API tools faq
paste
egy-mast3r

infoseclinks

egy-mast3r
Jul 6th, 2014
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.08 KB | None | 0 0
raw download clone embed print report
  1. ...........(0 0)
  2. .--oOO- (_)---.
  3. ╔═════════════════╗
  4. ║ Pen Test ?! ..... ║
  5. ╚═════════════════╝
  6. '----------------------oOO
  7. ........|__|__|
  8. .......... || ||
  9. ....... ooO Ooo
  10. #CyberPunk #PenTest #n0where #toolZ #Security
  11. .......!!!!!!!!!!!#######################################CyberPunk
  12.  
  13. Blogs
  14.  
  15. http://www.n0where.net
  16. http://carnal0wnage.blogspot.com/
  17. http://www.mcgrewsecurity.com/
  18. http://www.gnucitizen.org/blog/
  19. http://www.darknet.org.uk/
  20. http://spylogic.net/
  21. http://taosecurity.blogspot.com/
  22. http://www.room362.com/
  23. http://blog.sipvicious.org/
  24. http://blog.portswigger.net/
  25. http://pentestmonkey.net/blog/
  26. http://jeremiahgrossman.blogspot.com/
  27. http://i8jesus.com/
  28. http://blog.c22.cc/
  29. http://www.skullsecurity.org/blog/
  30. http://blog.metasploit.com/
  31. http://www.darkoperator.com/
  32. http://blog.skeptikal.org/
  33. http://preachsecurity.blogspot.com/
  34. http://www.tssci-security.com/
  35. http://www.gdssecurity.com/l/b/
  36. http://websec.wordpress.com/
  37. http://bernardodamele.blogspot.com/
  38. http://laramies.blogspot.com/
  39. http://www.spylogic.net/
  40. http://blog.andlabs.org/
  41. http://xs-sniper.com/blog/
  42. http://www.commonexploits.com/
  43. http://www.sensepost.com/blog/
  44. http://wepma.blogspot.com/
  45. http://exploit.co.il/
  46. http://securityreliks.wordpress.com/
  47. http://www.madirish.net/index.html
  48. http://sirdarckcat.blogspot.com/
  49. http://reusablesec.blogspot.com/
  50. http://myne-us.blogspot.com/
  51. http://www.notsosecure.com/
  52. http://blog.spiderlabs.com/
  53. http://www.corelan.be/
  54. http://www.digininja.org/
  55. http://www.pauldotcom.com/
  56. http://www.attackvector.org/
  57. http://deviating.net/
  58. http://www.alphaonelabs.com/
  59. http://www.smashingpasswords.com/
  60. http://wirewatcher.wordpress.com/
  61. http://gynvael.coldwind.pl/
  62. http://www.nullthreat.net/
  63. http://www.question-defense.com/
  64. http://archangelamael.blogspot.com/
  65. http://memset.wordpress.com/
  66. http://sickness.tor.hu/
  67. http://punter-infosec.com/
  68. http://www.securityninja.co.uk/
  69. http://securityandrisk.blogspot.com/
  70. http://esploit.blogspot.com/
  71. http://www.pentestit.com/
  72.  
  73. Forums:
  74.  
  75. http://sla.ckers.org/forum/index.php
  76. http://www.ethicalhacker.net/
  77. http://www.backtrack-linux.org/forums/
  78. http://www.elitehackers.info/forums/
  79. http://www.hackthissite.org/forums/index.php
  80. http://securityoverride.com/forum/index.php
  81. http://www.iexploit.org/
  82. http://bright-shadows.net/
  83. http://www.governmentsecurity.org/forum/
  84. http://forum.intern0t.net/
  85.  
  86. Magazines:
  87.  
  88. http://www.net-security.org/insecuremag.php
  89. http://hakin9.org/
  90.  
  91. Video:
  92.  
  93. http://www.hackernews.com/
  94. http://www.securitytube.net/
  95. http://www.irongeek.com/i.php?page=videos/aide-winter-2011
  96. http://avondale.good.net/dl/bd/
  97. http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
  98. http://www.youtube.com/user/ChRiStIaAn008
  99. http://www.youtube.com/user/HackingCons
  100.  
  101. Methodologies:
  102.  
