Tools for Information Gathering, Web Application Testing, Infrastructure Testing, Exploit Helpers and Utils

Information Gathering

Google Hacking : Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Find Subdomains : Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.

Find Virtual Hosts : Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

Website Recon : This tool allows you to discover the technologies used by a target web application - server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Metadata Extractor : Extracts metadata from public documents such as: pdf, doc, xls, ppt, docx, pptx, xlsx. The metadata may contain: author name, username, company name, software version, document path, creation date, etc.

Subdomain Takeover : Allows you to discover subdomains of a target organization which point to external services (ex. Amazon S3, Heroku, Github, etc) and are not claimed - leaving them vulnerable to hostile takeover.

Web Application Testing

URL Fuzzer : Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.

Web Server Scan : Finds common vulnerabilities which affect web applications: SQL injection, XSS, OS Comand Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

WordPress Scan : This tool helps you to discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

SharePoint Scan : Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

Drupal Scan : Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

Joomla Scan : Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules and templates.

Infrastructure Testing

Ping Sweep : Enables you to see which IPs are 'live' within a given network range. Behind a 'live' IP there is a running server or workstation.

TCP Port Scan : Allows you to discover which TCP ports are open on your target host and also to detect service information, operating system version and to do traceroute.

UDP Port Scan : Allows you to discover which UDP ports are open on your target host, identify the service versions and detect the operating system.

Network Scan OpenVAS : This is a comprehensive scanner which allows you to detect a wide range of vulnerabilities mosty related to network services and operating systems but also includes web server configuration tests.

DNS Zone Transfer : Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.

SSL Heartbleed Scan : This tool attempts to identify servers vulnerable to the OpenSSL Heartbleed vulnerability (CVE-2014-0160). When such a server is discovered, the tool also provides a memory dump from the affected server.

SSL POODLE Scan : The SSLv3 POODLE vulnerability scanner attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability.

SSL DROWN Scan : The DROWN vulnerability scanner tests a range of IP addresses (or just a single host) for the DROWN vulnerability in OpenSSL.

ROBOT Attack Scan : Allows you to discover vulnerable TLS servers (Web, Email, FTP) which are affected by the ROBOT vulnerability.

Exploit Helpers

HTTP Request Logger : This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

Utils

ICMP Ping : Check if a server is live and responds to ICMP Echo requests. This tool can also be used to find the IP address of a hostname.

Whois Lookup : This tool allows you to perform Whois lookups online and extract information about domain names and IP addresses.

That's It !!! 

if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA

Keep Visiting... Enjoy !!! :)

Portable Hardware Devices for Penetration Testing

All of us at some point or the other think of a possibility of “remoting” a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and much more. This is an attempt to do just that – compile a list of portable hardware devices for penetration testing, which you can plug into the “targeted” network and run your tests from else where. Some of them are commercial and the rest are open source.

List of Portable Hardware Devices for Penetration Testing :

1). Raspberry Pi / BeagleBone Black / Hardkernel ODROID : I am a bit biased towards the Raspberry Pi model 3 as it has the hardware required to be a good tool. You do not need a WiFi dongle, or even a bluetooth chip. Just plug it in, install a good OS like the Kali Linux and you are done! These come pretty cheap and are pretty low profile. They run an awesome Quad Core 1.2GHz Broadcom BCM2837 64bit CPU with 1GB RAM and the BCM43438 wireless LAN and Bluetooth Low Energy (BLE) on board. You can even use them for other purposes. Order them online at Amazon or the official store here. If you want to be extra stealthy, get their RASPBERRY PI ZERO W which offers a single-board computer with wireless and Bluetooth connectivity. An awesome article by the guys at BlackHills Information Security detailing their drop box can be found Here.

2). VIA ARTiGO A900 : I do not know how many of you have heard about this, but they are pretty cool too. These devices run a decent 1.0GHz VIA Elite E1000 Cortex-A9 dual-core SoC along with 2GB DDR3 of onboard SDRAM. It has a Realtek RTL8111G PCIe Gigabit Ethernet controller, and no wireless access. (Get It Here)

3). MiniPwner : The MiniPwner is a penetration testing “drop box”. It is designed as a small, simple but powerful device that can be inconspicuously plugged into a network and provide the penetration tester remote access to that network. It runs a portable TP-Link MR3040 running OpenWRT with a 2000 mAh built-in battery. Multiple penetration testing tools such as aircrack-ng, elinks, ettercap-ng, karma, kismet, nbtscan, netcat, nmap, openvpn, perl 5, samba client, snort, tar, tcpdump, tmux, yafc, and wget all come pre-installed. Two versions are available : MiniPwner Community Edition and a pre-built setup. (Get It Here)

4). DreamPlug / SmilePlug / GuruPlug / SheevaPlug : These come from GlobalScale Technologies and are plug computing devices that run network-based software services. These make a worthy addition to the list of portable hardware devices for penetration testing. (Get Them Here)

5). #r00tabaga : The Ace r00tabaga is similar to the MiniPwner, but has some more features. It can be used as a penetration testing drop box or even as a Hot-Spot honeypot, inconspicuously intercepting WiFi probe requests from every target device. #r00tabaga also runs the running OpenWRT platform with a 2000 mAh built-in battery. This is un-available for order as of now, but sure is a good addition to the list of portable hardware devices for penetration testing. (Get It Here)

6). PWN PLUG R3 / PWN PLUG R4 : If you are lazy and want a fully customized solution for your needs, and you have the money, get these from the guys are Pwnie Express. These are the standard penetration testing devices in a portable form factor with onboard high-gain 802.11a/b/g/n/ac wireless antenna and Bluetooth. These also run Kali Linux and run over 100 OSS-based penetration testing tools including Metasploit, SET, Kismet, Aircrack-NG, SSLstrip, Nmap, Hydra, W3af, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools! (Get It Here) 

7). LG Nexus 5 : this monster android device officially support some best pentesting rom such as pwn phone & kali nethunter... you can flash these roms in your nexus 5 and convert your android device into a hacking machine..

That’s all from me for now. This list is arranged with no preference to any make or model. I will keep on updating this list of portable hardware devices for penetration testing as I find more devices. If you know of any, let me know.

and if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA

Keep Visiting... Enjoy !!! :)

HACKDROID : Android Apps and Platform for Pentesting

What is HackDroid ?

Hackdroid is a collection of pentesting and security related apps for android. The applications is divided into different categories so you can easily download any application from any category and use them for penetration testing and ethical hacking.

• Android Apps : 250+ apps in 20+ categories like wifi, hid, mitm, sniffing, etc.
• OS / Platform : hacking operating system (rom) and platforms for android.
• Blog : useful articles related to hacking with android.

Some important things that you should take care of before starting :

• Most applications will required root permissions so you can install Magisk to root your device or you can also search on Google or XDA Forum for how you can root your device.
• Never use your primery device for hacking because it is possible that the creators of the application or those who modified it have already put malware on it to steal your personal data. so you will think that with the help of this application you will hack something, but instead of that you are being hacked.
• Most apps will be outdated but i try my best to provide the latest version of the application asap.
• I don't have any copyright for any application. the copyright of all applications support their owners.
• Don't do anything stupid or illegal. I'm sharing all this information keeping in mind the purpose of penetration testing and ethical hacking not illegal hacking activity so please don't misuse.

Apps Categories :

• Anonymity
• App Store
• Call & SmS
• CryptoCurrency
• Cryptography
• DDoS
• Forensics
• HID Attack
• Learning
• MITM
• Networking
• Pentesting
• People & File Search
• Remote Access
• Router
• Scripting
• Security
• Sniffing
• Spy Camera
• System Apps 
• Terminal
• Web
• Whatsapp
• Wireless

Download Links : Coming Soon

Video : Coming Soon

Happy Hacking !!!

A Collection Of Penetration Testing Resources

Original Article : https://github.com/thehackingsage/become-a-penetration-tester

Contents :

• Online Resources
  • Penetration Testing Resources
  • Exploit Development
  • Open Source Intelligence (OSINT) Resources
  • Social Engineering Resources
  • Lock Picking Resources
  • Operating Systems
• Tools
  • Penetration Testing Distributions
  • Docker for Penetration Testing
  • Multi-paradigm Frameworks
  • Network Vulnerability scanners
    • Static Analyzers
    • Web Vulnerability Scanners
  • Network Tools
  • Wireless Network Tools
  • Transport Layer Security Tools
  • Web Exploitation
  • Hex Editors
  • File Format Analysis Tools
  • Defense Evasion Tools
  • Hash Cracking Tools
  • Windows Utilities
  • GNU/Linux Utilities
  • macOS Utilities
  • DDoS Tools
  • Social Engineering Tools
  • OSINT Tools
  • Anonymity Tools
  • Reverse Engineering Tools
  • Physical Access Tools
  • Side-channel Tools
  • CTF Tools
  • Penetration Testing Report Templates
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Defensive Development
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
  • Lock Picking Books
  • Defcon Suggested Reading
• Vulnerability Databases
• Security Courses
• Information Security Conferences
• Information Security Magazines
• Bonus Lists

