Bookmarks Menu
INFORMATION SECURITY
Architecture and Design
Threat Modelling
- Threat Risk Modeling - OWASP
- Application Threat Modeling - OWASP
- Template Sample: Web Application Threat Model
General Security
Internet Address Registries
- RIPE Network Coordination Centre
- LACNIC Home
- ICANN
- Internet Assigned Numbers Authority
- American Registry for Internet Numbers (ARIN)
- APNIC
DNS Tools - Whois, ping, NSlookup Trace Route
- Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6
- wiseTools
- WHOIS Search, Domain Name, Website, and IP Tools - Who.is
- Whois Lookup & IP | Whois.net
- easyWhois: Lookup Domain Whois Records and Research DNS Information
- MAC_Find: Search results for "08000f" (Vendor/Ethernet/Bluetooth MAC Address Lookup and Search)
Blog
Penetration Testing
INFORMATION GATHERING
Metadata
- document-metadata-silent-killer_32974 (application/pdf Object)
- [strike out]
- ExifTool by Phil Harvey
- Edge-Security - Metagoofil - Metadata analyzer - Information Gathering
- Security and Networking - Blog - Metadata Enumeration with FOCA
OSINT - Presentations
- Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net
- Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net
- Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net
- Tactical Information Gathering
- document_metadata_the_silent_killer__32974 (application/pdf Object)
- footprinting - passive information gathering before a pentest
OSINT - People and Orginizational
- spokeo.com - People Search
- 123people.com
- Spoke.com - Business Directory
- Business Network - Social Network for Business Professionals
- ZoomInfo
- Pipl - People Search
- Free People Search by ZabaSearch!
- Free People Finder and Company Search | SearchBug
- Free People Search
- Addictomatic: Inhale the Web
- Real Time Search - Social Mention
- EntityCube
- yasni.com | No. 1 free people search - Find anyone on the web
- Tweepz.com - search, find and discover interesting people on twitter
- TweepSearch :: Twitter Profile and Bio Search
- Glassdoor.com - Company Salaries and Reviews
- Jigsaw Business Contact Directory
- Full Text Search
- TinEye Reverse Image Search
- PeekYou
- PicFog - Quick Image Search
- Twapper Keeper - "We save tweets" - Archive Tweets
- White Pages | Email Lookup | People Find Tools at The Ultimates
New folder
- Find People, Lookup Phone Numbers & Run Background Checks at US Search
- Tweepz.com - Find influencers on Twitter
- TinEye Reverse Image Search
- Find a Person | The Phone Book from BT
- Best People Search Services of 2018 | Peoplesearch.com
- Spokeo People Search | White Pages | Find People
- Pipl - People Search
- Free People Search Engine | ZabaSearch
- Free People Search | People Finder | Skipease
- No.1 Free People Search - Yasni.com
- Free People Search | PeekYou
- SearchBug: Find and Investigate People. Verify and Append Contact Information.
- Search for People, Background Checks, & Lookup Phone Numbers | Intelius
- Glassdoor Jobsuche | Finden Sie Ihren Traumjob
- Full Text Search
- WebCHeck - Select and Access Company Information
- B2B Database of Detailed and Accurate Contact Information | ZoomInfo
- XING – For a better working life
- People Search | People Finder | 411
- Search for People, Businesses and Places - 192.com
OSINT - Infastructure
- SHODAN - Computer Search Engine
- Domain Tools: Whois Lookup and Domain Suggestions
- Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger
- http://hackerfantastic.com/
- WHOIS and Reverse IP Service
- SSL Labs - Projects / Public SSL Server Database - SSL Server Test
- Google Hacking Database, GHDB, Google Dorks
- IHS | GHDB
- Robtex
- MX Lookup Tool - Check your DNS MX Records online - MxToolbox
- WHOIS Search, Domain Name, Website, and IP Tools - Who.is
- ping IP-range in CMD/DOS - Script Center - Spiceworks
- Netcraft Site Report
- Ewhois - Website networks revealed for free.
