+ UPDATE: Added my huge link of bookmarks / references ❤️ love
Do you have a million bookmarks saved? Do all of those bookmarks contain unique information? Github repos starred for later?
Well this is a compilation of all of these resources into a single repo known as Cheatsheet-God. No more need for bookmarked links. No need to open a web browser. Its all here for you.
This is a collection of resources, scripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want!
All contributions are welcomed! If you feel like you can contribute and make these documents more complete, please do! I'll acknowledge you.
Here's what you do:
- Create Issue Request describing your
enhancement
- Fork this repository
- Push some code to your fork
- Come back to this repository and open a PR
- After some review, get that PR merged to master
- Make sure to update Issue Request so that I can credit you! You ROCK!
Feel free to also open an issue with any questions, help wanted, or requests!
- Inspiration: Making a cheatsheet god would be proud of using.
- Hat tip to anyone who ever contributed
-> Much thanks to MrTsRex for Cheatsheet_Windows.txt enumerating Windows version vulnerabilities
-> Much thanks to susmithaaa for his contribution to Cheatsheet_PenTesting.txt password attacks section
-
Amazing Blog http://hackingandsecurity.blogspot.com
-
OSCP Journey https://scriptkidd1e.wordpress.com/oscp-journey/
-
Offensive Security PWB and OSCP My Experience http://www.securitysift.com/offsec-pwb-oscp/
-
Down with OSCP http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
-
Jolly Frogs - Tech Exams (Very thorough) http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
-
Exploit-db https://www.exploit-db.com/
-
SecurityFocus - Vulnerability database http://www.securityfocus.com/
-
Vuln Hub - Vulnerable by design https://www.vulnhub.com/
-
Offensive Security’s PWB and OSCP — My Experience
http://www.securitysift.com/offsec-pwb-oscp/ -
Exploit Exercises https://exploit-exercises.com/
-
SecLists - collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads https://github.com/danielmiessler/SecLists
-
Security Tube http://www.securitytube.net/
-
Metasploit Unleashed - free course on how to use Metasploit https://www.offensive-security.com/metasploit-unleashed/
-
0Day Security Enumeration Guide http://www.0daysecurity.com/penetration-testing/enumeration.html
Hack The Box
Attack Defense 1000+ Labs!
VulnHub
Root.me
Penetration Testing Practice Lab / Vulnerable Apps/Systems
Vulhub
Vulapps
Vulnspy
Upload-Labs
Http://carnal0wnage.blogspot.com/ Http://www.mcgrewsecurity.com/ Http://www.gnucitizen.org/blog/ Http://www.darknet.org.uk/ Http://spylogic.net/ Http://taosecurity.blogspot.com/ Http://www.room362.com/ Http://blog.sipvicious.org/ Http://blog.portswigger.net/ Http://pentestmonkey.net/blog/ Http://jeremiahgrossman.blogspot.com/ Http://i8jesus.com/ Http://blog.c22.cc/ Http://www.skullsecurity.org/blog/ Http://blog.metasploit.com/ Http://www.darkoperator.com/ Http://blog.skeptikal.org/ Http://preachsecurity.blogspot.com/ Http://www.tssci-security.com/ Http://www.gdssecurity.com/l/b/ Http://websec.wordpress.com/ Http://bernardodamele.blogspot.com/ Http://laramies.blogspot.com/ Http://www.spylogic.net/ Http://blog.andlabs.org/ Http://xs-sniper.com/blog/ Http://www.commonexploits.com/ Http://www.sensepost.com/blog/ Http://wepma.blogspot.com/ Http://exploit.co.il/ Http://securityreliks.wordpress.com/ Http://www.madirish.net/index.html Http://sirdarckcat.blogspot.com/ Http://reusablesec.blogspot.com/ Http://myne-us.blogspot.com/ Http://www.notsosecure.com/ Http://blog.spiderlabs.com/ Http://www.corelan.be/ Http://www.digininja.org/ Http://www.pauldotcom.com/ Http://www.attackvector.org/ Http://deviating.net/ Http://www.alphaonelabs.com/ Http://www.smashingpasswords.com/ Http://wirewatcher.wordpress.com/ Http://gynvael.coldwind.pl/ Http://www.nullthreat.net/ Http://www.question-defense.com/ Http://archangelamael.blogspot.com/ Http://memset.wordpress.com/ Http://sickness.tor.hu/ Http://punter-infosec.com/ Http://www.securityninja.co.uk/ Http://securityandrisk.blogspot.com/ Http://esploit.blogspot.com/ Http://www.pentestit.com/
Http://sla.ckers.org/forum/index.php Http://www.ethicalhacker.net/ Http://www.backtrack-linux.org/forums/ Http://www.elitehackers.info/forums/ Http://www.hackthissite.org/forums/index.php Http://securityoverride.com/forum/index.php Http://www.iexploit.org/ Http://bright-shadows.net/ Http://www.governmentsecurity.org/forum/ Http://forum.intern0t.net/
Http://www.net-security.org/insecuremag.php Http://hakin9.org/
Http://www.hackernews.com/ Http://www.securitytube.net/ Http://www.irongeek.com/i.php?page=videos/aide-winter-2011 Http://avondale.good.net/dl/bd/ Http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/ http://www.youtube.com/user/ChRiStIaAn008 http://www.youtube.com/user/HackingCons
