Online Penetration testing Resources

Penetration Testing Resources

• Metasploit Unleashed – Free Offensive Security Metasploit course
  • The Metasploit Unleashed (MSFU) course is provided free of charge by Offensive Security in order to raise awareness for underprivileged children in East Africa.
• PTES – Penetration Testing Execution Standard
  • The penetration testing execution standard consists of seven (7) main sections.
    • Pre-engagement Interactions
    • Intelligence Gathering
    • Threat Modeling
    • Vulnerability Analysis
    • Exploitation
    • Post Exploitation
    • Reporting
• OWASP – Open Web Application Security Project
  • Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software
• PENTEST-WIKI – A free online security knowledge library for pentesters / researchers.
  • pentest-wiki is a free online security knowledge library for pentesters / researchers.
• Vulnerability Assessment Framework – Penetration Testing Framework.
• The Pentesters Framework – PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.

Exploit development

• Shellcode Tutorial – Tutorial on how to write shellcode
  • Shellcoding for Linux and Windows Tutorial -with example windows and Linux shellcode
• Shellcode Examples – Shellcodes database
• Exploit Writing Tutorials – Tutorials on how to develop exploits
• Voltron – A hacky debugger UI for hackers
  • Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers

Penetration testing Tools

Penetration Testing Distributions

• Kali – A Linux distribution designed for digital forensics and penetration testing
• ArchStrike – An Arch Linux repository for security professionals and enthusiasts
• BlackArch – Arch Linux-based distribution for penetration testers and security researchers
• NST – Network Security Toolkit distribution
• Pentoo – Security-focused LiveCD based on Gentoo
• BackBox – Ubuntu-based distribution for penetration tests and security assessments
• Parrot – A distribution similar to Kali, with multiple architectures
• Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.

Basic Penetration Testing Tools

• Metasploit Framework – World’s most used penetration testing software
• Burp Suite – An integrated platform for performing security testing of web applications
• ExploitPack – Graphical tool for penetration testing with a bunch of exploits
• BeeF – The Browser Exploitation Framework Project
• faraday – Collaborative Penetration Test and Vulnerability Management Platform
• evilgrade – The update explotation framework
• commix – Automated All-in-One OS Command Injection and Exploitation Tool
  • Commix (short for [comm]and [i]njection eploiter) is an automated tool written by Anastasios Stasinopoulos, that can be used from web developers, penetration testers or even security researchers in order to test web-based applications
• routersploit – Automated penetration testing software for router
• redsnarf -RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques.

Docker for Penetration Testing

• docker pull kalilinux/kali-rolling official Kali Linux
• docker pull owasp/zap2docker-stable – official OWASP ZAP The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications
• docker pull wpscanteam/wpscan – official WPScan
• docker pull metasploitframework/metasploit-framework – docker-metasploit
• docker pull citizenstig/dvwa – Damn Vulnerable Web Application (DVWA)
• docker pull eystsen/vulnerablewordpress – Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 – Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 – Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas – Security Ninjas
• docker pull diogomonica/docker-bench-security – Docker Bench for Security
• docker pull ismisepaul/securityshepherd – OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat – OWASP WebGoat Project docker image
• docker-compose build && docker-compose up – OWASP NodeGoat
• docker pull citizenstig/nowasp – OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop – OWASP Juice Shop

Vulnerability Scanners

Network Vulnerability Scanners

• celerystalk – Asynchronous enumeration and vulnerability scanner that “runs all the tools on all the hosts” in a configurable manner.
  • celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run.
• Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  • The assets and vulnerabilities on your network are constantly changing. Getting a full picture of your network is half the battle.
• Netsparker Application Security Scanner – Application security scanner to automatically find security flaws.
  • Netsparker is a fully integrated, scalable, multi-user web security solution with built-in workflow and reporting tools.
• Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
• OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
  • OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
• Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

