Awesome Penetration Testing

[Nytro]

[h=2]Awesome Penetration Testing[/h] A collection of awesome penetration testing resources, tools, books, confs, magazines and other shiny things

• Online Resources
  
  • Penetration Testing Resources
    
  • Shell Scripting Resources
    
  • Linux Resources
    
  • Shellcode development
    
  • Social Engineering Resources
    
  • Lock Picking Resources
    

  [*] Tools

  • Penetration Testing Distributions
    
  • Basic Penetration Testing Tools
    
  • Vulnerability Scanners
    
  • Network Tools
    
  • Hex Editors
    
  • Crackers
    
  • Windows Utils
    
  • DDoS Tools
    
  • Social Engineering Tools
    
  • Anonimity Tools
    
  • Reverse Engineering Tools
    

  [*] Books

  • Penetration Testing Books
    
  • Hackers Handbook Series
    
  • Network Analysis Books
    
  • Reverse Engineering Books
    
  • Malware Analysis Books
    
  • Windows Books
    
  • Social Engineering Books
    
  • Lock Picking Books
    

  [*]Vulnerability Databases

  [*]Security Courses

  [*]Information Security Conferences

  [*]Information Security Magazines

  [*]Awesome Lists

  [*]Contribution

  [*]License

[h=3][/h][h=3]Online Resources[/h] [h=4]Penetration Testing Resources[/h]

• Metasploit Unleashed - Free Offensive Security metasploit course
  
• PTES - Penetration Testing Execution Standard
  
• OWASP - Open Web Application Security Project
  
• OSSTMM - Open Source Security Testing Methodology Manual
  

[h=4]Shell Scripting Resources[/h]

• LSST - Linux Shell Scripting Tutorial
  

[h=4]Linux resources[/h]

• Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels
  

[h=4][/h][h=4]Shellcode development[/h]

• Shellcode Tutorials - Tutorials on how to write shellcode
  
• Shellcode examples - Shellcodes database
  

[h=4][/h][h=4]Social Engineering Resources[/h]

• Social Engineering Framework - An information resource for social engineers
  

[h=4][/h][h=4]Lock Picking Resources[/h]

• Schuyler Towne channel - Lockpicking videos and security talks
  

[h=3][/h][h=3]Tools[/h] [h=4][/h][h=4]Penetration Testing Distributions[/h]

• Kali - A Linux distribution designed for digital forensics and penetration testing
  
• NST - Network Security Toolkit distribution
  
• Pentoo - security-focused livecd based on Gentoo
  
• BackBox - Ubuntu-based distribution for penetration tests and security assessments
  

[h=4]Basic Penetration Testing Tools[/h]

• Metasploit - World's most used penetration testing software
  
• Burp - An integrated platform for performing security testing of web applications
  

[h=4]Vulnerability Scanners[/h]

• Netsparker - Web Application Security Scanner
  
• Nexpose - Vulnerability Management & Risk Management Software
  
• Nessus - Vulnerability, configuration, and compliance assessment
  
• Nikto - Web application vulnerability scanner
  
• OpenVAS - Open Source vulnerability scanner and manager
  
• OWASP Zed Attack Proxy - Penetration testing tool for web applications
  
• w3af - Web application attack and audit framework
  
• Wapiti - Web application vulnerability scanner
  

[h=4][/h][h=4]Networks Tools[/h]

• nmap - Free Security Scanner For Network Exploration & Security Audits
  
• tcpdump/libpcap - A common packet analyzer that runs under the command line
  
• Wireshark - A network protocol analyzer for Unix and Windows
  
• Network Tools - Different network tools: ping, lookup, whois, etc
  
• netsniff-ng - A Swiss army knife for for network sniffing
  
• Intercepter-NG - a multifunctional network toolkit
  

[h=4]SSL Analysis Tools[/h]

• SSLyze - SSL configuration scanner
  

[h=4]Hex Editors[/h]

• HexEdit.js - Browser-based hex editing
  

[h=4]Crackers[/h]

• John the Ripper - Fast password cracker
  
• Online MD5 cracker - Online MD5 hash Cracker
  

[h=4]Windows Utils[/h]

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities
  
• Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
  

[h=4]DDoS Tools[/h]

• LOIC - An open source network stress tool for Windows
  
• JS LOIC - JavaScript in-browser version of LOIC
  

[h=4]Social Engineering Tools[/h]

• SET - The Social-Engineer Toolkit from TrustedSec
  

[h=4]Anonimity Tools[/h]

• Tor - The free software for enabling onion routing online anonymity
  
• I2P - The Invisible Internet Project
  

[h=4]Reverse Engineering Tools[/h]

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  
• WDK/WinDbg - Windows Driver Kit and WinDbg
  
• OllyDbg - An x86 debugger that emphasizes binary code analysis
  

[h=3]Books[/h] [h=4]Penetration Testing Books[/h]

• The Art of Exploitation by Jon Erickson, 2008
  
• Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
  
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
  
• Rtfm: Red Team Field Manual by Ben Clark, 2014
  
• The Hacker Playbook by Peter Kim, 2014
  
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
  
• Professional Penetration Testing by Thomas Wilhelm, 2013
  
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
  
• Violent Python by TJ O'Connor, 2012
  
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
  

[h=4]Hackers Handbook Series[/h]

• The Shellcoders Handbook by Chris Anley and others, 2007
  
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
  
• iOS Hackers Handbook by Charlie Miller and others, 2012
  
• Android Hackers Handbook by Joshua J. Drake and others, 2014
  
• The Browser Hackers Handbook by Wade Alcorn and others, 2014
  

[h=4]Network Analysis Books[/h]

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
  
• Practical Packet Analysis by Chris Sanders, 2011
  
• Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
  

[h=4]Reverse Engineering Books[/h]

• Reverse Engineering for Beginners by Dennis Yurichev (free!)
  