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html http://www.pentest-standard.org/index.php/Main_Page http://projects.webappsec.org/w/page/13246978/Threat-Classification http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Http://www.social-engineer.org/
Http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/ http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/ Http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/ http://www.slideshare.net/Laramies/tactical-information-gathering Http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974 Http://infond.blogspot.com/2010/05/toturial-footprinting.html
Http://www.spokeo.com/ Http://www.123people.com/ Http://www.xing.com/ Http://www.zoominfo.com/search Http://pipl.com/ Http://www.zabasearch.com/ Http://www.searchbug.com/default.aspx Http://theultimates.com/ Http://skipease.com/ Http://addictomatic.com/ Http://socialmention.com/ Http://entitycube.research.microsoft.com/ Http://www.yasni.com/ Http://tweepz.com/ Http://tweepsearch.com/ Http://www.glassdoor.com/index.htm Http://www.jigsaw.com/ http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp Http://www.tineye.com/ Http://www.peekyou.com/ Http://picfog.com/ Http://twapperkeeper.com/index.php
Http://uptime.netcraft.com/ Http://www.serversniff.net/ Http://www.domaintools.com/ Http://centralops.net/co/ Http://hackerfantastic.com/ Http://whois.webhosting.info/ Https://www.ssllabs.com/ssldb/analyze.html Http://www.clez.net/ Http://www.my-ip-neighbors.com/ Http://www.shodanhq.com/ Http://www.exploit-db.com/google-dorks/ Http://www.hackersforcharity.org/ghdb/ EXPLOITS AND ADVISORIES Http://www.exploit-db.com/ Http://www.cvedetails.com/ Http://www.packetstormsecurity.org/ http://www.securityforest.com/wiki/index.php/Main_Page Http://www.securityfocus.com/bid Http://nvd.nist.gov/ Http://osvdb.org/ http://www.nullbyte.org.il/Index.html Http://secdocs.lonerunners.net/ http://www.phenoelit-us.org/whatSAP/index.html Http://secunia.com/ Http://cve.mitre.org/ CHEATSHEETS AND SYNTAX Http://cirt.net/ports_dl.php?export=services Http://www.cheat-sheets.org/ Http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
Http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/ Http://blog.commandlinekungfu.com/ Http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/ Http://isc.sans.edu/diary.html?storyid=2376 Http://isc.sans.edu/diary.html?storyid=1229 Http://ss64.com/nt/ Http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html Http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html Http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/ Http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507 Http://www.pentesterscripting.com/ Http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583 http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
http://en.wikipedia.org/wiki/IPv4_subnetting_reference Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/ Http://shelldorado.com/shelltips/beginner.html Http://www.linuxsurvival.com/ http://mywiki.wooledge.org/BashPitfalls Http://rubular.com/ Http://www.iana.org/assignments/port-numbers Http://www.robvanderwoude.com/ntadmincommands.php Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf Http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html Http://h.ackack.net/cheat-sheets/netcat
Http://www.backtrack-linux.org/ Http://www.matriux.com/ Http://samurai.inguardians.com/ http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Https://pentoo.ch/ Http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html Http://www.piotrbania.com/all/kon-boot/ Http://www.linuxfromscratch.org/ Http://sumolinux.suntzudata.com/ Http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments Http://www.backbox.org/
Http://sourceforge.net/projects/websecuritydojo/ http://code.google.com/p/owaspbwa/wiki/ProjectSummary Http://heorot.net/livecds/ Http://informatica.uv.es/~carlos/docencia/netinvm/ Http://www.bonsai-sec.com/en/research/moth.php Http://blog.metasploit.com/2010/05/introducing-metasploitable.html Http://pynstrom.net/holynix.php Http://gnacktrack.co.uk/download.php Http://sourceforge.net/projects/lampsecurity/files/ Https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html Http://sourceforge.net/projects/virtualhacking/files/ Http://www.badstore.net/ Http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Http://www.dvwa.co.uk/ Http://sourceforge.net/projects/thebutterflytmp/
Http://www.oldapps.com/ Http://www.oldversion.com/ Http://www.exploit-db.com/webapps/ Http://code.google.com/p/wavsep/downloads/list http://www.owasp.org/index.php/Owasp_SiteGenerator Http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Http://www.webscantest.com/ http://crackme.cenzic.com/Kelev/view/home.php http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com Http://testaspnet.vulnweb.com/ Http://testasp.vulnweb.com/ Http://testphp.vulnweb.com/ Http://demo.testfire.net/ Http://hackme.ntobjectives.com/
