Hacking & Penetration Testing

A collection of guides and techniques related to penetration testing.

Useful Links

News

Name

Link

Info security Magazine

https://www.infosecurity-magazine.com/news/

The Register

https://www.theregister.co.uk/security/

Security Week

https://www.securityweek.com/

Krebs on security

https://krebsonsecurity.com/

The Hacker News

https://thehackernews.com/

Ybombinator

https://news.ycombinator.com/

Methodology

Pentest Methodology

API

Mobile

Misc

Recon

DNS Discovery

Port scan

Screenshots

Web Discovery

Github

S3

Google Dorks

Hidden parameters

Name

Link

parameth

https://github.com/mak-/parameth

Old content

Asset identification

Name

Link

Shodan

https://shodan.io/

Internet Wide Scan Data

http://Repositoryscans.io

censys

https://censys.io

Hurricane Electric

http://bgp.he.net/

Frameworks

Fingerprinting

Server Software

WAF

Exploiting & Scanning

XSS

SQLi

Name

Link

sqlmap

http://sqlmap.org/

XXE

SSRF

SSTI

LFI

File upload

Exposed Git/SVN directory

Subdomain takeover

Race conditions

CORS misconfiguration

Struts

Name

Link

RCE struts-pwn

https://github.com/mazen160/struts-pwn

Serialization

Known vulnerable software

Default/config files

CMS

JWT

Name

Link

The JSON Web Token Toolkit

https://github.com/ticarpi/jwt_tool

Fuzzing & Bruteforcing

General

Password Cracking

Mobile testing

Frameworks

Emulators

Name

Link

GenyMotion

https://www.genymotion.com/

Android Studio

https://developer.android.com/studio/

Decompilers

Misc

Privilege Escalation

Windows

Linux