• XSS.stack #1 – первый литературный журнал от юзеров форума

Hacker roadmap

Отслеживать
tabac

tabac

CPU register
Пользователь
Регистрация
30.09.2018
Сообщения
1 610
Решения
1
Реакции
3 332
Hacker roadmap

Этот репозиторий представляет собой краткий обзор того, что вам нужно для изучения пентеста, а также набор хакерских инструментов, ресурсов и ссылок для практики этического хакинга. Несколько советов от автора репозитория:
- Не начинайте использовать инструменты, не понимая их сути.
- Не загружайте и не используйте инструменты, в коде которых неуверены
- Не используйте эти инструменты, чтобы совершать неэтические вещи, такие как взлом без согласия ваших друзей
- Читайте книги, учебные пособия, статьи, будьте любопытными.
Все тут: https://github.com/sundowndev/hacker-roadmap


Утилиты по категориям:

male_detective
Сбор информации
Утилиты для сбора информации, позволяющие собрать метаданные хоста о сервисах и пользователях. Проверка информации о домене, IP адресе, номере телефона или e-mail адресе.

ToolLanguageSupportDescription
Th3inspectorPerlLinux/Windows/macOSAll in one tool for Information Gathering written in Perl.
CripsPythonLinux/Windows/macOSIP Tools To quickly get information about IP Address's, Web Pages and DNS records.
theHarvesterPythonLinux/Windows/macOSE-mails, subdomains and names Harvester.
ScanlessPythonLinux/Windows/macOSOnline port scan scraper.
CTFRPythonLinux/Windows/macOSAbusing Certificate Transparency logs for getting HTTPS websites subdomains.
Sn1perbashLinux/macOSAutomated Pentest Recon Scanner.
ReconDogPythonLinux/Windows/macOSRecon Dog is an all in one tool for all your basic information gathering needs.
RED HawkPHPLinux/Windows/macOSAll in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers.
InfogaPythonLinux/Windows/macOSEmail Information Gathering.
KnockMailPythonLinux/Windows/macOSCheck if email address exists.
PhotonPythonLinux/Windows/macOSCrawler which is incredibly fast and extracts urls, emails, files, website accounts and much more.
RapidscanPythonLinux/Windows/macOSThe Multi-Tool Web Vulnerability Scanner.
a2svPythonLinux/Windows/macOSAuto Scanning to SSL Vulnerability.
WfuzzPythonLinux/Windows/macOSWeb application fuzzer.
NmapC/C++Linux/Windows/macOSScanner ports vulnerability.
DracnmapShellLinux/Windows/macOSopen source program which is using to exploit the network and gathering information with nmap

lock
Парольные атаки (брутфорс)
Брутфорс паролей и создание списков (вордлистов).

ToolLanguageSupportDescription
John the RipperCLinux/Windows/macOSJohn the Ripper is a fast password cracker.
hashcatCLinux/Windows/macOSWorld's fastest and most advanced password recovery utility.
HydraCLinux/Windows/macOSParallelized login cracker which supports numerous protocols to attack.
ophcrackC++Linux/Windows/macOSWindows password cracker based on rainbow tables.
NcrackCLinux/Windows/macOSHigh-speed network authentication cracking tool.
WGenPythonLinux/Windows/macOSCreate awesome wordlists with Python.
SSH AuditorGoLinux/macOSThe best way to scan for weak ssh passwords on your network.

memo
Wordlists
ToolDescription
Probable WorlistWordlists sorted by probability originally created for password generation and testing.

globe_with_meridians
Wireless
Атаки wifi.

ToolLanguageSupportDescription
AircrackCLinux/Windows/macOSWiFi security auditing tools suite.
bettercapGoLinux/Windows/macOS/Androidbettercap is the Swiss army knife for network attacks and monitoring.
WiFi PumpkinPythonLinux/Windows/macOS/AndroidFramework for Rogue Wi-Fi Access Point Attack.
AirgeddonShellLinux/Windows/macOSThis is a multi-use bash script for Linux systems to audit wireless networks.
AirbashCLinux/Windows/macOSA POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing.

wrench
Эксплуатация уязвимостей
Эксплуатация. Получение доступа и данных при помощи эксплойтов.

ToolLanguageSupportDescription
SQLmapPythonLinux/Windows/macOSAutomatic SQL injection and database takeover tool.
XSStrikePythonLinux/Windows/macOSAdvanced XSS detection and exploitation suite.
CommixPythonLinux/Windows/macOSAutomated All-in-One OS command injection and exploitation tool.

busts_in_silhouette
Сниффинг & Спуфинг
Прослушивание сетевого траффика или создание фейкового сетевого устройства.

ToolLanguageSupportDescription
WiresharkC/C++Linux/Windows/macOSWireshark is a network protocol analyzer.
WiFi PumpkinPythonLinux/Windows/macOS/AndroidFramework for Rogue Wi-Fi Access Point Attack.
ZarpPythonLinux/Windows/macOSA free network attack framework.

rocket
Web хакинг и взлом
Эксплуатация уязвимостей в популярных CMS.

ToolLanguageSupportDescription
WPScanRubyLinux/Windows/macOSWPScan is a black box WordPress vulnerability scanner.
DroopescanPythonLinux/Windows/macOSA plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe.
JoomscanPerlLinux/Windows/macOSJoomla Vulnerability Scanner.
DrupwnPythonLinux/Windows/macOSDrupal Security Scanner to perform enumerations on Drupal-based web applications.
Webpwn3rPythonLinux/Windows/macOSWeb Applications Security Scanner.
CMSeekPythonLinux/Windows/macOSCMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs.

tada
Пост эксплуатация
Эксплойты для закрепления в системе, используемые после получения доступа.

ToolLanguageSupportDescription
TheFatRatJavaLinux/Windows/macOSEasy tool to generate backdoor and easy tool to post exploitation attack like browser attack, dll.
MicrosploitShellLinux/Windows/macOSFast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer Overflow.

package
Фреймворки
Фреймворки, тулкиты и пакеты для пентестинга.

ToolLanguageSupportDescription
Operative FrameworkPythonLinux/Windows/macOSFramework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules.
MetasploitRubyLinux/Windows/macOSA penetration testing framework for ethical hackers.
fsocietyPythonLinux/Windows/macOSfsociety Hacking Tools Pack – A Penetration Testing Framework.
cSploitJavaAndroidThe most complete and advanced IT security professional toolkit on Android.
radare2CLinux/Windows/macOS/AndroidUnix-like reverse engineering framework and commandline tools.
Social Engineer ToolkitPythonLinux/macOSPenetration testing framework designed for social engineering.
hate_crackPythonLinux/macOSA tool for automating cracking methodologies through Hashcat.
WifiphisherPythonLinuxThe Rogue Access Point Framework.
KickthemoutPythonLinux/macOSKick devices off your network by performing an ARP Spoof attack.
BeefJavascriptLinux/Windows/macOSThe Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх