{"id":1282,"date":"2017-08-02T11:36:25","date_gmt":"2017-08-02T14:36:25","guid":{"rendered":"http:\/\/gianfratti.com\/?p=1282"},"modified":"2017-08-02T11:36:25","modified_gmt":"2017-08-02T14:36:25","slug":"uma-colecao-de-recursos-e-ferramentas-para-pentest","status":"publish","type":"post","link":"https:\/\/gianfratti.com\/index.php\/uma-colecao-de-recursos-e-ferramentas-para-pentest\/","title":{"rendered":"Uma cole\u00e7\u00e3o de recursos e ferramentas para Pentest"},"content":{"rendered":"<p>Este projeto \u00e9 suportado pelo Netsparker Web Application Security Scanner<!--more--><\/p>\n<p>LINK: <a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#osint-tools\">GITHUB<\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#online-resources\">Online Resources<\/a>\n<ul>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#penetration-testing-resources\">Penetration Testing Resources<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#exploit-development\">Exploit development<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#social-engineering-resources\">Social Engineering Resources<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#lock-picking-resources\">Lock Picking Resources<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#operating-systems\">Operating Systems<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#tools\">Tools<\/a>\n<ul>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#penetration-testing-distributions\">Penetration Testing Distributions<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#basic-penetration-testing-tools\">Basic Penetration Testing Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#docker-for-penetration-testing\">Docker for Penetration Testing<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#vulnerability-scanners\">Vulnerability Scanners<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#network-tools\">Network Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#wireless-network-tools\">Wireless Network Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#ssl-analysis-tools\">SSL Analysis Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#web-exploitation\">Web Exploitation<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#hex-editors\">Hex Editors<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#crackers\">Crackers<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#windows-utils\">Windows Utils<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#linux-utils\">Linux Utils<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#ddos-tools\">DDoS Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#social-engineering-tools\">Social Engineering Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#osint-tools\">OSInt Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#anonymity-tools\">Anonymity Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#reverse-engineering-tools\">Reverse Engineering Tools<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#ctf-tools\">CTF Tools<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#books\">Books<\/a>\n<ul>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#penetration-testing-books\">Penetration Testing Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#hackers-handbook-series\">Hackers Handbook Series<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#defensive-development\">Defensive Development<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#network-analysis-books\">Network Analysis Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#reverse-engineering-books\">Reverse Engineering Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#malware-analysis-books\">Malware Analysis Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#windows-books\">Windows Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#social-engineering-books\">Social Engineering Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#lock-picking-books\">Lock Picking Books<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#defcon-suggested-reading\">Defcon Suggested Reading<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#vulnerability-databases\">Vulnerability Databases<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#security-courses\">Security Courses<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#information-security-conferences\">Information Security Conferences<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#information-security-magazines\">Information Security Magazines<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#awesome-lists\">Awesome Lists<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#contribution\">Contribution<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#license\">License<\/a><\/li>\n<\/ul>\n<h3><a id=\"user-content-online-resources\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#online-resources\"><\/a>Online Resources<\/h3>\n<h4><a id=\"user-content-penetration-testing-resources\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#penetration-testing-resources\"><\/a>Penetration Testing Resources<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.offensive-security.com\/metasploit-unleashed\/\">Metasploit Unleashed<\/a> \u2013 Free Offensive Security Metasploit course<\/li>\n<li><a href=\"http:\/\/www.pentest-standard.org\/\">PTES<\/a> \u2013 Penetration Testing Execution Standard<\/li>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/Main_Page\">OWASP<\/a> \u2013 Open Web Application Security Project<\/li>\n<li><a href=\"https:\/\/github.com\/nixawk\/pentest-wiki\">PENTEST-WIKI<\/a> \u2013 A free online security knowledge library for pentesters \/ researchers.<\/li>\n<li><a href=\"http:\/\/www.vulnerabilityassessment.co.uk\/Penetration%20Test.html\">Vulnerability Assessment Framework<\/a> \u2013 Penetration Testing Framework.<\/li>\n<li><a href=\"https:\/\/github.com\/trustedsec\/ptf\">The Pentesters Framework<\/a> \u2013 PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install\/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.<\/li>\n<li><a href=\"http:\/\/www.xss-payloads.com\/\">XSS-Payloads<\/a> \u2013 Ultimate resource for all things cross-site including payloads, tools, games and documentation.