More Tools
Last updated
Last updated
Leer en oefen AWS Hacking:HackTricks Opleiding AWS Red Team Expert (ARTE) Leer en oefen GCP Hacking: HackTricks Opleiding GCP Red Team Expert (GRTE)
https://github.com/PaperMtn/lil-pwny : Kontroleer bekendgemaakte rekeninge
https://www.nmmapper.com/sys/tools/subdomainfinder/ : 8 Subdomein vinders, sublist3r, amass en meer
https://github.com/blark/aiodnsbrute : Brute force domeinnames asynchrone
https://crt.sh/?q=%.yahoo.com : Subdomein bruteforce
https://github.com/tomnomnom/httprobe: Kontroleer of webbedieners in 'n domein toeganklik is
https://github.com/aboul3la/Sublist3r : Subdomein ontdekking
https://github.com/gwen001/github-search/blob/master/github-subdomains.py : Subdomein ontdekking in github
https://github.com/robertdavidgraham/masscan : Vinning van poorte
https://github.com/Threezh1/JSFinder : Subdomeine en URL's uit JS-lêers in 'n web
https://github.com/C1h2e1/MyFuzzingDict : Web lêers woordelys
https://github.com/TypeError/Bookmarks/blob/master/README.md : BurpExtension om dosyne herhalende oortjies te vermy
https://github.com/hakluke/hakrawler : Verkry bates
https://github.com/izo30/google-dorker : Google dorks
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md : Web BugBounty kontrolelys
https://github.com/Naategh/dom-red : Kontroleer 'n lys van domeine teen Open Redirection
https://github.com/prodigysml/Dr.-Watson : Burp plugin, aflyn analise om domeine, subdomeine en IP's te ontdek
https://github.com/hahwul/WebHackersWeapons: Lys van verskillende gereedskap
https://github.com/gauravnarwani97/Trishul : BurpSuite Pluging om kwesbaarhede te vind (SQLi, XSS, SSTI)
https://github.com/fransr/postMessage-tracker : Chrome uitbreiding vir die opsporing van post-boodskap funksies
https://github.com/Quitten/Autorize : Outomatiese autentiseringstoetse (verwyder koekies en probeer om die versoek te stuur)
https://github.com/pikpikcu/xrcross: XRCross is 'n Rekonstruksie, Scanner, en 'n gereedskap vir penetrasie / BugBounty toetsing. Hierdie gereedskap is gebou om (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) kwesbaarhede te toets
https://github.com/Mr-Un1k0d3r/PoisonHandler : Laterale bewegings
https://freddiebarrsmith.com/trix/trix.html : LOL bins
https://github.com/odzhan/injection : Windows Proses Inspuitings tegnieke
https://github.com/BankSecurity/Red_Team : Red Team skripte
https://github.com/l0ss/Grouper2 : vind sekuriteitsverwante miskonfigurasies in Active Directory Groep Beleid.
https://www.wietzebeukema.nl/blog/powershell-obfuscation-using-securestring : Securestring obfuskering
https://pentestlab.blog/2020/02/24/parent-pid-spoofing/ : Ouers PID Spoofing
https://github.com/the-xentropy/xencrypt : Enkripteer Powershell payloads
https://windows-internals.com/faxing-your-way-to-system/ : Reeks van logs oor Windows Internals
https://bestestredteam.com/2018/10/02/tracking-pixel-in-microsoft-office-document/ : Volg wie 'n dokument oopmaak
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet : Active Directory Cheat Sheet
Gereedskap wat ek sien wat nuttig kan wees om firmware (outomaties) te analiseer:
Post-crema:
Hoe om firmware te onttrek as ons dit nie aanlyn vind nie: https://www.youtube.com/watch?v=Kxvpbu9STU4
Hier is 'n firmware met kwesbaarhede om te analiseer: https://github.com/scriptingxss/IoTGoat
en hier is die metodologie owasp om firmware te analiseer: https://github.com/scriptingxss/owasp-fstm
Firmware emulering: FIRMADYNE (https://github.com/firmadyne/firmadyne/) is 'n platform vir die outomatisering van die emulering en dinamiese analise van Linux-gebaseerde firmware.
https://github.com/CoatiSoftware/Sourcetrail : Statiese kode analise
https://github.com/skeeto/endlessh : SSH tarpit wat stadig 'n eindelose banner stuur.
AWS en Cloud gereedskap: https://github.com/toniblyx/my-arsenal-of-aws-security-tools
IFS (Interplanetary File System) vir phishing: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/using-the-interplanetary-file-system-for-offensive-operations/
Linux rootkit: https://github.com/aesophor/satanic-rootkit
https://theia-ide.org/ : Aanlyn IDE
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/ : Hulpbronne om te begin met BugBounties
https://github.com/ElevenPaths/HomePWN : Hacking IoT (Wifi, BLE, SSDP, MDNS)
https://github.com/rackerlabs/scantron : outomatisering van skandering
https://github.com/doyensec/awesome-electronjs-hacking : Hierdie lys is daarop gemik om Electron.js sekuriteitsverwante onderwerpe te dek.
https://github.com/serain/bbrecon : Inligting oor BB programme
Leer en oefen AWS Hacking:HackTricks Opleiding AWS Red Team Expert (ARTE) Leer en oefen GCP Hacking: HackTricks Opleiding GCP Red Team Expert (GRTE)