- BuiltWith Technology Lookup
- Netcraft - Search Web by Domain
- Whois Lookup, Domain Availability & IP Search - DomainTools
- Find DNS Host Records
- Web technologies used by a site - Site Info
- Wappalyzer
- RiskIQ - PassiveTotal
- Security App Concept Isometric by aurielaki | GraphicRiver
- Security Room In Which Working Professionals by JuliarStudio | GraphicRiver
- Check Point Software Firewall-1 3.0/1 4.0 - Session Agent Impersonation
- Analyse your HTTP response headers
- CSP Evaluator
- Hosting Providers sites ordered by failures
- https://toolbar.netcraft.com/site_report
- www.serversniff.net - sniffing network information since 2004
- Shodan
Google Search Codes
- 25 Killer Combos for Google's Site: Operator - Moz
- Adding a new user in Kali Linux | Kiran Karnad | LinkedIn
- Complete Google Hacks List | Remote Security
Electronic and Financial
- ElevenPaths, radical and disruptive innovation in security
- Google Search Operators - Google Guide
Active Gathering
- Online Port Scanner using Nmap | HackerTarget.com
- Scan Membership | HackerTarget.com
- IP Tools for Security and Network Testing | HackerTarget.com
- Censys
- OSINT Framework
Web
Hardware
- MAC_Find: Vendor/Ethernet/Bluetooth MAC Address Lookup and Search
Infrastructure
OSINT - Archives
- Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
VULNERABILITY ANALYSIS
- Complete Google Hacks List | Remote Security
Nikto Resources
- Chapter 3. Usage
- Nikto - A Web Application Vulnerability and CGI Scanner for Web Servers
Database
- Use SQLMAP SQL Injection to hack a website and database in Kali Linux - darkMORE Ops
- WPScan Vulnerability Database
- SSL Server Test: jncb.com (Powered by Qualys SSL Labs)
- Pastebin.com - #1 paste tool since 2002!
OpenVAS
- OpenVAS 8.0 Vulnerability Scanning | Kali Linux
WEB APPLICATIONS
- BeEF
- BlindElephant Web Application Fingerprinter
- XSSer: automatic tool for pentesting XSS attacks against different applications
- RIPS | Download RIPS software for free at SourceForge.net
- http://www.divineinvasion.net/authforce/
- Attack and Defense Labs - Tools
- Browser_Exploitation_for_Fun&Profit
- Using sqid (SQL Injection Digger) to look for SQL Injection
- pinata-CSRF-tool
- XSSer: automatic tool for pentesting XSS attacks against different applications
- Clickjacker
- unicode-fun.txt ≈ Packet Storm
- WebService-Attacker
Attack Strings
- fuzzdb - Project Hosting on Google Code
- OWASP Fuzzing Code Database - OWASP
Shells
- SourceForge.net: Yokoso!
- AJAX/PHP Command Shell
Scanners
- w3af - Web Application Attack and Audit Framework
- skipfish - Project Hosting on Google Code
- sqlmap: automatic SQL injection tool
- SQID - SQL Injection digger
- http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
- WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code
- fm-fsf - Project Hosting on Google Code
- Websecurify
- News :: Arachni - Web Application Security Scanner Framework
- rfiscan ≈ Packet Storm
- lfi-rfi2 scanner ≈ Packet Storm
- inspathx – Tool For Finding Path Disclosure Vulnerabilities
- DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm
Proxies
Burp
- fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)
- Constricting the Web: The GDS Burp API - Gotham Digital Science
- Browse Belch - Burp External Channel v1.0 Files on SourceForge.net
- Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja
- w3af in burp
- Attack and Defense Labs - Tools
- burp suite tutorial - English
- SensePost - reDuh - HTTP Tunneling Proxy
- OWASP WebScarab NG Project - OWASP
- Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight
- Fiddler Web Debugger - A free web debugging tool
- Watcher: Web security testing tool and passive vulnerability scanner
- X5S
- koto/squid-imposter - GitHub
- HTTP Status Codes — httpstatus.es
- HTTP Messages
- Introduction to URL Encoding
- Free Online Url Encoder / Url Decoder Tool - FreeFormatter.com
- URL Encode Decode - URL Percent Encoding and Decoding.
