Helpful stuff

Меню:

DC20e6 Tools & etc

Git

  • Git Magic - это лучший, по моему мнению, учебник по контролю версий git
  • GitLab - бесплатный и хороший сервис контроля версий с pages, pipeline, CI, wiki и прочими ништяками
  • dvcs-ripper Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, …
  • Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories.

All in one tools & checkers

  • KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
  • Sn1per - is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities
  • WPScan WordPress Vulnerability Scanner
  • JoomScan OWASP Joomla Vulnerability Scanner Project

Exploits

  • The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
  • 0day.today is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals

Seach engines

  • Vulners - это очень большая и непрерывно обновляемая база данных ИБ-контента. Сайт позволяет искать уязвимости, эксплоиты, патчи, результаты bug bounty так же, как обычный поисковик ищет сайты. тут тоже очень круто про него написано
  • Shodan is the world’s first search engine for Internet-connected devices.
  • Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet.
  • GrayHatWarfare. Public buckets.
  • GreyNoise Visualizer

Metasplot

  • Metasplot World’s most used penetration testing software
  • Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
  • Metasploit Unleashed by Offensive Security The ultimate guide to the Metasploit Framework

Security Tools

  • Burp Suite, the leading toolkit for web application security testing
  • OWASP Zed Attack Proxy(ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

OSINT

  • OSINT tools list. On this page you’ll find tools which you can help do your OSINT reseach.
  • search.buzz.im — поиск в публичных каналах, группах. Покажет публичные сообщения пользователя
  • lyzem.com — поисковик аналогичный buzzim
  • Telegago — поиск в приватных и публичных каналов, группах, а так же в Telegraph статьях
  • HowToFind Bot Бот помощник по поиску в сфере OSINT. Подскажет техники и ресурсы.

Hash crackers and Wordlist`s

  • Various Online Password Crackers Just a list of online (mostly) md5 crackers but some with do others.
  • HashKiller’s purpose is to serve as a meeting place for computer hobbyists, security researchers and penetration testers. It serves as a central location to promote greater security on the internet by demonstrating the weakness of using hash based storage / authentication.
  • GPUHASH.me - online WPA/WPA2 hash cracker.
  • xsrc.ru - Восстановление паролей от Wi-Fi из хендшейка
  • Wordlists sorted by probability originally created for password generation and testing

Network

  • bettercap is the Swiss army knife for network attacks and monitoring.
  • Mitmproxy an interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. Написана на пятоне и, соответвенно, хорошо, что позволяет вертеть ее как угодно :)

Mobile Android

  • Find Security Bugs for security audits of Java web applications.
  • Drozer Comprehensive security and attack framework for Android.
  • Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

Mobile iOS

  • Needle The iOS Security Testing Framework.

WiFi

  • WiFi arsenal is a pack of various usefull/useless tools for 802.11 hacking.

SS7

  • SS7 tools and scripts

XSS, SQLi, etc..

Swiss-knife OS

  • Kali Linux представляет из себя дистрибутив, содержащий множество утилит для проведения тестирования на проникновение: от анализа уязвимостей веб-приложений, до взлома сетей и сервисов и закрепления в системе.
  • BackBox is more than an operating system, it is a Free Open Source Community project with the aim to promote the culture of security in IT environment and give its contribute to make it better and safer. All this using exclusively Free Open Source Software by demonstrating the potential and power of the community.
  • PentestBox не похож на другие security-дистрибутивы, которые работают на виртуальных машинах. Это архив с программами под Windows. Качаем, распаковывем и работаем.

Some cool online stores

  • Hakshop the premiere store of Hak5. Home to exclusive hacking equipment, award winning media and immersive information security training.
  • Great Scott Gadgets open source hardware for innovative people