Online Resources

Penetration Testing Resources

• Metasploit Unleashed - Free Offensive Security Metasploit course.
• Penetration Testing Execution Standard (PTES) - Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
• Open Web Application Security Project (OWASP) - Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
• PENTEST-WIKI - Free online security knowledge library for pentesters and researchers.
• Penetration Testing Framework (PTF) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
• XSS-Payloads - Ultimate resource for all things cross-site including payloads, tools, games and documentation.
• MITRE's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) - Curated knowledge base and model for cyber adversary behavior.

Exploit Development

• Shellcode Tutorial - Tutorial on how to write shellcode.
• Shellcode Examples - Shellcodes database.
• Exploit Writing Tutorials - Tutorials on how to develop exploits.

OSINT Resources

• OSINT Framework - Collection of various OSINT tools broken out by category.
• Intel Techniques - Collection of OSINT tools. Menu on the left can be used to navigate through the categories.
• NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services such as Facebook Graph Search and various paste sites.
• WiGLE.net - Information about wireless networks world-wide, with user-friendly desktop and web applications.

Social Engineering Resources

• Social Engineering Framework - Information resource for social engineers.

Lock Picking Resources

• Schuyler Towne channel - Lockpicking videos and security talks.
• bosnianbill - More lockpicking videos.
• /r/lockpicking - Resources for learning lockpicking, equipment recommendations.

Operating Systems

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems.
• Security @ Distrowatch - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
• cuckoo - Open source automated malware analysis system.
• Digital Evidence & Forensics Toolkit (DEFT) - Live CD for forensic analysis runnable without tampering or corrupting connected devices where the boot process takes place.
• Tails - Live OS aimed at preserving privacy and anonymity.

Tools

Penetration Testing Distributions

• Kali - GNU/Linux distribution designed for digital forensics and penetration testing.
• ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts.
• BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.
• Network Security Toolkit (NST) - Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
• BackBox - Ubuntu-based distribution for penetration tests and security assessments.
• Parrot - Distribution similar to Kali, with multiple architecture.
• Buscador - GNU/Linux virtual machine that is pre-configured for online investigators.
• Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
• The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
• AttifyOS - GNU/Linux distribution focused on tools useful during Internet of Things (IoT) security assessments.

Docker for Penetration Testing

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker-compose build && docker-compose up - OWASP NodeGoat
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop - OWASP Juice Shop
• docker pull kalilinux/kali-linux-docker - Kali Linux Docker Image
• docker pull phocean/msf - docker-metasploit

Multi-paradigm Frameworks

• Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
• Armitage - Java-based GUI front-end for the Metasploit Framework.
• Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
• ExploitPack - Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
• Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.

Network Vulnerability Scanners

• Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
• Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
• Nessus - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
• OpenVAS - Free software implementation of the popular Nessus vulnerability assessment system.
• Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Static Analyzers

• Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
• cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
• FindBugs - Free software static analyzer to look for bugs in Java code.
• sobelow - Security-focused static analysis for the Phoenix Framework.
• bandit - Security oriented static analyser for python code.

Web Vulnerability Scanners

• Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
• Nikto - Noisy but fast black box web server and web application vulnerability scanner.
• Arachni - Scriptable framework for evaluating the security of web applications.
• w3af - Web application attack and audit framework.
• Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
• SecApps - In-browser web application security testing suite.
• WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
• WPScan - Black box WordPress vulnerability scanner.
• cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
• joomscan - Joomla vulnerability scanner.
• ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Network Tools

• zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.
• nmap - Free security scanner for network exploration & security audits.
• pig - GNU/Linux packet crafting tool.
• scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
• tcpdump/libpcap - Common packet analyzer that runs under the command line.
• Wireshark - Widely-used graphical, cross-platform network protocol analyzer.
• Network-Tools.com - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
• netsniff-ng - Swiss army knife for for network sniffing.
• Intercepter-NG - Multifunctional network toolkit.
• SPARTA - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
• dnschef - Highly configurable DNS proxy for pentesters.
• DNSDumpster - Online DNS recon and search service.
• CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
• dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
• dnsmap - Passive DNS network mapper.
• dnsrecon - DNS enumeration script.
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
• passivedns-client - Library and query tool for querying several passive DNS providers.
• passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Zarp - Network attack tool centered around the exploitation of local networks.
• mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
• Morpheus - Automated ettercap TCP/IP Hijacking tool.
• mallory - HTTP/HTTPS proxy over SSH.
• SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
• Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
• DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
• pwnat - Punches holes in firewalls and NATs.
• dsniff - Collection of tools for network auditing and pentesting.
• tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
• smbmap - Handy SMB enumeration tool.
• scapy - Python-based interactive packet manipulation program & library.
• Dshell - Network forensic analysis framework.
• Debookee - Simple and powerful network traffic analyzer for macOS.
• Dripcap - Caffeinated packet analyzer.
• Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
• Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments.
• routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
• evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
• XRay - Network (sub)domain discovery and reconnaissance automation tool.
• Ettercap - Comprehensive, mature suite for machine-in-the-middle attacks.
• BetterCAP - Modular, portable and easily extensible MITM framework.
• CrackMapExec - A swiss army knife for pentesting networks.
• impacket - A collection of Python classes for working with network protocols.
• ACLight - A script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.

Wireless Network Tools

• Aircrack-ng - Set of tools for auditing wireless networks.
• Kismet - Wireless network detector, sniffer, and IDS.
• Reaver - Brute force attack against WiFi Protected Setup.
• Wifite - Automated wireless attack tool.
• Fluxion - Suite of automated social engineering based WPA attacks.

Transport Layer Security Tools

• SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
• tls_prober - Fingerprint a server's SSL/TLS implementation.
• testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.

Web Exploitation

• OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
• Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
• Burp Suite - Integrated platform for performing security testing of web applications.
• autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
• Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
• Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
• Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
• WPSploit - Exploit WordPress-powered websites with Metasploit.
• SQLmap - Automatic SQL injection and database takeover tool.
• tplmap - Automatic server-side template injection and Web server takeover tool.
• weevely3 - Weaponized web shell.
• Wappalyzer - Wappalyzer uncovers the technologies used on websites.
• WhatWeb - Website fingerprinter.
• BlindElephant - Web application fingerprinter.
• wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products.
• fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
• Kadabra - Automatic LFI exploiter and scanner.
• Kadimus - LFI scan and exploit tool.
• liffy - LFI exploitation tool.
• Commix - Automated all-in-one operating system command injection and exploitation tool.
• DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
• GitTools - Automatically find and download Web-accessible .git repositories.
• sslstrip - Demonstration of the HTTPS stripping attacks.
• sslstrip2 - SSLStrip version to defeat HSTS.
• NoSQLmap - Automatic NoSQL injection and database takeover tool.
• VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
• FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
• EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
• webscreenshot - A simple script to take screenshots of list of websites.

Hex Editors

• HexEdit.js - Browser-based hex editing.
• Hexinator - World's finest (proprietary, commercial) Hex Editor.
• Frhed - Binary file editor for Windows.
• 0xED - Native macOS hex editor that supports plug-ins to display custom data types.

File Format Analysis Tools

• Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
• Veles - Binary data visualization and analysis tool.
• Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Defense Evasion Tools

• Veil - Generate metasploit payloads that bypass common anti-virus solutions.
• shellsploit - Generates custom shellcode, backdoors, injectors, optionally obfuscates every byte via encoders.
• Hyperion - Runtime encryptor for 32-bit portable executables ("PE .exes").
• AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
• peCloak.py - Automates the process of hiding a malicious Windows executable from antivirus (AV) detection.
• peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.
• UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.

Hash Cracking Tools

• John the Ripper - Fast password cracker.
• Hashcat - The more fast hash cracker.
• CeWL - Generates custom wordlists by spidering a target's website and collecting unique words.
• JWT Cracker - Simple HS256 JWT token brute force cracker.
• Rar Crack - RAR bruteforce cracker.
• BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).

Windows Utilities

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities.
• Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
• mimikatz - Credentials extraction tool for Windows operating system.
• PowerSploit - PowerShell Post-Exploitation Framework.
• Windows Exploit Suggester - Detects potential missing patches on the target.
• Responder - LLMNR, NBT-NS and MDNS poisoner.
• Bloodhound - Graphical Active Directory trust relationship explorer.
• Empire - Pure PowerShell post-exploitation agent.
• Fibratus - Tool for exploration and tracing of the Windows kernel.
• wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
• redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
• Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).
• DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.

GNU/Linux Utilities

• Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

macOS Utilities

• Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.

