├── LICENSE
└── readme.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Santosh Bhandari
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
  1 | This is a curated list of resources for those who want to get started with ethical hacking.
  2 | 
  3 | # The Internet
  4 | ### IP Addresses
  5 | * https://www.cloudflare.com/learning/dns/glossary/what-is-my-ip-address/
  6 | * https://www.codedbrain.com/2019/12/one-hell-of-an-ip-addresspart-1-non-technical-perspective/
  7 | * https://www.iplocation.net/public-vs-private-ip-address
  8 | 
  9 | ### DNS
 10 | * https://www.cloudflare.com/learning/dns/what-is-dns/
 11 | * https://dyn.com/blog/dns-why-its-important-how-it-works/
 12 | 
 13 | ### DHCP
 14 | * https://whatismyipaddress.com/dhcp
 15 | 
 16 | ### How Internet Works
 17 | * https://web.stanford.edu/class/msande91si/www-spr04/readings/week1/InternetWhitepaper.htm
 18 | * https://developer.mozilla.org/en-US/docs/Learn/Common_questions/How_does_the_Internet_work
 19 | 
 20 | ### Overview of HTTP
 21 | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
 22 | 
 23 | ### How `https` Works
 24 | * https://robertheaton.com/2014/03/27/how-does-https-actually-work/
 25 | 
 26 | # Linux Box Administration
 27 | ### Basics of linux command line
 28 | * https://www.digitalocean.com/community/tutorials/an-introduction-to-linux-basics
 29 | * https://maker.pro/linux/tutorial/basic-linux-commands-for-beginners
 30 | 
 31 | ### File Permissions
 32 | * http://linuxcommand.org/lc3_lts0090.php
 33 | * https://www.guru99.com/file-permissions.html
 34 | 
 35 | # Programming
 36 | ### Scripting vs Compiled Languages
 37 | * https://stackoverflow.com/questions/17253545/scripting-language-vs-programming-language
 38 | 
 39 | ### Programming Language Resources
 40 | * https://github.com/getify/You-Dont-Know-JS 
 41 | * https://www.programiz.com/c-programming
 42 | * https://developer.mozilla.org/
 43 | 
 44 | # Hacking
 45 | ### Mastering Chrome Browser Developers Tools
 46 | * https://www.freecodecamp.org/news/mastering-chrome-developer-tools-next-level-front-end-development-techniques-3ac0b6fe8a3/
 47 | 
 48 | ### Port Scanning
 49 | * https://www.sans.org/reading-room/whitepapers/auditing/port-scanning-techniques-defense-70
 50 | 
 51 | ### TCP Three-way Handshake
 52 | * https://www.guru99.com/tcp-3-way-handshake.html
 53 | 
 54 | ### TCP vs UDP
 55 | * https://www.geeksforgeeks.org/differences-between-tcp-and-udp/
 56 | 
 57 | ### `nmap` UDP Scan
 58 | * https://nmap.org/book/scan-methods-udp-scan.html
 59 | 
 60 | ### `netcat` Cheatsheet
 61 | * https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
 62 | 
 63 | ### Web Security Resources
 64 | * https://github.com/qazbnm456/awesome-web-security
 65 | 
 66 | ### OWASP Top 10 Projects
 67 | * https://owasp.org/www-project-top-ten/
 68 | 
 69 | ### Tools Used to test Web Application Security
 70 | #### Vulnerability Scanners
 71 | * [Burp Suite](https://portswigger.net/burp)
 72 | * [OWASP ZAP](https://owasp.org/www-project-zap/)
 73 | * [Acunetix Vulnerability Scanner](https://www.acunetix.com/vulnerability-scanner/)
 74 | * [Inception](https://github.com/proabiral/inception)
 75 | #### Web Technology Identification Tools
 76 | * [Wappalyzer](https://www.wappalyzer.com/)
 77 | * [BuiltWith](https://builtwith.com/)
 78 | #### Subdomain Enumeration Tools
 79 | * [Sublist3r](https://github.com/aboul3la/Sublist3r)
 80 | * [Knockpy](https://github.com/guelfoweb/knock)
 81 | * [shuffleDNS](https://github.com/projectdiscovery/shuffledns)
 82 | * [Subfinder](https://github.com/projectdiscovery/subfinder)
 83 | #### Virtual Host Scanner
 84 | * [VHostScan](https://github.com/codingo/VHostScan)
 85 | * [Virtual Host Discovery](https://github.com/jobertabma/virtual-host-discovery)
 86 | #### Web Content Scanner
 87 | * [DIRB](http://dirb.sourceforge.net/)
 88 | * [Gobuster](https://github.com/OJ/gobuster)
 89 | * [DirBuster](https://sourceforge.net/projects/dirbuster/)
 90 | * [Breacher](https://github.com/s0md3v/Breacher)
 91 | * [Arjun](https://github.com/s0md3v/Arjun)
