A curated list of free Security and Pentesting related E-Books available on the Internet. If you want to contribute to this list (please do), send a pull request. All contributors will be recognized and appreciated.
security hacking penetration-testing hacking-ebooks forensics hackers-handbook cloud-security kali-linux cyber-security ebooksA reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).
oscp penetration-testing scanner security security-audit security-tools security-scanner offensive-security nmap enumeration scanning kali-linux service-enumeration services-discovered discover-services range snmp hacking hacking-tool virtual-hostsSn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.
pentest pentesting hacking scanner automated kali-linux recon sn1per dns metasploit vulnerabilities scans sn1per-professional nuke shellshock subnetI'm not responsible for anything you do with this program, so please only use it for good and educational purposes.
pentesting hacking wifi fake-ap kali-linux infosec mitm access-point wirelessA framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
hacking-tool windows-hacking backdoor execution-policy-bypass hacking pentest uac-bypass kill-antivirus kali-linux powershell phishing social-engineering scam avs runas anti-forensics persistence spoofing malware dr0p1tI AM NOT RESPONSIBLE HOW YOU USE THIS TOOL.BE LEGAL AND NOT STUPID. This script will make your life easier, and of course faster.
kali-scripts kali-linux shell-script payload-generator payload wifi-testing penetration-testing pentesting pentest-tool wifi-password wpa2-handshake wpa-cracker pixie-dust metasploit-framework eternalblue-doublepulsar-metasploit wifiphisher antivirus-evasion bypass-av bypass-antivirus sqlinjectionA quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.
msfvenom msfvenom-payload mpc msfpc payload payload-generator payload-generation metasploit-framework metasploit kali kali-linux:no_entry: offsec batteries included
pentesting kali-linux pentesting-windows pentest-environment offensive-securityjSQL Injection is a lightweight application used to find database information from a distant server. It is free, open source and cross-platform (Windows, Linux, Mac OS X).
database kali-linux pentest sql-injectionSandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Before using the Sandmap read the Command Line introduction.
nmap nmap-scripts port-scanner network-scanner network-discovery service-discovery information-gathering nse nsescript cli command-line hacking hacking-tool kali-linux kali-scripts backboxOne-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. The payloads database is not big now because this the first edition but it will get bigger with updates and contributions.
hacking hacking-tool web-delivery metasploit one-liners one-liner pentest-tool pentesting-windows penetration-testing web-based-attacks web-attacks kali-linux windows-hacking multiplatformVanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell. CTRL + C to exit an enumeration phase and skip to the next phase (helpful if a command is taking too long) Vanquish will skip running a command again if it sees that the output files already exist. If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.
kali-linux oscp vulnerability-scanners vulnerability-assessment offensive-security penetration-testing penetration-testing-frameworkhackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali linux and Parrot OS.
pentesting pentest kali-linux hacking-tool vulnerability-scanners vulnerability-assessment pentest-scripts pentesterlab pentest-tool kali-scripts hacking-tools pentester kali-toolsIf you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please PM us as this will continue to promote CSIs interoperability w/ industry-recognized security tools moving forward. It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.
continuous-integration security automation continuous-testing continuous-security vulnerability-detection static-analysis security-framework devops telephony web ethical-hacking vagrant packer aws-ec2 penetration-testing bugbounty kali-linux kali kalilinuxThis is the code repository for Web Penetration Testing with Kali Linux - Third Edition, published by Packt. It contains all the supporting project files necessary to work through the book from start to finish. Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.
penetration-testing kali-linux burpsuite maltegoMy big 'Ol List of Windows Privilege Escalation Techniques and Scripts sorted by difficultly (Easy, Medium, Hard). Passwords Passwords can be one of the easiest methods of privledge escalation and there are some tools that can help with this process.
windows-enumeration windows-privilege-escalation kali-linux oscp windows-hacking windows-scriptsPassword wordlist / dictionary generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research. Easy to use - you give it an artist, you get back a text file with all of their lyrics to use for cracking passwords. People are being encouraged to use longer passwords - specifically multiple words stringed together. An obvious choice is to use a song lyric from their favorite artist. This seems much more secure than a single word.
infosec security penetration-testing password-generator kali-linuxThis is the code repository for Digital Forensics with Kali Linux, published by Packt. It contains all the supporting project files necessary to work through the book from start to finish. Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms.
kali-linux kali-scripts digital-forensics forensics mobile-security hacking brute-force-attacks investigation forensics-investigations penetration-testing pentesting pentest-toolA collection of passwords and wordlists commonly used for dictionary-attacks using a variety of password cracking tools such as aircrack-ng, hydra and hashcat.
wordlist kali-linux wireless-network dictionaries passwordsAthena is a web application developed in Python-Flask-SQLite for testing your skills as a Hacker, Coder and Warrior. Both, BAD and GOOD versions, requires an initialization of the database.
shell flask security athena hacking owasp penetration-testing flask-application vulnerability sqlite3 pentesting vulnerabilities kali-linux database-initialization web application sqlite
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.