A bookmark index of useful tools, articles and cheat-sheets useful for various types of projects.
- PHP File Inclusion tips https://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
- Using PHP filter:// for LFI: https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
- PHP RFI using data:// : https://www.idontplaydarts.com/2011/03/php-remote-file-inclusion-command-shell-using-data-stream/
- Preventing XXE in PHP https://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
- Practical PHP object injection https://www.insomniasec.com/downloads/publications/Practical%20PHP%20Object%20Injection.pdf
- https://github.com/frohoff/ysoserial PoC generator for unsafe deserialization vulns
- https://github.com/matthiaskaiser/jmet Java Message Exploitation Tool
- https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
- http://www.mcafee.com/us/resources/white-papers/foundstone/wp-pentesters-guide-hacking-activemq-jms-applications.pdf
- https://github.com/OpenSecurityResearch/jmsdigger
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true Java UnMarshal bugs
- https://github.com/pyn3rd/Spring-Boot-Vulnerability Multiple Spring RCE bugs in summary
RUBY
- http://www.phrack.org/issues/69/12.html (must-read paper!)
- https://github.com/rubysec/bundler-audit#readme
- https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet#Command_Injection
- http://rails-sqli.org/
- http://brakemanscanner.org/
- http://guides.rubyonrails.org/security.html
- http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications/
- https://github.com/bbatsov/rubocop
- https://github.com/thesp0nge/dawnscanner
- https://deepsource.io/blog/ruby-security-pitfalls/
- https://blog.codacy.com/ruby-security-issues-you-should-avoid/
- https://blog.securityinnovation.com/blog/2015/05/ruby-on-rails.html
- https://kmarks2013.medium.com/5-common-rails-security-vulnerabilities-58d39be9a270
- https://hackerone.com/vakzz?type=user](https://hackerone.com/vakzz?type=user
- https://github.com/rapid7/rex-text
- https://docs.rubocop.org/rubocop/cops_security.html
- https://rules.sonarsource.com/ruby/
- https://semgrep.dev/p/ruby
- https://brakemanscanner.org/docs/warning_types/
- ###RCE via Indirections
- Check the related section (2.3.3) from the Phrack article for details.
- send()
- __send__()
- public_send()
- try()
- http://gavinmiller.io/2016/the-safesty-way-to-constantize/
- https://blog.convisoappsec.com/en/exploiting-unsafe-reflection-in-rubyrails-applications/
- https://www.praetorian.com/blog/ruby-unsafe-reflection-vulnerabilities/
- https://portswigger.net/daily-swig/ruby-taken-off-the-rails-by-deserialization-exploit
- https://www.elttam.com/blog/ruby-deserialization/#content
- https://lab.wallarm.com/exploring-de-serialization-issues-in-ruby-projects-801e0a3e5a0a/
- https://ruby-doc.org/core-2.7.0/Marshal.html#module-Marshal-label-Security+considerations
- https://www.zerodayinitiative.com/blog/2019/6/20/remote-code-execution-via-ruby-on-rails-active-storage-insecure-deserialization
- https://book.hacktricks.xyz/pentesting-web/deserialization#ruby
- https://codeclimate.com/blog/rails-remote-code-execution-vulnerability-explained/
- ###RCE via ERB Template Injection
- https://www.trustedsec.com/blog/rubyerb-template-injection/
- https://blog.appsignal.com/2019/03/26/object-marshalling-in-ruby.html
- https://www.gushiciku.cn/pl/pit4/zh-tw
- https://systemtek.co.uk/2019/08/nokogiri-ruby-kernel-open-method-command-injection-vulnerability-cve-2019-5477/
- https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- https://github.com/mpgn/CVE-2018-3760
- https://xz.aliyun.com/t/2542
- https://groups.google.com/g/ruby-security-ann/c/2S9Pwz2i16k
- https://github.com/mpgn/CVE-2019-5418