  103. http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
  104. http://www.pentest-standard.org/index.php/Main_Page
  105. http://projects.webappsec.org/w/page/13246978/Threat-Classification
  106. http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  107. http://www.social-engineer.org/
  108.  
  109. OSINT Presentations:
  110.  
  111. http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
  112. http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
  113. http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
  114. http://www.slideshare.net/Laramies/tactical-information-gathering
  115. http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
  116. http://infond.blogspot.com/2010/05/toturial-footprinting.html
  117. People and Organizational:
  118. http://www.spokeo.com/
  119. http://www.123people.com/
  120. http://www.xing.com/
  121. http://www.zoominfo.com/search
  122. http://pipl.com/
  123. http://www.zabasearch.com/
  124. http://www.searchbug.com/default.aspx
  125. http://theultimates.com/
  126. http://skipease.com/
  127. http://addictomatic.com/
  128. http://socialmention.com/
  129. http://entitycube.research.microsoft.com/
  130. http://www.yasni.com/
  131. http://tweepz.com/
  132. http://tweepsearch.com/
  133. http://www.glassdoor.com/index.htm
  134. http://www.jigsaw.com/
  135. http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
  136. http://www.tineye.com/
  137. http://www.peekyou.com/
  138. http://picfog.com/
  139. http://twapperkeeper.com/index.php
  140.  
  141.  
  142. Infrastructure:
  143.  
  144. http://uptime.netcraft.com/
  145. http://www.serversniff.net/
  146. http://www.domaintools.com/
  147. http://centralops.net/co/
  148. http://hackerfantastic.com/
  149. http://whois.webhosting.info/
  150. https://www.ssllabs.com/ssldb/analyze.html
  151. http://www.clez.net/
  152. http://www.my-ip-neighbors.com/
  153. http://www.shodanhq.com/
  154. http://www.exploit-db.com/google-dorks/
  155. http://www.hackersforcharity.org/ghdb/
  156. Exploits and Advisories:
  157. http://www.exploit-db.com/
  158. http://www.cvedetails.com/
  159. http://www.milw0rm.com/ (Down permanently)
  160. http://www.packetstormsecurity.org/
  161. http://www.securityforest.com/wiki/index.php/Main_Page
  162. http://www.securityfocus.com/bid
  163. http://nvd.nist.gov/
  164. http://osvdb.org/
  165. http://www.nullbyte.org.il/Index.html
  166. http://secdocs.lonerunners.net/
  167. http://www.phenoelit-us.org/whatSAP/index.html
  168. http://secunia.com/
  169. http://cve.mitre.org/
  170.  
  171. Cheatsheets and Syntax:
  172.  
  173. http://cirt.net/ports_dl.php?export=services
  174. http://www.cheat-sheets.org/
  175. http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
  176.  
  177. Agile Hacking:
  178.  
  179. http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
  180. http://blog.commandlinekungfu.com/
  181. http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
  182. http://isc.sans.edu/diary.html?storyid=2376
  183. http://isc.sans.edu/diary.html?storyid=1229
  184. http://ss64.com/nt/
  185. http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
  186. http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
  187. http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
  188. http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
  189. http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
  190. http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
  191. http://www.pentesterscripting.com/
  192. http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
  193. http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
  194.  
  195. OS and Scripts:
  196.  
  197. http://en.wikipedia.org/wiki/IPv4_subnetting_reference
  198. http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
  199. http://shelldorado.com/shelltips/beginner.html
  200. http://www.linuxsurvival.com/
  201. http://mywiki.wooledge.org/BashPitfalls
  202. http://rubular.com/
  203. http://www.iana.org/assignments/port-numbers
  204. http://www.robvanderwoude.com/ntadmincommands.php
  205. http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
  206.  
  207. Tools:
  208.  
  209. http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
  210. http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
  211. http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
  212. http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
  213. http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
  214. http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
  215. http://h.ackack.net/cheat-sheets/netcat
  216.  
  217. Distros:
  218.  
  219. http://www.backtrack-linux.org/
  220. http://www.matriux.com/
  221. http://samurai.inguardians.com/
  222. http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
  223. https://pentoo.ch/
  224. http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
  225. http://www.piotrbania.com/all/kon-boot/
  226. http://www.linuxfromscratch.org/
  227. http://sumolinux.suntzudata.com/
  228. http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
  229. http://www.backbox.org/
  230.  
  231.  
  232. Labs:
  233.  
  234. ISOs and VMs:
  235. http://sourceforge.net/projects/websecuritydojo/
  236. http://code.google.com/p/owaspbwa/wiki/ProjectSummary
  237. http://heorot.net/livecds/
  238. http://informatica.uv.es/~carlos/docencia/netinvm/
  239. http://www.bonsai-sec.com/en/research/moth.php
  240. http://blog.metasploit.com/2010/05/introducing-metasploitable.html
  241. http://pynstrom.net/holynix.php
  242. http://gnacktrack.co.uk/download.php
  243. http://sourceforge.net/projects/lampsecurity/files/
  244. https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
  245. http://sourceforge.net/projects/virtualhacking/files/
  246. http://www.badstore.net/
  247. http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
  248. http://www.dvwa.co.uk/
  249. http://sourceforge.net/projects/thebutterflytmp/
  250.  
  251. Vulnerable Software:
  252.  
  253. http://www.oldapps.com/
  254. http://www.oldversion.com/
  255. http://www.exploit-db.com/webapps/
  256. http://code.google.com/p/wavsep/downloads/list
  257. http://www.owasp.org/index.php/Owasp_SiteGenerator
  258. http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
  259. http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
  260. http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
  261. http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
  262.  
  263.  
  264. Test Sites:
  265.  
  266. http://www.webscantest.com/
  267. http://crackme.cenzic.com/Kelev/view/home.php
  268. http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
  269. http://testaspnet.vulnweb.com/
  270. http://testasp.vulnweb.com/
  271. http://testphp.vulnweb.com/
  272. http://demo.testfire.net/
  273. http://hackme.ntobjectives.com/
  274.  
  275. Exploitation Intro:
  276.  
  277. http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
  278. http://www.mgraziano.info/docs/stsi2010.pdf
  279. http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
  280. http://www.ethicalhacker.net/content/view/122/2/
  281. http://code.google.com/p/it-sec-catalog/wiki/Exploitation
  282. http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
  283. http://ref.x86asm.net/index.html
  284. Reverse Engineering & Malware:
  285. http://www.woodmann.com/TiGa/idaseries.html
  286. http://www.binary-auditing.com/
  287. http://visi.kenshoto.com/
  288. http://www.radare.org/y/
  289. http://www.offensivecomputing.net/
  290.  
  291. Passwords and Hashes:
  292.  
  293. http://www.irongeek.com/i.php?page=videos/password-exploitation-class
  294. http://cirt.net/passwords
  295. http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
  296. http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
  297. http://www.foofus.net/?page_id=63
  298. http://hashcrack.blogspot.com/
  299. http://www.nirsoft.net/articles/saved_password_location.html
  300. http://www.onlinehashcrack.com/
  301. http://www.md5this.com/list.php?
  302. http://www.virus.org/default-password
  303. http://www.phenoelit-us.org/dpl/dpl.html
  304. http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
  305.  
  306. Wordlists:
  307.  
  308. http://contest.korelogic.com/wordlists.html
  309. http://packetstormsecurity.org/Crackers/wordlists/
  310. http://www.skullsecurity.org/wiki/index.php/Passwords
  311. http://www.ericheitzman.com/passwd/passwords/
  312.  
  313. Pass the Hash:
  314.  
  315. http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
  316. http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
  317. http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
  318.  
  319. MiTM:
  320.  
  321. http://www.giac.org/certified_professionals/practicals/gsec/0810.php
  322. http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
  323. http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
  324. http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
  325. http://www.mindcenter.net/uploads/ECCE101.pdf
  326. http://toorcon.org/pres12/3.pdf
  327. http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
  328. http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
  329. http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
  330. http://www.oact.inaf.it/ws-ssri/Costa.pdf
  331. http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
  332. http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
  333. http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
  334. http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
  335. http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
  336. http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
  337. http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
  338. http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
  339. http://articles.manugarg.com/arp_spoofing.pdf
  340. http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
  341. http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
  342. http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
  343. http://blog.spiderlabs.com/2010/12/thicknet.html
  344. http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
  345. http://www.go4expert.com/forums/showthread.php?t=11842
  346. http://www.irongeek.com/i.php?page=security/ettercapfilter
  347. http://openmaniak.com/ettercap_filter.php
  348. http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
  349. http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
  350. http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
  351. http://spareclockcycles.org/2010/06/10/sergio-proxy-released/
  352.  
