Skip to content

Commit

Permalink
Various updates
Browse files Browse the repository at this point in the history
  • Loading branch information
Infosec-House committed Dec 7, 2023
1 parent 18a4590 commit 46574ab
Show file tree
Hide file tree
Showing 75 changed files with 1,041 additions and 1,170 deletions.
7 changes: 3 additions & 4 deletions offensive-security/C2.md → C2.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,18 @@ title: C2
description: Command and control systems.
---

# C2 (Command and Control)

Command and control systems.
![](/assets/headers/header-logo.png)

![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-9-757575?style=for-the-badge)

## Frameworks
### Frameworks

* [C3](https://github.com/FSecureLABS/C3) - A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. ![last-commit](https://img.shields.io/github/last-commit/FSecureLABS/C3?style=flat)
* [Cobalt Strike](https://www.cobaltstrike.com/) - Software for Adversary Simulation and Red Team Operations.
* [Covenant](https://github.com/cobbr/Covenant) - Covenant is a collaborative .NET C2 framework for red teamers. ![last-commit](https://img.shields.io/github/last-commit/cobbr/Covenant?style=flat)
* [Merlin](https://github.com/Ne0nd0g/merlin) - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. ![last-commit](https://img.shields.io/github/last-commit/Ne0nd0g/merlin?style=flat)
* [NightHawk](https://www.mdsec.co.uk/nighthawk/) - Built with operational security in mind, Nighthawk is a highly malleable implant designed to circumvent and evade the modern security controls often seen in mature, highly monitored environments.
* [OcraC2](https://github.com/Ptkatz/OrcaC2) - Multifunctional C&C framework for encrypted communication. ![last-commit](https://img.shields.io/github/last-commit/Ptkatz/OrcaC2?style=flat)
* [phpsploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor. ![last-commit](https://img.shields.io/github/last-commit/nil0x42/phpsploit?style=flat)
* [PoshC2](https://github.com/nettitude/PoshC2) - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement. ![last-commit](https://img.shields.io/github/last-commit/nettitude/PoshC2?style=flat)
* [Pupy](https://github.com/n1nj4sec/pupy/) - Cross-platform C2 and post-exploitation framework written in python and C. ![last-commit](https://img.shields.io/github/last-commit/n1nj4sec/pupy?style=flat)
Expand Down
180 changes: 98 additions & 82 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,98 +5,114 @@ meta:
title: "Infosec House"
---

![](/assets/headers/infosechouse-header.png)

<p>
<center>
<img src="/assets/banner-logo.png"><br><br>
<img src="https://img.shields.io/github/last-commit/InfosecHouse/InfosecHouse?style=for-the-badge"><br>
<img src="https://img.shields.io/badge/Tools%20%26%20Resources%20Available-1,071-757575?style=for-the-badge"><br><br>

<h4 align="center">
Tools & Resources for Cyber Security Operations</h4>
<br>
<img src="https://img.shields.io/badge/Tools%20%26%20Resources%20Available-1,100-757575?style=for-the-badge"><br><br>

Enhance your cyber security operations with a comprehensive range of tools and resources for both offensive and defensive strategies.

Please visit [https://infosec.house](https://infosec.house) for our website version of this repo.
If visiting us on GitHub please visit [https://infosec.house](https://infosec.house) for our website version of this repo. Much more search friendly!

Found a resources that should be on here? Feel free to submit a [Pull Request](https://github.com/InfosecHouse/InfosecHouse/pulls)!