- XXE on JSON endpoints https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
- XML/XXE Out-of-Band tricks https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf
- Play framework XXE https://pentesterlab.com/exercises/play_xxe/course
- Abusing AMF endpoints as proxy http://blog.gdssecurity.com/labs/2010/3/17/penetrating-intranets-through-adobe-flex-applications.html
- https://github.com/ikkisoft/blazer/blob/master/docs/BH2012_LucaCarettoni_PRESO_FINAL.pdf
- AMF parsing and XXE http://www.agarri.fr/kom/archives/2015/12/17/amf_parsing_and_xxe/index.html
- http://blog.gdssecurity.com/labs/2009/11/11/pentesting-adobe-flex-applications-with-a-custom-amf-client.html
- http://static1.1.sqspcdn.com/static/f/936190/13332467/1311374979537/OWASP_NYNJMetro_Pentesting_Flex.pdf
- https://jlajara.gitlab.io/web/2020/02/19/Bypass_WAF_Unicode.html
- https://github.com/pyn3rd/WAF-bypass/blob/master/Tala-Security.pdf
- https://github.com/pyn3rd/WAF-bypass/blob/master/KCon_2019_WAF.pdf
- https://www.slideshare.net/SoroushDalili/waf-bypass-techniques-using-http-standard-and-web-servers-behaviour
- https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/
- https://github.com/irsdl/httpninja
- https://github.com/0xInfection/Awesome-WAF#known-bypasses
- http://news.shamcode.ru/blog/0xinfection--awesome-waf/#known-bypasses
- https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0
- Node.js common issues https://speakerdeck.com/ckarande/top-overlooked-security-threats-to-node-dot-js-web-applications
- Practical HTTP Host header injection http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.htm
- RCE via xstream deserialization http://www.pwntester.com/blog/2013/12/23/rce-via-xstream-object-deserialization38/
- Hunting asynchronous vulnerablities http://blog.portswigger.net/2015/09/hunting-asynchronous-vulnerabilities.html
- AngularJS interesting tricks http://fr.slideshare.net/x00mario/an-abusive-relationship-with-angularjs
- SQL Injection knowledge base http://websec.ca/kb/sql_injection
- Pentest bookmarks collection http://www.getmantra.com/hackery/
- XSS audit tips http://erlend.oftedal.no/blog/?blogid=127
- various XSS test vectors http://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.r66.cf1.rackcdn.com/--xss.html
- http://www.nosqlmap.net/index.html NoSQL attacks
- http://research.aurainfosec.io/bypassing-saml20-SSO/ SAML SSO XML Signature Attacks
- https://soroush.secproject.com/downloadable/common-security-issues-in-financially-orientated-web-applications-_v1.1.pdf Auditing finance/commerce web applications
- https://github.com/0xn0ne/weblogicScanner Scanner/PoC for all recent Weblogic RCEs
- https://github.com/0xn0ne/Middleware-Vulnerability-detection check/PoC for various middleware frameworks
- https://github.com/BishopFox/h2csmuggler HTTP2 upgrade
- https://github.com/0ang3el/websocket-smuggle websocket
- https://regilero.github.io/english/security/2019/10/17/security_apache_traffic_server_http_smuggling/
- https://portswigger.net/web-security/request-smuggling
- https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
- https://portswigger.net/research/practical-web-cache-poisoning
- https://portswigger.net/research/web-cache-entanglement
- https://portswigger.net/research/bypassing-web-cache-poisoning-countermeasures
- https://portswigger.net/research/responsible-denial-of-service-with-web-cache-poisoning
- https://portswigger.net/research/breaking-the-chains-on-http-request-smuggler
- Great cheat-sheet (including *nix LPE tricks) https://book.hacktricks.xyz/linux-unix/privilege-escalation
- Taxonomy of software security errors http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html
