Metasploit – The world’s most used penetration testing framework. Find security issues, verify vulnerability mitigations & manage security assessments.
Nessus – vulnerability scanner.
Kali Linux – an industry standard penetration testing distribution & framework. It’s fully customizable and utilizes LUKS full-disk encryption.
Parrot OS – a full portable laboratory for all kinds of cyber security operations.
Kali Linux Nethunter – Open Source Android penetration testing platform.
OpenVAS – Open Vulnerability Assessment Scanner.
REMnux – is a Linux toolkit for reverse-engineering and analyzing malicious software.
Port scanners
Port scanners are essentials tolls for maintaining and testing server security.
Nmap – Network Mapper is a free and open source utility for network discovery and security auditing.
Unicornscan -offers asynchronous TCP and UDP scanning capabilities and non-common network discovery patterns.
Angry IP Scanner – super fast, scans local networks as well as Internet.
Intrusion detection systems (IDS/IPS)
Intrusion detection / prevention systems provide valuable information about potential attack vectors, which is essential when proactively identifying threats, setting up defenses and responding to incidents.
Snort – uses rules that help define malicious network activity.
OSSEC – world’s most popular free and open source host-based intrusion detection system.
Suricata – free and open source, mature, fast and robust network threat detection engine.
Cowrie – SSH and Telnet honeypot designed to log brute force attacks and the shell interaction.
Logwatch – not IDS, but absolutely useful for the purpose. It parses through system’s logs and creates a report.
Fail2ban – scans log files and bans IPs that show the malicious signs such as too many password failures, seeking for exploits etc.
Exploit databases
Google Hacking Database – exploit database by Offensive Security.
Build your lab
Vulnhub.com – virtual machines for security lab.
AutoRecon – multi-threaded network reconnaissance tool .
GOWAPT – Web Application Penetration Test.
Train your pen skills
Nets.ec – Information about shellcode, countermeasures, administration, exploitation and programming.
OpenSecurityTraining.info – training material for computer security classes.
Metasploit unleashed – the most complete and in-depth Metasploit guide available.
Pentest-standard.org – the penetration testing execution standard.
SWEET – secure web development teaching.
Securitytube – over the shoulder security training videos.
Hack.me – build, host and share vulnerable web application code for educational and research purposes.
Falconspy.medium.com – valuable reading you are preparing for OSCP.
Test your hacking skills
Virtualhackinglabs.com – commercial online penetration testing lab.
Hackthebox.eu – test your penetration testing skills.
For rainy days
Cmdchallenge.com – test your command line skills.
Root-me.org – train your hacking skills.
Defendtheweb.net – community and articles.
ChaosVPN – VPN to connect Hackers and Hackerspaces.
PenTestIt – Cyberattack world map.
Dangerous websites lists / feeds / databases
https://bitbucket.org/threatshub/th-dfbase/raw/master/data/malware/ThreatsHub_Malicious_DataFeed
zonefiles.io/compromised-domain-list/
github.com/firehol/blocklist-ipsets
https://github.com/stamparm/ipsum
Pen testing news feed
-
Tails 5.11 Amnesic Incognito Live System Switches to ZRam and Linux Kernel 6.1 LTS
LinuxSecurity - Security Articles - 20 March 2023, 11:00 amTails 5.11 amnesic incognito live system has been released today as a monthly update to this security-focused Debian-based GNU/Linux distribution aimed at preserving your privacy…Read More
-
Researcher Creates Polymorphic Blackmamba Malware with ChatGPT
LinuxSecurity - Security Articles - 20 March 2023, 11:00 amThe ChatGPT-powered Blackmamba malware, which can operate on macOS, Windows, and Linux systems, works as a keylogger, with the ability to send stolen credentials through…Read More
-
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
LinuxSecurity - Security Articles - 20 March 2023, 11:00 amVulnerability management is vital to a robust, proactive endpoint security strategy, enabling organizations to identify and address security weaknesses before they lead to a cyberattack…Read More
-
4 day work weeks as a pentesting firm?
PenTesting - 20 March 2023, 1:41 amI am a Senior Web Application Penetration Tester currently working for a firm that has mentioned that they wouldn't be opposed to exploring a 4…Read More
-
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
LinuxSecurity - Security Articles - 19 March 2023, 11:00 amMultiple high-impact security issues have been discovered in Thunderbird, which could result in denial of service (DoS) attacks leading to server crashes and loss of…Read More
-
Languages for pentesters
PenTesting - 19 March 2023, 9:18 amThis question might repeat a lot but I wanted to know for my specific case. Being a sysadmin gave me experience in Bash, Powershell and…Read More
-
Web apps pen test cert?
PenTesting - 19 March 2023, 1:46 amI’ve been in different IT roles for many years. I have some basic web app security knowledge (self taught). Looking to change path and go…Read More
-
Question
PenTesting - 18 March 2023, 12:08 amAre physical password keys worth it? if so what are brands you trust thanks. submitted by /u/Ctap70 [link] [comments]Read More
-
Hey there . Any tips on how to start learning about physical pen testing ? All the help would be appreciated
PenTesting - 16 March 2023, 10:05 pmsubmitted by /u/Mrlonelyboyyyy [link] [comments]Read More