<\/li>\n<\/ul>\n<h4><a id=\"user-content-exploit-development\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#exploit-development\"><\/a>Exploit development<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.vividmachines.com\/shellcode\/shellcode.html\">Shellcode Tutorial<\/a> \u2013 Tutorial on how to write shellcode<\/li>\n<li><a href=\"http:\/\/shell-storm.org\/shellcode\/\">Shellcode Examples<\/a> \u2013 Shellcodes database<\/li>\n<li><a href=\"https:\/\/www.corelan.be\/index.php\/2009\/07\/19\/exploit-writing-tutorial-part-1-stack-based-overflows\/\">Exploit Writing Tutorials<\/a> \u2013 Tutorials on how to develop exploits<\/li>\n<li><a href=\"https:\/\/github.com\/b3mb4m\/shellsploit-framework\">shellsploit<\/a> \u2013 New Generation Exploit Development Kit<\/li>\n<li><a href=\"https:\/\/github.com\/snare\/voltron\">Voltron<\/a> \u2013 A hacky debugger UI for hackers<\/li>\n<\/ul>\n<h4><a id=\"user-content-social-engineering-resources\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#social-engineering-resources\"><\/a>Social Engineering Resources<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.social-engineer.org\/framework\/general-discussion\/\">Social Engineering Framework<\/a> \u2013 An information resource for social engineers<\/li>\n<\/ul>\n<h4><a id=\"user-content-lock-picking-resources\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#lock-picking-resources\"><\/a>Lock Picking Resources<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.youtube.com\/user\/SchuylerTowne\/\">Schuyler Towne channel<\/a> \u2013 Lockpicking videos and security talks<\/li>\n<li><a href=\"https:\/\/www.reddit.com\/r\/lockpicking\">\/r\/lockpicking<\/a> \u2013 Resources for learning lockpicking, equipment recommendations.<\/li>\n<\/ul>\n<h4><a id=\"user-content-operating-systems\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#operating-systems\"><\/a>Operating Systems<\/h4>\n<ul>\n<li><a href=\"http:\/\/rawsec.ml\/en\/security-related-os\/\">Security related Operating Systems @ Rawsec<\/a> \u2013 Complete list of security related operating systems<\/li>\n<li><a href=\"https:\/\/n0where.net\/best-linux-penetration-testing-distributions\/\">Best Linux Penetration Testing Distributions @ CyberPunk<\/a> \u2013 Description of main penetration testing distributions<\/li>\n<li><a href=\"http:\/\/distrowatch.com\/search.php?category=Security\">Security @ Distrowatch<\/a> \u2013 Website dedicated to talking about, reviewing and keeping up to date with open source operating systems<\/li>\n<\/ul>\n<h3><a id=\"user-content-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#tools\"><\/a>Tools<\/h3>\n<h4><a id=\"user-content-penetration-testing-distributions\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#penetration-testing-distributions\"><\/a>Penetration Testing Distributions<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.kali.org\/\">Kali<\/a> \u2013 A Linux distribution designed for digital forensics and penetration testing<\/li>\n<li><a href=\"https:\/\/archstrike.org\/\">ArchStrike<\/a> \u2013 An Arch Linux repository for security professionals and enthusiasts<\/li>\n<li><a href=\"https:\/\/www.blackarch.org\/\">BlackArch<\/a> \u2013 Arch Linux-based distribution for penetration testers and security researchers<\/li>\n<li><a href=\"http:\/\/networksecuritytoolkit.org\/\">NST<\/a> \u2013 Network Security Toolkit distribution<\/li>\n<li><a href=\"http:\/\/www.pentoo.ch\/\">Pentoo<\/a> \u2013 Security-focused livecd based on Gentoo<\/li>\n<li><a href=\"https:\/\/backbox.org\/\">BackBox<\/a> \u2013 Ubuntu-based distribution for penetration tests and security assessments<\/li>\n<li><a href=\"https:\/\/www.parrotsec.org\/\">Parrot<\/a> \u2013 A distribution similar to Kali, with multiple architecture<\/li>\n<li><a href=\"https:\/\/labs.fedoraproject.org\/en\/security\/\">Fedora Security Lab<\/a> \u2013 Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.<\/li>\n<\/ul>\n<h4><a id=\"user-content-basic-penetration-testing-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#basic-penetration-testing-tools\"><\/a>Basic Penetration Testing Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.metasploit.com\/\">Metasploit Framework<\/a> \u2013 World\u2019s most used penetration testing software<\/li>\n<li><a href=\"https:\/\/portswigger.net\/burp\/\">Burp Suite<\/a> \u2013 An integrated platform for performing security testing of web applications<\/li>\n<li><a href=\"https:\/\/github.com\/juansacco\/exploitpack\">ExploitPack<\/a> \u2013 Graphical tool for penetration testing with a bunch of exploits<\/li>\n<li><a href=\"https:\/\/github.com\/beefproject\/beef\">BeeF<\/a> \u2013 The Browser Exploitation Framework Project<\/li>\n<li><a href=\"https:\/\/github.com\/infobyte\/faraday\">faraday<\/a> \u2013 Collaborative Penetration Test and Vulnerability Management Platform<\/li>\n<li><a href=\"https:\/\/github.com\/infobyte\/evilgrade\">evilgrade<\/a> \u2013 The update explotation framework<\/li>\n<li><a href=\"https:\/\/github.com\/stasinopoulos\/commix\">commix<\/a> \u2013 Automated All-in-One OS Command Injection and Exploitation Tool<\/li>\n<li><a href=\"https:\/\/github.com\/reverse-shell\/routersploit\">routersploit<\/a> \u2013 Automated penetration testing software for router<\/li>\n<li><a href=\"https:\/\/github.com\/nccgroup\/redsnarf\">redsnarf<\/a> \u2013 Post-exploitation tool for grabbing credentials<\/li>\n<li><a href=\"https:\/\/github.com\/manwhoami\/Bella\">Bella<\/a> \u2013 Bella is a pure Python post-exploitation data mining &amp; remote administration tool for Mac OS.<\/li>\n<\/ul>\n<h4><a id=\"user-content-docker-for-penetration-testing\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#docker-for-penetration-testing\"><\/a>Docker for Penetration Testing<\/h4>\n<ul>\n<li><code>docker pull kalilinux\/kali-linux-docker<\/code> <a href=\"https:\/\/hub.docker.com\/r\/kalilinux\/kali-linux-docker\/\">official Kali Linux<\/a><\/li>\n<li><code>docker pull owasp\/zap2docker-stable<\/code> \u2013 <a href=\"https:\/\/github.com\/zaproxy\/zaproxy\">official OWASP ZAP<\/a><\/li>\n<li><code>docker pull wpscanteam\/wpscan<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/wpscanteam\/wpscan\/\">official WPScan<\/a><\/li>\n<li><code>docker pull pandrew\/metasploit<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/pandrew\/metasploit\/\">docker-metasploit<\/a><\/li>\n<li><code>docker pull citizenstig\/dvwa<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/citizenstig\/dvwa\/\">Damn Vulnerable Web Application (DVWA)<\/a><\/li>\n<li><code>docker pull wpscanteam\/vulnerablewordpress<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/wpscanteam\/vulnerablewordpress\/\">Vulnerable WordPress Installation<\/a><\/li>\n<li><code>docker pull hmlio\/vaas-cve-2014-6271<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/hmlio\/vaas-cve-2014-6271\/\">Vulnerability as a service: Shellshock<\/a><\/li>\n<li><code>docker pull hmlio\/vaas-cve-2014-0160<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/hmlio\/vaas-cve-2014-0160\/\">Vulnerability as a service: Heartbleed<\/a><\/li>\n<li><code>docker pull opendns\/security-ninjas<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/opendns\/security-ninjas\/\">Security Ninjas<\/a><\/li>\n<li><code>docker pull diogomonica\/docker-bench-security<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/diogomonica\/docker-bench-security\/\">Docker Bench for Security<\/a><\/li>\n<li><code>docker pull ismisepaul\/securityshepherd<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/ismisepaul\/securityshepherd\/\">OWASP Security Shepherd<\/a><\/li>\n<li><code>docker pull danmx\/docker-owasp-webgoat<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/danmx\/docker-owasp-webgoat\/\">OWASP WebGoat Project docker image<\/a><\/li>\n<li><code>docker-compose build &amp;&amp; docker-compose up<\/code> \u2013 <a