- playing with VSAT http://2012.hack.lu/archive/2009/Playing%20with%20SAT%201.2%20-%20Hacklu.pdf
- Outlook RCE trick https://medium.com/@networksecurity/oleoutlook-bypass-almost-every-corporate-security-control-with-a-point-n-click-gui-37f4cbc107d0#.9iiadiu47
- Hacking Cisco ASA (practical vulns) https://ruxcon.org.au/assets/2014/slides/Breaking%20Bricks%20Ruxcon%202014.pdf
- Active-Directory recon without admin rights https://adsecurity.org/?p=2535
- Clang hardening cheat-sheet http://blog.quarkslab.com/clang-hardening-cheat-sheet.html
- Large list of various cheat-sheets (sec related) http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
- http://www.cheat-sheets.org/
- http://www.exfiltrated.com/research-BIOS_Based_Rootkits.php
- Analyzing PDF file http://hiddenillusion.blogspot.ca/2013/12/analyzepdf-bringing-dirt-up-to-surface.html
- https://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network
- Post-Exploitation tricks WiKi http://pwnwiki.io/#!index.md
- BGP security assessment http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf
- IKE-Scan testing wiki https://web.archive.org/web/20150609064941/http://www.nta-monitor.com/wiki/index.php/Ike-scan_User_Guide
- MDM testing must-read https://www.blackhat.com/docs/us-16/materials/us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions-wp.pdf
- PHP audit cheat-sheet: https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet
- PHP audit notes https://github.com/80vul/pasc2at
- Various lang./libs cheat-sheets index: https://github.com/detailyang/awesome-cheatsheet
- Perl Jam: Interesting perl notes https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2542/original/the-perl-jam-netanel-rubin-31c3.pdf
- Perl Jam2: https://lab.dsst.io/32c3-slides/7130.html
- Python: List of most of dangerous APIs https://docs.openstack.org/bandit/latest/blacklists/blacklist_calls.html
- https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/ Go lang audit tips
- https://vulncat.fortify.com/en/weakness ref. for many languages
- https://rules.sonarsource.com/ pretty good and up to date ref for many languages.
- https://securitylab.github.com/events/2020-02-14-offensivecon Great kick-start workshop for learning CodeQL
- https://help.semmle.com/codeql/codeql-for-vscode/procedures/setting-up.html CodeQL setup guide for VS Code.
- Sniffing 4.9GHz public safety spectrum https://github.com/Subterfuge-Framework/Subterfuge
- SkyNet http://static.usenix.org/events/woot11/tech/final_files/Reed.pdf
- http://blog.opensecurityresearch.com/2012/06/getting-started-with-gnu-radio-and-rtl.html
- https://www.inguardians.com/2018/12/12/attacking-and-defending-kubernetes-bust-a-kube-episode-1/
- https://raesene.github.io/blog/2016/10/08/Kubernetes-From-Container-To-Cluster/
- https://www.youtube.com/watch?v=vTgQLzeBfRU Hacking and Hardening Kubernetes Clusters by Example
- https://www.youtube.com/watch?time_continue=72&v=1k-GIDXgfLw Good (security) intro into kubernetes
- https://www.youtube.com/watch?v=n9ljS-TQRQE another useful basics intro
- https://www.cisecurity.org/benchmark/kubernetes/ CIS Kubernetes Benchmark v1.4.0
- https://dnsdumpster.com Passive DNS recon
- https://www.passivetotal.org Passive multi-source threats and info gathering (requires subscription)
- https://www.censys.io Internet scan (DNS,SSL,Web,Mail) results search
- https://scans.io Regularly updated IPv4 space scan raw data
- http://bgp.he.net/AS23148#_prefixes For discovering all IPs related to targets using BGP. Mix with google dorks.
- https://whois.domaintools.com Extensive reverse-dns lookup (not free for large results)
- http://urlfind.org/ URL and cross-domain mapping
- https://www.virustotal.com/en/search/ Searching domains,emails,IP,strings,...
- Maltego: Multi source/purpose OSINT tool (some modules are not passive!) https://www.paterva.com/web6/products/maltego.php
- Harvester: Gather emails/vhosts/sub-domains using search engines https://github.com/laramies/theHarvester
- Fierce: DNS brute-force tool http://tools.kali.org/information-gathering/fierce
- TXDNS: Fast DNS brute-force (win) http://www.vulnerabilityassessment.co.uk/txdns.htm
- Large hostname dictionary https://github.com/TheRook/subbrute/blob/master/names.txt
- FOCA: Extensive passive & active OSINT and meta-data enumeration (win) https://www.elevenpaths.com/labstools/foca/
- SpiderFoot: Python do-over of a great old tool, THE OSIG TOOL to use specially for larger targets and corps. https://github.com/smicallef/spiderfoot
- https://github.com/nahamsec/lazys3 scan AWS instances for a domain
- Burp-Suite: Various automated/manual features. Automatic scanner in Pro https://portswigger.net/burp/
- BurpSuite Plugin: AuthMatrix (for testing proper auth implemenations) http://zuxsecurity.blogspot.de/2016/01/authmatrix-for-burp-suite.html
- BurpSuite Plugin: StaticScan (offline JS audit) https://github.com/tomsteele/burpstaticscan
- BurpSuite Plugin: Blazer (AMF Testing) https://github.com/ikkisoft/blazer
- Many other BurpSuite Plugins: https://portswigger.net/bappstore/
- SoapUI: Parsing and testing web services, mix with BurpSuite,bur also has some limited security tests (XSS/SQLi/XMLi) https://www.soapui.org/downloads/soapui.html
- Arachni-Scanner: automated web scanner http://www.arachni-scanner.com/
- W3AF: Semi-automated web scanner (many useful plugins) http://w3af.org/
- Dir-Buster: Fast dir burute-force with extensive dic files https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
- IIS-ShortName-Scanner: Abuse IIS misconfig to grab dir/file 8.3 (also possible with Nmap NSE script) names https://github.com/irsdl/IIS-ShortName-Scanner
- Nmap --script=http-* Many useful NSE scripts for web-apps and enumeration https://nmap.org/nsedoc/index.html
- OWASP ZAP: Similar to Burp (win) https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- Fiddler: similar to burp and ZAP http://www.telerik.com/fiddler
- SQLmap: automated SQLi detect/exploit http://sqlmap.org/
- SQLninja: automated SQLi (useful plugins & scripts for win/ms-sql/OOB) http://sqlninja.sourceforge.net/index.html
- DOMinatorPro: DOM based attacks tool https://dominator.mindedsecurity.com/
- Xcat: XPath injection tool https://github.com/orf/xcat
- deblaze: AMF endpoint enumeration and interaction https://github.com/SpiderLabs/deblaze
- blazentoo AMF attack tool for abusing proxy endpoints https://github.com/GDSSecurity/blazentoo
- JMET Java serialization attacks payload generator https://github.com/matthiaskaiser/jmet
- Useful Firefox/Chrome plugins:
- FireBug: Debugging web pages, scripts, cookies, etc http://getfirebug.com/
- FlashBug: Firebug plugin for auditing flash apps, including decompile
- WebApplyzer: detecting web-app technology https://wappalyzer.com/
- PassiveRecon: detecting web-app technology https://addons.mozilla.org/en-US/firefox/addon/passiverecon/
- User-Agent Switcher: change broswer UA http://chrispederick.com/work/user-agent-switcher/
- FoxyProxy: quickly change to different proxy settings (or use proxy based on pattern matching) https://getfoxyproxy.org/
- Retire.js: auto detect outdated 3rd party JS libs included in the web-app http://bekk.github.io/retire.js/
- List of other interesting plugins http://www.getmantra.com/tools.html
- https://github.com/welk1n/JNDI-Injection-Exploit JNDI-injection tool
- https://github.com/lobuhi/byp4xx.git 403 bypass checks
- https://github.com/sting8k/BurpSuite_403Bypasser 403 bypass checks, Burp plugin
- ERPScan tools: multiple useful SAP audit tools (mix modules with Burp!) https://erpscan.com/research/free-pentesting-tools-for-sap-and-oracle/
- Metasploit SAP modules:
- SAPyto: SAP pentest framework https://erpscan.com/research/free-pentesting-tools-for-sap-and-oracle/
- BizSploit: free/commercial SAP pentest framework https://www.onapsis.com/research/free-solutions
- SAPPy https://github.com/jacebrowning/sappy
- Multiple Oracle audit and scan tools to brute/enum/exploit oracle http://www.cqure.net/wp/tools/database/
- AppDetective Pro: Commercial (with trial) extensive vuln-assessment and audit for many DB platforms https://www.trustwave.com/Products/Database-Security/AppDetectivePRO/
- McAfee DSS: commercial (with trial) database vuln-assessment and audit tool http://www.mcafee.com/us/products/security-scanner-for-databases.aspx
- Metasploit modules: many useful brute/enum/exploit modules
- Canvas modules: a number of useful enum/exploit modules
- Nmap NSE: many useful nmap scripts for recon/audit/enum
- MSSQL post-exploitation http://mssqlpostexploit.codeplex.com/
- https://securitylab.github.com/tools/codeql must-learn semantic code auditing tool for all (supported) languages.
