Базовые курсы
#General/Basic Exploitation
############################
The Penetration Testing Execution Standard
Metasploit Unleashed - Free Online Ethical Hacking Course | OffSec
Metasploit Unleashed (MSFU) is a Free Online Ethical Hacking Course by OffSec, which benefits Hackers for Charity. Learn how to use Metasploit.
Metasploit Basics « Null Byte :: WonderHowTo
Wonder How To is your guide to free how to videos on the Web. Search, Browse and Discover the best how to videos across the web using the largest how to video index on the web. Watch the best online video instructions, tutorials, & How-Tos for free. Have your own how to videos? Submit them to...
null-byte.wonderhowto.com
OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation
OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
GitHub - nixawk/pentest-wiki: PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others. - nixawk/pentest-wiki
github.com
GitHub - beefproject/beef: The Browser Exploitation Framework Project
The Browser Exploitation Framework Project. Contribute to beefproject/beef development by creating an account on GitHub.
github.com
Burp Suite - Application Security Testing Software
Get Burp Suite. The class-leading vulnerability scanning, penetration testing, and web app security platform. Try for free today.
portswigger.net
Metasploit | Penetration Testing Software, Pen Testing Security | Metasploit
Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the world's best penetration testing software now.
www.metasploit.com
Exploit Pack
Discover our security tools and become unstoppable. Exploit Pack has been since 2008 helping Penetration Testers, Red Teams and Cyber Security professionals around the world achieve results no other tools can.
GitHub - commixproject/commix: Automated All-in-One OS Command Injection Exploitation Tool.
Automated All-in-One OS Command Injection Exploitation Tool. - commixproject/commix
github.com
GitHub - threat9/routersploit: Exploitation Framework for Embedded Devices
Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.
github.com
#Distros
############################
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
www.kali.org
BlackArch Linux - Penetration Testing Distribution
BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers.
www.blackarch.org
#Vulnscanner/Sniffer/Tools/Web Exploitation
############################
COMPUTER SECURITY TOOLBOX - AskApache
List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits...
www.askapache.com
decrypt_cipher.sh - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Advanced Vulnerability Assessment with Nessus Professional
Nessus Pro: The most widely deployed vulnerability assessment solution for identifying vulnerabilities, misconfigurations and out-of-compliance settings.
www.tenable.com
Nexpose On-Premise Vulnerability Scanner - Rapid7
Learn about Rapid7's on-prem vulnerability scanning tool, Nexpose. See how our vulnerability scanner prioritizes vulnerabilities and speeds up remediation.
www.rapid7.com
Nikto 2.5 | CIRT.net
Nmap: the Network Mapper - Free Security Scanner
Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.
nmap.org
GitHub - netsniff-ng/netsniff-ng: A Swiss army knife for your daily Linux network plumbing.
A Swiss army knife for your daily Linux network plumbing. - netsniff-ng/netsniff-ng
github.com
GitHub - fwaeytens/dnsenum: dnsenum is a perl script that enumerates DNS information
dnsenum is a perl script that enumerates DNS information - fwaeytens/dnsenum
github.com
GitHub - makefu/dnsmap: fork of http://code.google.com/p/dnsmap/source/checkout
fork of http://code.google.com/p/dnsmap/source/checkout - makefu/dnsmap
github.com
WPScan: WordPress Security Scanner
A WordPress vulnerability database for WordPress core security vulnerabilities, plugin vulnerabilities and theme vulnerabilities.
wpscan.org
Network Security Toolkit (NST 40)
networksecuritytoolkit.org
GitHub - SamJoan/droopescan: A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. - SamJoan/droopescan
github.com
GitHub - andresriancho/w3af: w3af: web application attack and audit framework, the open source web vulnerability scanner.
w3af: web application attack and audit framework, the open source web vulnerability scanner. - andresriancho/w3af
github.com
Invicti (formerly Netsparker) | Web Application and API Security for Enterprise
Get accurate, automated application security testing that scales like no other solution. Secure 1000s of web assets with less manual effort. Reduce your risk with the only…
www.netsparker.com
#Password Cracker
############################
John the Ripper password cracker
A fast password cracker for Unix, macOS, Windows, DOS, BeOS, and OpenVMS
www.openwall.com
hashcat - advanced password recovery
World's fastest and most advanced password recovery utility
#Online Tools
############################
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
Crackstation is the most effective hash cracking service. We crack: MD5, SHA1, SHA2, WPA, and much more...
crackstation.net
Online investigation tool - Reverse IP, NS, MX, WHOIS and Search Tools
DNSlytics provides the ultimate online investigation tool. See detailed information about every IP address, domain name and provider. Perform network tests like DNS lookup, email testing and WHOIS lookups.
www.tcpiputils.com
#Exploits (Exploit/Vulnerability Databases)
############################
OffSec’s Exploit Database Archive
The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
GitHub - InteliSecureLabs/Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number
Linux Exploit Suggester; based on operating system release number - GitHub - InteliSecureLabs/Linux_Exploit_Suggester: Linux Exploit Suggester; based on operating system release number
github.com
NVD - Home
nvd.nist.gov
Home Page | CISA
www.us-cert.gov
Bugtraq
Full Disclosure Mailing List
SecLists.org archive for the Full Disclosure mailing list: A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some...
seclists.org
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
packetstormsecurity.com
SecuriTeam - A Free Accurate and Independent Source of Vulnerability Information
SecuriTeam is dedicated to bringing you the latest news and utilities in computer security. We hope this will help you cope with the newest security threats.
www.securiteam.com
CXSECURITY.COM Free Security List
CXSECURITY (Independent information about security) is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications.
cxsecurity.com
VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform - INDEX
VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY - Best Independent Bug Bounty Programs, Responsible Disclosure & Vulnerability Coordination Platform
www.vulnerability-lab.com
#Payloads/Reverse Shells
############################
Veil-Evasion - Veil - Framework
Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions. Veil-Evasion’s code is located at https://www.github.com/Veil-Framework/Veil-Evasion/ and it’s a part of the Veil super project at https://github.com/Veil-Framework/Veil which we recommend mosts users...
www.veil-framework.com
Reverse Shell Cheat Sheet | pentestmonkey
pentestmonkey.net
Reverse Shell Cheat Sheet: PHP, ASP, Netcat, Bash & Python
Reverse Shell Cheat Sheet (Updated: 2024), a list of reverse shells for connecting back on Linux/Windows with PHP, Python, Powershell, nc (Netcat), JSP, Java, Bash, PS etc.