href=\"https:\/\/github.com\/owasp\/nodegoat#option-3---run-nodegoat-on-docker\">OWASP NodeGoat<\/a><\/li>\n<li><code>docker pull citizenstig\/nowasp<\/code> \u2013 <a href=\"https:\/\/hub.docker.com\/r\/citizenstig\/nowasp\/\">OWASP Mutillidae II Web Pen-Test Practice Application<\/a><\/li>\n<li><code>docker pull bkimminich\/juice-shop<\/code> \u2013 <a href=\"https:\/\/github.com\/bkimminich\/juice-shop#docker-container--\">OWASP Juice Shop<\/a><\/li>\n<li><code>docker pull kalilinux\/kali-linux-docker<\/code> \u2013 <a href=\"https:\/\/www.kali.org\/news\/official-kali-linux-docker-images\/\">Kali Linux Docker Image<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-vulnerability-scanners\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#vulnerability-scanners\"><\/a>Vulnerability Scanners<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.rapid7.com\/products\/nexpose\/\">Nexpose<\/a> \u2013 Vulnerability Management &amp; Risk Management Software<\/li>\n<li><a href=\"http:\/\/www.tenable.com\/products\/nessus-vulnerability-scanner\">Nessus<\/a> \u2013 Vulnerability, configuration, and compliance assessment<\/li>\n<li><a href=\"https:\/\/cirt.net\/nikto2\">Nikto<\/a> \u2013 Web application vulnerability scanner<\/li>\n<li><a href=\"http:\/\/www.openvas.org\/\">OpenVAS<\/a> \u2013 Open Source vulnerability scanner and manager<\/li>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Zed_Attack_Proxy_Project\">OWASP Zed Attack Proxy<\/a> \u2013 Penetration testing tool for web applications<\/li>\n<li><a href=\"https:\/\/secapps.com\/\">Secapps<\/a> \u2013 Integrated web application security testing environment<\/li>\n<li><a href=\"https:\/\/github.com\/andresriancho\/w3af\">w3af<\/a> \u2013 Web application attack and audit framework<\/li>\n<li><a href=\"http:\/\/wapiti.sourceforge.net\/\">Wapiti<\/a> \u2013 Web application vulnerability scanner<\/li>\n<li><a href=\"http:\/\/www.webreaver.com\/\">WebReaver<\/a> \u2013 Web application vulnerability scanner for Mac OS X<\/li>\n<li><a href=\"https:\/\/github.com\/kost\/dvcs-ripper\">DVCS Ripper<\/a> \u2013 Rip web accessible (distributed) version control systems: SVN\/GIT\/HG\/BZR<\/li>\n<li><a href=\"https:\/\/github.com\/Arachni\/arachni\">arachni<\/a> \u2013 Web Application Security Scanner Framework<\/li>\n<li><a href=\"https:\/\/github.com\/future-architect\/vuls\">Vuls<\/a> \u2013 Vulnerability scanner for Linux\/FreeBSD, agentless, written in Go<\/li>\n<\/ul>\n<h4><a id=\"user-content-network-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#network-tools\"><\/a>Network Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/nmap.org\/\">nmap<\/a> \u2013 Free Security Scanner For Network Exploration &amp; Security Audits<\/li>\n<li><a href=\"https:\/\/github.com\/rafael-santiago\/pig\">pig<\/a> \u2013 A Linux packet crafting tool<\/li>\n<li><a href=\"http:\/\/www.tcpdump.org\/\">tcpdump\/libpcap<\/a> \u2013 A common packet analyzer that runs under the command line<\/li>\n<li><a href=\"https:\/\/www.wireshark.org\/\">Wireshark<\/a> \u2013 A network protocol analyzer for Unix and Windows<\/li>\n<li><a href=\"http:\/\/network-tools.com\/\">Network Tools<\/a> \u2013 Different network tools: ping, lookup, whois, etc<\/li>\n<li><a href=\"https:\/\/github.com\/netsniff-ng\/netsniff-ng\">netsniff-ng<\/a> \u2013 A Swiss army knife for for network sniffing<\/li>\n<li><a href=\"http:\/\/sniff.su\/\">Intercepter-NG<\/a> \u2013 a multifunctional network toolkit<\/li>\n<li><a href=\"http:\/\/sparta.secforce.com\/\">SPARTA<\/a> \u2013 Network Infrastructure Penetration Testing Tool<\/li>\n<li><a href=\"http:\/\/thesprawl.org\/projects\/dnschef\/\">dnschef<\/a> \u2013 A highly configurable DNS proxy for pentesters<\/li>\n<li><a href=\"https:\/\/dnsdumpster.com\/\">DNSDumpster<\/a> \u2013 Online DNS recon and search service<\/li>\n<li><a href=\"https:\/\/github.com\/fwaeytens\/dnsenum\/\">dnsenum<\/a> \u2013 Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results<\/li>\n<li><a href=\"https:\/\/github.com\/makefu\/dnsmap\/\">dnsmap<\/a> \u2013 Passive DNS network mapper<\/li>\n<li><a href=\"https:\/\/github.com\/darkoperator\/dnsrecon\/\">dnsrecon<\/a> \u2013 DNS Enumeration Script<\/li>\n<li><a href=\"http:\/\/www.mavetju.org\/unix\/dnstracer.php\">dnstracer<\/a> \u2013 Determines where a given DNS server gets its information from, and follows the chain of DNS servers<\/li>\n<li><a href=\"https:\/\/github.com\/chrislee35\/passivedns-client\">passivedns-client<\/a> \u2013 Provides a library and a query tool for querying several passive DNS providers<\/li>\n<li><a href=\"https:\/\/github.com\/gamelinux\/passivedns\">passivedns<\/a> \u2013 A network sniffer that logs all DNS server replies for use in a passive DNS setup<\/li>\n<li><a href=\"https:\/\/github.com\/robertdavidgraham\/masscan\">Mass Scan<\/a> \u2013 TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.<\/li>\n<li><a href=\"https:\/\/github.com\/hatRiot\/zarp\">Zarp<\/a> \u2013 Zarp is a network attack tool centered around the exploitation of local networks<\/li>\n<li><a href=\"https:\/\/github.com\/mitmproxy\/mitmproxy\">mitmproxy<\/a> \u2013 An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers<\/li>\n<li><a href=\"https:\/\/github.com\/justmao945\/mallory\">mallory<\/a> \u2013 HTTP\/HTTPS proxy over SSH<\/li>\n<li><a href=\"https:\/\/github.com\/netzob\/netzob\">Netzob<\/a> \u2013 Reverse engineering, traffic generation and fuzzing of communication protocols<\/li>\n<li><a href=\"https:\/\/github.com\/sensepost\/DET\">DET<\/a> \u2013 DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time<\/li>\n<li><a href=\"https:\/\/github.com\/samyk\/pwnat\">pwnat<\/a> \u2013 punches holes in firewalls and NATs<\/li>\n<li><a href=\"https:\/\/www.monkey.org\/%7Edugsong\/dsniff\/\">dsniff<\/a> \u2013 a collection of tools for network auditing and pentesting<\/li>\n<li><a href=\"http:\/\/tgcd.sourceforge.net\/\">tgcd<\/a> \u2013 a simple Unix network utility to extend the accessibility of TCP\/IP based network services beyond firewalls<\/li>\n<li><a href=\"https:\/\/github.com\/ShawnDEvans\/smbmap\">smbmap<\/a> \u2013 a handy SMB enumeration tool<\/li>\n<li><a href=\"https:\/\/github.com\/secdev\/scapy\">scapy<\/a> \u2013 a python-based interactive packet manipulation program &amp; library<\/li>\n<li><a href=\"https:\/\/github.com\/USArmyResearchLab\/Dshell\">Dshell<\/a> \u2013 Network forensic analysis framework<\/li>\n<li><a href=\"http:\/\/www.iwaxx.com\/debookee\/\">Debookee (MAC OS X)<\/a> \u2013 Intercept traffic from any device on your network<\/li>\n<li><a href=\"https:\/\/github.com\/dripcap\/dripcap\">Dripcap<\/a> \u2013 Caffeinated packet analyzer<\/li>\n<li><a href=\"https:\/\/github.com\/RUB-NDS\/PRET\">PRET<\/a> \u2013 Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing<\/li>\n<\/ul>\n<h4><a id=\"user-content-wireless-network-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#wireless-network-tools\"><\/a>Wireless Network Tools<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.aircrack-ng.org\/\">Aircrack-ng<\/a> \u2013 a set of tools for auditing