π» To-do π»
Stuff that I found, but never read/used yet. See also the Blogs section.
Pentesting certification
- OSCP
- GPEN
- GXPN
GitHub Topics
Roadmap
- ired.team
- cryptohack+crypto-attacks (Cryptography)
- Practice buffer overflow/format strings/ROP/UAF
- Web Assembly
- Radio Frequencies
- Beyond XSS
Reading articles
THM
- THM/owasptop10
- THM/uploadvulns
- THM/vulnversity
- THM/basicpentestingjt
- THM/owasptop10
- THM/startup
- THM/steelmountain (premium)
- Daily Bugle (cenaras)
THM Users
Resources
Mobile
- Mobile app testing
- Termux-Nation (N/A) (test android devices)
- termux-hacking (N/A) (list of termux tools)
Joker
- payloadbox (payloads)
- scripts (commands)
- hack-with-github (lists)
- Checklists (checklists)
- awesome-ctf (CTF websites and tools)
- 15 top open-source intelligence tools
- OSINT 2021 guide
- hacker-roadmap
- Practical-Ethical-Hacking
Active directory π§Έ
- None
CMS
- None
Defense
- None
CTFs Practice
Web
Mobile
- ...
Programming
- ...
Knowledge
Social engineering
Defense
- malmalintroductory
- malresearching
- mitre
- bpsplunk
- securityprinciples
- tempestincident
- forensics (medium, practice)
Networking
Windows
Linux
- ...
OSINT
- webosint
- ohsint
- searchlightosint
- sakura
- geolocatingimages, jpgchat
- threatinteltools, somesint
- throwback
Cloud
- Attacking and Defending AWS
Tools
- volatility (THM x1)
- shodan (THM x1)
- dockerrodeo (Docker breakout)
Big THM CTF List
https://tryhackme.com/room/surfer
https://tryhackme.com/room/lazyadmin (notes below)
https://tryhackme.com/room/ninjaskills
https://tryhackme.com/room/gamezone
https://tryhackme.com/room/skynet
https://tryhackme.com/room/alfred
https://tryhackme.com/room/brooklynninenine
https://tryhackme.com/room/breakoutthecage1
https://tryhackme.com/room/blog
https://tryhackme.com/room/jason
https://tryhackme.com/room/source
https://tryhackme.com/room/committed
https://tryhackme.com/room/toolsrus
https://tryhackme.com/room/kiba
https://tryhackme.com/room/bruteit
https://tryhackme.com/room/dejavu
https://tryhackme.com/room/tonythetiger (java)
--- Medium
https://tryhackme.com/room/ultratech1 (web - guided?)
https://tryhackme.com/room/hackpark (windows, guided)
https://tryhackme.com/room/anonymous (nmap, smb?, ...)
https://tryhackme.com/room/overpass2hacked
https://tryhackme.com/room/overpass3hosting (web/...)
--- Hard
https://tryhackme.com/room/mrrobot
https://tryhackme.com/room/dailybugle
https://tryhackme.com/room/retro (blaster...)
Long list of tools
Legend
- π = Investigation
- ποΈ = Discovery
- π₯ = Exploitation
- π = Privilege escalation
- βοΈ = Post-exploitation
- π‘οΈ = Defense
- ποΈ = Special
Tools
- legion (ποΈπ₯βοΈ) (automated penetration framework)
- beyondsecurity (πππ₯) (vulnerability scanner)
- KitHack (πππ₯βοΈ) (penetration testing framework)
- hoaxshell (πππ₯) (subdomain, IP scan, CMS identification)
- Villain (πβοΈ) (post-exploitation framework)
- OWASP Amass (π) (subdomain, DNS, and port scanning)
- HackTools (πππ₯) (bunch of tools)
- TheFatRat (π₯βοΈ) (backdoors and payloads)
- Phantom-Evasion (π₯βοΈ) (generate and obfuscate Windows payload)
- msfpc (π₯βοΈ) (generating Metasploit payloads)
- arsenal (βοΈ) (data exfiltration)
- hackertarget (π) (port scanning, traceroute, and reverse IP)
- Raccoon (π) (subdomain, OSINT)
- Photon (π) (web enumeration, subdomains)
- Hping3 (π₯) (firewall bypass, port/os scanning, -S -p SA/RA --flood)
- QualysGuard (ππβοΈ) (cloud-based vulnerability scanner)
- Acunetix (ππ₯) (web vulnerability scanner)
- Nexpose (ππβοΈ) (network vulnerability scanner)
- Retina (ππβοΈ) (vulnerability scanner)
- Nipper (π) (network devices scanner)
- Nettacker (ππ₯) (port scanning, vulnerability scanning)
- Empire (βοΈ) (post-exploitation framework) N/O
- DSSS (ππ₯) (SQL vulnerability scanner)
- Beef (π₯βοΈπ‘οΈ) (7.8k β, client-side vulnerability scanner)
- host (ππ) (DNS lookup)
- dnswalk (ππ) (DNS investigation)
- dnsmap (ππ) (vhost brute force)
- Netsparker (ππ₯βοΈ) (web vulnerability scanner)
- Skipfish (π) (11.4k β, web vulnerability scanner)
- W3af (ππ₯π) (web vulnerability scanner)
- Arachni (ππ₯) (web vulnerability scanner)
- AppScan (ππ₯) (web vulnerability scanner)
- IronWASP (ππ₯) (web vulnerability scanner)
- Grabber (ππ₯) (web vulnerability scanner)
- proxify (βοΈ) (HTTP proxy)
- interactsh (βοΈ) (rogue server)
- naabu (π) (network scanner)
- nuclei (ππ₯) (web application scanner)
- dnsx (π) (dns enumeration)
- bettercap (π₯) (sniffing, MITM)
- evilgrade (π₯βοΈ) (exploiting update systems, MITM)
- CodeSec (ππ₯) (web vulnerability scanner)
- venom (πππ₯πβοΈ) (payloads? -h/-c/-u/-p/-s, scan/crawl/portscan)
- Burp Collaborator client (π) (server for SSRF/XXE/...)
