Open in app

Sign in

Write

Sign in

[technical] Pen-testing resources

Dragon Security
22 min readAug 12, 2018

--

Sites/Blogs/Forums/Report Platform

Blogs

Report Platform

Forums

Mailing Lists

Tools — pentest approx

Some Docker-Compose files for vulnerabilities environment

Tools — Encode/Decode

Tools — Crypto

Steganography

hash

MD5

NTLM

LM

SHA1

SHA 256–512

MySQL

WPA-PSK)

Tools — domain name / ip

Tools — XSS

  • XSStrike
  • XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
  • xsschef
  • a Chrome Extension Exploitation Framework
  • mosquito
  • XSS exploitation tool — access victims through HTTP proxy
  • xssfork
  • XSS data receiving platform
  • ezXSS
  • ezXSS is an easy way to test (blind) XSS
  • scanning
  • BruteXSS
  • Cross-Site Scripting Bruteforcer
  • XSSTracer
  • A small python script to check for Cross-Site Tracing
  • fuzzXssPHP
  • Reflective xss scan for PHP version
  • xss_scan
  • Batch scan xss python script
  • autoFindXssAndCsrf
  • A browser plug-in that automates the detection of XSS and CSRF vulnerabilities on the page
  • xss

Tools — Database Scanning, Injection Tool SQLi

  • King of injection tools sqlmap
  • NoSQLMap
  • SQLiScanner
  • A passive SQL injection vulnerability scanning tool based on SQLMAP and Charles
  • DSSS
  • Sql injection vulnerability scanner with 99 lines of code implementation
  • Feigong
  • MySQL injection scripts that change freely for various situations
  • NoSQLAttack
  • An attack tool for mongoDB
  • bbqsql
  • SQL blind use framework
  • PowerUpSQL
  • Powershell scripting framework that attacks SQLSERVER
  • whitewidow
  • Another database scanner
  • mongoaudit
  • MongoDB Auditing and Penetration Tools
  • commix
  • Injection point command execution utilization tool
  • Short for command injection exploiter, web injection command detection tool
  • sqli-hunter
  • Web proxy, real-time detection of sqli by loading sqlmap api

Tools — weak password or information leak scanning

  • awBruter
  • Thousand times speed sentence password blasting tool
  • Cr3dOv3r
  • According to the mailbox to automatically search for leaked password information, you can also test whether the account password can be logged in at major websites.
  • x-crack
  • Weak password scanner, Support: FTP/SSH/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
  • htpwdScan
  • A simple HTTP brute force attack, collision library attack script
  • BBScan
  • A mini information leak batch scan script
  • GitHack
  • .git Folder leak exploit tool
  • BScanner
  • Dictionary-based directory scan gadget
  • Fenghuangscanner_v3
  • Various ports and weak password detection, author wilson9x1, the original address is invalid
  • F-Scrack
  • Script for weak password detection for various services
  • cupp
  • Generate weak password detection dictionary script according to user habits
  • genpAss
  • Weak password generator with Chinese characteristics
  • crack_ssh
  • Go to write the coroutine version of ssh\redis\mongodb weak password cracking tool
  • Comfortable
  • Enter all Internet passport information registered by the user by entering email, phone, username
  • GitPrey
  • GitHub Sensitive Information Scanning Tool
  • gitscan
  • Github information collection, real-time scanning query git latest upload related email account password letter
  • truffleHog
  • GitHub sensitive information scanning tools, including detection commits, etc.
  • GitHarvester
  • Github Repo Information Collection Tool
  • gitleaks
  • Searches full repo history for secrets and keys
  • x-patrol
  • Github leak scanning system
  • pydictor
  • Violent crack dictionary building tool
  • Blasting_dictionary
  • Password dictionary
  • xxe-recursive-download
  • Xxe vulnerability recursive download tool
  • xlog
  • Web log scanning tool