• The IDA Pro Book by Chris Eagle, 2011
  
• Practical Reverse Engineering by Bruce Dang and others, 2014
  
• Reverse Engineering for Beginners
  

[h=4]Malware Analysis Books[/h]

• Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
  
• The Art of Memory Forensics by Michael Hale Ligh and others, 2014
  

[h=4]Windows Books[/h]

• Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu
  

[h=4]Social Engineering Books[/h]

• The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
  
• The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
  
• Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
  
• No Tech Hacking by Johnny Long, Jack Wiles, 2008
  
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
  
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
  

[h=4][/h][h=4]Lock Picking Books[/h]

• Practical Lock Picking by Deviant Ollam, 2012
  
• Keys to the Kingdom by Deviant Ollam, 2012
  

[h=3]Vulnerability Databases[/h]

• NVD - US National Vulnerability Database
  
• CERT - US Computer Emergency Readiness Team
  
• OSVDB - Open Sourced Vulnerability Database
  
• Bugtraq - Symantec SecurityFocus
  
• Exploit-DB - Offensive Security Exploit Database
  
• Fulldisclosure - Full Disclosure Mailing List
  
• MS Bulletin - Microsoft Security Bulletin
  
• MS Advisory - Microsoft Security Advisories
  
• Inj3ct0r - Inj3ct0r Exploit Database
  
• Packet Storm - Packet Storm Global Security Resource
  
• SecuriTeam - Securiteam Vulnerability Information
  
• CXSecurity - CSSecurity Bugtraq List
  
• Vulnerability Laboratory - Vulnerability Research Laboratory
  
• ZDI - Zero Day Initiative
  

[h=3][/h][h=3]Security Courses[/h]

• Offensive Security Training - Training from BackTrack/Kali developers
  
• SANS Security Training - Computer Security Training & Certification
  
• Open Security Training - Training material for computer security classes
  
• CTF Field Guide - everything you need to win your next CTF competition
  

[h=3]Information Security Conferences[/h]

• DEF CON - An annual hacker convention in Las Vegas
  
• Black Hat - An annual security conference in Las Vegas
  
• BSides - A framework for organising and holding security conferences
  
• CCC - An annual meeting of the international hacker scene in Germany
  
• DerbyCon - An annual hacker conference based in Louisville
  
• PhreakNIC - A technology conference held annually in middle Tennessee
  
• ShmooCon - An annual US east coast hacker convention
  
• CarolinaCon - An infosec conference, held annually in North Carolina
  
• HOPE - A conference series sponsored by the hacker magazine 2600
  
• SummerCon - One of the oldest hacker conventions, held during Summer
  
• Hack.lu - An annual conference held in Luxembourg
  
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
  
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
  
• Hack3rCon - An annual US hacker conference
  
• ThotCon - An annual US hacker conference held in Chicago
  
• LayerOne - An annual US security conerence held every spring in Los Angeles
  
• DeepSec - Security Conference in Vienna, Austria
  
• SkyDogCon - A technology conference in Nashville
  

[h=3][/h][h=3]Information Security Magazines[/h]

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
  
• Hakin9 - A Polish online, weekly publication on IT Security
  

[h=3]Awesome Lists[/h]

• SecTools - Top 125 Network Security Tools
  
• C/C++ Programming - One of the main language for open source security tools
  
• .NET Programming - A software framework for Microsoft Windows platform development
  
• Shell Scripting - Command-line frameworks, toolkits, guides and gizmos
  
• Ruby Programming by @SiNdresorhus - JavaScript in command-line
  
• Node.js Programming by @vndmtrx - JavaScript in command-line
  
• Python tools for penetration testers - Lots of pentesting tools are written in Python
  
• Python Programming by @svaksha - General Python programming
  
• Python Programming by @vinta - General Python programming
  
• Andorid Security - A collection of android security related resources
  
• Awesome Awesomness - The List of the Lists
  

[h=3][/h][h=3]Contribution[/h] Your contributions and suggestions are heartily? welcome. (????)

[h=3][/h][h=3]License[/h]

This work is licensed under a Creative Commons Attribution 4.0 International License

Sursa: https://github.com/enaqx/awesome-pentest

[xxxencod3dxxx]

Thank You

[grmrev]

thank you

[gamerx]

good wok!

[FireWall123]

Thank you!! Really awesome  

[Joseph14]

Great job.Thank you for sharing.

[Technetium]

7 hours ago, Joseph14 said:

Great job.Thank you for sharing.

You have Like, Thanks, Upvote and Downvote buttons (The white heart with gray background at the bottom right of the screen of every forum post).

Please start using them and don't be a post hunter.