The Open Penetration Testing Bookmarks Collection
...is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research.
Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Who?: Started by Jason Haddix, Director of Penetration Testing at HP Fortify.
How it's working atm: First off, we need help. OCD organizational people and people who can contribute or sort out the best links. Comment on the wiki if you wanna pitch in. Free beer at con's ;)
The whole bookmarks html file is ready for import to firefox off of the downloads section. As people submit new links we will add them and restructure the categories as they expand. Otherwise the wiki page should have all the links piecemeal should you not decide to download the whole folder (which is lame).
How to submit your bookmarks: Since a bookmarks file is not really what you usually use a code repository for we opted just to use the download and wiki sections of google code.
If you have suggestions or a few links to submit, leave a comment on the wiki page.
Not all links submitted will be added.
If you think you have a large set of bookmarks you think can contribute email us and we might add you to the contributors section.
FAQ: Why not use a social bookmarking site?
Well, we don’t really like them. They offer tagging but as long as we keep the list categorized well we will stick with this format… for now. Again this is the OPEN Pentest Bookmarks Collection so feel free to port it if you so desire.
Why didn’t my bookmark make the cut?
We hate to be choosy with an open source project but we wanted to keep the bookmarks very fresh and relevant. Who made us judge and jury? um… googlecode apparently. Hell, we even plan on pruning some of the initial ones we picked out (don’t worry all revisions should be documented). If your link didn’t make it, we apologize, we have only so many categories and we don’t want the collection to headsplode too fast.
Can I help with parsing/project work?
yes! PLEASE! email me at jhaddixat?securityaegis.com
The general categories are: Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
OSINT has become a hug part of the pentest methodology. From fueling social engineering, to passively profiling your target infrastructure. There are subfolders for Presentaions on how-to, sites for profiling people and organizations, ans sites for profiling technical assets. This section is doing okay atm.
Exploits and Advisories
Places to go for exploit descriptions, white-papers, and code. Needs work.
If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.
Mostly collections of guides on non-tool command line hacking syntax. Heavily inspired by Ed Skoudis and PDP of GNUCitizen. Needs work.
Cheatsheets and fu!
Random cheatsheets for heavily used tools and reference. Need a lot of work.
Collection of *nix command line knowledge and distributions for pentesting. Needs work.
Open source classes relating to hacking and penetration testing. I would really like to find more of these.
Some practical and some high level methodologies for hacking related activities. Needs a lot of work.
If you want to practice your fu, these links to test sites, blogs about practice, and lab setup-how to's will help. needs work, would like to convert to direct links as well.
Semi-parsed, nor has it really been inspected for relevancy. More of just a place i dump links for new tools and tools i use often. Needs a LOT of help, parsing, additions, etc.
I do a lot of web stuff. Here are some web vectors and associated useful docs and cheatsheets on each of them. Could always use more in these sections.
Not categorized, misc, and randomness.
It's not even parsed yet, nor has it really been inspected for relevancy. needs lots of work.
Needs additions to main pages of con video archives. It's an okay start though. Needs work.