Need to report a broken/incorrect link? Feel free to submit an [Issue](https://github.com/infosechouse/infosechouse/issues).
</center>
</p>

## Defensive Security

* [Asset Management](/defensive-security/assets-management.md) - Keep track of your inventory. You can't protect what you don't see.
* [Auditing](/defensive-security/auditing.md) - Stay in compliance.
* [Courses](/defensive-security/courses.md) - Training and courses to master your craft.
* [Endpoint Protection](/defensive-security/endpoint-protection.md) - Protect your endpoints.
* [Forensics](/defensive-security/forensics.md) - Uncover the dirty little secrets of a recovered HDD, Image, malware, and more.
* [Honeypots](/defensive-security/honeypot.md) - Catch them with their hands/attacks sticky.
* [IDS/IPS](/defensive-security/ids-ips.md) - Intrusion Detection and Prevention Systems.
* [Incident Response](/defensive-security/ir.md) - Incident response tools, and resources when alarms pop off.
* [IOC](/defensive-security/ioc.md) - Indicators of compromise. Discover if you've been compromised.
* [Malware](/defensive-security/malware.md) - All the malware you can wish for to reverse engineer.
* [Monitoring](/defensive-security/monitoring.md) - Monitor your network, e-mail, packets, and infrastructure.
* [Operating Systems](/defensive-security/operating-systems.md) - Operating system's solely focused for defensive security teams.
* [Phishing](/defensive-security/phishing.md) - Tools and resources for analyzing phishing attacks.
* [Threat Intel](/defensive-security/threat-intel.md) - Discover where the threats begin.

## Offensive Security

* [API](/offensive-security/api.md) - Tools and resources for pentesting against API endpoints.
* [Blogs](/offensive-security/blogs.md) - Reading material for offensive security researchers.
* [Bug Bounty](/offensive-security/bug-bounty.md) - Test out your skills against other hackers. Get paid for finding vulnerabilities.
* [Command & Control](/offensive-security/C2.md) - Command and Control tools and frameworks.
* [Cheat Sheets](/offensive-security/cheat-sheets.md) - Offensive security cheat sheets.
* [Cloud](docs//offensive-security/cloud.md) - Discover tools and resources dedicated to hacking cloud platforms.
* [Collaboration](/offensive-security/collab.md) - Discover tools and frameworks for red team collaboration.
* [Courses](/offensive-security/courses.md) - Training and courses to master your craft.
* [Cracking](/offensive-security/cracking.md) - Everything you need to crack all the hashes.
* [Cryptography](/offensive-security/cryptography.md) - How great is your cryptography.
* [CTF Offensive](/offensive-security/ctf.md) - Compete your hacking skills against others.
* [Data Exfiltration](/offensive-security/data-exfiltration.md) - Exfiltrate the data, and test your DLP.
* [E-Mail](/offensive-security/e-mail.md) - E-Mail pentesting tools and resources.
* [Evasion](/offensive-security/evasion.md) - Evade getting caught.
* [Exploits](/offensive-security/exploits.md) - Gather all your exploits needed to pop that box.
* [Firewalls](/offensive-security/firewalls.md) - Attack the castle doors.
* [Hardware](/offensive-security/hardware.md) - Grab some of the most used hardware within the penetration testing industry.
* [Linux](/offensive-security/linux.md) - Tools and resources for popping those linux boxes.
* [Mobile](/offensive-security/mobile.md) - Tools and resources for pentesting on mobile applications.
* [Network](/offensive-security/network.md) - Sniff the network. Modify the packets.
* [Operating Systems](/offensive-security/operating-systems.md) - Operating system's solely focused for offensive security teams.
* [Reconnaissance](/offensive-security/recon.md) - Understand your target. Perform in-depth research and discover new attack surfaces.
* [Shells](/offensive-security/shells.md) - Generating pre-built webshells to customizing your own.
* [Social Engineering](/offensive-security/social-engineering.md) - Manipulation techniques that exploits human error to gain private formation, access, or valuables.
* [Vulnerability Scanners](/offensive-security/vuln-scanners.md) - Discover vulnerabilities fast, and automate some of the heavy loads.
* [Web Application](/offensive-security/web-app.md) - Break that web application.
* [Windows](/offensive-security/windows.md) - Mirosoft Windows pentesting tools and resources.
* [Wireless](/offensive-security/wireless.md) - Discover tools and resources for exploiting Wi-Fi, bluetooth, RFID, and more.