Tools — port scanning, fingerprinting, and middleware scanning

  • Nmap — the king of port scanners — https://svn.nmap.org/
  • anoNmap
  • anoNmap is a port scanner which utilizes Facebook’s XSPA vulnerability to perform anonymous port scans
  • wyportmap
  • Target port scanning + system service fingerprint identification
  • weakfilescan
  • Dynamic multi-threaded sensitive information disclosure detection tool
  • getcms
  • A cms discover recognize tool in python
  • wafw00f
  • WAF product fingerprint recognition
  • wafid
  • Wafid identify and fingerprint Web Application Firewall (WAF) products.
  • sslscan
  • Ssl type identification
  • whatweb
  • Web fingerprinting
  • FingerPrint
  • Web application fingerprint recognition
  • Scan-T
  • Web crawler fingerprint recognition
  • Nscan
  • a fast Network scanner inspired by Masscan and Zmap
  • F-NAScan
  • Network asset information scanning, ICMP survivability detection, port scanning, port fingerprint service identification
  • F-MiddlewareScan
  • Middleware scanning
  • dirsearch
  • Web path scanner
  • bannerscan
  • C segment Banner and path scan
  • RASscan
  • Port service scan
  • bypass_waf
  • Waf automatic break
  • WAFNinja
  • Automation bypasses WAF scripts
  • xcdn
  • Try to find out the real ip behind cdn
  • BingC
  • C-segment/side-station query based on Bing search engine, multi-threading, API support
  • DirBrute
  • Multi-threaded WEB directory blasting tool
  • httpscan
  • A crawler-style network segment web host discovery gadget
  • doom
  • Ip port vulnerability scanner for distributed task distribution on thorn
  • grab.js
  • Fast TCP fingerprint capture parsing tool like zgrab, support more protocols
  • whichCDN
  • CDN identification, detection
  • bcrpscan
  • Reptile-based web path scanner
  • Breacher
  • An admin panel finder script written in python.
  • DirBrute
  • Multi-threaded WEB catalog blasting tool

Tools — Intranet security penetration test

  • VulScritp
  • Enterprise intranet penetration scripts, including banner scanning, port scanning; various general exploits, etc.
  • VulScritp
  • Intranet penetration script
  • network_backdoor_scanner
  • Intranet detection framework based on network traffic
  • WebRtcXSS
  • Automate the use of XSS to invade the intranet
  • mimikatz
  • Windows penetration artifact
  • PowerSploit
  • Powershell infiltration library collection
  • PowerShell
  • Powershell tools合集
  • p0wnedShell
  • PowerShell Runspace Post Exploitation Toolkit
  • hunter
  • Call the Windows API to enumerate user login information
  • LaZagne
  • Native password view extraction tool
  • mimipenguin
  • Linux password grabbing artifact
  • johnny
  • Password cracking tool
  • LaZagne
  • Locally stored various password extraction tools
  • icebreaker
  • A tool for automated attacking Active Directory in an intranet environment
  • Powershell-RAT
  • Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

Tools — Targeted Vulnerability Testing Tool

  • weblogic_unserialize_exploit
  • The weblogic exploit command of the java deserialization vulnerability echoes exp
  • cmsPoc
  • Phpcmsv9.6.0 wap module sql injection to get passwd
  • Icmsv7.0.1 admincp.php sql injection background arbitrary login
  • hackUtils
  • Penetration and web attack scripts
  • Java deserialization exploit tool set
  • ysoserial
  • Java deserialization utility
  • Jenkins
  • Jenkins vulnerability detection, user crawling blasting
  • dzscan
  • Discuz vulnerability scan
  • CMS-Exploit-Framework
  • CMS attack framework
  • IIS_shortname_Scanner
  • IIS short file name vulnerability scan
  • Flash scanner
  • Flashxss scan
  • SSTIF
  • Semi-automated tool for server-side template injection vulnerability
  • tplmap
  • Server-side template injection vulnerability detection and utilization tool
  • dockerscan
  • Docker scanning tool
  • break-fast-serial
  • Detect Java Deserialization Vulnerability Tools with DNS Resolution
  • dirtycow.github.io
  • Dirty cattle empowerment vulnerability exp
  • a2sv
  • Auto Scanning to SSL Vulnerability
  • msdat
  • MSDAT: Microsoft SQL Database Attacking Tool
  • xxegen
  • Xxe online generation utilization tool
  • DSXS
  • Damn Small XSS Scanner (DSXS)
  • a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