- https://www.jetbrains.com/idea/ IntelliJ IDEA Ultimate IDE: great search/back-trace/debugging features useful during audit
- https://github.com/agelastic/intellij-code-audit/ IntelliJ Java audit policies: extra audit policies for IDEA
- http://rips-scanner.sourceforge.net RIPS (PHP): Obsolete but still useful static audit (new redesign will be out soon)
- http://php-grinder.com/
- http://www.devbug.co.uk/
- https://github.com/FloeDesignTechnologies/phpcs-security-audit grep for interesting keywords
- https://github.com/find-sec-bugs/find-sec-bugs Find-Security-Bugs (Java)
- https://github.com/tomsteele/burpstaticscan Burp Static Scan: auditing JS using burpSuite static-scan engine
- http://www.downloadcrew.com/article/26642-swfscan HP SWFscan: Automatic decompile and basic audit of flash (obsolete, but useful)
- http://labs.adobe.com/technologies/swfinvestigator/ Adobe SWFinvestigator: Useful for static/dynamic audit of flash apps
- https://github.com/nccgroup/VCG/tree/master/VisualCodeGrepper Visual-Code-Grepp useful collection of patterns and keywords(win) C/C++, Java, C#, VB and PL/SQL
- https://dominator.mindedsecurity.com/ DOMinatorPro: DOM based attacks tool
- http://www.computec.ch/projekte/codex/
- http://marketplace.eclipse.org/content/contrast-eclipse WASP Top 10 detection plugin for Eclipse
- http://code-pulse.com/ code coverage monitoring for blackbox app tests
- http://jshint.com/ JS static code analysis
- https://pmd.github.io classic static code analyzer supporting many langs.
- https://jeremylong.github.io/DependencyCheck/index.html Scans various source & config files and cross-check with CVE DB to report outdated libraries.
- https://nodesecurity.io/opensource NSP scans Node.js applications for outdated modules.
- http://retirejs.github.io/retire.js/ Scans JS/Node codes and applications for outdated modules and libraries
- https://github.com/dpnishant/raptor web-based (web-serivce + UI) github centric source-vulnerability scanner
- https://github.com/presidentbeef/brakeman Ruby on Rails static code scanner
- https://github.com/rubysec/bundler-audit Auditing Ruby 3rd party libs versions
- https://github.com/rubygarage/inquisition Ruby auditing tools gem
- https://github.com/thesp0nge/dawnscanner Ruby applications security scanner
- https://github.com/antitree/manitree Android Apps manifest.xml audit
- https://github.com/Microsoft/DevSkim/ Visual-Stuudio/Code plugin with base rules for highlighting (C#, C++, JS, SQL, ...) issues.
- https://www.nuget.org/packages/SafeNuGet/ Scans 3rd party libs used in .Net apps for known issues. Also bundles with VS.
- https://www.viva64.com/en/pvs-studio/ Static code (security) analysis, also bundles with VS.
- https://github.com/PyCQA/bandit Static code (security) analysis for Python. Extendable with plugins.
- https://requires.io Automatic check of Python pip package versions against known vulns. Create a repo with required.pip list on github and point the site to it.
- https://pyup.io/safety/ checks requirements.txt for outdated and vulnerable imports
- https://github.com/fkie-cad/cwe_checker ELF static analyser based on BAD (Intel/ARM/MIPS/PPC, +IDA/Ghidra
- https://pyre-check.org/ Python lib for taint analysis via sinks.
