Skip to content

Latest commit

 

History

History
76 lines (58 loc) · 3.05 KB

README.md

File metadata and controls

76 lines (58 loc) · 3.05 KB

Vulnerability/Network Scanners

Nmap

https://nmap.org/
Free
The Swiss Army Knife to do everything. NSE Scripts are very cool

Nessus Professional

https://www.tenable.com/products/nessus-vulnerability-scanner
$2,000/year for unlimited scanning. Free Trial
Or there is a free fork of it call OpenVAS - http://www.openvas.org/

Burp Suite

https://portswigger.net/burp/
$350/year for Pro. Also have free version.
Best web application tool out there for the money. Can allow you to do just about everything you would want to do to test a web application.

Metasploit

https://www.metasploit.com/
https://github.com/rapid7/metasploit-framework
Free
Scanner, exploiter, and great tool for network penetration test. The site will push you towards the pro edition. The Metasploit Framework is what you want and can be installed via Penetration Test Framework tools (below)

Training

OSCP

https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/
$1,000 for course and 60 days of labs
Best training class you can take for the money. The material is great (and you get get to keep it forever) and the labs are great places to learn how to enumerate, how to xploit, how to priv esc, etc.

Pentester Lab

https://pentesterlab.com/pro
$25/month or $200/year
Great labs to play around in, learn web app skills along with netpen stuff.

Web Application Hacker's Handbook

https://www.amazon.com/dp/1118026470/ref=cm_sw_r_cp_dp_T2_d6DGzbC3D2QX5
A little date but a great reference material for web app testing

News

SANS GPWN List

https://lists.sans.org/mailman/listinfo/gpwn-list
Best source for new problems real-world pentesters are running into

Twitter Security People

https://techbeacon.com/top-25-infosec-appsec-leaders-follow-twitter Some of the best sources for new attacks, techniques, etc. come from the security people on Twitter. Follow them. Follow the people they retweet and you will learn a lot.

Tools and Learning

JBoss Shells

https://blog.netspi.com/hacking-with-jsp-shells/

Kali Linux

https://www.kali.org/
Linux distro with lots of security testing tools installed. If you'd rather add securtiy tools to your existing Linux install you can use... -> PTF

Penetration Test Framework

https://github.com/trustedsec/ptf
Use to install pentest tools on existing Linux distro

BloodHound

https://github.com/BloodHoundAD/BloodHound
Tool to query AD and map out the relationships between computers, users, and privileged users. Can create an attack plan for your pivots.

Responder

https://github.com/SpiderLabs/Responder
NBT-NS and LLMR DNS poisoner to grab AD user password hashes from the wire

PowerShell Empire

https://www.powershellempire.com/
Post-exploitation agent with tons of modules to help you pass-the-hash, escalate privileges, drop cached credentials, etc.

Aircrack-ng

https://www.aircrack-ng.org/
Suite of tools to put your (supported) wireless card in monitor mode, sniff the wireless traffic, capture the SSID, and crack the PSK.