Tools — code static scan, code run stack trace

Tools — fuzz

Tools — Exploit and Attack Framework

Tools — Modular Scan, Integrated Scanner

  • nmap-vulners
  • NSE script using some well-known service to provide info on vulnerabilities
  • Adding to Nmap
  • vulners-scanner
  • Vulnerability scanner based on vulners.com audit API https://vulners.com
  • V3n0M-Scanner
  • Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • BlackWidow
  • Web crawler based on Python, used to collect intelligence information of target websites and fuzzing OWASP vulnerabilities
  • w8scan
  • A vulnerability scanner that mimics bugscan
  • whitewidow
  • SQL Vulnerability Scanner
  • CMSmap
  • AngelSword
  • CMS vulnerability detection framework written in Python 3
  • Luna
  • An open source automated web vulnerability scanning tool
  • Zeus-Scanner
  • passive_scan
  • S7scan
  • Striker
  • Xunfeng
  • The patrol is a rapid emergency response and cruise scanning system for enterprise intranets.
  • ZeroExploit
  • Front and rear end combined detection
  • ark
  • Distributed scanning framework
  • ReconDog
  • http://www.arachni-scanner.com
  • http://github.com/Arachni/arachni
  • Web application security scanner framework
  • AZScanner
  • Automatic vulnerability scanner, subdomain blasting, port scanning, directory blasting, common framework vulnerability detection
  • lalascan
  • Distributed web vulnerability scanning framework, collection owasp top10 vulnerability scanning and border asset discovery capabilities
  • BkScanner
  • BkScanner distributed, plug-in web vulnerability scanner
  • GourdScanV2
  • Passive vulnerability scanning
  • pentestdb
  • WEB penetration test database
  • passive_scan
  • Http proxy based web vulnerability scanner
  • Sn1per
  • Automated scanners, including middleware scanning and device fingerprinting
  • pentestEr_Fully-automatic-scanner
  • Directional fully automated penetration testing tool
  • 3xp10it
  • Automated penetration testing framework
  • lcyscan
  • Scanning effect is not verified
  • POC-T
  • Penetration testing plug-in concurrency framework
  • V3n0M-Scanner
  • Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns
  • leakScan
  • Online vulnerability scanning on the web
  • AnyScan
  • In development…
  • Hscan-Win-Gui
  • DorkNet
  • Selenium powered Python script to automate searching for vulnerable web apps.
  • AutoSploit
  • Automated Mass Exploiter
  • w9scan
  • A versatile website vulnerability scanner that draws on the excellent code of your predecessors. Built-in 1200+ plug-in can detect the website once, including but not limited to web fingerprint detection, port fingerprint detection, website structure analysis, various popular vulnerability detection, crawler and SQL injection detection, XSS detection, etc., w9scan will Automatically generate beautiful HTML format result reports.
  • Scanners-Box
  • The toolbox of open source scanners — Security industry practitioners self-developed open source scanners
  • HUNT
  • Identify common parameters vulnerable to certain vulnerability classes

Tools — Shell

  • webshell
  • Cknife
  • Chinese ant sword
  • antSword
  • antSword-shells
  • PyShell
  • Python backdoor
  • PyCmd
  • Python+php+jsp WebShell (a sentence Trojan)
  • Detailed reference: thief.one
  • hackUtils
  • Penetration and web attack scripts
  • phpsploit
  • PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
  • hack_tools_for_me
  • Web penetration gadgets collection
  • p0wnedShell
  • An environment that does not rely on powershell.exe to execute PowerShell script code

Tools — Wireless wifi / IoT

Tools — Enterprise Network Self Test

  • LNScan
  • Detailed internal network information scanner
  • LocalNetworkScanner
  • Local web scanner implemented by javascript
  • Xunfeng
  • Network asset recognition engine, vulnerability detection engine
  • theHarvester
  • Enterprises are indexed by search engines for sensitive asset information monitoring scripts: employee mailboxes, subdomains, and Hosts
  • Multisearch-v2
  • Search engine aggregate search, which can be used to discover sensitive asset information that companies are indexed by search engines.

Tools — EXP writing framework and tools

  • rop-tool
  • Binary EXP authoring tool
  • pwntools
  • CTF Pwn class topic scripting framework
  • uncle
  • an easy-to-use io library for pwning development
  • frida
  • Cross-platform injection tool
  • Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
  • Sickle
  • Shellcode development tool
  • radare2
  • unix-like reverse engineering framework and commandline tools
  • CHAOS
  • CHAOS allow generate payloads and control remote Windows systems.

