pwnd

pwnd.md

Tools

• Metaspoit: Penetration testing software
• GhostShell: Malware indetectable, with AV bypass techniques, anti-disassembly, etc.
• BeEF: The Browser Exploitation Framework
• PTF: Penetration Testers Framework
• Bettercap: MITM framework
• Nessus: Vulnerability scanner
• AutoNessus: Auto Nessus
• BDFProxy: Patch Binaries via MITM (BackdoorFactory)
• Xplico: Network Forensic Analysis Tool (eg. parse pcap file)
• Sqlmap: Automatic SQL injection and database takeover tool
• jsql-injection: Java application for automatic SQL database injection
• HoneyProxy: MITM
• Gophish: Open-Source Phishing Framework
• SET: Social-Engineer Toolkit
• USBRubberDucky: USB Rubber Ducky
• USB Wifi Ducky: Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
• WHID: WiFi HID Injector for Fun & Profit - An USB Rubberducky On Steroids.
• SimplyEmail: Email recon framework
• WiFI pineapple: WiFI pineapple (mitm)
• makeMyCSRF: makeMyCSRF is a tool that can be used to automate auto-submit HTML form creation
• Weeman: HTTP Server for phishing
• PlugBot: The PlugBot: Hardware Botnet Research Project
• Pwn Phone: Portable pentesting device
• EmPyre: A post-exploitation OS X/Linux agent written in Python 2.7
• Mimikatz: A little tool to play with Windows security (videos)
• Acunetix: Scanner to check for XSS, SQL Injection and other web vulnerabilities
• Burp Suite: The leading toolkit for web application security testing
• Burp NoPE Proxy: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
• ntopng: High-speed web-based traffic analysis
• nethogs: Linux 'net top' tool
• jnettop: traffic visualiser
• Lynis: Security auditing tool for Linux, macOS, and UNIX-based systems
• Volatility: An advanced memory forensics framework
• Radare: portable reversing framework
• Android Fallible: Secrets leak in Android apps
• XssPy: Web Application XSS Scanner
• Unicorn: Tool for using a PowerShell downgrade attack and inject shellcode straight into memory
• changeme: A default credential scanner
• Mercure: Tool for security managers who want to train their collaborators to phishing
• catphish: For phishing and corporate espionage
• Security Checklist: The SaaS CTO Security Checklist
• cgPwn: A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks
• pwlist: Password lists obtained from strangers attempting to log in to my server
• howmanypeoplearearound: Count the number of people around you by monitoring wifi signals
• xss-listener: XSS Listener is a penetration tool for easy to steal data with various XSS
• owasp-mstg: The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering
• KeychainCracker: macOS keychain cracking tool
• Microsploit: Fast and easy create backdoor office exploitation using module metasploit packet
• InjectProc: Process Injection Techniques
• expdevBadChars: Bad Characters highlighter for exploit development
• massExpConsole: Collection of Tools and Exploits with a CLI UI
• getsploit: Command line utility for searching and downloading exploits
• Findsploit: Find exploits in local and online databases instantly
• vulscan: Advanced vulnerability scanning with Nmap NSE
• psychoPATH: a blind webroot file upload & LFI detection tool
• repo-supervisor: Scan your code for security misconfiguration, search for passwords and secrets
• xssor: Hack with Javascript (online tool)
• xray: XRay is a tool for recon, mapping and OSINT gathering from public networks
• Frida: Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX
• objection: runtime mobile exploration (based on Frida)
• pwnbox: Docker container with tools for binary reverse engineering and exploitation
• backdoor-apk: shell script that simplifies the process of adding a backdoor to any Android APK file
• Attify OS: Distro for pentesting IoT devices
• Zeus: AWS Auditing & Hardening Tool
• EvilAbigail: Automated Linux evil maid attack (backdoors initrd)
• mitm-router: Man-in-the-middle wireless access point inside a docker container
• Dracnmap: Exploit Network and Gathering Information with Nmap
• RastLeak: Tool To Automatic Leak Information Using Hacking With Engine Searches
• pupy: remote administration and post-exploitation tool (python)
• pwndsh: Post-exploitation framework (bash) (presentation)
• kwetza: Python script to inject existing Android applications with a Meterpreter payload
• zmap: ZMap Internet Scanner
• zgrab: Application layer scanner that operates with ZMap
• OpenVAS: The world's most advanced Open Source vulnerability scanner and manager
• Vulny-Code-Static-Analysis: Basic script to detect vulnerabilities into a PHP source code
• knockpy: Knock Subdomain Scan
• BoopSuite: A Suite of Tools written in Python for wireless auditing and security testing (demo)
• DataSploit: An OSINT Framework to perform various recon techniques
• domain_analyzer: Analyze the security of any domain by finding all the information possible
• Luckystrike: A PowerShell based utility for the creation of malicious Office macro documents (demo)
• sqlcheck: Automatically identify anti-patterns in SQL queries
• SSRF Testing: https://github.com/cujanovic/SSRF-Testing/
• XFLTReaT: Tunnelling Framework (kitploit)
• rudra: Framework for exhaustive analysis of (PCAP and PE) files
• PenBox: Penetration Testing Framework - The Tool With All The Tools , The Hacker's Repo (website)
• post-exploitation: Post Exploitation Collection
• p0wnedShell: PowerShell Runspace Post Exploitation Toolkit
• sshpry: Seamlessly spy on SSH session like it is your tty
• cameradar: Cameradar hacks its way into RTSP CCTV cameras
• DET: Data Exfiltration Toolkit
• AhMyth-Android-RAT: Android Remote Administration Tool
• cve-search: tool to perform local searches for known vulnerabilities
• kernelpop: kernel privilege escalation enumeration and exploitation framework (kitsploit.com)
• subjack: Hostile Subdomain Takeover tool (blog)
• nmap-vulners: NSE script based on Vulners.com API
• recon-ng: full-featured Web Reconnaissance framework
• InSpy: A LinkedIn enumeration tool
• routersploit: The Router Exploitation Framework
• Zeus-Scanner: Advanced reconnaissance utility
• btlejuice: BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework
• censys-subdomain-finder: Perform subdomain enumeration using the certificate transparency logs from Censys
• Striker: Striker is an offensive information and vulnerability scanner
• ezsploit: Linux bash script automation for metasploit
• ctfr: Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
• autosploit: Automated mass exploitation of remote hosts using Shodan and Metasploit
• evilgrade: take advantage of poor upgrade implementations by injecting fake updates
• crt.sh: Certificate Search (eg. %.cambridgeanalytica.org)
• usbdetective: application for identifying, investigating, and reporting on USB storage devices that have been connected to a Windows system
• Galileo: Web Application Audit Framework
• XSStrike: XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator
• emkei.cz: Free online fake mailer with attachments, encryption, HTML editor and advanced settings…
• probequest: Toolkit for Playing with Wi-Fi Probe Requests
• wifite2: Rewrite of the popular wireless network auditor, "wifite", for auditing wireless networks
• Diggy: Extract endpoints from apk files
• pyfiscan: Free web-application vulnerability and version scanner
• sandmap: tool supporting network and system reconnaissance using the massive Nmap engine
• gitrob: Reconnaissance tool for GitHub organizations
• evilginx2: mitm attack framework used for phishing login credentials
• Modlishka: Reverse Proxy. Phishing NG
• trape: People tracker on the Internet: OSINT analysis and research tool
• HiddenEye: Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services
• assetfinder: Find domains and subdomains related to a given domain
• waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain

Use cases

• https://github.com/eset/malware-ioc: Indicators of Compromises (IOC) of our various investigations

Devices

• Emutag: Mifare ultralight and ntag2x3 emulator
• WiFi deauther OLED V2
• Mobile Hack Gear

Wifi

• bully-vanilla: Bully is a new implementation of the WPS brute force attack
• boxon: Détecteur box vulnérables à la brèche PIN NULL (topic)
• NullWpsPinAuto: Simple bash script intended to exploit the Null Wps Pin breach automatically

Blog / Docs

• The definitive guide to form-based website authentication
• Improved Persistent Login Cookie Best Practice
• Nmap Cheat Sheet
• XSS Cheat Sheet

Training

• HackTheBox
• Hacker House
• Docker Hacking Challenge

Misc

• Collection of CSP bypasses
• GTFOBins: Curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions

Other lists

• https://github.com/zbetcheckin/Security_list
• https://github.com/Hack-with-Github/Awesome-Hacking
• https://github.com/enaqx/awesome-pentest
• https://github.com/shieldfy/API-Security-Checklist
• https://github.com/forter/security-101-for-saas-startups
• https://github.com/carpedm20/awesome-hacking
• https://github.com/sobolevn/awesome-cryptography
• https://github.com/secfigo/Awesome-Fuzzing
• https://github.com/vitalysim/Awesome-Hacking-Resources
• https://github.com/jivoi/awesome-osint
• https://github.com/terjanq/Tiny-XSS-Payloads: A collection of tiny XSS Payloads that can be used in different contexts.