- Nikto Tutorial
- Stührling Original - Classique Collection
Web Vectors
SQLi
- MSSQL Injection Cheat Sheet - pentestmonkey.net
- SQL Injection Cheat Sheet
- EvilSQL Cheatsheet
- RSnake SQL Injection Cheatsheet
- Mediaservice.net SQLi Cheatsheet
- MySQL Injection Cheat Sheet
- Full MSSQL Injection PWNage
- MS Access SQL Injection Cheat Sheet » krazl - ™ ķЯαž£ ™ - bloggerholic
- MS Access SQL Injection Cheat Sheet
- Penetration Testing: Access SQL Injection
- Testing for MS Access - OWASP
- Security Override - Articles: The Complete Guide to SQL Injections
- Obfuscated SQL Injection attacks
- Exploiting hard filtered SQL Injections « Reiners’ Weblog
- SQL Injection Attack
- YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009
- Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object)
- Joseph McCray SQL Injection
- sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion
- sqli2.pdf (application/pdf Object)
- SQL Server Version - SQLTeam.com
- Overlooked SQL Injection 20071021.pdf (application/pdf Object)
- SQLInjectionCommentary20071021.pdf (application/pdf Object)
uploadtricks
- bypassing upload file type - Google Search
- Skeptikal.org: Adobe Responds... Sort Of
- Secure File Upload in PHP Web Applications | INSIC DESIGNS
- Stupid htaccess Tricks • Perishable Press
- Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r
- Security FCKeditor ADS File Upload Vulnerability - Windows Only
- Cross Site Scripting scanner – Free XSS Security Scanner
- VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634)
- Uploading Files Using the File Field Control
- TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project
- Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
- Cross-site File Upload Attacks | GNUCITIZEN
- TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
- FileUploadSecurity - SH/SC Wiki
LFI/RFI
- http://pastie.org/840199
- Exploiting PHP File Inclusion – Overview « Reiners’ Weblog
- LFI..Code Exec..Remote Root!
- Local File Inclusion – Tricks of the Trade « Neohapsis Labs
- Blog, When All You Can Do Is Read - DigiNinja
XSS
- The Anatomy of Cross Site Scripting
- Whitepapers - www.technicalinfo.net
- Cross-Site Scripting (XSS) – no script required - Tales from the Crypto
- Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training
- BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
- sirdarckcat: Our Favorite XSS Filters and how to Attack them
- Filter Evasion – Houdini on the Wire « Security Aegis
- HTML5 Security Cheatsheet
- XSS - Cross Site Scripting
- sla.ckers.org web application security forum :: XSS Info
- [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
- What's Possible with XSS?
Coldfusion
- ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
- Attacking ColdFusion. | Sigurnost i zastita informacija
- Attacking ColdFusion
- HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub
- 254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
- Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com
- Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console
SharePoint
- The Ethical Hacker Network - Pen Testing Sharepoint
Lotus
- Lotus Notes/Domino Security - David Robert's -castlebbs- Blog
- Penetration Testing: Re: Lotus Notes
- Hacking Lotus Domino | SecTechno
jboss
- Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
- Minded Security Blog: Good Bye Critical Jboss 0day
vmware web
- Metasploit Penetration Testing Framework - Module Browser
Oracle appserver
- hideaway [dot] net: Hacking Oracle Application Servers
- Testing for Oracle - OWASP
- OraScan
- NGSSQuirreL for Oracle
- hpoas.pdf (application/pdf Object)
SAP
- Onapsis | Research Labs
- '[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC
- Phenoelit SAP exploits
Malware Checks
- Online Webpage Scanning for Malware Attacks | Web Inspector Online Scan
- Website Safety Ratings and Reputation - AVG Threat Labs
- URL/IP Lookup | Webroot BrightCloud
- SenderBase
- FortiGuard.com | Home
- Is it Hacked?
