A collection of awesome penetration testing resources, tools and other shiny things
A collection of awesome penetration testing and offensive cybersecurity resources.
Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities.
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.
See also awesome-tor.
See also DEF CON Suggested Reading.
See also Reverse Engineering Tools.
certutil(using fake certificates).
See also awesome-vulnerable.
docker pull citizenstig/dvwa.
docker pull bkimminich/juice-shop.
docker pull citizenstig/nowasp.
docker-compose build && docker-compose up.
docker pull ismisepaul/securityshepherd.
docker pull webgoat/webgoat-7.1.
docker pull webgoat/webgoat-8.0.
docker pull hmlio/vaas-cve-2014-0160.
docker pull vulnerables/cve-2017-7494.
docker pull hmlio/vaas-cve-2014-6271.
docker pull wpscanteam/vulnerablewordpress.
whois, and more.
POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
masscanto quickly identify open ports and then
nmapto gain details on the systems/services on those ports.
fierce.plDNS reconnaissance tool for locating non-contiguous IP space.
See also awesome-pcaptools.
pcapngfiles with batch editing features.
.pfxextensions), such as TLS/SSL certificates.
sqlmapthat identifies SQLi vulnerabilities based on a given dork and (optional) website.
See also awesome-osint.
See also awesome-social-engineering.
This work is licensed under a Creative Commons Attribution 4.0 International License.