This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated. New updates always welcome :) Any updates required mail me jdotpraveshr1atgmaildotcom
- Security News websites
- Information Gathering Websites
- Network Pentesting Websites
- Web Application Pentesting Websites
- Mobile Application Pentesting Websites
- Internet of Things Pentesting Websites
- Exploit Development Tutorial Websites
- Threat Intelligence Websites
- Social Enggineering Tutorials Websites
- Thick & Thin App Pentesting Websites
- Latest Exploit Codes Wesbites
- Latest Shells Websites
- TOR Useful Websites
- Tutorial Websites
- Useful Blogs
- Tools Websites
- Telecom Pentesting Websites
↑ Security News websites
- Wired Threat Level :- Keeps you updated with security news and latest technology.
- krebsonsecurity :- In Depth investigation of the cyber attacks and various articles related to info security.
- Dark Reading:- Dark Reading encompasses communities like Attacks & Breaches, Application Security, Cloud Security, Data Leaks & Insider Threats, Endpoint Security & Privacy etc.
- Threat Post:- Providing real, solid news coverage and details explianation of the attacks.
- Reddit :- It contains all hot, new, rising, controversial topics related to hacking world.
- Naked Security :- One of the award winning security news websites with good solid look at the latest news.
- TheRegister :- Huge collection of security news and not only security news they cover everything.
- DarkNet:- On this blog they share and comment on interesting infosec related news, tools and more.
- Helpnetsecurity:- Net Security is an independent site, focusing on information security since 1998.
- SecurityAffairs :- This website contains all the news from the world of cyber crime, hacking, security, social networks, cyber warfare etc.
- TechRepublic :- Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers
- SecurityWeekly:- Security Weekly newsletter will provide you with information and updates on Security Weekly webcasts, podcasts, training and more!
- GoogleSecurity:- The latest news and insights from Google on security and safety on the Internet
- SCMagazine:- SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.
- TrustedSec :- An organization run by David Kennedy is a good source for news and events.
- HotForSecurity :- Winner of the best european security blog, it covers various security topics and news to learn from.
- Cyren :- Contains various articles on malware analysis, anti-phishing, email-security, anti-spam, security research and analysis etc.
- Offense-in-depth :- Website can be used to learn some tricks while pentesting
- Beyond Security :- Covers the latest vulnerability and its details
- elearnsecurity:- This blog covers updated news and attacks in the field of information security also includes video demonstrations of attacks.
- Infosecurity_Magazine:- This magazine is totally dedicated to infosec and covers daya to day upgrades, hack attacks and news related to IT security world.
- Security_Ledger :- The independent blog focuses on cybersecurity, bringing insight to subjects such as the internet of things, malware, government policy, and consumer security.
- Infosec Island :- InfoSec Island aims to provide a place for IT and network professionals to go to find help and information quickly and easily, by combining an online community, infosec portal, and a social network
- DataLossDB :- DataLossDB provides links to incidents by month, latest and largest incidents, and posts from the Blotter to provide as many details about information security as possible.
- Homeland Security :- Covers the latest news related to cyber security.
- The Hacker News :- Hackernews contains the latest news and updates from security industry
- Security News Portal :- Worth perusing if you are into Cyber Security, covvers only cyber security related topics, chat rooms , etc. also includes subdomain like InfoSysSec.com ,SecurityChatX.co,SecurityForumX.com SecurityNewsPortal.com,HomelandSecurityX.com,InfoSecMagazine.com.
- HackInsight :- Nice webiste to keep you updated on security news and latest attack vectors.
- PacketStorm :- It is home to system administrators who need to keep their network up to date, security researchers who discover and report new findings, governments and corporations that need to understand current events, security vendors that want to develop new signatures for their software, and many others.
↑ Information Gathering Websites
The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful pen test and one that has failed to provide maximum benefit to the client.
- Shodan :- Very useful site for all the pentesters and hackers , as they say it is a search engine for IOT, webcams,power plants, refrigrators for connected devices, however an hacker can also use this search engine to check for open services and applications on their trageted organization.
- ZoomEye :- Works similar as shodan but is underdevelopment but helpful for pentesters and hackers
- Censys :- Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
- Robtex:- Website which provides graphical informations from DNS and WhoIs
- [Whois](List of whois site) :- ICANN,IANA,NRO,AFRINIC ,APNIC,ARIN,LACNIC,RIPE, all these websites or organizations is best useful for whois lookup for any IP adresses as all the IP adresses are registered here.
- Netcraft :- Netcraft measures and makes available the response times of leading hosting providers' sites.
- Twoogel :- Its a combined search engine for twitter and google, useful in information gathering of some person.