- isitPhishing - Anti phishing tools and informations
- Is This Website Safe | Website Security | Norton Safe Web
- Malware Domain List
- MalwareURL - Website status verification
- TrustedSource - Internet reputation system
- Email Blacklist Check - See if your server is blacklisted
- FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera
- ReputationAuthority | WatchGuard Technologies
- Trend Micro Site Safety Center
- Web page security report
- Identify websites involved in malware incidents, fraudulent and spamming activities
- VirusTotal - Free Online Virus, Malware and URL Scanner
- vURL Online - Quickly and safely dissect malicious or suspect websites
- Zscaler Zulu URL Risk Analyzer - Zulu
CMS
- Plans | WPScans.com | Online WordPress Security Scan for Vulnerabilities
PASSWORD ATTACKS
Passwords and Hashes
- Password Exploitation Class
- Foofus Networking Services - Medusa::SMBNT
- MD5 Crackers | Password Recovery | Wordlist Downloads
- Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator
- Requested MD5 Hash queue
- Virus.Org
- Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
Wordlists
- "Crack Me If You Can" - DEFCON 2011
- Packet Storm Word Lists
- Passwords - SkullSecurity
- Index of /passwd/passwords
Pass the Hash
- pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
- crack-pass-hash_33219 (application/pdf Object)
- NTLM Decrypter - NTLM Decryption, Free NTLM Decryptor, Online NTLM Cracker, NTLM Security
Default Passwords
- Default Password | Largest Online Database of Router Passwords
- Default passwords list - Select manufacturer
- Default Passwords Database
- Sinbad Security Blog: MS SQL Server Password Recovery
- LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff
- Password Storage Locations For Popular Windows Applications
- Default Password List
- default password
- Reset Windows 7 Admin Password with Ubuntu Live CD/USB | chntpw
PASSWORD LISTS
- Home - Scrapmaker.com
WIRELESS ATTACKS
Creating FAKE AP
- How to creat Fake Access Point on Kali - Linux ~ Kaligr3y
- DanMcInerney/fakeAP · GitHub
- Kali Linux Evil Wireless Access Point
- How to Hack Wi-Fi: Creating an Evil Twin Wireless Access Point to Eavesdrop on Data « Null Byte
Crack WEP/WPA
- simple_wep_crack [Aircrack-ng]
WEP - WPA Cracking
- Crack Wi-Fi with WPA/WPA2-PSK using Aircrack-ng | Penetration
- HowTo : Pause/Resume Aircrack-ng | Penetration
WIFI DONGLE
- Amazon.com: Alfa Long-Range Dual-Band AC1200 Wireless USB 3.0 Wi-Fi Adapter w/2x 5dBi Removable External Antennas for Extreme Distance Connections - 2.4GHz 300Mbps / 5Ghz 867Mbps - USB Cradle Dock Included - Standard's 802.11a, 802.11b, 802.11g, 802.11N,
- Amazon.com: Alfa AWUS036NH 2000mW 2W 802.11g/n High Gain USB Wireless G / N Long-Range WiFi Network Adapter with 5dBi Screw-On Swivel Rubber Antenna and 7dBi Panel Antenna and Suction cup / Clip Window Mount: Computers & Accessories
- Amazon.com: Alfa AWUS036NHV 802.11n High Power 5000mW Wireless-N USB Wi-Fi adapter w/ Removable 5dBi Antenna & Suction cup Window Mount dock - Powerful 802.11 B/G/N - 150Mbps - 2.4 GHz - Realtek RTL8188EUS Chipset - Strongest on the Market - NEWEST VERSIO
- Download FileZilla 3.10.0 RC2 - Download - FileHippo.com
- Lascelles Watson | LinkedIn
- pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting
EXPLOITATION TOOLS
Exploit Databases
- 1337day Inj3ct0r Exploit Database : vulnerability : 0day : new exploits : shellcode by Inj3ct0r Team
- Vulnerability & Exploit Database | Rapid7
- Exploits Database by Offensive Security
- Intelligent Exploit Aggregation Network - IEAN
- ExploitSearch.net
- 20110068 < Main < EmergingThreats
- The Exploit Database
- .:[ packet storm ]:.
- SecurityFocus
- SecurityForest
- NIST
- OSVDB: The Open Source Vulnerability Database
- SecDocs IT Security and Hacking knowledge base
- Nullbyte.Org.IL
- CVE security vulnerability database
- Secunia.com
- CVE - Common Vulnerabilities and Exposures (CVE)
- Joomla Exploit - database of Joomla CMS exploits
Exploit Tutorials
- Wireless Password Cracking With Cloud Clusters | Common Exploits - Penetration Testing Information
Exploitation Intro
- Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code
- Myne-us: From 0x90 to 0x4c454554, a journey into exploitation.
- Past, Present, Future of Windows Exploitation | Abysssec Security Research
- Smash the Stack 2010
- The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit
- x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate
- X86 Opcode and Instruction Reference
Default Credentials
- Default Password List
- Default Passwords.com
- Default Router Passwords - The internets most comprehensive router password database
- 5164 Default Passwords from Open Sez Me!
