Helpful stuff

Меню:

Swiss-knife OS

  • Kali Linux представляет из себя дистрибутив, содержащий множество утилит для проведения тестирования на проникновение: от анализа уязвимостей веб-приложений, до взлома сетей и сервисов и закрепления в системе.
  • BackBox is more than an operating system, it is a Free Open Source Community project with the aim to promote the culture of security in IT environment and give its contribute to make it better and safer. All this using exclusively Free Open Source Software by demonstrating the potential and power of the community.
  • PentestBox не похож на другие security-дистрибутивы, которые работают на виртуальных машинах. Это архив с программами под Windows. Качаем, распаковывем и работаем.

Exploits

  • The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

Seach engines

  • Vulners - это очень большая и непрерывно обновляемая база данных ИБ-контента. Сайт позволяет искать уязвимости, эксплоиты, патчи, результаты bug bounty так же, как обычный поисковик ищет сайты. тут тоже очень круто про него написано
  • Shodan is the world’s first search engine for Internet-connected devices.
  • Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet.
  • GrayHatWarfare. Public buckets.
  • GreyNoise Visualizer

OSINT

  • OSINT tools list. On this page you’ll find tools which you can help do your OSINT reseach.

All in one tools

  • Sn1per - is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities

Git

  • Git Magic - это лучший, по моему мнению, учебник по контролю версий git
  • GitLab - бесплатный и хороший сервис контроля версий с pages, pipeline, CI, wiki и прочими ништяками

Traffic

  • Mitmproxy an interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. Написана на пятоне и, соответвенно, хорошо, что позволяет вертеть ее как угодно :)

Security Tools

  • Burp Suite, the leading toolkit for web application security testing
  • OWASP Zed Attack Proxy(ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

Mobile Android

  • Find Security Bugs for security audits of Java web applications.
  • Drozer Comprehensive security and attack framework for Android.
  • Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

Mobile iOS

  • Needle The iOS Security Testing Framework.

Metasplot (да, в отдельной категории, так как божественная штука:)

  • Metasplot World’s most used penetration testing software
  • Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
  • Metasploit Unleashed by Offensive Security The ultimate guide to the Metasploit Framework

WiFi

  • bettercap is the Swiss army knife for network attacks and monitoring.
  • WiFi arsenal is a pack of various usefull/useless tools for 802.11 hacking.

SS7

  • SS7 tools and scripts

XSS, SQLi, etc..

Hash crackers and Wordlist`s

  • Various Online Password Crackers Just a list of online (mostly) md5 crackers but some with do others.
  • HashKiller’s purpose is to serve as a meeting place for computer hobbyists, security researchers and penetration testers. It serves as a central location to promote greater security on the internet by demonstrating the weakness of using hash based storage / authentication.
  • GPUHASH.me - online WPA/WPA2 hash cracker.
  • xsrc.ru - Восстановление паролей от Wi-Fi из хендшейка
  • Wordlists sorted by probability originally created for password generation and testing

Some cool online stores

  • Hakshop the premiere store of Hak5. Home to exclusive hacking equipment, award winning media and immersive information security training.
  • Great Scott Gadgets open source hardware for innovative people