Awesome Penetration Testing

A collection of awesome penetration testing resources

• Online Resources
  • Penetration Testing Resources
  • Exploit development
  • Social Engineering Resources
  • Lock Picking Resources
• Tools
  • Penetration Testing Distributions
  • Basic Penetration Testing Tools
  • Docker for Penetration Testing
  • Vulnerability Scanners
  • Network Tools
  • Wireless Network Tools
  • SSL Analysis Tools
  • Web exploitation
  • Hex Editors
  • Crackers
  • Windows Utils
  • Linux Utils
  • DDoS Tools
  • Social Engineering Tools
  • OSInt Tools
  • Anonymity Tools
  • Reverse Engineering Tools
  • CTF Tools
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Defensive Development
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
  • Lock Picking Books
• Vulnerability Databases
• Security Courses
• Information Security Conferences
• Information Security Magazines

Online Resources {#online-resources}

Penetration Testing Resources {#penetration-testing-resources}

• Metasploit Unleashed - Free Offensive Security Metasploit course
• PTES - Penetration Testing Execution Standard
• OWASP - Open Web Application Security Project
• PENTEST-WIKI - A free online security knowledge library for pentesters / researchers.
• Vulnerability Assessment Framework - Penetration Testing Framework.
• The Pentesters Framework - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.

Exploit development {#exploit-development}

• Shellcode Tutorial - Tutorial on how to write shellcode
• Shellcode Examples - Shellcodes database
• Exploit Writing Tutorials - Tutorials on how to develop exploits
• shellsploit - New Generation Exploit Development Kit
• Voltron - A hacky debugger UI for hackers

Social Engineering Resources {#social-engineering-resources}

• Social Engineering Framework - An information resource for social engineers

Lock Picking Resources {#lock-picking-resources}

• Schuyler Towne channel - Lockpicking videos and security talks
• /r/lockpicking - Resources for learning lockpicking, equipment recommendations.

Tools {#tools}

Penetration Testing Distributions {#penetration-testing-distributions}

• Kali - A Linux distribution designed for digital forensics and penetration testing
• ArchStrike - An Arch Linux repository for security professionals and enthusiasts
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers
• NST - Network Security Toolkit distribution
• Pentoo - Security-focused livecd based on Gentoo
• BackBox - Ubuntu-based distribution for penetration tests and security assessments
• Parrot - A distribution similar to Kali, with multiple architecture
• Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.

Basic Penetration Testing Tools {#basic-penetration-testing-tools}

• Metasploit Framework - World's most used penetration testing software
• Burp Suite - An integrated platform for performing security testing of web applications
• ExploitPack - Graphical tool for penetration testing with a bunch of exploits
• BeeF - The Browser Exploitation Framework Project
• faraday - Collaborative Penetration Test and Vulnerability Management Platform
• evilgrade - The update explotation framework
• commix - Automated All-in-One OS Command Injection and Exploitation Tool
• routersploit - Automated penetration testing software for router
• [redsnarf] (https://github.com/nccgroup/redsnarf) - Post-exploitation tool for grabbing credentials

Docker for Penetration Testing {#docker-for-penetration-testing}

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull pandrew/metasploit - docker-metasploit
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker-compose build && docker-compose up - OWASP NodeGoat
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop - OWASP Juice Shop

Vulnerability Scanners {#vulnerability-scanners}

• Nexpose - Vulnerability Management & Risk Management Software
• Nessus - Vulnerability, configuration, and compliance assessment
• Nikto - Web application vulnerability scanner
• OpenVAS - Open Source vulnerability scanner and manager
• OWASP Zed Attack Proxy - Penetration testing tool for web applications
• Secapps - Integrated web application security testing environment
• w3af - Web application attack and audit framework
• Wapiti - Web application vulnerability scanner
• WebReaver - Web application vulnerability scanner for Mac OS X
• DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
• arachni - Web Application Security Scanner Framework