Web Vulnerability Scanners

• ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  • ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass).
• Arachni – Scriptable framework for evaluating the security of web applications.
  • Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.
• JCS – Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
• Nikto – Noisy but fast black box web server and web application vulnerability scanner.
  • Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
• SQLmate – Friend of sqlmap that identifies SQLi vulnerabilities based on a given dork and (optional) website.
• SecApps – In-browser web application security testing suite.
  • SecApps Scout gives you a 360° visibility of all your external system assets such as domains, IP addresses, ports, services, and web applications.
• WPScan – Black box WordPress vulnerability scanner.
  • WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.
• Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
  • Wapiti allows you to audit the security of your websites or web applications.
  • It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
  • Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is
• WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
  • WebReaver is a desktop-based, web security scanner and automated web security penetration testing tool, designed to help you find security vulnerabilities in applications and services.
• cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
• joomscan – Joomla vulnerability scanner.
  • OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments.
• w3af – Web application attack and audit framework.
  • w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

Network Tools

• nmap – Free Security Scanner For Network Exploration & Security Audits

  • Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.

• pig – A Linux packet crafting tool

  • Pig (which can be understood as Packet intruder generator) is a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuff.

• tcpdump/libpcap – A common packet analyzer that runs under the command line

  • This is the official web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

• Wireshark – A network protocol analyzer for Unix and Windows

  • Wireshark is the world’s foremost and widely-used network protocol analyzer.

• Network Tools – Different network tools: ping, lookup, whois, etc

  • 20 Years Of Free Tools For Network Geeks

• netsniff-ng – A Swiss army knife for for network sniffing

  • The netsniff-ng toolkit’s primary usage goal is to facilitate a network, developer’s / hacker’s daily Linux plumbing. It can be used for network. development, debugging, analysis, auditing or network reconnaissance.

• Intercepter-NG – a multifunctional network toolkit

  • Intercepter-NG is a multifunctional network toolkit for various types of IT specialists. The main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.

• SPARTA – Network Infrastructure Penetration Testing Tool

  • SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results.

• DNSDumpster – Online DNS recon and search service

  • DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.

• dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results

• dnsmap – Passive DNS network mapper

  • dnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network – How to 0wn the Box”

• dnsrecon – DNS Enumeration Script

  • DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.

• dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers

• passivedns-client – Provides a library and a query tool for querying several passive DNS providers

  • Passive DNS is a technique where IP to hostname mappings are made by recording the answers of other people’s queries.
  • There is a tool included, pdnstool, that wraps a lot of the functionality that you would need.

• passivedns – A network sniffer that logs all DNS server replies for use in a passive DNS setup

  • A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.
  • PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file.
  • PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without losing the essense in the DNS answer.

• Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

  • This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.

• Zarp – Zarp is a network attack tool centered around the exploitation of local networks

  • Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out.

• mitmproxy – An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

• mallory – HTTP/HTTPS proxy over SSH

• Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols

  • Netzob is a tool that can be used to reverse engineer, model and fuzz communication protocols. It is made of two components:
    • netzob a python project that exposes all the features of netzob (except GUI) you can import in your own tool or use in CLI,
    • netzob_web a graphical interface that leverages web technologies.

• DET – DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time

• pwnat – punches holes in firewalls and NATs

  • pwnat, by Samy Kamkar, is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other.

• dsniff – a collection of tools for network auditing and pentesting

  • dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

• tgcd – a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls

  • tgcd is a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. This can also be used by network analysts and security experts for penetration testing and analyze the security of their network. It has three different modes:
    • ConnectConnect (or CC, specified by option -C)
    • ListenListen (or LL, specified by option -L)
    • Port Forwarder (or PF, specified by option -F)

• smbmap – a handy SMB enumeration tool

  • SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands.

• scapy – a python-based interactive packet manipulation program & library

  • Scapy is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

• Dshell – Network forensic analysis framework

  • An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features:
    • Robust stream reassembly
    • IPv4 and IPv6 support
    • Custom output handlers
    • Chainable decoders

• Debookee (MAC OS X) -Network Traffic Interception – Intercept traffic from any device on your network

  • Debookee is able to intercept and monitor the traffic of any device in the same subnet, thanks to a Man-in-the-middle attack (MITM).
  • It allows you to capture data from mobile devices on your Mac (iPhone, iPad, Android, BlackBerry…) or Printer, TV, Fridge (Internet of Things!) without the need of a proxy.
  • This interception is done in 1 clic and is totally transparent, without network interruption.