  353. Tools:
  354.  
  355. http://www.edge-security.com/theHarvester.php
  356. http://www.mavetju.org/unix/dnstracer-man.php
  357. http://www.paterva.com/web5/
  358.  
  359. Metadata:
  360.  
  361. http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
  362. http://lcamtuf.coredump.cx/strikeout/
  363. http://www.sno.phy.queensu.ca/~phil/exiftool/
  364. http://www.edge-security.com/metagoofil.php
  365. http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
  366.  
  367. Google Hacking:
  368.  
  369. http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
  370. http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
  371. http://sqid.rubyforge.org/#next
  372. http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
  373.  
  374. Web:
  375.  
  376. http://www.bindshell.net/tools/beef
  377. http://blindelephant.sourceforge.net/
  378. http://xsser.sourceforge.net/
  379. http://sourceforge.net/projects/rips-scanner/
  380. http://www.divineinvasion.net/authforce/
  381. http://andlabs.org/tools.html#sotf
  382. http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
  383. http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
  384. http://code.google.com/p/pinata-csrf-tool/
  385. http://xsser.sourceforge.net/#intro
  386. http://www.contextis.co.uk/resources/tools/clickjacking-tool/
  387. http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
  388. http://sourceforge.net/projects/ws-attacker/files/
  389. https://github.com/koto/squid-imposter
  390.  
  391. Attack Strings:
  392.  
  393. http://code.google.com/p/fuzzdb/
  394. http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
  395.  
  396. Shells:
  397.  
  398. http://sourceforge.net/projects/yokoso/
  399. http://sourceforge.net/projects/ajaxshell/
  400.  
  401. Scanners:
  402.  
  403. http://w3af.sourceforge.net/
  404. http://code.google.com/p/skipfish/
  405. http://sqlmap.sourceforge.net/
  406. http://sqid.rubyforge.org/#next
  407. http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
  408. http://code.google.com/p/fimap/wiki/WindowsAttack
  409. http://code.google.com/p/fm-fsf/
  410.  
  411.  
  412. Proxies:
  413.  
  414. http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
  415. http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
  416. http://sourceforge.net/projects/belch/files/
  417. http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
  418. http://blog.ombrepixel.com/
  419. http://andlabs.org/tools.html#dser
  420. http://feoh.tistory.com/22
  421. http://www.sensepost.com/labs/tools/pentest/reduh
  422. http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
  423. http://intrepidusgroup.com/insight/mallory/
  424. http://www.fiddler2.com/fiddler2/
  425. http://websecuritytool.codeplex.com/documentation?referringTitle=Home
  426. http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
  427.  
  428. Social Engineering:
  429.  
  430. http://www.secmaniac.com/
  431.  
  432. Password:
  433.  
  434. http://nmap.org/ncrack/
  435. http://www.foofus.net/~jmk/medusa/medusa.html
  436. http://www.openwall.com/john/
  437. http://ophcrack.sourceforge.net/
  438. http://blog.0x3f.net/tool/keimpx-in-action/
  439. http://code.google.com/p/keimpx/
  440. http://sourceforge.net/projects/hashkill/
  441.  
  442. Metasploit:
  443.  
  444. http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
  445. http://code.google.com/p/msf-hack/wiki/WmapNikto
  446. http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
  447. http://seclists.org/metasploit/
  448. http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
  449. http://meterpreter.illegalguy.hostzi.com/
  450. http://blog.metasploit.com/2010/03/automating-metasploit-console.html
  451. http://www.workrobot.com/sansfire2009/561.html
  452. http://www.securitytube.net/video/711
  453. http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
  454. http://vimeo.com/16852783
  455. http://milo2012.wordpress.com/2009/09/27/xlsinjector/
  456. http://www.fastandeasyhacking.com/
  457. http://trac.happypacket.net/
  458. http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
  459. http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
  460.  
  461. MSF Exploits or Easy:
  462.  
