- OSINT Tools and Resources
- Social Engineering Tools
- Physical Hardware and Tools
- Social Engineering Tools
- Lockpicking Resources
- Social Engineering Articles
OSINT Tools and Resources
- GoVanguard/list-pentest-tools - GoVanguard's list of OSINT tools.
- Awesome OSINT - Awesome list of OSINT
- OSINT Framework - Collection of various OSInt tools broken out by category.
- Intel Techniques - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
- NetBootcamp OSINT Tools - A collection of OSINT links and custom Web interfaces to other services such as Facebook Graph Search and various paste sites.
- Automating OSINT blog - A blog about OSINT curated by Justin Seitz, the same author of BHP.
Social Engineering Tools
- SET - The Social-Engineer Toolkit from TrustedSec
- Gophish - Open-Source Phishing Framework
- King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- wifiphisher - Automated phishing attacks against Wi-Fi networks
- PhishingFrenzy - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
- Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service
- Lucy Phishing Server - (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness.
- Catphish - Tool for phishing and corporate espionage written in Ruby.
- Beelogger - Tool for generating keylooger.
Physical Hardware and Tools
- LAN Turtle - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
- USB Rubber Ducky - Customizable keystroke injection attack platform masquerading as a USB thumbdrive.
- Poisontap - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
- WiFi Pineapple - Wireless auditing and penetration testing platform.
- Proxmark3 - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
- PCILeech - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
- Schuyler Towne channel - Lockpicking videos and security talks.
- bosnianbill - More lockpicking videos.
- Keypicking.com - Bustling online forum for the discussion of lockpicking and locksport.
- Lockpicking101.com - One of the longest-running online communities "dedicated to the fun and ethical hobby of lock picking."
- LockWiki - Community-driven reference for both beginners and professionals in the security industry.
- /r/lockpicking Subreddit - Subreddit dedicated to the sport of lockpicking.
- Dark Sim 905's Lockpicking pages - Personal website of a knowledgable hobbyist discussing a variety of picking and bypass tools.
- Lockpicking Forensics - Website "dedicated to the science and study of forensic locksmithing."
- The Amazing King's Lockpicking pages - Hobbyist's website with detailed pages about locks, tools, and picking techniques.
Social Engineering Articles
- The Limits of Social Engineering - MIT, Technology Review
- The 7 Best Social Engineering Attacks Ever - DarkReading
- Social Engineering: Compromising Users with an Office Document - Infosec Institute
- The Persuasion Reading List - Scott Adams' Blog
- How I Socially Engineer Myself Into High Security Facilities - Sophie Daniel
This work is licensed under a Creative Commons Attribution 4.0 International License.