- recon-ng (π) (reconnaissance framework)
- Archive.is (π) (web archive)
- CommonCrawl (π) (web crawler)
- Netcraft (π) (web investigation)
- PassiveTotal (π) (IP/domains/email analysis)
- intelius/zabasearch (π) (people search engines)
- peoplefinder (π) (people search engines)
- Pipl (π) (people search engines)
- awesome-osint (π) (12.1k β, list of tools)
- OSINT-Tools (π) (list of tools)
- Social Mapper (ππ) (socmint)
- StalkScan (π) (facebook recon)
- SpiderFoot (ππβοΈ) (9.4k β, Automated OSINT)
- FMiner (ππ) (Web scrapping)
- Octoparse (ππ) (Web scrapping)
- ParseHub (ππ) (Web scrapping)
- Tor Browser (πβοΈ) (web browser)
- DarkSearch (π) (darknet search engine)
- Ahmia (π) (tor search engine)
- OnionScan (π) (scan the Tor network)
- Censys (ππ) (Device/Network search engine)
- Zoomeye (ππ) (Chinese device/network search engine)
- BinaryEdge (ππ) (Device search engine)
- Fofa (ππ) (Device/Network search engine)
- Shikata ga nai (π₯) (payloads)
- unicorn (π₯) (payload, shellcode injection)
- cobalt strike (π₯βοΈ) (penetration testing tool)
- searchlight (π) (OSINT)
- WebScarab (ππ) (intercept HTTP requests)
- Vega (ππ) (web application scanner)
- Aircrack-ng (π₯π) (analyze traffic, crack WEP/WPA/... passwords)
- Kismet (π) (wireless network detection and analysis)
- MBSA (π) (scan Windows-based computers for vulnerabilities)
- Cain and Abel (π₯πβοΈ) (password recovery, sniffing, MITM, spoofing)
- Ettercap (π₯πβοΈ) (sniffing, MITM, spoofing)
- Greenbone (π) (vulnerability management)
- AppDetectivePro (ππ‘οΈ) (Database vulnerability scanners)
- Dbprotect (ππ‘οΈ) (Database vulnerability scanners)
- sputnik (π) (OSINT scanner)
- netdiscover (π) (network discovery, -r IP|IP/CIDR)
- Mxtoolbox (π) (email configuration)
- hp webinspect (ππ₯) (web application scanner)
- Linsniff (β¨) (packet capture and analysis)
- Websniff (β¨) (packet capture and analysis)
- Snoop (β¨) (packet capture and analysis)
- sslyzer (π) (SSL scanner and analyzer)
- webslayer (π) (web application scanner)
- Tamper Chrome|tamper.dev (ππ₯) (intercept HTTP request)
- httpx (ππ₯) (web server enumeration)
- Core Impact (π₯πβοΈ) (paid exploitation framework)
- chaos (π) (DNS recon)
- Veil Framework (π₯) (payloads)
- Phantom-Evasion (βοΈ) (antivirus evasion tool)
- FavFreak (π) (favicon recon)
- waybackurls (π) (wayback tool)
- EyeWitness
- ptunnel
- sshuttle
- red-team-scripts
- NetworkMiner
- NetWitness
- EXOCET
- HackBrowserData
- AutoRecon
- Kismet
- ssf
- pupy
- nishang
- Mythic (c2 framework)
- darkarmour (antivirus evasion tool)
- vbe-decoder
- Bluto
CTFs not done
https://tryhackme.com/room/lazyadmin ππβ
- nmap
- Gobuster
- FTP do not seem to work with path (to upload with put, but it works if you start FTP in the directory where the file is)
https://tryhackme.com/room/allinonemj ππβ
- Test:
wpscan --url http://IP/wordpress/ --detection-mode aggressive
-
php://filter/convert.base64-encode/resource=../../../../../wp-config.php
(file inclusion, https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/)
π» To-do π»
Stuff that I found, but never read/used yet.
https://redteam.guide/ (book)
https://www.hackers-arise.com (book)
Hack Like a LEGEND (book)
https://ippsec.rocks/?#
OSINT
- mitaka
- bulitwith, spyse, intelligence x
- source code: grep.app, searchcode
- documents: metagoofil
Tools