Tools — MIM & phishing

Tools — Defense

  • Malware analysts and reverse-engineering env
  • REMnux — Based on Debian
  • Webshell detection and virus analysis tools
  • Find_webshell
  • Php backdoor detection, script is simple, so there are problems with high false positives and low efficiency
  • Webshell sample library
  • ScanBackdoor
  • Webshell scanning tool
  • BackdoorMan
  • PHP backdoor scanning
  • findWebshell
  • Another webshell detection tool
  • HaboMalHunter
  • Hubble Analysis System, Linux System Virus Analysis and Security Detection
  • PlagueScanner
  • Integrated Python implementation of ClamAV, ESET, Bitdefender’s anti-virus engine
  • php-malware-finder
  • An efficient PHP-webshell scanning tool
  • PHP-Shell-Detector
  • Webshell detection tool with up to 99% efficiency
  • malwarecage
  • A component for automated malware collection/analysis systems, written in Python 2, supporting REST API
  • x-waf
  • Cloud waf for small and medium enterprises
  • Binary and code analysis tools
  • binwalk
  • binmap
  • System scanner for finding programs and libraries and then collecting their dependencies, links, etc.
  • rp
  • rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn’t support the FAT binaries) x86/x64 binaries.
  • badger
  • Windows Exploit Development工具
  • amoco
  • Binary static analysis tool (python)
  • peda
  • Python Exploit Development Assistance for GDB
  • billgates-botnet-tracker
  • Monitoring tool for BillGates Linux Botnet Trojan activity
  • RATDecoders
  • Trojan configuration parameter extraction tool
  • angr
  • Binary analysis tool written by Shellphish (CTF)
  • pysonar2
  • Static code analysis tool for python
  • shellcheck
  • An automated script analysis tool to give warnings and suggestions
  • andcsufbo
  • Simple Javascript anti-aliasing aid based on AST transformation
  • Waf open source and rules
  • x-waf
  • tx_lua_waf
  • owasp-modsecurity-crs
  • waf-research
  • phpwaf
  • DDOS protection
  • Dshield
  • Database firewall
  • DBShield/
  • Yulong-hids
  • 驭龙HIDS — A host intrusion detection system developed by YSRC