DDoS Tools

• LOIC - Open source network stress tool for Windows.
• JS LOIC - JavaScript in-browser version of LOIC.
• SlowLoris - DoS tool that uses low bandwidth on the attacking side.
• HOIC - Updated version of Low Orbit Ion Cannon, has 'boosters' to get around common counter measures.
• T50 - Faster network stress tool.
• UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Social Engineering Tools

• Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
• King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
• Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service.
• wifiphisher - Automated phishing attacks against WiFi networks.
• Catphish - Tool for phishing and corporate espionage written in Ruby.
• Beelogger - Tool for generating keylooger.

OSINT Tools

• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• theHarvester - E-mail, subdomain and people names harvester.
• creepy - Geolocation OSINT tool.
• metagoofil - Metadata harvester.
• Google Hacking Database - Database of Google dorks; can be used for recon.
• Google-dorks - Common Google dorks and others you probably don't know.
• GooDork - Command line Google dorking tool.
• dork-cli - Command line Google dork tool.
• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
• Shodan - World's first search engine for Internet-connected devices.
• recon-ng - Full-featured Web Reconnaissance framework written in Python.
• github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
• vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
• Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations
• BinGoo - GNU/Linux bash based Bing and Google Dorking Tool.
• fast-recon - Perform Google dorks against a domain.
• snitch - Information gathering via dorks.
• Sn1per - Automated Pentest Recon Scanner.
• Threat Crowd - Search engine for threats.
• Virus Total - VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
• DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
• AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
• Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
• ZoomEye - Search engine for cyberspace that lets the user find specific network components.

Anonymity Tools

• Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
• OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
• I2P - The Invisible Internet Project.
• Nipe - Script to redirect all traffic from the machine to the Tor network.
• What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Reverse Engineering Tools

• Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
• WDK/WinDbg - Windows Driver Kit and WinDbg.
• OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
• Radare2 - Open source, crossplatform reverse engineering framework.
• x64dbg - Open source x64/x32 debugger for windows.
• Immunity Debugger - Powerful way to write exploits and analyze malware.
• Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
• Medusa - Open source, cross-platform interactive disassembler.
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• peda - Python Exploit Development Assistance for GDB.
• dnSpy - Tool to reverse engineer .NET assemblies.
• binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
• PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
• Voltron - Extensible debugger UI toolkit written in Python.
• Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
• rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
• Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Physical Access Tools

• LAN Turtle - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
• USB Rubber Ducky - Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
• Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
• WiFi Pineapple - Wireless auditing and penetration testing platform.
• Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.

Side-channel Tools

• ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks.

CTF Tools

• ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
• Pwntools - Rapid exploit development framework built for use in CTFs.
• RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

Penetration Testing Report Templates

• Public Pentesting Reports - Curated list of public penetration test reports released by several consulting firms and academic security groups.
• Pentesting Report Template - testandverification.com template.
• Pentesting Report Template - hitachi-systems-security.com template.
• Pentesting Report Template - lucideus.com template.
• Pentesting Report Template - crest-approved.org templage.
• Pentesting Report Template - pcisecuritystandards.org template.

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Violent Python by TJ O'Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Bug Hunter's Diary by Tobias Klein, 2011
• Advanced Penetration Testing by Wil Allsopp, 2017

Hackers Handbook Series

• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller et al., 2012
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• Car Hacker's Handbook by Craig Smith, 2016

Defensive Development

• Holistic Info-Sec for Web Developers (Fascicle 0)
• Holistic Info-Sec for Web Developers (Fascicle 1)

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012

Reverse Engineering Books

• Reverse Engineering for Beginners by Dennis Yurichev
• Hacking the Xbox by Andrew Huang, 2003
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010

Windows Books

• Windows Internals by Mark Russinovich et al., 2012
• Troubleshooting with the Windows Sysinternals Tools by Mark Russinovich & Aaron Margosis, 2016

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

Lock Picking Books

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

Defcon Suggested Reading

• Defcon Suggested Reading

Vulnerability Databases

• Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
• National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
• US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
• Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
• Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
• Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
• Microsoft Security Bulletins - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
• Microsoft Security Advisories - Archive of security advisories impacting Microsoft software.
• Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
• Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
• CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
• SecuriTeam - Independent source of software vulnerability information.
• Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
• Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
• Vulners - Security database of software vulnerabilities.
• Inj3ct0r (Onion service) - Exploit marketplace and vulnerability information aggregator.
• Open Source Vulnerability Database (OSVDB) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016.
• HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.

