Skip to content

Latest commit

 

History

History
473 lines (404 loc) · 37 KB

README.md

File metadata and controls

473 lines (404 loc) · 37 KB

Penetration Testing (Pentest) Commnunity

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Penetration Testing (Pentest) in Cybersecurity.

Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

What is Penetration Testing?

Penetration testing, also known as pen testing, security pen testing, and security testing, is the process of identifying security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system are exploited in this process through an authorized simulated attack.

  • The purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to the system. Once the vulnerability is identified, it is used to exploit the system to gain access to sensitive information.

A penetration test is also known as a pen test and a penetration tester is also referred to as an ethical hacker.

penetration-testing-cybersecurity

Types of Penetration Testing

There Are Several Types of Penetration Testing, however, the following are the ones most commonly performed by Penetration Tester, Here we discuss different types of Penetration testing. The methodology of penetration testing is split into Five types of testing.

  • Network Penetration Testing
  • Web Application Penetration Testing
  • Mobile Application Penetration Testing
  • Social Engineering Penetration Testing
  • Physical Penetration Testing

types-of-penetration-testing

Network Penetration Testing

In network Penetration Testing, you would be testing a network environment for potential security vulnerabilities and threats. This test is divide into two categories external and internal Penetration Testing.

External Penetration Testing would involve testing the public IP address, whereas, in an internal test, you can become part of an internal network and test that network. You can gain to the top VPN provides to the network we would have to physically go to the work environment for the penetration testing depending upon the engagement rules that were defined prior to conducting the testing.

Web Application Penetration Testing

Web Application Penetration testing is very common nowadays, since your application host critical data such as credit card number, username, and password; therefore this type of penetration test has become more common than network penetration testing.

Mobile Application Penetration Testing

Mobile Application Penetration testing is the newest type of penetration testing that has become common since almost every organization uses Android- and IOS-based mobile Applications to provide services to its customers. Therefore, organizations want to make sure that their mobile applications are secure enough for users to rely on when providing personal information when using such applications.

Social Engineering Penetration Testing

Social engineering penetration testing can be part of network penetration testing. In a social engineering penetration test, the organization may ask you to attack its users. This where your use a speared phishing attack and browser exploits to trick a user into doing things they did not intend to do. Remote testing where phishing techniques are used to steal confidential information through electronic means.

Physical Penetration Testing

Physical Penetration Test is what you would rarely be doing in your career as a penetration tester. In a Physical penetration test. you would be asked to walk into the organization’s building physically and test physical security controls such as locks and RFID mechanisms.

What are Penetration Testing Tools

Top Penetration Testing Tools

Top Penetration Testing Operating System

Why is Penetration Testing Important?

Penetration Testing is important for the following key reasons:

  • To determine the weakness in the infrastructure (hardware), application (software) and people in order to develop controls
  • To ensure controls have been implemented and are effective – this provides assurance to information security and senior management
  • To test applications that are often the avenues of attack (Applications are built by people who can make mistakes despite best practices in software development)
  • To discover new bugs in existing software (patches and updates can fix existing vulnerabilities, but they can also introduce new vulnerabilities)

For best practices on vulnerability disclosure guidelines, please follow this guidance to report it responsibly.

Table of contents

Online Resources

Penetration Testing Resources

  • Metasploit Unleashed - Free Offensive Security metasploit course
  • PTES - Penetration Testing Execution Standard
  • OWASP - Open Web Application Security Project

Exploit development

Social Engineering Resources

Lock Picking Resources

Tools

Penetration Testing Distributions

  • Kali - A Linux distribution designed for digital forensics and penetration testing
  • BlackArch - Arch Linux-based distribution for penetration testers and security researchers
  • NST - Network Security Toolkit distribution
  • Pentoo - security-focused livecd based on Gentoo
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments
  • Parrot - A distribution similar to Kali, with multiple architecture

Basic Penetration Testing Tools

  • Metasploit Framework - World's most used penetration testing software
  • Burp Suite - An integrated platform for performing security testing of web applications
  • ExploitPack - Graphical tool for penetration testing with a bunch of exploits
  • BeeF - The Browser Exploitation Framework Project
  • faraday - Collaborative Penetration Test and Vulnerability Management Platform
  • evilgrade - The update explotation framework
  • commix - Automated All-in-One OS Command Injection and Exploitation Tool
  • routersploit - Automated penetration testing software for router

Docker for Penetration Testing

^ back to top ^

Vulnerability Scanners

  • Netsparker - Web Application Security Scanner
  • Nexpose - Vulnerability Management & Risk Management Software
  • Nessus - Vulnerability, configuration, and compliance assessment
  • Nikto - Web application vulnerability scanner
  • OpenVAS - Open Source vulnerability scanner and manager
  • OWASP Zed Attack Proxy - Penetration testing tool for web applications
  • Secapps - Integrated web application security testing environment
  • w3af - Web application attack and audit framework
  • Wapiti - Web application vulnerability scanner
  • WebReaver - Web application vulnerability scanner for Mac OS X
  • DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
  • arachni - Web Application Security Scanner Framework