Tools — Mining

Tools — Miscellaneous

Tools — CTF tools

  • Miscellaneous
  • pwndocker
  • vFuckingTools
  • A CTFer tools bag
  • ctf-tools
  • Attacks
  • Bettercap — Framework to perform MITM (Man in the Middle) attacks.
  • Layer 2 attacks — Attack various protocols on layer 2
  • Crypto
  • FeatherDuster — An automated, modular cryptanalysis tool
  • PkCrack — A tool for Breaking PkZip-encryption
  • RSATool — Generate private key with knowledge of p and q
  • XORTool — A tool to analyze multi-byte xor cipher
  • Bruteforcers
  • Hashcat — Password Cracker
  • John The Jumbo — Community enhanced version of John the Ripper
  • John The Ripper — Password Cracker
  • Nozzlr — Nozzlr is a bruteforce framework, trully modular and script-friendly.
  • Ophcrack — Windows password cracker based on rainbow tables.
  • Patator — Patator is a multi-purpose brute-forcer, with a modular design.
  • Exploits
  • DLLInjector — Inject dlls in processes
  • libformatstr — Simplify format string exploitation.
  • Metasploit — Penetration testing software
  • one_gadget — A tool to find the one gadget execve('/bin/sh', NULL, NULL) call
  • gem install one_gadget
  • Pwntools — CTF Framework for writing exploits
  • Qira — QEMU Interactive Runtime Analyzer
  • ROP Gadget — Framework for ROP exploitation
  • V0lt — Security CTF Toolkit
  • Forensics
  • Aircrack-Ng — Crack 802.11 WEP and WPA-PSK keys
  • apt-get install aircrack-ng
  • Audacity — Analyze sound files (mp3, m4a, whatever)
  • apt-get install audacity
  • Bkhive and Samdump2 — Dump SYSTEM and SAM files
  • apt-get install samdump2 bkhive
  • CFF Explorer — PE Editor
  • Creddump — Dump windows credentials
  • DVCS Ripper — Rips web accessible (distributed) version control systems
  • Exif Tool — Read, write and edit file metadata
  • Extundelete — Used for recovering lost data from mountable images
  • Fibratus — Tool for exploration and tracing of the Windows kernel
  • Foremost — Extract particular kind of files using headers
  • apt-get install foremost
  • Fsck.ext4 — Used to fix corrupt filesystems
  • Malzilla — Malware hunting tool
  • NetworkMiner — Network Forensic Analysis Tool
  • PDF Streams Inflater — Find and extract zlib files compressed in PDF files
  • ResourcesExtract — Extract various filetypes from exes
  • Shellbags — Investigate NT_USER.dat files
  • UsbForensics — Contains many tools for usb forensics
  • Volatility — To investigate memory dumps
  • RegistryViewer — Used to view windows registries
  • Windows Registry Viewers — More registry viewers
  • Networking
  • Masscan — Mass IP port scanner, TCP port scanner
  • Nipe — Nipe is a script to make Tor Network your default gateway.
  • Nmap — open source utility for network discovery and security auditing
  • Wireshark — Analyze the network dumps
  • apt-get install wireshark
  • Zmap — an open-source network scanner
  • Reversing
  • Androguard — Reverse engineer Android applications
  • Angr — platform-agnostic binary analysis framework
  • Apk2Gold — Yet another Android decompiler
  • ApkTool — Android Decompiler
  • Barf — Binary Analysis and Reverse engineering Framework
  • Binary Ninja — Binary analysis framework
  • BinUtils — Collection of binary tools
  • BinWalk — Analyze, reverse engineer, and extract firmware images.
  • Boomerang — Decompile x86 binaries to C
  • ctf_import — run basic functions from stripped binaries cross platform
  • GDB — The GNU project debugger
  • GEF — GDB plugin
  • Hopper — Reverse engineering tool (disassembler) for OSX and Linux
  • IDA Pro — Most used Reversing software
  • Jadx — Decompile Android files
  • Java Decompilers — An online decompiler for Java and Android APKs
  • Krakatau — Java decompiler and disassembler
  • PEDA — GDB plugin (only python2.7)
  • Plasma — An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
  • Pwndbg — A GDB plugin that provides a suite of utilities to hack around GDB easily.
  • radare2 — A portable reversing framework
  • Uncompyle — Decompile Python 2.7 binaries (.pyc)
  • WinDbg — Windows debugger distributed by Microsoft
  • Z3 — a theorem prover from Microsoft Research
  • Detox — A Javascript malware analysis tool
  • Revelo — Analyze obfuscated Javascript code
  • RABCDAsm — Collection of utilities including an ActionScript 3 assembler/disassembler.
  • Swftools — Collection of utilities to work with SWF files
  • Xxxswf — A Python script for analyzing Flash files.
  • Services
  • CSWSH — Cross-Site WebSocket Hijacking Tester
  • Request Bin — Lets you inspect http requests to a particular url
  • Steganography
  • Convert — Convert images b/w formats and apply filters
  • Exif — Shows EXIF information in JPEG files
  • Exiftool — Read and write meta information in files
  • Exiv2 — Image metadata manipulation tool
  • ImageMagick — Tool for manipulating images
  • Outguess — Universal steganographic tool
  • Pngtools — For various analysis related to PNGs
  • apt-get install pngtools
  • SmartDeblur — Used to deblur and fix defocused images
  • Steganabara — Tool for stegano analysis written in Java
  • Stegbreak — Launches brute-force dictionary attacks on JPG image
  • Steghide — Hide data in various kind of images
  • Stegsolve — Apply various steganography techniques to images
  • Web
  • Commix — Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar — Firefox addon for easy web exploitation
  • OWASP ZAP — Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman — Add on for chrome for debugging network requests
  • SQLMap — Automatic SQL injection and database takeover tooli
  • W3af — Web Application Attack and Audit Framework.
  • XSSer — Automated XSS testor
  • WhatWaf

Learning — Web application pentesting

  • Prerequisites:
  • Usage of
  • Burp
  • nikto
  • Openvas
  • SQLMap
  • Netcat
  • Dirbuster/ wfuzz
  • Hydra
  • Kewl
  • Wp-scan
  • dig
  • Knowledge of
  • HTTP protocol and HTTP Methods (GET, POST, OPTIONS, PUT, TRACE)
  • DNS
  • CGI
  • Web session management
  • Cookies and their parameters
  • Concepts of XSS (reflected, stored, DOM based), CSRF, SQLi, Remote/Local File Inclusion, Direct Object Reference, Forceful Browsing, Log Poisoning
  • Latest/common web application vulnerabilities (e.g. vulnerabilities in WordPress, XAMPP, etc.)
  • Heartbleed & ShellShock

sites

Learning — Binary and memory exploitation

Learning — Windows and Linux Privilege Escalation

Learning — Miscellaneous

Wargrames/CTFs/VulEnvApp

WriteUps

Miscellaneous

course

Security
Penetration Testing
Hacker
Pentesting
Information Security

--

--

Dragon Security

Written by Dragon Security

265 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams