From ba7b7c351692a4156980623418d81db8bcced414 Mon Sep 17 00:00:00 2001 From: tira Date: Thu, 30 Jan 2020 21:11:45 +0000 Subject: [PATCH] Remove poorly written tools (+ a few text fixes) (#25) * Grammar/spelling * Removed completely broken or horribly written tools * Removed possibly unmaintained and partially broken tools, along with ones that are not bad but probably shouldn't be used. * Removed repos that do work, but haven't been commited to in a long time. * Remove Dracnmap --- README.md | 49 ++++++++++++++++++------------------------------- 1 file changed, 18 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index ecb9955..641f0b5 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,11 @@ This repository is an overview of what you need to learn penetration testing and - If you're new to information security, forget everything you know about hacking. - Don't start using tools without reading about pen testing and how it works (see [Additional resources](#additional-resources) section). -- Don't download or use tools you haven't audited the code. +- Don't download or use tools if you haven't audited its code. - Don't use these tools to do stupid things like investigating/hacking without consent on your friends, or worst, your recruiter. - Read books, manuals, articles, be curious and not just a [script kiddie](https://www.wikihow.com/Avoid-Becoming-a-Script-Kiddie). - I wish you don't use these tools for illegal purposes, but if you do, I sure hope you know what you're doing. -- Practice using [challenges](#challenges), not real targets ! +- Practice using [challenges](#challenges), not real targets! # Table of Contents @@ -47,41 +47,41 @@ This repository is an overview of what you need to learn penetration testing and ## What is penetration testing? -Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system. +Penetration testing is a type of security testing that is used to test the security of an application. It is conducted to find a security risk which might be present in a system. -If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc. [Learn more](https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm) +If a system is not secure, then an attacker may be able to disrupt or take unauthorized control of that system. A security risk is normally an accidental error that occurs while developing and implementing software. For example, configuration errors, design errors, and software bugs, etc. [Learn more](https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm) ## Want to become a penetration tester? -Know about risks on the internet and how they can be prevented is very useful. Especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But is knowing about tools and how to use them really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. He must be able to identify the technology behind and test every single door that might be open to hackers. +Knowing about risks on the internet and how they can be prevented is very useful, especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But is knowing about tools and how to use them really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. They must be able to identify the technology behind and test every single door that might be open to hackers. -This repository aim first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need. **Be sure to know basics of programming languages and Internet security before learning pen testing.** +This repository aims first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need. **Be sure to know basics of programming languages and internet security before learning pen testing.** -Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance : [Nine eyes countries](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives), [Five eyes](https://en.wikipedia.org/wiki/Five_Eyes) and Fourteen Eyes. Always check if what you're doing is legal. Even when it's not offensive, information gathering can also be illegal! +Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance: [Nine eyes countries](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives), [Five eyes](https://en.wikipedia.org/wiki/Five_Eyes) and Fourteen Eyes. Always check if what you're doing is legal. Even when it's not offensive, information gathering can also be illegal! ([Table of Contents](#table-of-contents)) # Some vocabulary -**Infosec** : Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. [Wikipedia](https://en.wikipedia.org/wiki/Information_security) +**Infosec**: Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. [Wikipedia](https://en.wikipedia.org/wiki/Information_security) -**Opsec** : Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. [Wikipedia](https://en.wikipedia.org/wiki/Operations_security) +**Opsec**: Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. [Wikipedia](https://en.wikipedia.org/wiki/Operations_security) -**Black/grey/white