Список потрясающих туториалов, инструментов и прочих ресурсов по взлому

0
312
Список потрясающих туториалов, инструментов и прочих ресурсов по взлому
Список потрясающих туториалов, инструментов и прочих ресурсов по взлому

Table of Contents

System

Tutorials

Tools

  • Metasploit A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
  • mimikatz — A little tool to play with Windows security

Docker Images for Penetration Testing & Security

General

Reverse Engineering

Tutorials

Tools

Disassemblers and debuggers

  • IDA — IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • OllyDbg — A 32-bit assembler level analysing debugger for Windows
  • x64dbg — An open-source x64/x32 debugger for Windows
  • radare2 — A portable reversing framework
  • plasma — Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • ScratchABit — Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
  • Capstone

Decompilers

  • JVM-based languages
  • Krakatau — the best decompiler I have used. Is able to decompile apps written in Scala and Kotlin into Java code. JD-GUI and Luyten have failed to do it fully.
  • JD-GUI
  • procyon
    • Luyten — one of the best, though a bit slow, hangs on some binaries and not very well maintained.
  • JAD — JAD Java Decompiler (closed-source, unmaintained)
  • JADX — a decompiler for Android apps. Not related to JAD.
  • .net-based languages
    • dotPeek — a free-of-charge .NET decompiler from JetBrains
    • ILSpy — an open-source .NET assembly browser and decompiler
    • dnSpy — .NET assembly editor, decompiler, and debugger
  • native code
    • Hopper — A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
    • cutter — a decompiler based on radare2.
    • retdec
    • snowman
    • Hex-Rays

Deobfuscators

  • de4dot — .NET deobfuscator and unpacker.
  • JS Beautifier
  • JS Nice — a web service guessing JS variables names and types based on the model derived from open source.

Other

  • nudge4j — Java tool to let the browser talk to the JVM
  • dex2jar — Tools to work with Android .dex and Java .class files
  • androguard — Reverse engineering, malware and goodware analysis of Android applications
  • antinet — .NET anti-managed debugger and anti-profiler code
  • UPX — the Ultimate Packer (and unpacker) for eXecutables

Execution logging and tracing

  • Wireshark — A free and open-source packet analyzer
  • tcpdump — A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
  • mitmproxy — An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
  • Charles Proxy — A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
  • usbmon — USB capture for Linux.
  • USBPcap — USB capture for Windows.
  • dynStruct — structures recovery via dynamic instrumentation.
  • drltrace — shared library calls tracing.

Binary files examination and editing

Hex editors

  • HxD — A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
  • WinHex — A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
  • wxHexEditor
  • Synalize It/Hexinator —

Other

  • Binwalk — Detects signatures, unpacks archives, visualizes entropy.
  • Veles — a visualizer for statistical properties of blobs.
  • Kaitai Struct — a DSL for creating parsers in a variety of programming languages. The Web IDE is particulary useful fir reverse-engineering.
  • Protobuf inspector
  • DarunGrim — executable differ.
  • DBeaver — a DB editor.
  • Dependencies — a FOSS replacement to Dependency Walker.
  • PEview — A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
  • BinText — A small, very fast and powerful text extractor that will be of particular interest to programmers.

General

Web

Tools

  • sqlmap — Automatic SQL injection and database takeover tool
  • NoSQLMap — Automated NoSQL database enumeration and web application exploitation tool.
  • tools.web-max.ca — base64 base85 md4,5 hash, sha1 hash encoding/decoding
  • VHostScan — A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
  • SubFinder — SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.
  • badtouch — Scriptable network authentication cracker

General

  • Strong node.js — An exhaustive checklist to assist in the source code security analysis of a node.js web service.

Network

Tools

  • NetworkMiner — A Network Forensic Analysis Tool (NFAT)
  • Paros — A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
  • pig — A Linux packet crafting tool
  • ZAP — The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
  • mitmsocks4j — Man-in-the-middle SOCKS Proxy for Java
  • ssh-mitm — An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.
  • nmap — Nmap (Network Mapper) is a security scanner
  • Aircrack-ng — An 802.11 WEP and WPA-PSK keys cracking program
  • Nipe — A script to make Tor Network your default gateway.
  • Habu — Python Network Hacking Toolkit
  • Wifi Jammer — Free program to jam all wifi clients in range
  • Firesheep — Free program for HTTP session hijacking attacks.
  • Scapy — A Python tool and library for low level packet creation and manipulation
  • Amass — In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping
  • sniffglue — Secure multithreaded packet sniffer

Forensic

Tools

  • Autopsy — A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
  • sleuthkit — A library and collection of command-line digital forensics tools
  • EnCase — The shared technology within a suite of digital investigations products by Guidance Software
  • malzilla — Malware hunting tool

Cryptography

Tools

  • xortool — A tool to analyze multi-byte XOR cipher
  • John the Ripper — A fast password cracker
  • Aircrack — Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

Wargame

System

Reverse Engineering

  • Reversing.kr — This site tests your ability to Cracking & Reverse Code Engineering
  • CodeEngn — (Korean)
  • simples.kr — (Korean)
  • Crackmes.de — The world first and largest community website for crackmes and reversemes.

Web

  • Hack This Site! — a free, safe and legal training ground for hackers to test and expand their hacking skills
  • Hack The Box — a free site to perform pentesting in a variety of different systems.
  • Webhacking.kr
  • 0xf.at — a website without logins or ads where you can solve password-riddles (so called hackits).
  • Gruyere
  • Others

Cryptography

Bug bounty

Bug bounty — Earn Some Money

CTF

Competition

General

OS

Online resources

Post exploitation

tools

  • empire — A post exploitation framework for powershell and python.
  • silenttrinity — A post exploitation tool that uses iron python to get past powershell restrictions.

ETC

  • SecTools — Top 125 Network Security Tools