Skip to content

Latest commit

 

History

History
722 lines (628 loc) · 32.1 KB

Bookmarklist.md

File metadata and controls

722 lines (628 loc) · 32.1 KB

#summary Bookmarks List = Hacker Media =

== Blogs Worth It: == What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.

* http://carnal0wnage.blogspot.com/
* http://www.mcgrewsecurity.com/
* http://www.gnucitizen.org/blog/
* http://www.darknet.org.uk/
* http://spylogic.net/
* http://taosecurity.blogspot.com/
* http://www.room362.com/
* http://blog.sipvicious.org/
* http://blog.portswigger.net/
* http://pentestmonkey.net/blog/
* http://jeremiahgrossman.blogspot.com/
* http://i8jesus.com/
* http://blog.c22.cc/
* http://www.skullsecurity.org/blog/
* http://blog.metasploit.com/
* http://www.darkoperator.com/
* http://blog.skeptikal.org/
* http://preachsecurity.blogspot.com/
* http://www.tssci-security.com/
* http://www.gdssecurity.com/l/b/
* http://websec.wordpress.com/
* http://bernardodamele.blogspot.com/
* http://laramies.blogspot.com/
* http://www.spylogic.net/
* http://blog.andlabs.org/
* http://xs-sniper.com/blog/
* http://www.commonexploits.com/
* http://www.sensepost.com/blog/
* http://wepma.blogspot.com/
* http://exploit.co.il/
* http://securityreliks.wordpress.com/
* http://www.madirish.net/index.html
* http://sirdarckcat.blogspot.com/
* http://reusablesec.blogspot.com/
* http://myne-us.blogspot.com/
* http://www.notsosecure.com/
* http://blog.spiderlabs.com/
* http://www.corelan.be/
* http://www.digininja.org/
* http://www.pauldotcom.com/
* http://www.attackvector.org/
* http://deviating.net/
* http://www.alphaonelabs.com/
* http://www.smashingpasswords.com/
* http://wirewatcher.wordpress.com/
* http://gynvael.coldwind.pl/
* http://www.nullthreat.net/
* http://www.question-defense.com/
* http://archangelamael.blogspot.com/
* http://memset.wordpress.com/
* http://sickness.tor.hu/
* http://punter-infosec.com/
* http://www.securityninja.co.uk/
* http://securityandrisk.blogspot.com/
* http://esploit.blogspot.com/
* http://www.pentestit.com/

== Forums: ==

Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.

* http://sla.ckers.org/forum/index.php
* http://www.ethicalhacker.net/
* http://www.backtrack-linux.org/forums/
* http://www.elitehackers.info/forums/
* http://www.hackthissite.org/forums/index.php
* http://securityoverride.com/forum/index.php
* http://www.iexploit.org/
* http://bright-shadows.net/
* http://www.governmentsecurity.org/forum/
* http://forum.intern0t.net/

== Magazines: ==

* http://www.net-security.org/insecuremag.php
* http://hakin9.org/

== Video: ==

* http://www.hackernews.com/
* http://www.securitytube.net/
* http://www.irongeek.com/i.php?page=videos/aide-winter-2011
* http://avondale.good.net/dl/bd/
* http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
* http://www.youtube.com/user/ChRiStIaAn008
* http://www.youtube.com/user/HackingCons

= Methodologies: =


= OSINT =

== Presentations: ==

* http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
* http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
* http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
* http://www.slideshare.net/Laramies/tactical-information-gathering
* http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
* http://infond.blogspot.com/2010/05/toturial-footprinting.html

== People and Organizational: ==

* http://www.spokeo.com/
* http://www.123people.com/
* http://www.xing.com/
* http://www.zoominfo.com/search
* http://pipl.com/
* http://www.zabasearch.com/
* http://www.searchbug.com/default.aspx
* http://theultimates.com/
* http://skipease.com/
* http://addictomatic.com/
* http://socialmention.com/
* http://entitycube.research.microsoft.com/
* http://www.yasni.com/
* http://tweepz.com/
* http://tweepsearch.com/
* http://www.glassdoor.com/index.htm
* http://www.jigsaw.com/
* http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
* http://www.tineye.com/
* http://www.peekyou.com/
* http://picfog.com/
* http://twapperkeeper.com/index.php

