Skip to content

Instantly share code, notes, and snippets.

@numberwhun

numberwhun/PenTesting Bookmarks

Created October 13, 2015 21:47
Show Gist options
  • Save numberwhun/844eba3661a53018b905 to your computer and use it in GitHub Desktop.
Save numberwhun/844eba3661a53018b905 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PenTesting Bookmarks
I found this list by chance. It is located at: https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
Its a bit old (compiled in 2012), but links may still be valid.
------------------
Hacker Media
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
http://carnal0wnage.blogspot.com/
http://www.mcgrewsecurity.com/
http://www.gnucitizen.org/blog/
http://www.darknet.org.uk/
http://spylogic.net/
http://taosecurity.blogspot.com/
http://www.room362.com/
http://blog.sipvicious.org/
http://blog.portswigger.net/
http://pentestmonkey.net/blog/
http://jeremiahgrossman.blogspot.com/
http://i8jesus.com/
http://blog.c22.cc/
http://www.skullsecurity.org/blog/
http://blog.metasploit.com/
http://www.darkoperator.com/
http://blog.skeptikal.org/
http://preachsecurity.blogspot.com/
http://www.tssci-security.com/
http://www.gdssecurity.com/l/b/
http://websec.wordpress.com/
http://bernardodamele.blogspot.com/
http://laramies.blogspot.com/
http://www.spylogic.net/
http://blog.andlabs.org/
http://xs-sniper.com/blog/
http://www.commonexploits.com/
http://www.sensepost.com/blog/
http://wepma.blogspot.com/
http://exploit.co.il/
http://securityreliks.wordpress.com/
http://www.madirish.net/index.html
http://sirdarckcat.blogspot.com/
http://reusablesec.blogspot.com/
http://myne-us.blogspot.com/
http://www.notsosecure.com/
http://blog.spiderlabs.com/
http://www.corelan.be/
http://www.digininja.org/
http://www.pauldotcom.com/
http://www.attackvector.org/
http://deviating.net/
http://www.alphaonelabs.com/
http://www.smashingpasswords.com/
http://wirewatcher.wordpress.com/
http://gynvael.coldwind.pl/
http://www.nullthreat.net/
http://www.question-defense.com/
http://archangelamael.blogspot.com/
http://memset.wordpress.com/
http://sickness.tor.hu/
http://punter-infosec.com/
http://www.securityninja.co.uk/
http://securityandrisk.blogspot.com/
http://esploit.blogspot.com/
http://www.pentestit.com/
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/
Magazines:
http://www.net-security.org/insecuremag.php
http://hakin9.org/
Video:
http://www.hackernews.com/
http://www.securitytube.net/
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
http://avondale.good.net/dl/bd/
http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons
Methodologies:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
http://projects.webappsec.org/w/page/13246978/Threat-Classification
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://www.social-engineer.org/
OSINT
Presentations:
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
http://infond.blogspot.com/2010/05/toturial-footprinting.html
People and Organizational:
http://www.spokeo.com/
http://www.123people.com/
http://www.xing.com/
http://www.zoominfo.com/search
http://pipl.com/
http://www.zabasearch.com/
http://www.searchbug.com/default.aspx
http://theultimates.com/
http://skipease.com/
http://addictomatic.com/
http://socialmention.com/
http://entitycube.research.microsoft.com/
http://www.yasni.com/
http://tweepz.com/
http://tweepsearch.com/
http://www.glassdoor.com/index.htm
http://www.jigsaw.com/
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
http://www.tineye.com/
http://www.peekyou.com/
http://picfog.com/
http://twapperkeeper.com/index.php
Infrastructure:
http://uptime.netcraft.com/
http://www.serversniff.net/
http://www.domaintools.com/
http://centralops.net/co/
http://hackerfantastic.com/
http://whois.webhosting.info/
https://www.ssllabs.com/ssldb/analyze.html
http://www.clez.net/
http://www.my-ip-neighbors.com/
http://www.shodanhq.com/
http://www.exploit-db.com/google-dorks/
http://www.hackersforcharity.org/ghdb/
Exploits and Advisories:
http://www.exploit-db.com/
http://www.cvedetails.com/
http://www.milw0rm.com/ (Down permanently)
http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
http://www.securityfocus.com/bid
http://nvd.nist.gov/
http://osvdb.org/
http://www.nullbyte.org.il/Index.html
http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
http://secunia.com/
http://cve.mitre.org/
Cheatsheets and Syntax:
http://cirt.net/ports_dl.php?export=services
http://www.cheat-sheets.org/
http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
Agile Hacking:
http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
http://blog.commandlinekungfu.com/
http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
http://isc.sans.edu/diary.html?storyid=2376
http://isc.sans.edu/diary.html?storyid=1229
http://ss64.com/nt/
http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
http://www.pentesterscripting.com/
http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
OS and Scripts:
http://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://www.linuxsurvival.com/
