Difference between revisions of "Bookmarks"

(= Website Recon Tools & Guides)
m
 
(29 intermediate revisions by the same user not shown)
Line 1: Line 1:
==== OSCP Prep ====
+
== OSCP Prep ==
  
==== Website Recon Tools & Techniques ===
+
== CTF / Boot-to-Root VMs ==
 +
* [https://www.vulnhub.com/ VulnHub]
 +
* [https://www.owasp.org/index.php/OWASP_Security_Shepherd OWASP Security Shepherd]
 +
* [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project OWASP Broken Web Application Project]
 +
* [https://information.rapid7.com/metasploitable-download.html Metasploitable - VM to test your Metasploit skills]
 +
* [https://challenge.synacor.com/ challenge.synacor.com: a text adventure game. Lots of programming chals, ASM especially]
 +
 
 +
== Shellcoding / Exploits / Reverse Engineering ==
 +
* [https://paraschetal.in/writing-your-own-shellcode paraschetal.in / Writing your own shellcode]
 +
* [https://www.youtube.com/watch?v=1S0aBV-Waeo A great primer on Buffer Overflow]
 +
* [https://exploit-exercises.com/ Exploit-Exercises.com]
 +
* [http://overthewire.org/wargames/ Overthewire.org / Shell-based CTF-style games]
 +
* [http://shell-storm.org/shellcode/ Shell-Storm.org - a huge Shellcodes database!]
 +
 
 +
== Courses / Training ==
 +
* [http://opensecuritytraining.info Open Security Training]
 +
* [http://www.cis.syr.edu/~wedu/seed/all_labs.html SEED Project]
 +
 
 +
== Website Reconnaissance Tools & Techniques ==
 
* [https://builtwith.com/ BuiltWith]
 
* [https://builtwith.com/ BuiltWith]
 
* [https://hackertarget.com/joomla-security-scan/ Joomla Security Scanner]
 
* [https://hackertarget.com/joomla-security-scan/ Joomla Security Scanner]
Line 8: Line 26:
 
* [https://github.com/justjavac/ChromeSnifferPlus ChromeSniffer Plus]
 
* [https://github.com/justjavac/ChromeSnifferPlus ChromeSniffer Plus]
  
 
+
== Scanning ==
==== SQL Injection ====
+
=== SQL Injection ===
 
* [https://www.exploit-db.com/papers/17934/ Beyond SQLi: Obfuscate and Bypass]
 
* [https://www.exploit-db.com/papers/17934/ Beyond SQLi: Obfuscate and Bypass]
 
* [https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ Exploiting hard filtered SQL Injections]
 
* [https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ Exploiting hard filtered SQL Injections]
 
* [https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ SQL Injection Cheat Sheet]
 
* [https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ SQL Injection Cheat Sheet]
 +
 +
== Access & Escalation ==
 +
* [https://github.com/D35m0nd142/LFISuite LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner]
 +
 +
== Data Exfiltration ==
 +
 +
== Assault ==
 +
== Obfuscation ==
 +
 +
== Programming ==
 +
=== Python ===
 +
* [http://pygments.org/: Pygments - python syntax highlighter]
 +
 +
== Lists / Payloads / Fuzzers ==
 +
* [https://github.com/danielmiessler/SecLists danielmiessler/SecLists]
 +
 +
== Platform-specific Topics
 +
=== Node.js ===
 +
* [https://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/ Pentesting Node.js Applications]

Latest revision as of 08:06, 18 July 2018