Resources for my IntroSecCon 2021 Talk "Opening the Toolbox - A Guide to Pentesting Tools for CTFs".
Link to the slides can be found here.
My Socials
Twitter - @AffineSecurity
Linkedin - AffineSecurity
Discord - Affine#6730
My Blog - affinesecurity.gitlab.io
nmap - https://nmap.org/
massmap - https://github.com/robertdavidgraham/masscan
rustscan - https://github.com/RustScan/RustScan
feroxbuster - https://github.com/epi052/feroxbuster
Developer Tools - Firefox/Chrome
ffuf - https://github.com/ffuf/ffuf
BurpSuite - https://portswigger.net/burp/documentation/desktop
LinPEAS - https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
linux-exploit-suggester-2 - https://github.com/jondonas/linux-exploit-suggester-2
gtfobins - https://gtfobins.github.io/
pspy - https://github.com/DominicBreuker/pspy
WinPEAS - https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
Windows Exploit Suggester - Next Generation - https://github.com/bitsadmin/wesng
mimikatz - https://github.com/gentilkiwi/mimikatz/wiki
LOLBAS - https://lolbas-project.github.io/
WADCOMS - https://wadcoms.github.io/
Bloodhound - https://github.com/BloodHoundAD/BloodHound
Sharphound3 - https://github.com/BloodHoundAD/SharpHound3
Hacktricks - https://book.hacktricks.xyz/
PayloadAllTheThings - https://github.com/swisskyrepo/PayloadsAllTheThings
revshells - https://www.revshells.com/
SecLists - https://github.com/danielmiessler/SecLists
Note: "General" means that most or all of the tools in that category can be used in the practice environment.
Network Scanning
Web Application Tools
- General - Vulnversity(Free)
- BurpSuite - Juice Shop(Free)/Burp Suite(Paid)
Linux Local
- General - Linux PrivEsc(Free)
- LinPEAS - Basic Pentesting(Free)
Windows Local
- General - Blaster(Free)
- mimikatz, sharphound3, bloodhound - Post-Exploitation Basics(Free)