- WhosTalkin :- Quite fast and very useful for whois lookup.
- FOCA :- FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.
- Recon-ng :- Recon-ng is a full-featured Web Reconnaissance framework.Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
- Kloth :- This site is mostly about radio communications (aeronautical and maritime) and internet (DNS nslookup, whois, bad bots) and anti-spam.
↑ Network Pentesting Websites
↑ Web Application Pentesting Websites
↑ Mobile Application Pentesting Websites
↑ Internet of Things Pentesting Websites
- IOT Village :- The village consists of workshops on hacking numerous off-the-shelf devices (e.g. medical devices, home appliances, routers, and storage devices), live educational talks and a variety of contests.
- iotlist :- Contains the list of all the IOT products which you can buy , see video . Interesting website
- Particle :- Particle’s full-stack Internet of Things (IoT) device platform gives you everything you need to securely and reliably connect your IoT devices to the web.
↑ Exploit Development Tutorial Websites
- CoreLan :- Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.
- FuzzySecurity :- They contain multi-part exploit development series which are helpful for someone who want to learn exploit development.
- Opensecuritytraining-part1
- Opensecuritytraining-part2
- SecurityTube - exploit research megaprimer
- SecurityTube - buffer overflow megaprimer
- SecurityTuber - Format string vulnerabilities megaprimer
- SecuritySifty - part 1-7 :- They contain seven parts of exploit development series which are helpful for someone who want to learn exploit development.
- Massimiliano Tomassoli’s blog
- Samsclass
- sploitfun :- Linux (x86) Exploit Development Series
- thegreycorner:- Stack Based Buffer Overflow Tutorials
↑ Threat Intelligence Websites
↑ Social Enggineering Tutorials Websites
- trustedsec :- Creator of social engg toolkit and various attack vecctors
↑ Thick & Thin App Pentesting Websites
↑ Latest Exploit Codes Wesbites
- ExploitDB :- Bible for all the exploits for hackers, security proffessionals , developers. You can get the latest exploit code from this website and also can upload your own. Amazing site for all.
- GoogleHackingDatabase :- Another bible for those who want to have fun with google and learn google hacking scripts. Importance of google hacking is only understood by true hacker or security proffessional
- CXSecurity :- Vulnerability Database
↑ Latest Shells Websites
↑ TOR Useful Websites
↑ Tutorial Websites
- Cybrary:- Very useful website for all the pentester and begineer in this field, as they provide free courses based on the skill set, also if you want to share you knowledge you can that as well.
- Samsclass:- Few challenges for testing/sharpening your Linux Kali kills.
- Pentest Standard:- If someone wants to learn pentesting step by step, it is very useful site for those people cover everything related to a penetration test.
- SecurityTube :- Its a youtube for security proffessionals, contains large amount of tutorial from begineer to advance level. Watch, Learn and Contribute
- FuzzySecurity :- You can expect to find here are: tutorials, interesting links/videos and some scripting related to hacking.
- PentesterAcademy :- It is part of security tube organization where they provide paid access to there resources, videos tutorials and also certifications related to programming and pentesting.
↑ Useful Blogs
- HackSecure007 :- Its my blog where i update my new tricks and my ways of pentesting.
- SecuritySift :- Mike Czumak constantly researching various security topics and use this blog as a means to share some of that research and give back to a security community.
- FoxGloveSecurity :- A blog run by the team of foxglovesecurity is an interesting blog to follow as they covers practical pentesting topics and interesting to read from.
↑ Tools Websites
- SecList :- IS a Community WITH SCOPE Privileges Escallation, Harvesting, Enummeration, Interception, Reconnaissance, Cryptography, Encryption, MiTM-Man-In-The-Middle-Attack, Reverse Engineering, Backdoors, Payload, Phishing, Brute Force, Fuzzer, Forensics, DFIR, Malware, Anti-Malware, Penetration-Testing, Firewall, Ethical Hacker, Injector, Denial Of Service, Obfuscator, Automation, Sniffer, Keylogger, Scada Tester, Voip/Sip, Linux-Distro, Vulnerability-Scanner, Mobile-Security, Exploits, Trojan, Security-Researchers, HMI-SCADA AND OTHER RANDOM GARBAGE.
↑ Telecom Pentesting
- p1sec : Provide some good study material and training on Telecom Pentesting
- ss7map : Provide the Mobile Telecom Operators security level from the perspective of anyone on the international SS7 network.
- Media CCC : This site offers a wide variety of video and audio material distributed by the Chaos Computer Club provided in native formats (usually MPEG and/or Vorbis families) for online viewing.
- ss7MAPer : A SS7 pen testing toolkit