Http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html Http://www.mgraziano.info/docs/stsi2010.pdf Http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/ Http://www.ethicalhacker.net/content/view/122/2/ http://code.google.com/p/it-sec-catalog/wiki/Exploitation Http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html Http://ref.x86asm.net/index.html
http://www.woodmann.com/TiGa/idaseries.html Http://www.binary-auditing.com/ Http://visi.kenshoto.com/ Http://www.radare.org/y/ Http://www.offensivecomputing.net/
Http://www.irongeek.com/i.php?page=videos/password-exploitation-class Http://cirt.net/passwords Http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html Http://www.foofus.net/~jmk/medusa/medusa-smbnt.html Http://www.foofus.net/?page_id=63 Http://hashcrack.blogspot.com/ Http://www.nirsoft.net/articles/saved_password_location.html Http://www.onlinehashcrack.com/ Http://www.md5this.com/list.php? Http://www.virus.org/default-password Http://www.phenoelit-us.org/dpl/dpl.html Http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
Http://contest.korelogic.com/wordlists.html http://packetstormsecurity.org/Crackers/wordlists/ http://www.skullsecurity.org/wiki/index.php/Passwords Http://www.ericheitzman.com/passwd/passwords/
Http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283 Http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219 Http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
Http://www.giac.org/certified_professionals/practicals/gsec/0810.php http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf Http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf Http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data http://www.mindcenter.net/uploads/ECCE101.pdf Http://toorcon.org/pres12/3.pdf http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf Http://packetstormsecurity.org/papers/wireless/cracking-air.pdf Http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf http://www.oact.inaf.it/ws-ssri/Costa.pdf Http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf Http://articles.manugarg.com/arp_spoofing.pdf http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf http://www.ucci.it/docs/ICTSecurity-2004-26.pdf http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf Http://blog.spiderlabs.com/2010/12/thicknet.html Http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/ Http://www.go4expert.com/forums/showthread.php?t=11842 Http://www.irongeek.com/i.php?page=security/ettercapfilter Http://openmaniak.com/ettercap_filter.php Http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming Http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate Http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1 Http://spareclockcycles.org/2010/06/10/sergio-proxy-released/
http://www.edge-security.com/theHarvester.php Http://www.mavetju.org/unix/dnstracer-man.php Http://www.paterva.com/web5/
Http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974 Http://lcamtuf.coredump.cx/strikeout/ Http://www.sno.phy.queensu.ca/~phil/exiftool/ Http://www.edge-security.com/metagoofil.php Http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
Http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ Http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads Http://sqid.rubyforge.org/#next http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
Http://www.bindshell.net/tools/beef Http://blindelephant.sourceforge.net/ Http://xsser.sourceforge.net/ Http://sourceforge.net/projects/rips-scanner/ Http://www.divineinvasion.net/authforce/ Http://andlabs.org/tools.html#sotf http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf Http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html Http://code.google.com/p/pinata-csrf-tool/ Http://xsser.sourceforge.net/#intro Http://www.contextis.co.uk/resources/tools/clickjacking-tool/ Http://packetstormsecurity.org/files/view/69896/unicode-fun.txt Http://sourceforge.net/projects/ws-attacker/files/ Https://github.com/koto/squid-imposter
Http://code.google.com/p/fuzzdb/ http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
Http://sourceforge.net/projects/yokoso/ Http://sourceforge.net/projects/ajaxshell/
Http://w3af.sourceforge.net/ Http://code.google.com/p/skipfish/ Http://sqlmap.sourceforge.net/ Http://sqid.rubyforge.org/#next http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt http://code.google.com/p/fimap/wiki/WindowsAttack Http://code.google.com/p/fm-fsf/
Http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214 Http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/ Http://sourceforge.net/projects/belch/files/ Http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools Http://blog.ombrepixel.com/ Http://andlabs.org/tools.html#dser Http://feoh.tistory.com/22 Http://www.sensepost.com/labs/tools/pentest/reduh http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project Http://intrepidusgroup.com/insight/mallory/ Http://www.fiddler2.com/fiddler2/ http://websecuritytool.codeplex.com/documentation?referringTitle=Home http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