hat hacker** : Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if he's a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is *usually* a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, he might want to be malicious if it can be benefit (data breach, money, whistleblowing ...). +**Black/grey/white hat hacker**: Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if they're a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is *usually* a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, they might want to be malicious if it can be benefit (data breach, money, whistleblowing ...). -**Red team** : According to Wikipedia, a red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Little formal doctrine or publications about Red Teaming in the military exist. In infosec exercises, Red teamers are playing the role of attackers. [Wikipedia](https://en.wikipedia.org/wiki/Red_team) +**Red team**: According to Wikipedia, a red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Little formal doctrine or publications about Red Teaming in the military exist. In infosec exercises, Red teamers are playing the role of attackers. [Wikipedia](https://en.wikipedia.org/wiki/Red_team) -**Blue team** : A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders. [Wikipedia](https://en.wikipedia.org/wiki/Blue_team_(computer_security)) +**Blue team**: A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders. [Wikipedia](https://en.wikipedia.org/wiki/Blue_team_(computer_security)) -**Penetration tester** : An ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities. +**Penetration tester**: An ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities. -**Security researcher** : Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs or vulnerabilities. They can work for a company as a security consultant and are most likely a Blue teamer. +**Security researcher**: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs or vulnerabilities. They can work for a company as a security consultant and are most likely a Blue teamer. -**Reverse engineering** : Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon. [Wikipedia](https://en.wikipedia.org/wiki/Reverse_engineering) +**Reverse engineering**: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon. [Wikipedia](https://en.wikipedia.org/wiki/Reverse_engineering) -**Social engineering** : In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. [Wikipedia](https://en.wikipedia.org/wiki/Social_engineering_(security)) +**Social engineering**: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. [Wikipedia](https://en.wikipedia.org/wiki/Social_engineering_(security)) -**Threat analyst** : A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defense against advanced persistent threats (APTs). [SearchCIO](https://searchcio.techtarget.com/definition/threat-hunter-cybersecurity-threat-analyst) +**Threat analyst**: A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defense against advanced persistent threats (APTs). [SearchCIO](https://searchcio.techtarget.com/definition/threat-hunter-cybersecurity-threat-analyst) ([Table of Contents](#table-of-contents)) @@ -151,22 +151,15 @@ Information Gathering tools allows you to collect host metadata about services a | Tool | Language | Support | Description | | ----------- |-------------------------|----------|----------------| -| [Th3inspector](https://github.com/Moham3dRiahi/Th3inspector) | **Perl** | `Linux/Windows/macOS` | All in one tool for Information Gathering written in Perl. | -| [Crips](https://github.com/Manisso/Crips) | **Python** | `Linux/Windows/macOS` | IP Tools To quickly get information about IP Address's, Web Pages and DNS records. | | [theHarvester](https://github.com/laramies/theHarvester) | **Python** | `Linux/Windows/macOS` | E-mails, subdomains and names Harvester. | -| [Scanless](https://github.com/vesche/scanless) | **Python** | `Linux/Windows/macOS` | Online port scan scraper. | | [CTFR](https://github.com/UnaPibaGeek/ctfr) | **Python** | `Linux/Windows/macOS` | Abusing Certificate Transparency logs for getting HTTPS websites subdomains. | | [Sn1per](https://github.com/1N3/Sn1per) | **bash** | `Linux/macOS` | Automated Pentest Recon Scanner. | -| [ReconDog](https://github.com/s0md3v/ReconDog) | **Python** | `Linux/Windows/macOS` | Recon Dog is an all in one tool for all your basic information gathering needs. | | [RED