 92 | #### Automatic Browser Proxy Selection Extensions
 93 | * https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
 94 | 
 95 | ### Pentesting labs
 96 | * https://hackthebox.eu
 97 | * https://tryhackme.com
 98 | * https://ctftime.org
 99 | * http://pentesterlab.com (paid one)
100 | * http://pentesteracademy.com (paid one)
101 | 
102 | # CTF
103 | ### Common CTF Practicing Tools & Use-cases
104 | * https://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/#gref
105 | * [EchoPwn CTF Lab](https://echopwn.com/ctf-lab/)
106 | * [picoCTF](https://picoctf.com/)
107 | * [CTFchallenge.co.uk](https://ctfchallenge.co.uk/)
108 | 
109 | # Recommended YouTube Channels
110 | * [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
111 | * [HackerSploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q)
112 | * [Computerphile](https://www.youtube.com/user/Computerphile)
113 | * [John Hammond](https://www.youtube.com/user/RootOfTheNull)
114 | * [GynvaelEN](https://www.youtube.com/user/GynvaelEN)
115 | * [GynvaelEN](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g)
116 | * [Reconless](https://www.youtube.com/channel/UCCp25j1Zh9vc_WFm-nB9fhQ)
117 | * [IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
118 | 
119 | # People to Follow
120 | * [Michael Gillespie](https://twitter.com/demonslay335) (ransomware , malware related stuff)
121 | * [NahamSec](https://twitter.com/NahamSec) (bug bounty related stuff)
122 | * [TomNomNom](https://twitter.com/TomNomNom) (open source tools maker)
123 | * [Mathias Bynens](https://twitter.com/mathias) (works at v8js at google)
124 | * [Brute Logic](https://twitter.com/brutelogic) (security researcher, creator of knoxss)
125 | * [Daniel Stenberg](https://twitter.com/bagder) (maker of curl)
126 | * [Somdev Sangwan](https://twitter.com/s0md3v) (security researcher)
127 | * [Martin Kleppe](https://twitter.com/aemkei) (an amazing JS guy also the maker of jsfuck)
128 | * [ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ](https://twitter.com/DanielMiessler) (also his blog is amazing)
129 | * [terjanq](https://twitter.com/terjanq) (infosec at google plus ctf player)
130 | * [zseano](https://twitter.com/zseano) (bug bounty related stuff)
131 | * [Jane Manchun Wong](https://twitter.com/wongmjane) (she discovers unreleased features)
132 | * [Ron Chan](https://twitter.com/ngalongc) (amazing researcher)
133 | * [FD](https://twitter.com/filedescriptor) (browser security researcher)
134 | * [James Kettle](https://twitter.com/albinowax) (websec research)
135 | * [Jobert Abma](https://twitter.com/jobertabma) (cofounder of hackerone)
136 | * [angealbertini](https://twitter.com/angealbertini) (amazing guy with file format expertise)
137 | * [Tavis Ormandy](https://twitter.com/taviso) (works at google project zero, amazing researcher)
138 | * [Santosh Bhandari](https://twitter.com/mrcodedbrain) (that's me)
139 | 
140 | # Books
141 | * [ Penetration Testing: A Hands-On Introduction to Hacking](https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641)
142 | * [The Hacker Playbook 3: Practical Guide To Penetration Testing](https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2)
143 | * [Hacking: The Art of Exploitation](https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441)
144 | * [The Web Application Hacker's Handbook](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)
145 | * [Real-World Bug Hunting: A Field Guide to Web Hacking](https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616)
146 | * [The Tangled Web](https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886)
147 | * [Social Engineering: The Science of Human Hacking](https://www.amazon.com/Social-Engineering-Science-Human-Hacking-ebook/dp/B07F24YV2M)
148 | * [Linux Basics for Hackers](https://www.amazon.com/Linux-Basics-Hackers-Networking-Scripting/dp/1593278551)
149 | * [Violent Python](https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579)
150 | * [Black Hat Python](https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
151 | 


--------------------------------------------------------------------------------