Http://nmap.org/ncrack/ Http://www.foofus.net/~jmk/medusa/medusa.html Http://www.openwall.com/john/ Http://ophcrack.sourceforge.net/ Http://blog.0x3f.net/tool/keimpx-in-action/ Http://code.google.com/p/keimpx/ Http://sourceforge.net/projects/hashkill/
Http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html http://code.google.com/p/msf-hack/wiki/WmapNikto Http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html Http://seclists.org/metasploit/ Http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html Http://meterpreter.illegalguy.hostzi.com/ Http://blog.metasploit.com/2010/03/automating-metasploit-console.html Http://www.workrobot.com/sansfire2009/561.html Http://www.securitytube.net/video/711 http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download Http://vimeo.com/16852783 Http://milo2012.wordpress.com/2009/09/27/xlsinjector/ Http://www.fastandeasyhacking.com/ Http://trac.happypacket.net/ http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training Http://www.irongeek.com/i.php?page=videos/metasploit-class Http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/ Http://vimeo.com/16925188 Http://www.ustream.tv/recorded/13396511 Http://www.ustream.tv/recorded/13397426 Http://www.ustream.tv/recorded/13398740
Http://www.nessus.org/plugins/index.php?view=single&id=12204 Http://www.nessus.org/plugins/index.php?view=single&id=11413 Http://www.nessus.org/plugins/index.php?view=single&id=18021 Http://www.nessus.org/plugins/index.php?view=single&id=26918 Http://www.nessus.org/plugins/index.php?view=single&id=34821 Http://www.nessus.org/plugins/index.php?view=single&id=22194 Http://www.nessus.org/plugins/index.php?view=single&id=34476 Http://www.nessus.org/plugins/index.php?view=single&id=25168 Http://www.nessus.org/plugins/index.php?view=single&id=19408 Http://www.nessus.org/plugins/index.php?view=single&id=21564 Http://www.nessus.org/plugins/index.php?view=single&id=10862 Http://www.nessus.org/plugins/index.php?view=single&id=26925 Http://www.nessus.org/plugins/index.php?view=single&id=29314 Http://www.nessus.org/plugins/index.php?view=single&id=23643 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=34477 Http://www.nessus.org/plugins/index.php?view=single&id=15962 Http://www.nessus.org/plugins/index.php?view=single&id=42106 Http://www.nessus.org/plugins/index.php?view=single&id=15456 Http://www.nessus.org/plugins/index.php?view=single&id=21689 Http://www.nessus.org/plugins/index.php?view=single&id=12205 Http://www.nessus.org/plugins/index.php?view=single&id=22182 Http://www.nessus.org/plugins/index.php?view=single&id=26919 Http://www.nessus.org/plugins/index.php?view=single&id=26921 Http://www.nessus.org/plugins/index.php?view=single&id=21696 Http://www.nessus.org/plugins/index.php?view=single&id=40887 Http://www.nessus.org/plugins/index.php?view=single&id=10404 Http://www.nessus.org/plugins/index.php?view=single&id=18027 Http://www.nessus.org/plugins/index.php?view=single&id=19402 Http://www.nessus.org/plugins/index.php?view=single&id=11790 Http://www.nessus.org/plugins/index.php?view=single&id=12209 Http://www.nessus.org/plugins/index.php?view=single&id=10673
Http://www.securitytube.net/video/931 Http://nmap.org/nsedoc/
Http://nmap.org/ Http://asturio.gmxhome.de/software/sambascan2/i.html Http://www.softperfect.com/products/networkscanner/ Http://www.openvas.org/ Http://tenable.com/products/nessus Http://www.rapid7.com/vulnerability-scanner.jsp Http://www.eeye.com/products/retina/community
Http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py Http://www.phx2600.org/archive/2008/08/29/metacab/ Http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html Http://www.radarhack.com/tutorial/ads.pdf http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf Http://www.dest-unreach.org/socat/ Http://www.antionline.com/archive/index.php/t-230603.html Http://technotales.wordpress.com/2009/06/14/netcat-tricks/ Http://seclists.org/nmap-dev/2009/q1/581 Http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/ http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf Http://gse-compliance.blogspot.com/2008/07/netcat.html
Http://www.justanotherhacker.com/projects/graudit.html Http://code.google.com/p/javasnoop/
Https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8 https://addons.mozilla.org/en-US/firefox/addon/osvdb/ https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/ https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/ https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/ https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/ https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/ https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Http://packetstormsecurity.org/files/tags/tool http://tools.securitytube.net/index.php?title=Main_Page