Network Tools {#network-tools}

• nmap - Free Security Scanner For Network Exploration & Security Audits
• pig - A Linux packet crafting tool
• tcpdump/libpcap - A common packet analyzer that runs under the command line
• Wireshark - A network protocol analyzer for Unix and Windows
• Network Tools - Different network tools: ping, lookup, whois, etc
• netsniff-ng - A Swiss army knife for for network sniffing
• Intercepter-NG - a multifunctional network toolkit
• SPARTA - Network Infrastructure Penetration Testing Tool
• dnschef - A highly configurable DNS proxy for pentesters
• DNSDumpster - Online DNS recon and search service
• dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
• dnsmap - Passive DNS network mapper
• dnsrecon - DNS Enumeration Script
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
• passivedns-client - Provides a library and a query tool for querying several passive DNS providers
• passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Zarp - Zarp is a network attack tool centered around the exploitation of local networks
• mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
• mallory - HTTP/HTTPS proxy over SSH
• Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols
• DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
• pwnat - punches holes in firewalls and NATs
• dsniff - a collection of tools for network auditing and pentesting
• tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
• smbmap - a handy SMB enumeration tool
• scapy - a python-based interactive packet manipulation program & library
• Dshell - Network forensic analysis framework
• Debookee (MAC OS X) - Intercept traffic from any device on your network
• Dripcap - Caffeinated packet analyzer

Wireless Network Tools {#wireless-network-tools}

• Aircrack-ng - a set of tools for auditing wireless network
• Kismet - Wireless network detector, sniffer, and IDS
• Reaver - Brute force attack against Wifi Protected Setup
• Wifite - Automated wireless attack tool
• wifiphisher - Automated phishing attacks against Wi-Fi networks

SSL Analysis Tools {#ssl-analysis-tools}

• SSLyze - SSL configuration scanner
• sslstrip - a demonstration of the HTTPS stripping attacks
• sslstrip2 - SSLStrip version to defeat HSTS
• tls_prober - fingerprint a server's SSL/TLS implementation

Web exploitation {#web-exploitation}

• WPScan - Black box WordPress vulnerability scanner
• SQLmap - Automatic SQL injection and database takeover tool
• weevely3 - Weaponized web shell
• Wappalyzer - Wappalyzer uncovers the technologies used on websites
• cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
• joomscan - Joomla CMS scanner
• WhatWeb - Website Fingerprinter
• BlindElephant - Web Application Fingerprinter
• fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
• Kadabra - Automatic LFI exploiter and scanner
• Kadimus - LFI scan and exploit tool
• liffy - LFI exploitation tool

Hex Editors {#hex-editors}

• HexEdit.js - Browser-based hex editing
• Hexinator (commercial) - World's finest Hex Editor
• HxD - Freeware Hex Editor and Disk Editor

Crackers {#crackers}

• John the Ripper - Fast password cracker
• Online MD5 cracker - Online MD5 hash Cracker
• Hashcat - The more fast hash cracker
• THC Hydra - Another Great Password Cracker

Windows Utils {#windows-utils}

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities
• Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
• mimikatz - Credentials extraction tool for Windows OS
• PowerSploit - A PowerShell Post-Exploitation Framework
• Windows Exploit Suggester - Detects potential missing patches on the target
• Responder - A LLMNR, NBT-NS and MDNS poisoner
• Bloodhound - A graphical Active Directory trust relationship explorer
• Empire - Empire is a pure PowerShell post-exploitation agent
• Fibratus - Tool for exploration and tracing of the Windows kernel

Linux Utils {#linux-utils}

• Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.

DDoS Tools {#ddos-tools}

• LOIC - An open source network stress tool for Windows
• JS LOIC - JavaScript in-browser version of LOIC
• T50 - The more fast network stress tool

Social Engineering Tools {#social-engineering-tools}

• SET - The Social-Engineer Toolkit from TrustedSec

OSInt Tools {#osint-tools}

• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• theHarvester - E-mail, subdomain and people names harvester
• creepy - A geolocation OSINT tool
• metagoofil - Metadata harvester
• Google Hacking Database - a database of Google dorks; can be used for recon
• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans
• Shodan - Shodan is the world's first search engine for Internet-connected devices
• recon-ng - A full-featured Web Reconnaissance framework written in Python
• github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak
• vcsmap - A plugin-based tool to scan public version control systems for sensitive information
• Spiderfoot - multi-source OSINT automation tool with a Web UI and report visualizations

Anonymity Tools {#anonymity-tools}

• Tor - The free software for enabling onion routing online anonymity
• I2P - The Invisible Internet Project
• Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools {#reverse-engineering-tools}

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• IDA Free - The freeware version of IDA v5.0
• WDK/WinDbg - Windows Driver Kit and WinDbg
• OllyDbg - An x86 debugger that emphasizes binary code analysis
• Radare2 - Opensource, crossplatform reverse engineering framework
• x64_dbg - An open-source x64/x32 debugger for windows
• Immunity Debugger - A powerful new way to write exploits and analyze malware
• Evan's Debugger - OllyDbg-like debugger for Linux
• Medusa disassembler - An open source interactive disassembler
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
• peda - Python Exploit Development Assistance for GDB
• dnSpy - dnSpy is a tool to reverse engineer .NET assemblies

