Difference between revisions of "Bookmarks"
(→= Website Recon Tools & Guides) |
m |
||
(29 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | == OSCP Prep == | |
− | ==== Website | + | == CTF / Boot-to-Root VMs == |
+ | * [https://www.vulnhub.com/ VulnHub] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Security_Shepherd OWASP Security Shepherd] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project OWASP Broken Web Application Project] | ||
+ | * [https://information.rapid7.com/metasploitable-download.html Metasploitable - VM to test your Metasploit skills] | ||
+ | * [https://challenge.synacor.com/ challenge.synacor.com: a text adventure game. Lots of programming chals, ASM especially] | ||
+ | |||
+ | == Shellcoding / Exploits / Reverse Engineering == | ||
+ | * [https://paraschetal.in/writing-your-own-shellcode paraschetal.in / Writing your own shellcode] | ||
+ | * [https://www.youtube.com/watch?v=1S0aBV-Waeo A great primer on Buffer Overflow] | ||
+ | * [https://exploit-exercises.com/ Exploit-Exercises.com] | ||
+ | * [http://overthewire.org/wargames/ Overthewire.org / Shell-based CTF-style games] | ||
+ | * [http://shell-storm.org/shellcode/ Shell-Storm.org - a huge Shellcodes database!] | ||
+ | |||
+ | == Courses / Training == | ||
+ | * [http://opensecuritytraining.info Open Security Training] | ||
+ | * [http://www.cis.syr.edu/~wedu/seed/all_labs.html SEED Project] | ||
+ | |||
+ | == Website Reconnaissance Tools & Techniques == | ||
* [https://builtwith.com/ BuiltWith] | * [https://builtwith.com/ BuiltWith] | ||
* [https://hackertarget.com/joomla-security-scan/ Joomla Security Scanner] | * [https://hackertarget.com/joomla-security-scan/ Joomla Security Scanner] | ||
Line 8: | Line 26: | ||
* [https://github.com/justjavac/ChromeSnifferPlus ChromeSniffer Plus] | * [https://github.com/justjavac/ChromeSnifferPlus ChromeSniffer Plus] | ||
− | + | == Scanning == | |
− | + | === SQL Injection === | |
* [https://www.exploit-db.com/papers/17934/ Beyond SQLi: Obfuscate and Bypass] | * [https://www.exploit-db.com/papers/17934/ Beyond SQLi: Obfuscate and Bypass] | ||
* [https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ Exploiting hard filtered SQL Injections] | * [https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/ Exploiting hard filtered SQL Injections] | ||
* [https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ SQL Injection Cheat Sheet] | * [https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ SQL Injection Cheat Sheet] | ||
+ | |||
+ | == Access & Escalation == | ||
+ | * [https://github.com/D35m0nd142/LFISuite LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner] | ||
+ | |||
+ | == Data Exfiltration == | ||
+ | |||
+ | == Assault == | ||
+ | == Obfuscation == | ||
+ | |||
+ | == Programming == | ||
+ | === Python === | ||
+ | * [http://pygments.org/: Pygments - python syntax highlighter] | ||
+ | |||
+ | == Lists / Payloads / Fuzzers == | ||
+ | * [https://github.com/danielmiessler/SecLists danielmiessler/SecLists] | ||
+ | |||
+ | == Platform-specific Topics | ||
+ | === Node.js === | ||
+ | * [https://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/ Pentesting Node.js Applications] |
Latest revision as of 08:06, 18 July 2018
Contents
OSCP Prep
CTF / Boot-to-Root VMs
- VulnHub
- OWASP Security Shepherd
- OWASP Broken Web Application Project
- Metasploitable - VM to test your Metasploit skills
- challenge.synacor.com: a text adventure game. Lots of programming chals, ASM especially
Shellcoding / Exploits / Reverse Engineering
- paraschetal.in / Writing your own shellcode
- A great primer on Buffer Overflow
- Exploit-Exercises.com
- Overthewire.org / Shell-based CTF-style games
- Shell-Storm.org - a huge Shellcodes database!
Courses / Training
Website Reconnaissance Tools & Techniques
- BuiltWith
- Joomla Security Scanner
- Check Joomla version without hacking
- BlindElephant Web Application Fingerprinter
- ChromeSniffer Plus
Scanning
SQL Injection
Access & Escalation
Data Exfiltration
Assault
Obfuscation
Programming
Python
Lists / Payloads / Fuzzers
== Platform-specific Topics