Hawk](https://github.com/Tuhinshubhra/RED_HAWK) | **PHP** | `Linux/Windows/macOS` | All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers. | | [Infoga](https://github.com/m4ll0k/Infoga) | **Python** | `Linux/Windows/macOS` | Email Information Gathering. | | [KnockMail](https://github.com/4w4k3/KnockMail) | **Python** | `Linux/Windows/macOS` | Check if email address exists. | -| [Photon](https://github.com/s0md3v/Photon) | **Python** | `Linux/Windows/macOS` | Crawler which is incredibly fast and extracts urls, emails, files, website accounts and much more. | -| [Rapidscan](https://github.com/skavngr/rapidscan) | **Python** | `Linux/Windows/macOS` | The Multi-Tool Web Vulnerability Scanner. | | [a2sv](https://github.com/hahwul/a2sv) | **Python** | `Linux/Windows/macOS` | Auto Scanning to SSL Vulnerability. | | [Wfuzz](https://github.com/xmendez/wfuzz) | **Python** | `Linux/Windows/macOS` | Web application fuzzer. | -| [Nmap](https://github.com/nmap/nmap) | **C/C++** | `Linux/Windows/macOS` | Scanner ports vulnerability. | -| [Dracnmap](https://github.com/Screetsec/Dracnmap) | **Shell** | `Linux/Windows/macOS` | open source program which is using to exploit the network and gathering information with nmap | +| [Nmap](https://github.com/nmap/nmap) | **C/C++** | `Linux/Windows/macOS` | A very common tool. Network host, vuln and port detector. | #### :lock: Password Attacks @@ -230,7 +223,6 @@ Exploit popular CMSs that are hosted online. | [Droopescan](https://github.com/droope/droopescan) | **Python** | `Linux/Windows/macOS` | A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe. | | [Joomscan](https://github.com/rezasp/joomscan) | **Perl** | `Linux/Windows/macOS` | Joomla Vulnerability Scanner. | | [Drupwn](https://github.com/immunIT/drupwn) | **Python** | `Linux/Windows/macOS` | Drupal Security Scanner to perform enumerations on Drupal-based web applications. | -| [Webpwn3r](https://github.com/zigoo0/webpwn3r) | **Python** | `Linux/Windows/macOS` | Web Applications Security Scanner. | | [CMSeek](https://github.com/Tuhinshubhra/CMSeek) | **Python** | `Linux/Windows/macOS` | CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs. | #### :tada: Post Exploitation @@ -240,7 +232,6 @@ Exploits for after you have already gained access. | Tool | Language | Support | Description | | ----------- |-------------------------|----------|----------------| | [TheFatRat](https://github.com/Screetsec/TheFatRat) | **C** | `Linux/Windows/macOS` | Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack, dll. | -| [Microsploit](https://github.com/Screetsec/Microsploit) | **Shell** | `Linux/Windows/macOS` | Fast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer Overflow. | #### :package: Frameworks @@ -250,13 +241,9 @@ Frameworks are packs of pen testing tools with custom shell navigation and docum | ----------- |-------------------------|----------|----------------| | [Operative Framework](https://github.com/graniet/operative-framework) | **Python** | `Linux/Windows/macOS` | Framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules. | | [Metasploit](https://github.com/rapid7/metasploit-framework) | **Ruby** | `Linux/Windows/macOS` | A penetration testing framework for ethical hackers. | -| [fsociety](https://github.com/Manisso/fsociety) | **Python** | `Linux/Windows/macOS` | fsociety Hacking Tools Pack – A Penetration Testing Framework. | | [cSploit](https://github.com/cSploit/android) | **Java** | `Android` | The most complete and advanced IT security professional toolkit on Android. | | [radare2](https://github.com/radare/radare2) | **C** | `Linux/Windows/macOS/Android` | Unix-like reverse engineering framework and commandline tools. | -| [Social Engineer Toolkit](https://github.com/trustedsec/social-engineer-toolkit) | **Python** | `Linux/macOS` | Penetration testing framework designed for social engineering. | -| [hate_crack](https://github.com/trustedsec/hate_crack) | **Python** | `Linux/macOS` | A tool for automating cracking methodologies through Hashcat. | | [Wifiphisher](https://github.com/wifiphisher/wifiphisher) | **Python** | `Linux` | The Rogue Access Point Framework. | -| [Kickthemout](https://github.com/k4m4/kickthemout) | **Python** | `Linux/macOS` | Kick devices off your network by performing an ARP Spoof attack. | | [Beef](https://github.com/beefproject/beef) | **Javascript** | `Linux/Windows/macOS` | The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. | | [Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | **Python** | `Linux/Windows/macOS` | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. | | [Burp Suite](https://portswigger.net/burp) | **C++** | `Linux/Windows/macOS` | Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. **This tool is not free and open source** |