  463. http://www.nessus.org/plugins/index.php?view=single&id=12204
  464. http://www.nessus.org/plugins/index.php?view=single&id=11413
  465. http://www.nessus.org/plugins/index.php?view=single&id=18021
  466. http://www.nessus.org/plugins/index.php?view=single&id=26918
  467. http://www.nessus.org/plugins/index.php?view=single&id=34821
  468. http://www.nessus.org/plugins/index.php?view=single&id=22194
  469. http://www.nessus.org/plugins/index.php?view=single&id=34476
  470. http://www.nessus.org/plugins/index.php?view=single&id=25168
  471. http://www.nessus.org/plugins/index.php?view=single&id=19408
  472. http://www.nessus.org/plugins/index.php?view=single&id=21564
  473. http://www.nessus.org/plugins/index.php?view=single&id=10862
  474. http://www.nessus.org/plugins/index.php?view=single&id=26925
  475. http://www.nessus.org/plugins/index.php?view=single&id=29314
  476. http://www.nessus.org/plugins/index.php?view=single&id=23643
  477. http://www.nessus.org/plugins/index.php?view=single&id=12052
  478. http://www.nessus.org/plugins/index.php?view=single&id=12052
  479. http://www.nessus.org/plugins/index.php?view=single&id=34477
  480. http://www.nessus.org/plugins/index.php?view=single&id=15962
  481. http://www.nessus.org/plugins/index.php?view=single&id=42106
  482. http://www.nessus.org/plugins/index.php?view=single&id=15456
  483. http://www.nessus.org/plugins/index.php?view=single&id=21689
  484. http://www.nessus.org/plugins/index.php?view=single&id=12205
  485. http://www.nessus.org/plugins/index.php?view=single&id=22182
  486. http://www.nessus.org/plugins/index.php?view=single&id=26919
  487. http://www.nessus.org/plugins/index.php?view=single&id=26921
  488. http://www.nessus.org/plugins/index.php?view=single&id=21696
  489. http://www.nessus.org/plugins/index.php?view=single&id=40887
  490. http://www.nessus.org/plugins/index.php?view=single&id=10404
  491. http://www.nessus.org/plugins/index.php?view=single&id=18027
  492. http://www.nessus.org/plugins/index.php?view=single&id=19402
  493. http://www.nessus.org/plugins/index.php?view=single&id=11790
  494. http://www.nessus.org/plugins/index.php?view=single&id=12209
  495. http://www.nessus.org/plugins/index.php?view=single&id=10673
  496.  
  497. NSE:
  498.  
  499. http://www.securitytube.net/video/931
  500. http://nmap.org/nsedoc/
  501.  
  502. Net Scanners and Scripts:
  503.  
  504. http://nmap.org/
  505. http://asturio.gmxhome.de/software/sambascan2/i.html
  506. http://www.softperfect.com/products/networkscanner/
  507. http://www.openvas.org/
  508. http://tenable.com/products/nessus
  509. http://www.rapid7.com/vulnerability-scanner.jsp
  510. http://www.eeye.com/products/retina/community
  511.  
  512. Post Exploitation:
  513.  
  514. http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
  515. http://www.phx2600.org/archive/2008/08/29/metacab/
  516. http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
  517.  
  518. Netcat:
  519.  
  520. http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
  521. http://www.radarhack.com/tutorial/ads.pdf
  522. http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
  523. http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
  524. http://www.dest-unreach.org/socat/
  525. http://www.antionline.com/archive/index.php/t-230603.html
  526. http://technotales.wordpress.com/2009/06/14/netcat-tricks/
  527. http://seclists.org/nmap-dev/2009/q1/581
  528. http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
  529. http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
  530. http://gse-compliance.blogspot.com/2008/07/netcat.html
  531.  
  532. Source Inspection:
  533.  
  534. http://www.justanotherhacker.com/projects/graudit.html
  535. http://code.google.com/p/javasnoop/
  536.  
  537. Firefox Addons:
  538.  
  539. https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
  540. https://addons.mozilla.org/en-US/firefox/addon/osvdb/
  541. https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
  542. https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
  543. https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
  544. https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
  545. https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
  546. https://addons.mozilla.org/en-US/firefox/addon/hackbar/
  547.  
  548. Tool Listings:
  549.  