^ back to top ^

Network Tools

  • nmap - Free Security Scanner For Network Exploration & Security Audits
  • pig - A Linux packet crafting tool
  • tcpdump/libpcap - A common packet analyzer that runs under the command line
  • Wireshark - A network protocol analyzer for Unix and Windows
  • Network Tools - Different network tools: ping, lookup, whois, etc
  • netsniff-ng - A Swiss army knife for for network sniffing
  • Intercepter-NG - a multifunctional network toolkit
  • SPARTA - Network Infrastructure Penetration Testing Tool
  • DNSDumpster - Online DNS recond and search service
  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • Zarp - Zarp is a network attack tool centered around the exploitation of local networks
  • mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
  • mallory - HTTP/HTTPS proxy over SSH
  • DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
  • pwnat - punches holes in firewalls and NATs
  • dsniff - a collection of tools for network auditing and pentesting
  • tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
  • smbmap - a handy SMB enumeration tool

^ back to top ^

Wireless Network Tools

  • Aircrack-ng - a set of tools for auditing wireless network
  • Kismet - Wireless network detector, sniffer, and IDS
  • Reaver - Brute force attack against Wifi Protected Setup
  • Wifite - Automated wireless attack tool
  • wifiphisher - Automated phishing attacks against Wi-Fi networks

SSL Analysis Tools

  • SSLyze - SSL configuration scanner
  • sslstrip - a demonstration of the HTTPS stripping attacks
  • sslstrip2 - SSLStrip version to defeat HSTS
  • tls_prober - fingerprint a server's SSL/TLS implementation

Web exploitation

  • WPScan - Black box WordPress vulnerability scanner
  • SQLmap - Automatic SQL injection and database takeover tool
  • weevely3 - Weaponized web shell
  • Wappalyzer - Wappalyzer uncovers the technologies used on websites
  • cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
  • joomscan - Joomla CMS scanner
  • WhatWeb - Website Fingerprinter
  • BlindElephant - Web Application Fingerprinter

Hex Editors

Crackers

Windows Utils

Linux Utils

DDoS Tools

  • LOIC - An open source network stress tool for Windows
  • JS LOIC - JavaScript in-browser version of LOIC
  • T50 - The more fast network stress tool

Social Engineering Tools

  • SET - The Social-Engineer Toolkit from TrustedSec

OSInt Tools

  • Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
  • theHarvester - E-mail, subdomain and people names harvester
  • creepy - A geolocation OSINT tool
  • metagoofil - Metadata harvester
  • Google Hacking Database - a database of Google dorks; can be used for recon
  • Shodan - Shodan is the world's first search engine for Internet-connected devices
  • recon-ng - A full-featured Web Reconnaissance framework written in Python
  • github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak

Anonymity Tools

  • Tor - The free software for enabling onion routing online anonymity
  • I2P - The Invisible Internet Project
  • Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools

  • IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • IDA Free - The freeware version of IDA v5.0
  • WDK/WinDbg - Windows Driver Kit and WinDbg
  • OllyDbg - An x86 debugger that emphasizes binary code analysis
  • Radare2 - Opensource, crossplatform reverse engineering framework.
  • x64_dbg - An open-source x64/x32 debugger for windows.
  • Pyew - A Python tool for static malware analysis.
  • Bokken - GUI for Pyew Radare2.
  • Immunity Debugger - A powerful new way to write exploits and analyze malware
  • Evan's Debugger - OllyDbg-like debugger for Linux
  • Medusa disassembler - An open source interactive disassembler
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

CTF Tools

  • Pwntools - CTF framework for use in CTFs

Books

Penetration Testing Books

Hackers Handbook Series

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

Vulnerability Databases

Security Courses

Information Security Conferences

  • DEF CON - An annual hacker convention in Las Vegas
  • Black Hat - An annual security conference in Las Vegas
  • BSides - A framework for organising and holding security conferences
  • CCC - An annual meeting of the international hacker scene in Germany
  • DerbyCon - An annual hacker conference based in Louisville
  • PhreakNIC - A technology conference held annually in middle Tennessee
  • ShmooCon - An annual US east coast hacker convention
  • CarolinaCon - An infosec conference, held annually in North Carolina
  • HOPE - A conference series sponsored by the hacker magazine 2600
  • SummerCon - One of the oldest hacker conventions, held during Summer
  • Hack.lu - An annual conference held in Luxembourg
  • HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
  • Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
  • Hack3rCon - An annual US hacker conference
  • ThotCon - An annual US hacker conference held in Chicago
  • LayerOne - An annual US security conference held every spring in Los Angeles
  • DeepSec - Security Conference in Vienna, Austria
  • SkyDogCon - A technology conference in Nashville
  • SECUINSIDE - Security Conference in Seoul
  • DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
  • AppSecUSA - An annual conference organised by OWASP
  • BruCON - An annual security conference in Belgium
  • Infosecurity Europe - Europe's number one information security event, held in London, UK
  • Nullcon - An annual conference in Delhi and Goa, India
  • RSA Conference USA - An annual security conference in San Francisco, California, USA
  • Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
  • Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
  • Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
  • 44Con - Annual Security Conference held in London
  • BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia
  • FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines

Awesome Lists

Contribution

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details.

^ back to top ^

License

MIT License & cc license

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.