http://mywiki.wooledge.org/BashPitfalls
http://rubular.com/
http://www.iana.org/assignments/port-numbers
http://www.robvanderwoude.com/ntadmincommands.php
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
Tools:
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
http://h.ackack.net/cheat-sheets/netcat
Distros:
http://www.backtrack-linux.org/
http://www.matriux.com/
http://samurai.inguardians.com/
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
https://pentoo.ch/
http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
http://www.piotrbania.com/all/kon-boot/
http://www.linuxfromscratch.org/
http://sumolinux.suntzudata.com/
http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
http://www.backbox.org/
Labs:
ISOs and VMs:
http://sourceforge.net/projects/websecuritydojo/
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
http://heorot.net/livecds/
http://informatica.uv.es/~carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
http://pynstrom.net/holynix.php
http://gnacktrack.co.uk/download.php
http://sourceforge.net/projects/lampsecurity/files/
https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.badstore.net/
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.dvwa.co.uk/
http://sourceforge.net/projects/thebutterflytmp/
Vulnerable Software:
http://www.oldapps.com/
http://www.oldversion.com/
http://www.exploit-db.com/webapps/
http://code.google.com/p/wavsep/downloads/list
http://www.owasp.org/index.php/Owasp_SiteGenerator
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Test Sites:
http://www.webscantest.com/
http://crackme.cenzic.com/Kelev/view/home.php
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
http://testaspnet.vulnweb.com/
http://testasp.vulnweb.com/
http://testphp.vulnweb.com/
http://demo.testfire.net/
http://hackme.ntobjectives.com/
Exploitation Intro:
If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.
http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
http://www.mgraziano.info/docs/stsi2010.pdf
http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
http://www.ethicalhacker.net/content/view/122/2/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
http://ref.x86asm.net/index.html
Reverse Engineering & Malware:
http://www.woodmann.com/TiGa/idaseries.html
http://www.binary-auditing.com/
http://visi.kenshoto.com/
http://www.radare.org/y/
http://www.offensivecomputing.net/
Passwords and Hashes:
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
http://cirt.net/passwords
http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
http://www.foofus.net/?page_id=63
http://hashcrack.blogspot.com/
http://www.nirsoft.net/articles/saved_password_location.html
http://www.onlinehashcrack.com/
http://www.md5this.com/list.php?
http://www.virus.org/default-password
http://www.phenoelit-us.org/dpl/dpl.html
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
Wordlists:
http://contest.korelogic.com/wordlists.html
http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.ericheitzman.com/passwd/passwords/
Pass the Hash:
http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
MiTM:
http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.mindcenter.net/uploads/ECCE101.pdf
http://toorcon.org/pres12/3.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.oact.inaf.it/ws-ssri/Costa.pdf
http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
http://blog.spiderlabs.com/2010/12/thicknet.html
http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
http://www.go4expert.com/forums/showthread.php?t=11842
http://www.irongeek.com/i.php?page=security/ettercapfilter
http://openmaniak.com/ettercap_filter.php
http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
http://spareclockcycles.org/2010/06/10/sergio-proxy-released/
Tools:
OSINT:
http://www.edge-security.com/theHarvester.php
http://www.mavetju.org/unix/dnstracer-man.php
http://www.paterva.com/web5/
Metadata:
http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
http://lcamtuf.coredump.cx/strikeout/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.edge-security.com/metagoofil.php
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
Google Hacking:
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
http://sqid.rubyforge.org/#next
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
Web:
http://www.bindshell.net/tools/beef
http://blindelephant.sourceforge.net/
http://xsser.sourceforge.net/
http://sourceforge.net/projects/rips-scanner/
http://www.divineinvasion.net/authforce/
http://andlabs.org/tools.html#sotf
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
http://code.google.com/p/pinata-csrf-tool/
http://xsser.sourceforge.net/#intro
http://www.contextis.co.uk/resources/tools/clickjacking-tool/
http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
http://sourceforge.net/projects/ws-attacker/files/
https://github.com/koto/squid-imposter
Attack Strings:
http://code.google.com/p/fuzzdb/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
Shells:
http://sourceforge.net/projects/yokoso/
http://sourceforge.net/projects/ajaxshell/
