Penetration Testing Resources

These tools are meant for training and education. They should never be used against any system other than your own.

Working notes and resources.

Below are some of the tools and training resources for application security testing, and penetration testing.

Searchsploit

Metasploit

Responder SQSH

Burp

Nikto

SQLMap

Enum4linux

The Bug Bounty Methodology

Fcrackzip

Arachne

Recon

Web App Hackers Handbook

Pentesters Lab

Jason Stok

Follow hackers on platforms

Nuclei project discovery

Bug Crown OWASP Amass

Whoxy.com reverse whois

Subfinder

OWASR Swapp

NMAP

Command Execution Cheat Sheet

Burpsuite Community Editor

DIRB Gobuster

Hydra

OWASP ZAP

Crackstation for Hash

Netcat

Cewl wordlist

Terminator Terminal

Exploits thegreycorner.com

Vulserver

Debugger

Immunity Server (mona.py add on)

Pattern Create (fuzzing)

Free Float FTP server

Hexchars.py

ZenMap

MSF Venom

SOCAT

Hack The Box

Wireshark web page collection

alien vault

maltego https://www.maltego.com/

netflow network traffic monitoring https://www.solarwinds.com/netflow-traffic-analyzer

Free Open Ghost FOG https://fogproject.org/

TCP Tracert

HPING3 https://tools.kali.org/information-gathering/hping3

Kali Linux

Netzapper Cracking https://github.com/NetZapper/NetZapper

Acunetix Web Vulnerability Scanner https://www.acunetix.com/web-vulnerability-scanner/?creative=263672172919&keyword=%2Bacunetix%20%2Bscanner&matchtype=b&network=g&device=c&utm_term=%2Bacunetix%20%2Bscanner&utm_campaign=1077471739&utm_content=55423370089&utm_source=Adwords&utm_medium=cpc&gclid=EAIaIQobChMI2_ur5_mK7QIVhLLICh1NAAhSEAAYASAAEgIMAPD_BwE

XAMPP Server https://www.apachefriends.org/index.html

WebShell Hunter NEOPI http://antishell.com/

Host Mutillidae in XAMPP Server/LAMPP https://github.com/webpwnized/mutillidae

https://vyos.io Quagga

ISC DHCPD https://www.isc.org/dhcp/

Open VPN https://openvpn.net/

Strongs/WAN vyos/vyos https://www.strongswan.org/

Wireless Monitor Mode

Fern Wifi Cracker http://www.fern-pro.com/download

Wifite (both need dictionary) https://github.com/derv82/wifite2

WAF https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/

Akama https://www.akamai.com/us/en/resources/web-application-firewall.jsp

F5 https://www.f5.com/

Imperva https://www.imperva.com/

Cloudflare https://www.cloudflare.com/

citrix https://www.citrix.com/

Fortinet https://www.fortinet.com/

Barracuda https://www.barracuda.com/

F5 App Security Self Learning and signatures

Sniper auto pentester sn1https://github.com/1N3/Sn1per per

bounty along with Yuki https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest

IP Tables Firewall

Neopi.py

Password Cracking Hydra https://github.com/vanhauser-thc/thc-hydra and Medusa https://www.darknet.org.uk/2006/05/medusa-password-cracker-version-11-now-available-for-download/

Wafwook

The Havester https://github.com/laramies/theHarvester

NIRTO

Netzapper password cracker https://github.com/NetZapper/NetZapper

takl.com/partnerships

pipl.com https://pipl.com/

anywho.com https://www.anywho.com/

peoplefinder.com https://www.peoplefinder.com/

Analytical Driven https://www.crunchbase.com/organization/analytically-driven

Maltego https://www.maltego.com/

Cuckoo Sandbox https://cuckoosandbox.org/

Intelligence Driven Yara https://virustotal.github.io/yara/

botscout botscout.com

Situational Driven AI Engine Yeti https://www.crunchbase.com/organization/yeti-ai

OWASP ZAP Zed Attack Program

Dmitry (Deepmagic Information Gathering Tool)Maltego https://www.maltego.com/blog/network-footprinting-with-machines-in-maltego/

