Dry Goods Broadcast! GitHub's most comprehensive penetration testing resources!
Online resources:
Penetration Testing Resources:
Metasploit Unleashed link address-free attack safety Metasploita course
PTES Link address-penetration test execution standard
OWASP Link address-open source web App Security Project
Shellcode Development:
Shellcode Tutorials Link address-instructions on how to write Shellcode
Shellcode Examples link address-Shellcode database
Social engineering Resources:
Social Work Pool Framework link address-information resources required by social workers
"Pry lock" (lock picking) resources:
Schuyler Towne Channel link address-pry lock video and security talk
/r/lockpicking Link address-Learn about resource and device recommendations for prying locks
Penetration tools:
Penetration Testing Distribution Tool:
Kali Link address-a dedicated digital forensics and Penetration testing Linux version
Blackarch Link address-the Arch Linux distribution of penetration testers and researchers
NST Link address-Network Security Toolkit
Pentoo link address-based on Gentoo
Backbox Link address-ubuntu-based penetration testing and security assessment
Basic Penetration Testing Tools:
Metasploit Framework Link address-the world's most commonly used penetration testing tool
Burp Suite link address-an integrated platform for performing web security testing
Exploitpack Link address-graphical tool for user penetration testing
Vulnerability Scanner:
Netsparker Link address-Web application security scan
Nexpose link address-vulnerability management and risk management software
Nessus link address-vulnerability, configuration, and evaluation
Nikto Link address-Web application Vulnerability Scanner
OpenVAS Link address-open source vulnerability scanning and management tools
OWASP Zed Attack Proxy link address-Penetration testing tool for Web applications
Secapps Link address-integrated Web application Security test environment
W3AF Link address-web App attack and audit framework
Wapiti Link address-Web application Vulnerability Scanner
Webreaver Link address-web App Vulnerability Scan for MAC OS x
Network Tools:
Nmap Link address-free security scanner for network detection and security audits
Tcpdump/libpcap link address-Generic Packet analyzer for command line
Wireshark Link address-network protocol analysis, UNIX and Windows versions are available
Network Tools link addresses-Different Web utilities: Ping, lookup, WHOIS, etc.
Netsniff-ng Link address-Swiss Army knife Network sniffer
Intercepter-ng link address-a Multifunctional network toolkit
SPARTA Link address-Network Infrastructure Penetration Testing Toolkit
Wireless Networking tools:
AIRCRACK-GN Link address-a range of wireless network audit tools
Kismet Link address-Wireless network detectors, sniffers, and intrusion detection systems
Reaver link address-WiFi brute force attack
SSL analysis Tools
Sslyze link address-SSL configuration scanner
SSLstrip Link address-A demo of HTTPS attacks
Hex Editor
Hexedit.js Link address-browser-based hex editor
Hack tool
John the Ripper link address-fastest password hack
Online MD5 hack link address-online MD5 hash hack
Windows Utils
Sysinternals Suite link address-Sysinternals troubleshooting tool
Windows Credentials Editor Link address-a security tool that lists logon sessions, additions, modifications, lists, and the removal of related credentials
Mimikatz Link address-Credential extraction tool for Windows
DDoS attack tools
LOIC Link address-open source WinDOS network pressure tool
JS LOIC Link address-browser JavaScript LOIC
Social Work tools
SET Link address-social worker toolkit from TrustedSec
OSINT Tools
Maltego Link address-open Source intelligence forensics tool
Anonymous Tools
Tor link address-free routing online anonymous tool
I2P link address-invisible Internet Project
Reverse Tool
IDA Pro Link address-Windows, Linux, or Mac OS x anti-compilation debugger
Ida Free Link address-version Ida 5.0
WDK/WINDBG link addresses-Windows Driver Toolkit and WINDBG
OLLYDBG Link address-x86 debugger (emphasis on binary code analysis)
Radare2 Link address-open source cross-platform reverse engineering framework
X64_DGB Link address-Windows Open source x64/x32 Debugger
Pyew Link address-python tool for static malware analysis
Bokken link address-pyew Radare2 GUI
Immunity Debugger Link address-A new tool for developing and analyzing malicious software
Evan's Debugger link address-A debugger similar to ollydbg on Linux
Books:
Penetration Test Books:
The Art of exploitation by Jon Erickson, 2008
Metasploit:the penetration tester& #039; s Guide by David Kennedy and others, 2011
Penetration testing:a hands-on Introduction to Hacking by Georgia Weidman, 2014
rtfm:red Team Field Manual by Ben Clark, 2014
The Hacker Playbook by Peter Kim, 2014
The Basics of Hacking and penetration testing by Patrick Engebretson, 2013
Professional Penetration Testing by Thomas Wilhelm, 2013
Advanced Penetration testing for highly-secured environments by Lee allen,2012
Violent Python by TJ O ' Connor, 2012
Fuzzing:brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
Black Hat Python:python Programming for Hackers and Pentesters, 2014
Penetration Testing:procedures & Methodologies (Ec-council Press), 2010
Hacker Handbook Series
The Shellcoders Handbook by Chris Anley and others, 2007
The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
IOS Hackers Handbook by Charlie Miller and others, 2012
Android Hackers Handbook by Joshua J. Drake and others, 2014
The Browser Hackers Handbook by Wade Alcorn and others, 2014
The Mobile Application Hackers Handbook by Dominic Chell and others, 2015
Network Analysis Books
Nmap Network scanning by Gordon Fyodor Lyon, 2009
Practical Packet Analysis by Chris Sanders, 2011
Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
Reverse engineering Books
Reverse Engineering for Beginners by Dennis Yurichev (free!)