Scanners:
http://w3af.sourceforge.net/
http://code.google.com/p/skipfish/
http://sqlmap.sourceforge.net/
http://sqid.rubyforge.org/#next
http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://code.google.com/p/fimap/wiki/WindowsAttack
http://code.google.com/p/fm-fsf/
Proxies:
Burp:
http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
http://sourceforge.net/projects/belch/files/
http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
http://blog.ombrepixel.com/
http://andlabs.org/tools.html#dser
http://feoh.tistory.com/22
http://www.sensepost.com/labs/tools/pentest/reduh
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
http://intrepidusgroup.com/insight/mallory/
http://www.fiddler2.com/fiddler2/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
Social Engineering:
http://www.secmaniac.com/
Password:
http://nmap.org/ncrack/
http://www.foofus.net/~jmk/medusa/medusa.html
http://www.openwall.com/john/
http://ophcrack.sourceforge.net/
http://blog.0x3f.net/tool/keimpx-in-action/
http://code.google.com/p/keimpx/
http://sourceforge.net/projects/hashkill/
Metasploit:
http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://code.google.com/p/msf-hack/wiki/WmapNikto
http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
http://seclists.org/metasploit/
http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
http://meterpreter.illegalguy.hostzi.com/
http://blog.metasploit.com/2010/03/automating-metasploit-console.html
http://www.workrobot.com/sansfire2009/561.html
http://www.securitytube.net/video/711
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
http://vimeo.com/16852783
http://milo2012.wordpress.com/2009/09/27/xlsinjector/
http://www.fastandeasyhacking.com/
http://trac.happypacket.net/
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
MSF Exploits or Easy:
http://www.nessus.org/plugins/index.php?view=single&id=12204
http://www.nessus.org/plugins/index.php?view=single&id=11413
http://www.nessus.org/plugins/index.php?view=single&id=18021
http://www.nessus.org/plugins/index.php?view=single&id=26918
http://www.nessus.org/plugins/index.php?view=single&id=34821
http://www.nessus.org/plugins/index.php?view=single&id=22194
http://www.nessus.org/plugins/index.php?view=single&id=34476
http://www.nessus.org/plugins/index.php?view=single&id=25168
http://www.nessus.org/plugins/index.php?view=single&id=19408
http://www.nessus.org/plugins/index.php?view=single&id=21564
http://www.nessus.org/plugins/index.php?view=single&id=10862
http://www.nessus.org/plugins/index.php?view=single&id=26925
http://www.nessus.org/plugins/index.php?view=single&id=29314
http://www.nessus.org/plugins/index.php?view=single&id=23643
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=34477
http://www.nessus.org/plugins/index.php?view=single&id=15962
http://www.nessus.org/plugins/index.php?view=single&id=42106
http://www.nessus.org/plugins/index.php?view=single&id=15456
http://www.nessus.org/plugins/index.php?view=single&id=21689
http://www.nessus.org/plugins/index.php?view=single&id=12205
http://www.nessus.org/plugins/index.php?view=single&id=22182
http://www.nessus.org/plugins/index.php?view=single&id=26919
http://www.nessus.org/plugins/index.php?view=single&id=26921
http://www.nessus.org/plugins/index.php?view=single&id=21696
http://www.nessus.org/plugins/index.php?view=single&id=40887
http://www.nessus.org/plugins/index.php?view=single&id=10404
http://www.nessus.org/plugins/index.php?view=single&id=18027
http://www.nessus.org/plugins/index.php?view=single&id=19402
http://www.nessus.org/plugins/index.php?view=single&id=11790
http://www.nessus.org/plugins/index.php?view=single&id=12209
http://www.nessus.org/plugins/index.php?view=single&id=10673
NSE:
http://www.securitytube.net/video/931
http://nmap.org/nsedoc/
Net Scanners and Scripts:
http://nmap.org/
http://asturio.gmxhome.de/software/sambascan2/i.html
http://www.softperfect.com/products/networkscanner/
http://www.openvas.org/
http://tenable.com/products/nessus
http://www.rapid7.com/vulnerability-scanner.jsp
http://www.eeye.com/products/retina/community
Post Exploitation:
http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
http://www.phx2600.org/archive/2008/08/29/metacab/
http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Netcat:
http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
http://www.radarhack.com/tutorial/ads.pdf
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.dest-unreach.org/socat/
http://www.antionline.com/archive/index.php/t-230603.html
http://technotales.wordpress.com/2009/06/14/netcat-tricks/
http://seclists.org/nmap-dev/2009/q1/581
http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
http://gse-compliance.blogspot.com/2008/07/netcat.html
Source Inspection:
http://www.justanotherhacker.com/projects/graudit.html
http://code.google.com/p/javasnoop/
Firefox Addons:
https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
https://addons.mozilla.org/en-US/firefox/addon/osvdb/
https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Tool Listings:
