DDos
VIP Members
-
22/10/2013
-
524
-
2.191 bài viết
[Tài liệu] Nên đọc nếu bạn bắt đầu học PenTest
Dưới đây là một bộ sư tập của các tài nguyên, công cụ, sách, cách cấu hình, tạp chí... và rất nhiều thứ khác về PenTest. Các bạn nên bookmark lại trang này, và tìm hiểu dần nhé.....
Penetration Testing Resources
Penetration Testing Distributions
Penetration Testing Books
Social Engineering Books
Vulnerability Databases
Nguồn: https://github.com/enaqx/awesome-pentest#linux-resources
- Online Resources
- Tools
- Books
- Vulnerability Databases
- Security Courses
- Information Security Conferences
- Information Security Magazines
- Awesome Lists
- Contribution
- License
Penetration Testing Resources
- Metasploit Unleashed - Free Offensive Security metasploit course
- PTES - Penetration Testing Execution Standard
- OWASP - Open Web Application Security Project
- OSSTMM - Open Source Security Testing Methodology Manual
- LSST - Linux Shell Scripting Tutorial
- Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels
- Shellcode Tutorials - Tutorials on how to write shellcode
- Shellcode examples - Shellcodes database
- Social Engineering Framework - An information resource for social engineers
- Schuyler Towne channel - Lockpicking videos and security talks
Penetration Testing Distributions
- Kali - A Linux distribution designed for digital forensics and penetration testing
- NST - Network Security Toolkit distribution
- Pentoo - security-focused livecd based on Gentoo
- BackBox - Ubuntu-based distribution for penetration tests and security assessments
- Metasploit - World's most used penetration testing software
- Burp - An integrated platform for performing security testing of web applications
- Netsparker - Web Application Security Scanner
- Nexpose - Vulnerability Management & Risk Management Software
- Nessus - Vulnerability, configuration, and compliance assessment
- Nikto - Web application vulnerability scanner
- OpenVAS - Open Source vulnerability scanner and manager
- OWASP Zed Attack Proxy - Penetration testing tool for web applications
- w3af - Web application attack and audit framework
- Wapiti - Web application vulnerability scanner
- nmap - Free Security Scanner For Network Exploration & Security Audits
- tcpdump/libpcap - A common packet analyzer that runs under the command line
- Wireshark - A network protocol analyzer for Unix and Windows
- Network Tools - Different network tools: ping, lookup, whois, etc
- netsniff-ng - A Swiss army knife for for network sniffing
- Intercepter-NG - a multifunctional network toolkit
- SSLyze - SSL configuration scanner
- HexEdit.js - Browser-based hex editing
- John the Ripper - Fast password cracker
- Online MD5 cracker - Online MD5 hash Cracker
- Sysinternals Suite - The Sysinternals Troubleshooting Utilities
- Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
- LOIC - An open source network stress tool for Windows
- JS LOIC - JavaScript in-browser version of LOIC
- SET - The Social-Engineer Toolkit from TrustedSec
- Tor - The free software for enabling onion routing online anonymity
- I2P - The Invisible Internet Project
- IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- WDK/WinDbg - Windows Driver Kit and WinDbg
- OllyDbg - An x86 debugger that emphasizes binary code analysis
Penetration Testing Books
- The Art of Exploitation by Jon Erickson, 2008
- Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- The Hacker Playbook by Peter Kim, 2014
- The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
- Professional Penetration Testing by Thomas Wilhelm, 2013
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
- Violent Python by TJ O'Connor, 2012
- Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
- The Shellcoders Handbook by Chris Anley and others, 2007
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller and others, 2012
- Android Hackers Handbook by Joshua J. Drake and others, 2014
- The Browser Hackers Handbook by Wade Alcorn and others, 2014
- Nmap Network Scanning by Gordon Fyodor Lyon, 2009
- Practical Packet Analysis by Chris Sanders, 2011
- Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
- Reverse Engineering for Beginners by Dennis Yurichev (free!)
- The IDA Pro Book by Chris Eagle, 2011
- Practical Reverse Engineering by Bruce Dang and others, 2014
- Reverse Engineering for Beginners
- Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
- The Art of Memory Forensics by Michael Hale Ligh and others, 2014
Social Engineering Books
- The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
- The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
- Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
- No Tech Hacking by Johnny Long, Jack Wiles, 2008
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
Vulnerability Databases
- NVD - US National Vulnerability Database
- CERT - US Computer Emergency Readiness Team
- OSVDB - Open Sourced Vulnerability Database
- Bugtraq - Symantec SecurityFocus
- Exploit-DB - Offensive Security Exploit Database
- Fulldisclosure - Full Disclosure Mailing List
- MS Bulletin - Microsoft Security Bulletin
- MS Advisory - Microsoft Security Advisories
- Inj3ct0r - Inj3ct0r Exploit Database
- Packet Storm - Packet Storm Global Security Resource
- SecuriTeam - Securiteam Vulnerability Information
- CXSecurity - CSSecurity Bugtraq List
- Vulnerability Laboratory - Vulnerability Research Laboratory
- ZDI - Zero Day Initiative
- Offensive Security Training - Training from BackTrack/Kali developers
- SANS Security Training - Computer Security Training & Certification
- Open Security Training - Training material for computer security classes
- CTF Field Guide - everything you need to win your next CTF competition
- DEF CON - An annual hacker convention in Las Vegas
- Black Hat - An annual security conference in Las Vegas
- BSides - A framework for organising and holding security conferences
- CCC - An annual meeting of the international hacker scene in Germany
- DerbyCon - An annual hacker conference based in Louisville
- PhreakNIC - A technology conference held annually in middle Tennessee
- ShmooCon - An annual US east coast hacker convention
- CarolinaCon - An infosec conference, held annually in North Carolina
- HOPE - A conference series sponsored by the hacker magazine 2600
- SummerCon - One of the oldest hacker conventions, held during Summer
- Hack.lu - An annual conference held in Luxembourg
- HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
- Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
- Hack3rCon - An annual US hacker conference
- ThotCon - An annual US hacker conference held in Chicago
- LayerOne - An annual US security conerence held every spring in Los Angeles
- DeepSec - Security Conference in Vienna, Austria
- SkyDogCon - A technology conference in Nashville
- 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
- Hakin9 - A Polish online, weekly publication on IT Security
- SecTools - Top 125 Network Security Tools
- C/C++ Programming - One of the main language for open source security tools
- .NET Programming - A software framework for Microsoft Windows platform development
- Shell Scripting - Command-line frameworks, toolkits, guides and gizmos
- Ruby Programming by @dreikanter - The de-facto language for writing exploits
- Ruby Programming by @markets - The de-facto language for writing exploits
- Ruby Programming by @Sdogruyol - The de-facto language for writing exploits
- JavaScript Programming - In-browser development and scripting
- Node.js Programming by @sindresorhus - JavaScript in command-line
- Node.js Programming by @vndmtrx - JavaScript in command-line
- Python tools for penetration testers - Lots of pentesting tools are written in Python
- Python Programming by @svaksha - General Python programming
- Python Programming by @vinta - General Python programming
- Andorid Security - A collection of android security related resources
- Awesome Awesomness - The List of the Lists
Nguồn: https://github.com/enaqx/awesome-pentest#linux-resources