wireless network<\/li>\n<li><a href=\"https:\/\/kismetwireless.net\/\">Kismet<\/a> \u2013 Wireless network detector, sniffer, and IDS<\/li>\n<li><a href=\"https:\/\/code.google.com\/archive\/p\/reaver-wps\">Reaver<\/a> \u2013 Brute force attack against Wifi Protected Setup<\/li>\n<li><a href=\"https:\/\/github.com\/derv82\/wifite\">Wifite<\/a> \u2013 Automated wireless attack tool<\/li>\n<li><a href=\"https:\/\/github.com\/sophron\/wifiphisher\">wifiphisher<\/a> \u2013 Automated phishing attacks against Wi-Fi networks<\/li>\n<\/ul>\n<h4><a id=\"user-content-ssl-analysis-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#ssl-analysis-tools\"><\/a>SSL Analysis Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/github.com\/nabla-c0d3\/sslyze\">SSLyze<\/a> \u2013 SSL configuration scanner<\/li>\n<li><a href=\"https:\/\/www.thoughtcrime.org\/software\/sslstrip\/\">sslstrip<\/a> \u2013 a demonstration of the HTTPS stripping attacks<\/li>\n<li><a href=\"https:\/\/github.com\/LeonardoNve\/sslstrip2\">sslstrip2<\/a> \u2013 SSLStrip version to defeat HSTS<\/li>\n<li><a href=\"https:\/\/github.com\/WestpointLtd\/tls_prober\">tls_prober<\/a> \u2013 fingerprint a server\u2019s SSL\/TLS implementation<\/li>\n<\/ul>\n<h4><a id=\"user-content-web-exploitation\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#web-exploitation\"><\/a>Web exploitation<\/h4>\n<ul>\n<li><a href=\"https:\/\/wpscan.org\/\">WPScan<\/a> \u2013 Black box WordPress vulnerability scanner<\/li>\n<li><a href=\"http:\/\/sqlmap.org\/\">SQLmap<\/a> \u2013 Automatic SQL injection and database takeover tool<\/li>\n<li><a href=\"https:\/\/github.com\/epinna\/tplmap\">tplmap<\/a> \u2013 Automatic server-side template injection and Web server takeover tool<\/li>\n<li><a href=\"https:\/\/github.com\/epinna\/weevely3\">weevely3<\/a> \u2013 Weaponized web shell<\/li>\n<li><a href=\"https:\/\/wappalyzer.com\/\">Wappalyzer<\/a> \u2013 Wappalyzer uncovers the technologies used on websites<\/li>\n<li><a href=\"https:\/\/code.google.com\/archive\/p\/cms-explorer\/\">cms-explorer<\/a> \u2013 CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.<\/li>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/Category:OWASP_Joomla_Vulnerability_Scanner_Project\">joomscan<\/a> \u2013 Joomla CMS scanner<\/li>\n<li><a href=\"https:\/\/github.com\/urbanadventurer\/WhatWeb\">WhatWeb<\/a> \u2013 Website Fingerprinter<\/li>\n<li><a href=\"http:\/\/blindelephant.sourceforge.net\/\">BlindElephant<\/a> \u2013 Web Application Fingerprinter<\/li>\n<li><a href=\"https:\/\/github.com\/kurobeats\/fimap\">fimap<\/a> \u2013 Find, prepare, audit, exploit and even google automatically for LFI\/RFI bugs<\/li>\n<li><a href=\"https:\/\/github.com\/D35m0nd142\/Kadabra\">Kadabra<\/a> \u2013 Automatic LFI exploiter and scanner<\/li>\n<li><a href=\"https:\/\/github.com\/P0cL4bs\/Kadimus\">Kadimus<\/a> \u2013 LFI scan and exploit tool<\/li>\n<li><a href=\"https:\/\/github.com\/hvqzao\/liffy\">liffy<\/a> \u2013 LFI exploitation tool<\/li>\n<li><a href=\"https:\/\/github.com\/internetwache\/GitTools\">GitTools<\/a> \u2013 Automatically find and download Web-accessible <code>.git<\/code> repositories<\/li>\n<li><a href=\"https:\/\/github.com\/commixproject\/commix\">Commix<\/a> \u2013 Automated All-in-One OS command injection and exploitation tool<\/li>\n<\/ul>\n<h4><a id=\"user-content-hex-editors\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#hex-editors\"><\/a>Hex Editors<\/h4>\n<ul>\n<li><a href=\"https:\/\/hexed.it\/\">HexEdit.js<\/a> \u2013 Browser-based hex editing<\/li>\n<li><a href=\"https:\/\/hexinator.com\/\">Hexinator<\/a> (commercial) \u2013 World\u2019s finest Hex Editor<\/li>\n<\/ul>\n<h4><a id=\"user-content-file-format-analysis-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#file-format-analysis-tools\"><\/a>File Format Analysis Tools<\/h4>\n<ul>\n<li><a href=\"http:\/\/kaitai.io\/\">Kaitai Struct<\/a> \u2013 File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby<\/li>\n<li><a href=\"https:\/\/codisec.com\/veles\/\">Veles<\/a> \u2013 Binary data visualization and analysis tool<\/li>\n<li><a href=\"http:\/\/hachoir3.readthedocs.io\/\">Hachoir<\/a> \u2013 Python library to view and edit a binary stream as tree of fields and tools for metadata extraction<\/li>\n<\/ul>\n<h4><a id=\"user-content-crackers\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#crackers\"><\/a>Crackers<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.openwall.com\/john\/\">John the Ripper<\/a> \u2013 Fast password cracker<\/li>\n<li><a href=\"http:\/\/hashcat.net\/hashcat\/\">Hashcat<\/a> \u2013 The more fast hash cracker<\/li>\n<\/ul>\n<h4><a id=\"user-content-windows-utils\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#windows-utils\"><\/a>Windows Utils<\/h4>\n<ul>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb842062\">Sysinternals Suite<\/a> \u2013 The Sysinternals Troubleshooting Utilities<\/li>\n<li><a href=\"http:\/\/www.ampliasecurity.com\/research\/windows-credentials-editor\/\">Windows Credentials Editor<\/a> \u2013 security tool to list logon sessions and add, change, list and delete associated credentials<\/li>\n<li><a href=\"http:\/\/blog.gentilkiwi.com\/mimikatz\">mimikatz<\/a> \u2013 Credentials extraction tool for Windows OS<\/li>\n<li><a href=\"https:\/\/github.com\/PowerShellMafia\/PowerSploit\">PowerSploit<\/a> \u2013 A PowerShell Post-Exploitation Framework<\/li>\n<li><a href=\"https:\/\/github.com\/GDSSecurity\/Windows-Exploit-Suggester\">Windows Exploit Suggester<\/a> \u2013 Detects potential missing patches on the target<\/li>\n<li><a href=\"https:\/\/github.com\/SpiderLabs\/Responder\">Responder<\/a> \u2013 A LLMNR, NBT-NS and MDNS poisoner<\/li>\n<li><a href=\"https:\/\/github.com\/adaptivethreat\/Bloodhound\/wiki\">Bloodhound<\/a> \u2013 A graphical Active Directory trust relationship explorer<\/li>\n<li><a href=\"https:\/\/github.com\/PowerShellEmpire\/Empire\">Empire<\/a> \u2013 Empire is a pure PowerShell post-exploitation agent<\/li>\n<li><a href=\"https:\/\/github.com\/rabbitstack\/fibratus\">Fibratus<\/a> \u2013 Tool for exploration and tracing of the Windows kernel<\/li>\n<\/ul>\n<h4><a id=\"user-content-linux-utils\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#linux-utils\"><\/a>Linux Utils<\/h4>\n<ul>\n<li><a href=\"https:\/\/github.com\/PenturaLabs\/Linux_Exploit_Suggester\">Linux Exploit Suggester<\/a> \u2013 Linux Exploit Suggester; based on operating system release number.<\/li>\n<\/ul>\n<h4><a id=\"user-content-ddos-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#ddos-tools\"><\/a>DDoS Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/github.com\/NewEraCracker\/LOIC\/\">LOIC<\/a> \u2013 An open source network stress tool for Windows<\/li>\n<li><a href=\"http:\/\/metacortexsecurity.com\/tools\/anon\/LOIC\/LOICv1.html\">JS LOIC<\/a> \u2013 JavaScript in-browser version of LOIC<\/li>\n<li><a href=\"https:\/\/sourceforge.net\/projects\/t50\/\">T50<\/a> \u2013 The more fast network stress tool<\/li>\n<\/ul>\n<h4><a id=\"user-content-social-engineering-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#social-engineering-tools\"><\/a>Social Engineering Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/github.com\/trustedsec\/social-engineer-toolkit\">SET<\/a> \u2013 The Social-Engineer Toolkit from TrustedSec<\/li>\n<\/ul>\n<h4><a id=\"user-content-osint-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#osint-tools\"><\/a>OSInt Tools<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.paterva.com\/web7\/\">Maltego<\/a> \u2013 Proprietary software for open source intelligence and forensics, from Paterva.