- https://github.com/security-code-scan/security-code-scan C# audit tool (like FindSecBugs for java).
- https://gitlab.immunityinc.com/consultingresearch/code-graph-auditor-intellij-plugin Code-Graph-Auditor for IDEA (internal tool)
- https://semgrep.dev/ multi-language AST powered audit tool with easy to use rule syntax. (Good CodeQL alternative)
- https://github.com/visma-prodsec/confused Dependency Confusion check (pypi,npm,php,mvn)
- https://github.com/visma-prodsec/ConfusedDotnet Dependency Confusion check for .Net nugets
- http://www.3u.com/ The iTunes (and more + tweak) alternative for iOS
- https://github.com/iSECPartners/LibTech-Auditing-Cheatsheet
- https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
- https://github.com/MobSF/Mobile-Security-Framework-MobSF Detailed audit of APK files for config/security issues
- https://github.com/AndroBugs/AndroBugs_Framework quick static analysis of apk files
- https://github.com/ashishb/android-security-awesome collection of android sec. related tools list
- https://www.owasp.org/index.php/Android_Testing_Cheat_Sheet
- https://www.ostorlab.co/ Online app analysis sandbox & static analysis
- http://sanddroid.xjtu.edu.cn/ Online app analysis sandbox & static analysis
- https://github.com/sensepost/objection Frida based framework for iOS/Android (+auto resign & deploy apps)
- https://github.com/chaitin/passionfruit Frida based framework for iOS
- https://github.com/ChiChou/Grapefruit Newer tool raised from Passionfruit, for iOS
- https://github.com/nccgroup/house Frida based framework for Android, similar to PassionFruit
- https://github.com/linkedin/qark Android app review kit
- https://github.com/vtky/Swizzler2 Frida based toolkit for testing iOS/Android apps and MDM solutions
- https://github.com/JesusFreke/smali Android DEX format (.smali files) [dis]assembler
- https://github.com/AloneMonkey/frida-ios-dump pull decrypted IPA from jailbroken iOS
- https://github.com/ay-kay/cda cmd tool to search/list installed iOS apps and details
- https://github.com/NitinJami/keychaineditor iOS keychain dump/edit on jailbroken devices
- https://github.com/ptoomey3/Keychain-Dumper iOS keychain dumper
- https://github.com/nowsecure/node-applesign NodeJS tool for easy re-sign of iOS apps
- https://github.com/dweinstein/awesome-frida Awesome Frida based tools/libs/resources
- https://tinyhack.com/2018/02/05/pentesting-obfuscated-android-app/ Deobfuscate Android apps
- https://marketplace.visualstudio.com/items?itemName=codecolorist.vscode-frida Frida plugin for VS-Code
- https://github.com/skylot/jadx Android (APK)/Java decompiler
- https://github.com/oversecured/ovaa Lots of vuln types examples in a mobile app
- https://github.com/blacktop/ipsw iOS/MacOS research Swiss army knife
- https://codeshare.frida.re/@mrmacete/objc-method-observer/ monitor class/method calls
- https://github.com/noobpk/frida-ios-hook hook methods
- Live RFID hacking distro http://www.openpcd.org/Live_RFID_Hacking_System
- automated WPS exploit script https://github.com/derv82/wifite
- https://github.com/OpenSecurityResearch/hostapd-wpe
- https://www.kismetwireless.net/kisbee/ Zigbee open-source hardware
- https://www.kismetwireless.net/android-pcap/ 802.11 capturing for andorid
- https://github.com/SecUpwN/Android-IMSI-Catcher-Detector
- https://www.adafruit.com/product/1497
- http://www.p1sec.com/corp/research/tools/sctpscan/
- http://www.shellntel.com/blog/2015/9/23/assessing-enterprise-wireless-networks crEAP - Harvesting Users on Enterprise Wireless Networks
- https://n0where.net/wps-attack-tool-penetrator-wps/
- https://github.com/conorpp/btproxy Bluetooth MiTM proxy
- https://github.com/omriiluz/NRF24-BTLE-Decoder
- https://github.com/riverloopsec/killerbee ZigBee attack framework
- https://github.com/sophron/wifiphisher phishing against wifi clients
- https://github.com/samyk/keysweeper sniffing wireless keyboards
- https://github.com/JiaoXianjun/LTE-Cell-Scanner
- https://github.com/sharebrained/portapack-hackrf HackRF LCD display
- https://github.com/2b-as/xgoldmon convert USB debug logsphones with XGold baseband processor back to the GSM/UMTS
- http://www.silca.biz/en/products/key-replacement-business/residential-remotes/916270/remotes-air4.html Device to clone door remotes
- http://www.rmxlabs.ru/products/keymaster_pro_4_rf/ device to clone LF (125KHz) RFID tags
- http://www.fortresslock.co.uk/welcome/trade-area/smartcard-deluxe-2/ similar to above, in EU market.
