h4k-sore

A Collection of Pentesting Tools and Resources.

Index

Categories	Notes
OPPSEC	(Operational Security)
OSINT	(Open Source Intelligence)
CTF Resources	Tutorials, playgrounds and more.
News	News curation
Pentesting Resources
Reversing Resources
Malware Analysis
Anonymisers	Hide your identity
Honeypots	Traps, etc.
Network Defence
Operating Systems	Windows, Linux.
Other Collections	Links to other lists and curations.
References

OPPSEC

The following references were composed with OPPSEC and Sock Puppet generation in mind.

• The Ultimate Sock Puppets Tutorial - Comprehensive guide to Sock Puppet Operations.
• Crypton.sh - Secure SMS pin card.
• Privacy Tools - Decent resource for maintaining online privacy.
• Privacy Tools Reddit wiki - Decent collection of information and tools.
• Private Bin - Secure, open source pastebin.
• CryptPad - Secure document collaboaration environment.
• Just Delete Me - Identity Generator.
• This Person Does Not Exist - Generate portrait photos with AI.
• Fake Name Generator - Generate fake names.
• Persona Generator - Generate personalities.
• Photopeia - Online photo generator.
• Username Generator - Generate random usernames.
• YOPmail - Disposable mail service.
• Guerilla Mail - Another decent disposable mail service.

OSINT

• TraceLabs - Worldwide, Open Source OSINT initiative.
• OSINT Framework - Essential OSINT tools and resources.
• Toolkit - Osint Toolkit

CTF and Skill Development

CTF sites

• PicoCTF
• TryHackMe
• HackTheBox
• Google CTF
• VulnHub
• Defend the Web

CTF Resources

• CTF Field Guide - CTF Field Guide repository.

CTF Tools

• AutoSploit - Automated mass exploiter.

Reversing

• Micro Corruption - Reverse Engineering playground.

News and Info

• Ouch! - Sans
• Dark Reading - Community for security professionals.
• Krebs on Security - In depth analysis and information.
• OWASP - Essential community for Cybsec professionals.
• Decentralize - Updates on privacy, decentralization and related issues.
• CSO Online - Security News resource.
• Restore Privacy - Privacy-centric news and blog.

Pentesting Resources

Exploit Information and Resources

• Pentesting Wiki - Comprehensive wiki of pentest resources.
• Privilege Escalation - Excellent Github repository.
• Active Directory Exploitation - Great AD cheatsheet.
• PayloadsAllTheThings - Pentesters best friend.
• Exploit Databse - Maintained by Offensive Security.
• NMAP: Hackertarget Reference Guide - Decent Nmap cheatsheet.
• The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES) ¹
• XSS Scripting Cheatsheet

Web Tools

• BurpSuite - A graphical tool to testing website security.
• Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
• Hackbar - Firefox addon for easy web exploitation.
• CyberChef - Web app for data analysis; great for CTFs.

Pentesting Tools

• Metasploit - Easy to use, all-in-one exploit kit.
• Low Orbital Ion Cannon - Open Source Network stress tool (DDoS).
• Arsenal of AWS Pentesting Tools - Very decent list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Scripts

• CTF Tools - Setup scripts to install various security research tools.

Reversing

• Reverse Engineering Cheatsheet
• BeginRE - Reverse Engineering workshop.

RE Tools

• radare2 - RE toolkit and cutter.
• IDA - Disassembly and Debugging Toolkit.
• Ghidra - Toolkit developed by the NSA.

Malware Analysis

Information Aquisition

• VirusTotal - Online malware analysis tool.
• Any.Run - Online Malware Analysis.
• Malware Analysis - Comprehensive analysis repository.
• Malzilla - Malware hunting tool.
• AlienVault OSSIM - AlienVault Open Threat Exchange (OTX).

Forensic Tools

• USBRip - Track USB events on GNU/Linux.
• Volatility - Open Source memory dump investigation toolset.
• Wireshark - Used to analyze pcap.
• Sleuthkit - CLI tools for forensic investigation.
• Autopsy - GUI for the Sleuthkit.

Sandboxes

Play with danger

• Cuckoo - Malware analysis sandbox ²
  • Cuckoo Repository
• MalwareLab VM - Collection of setup scripts
• ThreatPursuit - Mandiant Threat Intelligence VM ²
• Firejail - Sandbox your apps on Linux ²
• Flare VM - Windows based MA distribution. ²

Anonymisers

Conceal your identity

• Privoxy - An open source proxy server with some privacy features. ²
• Tor - The Onion Router, for browsing the web without leaving traces of the client IP.
• Mullvad - Highly Anonoymous VPN. Cash, Monero and Bitcoin accepted.
• I2P - Invisible Internet Project.

Honeypots

Treats too good to resist

• Honeyd - Virtual honeynet.
• CanaryTokens - Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org.
• Kushtaka - Sustainable all-in-one honeypot and honeytoken orchestrator for under-resourced blue teams.
• Manuka - Open-sources intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.

Network Perimeter Defense

• Gatekeeper - First open source Distributed Denial of Service (DDoS) protection system. ²
• fwknop - Protects ports via Single Packet Authorization in your firewall. ²
• ssh-audit - Simple tool that makes quick recommendations for improving an SSH server's security posture. ²

Detection

• Snort - Widely-deployed, Free Software IPS capable of real-time packet analysis, traffic logging, and custom rule-based triggers.
• Suricata - Free, cross-platform, IDS/IPS.
• Wireshark - The free and open-source packet analyzer

Security and Pentesting Operating Systems

• BackBox - Ubuntu based OS.
• BlackArch Linux - Arch Linux pentesting distribution.
• Fedora Security Lab - Based on Fedora.
• Kali Linux - Well known pentesting OS.
• Parrot Security OS - Standard security and pentesting OS, used by HackTheBox.
• Pentoo - Based on Gentoo.

Other Cybersecurity Collections

References

Footnotes

1. Awesome Pentest https://github.com/enaqx/awesome-pentest ↩

2. Awesome Cybersecurity Blueteam https://github.com/fabacab/awesome-cybersecurity-blueteam ↩ ↩² ↩³ ↩⁴ ↩⁵ ↩⁶ ↩⁷ ↩⁸