#CTF
############################
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
www.vulnhub.com
#Info/Blogs/Techniques/etc
############################
Scripting with style [Bash Hackers Wiki]
wiki.bash-hackers.org
Articles | Corelan Cybersecurity Research
This is a hand-picked list of blog posts that belong together / are related to each other : ###articles###
www.corelan.be
What is Cross-Site Scripting? XSS Cheat Sheet | Veracode
What is cross-site scripting (XSS)? Learn what XSS injection is and best practices for cross-site scripting prevention. See how Veracode can help today!
XSS Attack Examples (Cross-Site Scripting Attacks)
In the previous article of this series, we explained how to prevent from SQL-Injection attacks. In this article we will see a different kind of attack called XXS attacks. XSS stands for Cross Site Scripting. XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by...
www.thegeekstuff.com
Basic Linux Privilege Escalation - g0tmi1k
Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a
blog.g0tmi1k.com
The Hacker News | #1 Trusted Cybersecurity News Site
The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis.
Basic Union Based SQL Injection
SecurityIdiots - A Blog to keep a note of stuff we explore
securityidiots.com
Using php://filter for local file inclusion | Application Security
PHP filters can be used to prevent PHP code executing when used in Local File Inclusion attacks.
www.idontplaydarts.com
#Lists
############################
Kali Tools | Kali Linux Tools
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
tools.kali.org
SecTools.Org Top Network Security Tools
Rankings and reviews of computer and network security software, programs, and tools.
sectools.org
GitHub - fffaraz/awesome-cpp: A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.
A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff. - fffaraz/awesome-cpp
github.com
GitHub - fffaraz/awesome-cpp: A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.
A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff. - fffaraz/awesome-cpp
github.com
GitHub - alebcay/awesome-shell: A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.
A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php. - alebcay/awesome-shell
github.com
GitHub - dreikanter/ruby-bookmarks: Ruby and Ruby on Rails bookmarks collection
Ruby and Ruby on Rails bookmarks collection. Contribute to dreikanter/ruby-bookmarks development by creating an account on GitHub.
github.com
GitHub - sorrycc/awesome-javascript: 🐢 A collection of awesome browser-side JavaScript libraries, resources and shiny things.
🐢 A collection of awesome browser-side JavaScript libraries, resources and shiny things. - sorrycc/awesome-javascript
github.com
GitHub - sindresorhus/awesome-nodejs: :zap: Delightful Node.js packages and resources
:zap: Delightful Node.js packages and resources. Contribute to sindresorhus/awesome-nodejs development by creating an account on GitHub.
github.com
GitHub - dloss/python-pentest-tools: Python tools for penetration testers
Python tools for penetration testers. Contribute to dloss/python-pentest-tools development by creating an account on GitHub.
github.com
GitHub - ashishb/android-security-awesome: A collection of android security related resources
A collection of android security related resources - ashishb/android-security-awesome
github.com
GitHub - bayandin/awesome-awesomeness: A curated list of awesome awesomeness
A curated list of awesome awesomeness. Contribute to bayandin/awesome-awesomeness development by creating an account on GitHub.
github.com
GitHub - paragonie/awesome-appsec: A curated list of resources for learning about application security
A curated list of resources for learning about application security - paragonie/awesome-appsec
github.com
GitHub - apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
A curated list of CTF frameworks, libraries, resources and softwares - apsdehal/awesome-ctf
github.com
GitHub - carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources
A curated list of awesome Hacking tutorials, tools and resources - carpedm20/awesome-hacking
github.com
GitHub - paralax/awesome-honeypots: an awesome list of honeypot resources
an awesome list of honeypot resources. Contribute to paralax/awesome-honeypots development by creating an account on GitHub.
github.com
GitHub - clowwindy/Awesome-Networking: A curated list of awesome networking libraries, resources and shiny things
A curated list of awesome networking libraries, resources and shiny things - clowwindy/Awesome-Networking
github.com
GitHub - onlurking/awesome-infosec: A curated list of awesome infosec courses and training resources.
A curated list of awesome infosec courses and training resources. - onlurking/awesome-infosec
github.com
GitHub - rshipp/awesome-malware-analysis: Defund the Police.
Defund the Police. Contribute to rshipp/awesome-malware-analysis development by creating an account on GitHub.
github.com
GitHub - caesar0301/awesome-pcaptools: A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors. - caesar0301/awesome-pcaptools
github.com
GitHub - sbilly/awesome-security: A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security. - sbilly/awesome-security
github.com
GitHub - sindresorhus/awesome: 😎 Awesome lists about all kinds of interesting topics
😎 Awesome lists about all kinds of interesting topics - sindresorhus/awesome
github.com
GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, ...
github.com
GitHub - PaulSec/awesome-sec-talks: A collected list of awesome security talks
A collected list of awesome security talks. Contribute to PaulSec/awesome-sec-talks development by creating an account on GitHub.
github.com