• CrackMapExec – Swiss army knife for pentesting networks.

• IKEForce – Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.

  • IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.

• Legion – Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.

  • Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems.

• Ncrack – High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.

  • Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

• Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.

• Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.

• SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.

  • SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results.

• Smart Install Exploitation Tool (SIET) – Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.

  • Cisco Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.

• THC Hydra – Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.

  • Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

• Tsunami – General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

  • Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

• Zarp – Network attack tool centered around the exploitation of local networks.

• dnstwist – Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.

  • DNS fuzzing is an automated workflow for discovering potentially malicious domains targeting your organisation. This tool works by generating a large list of permutations based on a domain name you provide and then checking if any of those permutations are in use. Additionally, it can generate fuzzy hashes of the web pages to see if they are part of an ongoing phishing attack or brand impersonation, and much more!

• dsniff – Collection of tools for network auditing and pentesting.

  • dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

• impacket – Collection of Python classes for working with network protocols.

  • Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself.

• pivotsuite – Portable, platform independent and powerful network pivoting toolkit.

  • PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client.

• routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.

• rshijack – TCP connection hijacker, Rust rewrite of shijack.

DDoS Tools

• Anevicon – Powerful UDP-based load generator, written in Rust.
  • Anevicon is a high-performance traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a victim, thereby simulating an activity that can be produced by your end users or a group of hackers.
• HOIC – Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
• Low Orbit Ion Canon (LOIC) – Open source network stress tool written for Windows.
  • Low Orbit Ion Cannon (LOIC) is an open source network stress tool, written in C#.
• Memcrashed – DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
  • This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io
• SlowLoris – DoS tool that uses low bandwidth on the attacking side.
  • Slowloris is basically an HTTP Denial of Service attack that affects threaded servers.
• T50 – Faster network stress tool.
• UFONet – Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Network Reconnaissance Tools

• ACLight – Script for advanced discovery of sensitive Privileged Accounts – includes Shadow Admins.
  • This is ACLight2 – the new version of ACLight scan. It’s much quicker, has a new scan architecture and better results. It solves scalability and performance issues from the previous version.
• AQUATONE – Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
  • Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.
• CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests.
• DNSDumpster – Online DNS recon and search service.
• Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.
• OWASP Amass – Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
  • The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
• ScanCannon – Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.
• XRay – Network (sub)domain discovery and reconnaissance automation tool.
  • XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
• dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
• dnsmap – Passive DNS network mapper.
• dnsrecon – DNS enumeration script.
• dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
• fierce – Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
• nmap – Free security scanner for network exploration & security audits.
  • Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.
• passivedns-client – Library and query tool for querying several passive DNS providers.
  • Passive DNS is a technique where IP to hostname mappings are made by recording the answers of other people’s queries.
• passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.
• RustScan – Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.
• scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf.
• smbmap – Handy SMB enumeration tool.
• subbrute – DNS meta-query spider that enumerates DNS records, and subdomains.
  • SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool.
• zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • The ZMap Project is a collection of open source tools that enable researchers to perform large-scale studies of the hosts and services that compose the public Internet.

Protocol Analyzers and Sniffers

• Debookee – Simple and powerful network traffic analyzer for macOS.
  • Debookee is able to intercept and monitor the traffic of any device in the same subnet, thanks to a Man-in-the-middle attack (MITM)
  • It allows you to capture data from mobile devices on your Mac (iPhone, iPad, Android, BlackBerry…) or Printer, TV, Fridge (Internet of Things!) without the need of a proxy.
• Dshell – Network forensic analysis framework.
  • An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.
• Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
  • Netzob is a tool that can be used to reverse engineer, model and fuzz communication protocols. It is made of two components:
    • netzob a python project that exposes all the features of netzob (except GUI) you can import in your own tool or use in CLI,
    • netzob_web a graphical interface that leverages web technologies.
• Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
  • Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.
• netsniff-ng – Swiss army knife for for network sniffing.
  • netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets.
• sniffglue – Secure multithreaded packet sniffer.
  • sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as possible by default.
• tcpdump/libpcap – Common packet analyzer that runs under the command line.