== Infrastructure: ==

* http://uptime.netcraft.com/
* http://www.serversniff.net/
* http://www.domaintools.com/
* http://centralops.net/co/
* http://hackerfantastic.com/
* http://whois.webhosting.info/
* https://www.ssllabs.com/ssldb/analyze.html
* http://www.clez.net/
* http://www.my-ip-neighbors.com/
* http://www.shodanhq.com/
* http://www.exploit-db.com/google-dorks/
* http://www.hackersforcharity.org/ghdb/

= Exploits and Advisories: =


= Cheatsheets and Syntax: =

== Agile Hacking: ==

* http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
* http://blog.commandlinekungfu.com/
* http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
* http://isc.sans.edu/diary.html?storyid=2376
* http://isc.sans.edu/diary.html?storyid=1229
* http://ss64.com/nt/
* http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
* http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
* http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
* http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
* http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
* http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
* http://www.pentesterscripting.com/
* http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
* http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

== OS and Scripts: ==

* http://en.wikipedia.org/wiki/IPv4_subnetting_reference
* http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
* http://shelldorado.com/shelltips/beginner.html
* http://www.linuxsurvival.com/
* http://mywiki.wooledge.org/BashPitfalls
* http://rubular.com/
* http://www.iana.org/assignments/port-numbers
* http://www.robvanderwoude.com/ntadmincommands.php
* http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

== Tools: ==

* http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
* http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
* http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
* http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
* http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
* http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
* http://h.ackack.net/cheat-sheets/netcat

= Distros: =


= Labs: = == ISOs and VMs: ==

* http://sourceforge.net/projects/websecuritydojo/
* http://code.google.com/p/owaspbwa/wiki/ProjectSummary
* http://heorot.net/livecds/
* http://informatica.uv.es/~carlos/docencia/netinvm/
* http://www.bonsai-sec.com/en/research/moth.php
* http://blog.metasploit.com/2010/05/introducing-metasploitable.html
* http://pynstrom.net/holynix.php
* http://gnacktrack.co.uk/download.php
* http://sourceforge.net/projects/lampsecurity/files/
* https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
* http://sourceforge.net/projects/virtualhacking/files/
* http://www.badstore.net/
* http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
* http://www.dvwa.co.uk/
* http://sourceforge.net/projects/thebutterflytmp/

== Vulnerable Software: ==

* http://www.oldapps.com/
* http://www.oldversion.com/
* http://www.exploit-db.com/webapps/
* http://code.google.com/p/wavsep/downloads/list
* http://www.owasp.org/index.php/Owasp_SiteGenerator
* http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
* http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
* http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
* http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

== Test Sites: ==

* http://www.webscantest.com/
* http://crackme.cenzic.com/Kelev/view/home.php
* http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
* http://testaspnet.vulnweb.com/
* http://testasp.vulnweb.com/
* http://testphp.vulnweb.com/
* http://demo.testfire.net/
* http://hackme.ntobjectives.com/

= Exploitation Intro: =

If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.


= Reverse Engineering & Malware: =


= Passwords and Hashes: =

== Wordlists: == * http://contest.korelogic.com/wordlists.html * http://packetstormsecurity.org/Crackers/wordlists/ * http://www.skullsecurity.org/wiki/index.php/Passwords * http://www.ericheitzman.com/passwd/passwords/

= MiTM: =


= Tools: = == OSINT: == * http://www.edge-security.com/theHarvester.php * http://www.mavetju.org/unix/dnstracer-man.php * http://www.paterva.com/web5/ === Metadata: === * http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974 * http://lcamtuf.coredump.cx/strikeout/ * http://www.sno.phy.queensu.ca/~phil/exiftool/ * http://www.edge-security.com/metagoofil.php * http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