## Operation Security

* [Anonymity](/operation-security/anonymity.md) - The quality or state of being anonymous. Seek out technologies and methods of remaining anonymous in the day and age of mass surveillance.
* [Anti-Forensics](/operation-security/antiforensic.md) - Destroy your data.
* [Burners](/operation-security/burners.md) - Everything for your temporary needs.
* [Communication](/operation-security/communication.md) - Protect your SMS messages, voice calls, and e-mails. Big brother is always watching.
* [Operating Systems](/operation-security/operating-systems.md) - Hardening your operating system.
* [Passwords & Authentication](/operation-security/pass-access-management.md) - Secure your passwords, secrets, and notes.
* [Search Engines](/operation-security/search-engines.md) - Hardening your operating system.


## Purple Security

* [Analysis](/purple-security/analysis.md) - Tools and scripts for analyzing data.
* [Courses](/purple-security/courses.md) - Training and courses to master your craft.
* [Editors & Viewers](/purple-security/editor-viewer.md) - Tools for editing/viewing files.
* [Emulation](/purple-security/emulation.md) - Emulate the adversary.
* [Network](/purple-security/network.md) - Network tools both offensive and defensive operations can utilize.
* [OSINT](/purple-security/osint.md) - Open-Source Intel. Get all the information needed for your target.
* [Passwords](/purple-security/default-passwords.md) - 1,000+ default passwords.
* [Reverse Engineering](/purple-security/re.md) - Reverse engineering tools both offensive and defensive operations can utilize.
* [Write-Ups](/purple-security/write-ups.md) - Write-ups both offensive and defensive operataions can utilize.

## Entertainment

* [Music](/entertainment/music.md) - Kick back relax and enjoy some entertainment.
* [Video](/entertainment/videos.md) - Talks, livestreams, and presentations.
---

* [API](api.md) - Tools and resources for pentesting against API endpoints.
* [Asset Management](assets-management.md) - Keep track of your inventory. You can't protect what you don't see.

---

* [Blogs](blogs.md) - Reading material for offensive security researchers.
* [Bug Bounty](bug-bounty.md) - Test out your skills against other hackers. Get paid for finding vulnerabilities.

---

* [C2](C2.md) - Command and Control tools and frameworks.
* [Cheat Sheets](cheat-sheets.md) - Offensive security cheat sheets.
* [Cloud & Containers](cloud-containers.md) - Discover tools and resources dedicated to hacking cloud platforms.
* [Collaboration](collab.md) - Discover tools and frameworks for red team collaboration.
* [Command & Control](C2.md) - Command and Control tools and frameworks.
* [Cracking](cracking.md) - Everything you need to crack all the hashes.
* [Cryptography](cryptography.md) - How great is your cryptography?
* [CTF Offensive](ctf.md) - Compete your hacking skills against others.

---

* [Data Exfiltration](data-exfiltration.md) - Exfiltrate the data, and test your DLP.
* [Default Passwords](default-passwords.md) - 1,000+ default passwords.

---

* [Editors & Viewers](editor-viewer.md) - Tools for editing/viewing files.
* [Education](education.md) - Training and courses to master your craft.
* [Emulation](emulation.md) - Emulate the adversary.
* [Endpoint Protection](endpoint-protection.md) - Protect your endpoints.
* [E-Mail](e-mail.md) - E-Mail pentesting tools and resources.
* [Evasion](evasion.md) - Evade getting caught.
* [Exploits](exploits.md) - Gather all your exploits needed to pop that box.

---

* [Firewalls](firewalls.md) - Attack the castle doors.
* [Forensics](forensics.md) - Uncover the dirty little secrets of a recovered HDD, Image, malware, and more.

---

* [Hardware](hardware.md) - Grab some of the most used hardware within the penetration testing industry.
* [Honeypots](honeypot.md) - Catch them with their hands/attacks sticky.

---

* [IDS/IPS](ids-ips.md) - Intrusion Detection and Prevention Systems.
* [Incident Response](ir.md) - Incident response tools, and resources when alarms pop off.

---

* [Linux](linux.md) - Tools and resources for popping those Linux boxes.

---

* [Malware](malware.md) - All the malware you can wish for to reverse engineer.
* [Mobile](mobile.md) - Tools and resources for pentesting on mobile applications.
* [Music](music.md) - Kick back relax and enjoy some entertainment.

---

* [Network](network.md) - Sniff the network. Modify the packets.

---

* [Operation Security](opsec.md) - Seek out technologies and methods of remaining anonymous in the day and age of mass surveillance.
* [Operating Systems](operating-systems.md) - Operating systems for whatever task at hand.
* [OSINT](osint.md) - Open-Source Intel. Get all the information needed for your target.

---

* [Reconnaissance](recon.md) - Understand your target. Perform in-depth research and discover new attack surfaces.
* [Reverse Engineering](re.md) - Reverse engineering tools both offensive and defensive operations can utilize.

---

* [Shells](shells.md) - Generating pre-built webshells to customizing your own.
* [Social Engineering](social-engineering.md) - Manipulation techniques that exploit human error to gain private information, access, or valuables.

---

* [Threat Intel](threat-intel.md) - Discover where the threats begin.

---

* [Video](videos.md) - Talks, livestreams, and presentations.
* [Vulnerability Scanners](vuln-scanners.md) - Discover vulnerabilities fast, and automate some of the heavy loads.

---

* [Web Application](web-app.md) - Break that web application.
* [Windows](windows.md) - Microsoft Windows pentesting tools and resources.
11 changes: 5 additions & 6 deletions offensive-security/api.md → api.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,12 @@ title: API
description: Tools and resources for pentesting against API endpoints.
---

# API
![](/assets/headers/header-logo.png)

Tools and resources for pentesting against API endpoints
![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-31-757575?style=for-the-badge)


## Cheetsheets/Checklists
### Cheetsheets/Checklists

* [API Security Checklist](https://github.com/shieldfy/API-Security-Checklist) - Checklist of the most important security countermeasures when designing, testing, and releasing your API. ![GitHub last commit](https://img.shields.io/github/last-commit/shieldfy/API-Security-Checklist?style=flat)
* [GraphQL OWASP](https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html) - OWASP GraphQL cheat sheet.
Expand All @@ -20,12 +19,12 @@ Tools and resources for pentesting against API endpoints
* [Web API Pentesting](https://book.hacktricks.xyz/pentesting/pentesting-web/web-api-pentesting) - Web API pentesting GitBook.


## Documentation
### Documentation

* [MindAPI](https://github.com/dsopas/MindAPI) - Organize your API security assessment by using MindAPI. ![GitHub last commit](https://img.shields.io/github/last-commit/dsopas/MindAPI?style=flat)


## Manipulation & Testing
### Manipulation & Testing

* [Arjun](https://github.com/s0md3v/Arjun) - HTTP parameter discovery suite. ![GitHub last commit](https://img.shields.io/github/last-commit/s0md3v/Arjun?style=flat)
* [Astra](https://github.com/flipkart-incubator/Astra) - Automated Security Testing For REST API's. ![GitHub last commit](https://img.shields.io/github/last-commit/flipkart-incubator/Astra?style=flat)
Expand All @@ -44,7 +43,7 @@ Tools and resources for pentesting against API endpoints
* [Test Mace](https://testmace.com/) - A modern powerful crossplatform tool for working with an API and creating automated API tests.
* [vRESTng](https://vrest.io) - Automate API Requests as Runnable Test Cases, just by providing Request Details. Also, Validate API Responses using Test Case Assertions.

## Training
### Training

* [crAPI](https://github.com/OWASP/crAPI) - Completely ridiculous API (crAPI). ![GitHub last commit](https://img.shields.io/github/last-commit/OWASP/crAPI?style=flat)
* [Damn Vulnerable GraphQL App](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application) - An intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. ![GitHub last commit](https://img.shields.io/github/last-commit/dolevf/Damn-Vulnerable-GraphQL-Application?style=flat)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ title: Assets Management
description: Keep track of your inventory. You can't protect what you don't see.
---

# Assets Management

Keep track of your inventory. You can't protect what you don't see.
![](/assets/headers/header-logo.png)

![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-6-757575?style=for-the-badge)