Network Traffic Replay and Editing Tools

• TraceWrangler – Network capture file toolkit that can edit and merge pcap or pcapng files with batch editing features.
  • TraceWrangler is a network capture file toolkit running on Windows (or on Linux, using WINE) that supports PCAP as well as the new PCAPng file format, which is now the standard file format used by Wireshark. The most prominent use case for TraceWrangler is the easy sanitization and anonymization of PCAP and PCAPng files (sometimes called “trace files”, “capture files” or “packet captures”), removing or replacing sensitive data while being easy to use.
• WireEdit – Full stack WYSIWYG pcap editor (requires a free license to edit packets).
  • WireEdit allows WYSIWYG editing of Pcap data in situ for any network stack at any stack layer while preserving the binary integrity of the data.
• bittwist – Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and troubleshooting various network problems.
  • Bit-Twist is a simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic.
• hping3 – Network tool able to send custom TCP/IP packets.
  • hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.
• pig – GNU/Linux packet crafting tool.
  • Pig (which can be understood as Packet intruder generator) is a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuff.
• scapy – Python-based interactive packet manipulation program and library.
  • Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more.
• tcpreplay – Suite of free Open Source utilities for editing and replaying previously captured network traffic.

Proxies and Machine-in-the-Middle (MITM) Tools

• BetterCAP – Modular, portable and easily extensible MITM framework.
  • bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
• Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
  • Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
• Habu – Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.
• Lambda-Proxy – Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.
  • A simple utility to help test AWS Lambda functions for SQL Injection vulnerabilities, using a local HTTP proxy, which transforms the SQLMap HTTP-based attacks to AWS Lambda invoke calls.
• MITMf – Framework for Man-In-The-Middle attacks.
• Morpheus – Automated ettercap TCP/IP Hijacking tool.
  • Morpheus it’s a Man-In-The-Middle (mitm) suite that allows users to manipulate tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications.
• SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk.
• dnschef – Highly configurable DNS proxy for pentesters.
  • DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses.
• evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
• mallory – HTTP/HTTPS proxy over SSH.
• mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols.
• oregano – Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
• sylkie – Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.

Transport Layer Security Tools

• SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
• crackpkcs12 – Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
• testssl.sh – Command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
• tls_prober – Fingerprint a server’s SSL/TLS implementation.

Wireless Network Tools

• Aircrack-ng – Set of tools for auditing wireless networks.

  • Monitoring: Packet capture and export of data to text files for further processing by third party tools.
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
  • Testing: Checking WiFi cards and driver capabilities (capture and injection).
  • Cracking: WEP and WPA PSK (WPA 1 and 2)

• Airgeddon – Multi-use bash script for Linux systems to audit wireless networks.

  • Interface mode switcher
  • DoS over wireless networks
  • Full support for 2.4Ghz and 5Ghz bands
  • Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2 captured files
  • Evil Twin attacks (Rogue AP)
  • Enterprise networks attacks
  • WEP All-in-One attack
  • and much more

• BoopSuite – Suite of tools written in Python for wireless auditing.

  • BoopSuite is a wireless testing suite with extensible and independent components.

• Bully – Implementation of the WPS brute force attack, written in C.

  • Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification.

• Cowpatty – Brute-force dictionary attack against WPA-PSK.

• Fluxion – Suite of automated social engineering based WPA attacks.

  • Fluxion is a security auditing and social-engineering research tool.

• KRACK Detector – Detect and prevent KRACK attacks in your network.

  • KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network.

• Kismet – Wireless network detector, sniffer, and IDS.

  • Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

• PSKracker – Collection of WPA/WPA2/WPS default algorithms, password generators, and PIN generators written in C.

• Reaver – Brute force attack against WiFi Protected Setup.

• WiFi Pineapple – Wireless auditing and penetration testing platform.

• Wifi pumpkin 3– is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack.

• Wifite2 – Automated wireless attack tool – Wifite is designed to use all known methods for retrieving the password of a wireless access point (router). These methods include:

  • WPS: The Offline Pixie-Dust attack
  • WPS: The Online Brute-Force PIN attack
  • WPA: The WPA Handshake Capture + offline crack.
  • WPA: The PMKID Hash Capture + offline crack.
  • WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.

• infernal-twin – Automated wireless hacking tool.

  • This tool is created to aid the penetration testers in assessing wireless security.

• krackattacks-scripts – WPA2 Krack attack scripts.

• pwnagotchi – Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.

• wifiphisher – Automated phishing attacks against WiFi networks

  • Wifiphisher is a rogue Access Point framework for conducting red team engagements or WiFi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted WiFi association attacks.

• wifi-arsenal – Resources for WiFi Pentesting.

• SSLyze – SSL configuration scanner

  • SSLyze is a fast and powerful SSL/TLS scanning library. It allows you to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues (bad certificate, weak cipher suites, Heartbleed, ROBOT, TLS 1.3 support, etc.).

• tls_prober – fingerprint a server’s SSL/TLS implementation

  • TLS Prober is a tool for identifying the implementation in use by SSL/TLS servers. It analyses the behaviour of a server by sending a range of probes then comparing the responses with a database of known signatures. Key features include:

Web exploitation tools

• WPScan – Black box WordPress vulnerability scanner

  • WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.

• SQLmap – Automatic SQL injection and database takeover tool

  • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

• weevely3 – Weaponized web shell

  • Weevely is a web shell designed for post-exploitation purposes that can be extended over the network at runtime.

• Wappalyzer – Wappalyzer uncovers the technologies used on websites

• cms-explorer – CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

• joomscan – Joomla CMS scanner

  • OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments.

• WhatWeb – Website Fingerprinter

• BlindElephant – Web Application Fingerprinter

  • The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

• Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.

• Burp Suite – Integrated platform for performing security testing of web applications.

• fimap – Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs

  • fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

• Kadabra – Automatic LFI exploiter and scanner

• Kadimus – LFI scan and exploit tool

• liffy – LFI exploitation tool

• EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.

  • EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output.

• Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.

• FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

  • FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing.

• NoSQLmap – Automatic NoSQL injection and database takeover tool.

  • NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database.

• Raccoon – High performance offensive security tool for reconnaissance and vulnerability scanning.

• VHostScan – Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

• WPSploit – Exploit WordPress-powered websites with Metasploit.

• WhatWaf – Detect and bypass web application firewalls and protection systems.

  • WhatWaf is an advanced firewall detection tool who’s goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.

• autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.

• badtouch – Scriptable network authentication cracker.

• recursebuster – Content discovery tool to perform directory and file bruteforcing.

Hex Editors

• HexEdit.js – Browser-based hex editing

• Hexinator (commercial) – World’s finest Hex Editor

• HxD – Freeware Hex Editor and Disk Editor

  • HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

• 0xED – Native macOS hex editor that supports plug-ins to display custom data types.

• Bless – High quality, full featured, cross-platform graphical hex editor written in Gtk#.

• Frhed – Binary file editor for Windows.

• Hex Fiend – Fast, open source, hex editor for macOS with support for viewing binary diffs.

• wxHexEditor – Free GUI hex editor for GNU/Linux, macOS, and Windows.

Cracking Tools

• John the Ripper – Fast password cracker
  • John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems
• Crack Station– Online MD5 hash Cracker
  • CrackStation uses massive pre-computed lookup tables to crack password hashes.
• md5online – MD5 is a 128-bit encryption algorithm, which generates a hexadecimal hash of 32 characters, regardless of the input word size.
• Hashcat – The more fast hash cracker
• THC Hydra – Another Great Password Cracker
• Rar Crack – RAR bruteforce cracker.
  • This is a simple but sophisticated open source password recovery tool for M$ Windows, it can effectively ‘crack’ any password protected archive that can be decompressed by 7zip given enough time and resources.
• JWT Cracker – Simple HS256 JSON Web Token (JWT) token brute force cracker.
• hate_crack – Tool for automating cracking methodologies through Hashcat.
• GoCrack – Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.
• duplicut – Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.
• CeWL – Generates custom wordlists by spidering a target’s website and collecting unique words.
• BruteForce Wallet – Find the password of an encrypted wallet file (i.e. wallet.dat).
  • The purpose of this program is to try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc…) wallet file (i.e. wallet.dat).

Windows Utils

• Sysinternals Suite – The Sysinternals Troubleshooting Utilities
• Windows Credentials Editor – security tool to list logon sessions and add, change, list and delete associated credentials
• mimikatz – Credentials extraction tool for Windows OS
• PowerSploit – A PowerShell Post-Exploitation Framework
  • PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
• Windows Exploit Suggester – Detects potential missing patches on the target
  • This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
• Bloodhound – A graphical Active Directory trust relationship explorer
  • BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.
• Fibratus – Tool for exploration and tracing of the Windows kernel
  • Fibratus is a tool which is able to capture the most of the Windows kernel activity – process/thread creation and termination, context switches, file system I/O, registry, network activity, DLL loading/unloading and much more.

Linux Utils

• Linux Exploit Suggester – Linux Exploit Suggester; based on operating system release number.
• Hwacha – Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously
• Lynis – Auditing tool for UNIX-based systems.
• checksec.sh – Shell script designed to test what standard Linux OS and PaX security features are being used.

Social Engineering Tools

• SET – The Social-Engineer Toolkit from TrustedSec

  • The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.

• Beelogger – Tool for generating keylooger.

• Catphish – Tool for phishing and corporate espionage written in Ruby.

  • Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.

• Evilginx2 – Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 2FA security schemes.

• FiercePhish – Full-fledged phishing framework to manage all phishing engagements.

  • FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

• Gophish – Open-source phishing framework.

• King Phisher – Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.

• Modlishka – Flexible and powerful reverse proxy with real-time two-factor authentication.

• ReelPhish – Real-time two-factor phishing tool.

• SocialFish – Social media phishing framework that can run on an Android phone or in a Docker container.

• phishery – TLS/SSL enabled Basic Auth credential harvester.

OSInt Tools

• Maltego – Proprietary software for open source intelligence and forensics, from Paterva.
  • Maltego is an open source intelligence (OSINT) and graphical link analysis tool for gathering and connecting information for investigative tasks.
• TheHarvester – E-mail, subdomain and people names harvester
  • theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement.
• creepy – A geolocation OSINT tool
  • Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map.
• metagoofil – Metadata harvester
  • Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.
• Google Hacking Database – a database of Google dorks; can be used for recon
• Censys – Collects data on hosts and websites through daily ZMap and ZGrab scans
• Shodan – Shodan is the world’s first search engine for Internet-connected devices
• recon-ng – A full-featured Web Reconnaissance framework written in Python
  • Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.
• github-dorks – CLI tool to scan github repos/organizations for potential sensitive information leak
  • Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories.
• vcsmap – A plugin-based tool to scan public version control systems for sensitive information
• Spiderfoot – multi-source OSINT automation tool with a Web UI and report visualizations
  • With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (OSINT) about IP addresses, domain names, e-mail addresses, usernames, names, subnets and ASNs from many sources such as AlienVault, HaveIBeenPwned, SecurityTrails, SHODAN and more.

Anonymity Tools

• Tor – The free software for enabling onion routing online anonymity
  • Tor Browser isolates each website you visit so third-party trackers and ads can’t follow you. Any cookies automatically clear when you’re done browsing. So will your browsing history.
• I2P – The Invisible Internet Project
  • I2P is an anonymous network built on top of the internet. It allows users to create and access content and build online communities on a network that is both distributed and dynamic. It is intended to protect communication and resist monitoring by third parties such as ISPs.
• Metadata Anonymization Toolkit (MAT) – Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.
• What Every Browser Knows About You – Comprehensive detection page to test your own Web browser’s configuration for privacy and identity leaks.

Tor Tools

• Nipe – Script to redirect all traffic from the machine to the Tor network.
• OnionScan – Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
• Tails – Live operating system aiming to preserve your privacy and anonymity.
• dos-over-tor – Proof of concept denial of service over Tor stress test tool.
• kalitorify – Transparent proxy through Tor for Kali Linux OS.

Reverse Engineering Tools

• IDA Pro – A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X.
• IDA Free – The freeware version of IDA v5.0
• WDK/WinDbg – Windows Driver Kit and WinDbg
  • The WDK is used to develop, test, and deploy Windows drivers.
• OllyDbg – An x86 debugger that emphasizes binary code analysis
• Radare2 – Opensource, cross platform reverse engineering framework
• x64_dbg – An open-source x64/x32 debugger for windows
• Immunity Debugger – A powerful new way to write exploits and analyze malware
• Evan’s Debugger – OllyDbg-like debugger for Linux
• Medusa disassembler – An open source interactive disassembler
  • Medusa is a disassembler designed to be both modular and interactive. It runs on Windows and Linux, it should be the same on OSX. This project is organized as a library. To disassemble a file you have to use medusa_text or qMedusa.
• plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code
  • PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax. You can write scripts with the available Python api (see an example below). The project is still in big development.
• peda – Python Exploit Development Assistance for GDB
• dnSpy – dnSpy is a tool to reverse engineer .NET assemblies
  • dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don’t have any source code available.

CTF Tools

• Pwntools – CTF framework for use in CTFs
  • Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
• shellpop – Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.
• ctf-tools – Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
• RsaCtfTool – Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
• Ciphey – Automated decryption tool using artificial intelligence and natural language processing.
• CTF Field Guide – Everything you need to win your next CTF competition.

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
  • This book very effectively explains and demonstrates the low-level mechanics of exploits.
• Metasploit: The Penetration Tester’s Guide by David Kennedy et al., 2011
  • A must have for any security professional.
• Advanced Penetration Testing: Hacking the World’s Most Secure Networks
  • This book is one chapter after the next about sample hacking scenarios, but each chapter explores a different hacking methods in different environments. It’s not a book on theory; it’s about real-world examples of hacking networks.
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook 3: Practical Guide To Penetration Testing
  • There are many cybersecurity books out there, however The Hacker Playbook is different than the rest. A lot of books go over theory, but few actually walk the walk and detail how to pull off the techniques.
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Violent Python by TJ O’Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Bug Hunter’s Diary by Tobias Klein, 2011

Hackers Handbook Series

• The Database Hacker’s Handbook, David Litchfield et al., 2005
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Mac Hacker’s Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller et al., 2012
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• Car Hacker’s Handbook by Craig Smith, 2016

Defensive Development

• Holistic Info-Sec for Web Developers (Fascicle 0)
• Holistic Info-Sec for Web Developers (Fascicle 1)

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by Laura Chappell & Gerald Combs, 2012
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012

Reverse Engineering Books

• Reverse Engineering for Beginners by Dennis Yurichev
• Hacking the Xbox by Andrew Huang, 2003
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Gray Hat Hacking The Ethical Hacker’s Handbook by Daniel Regalado et al., 2015

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• Malware Analyst’s Cookbook and DVD by Michael Hale Ligh et al., 2010

Windows Books

• Windows Internals by Mark Russinovich et al., 2012

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

Lock Picking Books

• Practical Lock Picking by Deviant Ollam, 2012
  • Practical Lock Picking, Second Edition, is an instructional manual that covers everything from straightforward lockpicking to quick entry techniques such as shimming, bumping, and bypassing
• Keys to the Kingdom by Deviant Ollam, 2012
  • Great follow up to Practical Lock Picking. Easy to read format and a wealth of information.
• The Complete Book of Locks and Locksmithing, Seventh Edit
  • If you are looking to learn about locksmithing this is the book for you! Has everything you will need to learn plus more
• CIA Lock Picking Field Operative Training Manual
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

Vulnerability Databases

• NVD – US National Vulnerability Database
• CERT – US Computer Emergency Readiness Team
• OSVDB – Open Sourced Vulnerability Database
• Bugtraq – Symantec SecurityFocus
• Exploit-DB – Offensive Security Exploit Database
• Fulldisclosure – Full Disclosure Mailing List
• MS Bulletin – Microsoft Security Bulletin
• MS Advisory – Microsoft Security Advisories
• Packet Storm – Packet Storm Global Security Resource
• SecuriTeam – Securiteam Vulnerability Information
• CXSecurity – CSSecurity Bugtraq List
• Vulnerability Laboratory – Vulnerability Research Laboratory
• ZDI – Zero Day Initiative
• Vulners – Security database of software vulnerabilities

Security Courses

• Offensive Security Training – Training from BackTrack/Kali developers
• SANS Security Training – Computer Security Training & Certification
• Open Security Training – Training material for computer security classes
• CTF Field Guide – everything you need to win your next CTF competition
• ARIZONA CYBER WARFARE RANGE – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
• Cybrary – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly Secured Enviroments’.
• Computer Security Student – Many free tutorials, great for beginners, $10/mo membership unlocks all content
• European Union Agency for Network and Information Security – ENISA Cyber Security Training material

Information Security Conferences

• DEF CON – An annual hacker convention in Las Vegas
• Black Hat – An annual security conference in Las Vegas
• BSides – A framework for organising and holding security conferences
• CCC – An annual meeting of the international hacker scene in Germany
• DerbyCon – An annual hacker conference based in Louisville
• PhreakNIC – A technology conference held annually in middle Tennessee
• ShmooCon – An annual US east coast hacker convention
• CarolinaCon – An infosec conference, held annually in North Carolina
• CHCon – Christchurch Hacker Con, Only South Island of New Zealand hacker con
• SummerCon – One of the oldest hacker conventions, held during Summer
• Hack.lu – An annual conference held in Luxembourg
• HITB – Deep-knowledge security conference held in Malaysia and The Netherlands
• Troopers – Annual international IT Security event with workshops held in Heidelberg, Germany
• Hack3rCon – An annual US hacker conference
• ThotCon – An annual US hacker conference held in Chicago
• LayerOne – An annual US security conference held every spring in Los Angeles
• DeepSec – Security Conference in Vienna, Austria
• SkyDogCon – A technology conference in Nashville
• SECUINSIDE – Security Conference in Seoul
• DefCamp – Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
• AppSecUSA – An annual conference organised by OWASP
• BruCON – An annual security conference in Belgium
• Infosecurity Europe – Europe’s number one information security event, held in London, UK
• Nullcon – An annual conference in Delhi and Goa, India
• RSA Conference USA – An annual security conference in San Francisco, California, USA
• Swiss Cyber Storm – An annual security conference in Lucerne, Switzerland
• Virus Bulletin Conference – An annual conference going to be held in Denver, USA for 2016
• Ekoparty – Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
• 44Con – Annual Security Conference held in London
• BalCCon – Balkan Computer Congress, annualy held in Novi Sad, Serbia
• FSec – FSec – Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines

• 2600: The Hacker Quarterly – An American publication about technology and computer “underground”
• Phrack Magazine – By far the longest running hacker zine
• SC Magazine – SC Media UK is a dedicated IT security publication having served the IT security industry for over 20 years
• Cybercrime Magazine – Cybersecurity Ventures is the world’s leading researcher and Page ONE for the global cyber economy, and a trusted source for cybersecurity facts, figures, and statistics.
• Cyber Defense Magazine – Cyber Defense Magazine is by ethical, honest, passionate information security professionals for IT Security professionals.

Source: 1Hack.Us & GitHub

ENJOY & HAPPY LEARNING!

Thank you for sharing. I have found tools can be applicable for OSCP exam as well.