== Google Hacking: == * http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ * http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads * http://sqid.rubyforge.org/#next * http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

== Web: == * http://www.bindshell.net/tools/beef * http://blindelephant.sourceforge.net/ * http://xsser.sourceforge.net/ * http://sourceforge.net/projects/rips-scanner/ * http://www.divineinvasion.net/authforce/ * http://andlabs.org/tools.html#sotf * http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf * http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html * http://code.google.com/p/pinata-csrf-tool/ * http://xsser.sourceforge.net/#intro * http://www.contextis.co.uk/resources/tools/clickjacking-tool/ * http://packetstormsecurity.org/files/view/69896/unicode-fun.txt * http://sourceforge.net/projects/ws-attacker/files/ * https://github.com/koto/squid-imposter == Attack Strings: == * http://code.google.com/p/fuzzdb/ * http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements == Shells: == * http://sourceforge.net/projects/yokoso/ * http://sourceforge.net/projects/ajaxshell/ == Scanners: == * http://w3af.sourceforge.net/ * http://code.google.com/p/skipfish/ * http://sqlmap.sourceforge.net/ * http://sqid.rubyforge.org/#next * http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt * http://code.google.com/p/fimap/wiki/WindowsAttack * http://code.google.com/p/fm-fsf/ == Proxies: == === Burp: === * http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214 * http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/ * http://sourceforge.net/projects/belch/files/ * http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools * http://blog.ombrepixel.com/ * http://andlabs.org/tools.html#dser * http://feoh.tistory.com/22 * http://www.sensepost.com/labs/tools/pentest/reduh * http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project * http://intrepidusgroup.com/insight/mallory/ * http://www.fiddler2.com/fiddler2/ * http://websecuritytool.codeplex.com/documentation?referringTitle=Home * http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

== Social Engineering: == * http://www.secmaniac.com/

== Password: == * http://nmap.org/ncrack/ * http://www.foofus.net/~jmk/medusa/medusa.html * http://www.openwall.com/john/ * http://ophcrack.sourceforge.net/ * http://blog.0x3f.net/tool/keimpx-in-action/ * http://code.google.com/p/keimpx/ * http://sourceforge.net/projects/hashkill/

== Metasploit: ==

* http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
* http://code.google.com/p/msf-hack/wiki/WmapNikto
* http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
* http://seclists.org/metasploit/
* http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
* http://meterpreter.illegalguy.hostzi.com/
* http://blog.metasploit.com/2010/03/automating-metasploit-console.html
* http://www.workrobot.com/sansfire2009/561.html
* http://www.securitytube.net/video/711
* http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
* http://vimeo.com/16852783
* http://milo2012.wordpress.com/2009/09/27/xlsinjector/
* http://www.fastandeasyhacking.com/
* http://trac.happypacket.net/
* http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
* http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