  550. http://packetstormsecurity.org/files/tags/tool
  551. http://tools.securitytube.net/index.php?title=Main_Page
  552.  
  553. Training/Classes:
  554.  
  555. http://pentest.cryptocity.net/
  556. http://www.irongeek.com/i.php?page=videos/network-sniffers-class
  557. http://samsclass.info/124/124_Sum09.shtml
  558. http://www.cs.ucsb.edu/~vigna/courses/cs279/
  559. http://crypto.stanford.edu/cs142/
  560. http://crypto.stanford.edu/cs155/
  561. http://cseweb.ucsd.edu/classes/wi09/cse227/
  562. http://www-inst.eecs.berkeley.edu/~cs161/sp11/
  563. http://security.ucla.edu/pages/Security_Talks
  564. http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
  565. http://cr.yp.to/2004-494.html
  566. http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
  567. https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
  568. http://stuff.mit.edu/iap/2009/#websecurity
  569.  
  570. Metasploit:
  571.  
  572. http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
  573. http://www.irongeek.com/i.php?page=videos/metasploit-class
  574. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
  575. http://vimeo.com/16925188
  576. http://www.ustream.tv/recorded/13396511
  577. http://www.ustream.tv/recorded/13397426
  578. http://www.ustream.tv/recorded/13398740
  579.  
  580. Programming:
  581. Python:
  582. http://code.google.com/edu/languages/google-python-class/index.html
  583. http://www.swaroopch.com/notes/Python_en:Table_of_Contents
  584. http://www.thenewboston.com/?cat=40&pOpen=tutorial
  585. http://showmedo.com/videotutorials/python
  586. http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
  587.  
  588. Ruby:
  589. http://www.tekniqal.com/
  590.  
  591. Other Misc:
  592. http://www.cs.sjtu.edu.cn/~kzhu/cs490/
  593. https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
  594. http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
  595. http://resources.infosecinstitute.com/
  596. http://vimeo.com/user2720399
  597.  
  598. Web Vectors
  599. SQLi:
  600. http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
  601. http://isc.sans.edu/diary.html?storyid=9397
  602. http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
  603. http://www.evilsql.com/main/index.php
  604. http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
  605. http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
  606. http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
  607. http://sqlzoo.net/hack/
  608. http://www.sqlteam.com/article/sql-server-versions
  609. http://www.krazl.com/blog/?p=3
  610. http://www.owasp.org/index.php/Testing_for_MS_Access
  611. http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
  612. http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
  613. Joe McCray - Advanced SQL Injection - LayerOne 2009
  614. http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
  615. http://vimeo.com/3418947
  616. http://sla.ckers.org/forum/read.php?24,33903
  617. http://websec.files.wordpress.com/2010/11/sqli2.pdf
  618. http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
  619. http://ha.ckers.org/sqlinjection/
  620. http://lab.mediaservice.net/notes_more.php?id=MSSQL
  621.  
  622. Upload Tricks:
  623.  
  624. http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
  625. http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
  626. http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
  627. http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
  628. http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
  629. http://www.ravenphpscripts.com/article2974.html
  630. http://www.acunetix.com/cross-site-scripting/scanner.htm
  631. http://www.vupen.com/english/advisories/2009/3634
  632. http://msdn.microsoft.com/en-us/library/aa478971.aspx
  633. http://dev.tangocms.org/issues/237
  634. http://seclists.org/fulldisclosure/2006/Jun/508
  635. http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
  636. http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
  637. http://shsc.info/FileUploadSecurity
  638.  
  639. LFI/RFI:
  640.  
  641. http://pastie.org/840199
  642. http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
  643. http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
  644. http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
  645. http://www.digininja.org/blog/when_all_you_can_do_is_read.php
  646.  
  647. XSS:
  648. http://www.infosecwriters.com/hhworld/hh8/csstut.htm
  649. http://www.technicalinfo.net/papers/CSS.html
  650. http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
  651. http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
  652. https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
  653. http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
  654. http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
  655. http://heideri.ch/jso/#javascript
  656. http://www.reddit.com/r/xss/
  657. http://sla.ckers.org/forum/list.php?2
  658.  
  659. Coldfusion:
  660.  