The IDA Pro book by Chris Eagle, 2011
Practical Reverse Engineering by Bruce Dang and others, 2014
Reverse Engineering for Beginners
Malicious software Analysis Books
Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
The Art of Memory forensics by Michael Hale Ligh and others, 2014
Malware analyst& #039; s Cookbook and DVD by Michael Hale Ligh and others, 2010
Windows books
Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu
Social engineering Books
The Art of deception by Kevin D. Mitnick, William L. Simon, 2002
The Art of intrusion by Kevin D. Mitnick, William L. Simon, 2005
Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
No Tech Hacking by Johnny Long, Jack Wiles, 2008
Social engineering:the Art of Human Hacking by Christopher Hadnagy, 2010
Unmasking the social engineer:the Human Element of Security by Christopher Hadnagy, 2014
Social Engineering in IT security:tools, tactics, and techniques by Sharon Conheady, 2014
Pry Lock Series Books
Practical Lock picking by Deviant Ollam, 2012
Keys to the Kingdom by Deviant Ollam, 2012
CIA Lock Picking Field operative Training Manual
Lock Picking:detail Overkill by Solomon
Eddie The Wire Books
Vulnerability Database
NVD Link address-US National Vulnerability Database
CERT link address-US Computer Emergency Readiness Team
OSVDB Link address-Open sourced vulnerability Database
Bugtraq link address-Symantec securityfocus
EXPLOIT-DB Link address-offensive Security Exploit Database
Fulldisclosure Link address-full disclosure mailing List
MS Bulletin Link address-Microsoft Security Bulletin
MS Advisory link address-Microsoft Security advisories
INJ3CT0R link address-inj3ct0r Exploit Database
Packet Storm link address-Packet storm Global Security Resource
Securiteam link address-securiteam Vulnerability Information
Cxsecurity link address-cssecurity bugtraq List
Vulnerability Laboratory link address-Vulnerability-Laboratory
ZDI Link address-Zero day Initiative
Safety Courses
Offensive Security Training Link address-Training from Backtrack/kali developers
SANS Security Training Link address-computer security Training & Certification
Open Security Training link address-Training material for computer Security classes
CTF Field Guide Link address-everything need to win your next CTF competition
Cybrary Link address-online IT and Cyber Security training platform
Information Security Course
DEF Con-an Annual Hacker convention in Las Vegas
Black Hat-an Annual security conference in Las Vegas
Bsides-a framework for organising and holding security conferences
Ccc-an Annual Meeting of the international hacker scene in Germany
Derbycon-an Annual hacker conference based in Louisville
PHREAKNIC-A Technology conference held annually in Middle Tennessee
Shmoocon-an annual US East Coast Hacker Convention
Carolinacon-an InfoSec Conference, held annually in North Carolina
HOPE-A Conference Series sponsored by the hacker magazine 2600
Summercon-one of the oldest hacker conventions, held during Summer
Hack.lu-an Annual conference held in Luxembourg
Hitb-deep-knowledge security conference held in Malaysia and the Netherlands
Troopers-annual International IT Security event with workshops held in Heidelberg, Germany
Hack3rcon-an Annual US Hacker Conference
Thotcon-an Annual US Hacker conference held in Chicago
Layerone-an Annual US Security conerence held every spring in Los Angeles
Deepsec-security Conference in Vienna, Austria
SKYDOGCON-A Technology Conference in Nashville
Secuinside-security Conference in Seoul
Defcamp-largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
Journal of Information Security
2600:the Hacker Quarterly-an American publication about technology and computer "underground"
Phrack magazine-by far the longest running hacker zine
A very useful list of information:
Sectools link address-Top Network Security Tools
C + + Programming link address-one of the main language for open source security tools
. NET Programming Link address-A software framework for Microsoft Windows Platform development
Shell Scripting Link address-command-line frameworks, toolkits, guides and gizmos
Ruby Programming by @dreikanter link address-the De-facto language for writing exploits
Ruby Programming by @markets link address-the De-facto language for writing exploits
Ruby Programming by @Sdogruyol link address-the De-facto language for writing exploits
JavaScript Programming Link address-in-browser development and scripting
node. JS programming by @sindresorhus Link address-JavaScript in command-line
node. JS programming by @vndmtrx Link address-JavaScript in command-line
Python Tools for Penetration testers link address-Lots of pentesting Tools is written in Python
Python programming by @svaksha link address-general Python programming
Python programming by @vinta link address-general Python programming
Android Security link address-A collection of Android security related resources
Awesome awesomness Link address-The List of the Lists
What are the great resources in the field of information security?