- http://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/ Longer range LF tag cloner (3 feet), easy to build.
- http://www.d-logic.net/nfc-rfid-reader-sdk/products/nfc-usb-stick-dl533n NFC/RFID (HF) USB dungle + Android app
- BusPirate http://dangerousprototypes.com/docs/Bus_Pirate
- JTAGulator http://www.grandideastudio.com/portfolio/jtagulator/
- BinWalk https://github.com/devttys0/binwalk
- Firmware-Mod-Kit https://code.google.com/archive/p/firmware-mod-kit/
- http://firmware.re/
- https://github.com/adamcaudill/Psychson BadUSB poc
- https://www.pjrc.com/teensy/
- http://rada.re/r/ Reversing MIPS
- https://www.yoctoproject.org/tools-resources MIPS/ARM emulator
- http://int3.cc/products/facedancer21
- http://int3.cc/products/osprey
- https://github.com/cyberark/KubiScan Tools for auditing master node configs
- https://github.com/aquasecurity/kube-hunter Tools for remote test of clusters for common issues
- https://github.com/aquasecurity/kube-bench Tool for local audit of pod/master nodes against CIS benchamrk
- https://github.com/nccgroup/kube-auto-analyzer Tool for local audit of pod/master nodes, can also deploy agent
- https://github.com/royhills/ike-scan
- https://github.com/SpiderLabs/ikeforce
- https://github.com/interspective/bike-scan
- https://github.com/historypeats/psikeo
- https://github.com/fozavci/viproy-voipkit
- http://www.voipsa.org/Resources/tools.php Directory of good tools for VoIP hacking
- Basics https://developer.chrome.com/extensions/overview#arch
- https://www.chromium.org/Home/chromium-security/education/security-tips-for-crx-and-apps
- http://resources.infosecinstitute.com/owned-by-chrome-extensions/#gref
- http://kyleosborn.com/bh2012/advanced-chrome-extension-exploitation-WHITEPAPER.pdf
- Insecure Messaging issues like https://bugs.chromium.org/p/project-zero/issues/detail?id=1527&desc=2#maincol
- https://github.com/koto/xsschef
- Use Node/JS module scanners like NSP and SNYK (https://snyk.io/) against source
- https://github.com/SecurityFTW/cs-suite Automated auditing of AWS/GCP/Azure
- https://github.com/nccgroup/ScoutSuite Multi-cloud audit tool
- https://github.com/cyberark/SkyArk Identify & audit privileged entities in Azure and AWS
- https://github.com/nccgroup/Scout2 AWS Audit tool by NCC (recommended)
- https://github.com/sa7mon/S3Scanner Finds & dumps open S3 buckets
- https://github.com/jordanpotti/AWSBucketDump
- https://github.com/dagrz/aws_pwn AWS testing scripts
- https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation AWS priv-escalation (text)
- https://github.com/DenizParlak/Zeus AWS auditing & hardening tool
- https://github.com/FSecureLABS/awspx Graph-based visualising effective access & resource relationships in AWS
- https://github.com/Ucnt/aws-s3-downloader Downloading S3 buckets
- Check Burp-Suite store for AWS/Azure related extensions. Good stuff there too.