  661. http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
  662. http://zastita.com/02114/Attacking_ColdFusion..html
  663. http://www.nosec.org/2010/0809/629.html
  664. http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
  665. http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
  666.  
  667. Sharepoint:
  668.  
  669. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
  670. Lotus:
  671. http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
  672. http://seclists.org/pen-test/2002/Nov/43
  673. http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
  674.  
  675. JBoss:
  676.  
  677. http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
  678. http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
  679.  
  680. VMWare Web:
  681.  
  682. http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
  683.  
  684. Oracle App Servers:
  685.  
  686. http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
  687. http://www.owasp.org/index.php/Testing_for_Oracle
  688. http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
  689. http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
  690. http://www.ngssoftware.com/papers/hpoas.pdf
  691.  
  692. SAP:
  693.  
  694. http://www.onapsis.com/research.html#bizploit
  695. http://marc.info/?l=john-users&m=121444075820309&w=2
  696. http://www.phenoelit-us.org/whatSAP/index.html
  697.  
  698. Wireless:
  699. http://code.google.com/p/pyrit/
  700.  
  701. Capture the Flag/Wargames:
  702.  
  703. http://intruded.net/
  704. http://smashthestack.org/
  705. http://flack.hkpco.kr/
  706. http://ctf.hcesperer.org/
  707. http://ictf.cs.ucsb.edu/
  708. http://capture.thefl.ag/calendar/
  709.  
  710. Conferences:
  711.  
  712. https://www.google.com/calendar/[email protected]&gsessionid=OK Misc/Unsorted:
  713. http://www.ikkisoft.com/stuff/SMH_XSS.txt
  714. http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
  715. http://whatthefuckismyinformationsecuritystrategy.com/
  716. http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
  717. http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
  718. http://www.sensepost.com/blog/4552.html
  719. http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
  720. http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
  721. http://carnal0wnage.attackresearch.com/node/410
  722. http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
  723. http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
  724. http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
  725.  
  726. Rest
  727.  
  728. Main - browsersec - Browser Security Handbook landing page -
  729. Project Hosting on Google Code: http://code.google.com/p/browsersec/wiki/Main
  730.  
  731. Inject your code to a Portable Executable file - Programmer's Heaven: http://www.programmersheaven.com/2/Inject-code-to-Portable-Executable-file
  732. Blog: http://www.social-engineer.org/blog/
  733.  
  734. XSS (Cross Site Scripting) Cheat Sheet: http://ha.ckers.org/xss.html
  735.  
  736. ilektrojohn/creepy @ GitHub?: http://ilektrojohn.github.com/creepy/
  737.  
  738. Didier Stevens: http://blog.didierstevens.com/
  739.  
  740. Malcode Analysis Software Tools // iDefense Labs: http://labs.idefense.com/software/malcode.php
  741.  
  742. RMS's gdb Tutorial: http://www.unknownroad.com/rtfm/gdbtut/gdbtoc.html
  743.  
  744. Peter's gdb Tutorial: Table Of Contents: http://dirac.org/linux/gdb/
  745.  
  746. Reverse Engineering Team: http://www.reteam.org/
  747.  
  748. Adventures with Radare2 #1: A Simple Shellcode Analysis | Can't Hack, Won't Hack: http://canthack.org/2011/07/adventures-with-radare-1-a-simple-shellcode-analysis/
  749.  
  750. OpenRCE: http://www.openrce.org/articles/
  751.  
  752. Can we collect interesting Reverse Engineering blogs? : ReverseEngineering?: http://www.reddit.com/r/ReverseEngineering/comments/is2et/can_we_collect_interesting_reverse_engineering/
  753. c0ffee.com/virus/cih.txt: http://c0ffee.com/virus/cih.txt
  754.  
  755. PDFTricks - corkami - a summary of PDF tricks - encodings, structures, JavaScript?... - reverse engineering experiments and documentations - Google Project Hosting: http://code.google.com/p/corkami/wiki/PDFTricks
  756. Hacking Network Printers (Mostly HP JetDirects?, but a little info on the Ricoh Savins): http://www.irongeek.com/i.php?page=security/networkprinterhacking
  757.  
  758. mapping MAC addresses - samy kamkar: http://samy.pl/androidmap/
  759.  