Whois.com

network-tools.com

MSF Venom (Payload, Encode, Console) https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom

/etc/ssh/sshd_config

Permit Root Login no

Sparta (Info Gathering, Brute Force, Scan) https://github.com/SECFORCE/sparta

VeilMaster https://github.com/Veil-Framework/Veil

Vyos https://www.vyos.io/

Burp (Proxy, Spider, Scanner) https://portswigger.net/burp/documentation/scanner

Armitage https://tools.kali.org/exploitation-tools/armitage

Metagoofil https://github.com/laramies/metagoofil

Masscan https://tools.kali.org/information-gathering/masscan

Hydra

Medusa

D-TECT-1 github https://github.com/hudacbr/D-TECT

www.vulnweb.com http://testphp.vulnweb.com/

www.netcraft.com https://www.netcraft.com/

yougetsignal.com https://www.yougetsignal.com/

www.builtwith.com https://builtwith.com/

wireshark

inurl:php?ide

intext:harley-davidson-for-sale

inurl:viewcart-php-autologin

Google Hacking Database https://www.exploit-db.com/google-hacking-database

get facl accounts

Nessus https://www.tenable.com/products/nessus

Nikto https://github.com/sullo/nikto

Open VAS https://www.openvas.org/

Nexpose https://www.rapid7.com/products/nexpose/

Zenmap NMAP https://nmap.org/zenmap/

Sublist3r https://github.com/aboul3la/Sublist3r

Maltego Netdiscover Meterpreter Metasploit https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/

Vuln OS V2 Virtual Box Image Kali OVF DVW

Open VAS Nessus

Burp Suite Web Goat

How to get webgoat running in Kali

vulnweb.com Zirikatu https://github.com/pasahitz/zirikatu

dependency mono-mcs https://installlion.com/kali/kali/main/m/mono-mcs/install/index.html

download TOR browser & .onion sites (facebook/hidden wiki)

; cat /etc/passwd

instaflex

Netdiscover Sparta Recon-NG Veil Master Veil Evasion

vyos iso user vyos/vyos

ZAP Dmitry dig man dig

Armitage (gui) MSF Venom Open SSH Tulpar

Web Vul Scanner Metagoofil https://tools.kali.org/information-gathering/metagoofil#:~:text=Metagoofil%20is%20an%20information%20gathering,belonging%20to%20a%20target%20company.

D-Tect xss vul/sql injection Sparta

HT Track Tool Ethereal Burp Webgoat

vulnweb.com

Wireless Adapter Alfa AWUS036NHA USB Adapter

yuki chan github

Metasploit

Zahraikin

FatRat

OSSTMM

osstmm - isecom

www.isecom.org › OSSTMM.3.pdf

zap/ZED

PCI DSS Pen Testing Guide

Penetration Testing Guidance - PCI Security Standards Council

www.pcisecuritystandards.org › documents › Penetratio...

PDF

Threat Hunting EDR/MDR/MSSP/IOC/UEBA

API Security

DVWA.iso https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/

https://github.com/digininja/DVWA

Google Dorks

Netcraft Maltego

yuki-chan pen testing tool/integrated in OSINT

git clone https://docs.github.com/en/free-pro-team@latest/github/creating-cloning-and-archiving-repositories/cloning-a-repository

wafninja https://github.com/khalilbijjou/WAFNinja Hydra FTP password cracker

https://tools.kali.org/password-attacks/hydra

choicescript https://github.com/mrsonord/choicescript

locky password generator https://github.com/s0md3v/Locky

Pycharm https://www.jetbrains.com/pycharm/

Openpyx/ https://pypi.org/project/openpyxl/

Numpy https://numpy.org/

Pandas https://pandas.pydata.org/

Matplotlib https://matplotlib.org/

Sci Kit Learn https://scikit-learn.org/stable/

Jupyter editor https://jupyter.org/

Anaconda https://www.anaconda.com/products/individual

Kaggle.com data set https://www.kaggle.com/datasets

Djangoproject.com https://www.djangoproject.com/

Python help & docs https://docs.python.org/3/

https://www.python.org/doc/

https://docs.python.org/3/tutorial/