CTF Tools {#ctf-tools}

• Pwntools - CTF framework for use in CTFs

Books {#books}

Penetration Testing Books {#penetration-testing-books}

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook 2: Practical Guide To Penetration Testing
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Violent Python by TJ O'Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Bug Hunter's Diary by Tobias Klein, 2011

Hackers Handbook Series {#hackers-handbook-series}

• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller et al., 2012
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• Car Hacker's Handbook by Craig Smith, 2016

Defensive Development {#defensive-development}

• Holistic Info-Sec for Web Developers (Fascicle 0)
• Holistic Info-Sec for Web Developers (Fascicle 1)

Network Analysis Books {#network-analysis-books}

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012

Reverse Engineering Books {#reverse-engineering-books}

• Reverse Engineering for Beginners by Dennis Yurichev
• Hacking the Xbox by Andrew Huang, 2003
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015

Malware Analysis Books {#malware-analysis-books}

• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010

Windows Books {#windows-books}

• Windows Internals by Mark Russinovich et al., 2012

Social Engineering Books {#social-engineering-books}

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

Lock Picking Books {#lock-picking-books}

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012
• CIA Lock Picking Field Operative Training Manual
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

Vulnerability Databases {#vulnerability-databases}

• NVD - US National Vulnerability Database
• CERT - US Computer Emergency Readiness Team
• OSVDB - Open Sourced Vulnerability Database
• Bugtraq - Symantec SecurityFocus
• Exploit-DB - Offensive Security Exploit Database
• Fulldisclosure - Full Disclosure Mailing List
• MS Bulletin - Microsoft Security Bulletin
• MS Advisory - Microsoft Security Advisories
• Inj3ct0r - Inj3ct0r Exploit Database
• Packet Storm - Packet Storm Global Security Resource
• SecuriTeam - Securiteam Vulnerability Information
• CXSecurity - CSSecurity Bugtraq List
• Vulnerability Laboratory - Vulnerability Research Laboratory
• ZDI - Zero Day Initiative
• Vulners - Security database of software vulnerabilities

Security Courses {#security-courses}

• Offensive Security Training - Training from BackTrack/Kali developers
• SANS Security Training - Computer Security Training & Certification
• Open Security Training - Training material for computer security classes
• CTF Field Guide - everything you need to win your next CTF competition
• ARIZONA CYBER WARFARE RANGE - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
• Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Enviroments'.
• Computer Security Student - Many free tutorials, great for beginners, $10/mo membership unlocks all content
• European Union Agency for Network and Information Security - ENISA Cyber Security Training material

Information Security Conferences {#information-security-conferences}

• DEF CON - An annual hacker convention in Las Vegas
• Black Hat - An annual security conference in Las Vegas
• BSides - A framework for organising and holding security conferences
• CCC - An annual meeting of the international hacker scene in Germany
• DerbyCon - An annual hacker conference based in Louisville
• PhreakNIC - A technology conference held annually in middle Tennessee
• ShmooCon - An annual US east coast hacker convention
• CarolinaCon - An infosec conference, held annually in North Carolina
• CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con
• SummerCon - One of the oldest hacker conventions, held during Summer
• Hack.lu - An annual conference held in Luxembourg
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
• Hack3rCon - An annual US hacker conference
• ThotCon - An annual US hacker conference held in Chicago
• LayerOne - An annual US security conference held every spring in Los Angeles
• DeepSec - Security Conference in Vienna, Austria
• SkyDogCon - A technology conference in Nashville
• SECUINSIDE - Security Conference in Seoul
• DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
• AppSecUSA - An annual conference organised by OWASP
• BruCON - An annual security conference in Belgium
• Infosecurity Europe - Europe's number one information security event, held in London, UK
• Nullcon - An annual conference in Delhi and Goa, India
• RSA Conference USA - An annual security conference in San Francisco, California, USA
• Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
• Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
• Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
• 44Con - Annual Security Conference held in London
• BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia
• FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines {#information-security-magazines}

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
• Phrack Magazine - By far the longest running hacker zine

Please have a look at

• Top Hacking Books
• Top Reverse Engineering Books
• Top Machine learning Books
• Top 5 books Programming Books
• Top Java Books