Security Courses

• Offensive Security Training - Training from BackTrack/Kali developers.
• SANS Security Training - Computer Security Training & Certification.
• Open Security Training - Training material for computer security classes.
• CTF Field Guide - Everything you need to win your next CTF competition.
• ARIZONA CYBER WARFARE RANGE - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
• Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
• Computer Security Student - Many free tutorials, great for beginners, $10/mo membership unlocks all content.
• European Union Agency for Network and Information Security - ENISA Cyber Security Training material.

Information Security Conferences

• DEF CON - Annual hacker convention in Las Vegas.
• Black Hat - Annual security conference in Las Vegas.
• BSides - Framework for organising and holding security conferences.
• CCC - Annual meeting of the international hacker scene in Germany.
• DerbyCon - Annual hacker conference based in Louisville.
• PhreakNIC - Technology conference held annually in middle Tennessee.
• ShmooCon - Annual US East coast hacker convention.
• CarolinaCon - Infosec conference, held annually in North Carolina.
• CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con.
• SummerCon - One of the oldest hacker conventions, held during Summer.
• Hack.lu - Annual conference held in Luxembourg.
• Hackfest - Largest hacking conference in Canada.
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany.
• ThotCon - Annual US hacker conference held in Chicago.
• LayerOne - Annual US security conference held every spring in Los Angeles.
• DeepSec - Security Conference in Vienna, Austria.
• SkyDogCon - Technology conference in Nashville.
• SECUINSIDE - Security Conference in Seoul.
• DefCamp - Largest Security Conference in Eastern Europe, held annually in Bucharest, Romania.
• AppSecUSA - Annual conference organized by OWASP.
• BruCON - Annual security conference in Belgium.
• Infosecurity Europe - Europe's number one information security event, held in London, UK.
• Nullcon - Annual conference in Delhi and Goa, India.
• RSA Conference USA - Annual security conference in San Francisco, California, USA.
• Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland.
• Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016.
• Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
• 44Con - Annual Security Conference held in London.
• BalCCon - Balkan Computer Congress, annually held in Novi Sad, Serbia.
• FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia.

Information Security Magazines

• 2600: The Hacker Quarterly - American publication about technology and computer "underground."
• Phrack Magazine - By far the longest running hacker zine.

Bonus Lists

• Kali Linux Tools - List of tools present in Kali Linux.
• SecTools - Top 125 Network Security Tools.
• Pentest Cheat Sheets - Pentest Cheat Sheets.
• C/C++ Programming - One of the main language for open source security tools.
• .NET Programming - Software framework for Microsoft Windows platform development.
• Shell Scripting - Command line frameworks, toolkits, guides and gizmos.
• Ruby Programming by @dreikanter - The de-facto language for writing exploits.
• Ruby Programming by @markets - The de-facto language for writing exploits.
• Ruby Programming by @Sdogruyol - The de-facto language for writing exploits.
• JavaScript Programming - In-browser development and scripting.
• Node.js Programming by @sindresorhus - Curated list of delightful Node.js packages and resources.
• Python tools for penetration testers - Lots of pentesting tools are written in Python.
• Python Programming by @svaksha - General Python programming.
• Python Programming by @vinta - General Python programming.
• Android Security - Collection of Android security related resources.
• Awesome Awesomness - The List of the Lists.
• AppSec - Resources for learning about application security.
• CTFs - Capture The Flag frameworks, libraries, etc.
• InfoSec § Hacking challenges - Comprehensive directory of CTFs, wargames, hacking challenge websites, pentest practice lab exercises, and more.
• Hacking - Tutorials, tools, and resources.
• Honeypots - Honeypots, tools, components, and more.
• Infosec - Information security resources for pentesting, forensics, and more.
• Forensics - Free (mostly open source) forensic analysis tools and resources.
• Malware Analysis - Tools and resources for analysts.
• PCAP Tools - Tools for processing network traffic.
• Security - Software, libraries, documents, and other resources.
• Awesome Lockpicking - Best guides, tools, and other resources about the security and compromise of locks, safes, and keys.
• SecLists - Collection of multiple types of lists used during security assessments.
• Security Talks - Curated list of security conferences.
• OSINT - Awesome OSINT list containing great resources.
• YARA - YARA rules, tools, and people.

License

This work is licensed under The HACKTRONIAN.

and if you like this post please like & share with your friends...

& Don't Forget To....

Follow Me at Twitter : www.twitter.com/thehackingsage

Follow Me at Instagram : www.instagram.com/thehackingsage

Follow Me at GitHub : www.github.com/thehackingsage

Keep Visiting... Enjoy !!! :)