<\/li>\n<li><a href=\"https:\/\/github.com\/laramies\/theHarvester\">theHarvester<\/a> \u2013 E-mail, subdomain and people names harvester<\/li>\n<li><a href=\"https:\/\/github.com\/ilektrojohn\/creepy\">creepy<\/a> \u2013 A geolocation OSINT tool<\/li>\n<li><a href=\"https:\/\/github.com\/laramies\/metagoofil\">metagoofil<\/a> \u2013 Metadata harvester<\/li>\n<li><a href=\"https:\/\/www.exploit-db.com\/google-hacking-database\/\">Google Hacking Database<\/a> \u2013 a database of Google dorks; can be used for recon<\/li>\n<li><a href=\"https:\/\/www.censys.io\/\">Censys<\/a> \u2013 Collects data on hosts and websites through daily ZMap and ZGrab scans<\/li>\n<li><a href=\"https:\/\/www.shodan.io\/\">Shodan<\/a> \u2013 Shodan is the world\u2019s first search engine for Internet-connected devices<\/li>\n<li><a href=\"https:\/\/bitbucket.org\/LaNMaSteR53\/recon-ng\">recon-ng<\/a> \u2013 A full-featured Web Reconnaissance framework written in Python<\/li>\n<li><a href=\"https:\/\/github.com\/techgaun\/github-dorks\">github-dorks<\/a> \u2013 CLI tool to scan github repos\/organizations for potential sensitive information leak<\/li>\n<li><a href=\"https:\/\/github.com\/melvinsh\/vcsmap\">vcsmap<\/a> \u2013 A plugin-based tool to scan public version control systems for sensitive information<\/li>\n<li><a href=\"http:\/\/www.spiderfoot.net\/\">Spiderfoot<\/a> \u2013 multi-source OSINT automation tool with a Web UI and report visualizations<\/li>\n<li><a href=\"https:\/\/github.com\/Hood3dRob1n\/BinGoo\">BinGoo<\/a> \u2013 A Linux bash based Bing and Google Dorking Tool<\/li>\n<li><a href=\"https:\/\/github.com\/jgor\/dork-cli\">dork-cli<\/a> \u2013 Command-line Google dork tool.<\/li>\n<li><a href=\"https:\/\/github.com\/DanMcInerney\/fast-recon\">fast-recon<\/a> \u2013 Does some google dorks against a domain<\/li>\n<li><a href=\"https:\/\/github.com\/JohnTroony\/Google-dorks\">Google-dorks<\/a> \u2013 Common google dorks and others you prolly don\u2019t know<\/li>\n<li><a href=\"https:\/\/github.com\/Smaash\/snitch\">snitch<\/a> \u2013 information gathering via dorks<\/li>\n<li><a href=\"https:\/\/github.com\/k3170makan\/GooDork\">GooDork<\/a> \u2013 Command line go0gle dorking tool<\/li>\n<li><a href=\"http:\/\/osintframework.com\/\">OSINT Framework<\/a> \u2013 Collection of various OSInt tools broken out by category.<\/li>\n<li><a href=\"https:\/\/inteltechniques.com\/menu.html\">Intel Techniques<\/a> \u2013 A collection of OSINT tools. Menu on the left can be used to navigate through the categories.<\/li>\n<li><a href=\"https:\/\/github.com\/upgoingstar\/datasploit\">DataSploit<\/a> \u2013 OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.<\/li>\n<\/ul>\n<h4><a id=\"user-content-anonymity-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#anonymity-tools\"><\/a>Anonymity Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.torproject.org\/\">Tor<\/a> \u2013 The free software for enabling onion routing online anonymity<\/li>\n<li><a href=\"https:\/\/geti2p.net\/en\/\">I2P<\/a> \u2013 The Invisible Internet Project<\/li>\n<li><a href=\"https:\/\/github.com\/GouveaHeitor\/nipe\">Nipe<\/a> \u2013 Script to redirect all traffic from the machine to the Tor network.<\/li>\n<\/ul>\n<h4><a id=\"user-content-reverse-engineering-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#reverse-engineering-tools\"><\/a>Reverse Engineering Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.hex-rays.com\/products\/ida\/\">IDA Pro<\/a> \u2013 A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger<\/li>\n<li><a href=\"https:\/\/www.hex-rays.com\/products\/ida\/support\/download_freeware.shtml\">IDA Free<\/a> \u2013 The freeware version of IDA v5.0<\/li>\n<li><a href=\"https:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/hh852365.aspx\">WDK\/WinDbg<\/a> \u2013 Windows Driver Kit and WinDbg<\/li>\n<li><a href=\"http:\/\/www.ollydbg.de\/\">OllyDbg<\/a> \u2013 An x86 debugger that emphasizes binary code analysis<\/li>\n<li><a href=\"http:\/\/rada.re\/r\/index.html\">Radare2<\/a> \u2013 Opensource, crossplatform reverse engineering framework<\/li>\n<li><a href=\"http:\/\/x64dbg.com\/\">x64_dbg<\/a> \u2013 An open-source x64\/x32 debugger for windows<\/li>\n<li><a href=\"http:\/\/debugger.immunityinc.com\/\">Immunity Debugger<\/a> \u2013 A powerful new way to write exploits and analyze malware<\/li>\n<li><a href=\"http:\/\/www.codef00.com\/projects#debugger\">Evan\u2019s Debugger<\/a> \u2013 OllyDbg-like debugger for Linux<\/li>\n<li><a href=\"https:\/\/github.com\/wisk\/medusa\">Medusa disassembler<\/a> \u2013 An open source interactive disassembler<\/li>\n<li><a href=\"https:\/\/github.com\/joelpx\/plasma\">plasma<\/a> \u2013 Interactive disassembler for x86\/ARM\/MIPS. Generates indented pseudo-code with colored syntax code<\/li>\n<li><a href=\"https:\/\/github.com\/longld\/peda\">peda<\/a> \u2013 Python Exploit Development Assistance for GDB<\/li>\n<li><a href=\"https:\/\/github.com\/0xd4d\/dnSpy\">dnSpy<\/a> \u2013 dnSpy is a tool to reverse engineer .NET assemblies<\/li>\n<\/ul>\n<h4><a id=\"user-content-ctf-tools\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#ctf-tools\"><\/a>CTF Tools<\/h4>\n<ul>\n<li><a href=\"https:\/\/github.com\/Gallopsled\/pwntools\">Pwntools<\/a> \u2013 CTF framework for use in CTFs<\/li>\n<\/ul>\n<h3><a id=\"user-content-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#books\"><\/a>Books<\/h3>\n<h4><a id=\"user-content-penetration-testing-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#penetration-testing-books\"><\/a>Penetration Testing Books<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.nostarch.com\/hacking2.htm\">The Art of Exploitation by Jon Erickson, 2008<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/metasploit\">Metasploit: The Penetration Tester\u2019s Guide by David Kennedy et al., 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/pentesting\">Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Rtfm-Red-Team-Field-Manual\/dp\/1494295504\/\">Rtfm: Red Team Field Manual by Ben Clark, 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/The-Hacker-Playbook-Practical-Penetration\/dp\/1494932636\/\">The Hacker Playbook by Peter Kim, 2014<\/a><\/li>\n<li><a href=\"https:\/\/www.elsevier.com\/books\/the-basics-of-hacking-and-penetration-testing\/engebretson\/978-1-59749-655-1\">The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013<\/a><\/li>\n<li><a href=\"https:\/\/www.elsevier.com\/books\/professional-penetration-testing\/wilhelm\/978-1-59749-993-4\">Professional