/awesome-pentest

A collection of awesome penetration testing resources, tools and other shiny things

Awesome Penetration Testing

A collection of awesome penetration testing resources

Online Resources

Penetration Testing Resources

  • Metasploit Unleashed - Free Offensive Security metasploit course
  • PTES - Penetration Testing Execution Standard
  • OWASP - Open Web Application Security Project

Exploit development

Social Engineering Resources

Lock Picking Resources

Tools

Penetration Testing Distributions

  • Kali - A Linux distribution designed for digital forensics and penetration testing
  • BlackArch - Arch Linux-based distribution for penetration testers and security researchers
  • NST - Network Security Toolkit distribution
  • Pentoo - security-focused livecd based on Gentoo
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments

Basic Penetration Testing Tools

  • Metasploit Framework - World's most used penetration testing software
  • Burp Suite - An integrated platform for performing security testing of web applications
  • ExploitPack - Graphical tool for penetration testing with a bunch of exploits
  • BeeF - The Browser Exploitation Framework Project
  • faraday - Collaborative Penetration Test and Vulnerability Management Platform
  • evilgrade - The update explotation framework
  • WPScan - Black box WordPress vulnerability scanner

Vulnerability Scanners

  • Netsparker - Web Application Security Scanner
  • Nexpose - Vulnerability Management & Risk Management Software
  • Nessus - Vulnerability, configuration, and compliance assessment
  • Nikto - Web application vulnerability scanner
  • OpenVAS - Open Source vulnerability scanner and manager
  • OWASP Zed Attack Proxy - Penetration testing tool for web applications
  • Secapps - Integrated web application security testing environment
  • w3af - Web application attack and audit framework
  • Wapiti - Web application vulnerability scanner
  • WebReaver - Web application vulnerability scanner for Mac OS X
  • DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR

Network Tools

  • nmap - Free Security Scanner For Network Exploration & Security Audits
  • pig - A Linux packet crafting tool
  • tcpdump/libpcap - A common packet analyzer that runs under the command line
  • Wireshark - A network protocol analyzer for Unix and Windows
  • Network Tools - Different network tools: ping, lookup, whois, etc
  • netsniff-ng - A Swiss army knife for for network sniffing
  • Intercepter-NG - a multifunctional network toolkit
  • SPARTA - Network Infrastructure Penetration Testing Tool
  • DNSDumpster - Online DNS recond and search service
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Wireless Network Tools

  • Aircrack-ng - a set of tools for auditing wireless network
  • Kismet - Wireless network detector, sniffer, and IDS
  • Reaver - Brute force attack against Wifi Protected Setup
  • Wifite - Automated wireless attack tool

SSL Analysis Tools

  • SSLyze - SSL configuration scanner
  • sslstrip - a demonstration of the HTTPS stripping attacks

Hex Editors

Crackers

Windows Utils

DDoS Tools

  • LOIC - An open source network stress tool for Windows
  • JS LOIC - JavaScript in-browser version of LOIC
  • T50 - The more fast network stress tool

Social Engineering Tools

  • SET - The Social-Engineer Toolkit from TrustedSec

OSInt Tools

  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.

Anonymity Tools

  • Tor - The free software for enabling onion routing online anonymity
  • I2P - The Invisible Internet Project
  • Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools

  • IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • IDA Free - The freeware version of IDA v5.0
  • WDK/WinDbg - Windows Driver Kit and WinDbg
  • OllyDbg - An x86 debugger that emphasizes binary code analysis
  • Radare2 - Opensource, crossplatform reverse engineering framework.
  • x64_dbg - An open-source x64/x32 debugger for windows.
  • Pyew - A Python tool for static malware analysis.
  • Bokken - GUI for Pyew Radare2.
  • Immunity Debugger - A powerful new way to write exploits and analyze malware
  • Evan's Debugger - OllyDbg-like debugger for Linux
  • Medusa disassembler - An open source interactive disassembler

CTF Tools

  • Pwntools - CTF framework for use in CTFs

Books

Penetration Testing Books

Hackers Handbook Series

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

Vulnerability Databases

Security Courses

Information Security Conferences

  • DEF CON - An annual hacker convention in Las Vegas
  • Black Hat - An annual security conference in Las Vegas
  • BSides - A framework for organising and holding security conferences
  • CCC - An annual meeting of the international hacker scene in Germany
  • DerbyCon - An annual hacker conference based in Louisville
  • PhreakNIC - A technology conference held annually in middle Tennessee
  • ShmooCon - An annual US east coast hacker convention
  • CarolinaCon - An infosec conference, held annually in North Carolina
  • HOPE - A conference series sponsored by the hacker magazine 2600
  • SummerCon - One of the oldest hacker conventions, held during Summer
  • Hack.lu - An annual conference held in Luxembourg
  • HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
  • Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
  • Hack3rCon - An annual US hacker conference
  • ThotCon - An annual US hacker conference held in Chicago
  • LayerOne - An annual US security conference held every spring in Los Angeles
  • DeepSec - Security Conference in Vienna, Austria
  • SkyDogCon - A technology conference in Nashville
  • SECUINSIDE - Security Conference in Seoul
  • DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
  • AppSecUSA - An annual conference organised by OWASP
  • BruCON - An annual security conference in Belgium
  • Infosecurity Europe - Europe's number one information security event, held in London, UK
  • Nullcon - An annual conference in Delhi and Goa, India
  • RSA Conference USA - An annual security conference in San Francisco, California, USA
  • Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
  • Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
  • Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina

Information Security Magazines

Awesome Lists

Contribution

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details.

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License