http://packetstormsecurity.org/files/tags/tool
http://tools.securitytube.net/index.php?title=Main_Page
Training/Classes:
Sec/Hacking:
http://pentest.cryptocity.net/
http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
http://www.cs.ucsb.edu/~vigna/courses/cs279/
http://crypto.stanford.edu/cs142/
http://crypto.stanford.edu/cs155/
http://cseweb.ucsd.edu/classes/wi09/cse227/
http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
http://cr.yp.to/2004-494.html
http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
http://stuff.mit.edu/iap/2009/#websecurity
Metasploit:
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
http://vimeo.com/16925188
http://www.ustream.tv/recorded/13396511
http://www.ustream.tv/recorded/13397426
http://www.ustream.tv/recorded/13398740
Programming:
Python:
http://code.google.com/edu/languages/google-python-class/index.html
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
http://www.thenewboston.com/?cat=40&pOpen=tutorial
http://showmedo.com/videotutorials/python
http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
Ruby:
http://www.tekniqal.com/
Other Misc:
http://www.cs.sjtu.edu.cn/~kzhu/cs490/
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
http://resources.infosecinstitute.com/
http://vimeo.com/user2720399
Web Vectors
SQLi:
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
http://isc.sans.edu/diary.html?storyid=9397
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.evilsql.com/main/index.php
http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
http://sqlzoo.net/hack/
http://www.sqlteam.com/article/sql-server-versions
http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://www.youtube.com/watch?v=WkHkryIoLD0
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
http://vimeo.com/3418947
http://sla.ckers.org/forum/read.php?24,33903
http://websec.files.wordpress.com/2010/11/sqli2.pdf
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL
Upload Tricks:
http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
http://www.ravenphpscripts.com/article2974.html
http://www.acunetix.com/cross-site-scripting/scanner.htm
http://www.vupen.com/english/advisories/2009/3634
http://msdn.microsoft.com/en-us/library/aa478971.aspx
http://dev.tangocms.org/issues/237
http://seclists.org/fulldisclosure/2006/Jun/508
http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://shsc.info/FileUploadSecurity
LFI/RFI:
http://pastie.org/840199
http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
http://www.digininja.org/blog/when_all_you_can_do_is_read.php
XSS:
http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.technicalinfo.net/papers/CSS.html
http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
http://heideri.ch/jso/#javascript
http://www.reddit.com/r/xss/
http://sla.ckers.org/forum/list.php?2
Coldfusion:
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://zastita.com/02114/Attacking_ColdFusion..html
http://www.nosec.org/2010/0809/629.html
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
Sharepoint:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
Lotus:
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://seclists.org/pen-test/2002/Nov/43
http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
JBoss:
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
VMWare Web:
http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
Oracle App Servers:
http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.owasp.org/index.php/Testing_for_Oracle
http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
http://www.ngssoftware.com/papers/hpoas.pdf
SAP:
http://www.onapsis.com/research.html#bizploit
http://marc.info/?l=john-users&m=121444075820309&w=2
http://www.phenoelit-us.org/whatSAP/index.html
Wireless:
http://code.google.com/p/pyrit/
Capture the Flag/Wargames:
http://intruded.net/
http://smashthestack.org/
http://flack.hkpco.kr/
http://ctf.hcesperer.org/
http://ictf.cs.ucsb.edu/
http://capture.thefl.ag/calendar/
Conferences:
https://www.google.com/calendar/[email protected]&gsessionid=OK
Misc/Unsorted:
http://www.ikkisoft.com/stuff/SMH_XSS.txt
http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
http://whatthefuckismyinformationsecuritystrategy.com/
http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
http://www.sensepost.com/blog/4552.html
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
http://carnal0wnage.attackresearch.com/node/410
http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
Exploits and Advisories: http://dsecrg.com/pages/vul/
Pass the Hash: http://dsecrg.blogspot.com/search/label/SMBRelay%20bible
SAP: http://erpscan.com/products/erpscan-black-free/
Blogs Worth It: http://dsecrg.blogspot.com/
Magazines: http://magazine.hackinthebox.org/ http://www.phrack.com/
Tool Listings: http://www.xxxsoft.net/
Links don't work: http://www.ikkisoft.com/stuff/SMH_XSS.txt
Comment by [email protected], Jun 20, 2012
since this is such a nice comprehensive list, i figured i'd contribute. some of these are probably dupes, but i searched a few and you didn't have them, so...