Penetration Testing by Thomas Wilhelm, 2013<\/a><\/li>\n<li><a href=\"http:\/\/www.packtpub.com\/networking-and-servers\/advanced-penetration-testing-highly-secured-environments-ultimate-security-gu\">Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012<\/a><\/li>\n<li><a href=\"https:\/\/www.elsevier.com\/books\/violent-python\/unknown\/978-1-59749-957-6\">Violent Python by TJ O\u2019Connor, 2012<\/a><\/li>\n<li><a href=\"http:\/\/www.fuzzing.org\/\">Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Black-Hat-Python-Programming-Pentesters\/dp\/1593275900\">Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Penetration-Testing-Procedures-Methodologies-EC-Council\/dp\/1435483677\">Penetration Testing: Procedures &amp; Methodologies by EC-Council, 2010<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Unauthorised-Access-Physical-Penetration-Security-ebook\/dp\/B005DIAPKE\">Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Advanced-Persistent-Threat-Hacking-Organization\/dp\/0071828362\">Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/bughunter\">Bug Hunter\u2019s Diary by Tobias Klein, 2011<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-hackers-handbook-series\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#hackers-handbook-series\"><\/a>Hackers Handbook Series<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-0764578014.html\">The Database Hacker\u2019s Handbook, David Litchfield et al., 2005<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-047008023X.html\">The Shellcoders Handbook by Chris Anley et al., 2007<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-0470395362.html\">The Mac Hacker\u2019s Handbook by Charlie Miller &amp; Dino Dai Zovi, 2009<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118026470.html\">The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118204123.html\">iOS Hackers Handbook by Charlie Miller et al., 2012<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-111860864X.html\">Android Hackers Handbook by Joshua J. Drake et al., 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118662091.html\">The Browser Hackers Handbook by Wade Alcorn et al., 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118958500.html\">The Mobile Application Hackers Handbook by Dominic Chell et al., 2015<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/carhacking\">Car Hacker\u2019s Handbook by Craig Smith, 2016<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-defensive-development\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#defensive-development\"><\/a>Defensive Development<\/h4>\n<ul>\n<li><a href=\"https:\/\/leanpub.com\/holistic-infosec-for-web-developers\">Holistic Info-Sec for Web Developers (Fascicle 0)<\/a><\/li>\n<li><a href=\"https:\/\/leanpub.com\/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications\">Holistic Info-Sec for Web Developers (Fascicle 1)<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-network-analysis-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#network-analysis-books\"><\/a>Network Analysis Books<\/h4>\n<ul>\n<li><a href=\"https:\/\/nmap.org\/book\/\">Nmap Network Scanning by Gordon Fyodor Lyon, 2009<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/packet2.htm\">Practical Packet Analysis by Chris Sanders, 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.amazon.com\/Wireshark-Network-Analysis-Second-Certified\/dp\/1893939944\">Wireshark Network Analysis by by Laura Chappell &amp; Gerald Combs, 2012<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Network-Forensics-Tracking-Hackers-Cyberspace-ebook\/dp\/B008CG8CYU\/\">Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff &amp; Jonathan Ham, 2012<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-reverse-engineering-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#reverse-engineering-books\"><\/a>Reverse Engineering Books<\/h4>\n<ul>\n<li><a href=\"http:\/\/beginners.re\/\">Reverse Engineering for Beginners by Dennis Yurichev<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/xbox.htm\">Hacking the Xbox by Andrew Huang, 2003<\/a><\/li>\n<li><a href=\"https:\/\/www.nostarch.com\/idapro2.htm\">The IDA Pro Book by Chris Eagle, 2011<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118787315.html\">Practical Reverse Engineering by Bruce Dang et al., 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.amazon.com\/Hacking-Ethical-Hackers-Handbook-Edition\/dp\/0071832386\">Gray Hat Hacking The Ethical Hacker\u2019s Handbook by Daniel Regalado et al., 2015<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-malware-analysis-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#malware-analysis-books\"><\/a>Malware Analysis Books<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.nostarch.com\/malware\">Practical Malware Analysis by Michael Sikorski &amp; Andrew Honig, 2012<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118825098.html\">The Art of Memory Forensics by Michael Hale Ligh et al., 2014<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-0470613033.html\">Malware Analyst\u2019s Cookbook and DVD by Michael Hale Ligh et al., 2010<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-windows-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#windows-books\"><\/a>Windows Books<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.amazon.com\/Windows-Internals-Part-Developer-Reference\/dp\/0735648735\/\">Windows Internals by Mark Russinovich et al., 2012<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-social-engineering-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#social-engineering-books\"><\/a>Social Engineering Books<\/h4>\n<ul>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-0471237124.html\">The Art of Deception by Kevin D. Mitnick &amp; William L. Simon, 2002<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-0764569597.html\">The Art of Intrusion by Kevin D. Mitnick &amp; William L. Simon, 2005<\/a><\/li>\n<li><a href=\"http:\/\/www.hachettebookgroup.com\/titles\/kevin-mitnick\/ghost-in-the-wires\/9780316134477\/\">Ghost in the Wires by Kevin D. Mitnick &amp; William L. Simon, 2011<\/a><\/li>\n<li><a href=\"https:\/\/www.elsevier.com\/books\/no-tech-hacking\/mitnick\/978-1-59749-215-7\">No Tech Hacking by Johnny Long &amp; Jack Wiles, 2008<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-0470639539.html\">Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010<\/a><\/li>\n<li><a href=\"http:\/\/www.wiley.com\/WileyCDA\/WileyTitle\/productCd-1118608577.html\">Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014<\/a><\/li>\n<li><a href=\"https:\/\/www.mhprofessional.com\/product.php?isbn=0071818464\">Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-lock-picking-books\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#lock-picking-books\"><\/a>Lock Picking Books<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.elsevier.com\/books\/practical-lock-picking\/ollam\/978-1-59749-989-7\">Practical Lock Picking by Deviant Ollam, 2012<\/a><\/li>\n<li><a