## Endpoint Visibility
### Endpoint Visibility

* [GLPI](https://github.com/glpi-project/glpi) - Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. ![last-commit](https://img.shields.io/github/last-commit/glpi-project/glpi?style=flat)
* [LANSweeper](https://www.lansweeper.com/) - Build centralized IT asset inventory.
Expand Down
Binary file added assets/headers/header-api.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/headers/header-assetmanagement.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/headers/header-logo.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/headers/infosechouse-header.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
13 changes: 6 additions & 7 deletions offensive-security/blogs.md → blogs.md
Original file line number Diff line number Diff line change
@@ -1,22 +1,21 @@
---
title: Blogs
title: Blogs & Zines
description: Reading material for offensive security researchers.
---

# Blogs
![](/assets/headers/header-logo.png)

Reading material for offensive security researchers.
![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-34-757575?style=for-the-badge)

![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-33-757575?style=for-the-badge)
### Corporate Blogs

## Corporate
* [Not so Secure](https://notsosecure.com/blog/) - Mix of research.
* [Orange Cyberdefense](https://sensepost.com/blog/) - Mix of research.
* [Security Weekly](https://securityweekly.com/blog/) - Mix of research.
* [Trustwave](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/) - Mix of research.


## Personal
### Personal Blogs

* [0xSP](https://0xsp.com/) - Red Team Cheat Sheets.
* [Archangel Amael](http://archangelamael.blogspot.com/) - Mix of research.
Expand Down Expand Up @@ -47,4 +46,4 @@ Reading material for offensive security researchers.
* [Spy Logic](https://www.spylogic.net/) - Mix of research.
* [Strolling Infosec](https://9emin1.github.io/pages/) - Mix of research.
* [Weapons of Mass Analysis](http://wepma.blogspot.com/) - Mix of research.
* [Wirewatcher](https://wirewatcher.wordpress.com/) - Mix of research.
* [Wirewatcher](https://wirewatcher.wordpress.com/) - Mix of research.
14 changes: 6 additions & 8 deletions offensive-security/bug-bounty.md → bug-bounty.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,30 +3,28 @@ title: Bug Bounty
description: Test out your skills against other hackers. Get paid for finding vulnerabilities.
---

# Bug Bounty

Test out your skills against other hackers. Get paid for finding vulnerabilities.
![](/assets/headers/header-logo.png)

![](https://img.shields.io/badge/Tools%20%26%20Resources%20Available-10-757575?style=for-the-badge)

## Cheatsheets/Checklists
### Cheatsheets/Checklists

* [Bug bounty Roadmaps](https://github.com/1ndianl33t/Bug-Bounty-Roadmaps) - Bug Bounty Roadmaps ![GitHub last commit](https://img.shields.io/github/last-commit/1ndianl33t/Bug-Bounty-Roadmaps?style=flat)

## Organization
### Organization

* [HackWithGoodFaith](https://github.com/brevityinmotion/goodfaith) - Stay within program scope. ![last commit](https://img.shields.io/github/last-commit/brevityinmotion/goodfaith?style=flat)

## Platforms
### Platforms

* [Bugscrowd](https://bugcrowd.com/programs) - #1 crowdsourced security company.
* [HackerOne](https://hackerone.com/directory/programs/) - The platform is the industry standard for hacker-powered security.
* [huntr](https://www.huntr.dev/) - Bug bounty board for securing open-source.
* [Integriti](https://www.intigriti.com/programs) - Europe's #1 ethical hacking and bug bounty platform.
* [Intigriti](https://www.intigriti.com/programs) - Europe's #1 ethical hacking and bug bounty platform.
* [Safe Hats](https://app.safehats.com/signup) - Managed Bug Bounty.
* [Synack](https://www.synack.com/) - Built by hackers for hackers.
* [Yes We Hack](https://yeswehack.com/auth/register#create-hunter) - Global bug bounty platform crowdsourced security & vulnerability disclosure.

## Services
### Services

* [Recon.Dev](https://recon.dev/) - Collects recon data on bounty targets and provides tools to help quickly find targets and discover bugs.
Loading

0 comments on commit 46574ab

Please sign in to comment.