Http://pentest.cryptocity.net/ Http://www.irongeek.com/i.php?page=videos/network-sniffers-class http://samsclass.info/124/124_Sum09.shtml Http://www.cs.ucsb.edu/~vigna/courses/cs279/ Http://crypto.stanford.edu/cs142/ Http://crypto.stanford.edu/cs155/ Http://cseweb.ucsd.edu/classes/wi09/cse227/ Http://www-inst.eecs.berkeley.edu/~cs161/sp11/ http://security.ucla.edu/pages/Security_Talks Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/ Http://cr.yp.to/2004-494.html Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/ Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot Http://stuff.mit.edu/iap/2009/#websecurity
Http://code.google.com/edu/languages/google-python-class/index.html http://www.swaroopch.com/notes/Python_en: Table_of_Contents http://www.thenewboston.com/?cat=40&pOpen=tutorial Http://showmedo.com/videotutorials/python Http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
Http://www.cs.sjtu.edu.cn/~kzhu/cs490/ Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/ http://i-web.iu-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/ Http://resources.infosecinstitute.com/ Http://vimeo.com/user2720399
Http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/ Http://isc.sans.edu/diary.html?storyid=9397 Http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ Http://www.evilsql.com/main/index.php Http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections Http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ Http://sqlzoo.net/hack/ Http://www.sqlteam.com/article/sql-server-versions Http://www.krazl.com/blog/?p=3 http://www.owasp.org/index.php/Testing_for_MS_Access http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html http://www.youtube.com/watch?v=WkHkryIoLD0 http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf Http://vimeo.com/3418947 Http://sla.ckers.org/forum/read.php?24,33903 Http://websec.files.wordpress.com/2010/11/sqli2.pdf Http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/ Http://ha.ckers.org/sqlinjection/ http://lab.mediaservice.net/notes_more.php?id=MSSQL
Http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972 Http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html Http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/ Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ Http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/ Http://www.ravenphpscripts.com/article2974.html Http://www.acunetix.com/cross-site-scripting/scanner.htm Http://www.vupen.com/english/advisories/2009/3634 Http://msdn.microsoft.com/en-us/library/aa478971.aspx Http://dev.tangocms.org/issues/237 http://seclists.org/fulldisclosure/2006/Jun/508 Http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/ http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html http://shsc.info/FileUploadSecurity
Http://pastie.org/840199 Http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/ Http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter Http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/ Http://www.digininja.org/blog/when_all_you_can_do_is_read.php
Http://www.infosecwriters.com/hhworld/hh8/csstut.htm http://www.technicalinfo.net/papers/CSS.html Http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx Http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf Http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html Http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/ Http://heideri.ch/jso/#javascript Http://www.reddit.com/r/xss/ Http://sla.ckers.org/forum/list.php?2
Http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ http://zastita.com/02114/Attacking_ColdFusion..html Http://www.nosec.org/2010/0809/629.html http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security http://seclists.org/pen-test/2002/Nov/43 Http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf Http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
Http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
Http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html http://www.owasp.org/index.php/Testing_for_Oracle Http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx Http://www.ngssoftware.com/papers/hpoas.pdf
Http://www.onapsis.com/research.html#bizploit Http://marc.info/?l=john-users&m=121444075820309&w=2 http://www.phenoelit-us.org/whatSAP/index.html
Http://code.google.com/p/pyrit/
Http://intruded.net/ Http://smashthestack.org/ Http://flack.hkpco.kr/ Http://ctf.hcesperer.org/ Http://ictf.cs.ucsb.edu/ Http://capture.thefl.ag/calendar/
http://www.ikkisoft.com/stuff/SMH_XSS.txt Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter Http://whatthefuckismyinformationsecuritystrategy.com/ Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp# http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec# Http://www.sensepost.com/blog/4552.html Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210 Http://carnal0wnage.attackresearch.com/node/410 Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/