Free-Security-eBooks - Free Security and Hacking eBooks

A curated list of free Security and Pentesting related E-Books available on the Internet. If you want to contribute to this list (please do), send a pull request. All contributors will be recognized and appreciated.

Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing

•    Python

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).

Sn1per - Automated Pentest Recon Scanner

•    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

mitmAP - 📡 A python program to create a fake AP and sniff data.

•    Python

I'm not responsible for anything you do with this program, so please only use it for good and educational purposes.

Dr0p1t-Framework - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

•    Python

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

lscript - The LAZY script will make your life easier, and of course faster.

•    Shell

I AM NOT RESPONSIBLE HOW YOU USE THIS TOOL.BE LEGAL AND NOT STUPID. This script will make your life easier, and of course faster.

mpc - MSFvenom Payload Creator (MSFPC)

•    Shell

A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

pentest - :no_entry: offsec batteries included

•    Python

:no_entry: offsec batteries included

jsql-injection - jSQL Injection is a Java application for automatic SQL database injection.

•    Java

jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open source and cross-platform (Windows, Linux, Mac OS X).

sandmap - Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine

•    Shell

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Before using the Sandmap read the Command Line introduction.

One-Lin3r - Gives you one-liners that aids in penetration testing operations

•    Python

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. The payloads database is not big now because this the first edition but it will get bigger with updates and contributions.

Vanquish - Vanquish is Kali Linux based Enumeration Orchestrator

•    Python

Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell. CTRL + C to exit an enumeration phase and skip to the next phase (helpful if a command is taking too long) Vanquish will skip running a command again if it sees that the output files already exist. If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.

csi - CSI (Continuous Security Integration) Framework => Automated Security Testing for CI/CD Pipelines & Beyond

•    Ruby

If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please PM us as this will continue to promote CSIs interoperability w/ industry-recognized security tools moving forward. It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.

Web-Penetration-Testing-with-Kali-Linux-Third-Edition - Web Penetration Testing with Kali Linux - Third Edition, published by Packt

•    HTML

This is the code repository for Web Penetration Testing with Kali Linux - Third Edition, published by Packt. It contains all the supporting project files necessary to work through the book from start to finish. Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.

Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Scripts

•    Batchfile

My big 'Ol List of Windows Privilege Escalation Techniques and Scripts sorted by difficultly (Easy, Medium, Hard). Passwords Passwords can be one of the easiest methods of privledge escalation and there are some tools that can help with this process.

lyricpass - Password wordlist generator using song lyrics for targeted bruteforce audits / attacks

•    Python

Password wordlist / dictionary generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research. Easy to use - you give it an artist, you get back a text file with all of their lyrics to use for cracking passwords. People are being encouraged to use longer passwords - specifically multiple words stringed together. An obvious choice is to use a song lyric from their favorite artist. This seems much more secure than a single word.

Digital-Forensics-with-Kali-Linux - Digital Forensics with Kali Linux, published by Packt

This is the code repository for Digital Forensics with Kali Linux, published by Packt. It contains all the supporting project files necessary to work through the book from start to finish. Kali Linux is a Linux-based distribution used mainly for penetration testing and digital forensics. It has a wide range of tools to help in forensics investigations and incident response mechanisms.

wpa2-wordlists - A collection of wordlists dictionaries for password cracking

•    Shell

A collection of passwords and wordlists commonly used for dictionary-attacks using a variety of password cracking tools such as aircrack-ng, hydra and hashcat.