  760. Windows XP Malware Removal/Cleaning Procedure - MajorGeeks? Support
  761.  
  762. Forums: http://forums.majorgeeks.com/showthread.php?t=139313 M-unition » Blog Archive » EXT3 File Recovery via Indirect Blocks: https://blog.mandiant.com/archives/1593
  763.  
  764. Code analysis, Debugging and reverse engineering / Code security «
  765. Eikonal Blog: https://eikonal.wordpress.com/2011/02/28/code-analysis-debugging-and-reverse-engineering-code-security/
  766.  
  767. Volatility | Memory Forensics | Volatile Systems: https://www.volatilesystems.com/default/volatility
  768.  
  769. Windows Incident Response: Using RegRipper?: http://windowsir.blogspot.com/2011/03/using-regripper.html
  770.  
  771. poorcase - A perl script to virtually reconstruct a split forensic disk image - Google Project Hosting: http://code.google.com/p/poorcase/
  772.  
  773. Room362.com - Blog: http://www.room362.com/
  774.  
  775. Cryptology ePrint Archive: http://eprint.iacr.org/
  776.  
  777. Improved Persistent Login Cookie Best Practice | Barry Jaspan: http://jaspan.com/improved_persistent_login_cookie_best_practice
  778.  
  779. Designing an Authentication System: a Dialogue in Four Scenes: http://web.mit.edu/kerberos/www/dialogue.html
  780.  
  781. Understanding Hash Functions and Keeping Passwords Safe | Nettuts+:
  782. http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
  783.  
  784. Blogs | The Honeynet Project: https://www.honeynet.org/
  785.  
  786. MAEC - Malware Attribute Enumeration and Characterization: https://maec.mitre.org/index.html
  787.  
  788. Forensics Wiki: http://www.forensicswiki.org/wiki
  789.  
  790. Spare Clock Cycles: http://spareclockcycles.org/
  791.  
  792. grand stream dreams: Malware Analysis Resources:
  793. http://grandstreamdreams.blogspot.co.uk/2012/04/malware-analysis-resources.html
  794.  
  795. SANS: Information Security Reading Room - Computer Security White
  796.  
  797. Papers: http://www.sans.org/reading_room/
  798.  
  799. Vulnerable VM List : securityCTF: https://www.reddit.com/r/securityCTF/comments/t53cr/vulnerable_vm_list/
  800. nullsecurity team: http://www.nullsecurity.net/index.html
  801.  
  802. IAmA a malware coder and botnet operator, AMA : IAmA: http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/#
  803.  
  804. Undetectable - Portal: http://www.indetectables.net/
  805.  
  806. OpenSC - Security Research Forum - The Front Page: http://www.opensc.ws/
  807.  
  808. Penetration Testing and Vulnerability Analysis - Home: http://pentest.cryptocity.net/
  809.  
  810. Metasploit Minute: http://www.metasploitminute.com/
  811.  
  812. Memory Dump, Software Trace, Debugging, Malware and Intelligence
  813. Analysis Portal | Patterns for Software Diagnostics: http://www.dumpanalysis.org/
  814.  
  815. oclHashcat-plus - advanced password recovery: https://hashcat.net/oclhashcat-plus/
  816.  
  817. Netcraft Anti-Phishing Toolbar: http://toolbar.netcraft.com/
  818. pescrambler - Scrambler and Obfuscator for PE formatted Win32 binaries -
  819.  
  820. Google Project Hosting: http://code.google.com/p/pescrambler/
  821.  
  822. Searching With VirusTotal? « Didier Stevens:
  823. http://blog.didierstevens.com/2012/05/21/searching-with-virustotal/
  824.  
  825. Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/Main_Page
  826.  
  827. n0security: http://n0security.blogspot.com/
  828.  
  829. VoIP Hopper - Jumping from one VLAN to the next!:
  830. http://voiphopper.sourceforge.net/
  831.  
  832. DE(E)SU - Cables Communication: http://dee.su/cables
  833.  
  834. volatility - An advanced memory forensics framework - Google Project
  835.  
  836. Hosting: https://code.google.com/p/volatility/
  837.  
  838. GMER - Rootkit Detector and Remover: http://www.gmer.net/
  839.  
  840. Luigi Auriemma: http://aluigi.org/adv.htm
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!