=== MSF Exploits or Easy: ===

  * http://www.nessus.org/plugins/index.php?view=single&id=12204
  * http://www.nessus.org/plugins/index.php?view=single&id=11413
  * http://www.nessus.org/plugins/index.php?view=single&id=18021
  * http://www.nessus.org/plugins/index.php?view=single&id=26918
  * http://www.nessus.org/plugins/index.php?view=single&id=34821
  * http://www.nessus.org/plugins/index.php?view=single&id=22194
  * http://www.nessus.org/plugins/index.php?view=single&id=34476
  * http://www.nessus.org/plugins/index.php?view=single&id=25168
  * http://www.nessus.org/plugins/index.php?view=single&id=19408
  * http://www.nessus.org/plugins/index.php?view=single&id=21564
  * http://www.nessus.org/plugins/index.php?view=single&id=10862
  * http://www.nessus.org/plugins/index.php?view=single&id=26925
  * http://www.nessus.org/plugins/index.php?view=single&id=29314
  * http://www.nessus.org/plugins/index.php?view=single&id=23643
  * http://www.nessus.org/plugins/index.php?view=single&id=12052
  * http://www.nessus.org/plugins/index.php?view=single&id=12052
  * http://www.nessus.org/plugins/index.php?view=single&id=34477
  * http://www.nessus.org/plugins/index.php?view=single&id=15962
  * http://www.nessus.org/plugins/index.php?view=single&id=42106
  * http://www.nessus.org/plugins/index.php?view=single&id=15456
  * http://www.nessus.org/plugins/index.php?view=single&id=21689
  * http://www.nessus.org/plugins/index.php?view=single&id=12205
  * http://www.nessus.org/plugins/index.php?view=single&id=22182
  * http://www.nessus.org/plugins/index.php?view=single&id=26919
  * http://www.nessus.org/plugins/index.php?view=single&id=26921
  * http://www.nessus.org/plugins/index.php?view=single&id=21696
  * http://www.nessus.org/plugins/index.php?view=single&id=40887
  * http://www.nessus.org/plugins/index.php?view=single&id=10404
  * http://www.nessus.org/plugins/index.php?view=single&id=18027
  * http://www.nessus.org/plugins/index.php?view=single&id=19402
  * http://www.nessus.org/plugins/index.php?view=single&id=11790
  * http://www.nessus.org/plugins/index.php?view=single&id=12209
  * http://www.nessus.org/plugins/index.php?view=single&id=10673

== NSE: ==

* http://www.securitytube.net/video/931
* http://nmap.org/nsedoc/

== Net Scanners and Scripts: ==

* http://nmap.org/
* http://asturio.gmxhome.de/software/sambascan2/i.html
* http://www.softperfect.com/products/networkscanner/
* http://www.openvas.org/
* http://tenable.com/products/nessus
* http://www.rapid7.com/vulnerability-scanner.jsp
* http://www.eeye.com/products/retina/community

== Post Exploitation: ==

* http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
* http://www.phx2600.org/archive/2008/08/29/metacab/
* http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

== Netcat: ==

* http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
* http://www.radarhack.com/tutorial/ads.pdf
* http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
* http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
* http://www.dest-unreach.org/socat/
* http://www.antionline.com/archive/index.php/t-230603.html
* http://technotales.wordpress.com/2009/06/14/netcat-tricks/
* http://seclists.org/nmap-dev/2009/q1/581
* http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
* http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
* http://gse-compliance.blogspot.com/2008/07/netcat.html

== Source Inspection: ==

* http://www.justanotherhacker.com/projects/graudit.html
* http://code.google.com/p/javasnoop/

== Firefox Addons: ==

* https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
* https://addons.mozilla.org/en-US/firefox/addon/osvdb/
* https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
* https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
* https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
* https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
* https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
* https://addons.mozilla.org/en-US/firefox/addon/hackbar/

== Tool Listings: ==

* http://packetstormsecurity.org/files/tags/tool
* http://tools.securitytube.net/index.php?title=Main_Page

= Training/Classes: = == Sec/Hacking: ==

== Metasploit: ==

== Programming: == === Python: ===

* http://code.google.com/edu/languages/google-python-class/index.html
* http://www.swaroopch.com/notes/Python_en:Table_of_Contents
* http://www.thenewboston.com/?cat=40&pOpen=tutorial
* http://showmedo.com/videotutorials/python
* http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/

=== Ruby: ===

* http://www.tekniqal.com/

== Other Misc: ==


= Web Vectors = == SQLi: ==

== Upload Tricks: ==

== LFI/RFI: ==

== XSS: ==

== Coldfusion: ==

== Sharepoint: ==

== Lotus: ==

== JBoss: ==

== VMWare Web: ==

== Oracle App Servers: ==

== SAP: ==


= Wireless: =


= Capture the Flag/Wargames: =


= Conferences: =


= Misc/Unsorted: =