href=\"https:\/\/www.elsevier.com\/books\/keys-to-the-kingdom\/ollam\/978-1-59749-983-5\">Keys to the Kingdom by Deviant Ollam, 2012<\/a><\/li>\n<li><a href=\"https:\/\/www.scribd.com\/doc\/7207\/CIA-Lock-Picking-Field-Operative-Training-Manual\">CIA Lock Picking Field Operative Training Manual<\/a><\/li>\n<li><a href=\"https:\/\/www.dropbox.com\/s\/y39ix9u9qpqffct\/Lockpicking%20Detail%20Overkill.pdf?dl=0\">Lock Picking: Detail Overkill by Solomon<\/a><\/li>\n<li><a href=\"https:\/\/www.dropbox.com\/sh\/k3z4dm4vyyojp3o\/AAAIXQuwMmNuCch_StLPUYm-a?dl=0\">Eddie the Wire books<\/a><\/li>\n<\/ul>\n<h4><a id=\"user-content-defcon-suggested-reading\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#defcon-suggested-reading\"><\/a>Defcon Suggested Reading<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.defcon.org\/html\/links\/book-list.html\">Defcon Suggested Reading<\/a><\/li>\n<\/ul>\n<h3><a id=\"user-content-vulnerability-databases\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#vulnerability-databases\"><\/a>Vulnerability Databases<\/h3>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/\">NVD<\/a> \u2013 US National Vulnerability Database<\/li>\n<li><a href=\"https:\/\/www.us-cert.gov\/\">CERT<\/a> \u2013 US Computer Emergency Readiness Team<\/li>\n<li><a href=\"https:\/\/blog.osvdb.org\/\">OSVDB<\/a> \u2013 Open Sourced Vulnerability Database<\/li>\n<li><a href=\"http:\/\/www.securityfocus.com\/\">Bugtraq<\/a> \u2013 Symantec SecurityFocus<\/li>\n<li><a href=\"https:\/\/www.exploit-db.com\/\">Exploit-DB<\/a> \u2013 Offensive Security Exploit Database<\/li>\n<li><a href=\"http:\/\/seclists.org\/fulldisclosure\/\">Fulldisclosure<\/a> \u2013 Full Disclosure Mailing List<\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/bulletins\">MS Bulletin<\/a> \u2013 Microsoft Security Bulletin<\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/advisories\">MS Advisory<\/a> \u2013 Microsoft Security Advisories<\/li>\n<li><a href=\"http:\/\/www.1337day.com\/\">Inj3ct0r<\/a> \u2013 Inj3ct0r Exploit Database<\/li>\n<li><a href=\"https:\/\/packetstormsecurity.com\/\">Packet Storm<\/a> \u2013 Packet Storm Global Security Resource<\/li>\n<li><a href=\"http:\/\/www.securiteam.com\/\">SecuriTeam<\/a> \u2013 Securiteam Vulnerability Information<\/li>\n<li><a href=\"http:\/\/cxsecurity.com\/\">CXSecurity<\/a> \u2013 CSSecurity Bugtraq List<\/li>\n<li><a href=\"http:\/\/www.vulnerability-lab.com\/\">Vulnerability Laboratory<\/a> \u2013 Vulnerability Research Laboratory<\/li>\n<li><a href=\"http:\/\/www.zerodayinitiative.com\/\">ZDI<\/a> \u2013 Zero Day Initiative<\/li>\n<li><a href=\"https:\/\/vulners.com\/\">Vulners<\/a> \u2013 Security database of software vulnerabilities<\/li>\n<\/ul>\n<h3><a id=\"user-content-security-courses\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#security-courses\"><\/a>Security Courses<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.offensive-security.com\/information-security-training\/\">Offensive Security Training<\/a> \u2013 Training from BackTrack\/Kali developers<\/li>\n<li><a href=\"http:\/\/www.sans.org\/\">SANS Security Training<\/a> \u2013 Computer Security Training &amp; Certification<\/li>\n<li><a href=\"http:\/\/opensecuritytraining.info\/\">Open Security Training<\/a> \u2013 Training material for computer security classes<\/li>\n<li><a href=\"https:\/\/trailofbits.github.io\/ctf\/\">CTF Field Guide<\/a> \u2013 everything you need to win your next CTF competition<\/li>\n<li><a href=\"http:\/\/azcwr.org\/\">ARIZONA CYBER WARFARE RANGE<\/a> \u2013 24\u00d77 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.<\/li>\n<li><a href=\"http:\/\/cybrary.it\/\">Cybrary<\/a> \u2013 Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book \u2018Penetration Testing for Highly Secured Enviroments\u2019.<\/li>\n<li><a href=\"http:\/\/computersecuritystudent.com\/\">Computer Security Student<\/a> \u2013 Many free tutorials, great for beginners, $10\/mo membership unlocks all content<\/li>\n<li><a href=\"https:\/\/www.enisa.europa.eu\/topics\/trainings-for-cybersecurity-specialists\/online-training-material\">European Union Agency for Network and Information Security<\/a> \u2013 ENISA Cyber Security Training material<\/li>\n<\/ul>\n<h3><a id=\"user-content-information-security-conferences\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#information-security-conferences\"><\/a>Information Security Conferences<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.defcon.org\/\">DEF CON<\/a> \u2013 An annual hacker convention in Las Vegas<\/li>\n<li><a href=\"http:\/\/www.blackhat.com\/\">Black Hat<\/a> \u2013 An annual security conference in Las Vegas<\/li>\n<li><a href=\"http:\/\/www.securitybsides.com\/\">BSides<\/a> \u2013 A framework for organising and holding security conferences<\/li>\n<li><a href=\"https:\/\/events.ccc.de\/congress\/\">CCC<\/a> \u2013 An annual meeting of the international hacker scene in Germany<\/li>\n<li><a href=\"https:\/\/www.derbycon.com\/\">DerbyCon<\/a> \u2013 An annual hacker conference based in Louisville<\/li>\n<li><a href=\"http:\/\/phreaknic.info\/\">PhreakNIC<\/a> \u2013 A technology conference held annually in middle Tennessee<\/li>\n<li><a href=\"http:\/\/shmoocon.org\/\">ShmooCon<\/a> \u2013 An annual US east coast hacker convention<\/li>\n<li><a href=\"http:\/\/www.carolinacon.org\/\">CarolinaCon<\/a> \u2013 An infosec conference, held annually in North Carolina<\/li>\n<li><a href=\"https:\/\/2016.chcon.nz\/\">CHCon<\/a> \u2013 Christchurch Hacker Con, Only South Island of New Zealand hacker con<\/li>\n<li><a href=\"http:\/\/www.summercon.org\/\">SummerCon<\/a> \u2013 One of the oldest hacker conventions, held during Summer<\/li>\n<li><a href=\"https:\/\/2016.hack.lu\/\">Hack.lu<\/a> \u2013 An annual conference held in Luxembourg<\/li>\n<li><a href=\"https:\/\/conference.hitb.org\/\">HITB<\/a> \u2013 Deep-knowledge security conference held in Malaysia and The Netherlands<\/li>\n<li><a href=\"https:\/\/www.troopers.de\/\">Troopers<\/a> \u2013 Annual international IT Security event with workshops held in Heidelberg, Germany<\/li>\n<li><a href=\"http:\/\/hack3rcon.org\/\">Hack3rCon<\/a> \u2013 An annual US hacker conference<\/li>\n<li><a href=\"http:\/\/thotcon.org\/\">ThotCon<\/a> \u2013 An annual US hacker conference held in Chicago<\/li>\n<li><a href=\"http:\/\/www.layerone.org\/\">LayerOne<\/a> \u2013 An annual US security conference held every spring in Los Angeles<\/li>\n<li><a href=\"https:\/\/deepsec.net\/\">DeepSec<\/a> \u2013 Security Conference in Vienna, Austria<\/li>\n<li><a href=\"http:\/\/www.skydogcon.com\/\">SkyDogCon<\/a> \u2013 A technology conference in Nashville<\/li>\n<li><a href=\"http:\/\/secuinside.com\/\">SECUINSIDE<\/a> \u2013 Security Conference in <a href=\"https:\/\/en.wikipedia.org\/wiki\/Seoul\">Seoul<\/a><\/li>\n<li><a href=\"http:\/\/def.camp\/\">DefCamp<\/a> \u2013 Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania<\/li>\n<li><a href=\"https:\/\/2016.appsecusa.org\/\">AppSecUSA<\/a> \u2013 An annual conference organised by OWASP<\/li>\n<li><a