Table of contents

• PentestInfo
  • 0X01 Information Gethering
    • IP And DNS
    • Information leakage
  • 0X02 Denial Of Service
  • 0X03 Scan
    • Identify
    • Tools For Overall Scan
    • Web Applications Scan Tools
  • 0X04 Fuzz and Password
  • 0X05 Password crack
  • 0X06 System Vulnerability
  • 0X07 Web Relevant Online Website
  • 0X08 Existing Vulnerability Finding
  • 0X09 Cheatsheet
  • 0X10 Webshell And Payload
  • 0X11 Code Review And Some Challeges
  • 0X12 Code Review Scan Tools
  • 0X13 Frameworks and Components POC
  • 0X14 Malicious File Detection
  • 0X15 Port Foward
  • 0X16 Backdoor
  • 0X17 Intranet Domain Penetration
  • 0X18 Wifi Attack Relevant
  • 0X19 After Penetration
  • 0X20 MISC(Brute force,encode,decode,cipher)
  • 0x21 Vulnerability System
  • 0x22 Learn More
  • standard

PentestInfo

Some tools and websites may useful in penetration.

0X01 Information Gethering

IP And DNS

• Shodan
• Zoomeye
• censys
• Advantage search grammar
• netcraft
• ssl certificate search
• Myssl
• ssltest
• zone-transger
• lookup dns records
• threatbook
• List_of_TCP_and_UDP_port_numbers
• CertDB
• SPF cheack
• tko-subs A tool that can help detect and takeover subdomains with dead DNS records.

Information leakage

• GitHack .git folder disclosure exploit
• x-patrol github leakage information gathering
• repo-security-scanner CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
• dvcs-ripper Rip web accessible (distributed) version control systems
• svnExploit
• Swp found cmd: vim -r index.php.swp
• DS_store A .DS_Store file disclosure exploit. It parse .DS_Store file and download files recursively.

0X02 Denial Of Service

• sloworis
• slowhttptest
• LOIC

0X03 Scan

Identify

• WhatWeb
• Wafw00f
• Yunsee

Tools For Overall Scan

• Nmap
• msscan
• OWASP Zap
• OWTF
• Openvas
• *Burpsuite
• Burpsuite extensions
• Kubernetes Files Scanning
• Nikto
• Fiddler
• W3af
• Mantra
• Discover

Useful other platform or Extensions

• XSShunter
• Ceye
• Websocket client chrome extension
• SSRFmap
• LinkFinder
• interestingFileScanner
• CrossSiteContentHijacking
• XSS De/Enc
• websocket.org Testing websocket online!
• Regulex JavaScript Regular Expression Visualizer
• Webrtc-ips
• dns-rebind-toolkit
• DNS rebinding online

Web Applications Scan Tools

• Sqlmap
• Wpscan
• Struts-scan
• Arachni-scanner
• Xsstrike

0X04 Fuzz and Password

• default password search
• Fuzzdb
• Awesome Fuzzing
• Passwd listhy
• Hydra
• Pydictor

0X05 Password Crack

• Hash-analyzer online
• Hash-identification online
• Hash_type_checker online
• Hash-identifier inline kali
• hashcat
• John the Ripper
• cmd5 online
• md5-decrypter online
• md5hashing online
• JWT brute force cracker written in C

0X06 System Vulnerability

• Linux kernel-exploits
• Windows exploits
• Tool using public databases to suggest windows expolits
• Awesome tools to exploit Windows
• Awesome Windows Exploitation

0X07 Web Relevant Online Website

• What can I use
• CSP evaluator
• Mozilla wen documents
• Curesec blog
• JWT online
• Broken browser
• JS beautiful
• JStillery
• PHP packagist

0X08 Existing Vulnerability Finding

• Gathering by chybeta
• 0Day today
• CVE list
• CNNVD
• CVEdetails
• Exploitdb
• Seclists
• Cxsecurity
• explainshell
• kitploit tools introduction
• Searchsploit
• Seebug
• Sherlocak PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
• Windows Exploit Suggester
• Linux Kernel Exploit Suggester
• Next-Generation Linux Kernel Exploit Suggester
• Vuldb

0X09 Cheatsheet

• PayloadsAllTheThings
• Pentestmonkey
• Basic Linux Privilege Escalation
• Penetration Testing Tools Cheat Sheet
• OWASP_Testing_Guide_v4_Table_of_Contents
• OWASP Cheat sheat
• sql inject cheat sheet
• Awesome WAF
• Google Dorks Cheat Sheet
• OWASP-Web-Checklist
• AwesomeXSS
• CheatSheetSeries
• Shellcodes database for study cases
• OXML_XXE

0X10 Webshell And Payload

• PHP Webshell
• Webshell
• Payloads

0X11 Code Review And Some Challeges

• python
• PHP-Audit-Labs
• Code-Audit-Challenges
• Wonderkun CTF_web
• pasc2cat

0X12 Code Review Scan Tools

• bandit
• scanjs
• Cobra
• Fortify SCA
• Phpvulhunter
• Rips
• VCG
• Bugscanner
• sonar

0X13 Frameworks and Components POC

• CMS-Hunter
• PHP-code-audit
• POC-Collect

0X14 Malicious File Detection

• VirSCAN.org is a FREE on-line scan service, which checks uploaded files for malware, using antivirus engines, indicated in the VirSCAN list
• Oletools is a package of python tools to analyze Microsoft OLE2 files(also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging.