Metasploit
- Metasploit Fundamentals - Metasploit Unleashed
MitM
- Introduction to dsniff - GIAC Certified Student Practical
- dsniff-n-mirror.pdf (application/pdf Object)
- dsniff.pdf (application/pdf Object)
- A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com
- ECCE101.pdf (application/pdf Object)
- 3.pdf (application/pdf Object)
- Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
- cracking-air.pdf (application/pdf Object)
- bh-europe-03-valleri.pdf (application/pdf Object)
- Costa.pdf (application/pdf Object)
- defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
- Live_Hacking.pdf (application/pdf Object)
- PasstheParcel-MITMGuide.pdf (application/pdf Object)
- 2010JohnStrandKeynote.pdf (application/pdf Object)
- 18.Ettercap_Spoof.pdf (application/pdf Object)
- EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
- Fun With EtterCap Filters.pdf (application/pdf Object)
- The_Magic_of_Ettercap.pdf (application/pdf Object)
- arp_spoofing.pdf (application/pdf Object)
- Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
- ICTSecurity-2004-26.pdf (application/pdf Object)
- ettercap_Nov_6_2005-1.pdf (application/pdf Object)
- MadIrish.net Mallory is More than a Proxy
- Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers
- Metasploit/Tips and Tricks - Wikibooks, open books for an open world
SNIFFING & SPOOFING
MAINTAINING ACCESS
REVERSE ENGINEERING
Reverse Engineering & Malware
- TiGa's IDA Video Tutorial Site
- Binary Auditing
- http://visi.kenshoto.com/
- radare
- Offensive Computing | Community Malicious code research and analysis
STRESS TESTING
DATABASE TESTING
- SQL Server Security Tips
HARDWARE HACKING
FORENSICS TOOLS
REPORTING RESOURCES
- The Art of Writing Penetration Test Reports - InfoSec Institute
- Penetration Testing Overview | Core Security
- Penetration Test and Analysis
- The Penetration Testing Report - Web Security Watch
REMOTE ACCESS
- Linux / UNIX FTP Commands Tutorial
FIREWALLS AND IDS IPS
- [ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers) ~ Security Geeks
- How to manage firewall testing using Nmap
- Nmap – Techniques for Avoiding Firewalls | Penetration Testing Lab
Cheat Sheets and Syntax
- Big Port DB | Cirt
- Cheat Sheet : All Cheat Sheets in one page
- Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets
Agile Hacking
- Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
- Command Line Kung Fu
- Simple yet effective: Directory Bruteforcing
- The Grammar of WMIC
- Windows Command-Line Kung Fu with WMIC
- Windows CMD Commands
- running a command on every mac
- Syn: Command-Line Ninjitsu
- WMIC, the other OTHER white meat.
- Hacking Without Tools: Windows - RST
- Pentesting Ninjitsu 1
- Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
- [PenTester Scripting]
- windows-scripting-COM-tricks
- Advanced-Command-Exploitation
OS & Scripts
- IPv4 subnetting reference - Wikipedia, the free encyclopedia
- All the Best Linux Cheat Sheets
- SHELLdorado - Shell Tips & Tricks (Beginner)
- Linux Survival :: Where learning Linux is easy
- BashPitfalls - Greg's Wiki
- Rubular: a Ruby regular expression editor and tester
- http://www.iana.org/assignments/port-numbers
- Useful commands for Windows administrators
- Rubular: a Ruby regular expression editor
Tools
- OWASP Cheat Sheet Series - OWASP
- UserAgentString.com - Googlebot version 2.1
Hacker Media
Blogs worth it
- Carnal0wnage
- McGrew Security
- Blog | GNUCITIZEN
- Darknet
- spylogic.net
- TaoSecurity
- Room362.com
- SIPVicious
- PortSwigger.net
- Blog - pentestmonkey.net
- Jeremiah Grossman
- omg.wtf.bbq.
- CатÑн²² (in)sеÑuÑitу
- SkullSecurity
- Metasploit
- Security and Networking
- Skeptikal.org
- Digital Soapbox
- tssci security
- Blog - Gotham Digital Science
- Reiners’ Weblog
- Bernardo Damele A. G.
- Laramies Corner
- Attack and Defense Labs
- Billy (BK) Rios
- Common Exploits
- extern blog SensePost;
- Weapons of Mass Analysis
- Exploit KB
- Security Reliks
- MadIrish.net
- sirdarckcat
- Reusable Security
- Myne-us
- www.notsosecure.com
- SpiderLabs Anterior
- Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
- DigiNinja
- Home Of PaulDotCom Security Podcast
- Attack Vector
- deviating.net
- Alpha One Labs
- SmashingPasswords.com
- wirewatcher
- gynvael.coldwind//vx.log
- Nullthreat Security
- Archangel Amael's BT Tutorials
- memset's blog
- ihasomgsecurityskills
- punter-infosec
- Security Ninja
- Security and risk
- GRM n00bs
- Kioptrix
- ::eSploit::
- PenTestIT — Your source for Information Security Related information!
