A list of great resources for pentesting and similars.
Always try to search in internet for potential vulnerabilities, default credentials and things you don't know about.
If you want I will create a file for installing my system in a automatized way (zsh, bspwm, kitty, and more)
If you think my repository has been interesting please give me a star.
I will keep updated the project with new tools or changes.
- More Resources
- Fuzzing
- Scanning
- Network Exploitation
- Web Scanners
- Active Directory
- Bypassing
- Web Hacking
- Privilege Escalation
- Pivoting
- Payloads-Frameworks
- Famous Vulns
- HashCracking
- Wi-Fi
- Buffer Overflow
- Social Engineering
- OSINT
- Bluethooth
- Extra
- Captcha-ByPassing-Lab
- Browser Add-ons
- wfuzz
- gobuster
- dirbuster
- dirb
- feroxbuster
- ffuz
- sublist3r
- nmap
- masscan
- smbmap
- enum4linux
- rpcclient
- Bingoo (for dorking searching and exploitation)
- WhatWaf (useful to discover the exactly WAF of a server)
- whatw00f
- snmpwalk
- crackmapexec
- Rubeus
- netcat
- nishang
- dig
- WhatWeb (for identifying technologies on a webpage)
- wpscan (the best wordpress scanner)
- WPSeku
- joomscan
- mimikatz
- kerbrute
- impacket
- ldapdomaindump
- Responder
- evil-winrm
- ConPtyShell
- BloodHound
- ldapsearch
- neo4j
- SharpHound
- PowerSploit
- PSByPassCLM (for bypassing ConstrainedLanguage)
- AppLocker
- Chimera
- Ebowla (not supported but useful)
- PowerShdll
- Chankro
- PHP_disabled_functions
- Phantom-Evasion (for bypassing antivirus)
- Burp Suite (for intercepting web requests)
- sqlmap
- NoSQLMap
- kiterunner
- xsshunter
- PEASS-ng (the best system enumeration tool)
- LinEnum
- Windows-Exploit-Suggester
- GTFOBins (binaries exploitations)
- juicy-potato (for abusing SeImpersonatePrivilege)
- pspy (for capturing running processes)
- JAWS
- BeRoot
- socat
- proxychains (for establishing connections with proxys)
- chisel (used for port forwarding)
- Precompiled-Binaries
- reGeorg (used for port forwarding throught a uploaded file)
- proxify
- searchsploit
- metasploit (Not allowed in the OSCP)
- merlin
- Graffiti
- legion
- SILENTTRINITY
- Covenant
- msfvenom (the best shellcode/exploit generator)
- bin-sploits
- One-Lin3r (a framework with a useful list of one-liners)
- john (And john variants like ssh2john or zip2john...)
- hashcat
- CyberChef (for resolving a lot of crypto CFTs)
- hash-identifier
- HashID
- Crackstation (a huge list of rainbow tables with precomputed hashes)
- NameThatHash (for identifying unknown hashes)
- quipqiup
- aircrack-ng (the well known aircrack suite)
- Wireshark (for intercepting wifi and bluethooth packets)
- wifite2
- macchanger
- bettercap
- Pyrit
- hcxtools
- Evil-Trust (for the evil twin attack)
- wifiphiser
- routersploit
- brakeman
- radare2 (for debugging in the terminal)
- gdb
- gef (It's a gdb extension)
- peda
- ghydra (a debugging framework developed by the NSA)
- ropper (for searching gadgets)
- InmunityDebugger
- badchars
- x64dbg
- mona
- apktool (for debugging apk files)
- dotPeek
- gophish (the best tool for creating templates and campaigns)
- SET
- urlcrazy
- theHarvester
- CredSniper
- BeEF
- goclone
- Mythic-Macro-Generator
- KnockMail
- evilginx2
- Amass
- Maltego
- Shodan (The famous IoT browser)
- recon-ng
- WayBack Machine (A big list of websites, databases, and more)
- OSINT Framework
- email2phonenumber
- Ahria
- PhoneInfoga
- Ashok
- TinEye
- CommandoVM (a totaly offensive windows machine)
- GitTools
- DDexec
- odat
- Ghostpack
- exiftool (used to view the metadata of a file)
- cewl (for creating dictionaries based on a webpage)
- rlwrap
- phpsploit
- rootkit
- onesixtyone (for bruteforcing SNMP string)
- Honeypot
- HomePWN (an IoT device pwner)
- Gopherus
- Stego-Toolkit
- PRET (for printer exploitation)
- deserialization-Log4j
- jwt_tool
- RsaCtfTool
- dronesploit
- Reptile (A linux rootkit)
- SprayingToolkit (used for password spraying)
- FoxyProxy
- Wappalyzer (for web scanning)
- EasyXSS
- Authenticator
- DarkReader
- Anonymox
- Keepass
- Reverse-Shells
- PayloadsAllTheThings
- VirusTotal
- Wrappers
- ExploitDB
- HackTricks
- Buffer-Overflow
- Wifi-Cheat-Sheet
- CVE
- AppLockerByPass
- SecLists
- My-Setup
- HackingDream
- Vulnhub
- PHP-Webshell
- MalwareSourceCode
- Reverse Shell Generator
- Pivoting-Cheat-Sheet
- HackTheBox-Writeups
- ViewDns
- Linux-Functions
- Spanish-Pentesting
- English-Pentesting
⚪ Created by D3Ext