- https://gtfobins.github.io/
- https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite Bash script finding common LPE vectors
- https://github.com/sleventyeleven/linuxprivchecker Python script finding common LPE vectors
- https://github.com/CISOfy/lynis *nix local auidit/test/hardening tool in Bash.
- https://www.kitploit.com/2020/10/patchchecker-web-based-check-for.html quick check for missing patches for LPE
- https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
- Smartphone pentest framework http://www.bulbsecurity.com/smartphone-pentest-framework/
- OCSP Client Tool http://www.ascertia.com/products/ocsp-client-tool
- JSmartCardExplorer https://www.primianotucci.com/os/smartcard-explorer
- Mimikatz http://blog.gentilkiwi.com/mimikatz
- Bettercap sniffer https://www.bettercap.org/
- Subterfuge MiTM framework https://github.com/Subterfuge-Framework/Subterfuge
- .Net Reflector: decompiler http://www.red-gate.com/products/dotnet-development/reflector/
- Zanti mobile pentest framework https://www.zimperium.com/zanti-mobile-penetration-testing
- https://www.christophertruncer.com/veil-a-payload-generator-to-bypass-antivirus/
- Malloy: TCP/UDP proxy http://intrepidusgroup.com/insight/mallory/
- GNU tools for win32 https://github.com/bmatzelle/gow/wiki
- Window console emulator https://conemu.github.io/
- DVBsnoop http://dvbsnoop.sourceforge.net/
- Introspy-IOS: IOS app profiling tool https://github.com/iSECPartners/Introspy-iOS
- http://www.frida.re/
- Decompile and view RPC info http://rpcview.org/
- https://www.bro.org/ network monitoring and traffic analysis
- https://github.com/mikispag/rosettaflash Rosetta Flash (CVE-2014-4671)
- http://mitmproxy.org/ MiTM proxy tool
- Pytbull: IDS/IPS testing tool http://pytbull.sourceforge.net/
- Fakenet: dynamic malware behaviour analysis http://pytbull.sourceforge.net/
- PowerSploit: Powershell based exploit framework https://github.com/mattifestation/PowerSploit
- http://x64dbg.com/#start
- https://thesprawl.org/projects/ida-sploiter/
- https://github.com/robertdavidgraham/masscan fast nmap alternative
- https://github.com/coresecurity/impacket python lib for packet generation of multiple protocols
- http://pentestmonkey.net/tools/windows-privesc-check finds weak permissions on win for priv-escalation
- https://github.com/iSECPartners/ios-ssl-kill-switch disable SSL cert validation in IOS
- https://retdec.com/ online binary decompiler (Intel x86, ARM, ARM+Thumb, MIPS, PIC32, PowerPC)
- http://goaccess.io/screenshots Apache log analysis and monitor
- https://www.onlinedisassembler.com/odaweb/
- http://www.reconstructer.org/ Office doc malware scanner
- https://getgophish.com/ phishing framework
- http://salmanarif.bitbucket.org/visual/index.html ARM visual emulator
- https://github.com/giMini/PowerMemory/tree/master/RWMC Powershell - Reveal Windows Memory Credentials
- https://launchpad.net/~pi-rho/+archive/ubuntu/security debian PPA for common sec. tools
- https://zmap.io/ fast port scanner for scanning entire internet
- http://www.computec.ch/projekte/vulscan/?s=download Vuln-scanner using NSE for Nmap (cross checking banners with CVEs)
- https://code.google.com/archive/p/smtp-security-scanner/
- https://github.com/proteansec/fuzzyftp simple FTP fuzzer
- http://www.xplico.org/ Network traffic forensics tool
- https://emcinformation.com/283102/REG/.ashx?reg_src=web NetWitness Investigator: powerful network traffic analysis tool
- https://www.bsk-consulting.de/apt-scanner-thor/ interesting anomaly based malware detection
- https://github.com/lanjelot/patator Python multi-protocol bruteforce script (using with Innuendo?)
- https://github.com/nccgroup/BinProxy Proxy tool for (binary) TCP connections. Supports SSL/TLS.