- Joomla 2.5.0-2.5.1 Time Based SQL Injection - 1337day Inj3ct0r Exploit Database : vulnerability : 0day : new exploits : buy and sell private exploit : shellcode by Inj3ct0r Team
- Tails - Download, verify and install
Forums
- BackTrack Forums
- EliteHackers.info
- InterN0T forum
- Government Security
- Hack This Site Forum
- iExploit Hacking Forum
- Security Override
- bright-shadows.net
- ethicalhacker.net
- sla.ckers.org
Magazines
- (IN)SECURE Magazine
- http://hakin9.org/
Video
- The Hacker News Network
- Security Tube
- Irongeek -Hacking Illustrated
- SecCon Archive
- 27c3-stream/releases/mkv
- YouTube - ChRiStIaAn008's Channel
- YouTube - HackingCons's Channel
KALI HELP
- ssl
- Kali Linux Tools Listing
- Kali sources.list Repositories | Kali Linux
Labs
ISO's / VMs
- Web Security Dojo
- OWASP Broken Web applications Project
- Pentest Live CDs
- NETinVM
- :: moth - Bonsai Information Security ::
- Metasploit: Introducing Metasploitable
- Holynix pen-test distribution
- WackoPico
- LAMPSecurity
- Hacking-Lab.com LiveCD
- Virtual Hacking Lab
- Badstore.net
- Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
- Damn Vulnerable Web App - DVWA
- pWnOS
- The ButterFly - Security Project
- CVE-2014-6321 (MS14-066) Crash PoC by CodeAndSec (RDP) - YouTube
Vulnerable Software
- Old Version Downloads - OldApps.com
- OldVersion.com
- Web Application exploits, php exploits, asp exploits
- wavsep - Web Application Vulnerability Scanner Evaluation Project
- OWASP SiteGenerator - OWASP
- Hacme Books | McAfee Free Tools
- Hacme Casino v1.0 | McAfee Free Tools
- Hacme Shipping | McAfee Free Tools
- Hacme Travel | McAfee Free Tools
Test Sites
- Test Site
- CrackMeBank Investments
- http://zero.webappsecurity.com
- acublog news
- acuforum forums
- Home of Acunetix Art
- Altoro Mutual
- NT OBJECTives
Methodologies
- Penetration Testing Framework
- The Penetration Testing Execution Standard
- Web Application Security Consortium (WASC)
- OWASP top 10
- social-engineer.org
- OASAM - Open Android Security Assessment Methodology
OWASP References
- Category:Activity - OWASP
- Category:Attack - OWASP
- Category:Code Snippet - OWASP
- Category:Control - OWASP
- Glossary - OWASP
- Category:How To - OWASP
- Category:OWASP Java Project - OWASP
- Category:OWASP .NET Project - OWASP
- Category:Principle - OWASP
- Category:Technology - OWASP
- Category:Threat Agent - OWASP
- Category:Vulnerability - OWASP
Other Databases
- Malware Domain List
Platform Specific
Wordpress
- WordPress Security Hacks - WP White Security
- WordPress Tutorials for beginners and advanced WordPress users
Presentations & Tutorials
- Black Hat USA 2015 | Briefings
- Security Testing Tutorial
RAINBOW TABLES
- Download PROGRAMMING TOOLS Applications Torrents - KickassTorrents
- List of Rainbow Tables
- ntlm rainbow tables download - Google Search
- Free Rainbow Tables » Distributed Rainbow Table Generation » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
- Free Rainbow Tables » Distributed Rainbow Table Generation » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
- Free Rainbow Tables » Distributed Rainbow Table Generation » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
- Rainbow Tables
- PaulDotCom: Collection of Rainbow Table Torrents
- Download md5 Torrents - KickassTorrents
- Download md5_loweralpha-space_1-9_2 Torrent - KickassTorrents
- Download md5_loweralpha-space#1-9_0 Torrent - KickassTorrents
- Download md5_loweralpha-space_1-9_3 Torrent - KickassTorrents
- Cryptohaze.com GPU Rainbow Tables
- PassMark Software - Rainbow Tables & Hash Set Collection
Tools
- netcat cheat sheet (ed skoudis)
- nessus/nmap (older)
- hping3 cheatsheet
- Nmap 5 (new)
- MSF, Fgdump, Hping
- Metasploit meterpreter cheat sheet reference
- Netcat cheat sheet
OSINT
- DNSTRACER man-page
Google Hacking
- Midnight Research Labs - SEAT
- Google Hacking Diggity Project « Stach & Liu
- dorkScan.py
Social Engineering
- Social Engineering Toolkit
Password
- Ncrack
- Medusa
- JTR
- Ophcrack
- keimpx in action | 0x3f
- keimpx - Project Hosting on Google Code
- hashkill
Metasploit
- markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb
- WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code
- markremark: Metasploit Visual Basic Payloads in action
- Metasploit Mailing List
- PaulDotCom: Archives
- OpenSSH-Script for meterpreter available !
- Metasploit: Automating the Metasploit Console
- 561
- Deploying Metasploit as a Payload on a Rooted Box Tutorial
- Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks
- SecTor 2010 - HD Moore - Beyond Exploits on Vimeo
- XLSinjector « Milo2012's Security Blog
- Armitage - Cyber Attack Management for Metasploit
- Nsploit
- neurosurgery-with-meterpreter
- (automating msf) UAV-slides.pdf
MSF Exploits or Easy
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
- Tenable Network Security
NSE
- Nmap Scripting Engine Primer Tutorial
- NSEDoc Reference Portal
Net Scanners & Scripts
- Nmap
- sambascan2 - SMB scanner
- SoftPerfect Network Scanner
- OpenVAS
- Nessus Community | Tenable Network Security
- Nexpose Community | Rapid7
- Retina Community
Post Exploitation
- http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
- Metacab | PHX2600
Netcat
- Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com
- ads.pdf (application/pdf Object)
- Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
- netcat_cheat_sheet_v1.pdf (application/pdf Object)
- socat
- NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World
- Netcat tricks « Jonathan’s Techno-tales
- Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
- Few Useful Netcat Tricks « Terminally Incoherent
- Skoudis_pentestsecrets.pdf (application/pdf Object)
- Cracked, inSecure and Generally Broken: Netcat
- Ncat for Netcat Users
Source Inspection
- Graudit - Just Another Hacker
- javasnoop - Project Hosting on Google Code
Firefox Addons
- David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
- OSVDB :: Add-ons for Firefox
- Packet Storm search plugin. :: Add-ons for Firefox
- Default Passwords - CIRT.net :: Add-ons for Firefox
- Offsec Exploit-db Search :: Add-ons for Firefox
- OVAL repository search plugin :: Add-ons for Firefox
- CVE ® dictionary search plugin :: Add-ons for Firefox
- HackBar :: Add-ons for Firefox
Tool Listings
- .:[ packet storm ]:. - tools
- Security and Hacking Tools
- KitPloit - PenTest Tools for your Security Arsenal ☣
Text Tools
- Text Fixer - Online Text Tools
VULNERABLE WEB SERVICES
- Secadvise Labs – Learn By Breaking Things
- Hack The Box :: Online Penetration Testing Platform
- Dark Hive
- Welcome [Root Me : Hacking and Information Security learning platform]
- Penetration test lab "Test lab" | Pentestit
Guides
- GitHub - bluscreenofjeff/Red-Team-Infrastructure-Wiki: Wiki to collect Red Team infrastructure hardening resources
DEAULT PASSWORDS
- Default Router Password List
- Default Router Passwords - The internets most comprehensive router password database
- Blocked
- Default Router Username and Password Lists (Updated ) | RouterReset
- Router Passwords - 192.168.1.1
- Giant List of DEFAULT PASSWORDS For Everything From 3Com to Cisco to Xerox - Up & Running Technologies, Calgary IT Services
- List of Default Passwords
- Common Default Router Login Passwords : MyWiFi Pro
- Default Passwords | CIRT.net
Physical Security
LOCK PICKING
- Lock-Lab Homepage - BosnianBill's LockLab
- Top Quality Lock Pick Sets Australia | PickPals
- Lock Picks, lock pick sets, lock picking, locksmith & lockout tools
- www.sparrowslockpicks.com
- Lock Pick Sets, Bump Keys, Lock Picking Tools and Expert Video Guides – UKBumpKeys
- Fitness GYM Instagram Banner and Stories Bundle Templates / Social Media Pack by RocketPixel
Systems Hardening
Web
- CSP Header Inspector and Validator
Bookmarks Toolbar
- Getting Started