Main - browsersec - Browser Security Handbook landing page - Project Hosting on Google Code: http://code.google.com/p/browsersec/wiki/Main
Inject your code to a Portable Executable file - Programmer's Heaven: http://www.programmersheaven.com/2/Inject-code-to-Portable-Executable-file
Blog: http://www.social-engineer.org/blog/
XSS (Cross Site Scripting) Cheat Sheet: http://ha.ckers.org/xss.html
ilektrojohn/creepy @ GitHub?: http://ilektrojohn.github.com/creepy/
Didier Stevens: http://blog.didierstevens.com/
Malcode Analysis Software Tools // iDefense Labs: http://labs.idefense.com/software/malcode.php
RMS's gdb Tutorial: http://www.unknownroad.com/rtfm/gdbtut/gdbtoc.html
Peter's gdb Tutorial: Table Of Contents: http://dirac.org/linux/gdb/
Reverse Engineering Team: http://www.reteam.org/
Adventures with Radare2 #1: A Simple Shellcode Analysis | Can't Hack, Won't Hack: http://canthack.org/2011/07/adventures-with-radare-1-a-simple-shellcode-analysis/
OpenRCE: http://www.openrce.org/articles/
Can we collect interesting Reverse Engineering blogs? : ReverseEngineering?: http://www.reddit.com/r/ReverseEngineering/comments/is2et/can_we_collect_interesting_reverse_engineering/
c0ffee.com/virus/cih.txt: http://c0ffee.com/virus/cih.txt
PDFTricks - corkami - a summary of PDF tricks - encodings, structures, JavaScript?... - reverse engineering experiments and documentations - Google Project Hosting: http://code.google.com/p/corkami/wiki/PDFTricks
Hacking Network Printers (Mostly HP JetDirects?, but a little info on the Ricoh Savins): http://www.irongeek.com/i.php?page=security/networkprinterhacking
mapping MAC addresses - samy kamkar: http://samy.pl/androidmap/
Windows XP Malware Removal/Cleaning Procedure - MajorGeeks? Support Forums: http://forums.majorgeeks.com/showthread.php?t=139313
M-unition » Blog Archive » EXT3 File Recovery via Indirect Blocks: https://blog.mandiant.com/archives/1593
Code analysis, Debugging and reverse engineering / Code security « Eikonal Blog: https://eikonal.wordpress.com/2011/02/28/code-analysis-debugging-and-reverse-engineering-code-security/
Volatility | Memory Forensics | Volatile Systems: https://www.volatilesystems.com/default/volatility
Windows Incident Response: Using RegRipper?: http://windowsir.blogspot.com/2011/03/using-regripper.html
poorcase - A perl script to virtually reconstruct a split forensic disk image - Google Project Hosting: http://code.google.com/p/poorcase/
Room362.com - Blog: http://www.room362.com/
Cryptology ePrint Archive: http://eprint.iacr.org/
Improved Persistent Login Cookie Best Practice | Barry Jaspan: http://jaspan.com/improved_persistent_login_cookie_best_practice
Designing an Authentication System: a Dialogue in Four Scenes: http://web.mit.edu/kerberos/www/dialogue.html
Understanding Hash Functions and Keeping Passwords Safe | Nettuts+: http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
Blogs | The Honeynet Project: https://www.honeynet.org/
MAEC - Malware Attribute Enumeration and Characterization: https://maec.mitre.org/index.html
Forensics Wiki: http://www.forensicswiki.org/wiki
Spare Clock Cycles: http://spareclockcycles.org/
grand stream dreams: Malware Analysis Resources: http://grandstreamdreams.blogspot.co.uk/2012/04/malware-analysis-resources.html
SANS: Information Security Reading Room - Computer Security White Papers: http://www.sans.org/reading_room/
Vulnerable VM List : securityCTF: https://www.reddit.com/r/securityCTF/comments/t53cr/vulnerable_vm_list/
nullsecurity team: http://www.nullsecurity.net/index.html
IAmA a malware coder and botnet operator, AMA : IAmA: http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/#
Undetectable - Portal: http://www.indetectables.net/
OpenSC - Security Research Forum - The Front Page: http://www.opensc.ws/
Penetration Testing and Vulnerability Analysis - Home: http://pentest.cryptocity.net/
Metasploit Minute: http://www.metasploitminute.com/
Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal | Patterns for Software Diagnostics: http://www.dumpanalysis.org/
oclHashcat-plus - advanced password recovery: https://hashcat.net/oclhashcat-plus/
Netcraft Anti-Phishing Toolbar: http://toolbar.netcraft.com/
pescrambler - Scrambler and Obfuscator for PE formatted Win32 binaries - Google Project Hosting: http://code.google.com/p/pescrambler/
Searching With VirusTotal? « Didier Stevens: http://blog.didierstevens.com/2012/05/21/searching-with-virustotal/
Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/Main_Page
n0security: http://n0security.blogspot.com/
VoIP Hopper - Jumping from one VLAN to the next!: http://voiphopper.sourceforge.net/
DE(E)SU - Cables Communication: http://dee.su/cables
volatility - An advanced memory forensics framework - Google Project Hosting: https://code.google.com/p/volatility/
GMER - Rootkit Detector and Remover: http://www.gmer.net/
Luigi Auriemma: http://aluigi.org/adv.htm
if you make this a git repo (mabe mediawiki on github or something) i'll look to dedupe and make a push. to make possible sharing easier for anyone else: <code>perl -Mojo -E 'for my $a (x(join " ", <>)->find("a")->each) { say " * " . $a->text . ": " . $a->{href} }' sec-bookmarks.html</code>
-----------
Other comments that need 'weeding' through to ensure validity:
Comment by [email protected], Jun 21, 2012
oh, and malwr and cuckoobox
Comment by CiphersSon, Jun 21, 2012
I was going to atempt to make a list of android apk's that were security related. However this seem like a better format than my craptastic blog. http://n00bfu.com/2012/06/a-comprehensive-list-of-android-security-apps/ (work in progress.)
Comment by [email protected], Jul 2, 2012
Comprehensive list. I would suggest to add 3 sites to the list.
http://www.labnol.org http://www.invectura.com http://www.bgr.com
Comment by saimakhanb, Jul 14, 2012
Totally agree with your suggestion... Very nice post and good information here... Thanks for posting that....
http://teavdrama.com/
Comment by [email protected], Jul 23, 2012
I would suggest the following to be included:
http://pentestlab.wordpress.com/
Comment by [email protected], Aug 12, 2012
also include the following.... http://pakistantalks.com/
Comment by [email protected], Aug 13, 2012
http://www.googleusercontent.in
Comment by [email protected], Aug 18, 2012
I would suggest to add http://international-handmade.info/
Comment by [email protected], Sep 5, 2012
Hit too, http://www.tokobungacantik.com dan http://www.mahadewiflorist.com
Comment by [email protected], Oct 15, 2012
Thanks for reverse enggg there's http://at4re.com too
Comment by [email protected], Nov 18, 2012
CyberPunk? @ http://www.n0where.net
Comment by [email protected], Dec 18, 2012
http://www.tokobungasabana.com http://littletods.com/en/content/4-perlengkapan-bayi
Comment by [email protected], Dec 20, 2012
http://www.infotive.net
Comment by ecasbas, Jan 17, 2013
Web fingerprinting: http://desenmascara.me/
Comment by [email protected], Jan 19, 2013
Please check out my forum for the list at http://zero-security.org
Comment by [email protected], Feb 8, 2013
just a hint: add svn checkout ability - bring sync to that list! I'd like to just type: svn update to get latest version, will wait for that =))) Thanks.
Comment by [email protected], Feb 9, 2013
my ethical hacking and security forum can be found at http://www.zero-security.org I have also just started making tutorials on how to use the various tools in Backtrack 5 r3
Comment by [email protected], Feb 19, 2013
if you want to get in touch with Hacking News, Defacements, Anonymous Hackers and Security news.Go: http://www.thehackerspost.com
Comment by [email protected], Apr 10, 2013
very nice!
@sarath427
Copy link

Instabuilder 2.0 is the best plugin to design landing pages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment