering * [CodeEngn](http://codeengn.com/challenges/) - (Korean) ## Web * [Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills * [0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits). ## Cryptography * [OverTheWire - Krypton](http://overthewire.org/wargames/krypton/) # CTF ## Competition * [DEF CON](https://legitbs.net/) * [CSAW CTF](https://ctf.isis.poly.edu/) * [hack.lu CTF](http://hack.lu/) * [Pliad CTF](http://www.plaidctf.com/) * [RuCTFe](http://ructf.org/e/) * [Ghost in the Shellcode](http://ghostintheshellcode.com/) * [PHD CTF](http://www.phdays.com/) * [SECUINSIDE CTF](http://secuinside.com/) * [Codegate CTF](http://ctf.codegate.org/html/Main.html?lang=eng) * [Boston Key Party CTF](http://bostonkeyparty.net/) ## General * [CTFtime.org](https://ctftime.org/) - All about CTF (Capture The Flag) * [WeChall](http://www.wechall.net/) * [CTF archives (shell-storm)](http://shell-storm.org/repo/CTF/) # ETC * [SecTools](http://sectools.org/) - Top 125 Network Security Tools * [BackTrack](http://www.backtrack-linux.org/)

About

all things awesome security

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published