href=\"http:\/\/brucon.org\/\">BruCON<\/a> \u2013 An annual security conference in Belgium<\/li>\n<li><a href=\"http:\/\/www.infosecurityeurope.com\/\">Infosecurity Europe<\/a> \u2013 Europe\u2019s number one information security event, held in London, UK<\/li>\n<li><a href=\"http:\/\/nullcon.net\/website\/\">Nullcon<\/a> \u2013 An annual conference in Delhi and Goa, India<\/li>\n<li><a href=\"https:\/\/www.rsaconference.com\/\">RSA Conference USA<\/a> \u2013 An annual security conference in San Francisco, California, USA<\/li>\n<li><a href=\"https:\/\/www.swisscyberstorm.com\/\">Swiss Cyber Storm<\/a> \u2013 An annual security conference in Lucerne, Switzerland<\/li>\n<li><a href=\"https:\/\/www.virusbulletin.com\/conference\/index\">Virus Bulletin Conference<\/a> \u2013 An annual conference going to be held in Denver, USA for 2016<\/li>\n<li><a href=\"http:\/\/www.ekoparty.org\/\">Ekoparty<\/a> \u2013 Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina<\/li>\n<li><a href=\"https:\/\/44con.com\/\">44Con<\/a> \u2013 Annual Security Conference held in London<\/li>\n<li><a href=\"https:\/\/www.balccon.org\/\">BalCCon<\/a> \u2013 Balkan Computer Congress, annualy held in Novi Sad, Serbia<\/li>\n<li><a href=\"http:\/\/fsec.foi.hr\/\">FSec<\/a> \u2013 FSec \u2013 Croatian Information Security Gathering in Vara\u017edin, Croatia<\/li>\n<\/ul>\n<h3><a id=\"user-content-information-security-magazines\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#information-security-magazines\"><\/a>Information Security Magazines<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.2600.com\/Magazine\/DigitalEditions\">2600: The Hacker Quarterly<\/a> \u2013 An American publication about technology and computer \u201cunderground\u201d<\/li>\n<li><a href=\"http:\/\/www.phrack.org\/\">Phrack Magazine<\/a> \u2013 By far the longest running hacker zine<\/li>\n<\/ul>\n<h3><a id=\"user-content-awesome-lists\" class=\"anchor\" href=\"https:\/\/github.com\/enaqx\/awesome-pentest\/blob\/master\/README.md#awesome-lists\"><\/a>Awesome Lists<\/h3>\n<ul>\n<li><a href=\"http:\/\/tools.kali.org\/tools-listing\">Kali Linux Tools<\/a> \u2013 List of tools present in Kali Linux<\/li>\n<li><a href=\"http:\/\/sectools.org\/\">SecTools<\/a> \u2013 Top 125 Network Security Tools<\/li>\n<li><a href=\"https:\/\/github.com\/coreb1t\/awesome-pentest-cheat-sheets\">Pentest Cheat Sheets<\/a> \u2013 Awesome Pentest Cheat Sheets<\/li>\n<li><a href=\"https:\/\/github.com\/fffaraz\/awesome-cpp\">C\/C++ Programming<\/a> \u2013 One of the main language for open source security tools<\/li>\n<li><a href=\"https:\/\/github.com\/quozd\/awesome-dotnet\">.NET Programming<\/a> \u2013 A software framework for Microsoft Windows platform development<\/li>\n<li><a href=\"https:\/\/github.com\/alebcay\/awesome-shell\">Shell Scripting<\/a> \u2013 Command-line frameworks, toolkits, guides and gizmos<\/li>\n<li><a href=\"https:\/\/github.com\/dreikanter\/ruby-bookmarks\">Ruby Programming by @dreikanter<\/a> \u2013 The de-facto language for writing exploits<\/li>\n<li><a href=\"https:\/\/github.com\/markets\/awesome-ruby\">Ruby Programming by @markets<\/a> \u2013 The de-facto language for writing exploits<\/li>\n<li><a href=\"https:\/\/github.com\/Sdogruyol\/awesome-ruby\">Ruby Programming by @Sdogruyol<\/a> \u2013 The de-facto language for writing exploits<\/li>\n<li><a href=\"https:\/\/github.com\/sorrycc\/awesome-javascript\">JavaScript Programming<\/a> \u2013 In-browser development and scripting<\/li>\n<li><a href=\"https:\/\/github.com\/sindresorhus\/awesome-nodejs\">Node.js Programming by @sindresorhus<\/a> \u2013 A curated list of delightful Node.js packages and resources<\/li>\n<li><a href=\"https:\/\/github.com\/dloss\/python-pentest-tools\">Python tools for penetration testers<\/a> \u2013 Lots of pentesting tools are written in Python<\/li>\n<li><a href=\"https:\/\/github.com\/svaksha\/pythonidae\">Python Programming by @svaksha<\/a> \u2013 General Python programming<\/li>\n<li><a href=\"https:\/\/github.com\/vinta\/awesome-python\">Python Programming by @vinta<\/a> \u2013 General Python programming<\/li>\n<li><a href=\"https:\/\/github.com\/ashishb\/android-security-awesome\">Android Security<\/a> \u2013 A collection of android security related resources<\/li>\n<li><a href=\"https:\/\/github.com\/bayandin\/awesome-awesomeness\">Awesome Awesomness<\/a> \u2013 The List of the Lists<\/li>\n<li><a href=\"https:\/\/github.com\/paragonie\/awesome-appsec\">AppSec<\/a> \u2013 Resources for learning about application security<\/li>\n<li><a href=\"https:\/\/github.com\/apsdehal\/awesome-ctf\">CTFs<\/a> \u2013 Capture The Flag frameworks, libraries, etc<\/li>\n<li><a href=\"https:\/\/github.com\/carpedm20\/awesome-hacking\">Hacking<\/a> \u2013 Tutorials, tools, and resources<\/li>\n<li><a href=\"https:\/\/github.com\/paralax\/awesome-honeypots\">Honeypots<\/a> \u2013 Honeypots, tools, components, and more<\/li>\n<li><a href=\"https:\/\/github.com\/onlurking\/awesome-infosec\">Infosec<\/a> \u2013 Information security resources for pentesting, forensics, and more<\/li>\n<li><a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis\">Malware Analysis<\/a> \u2013 Tools and resources for analysts<\/li>\n<li><a href=\"https:\/\/github.com\/caesar0301\/awesome-pcaptools\">PCAP Tools<\/a> \u2013 Tools for processing network traffic<\/li>\n<li><a href=\"https:\/\/github.com\/sbilly\/awesome-security\">Security<\/a> \u2013 Software, libraries, documents, and other resources<\/li>\n<li><a href=\"https:\/\/github.com\/sindresorhus\/awesome\">Awesome List<\/a> \u2013 A curated list of awesome lists<\/li>\n<li><a href=\"https:\/\/github.com\/danielmiessler\/SecLists\">SecLists<\/a> \u2013 Collection of multiple types of lists used during security assessments<\/li>\n<li><a href=\"https:\/\/github.com\/PaulSec\/awesome-sec-talks\">Security Talks<\/a> \u2013 A curated list of security conferences<\/li>\n<\/ul>\n<div class=\"wpcnt\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Este projeto \u00e9 suportado pelo Netsparker Web Application Security Scanner<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[194,193],"tags":[198,197,196,195],"class_list":["post-1282","post","type-post","status-publish","format-standard","hentry","category-pentest","category-seguranca","tag-peneracao","tag-penetracao","tag-pentest","tag-seguranca"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/posts\/1282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/comments?post=1282"}],"version-history":[{"count":2,"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/posts\/1282\/revisions"}],"predecessor-version":[{"id":1284,"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/posts\/1282\/revisions\/1284"}],"wp:attachment":[{"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/media?parent=1282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/categories?post=1282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gianfratti.com\/index.php\/wp-json\/wp\/v2\/tags?post=1282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}