0X15 Port Foward

• FRP
• localtunnel
• Ngrok
• FRP
• EarthWormis a portable network penetration tool with two core functions of SOCKS v5 service erection and port forwarding, which can complete network penetration in complex network environment.
• ReGeorg
• Proxychains

0X16 Backdoor

• cymothoa is a stealth backdooring tool, that inject backdoor’s shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them.
• The backdoor factory The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
• Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications
• RootKits List Download is the list of all rootkits found so far on github and other sites.
• veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
• Ixkeylog is a X11 keylogger for Unix that basically uses xlib to interact with users keyboard. IXKeyLog will listen for certain X11 events and then trigger specific routines to handle these events.
• SshLooter Script to steal passwords from ssh.
• Schtasks-Backdoor is a powshell back door
• Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
• Luckystrike A PowerShell based utility for the creation of malicious Office macro documents.
• DNS-Shell is an interactive Shell over DNS channel.
• Icmpsh
• Office cve1027-8570
• CVE-2017-11882
• Winrar cve2018-20250

0X17 Intranet Domain Penetration

• Termite
• Empire is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing
• Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing
• WMI(Windows Management Instrumentation)
• mimikatz
• mimikittenz
• Invoke-Obfuscation
• BloodHound
• UACME Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.
• PowerShell-Suite is a collection of PowerShell utilities which are great tools and resources online to accomplish most any task.
• Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
• Windows EXE Impacket
• PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts.
• metasploit-framework
• Koadic is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
• CrackMapExec is designed to be used in testing and discovering flaws in one's own network with the aim of fixing the flaws detected.

0X18 Wifi Attack Relevant

• Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing.
• Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking.
• Wifite2
• Ettercap is a comprehensive suite for man in the middle attacks.
• mdk3 is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
• RouterSoloit is an open-source exploitation framework dedicated to embedded devices.
• Fern wifi cracker
• Gerix wifi cracker 2
• ghost-phisher
• cowpatty
• Pyrit
• WiFi Pumpkin

0X19 After Penetration

• LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.
• Phant0m is a PowerShell script and targets the Windows Event Log Service in Windows operating system.
• Elsave is a tool to save and/or clear a NT event log.
• Clearlogs Clear All Windows System Logs - AntiForensics
• Nirsoft browser cache,password recovery,password cache......
• NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.
• Linux应急响应/信息搜集脚本 V2.0

0X20 MISC(Brute force,encode,decode,cipher)

• rumkin
• tomeko
• cryptool-online
• CyberChef
• crackstation
• freeformatter
• factordb
• Run Sage code online
• Atbash cipher
• Hill cipher
• pigpen cipher
• gif-extract
• fence password
• file hash
• QR code
• barcode-reader
• MIME Headers Decoder
• jsfuck
• jsbrainfuck
• jsaaencode
• execute_malbolge_online

0x21 Vulnerability System

• Vulnhub
• Vulhub
• Webgoat
• Vulapps
• bWAPP
• DVWA
• Sqli labs
• XSS quiz answer:http://blog.knownsec.com/Knownsec_RD_Checklist/res/xss_quiz.txt
• Prompt answer:https://github.com/cure53/XSSChallengeWiki/wiki/prompt.ml
• Alert1 answer:
• Lpeworkshop Windows / Linux Local Privilege Escalation Workshop.

0x22 Learn More

• Atomic Red Team is a library of simple tests that every security team can execute to test their controls. Tests are focused, have few dependencies, and are defined in a structured format that be used by automation frameworks.
• Kanxue college
• Micro8
• Intranet_Penetration_Tips
• OWASP
• Owesome DevsecOps
• Intranet Penetration Tips
• Awesome Pentest
• Scanner-Box is the toolbox of open source scanners
• Mind Map
• Sec-chart
• Seclists
• SecurityDoucument
• Ired Team
• Osstmm Open Source Security Testing Methodology Manual (OSSTMM).
• HTML5 sec
• The-Hacker-Playbook-3-Translation
• APTnotes
• TOOLS
• Tools links
• [Knownsec RD Checklist](http://blog.knownsec.com/Knownsec_RD_Checklist/

standard

• OWASP_Testing_Guide_v4_Table_of_Contents
• PCI-DSS
• RFC