└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Awesome-Hacking 2 | Awesome Hacking 3 | # Awesome Web Hacking 4 | Table of Contents 5 | 6 | Books 7 | Documentation 8 | Tools 9 | Cheat Sheets 10 | Docker 11 | Vulnerabilities 12 | Courses 13 | Online Hacking Demonstration Sites 14 | Labs 15 | SSL 16 | Security Ruby on Rails 17 | 18 | Books 19 | 20 | http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/8126533404/ The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 21 | http://www.amazon.com/Hacking-Web-Apps-Preventing-Application/dp/159749951X/ Hacking Web Apps: Detecting and Preventing Web Application Security Problems 22 | http://www.amazon.com/Hacking-Exposed-Web-Applications-Third/dp/0071740643/ Hacking Exposed Web Applications 23 | http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633/ SQL Injection Attacks and Defense 24 | http://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886/ The Tangled WEB: A Guide to Securing Modern Web Applications 25 | http://www.amazon.com/Web-Application-Obfuscation-Evasion-Filters/dp/1597496049/ Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' 26 | http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/1597491543/ XSS Attacks: Cross Site Scripting Exploits and Defense 27 | http://www.amazon.com/Browser-Hackers-Handbook-Wade-Alcorn/dp/1118662091/ The Browser Hacker’s Handbook 28 | http://www.amazon.com/Basics-Web-Hacking-Techniques-Attack/dp/0124166008/ The Basics of Web Hacking: Tools and Techniques to Attack the Web 29 | http://www.amazon.com/Web-Penetration-Testing-Kali-Linux/dp/1782163166/ Web Penetration Testing with Kali Linux 30 | http://www.amazon.com/Web-Application-Security-Beginners-Guide/dp/0071776168/ Web Application Security, A Beginner's Guide 31 | https://www.crypto101.io/ - Crypto 101 is an introductory course on cryptography 32 | http://www.offensive-security.com/metasploit-unleashed/ - Metasploit Unleashed 33 | http://www.cl.cam.ac.uk/~rja14/book.html - Security Engineering 34 | https://www.feistyduck.com/library/openssl-cookbook/ - OpenSSL Cookbook 35 | 36 | Documentation 37 | 38 | https://www.owasp.org/ - Open Web Application Security Project 39 | http://www.pentest-standard.org/ - Penetration Testing Execution Standard 40 | http://www.binary-auditing.com/ - Dr. Thorsten Schneider’s Binary Auditing 41 | https://appsecwiki.com/ - Application Security Wiki is an initiative to provide all Application security related resources to Security Researchers and developers at one place. 42 | 43 | Tools 44 | 45 | http://www.metasploit.com/ - World's most used penetration testing software 46 | http://www.arachni-scanner.com/ - Web Application Security Scanner Framework 47 | https://github.com/sullo/nikto - Nikto web server scanner 48 | http://www.tenable.com/products/nessus-vulnerability-scanner - Nessus Vulnerability Scanner 49 | http://www.portswigger.net/burp/intruder.html - Burp Intruder is a tool for automating customized attacks against web apps. 50 | http://www.openvas.org/ - The world's most advanced Open Source vulnerability scanner and manager. 51 | https://github.com/iSECPartners/Scout2 - Security auditing tool for AWS environments 52 | https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project - Is a multi threaded java application designed to brute force directories and files names on web/application servers. 53 | https://www.owasp.org/index.php/ZAP - The Zed Attack Proxy is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. 54 | https://github.com/tecknicaltom/dsniff - dsniff is a collection of tools for network auditing and penetration testing. * https://github.com/WangYihang/Webshell-Sniper - Manage your webshell via terminal. * https://github.com/DanMcInerney/dnsspoof - DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response 55 | https://github.com/trustedsec/social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec 56 | https://github.com/sqlmapproject/sqlmap - Automatic SQL injection and database takeover tool 57 | https://github.com/beefproject/beef - The Browser Exploitation Framework Project 58 | http://w3af.org/ - w3af is a Web Application Attack and Audit Framework 59 | https://github.com/espreto/wpsploit - WPSploit, Exploiting Wordpress With Metasploit * https://github.com/WangYihang/Reverse-Shell-Manager - Reverse shell manager via terminal. * https://github.com/RUB-NDS/WS-Attacker - WS-Attacker is a modular framework for web services penetration testing 60 | https://github.com/wpscanteam/wpscan - WPScan is a black box WordPress vulnerability scanner 61 | http://sourceforge.net/projects/paros/ Paros proxy 62 | https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Web Scarab proxy 63 | https://code.google.com/p/skipfish/ Skipfish, an active web application security reconnaissance tool 64 | http://www.acunetix.com/vulnerability-scanner/ Acunetix Web Vulnerability Scanner 65 | https://cystack.net/ CyStack Web Security Platform 66 | http://www-03.ibm.com/software/products/en/appscan IBM Security AppScan 67 | https://www.netsparker.com/web-vulnerability-scanner/ Netsparker web vulnerability scanner 68 | http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/index.html HP Web Inspect 69 | https://github.com/sensepost/wikto Wikto - Nikto for Windows with some extra features 70 | http://samurai.inguardians.com Samurai Web Testing Framework 71 | https://code.google.com/p/ratproxy/ Ratproxy 72 | http://www.websecurify.com Websecurify 73 | http://sourceforge.net/projects/grendel/ Grendel-scan 74 | https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project DirBuster 75 | http://www.edge-security.com/wfuzz.php Wfuzz 76 | http://wapiti.sourceforge.net wapiti 77 | https://github.com/neuroo/grabber Grabber 78 | https://subgraph.com/vega/ Vega 79 | http://websecuritytool.codeplex.com Watcher passive web scanner 80 | http://xss.codeplex.com x5s XSS and Unicode transformations security testing assistant 81 | http://www.beyondsecurity.com/avds AVDS Vulnerability Assessment and Management 82 | http://www.golismero.com Golismero 83 | http://www.ikare-monitoring.com IKare 84 | http://www.nstalker.com N-Stalker X 85 | https://www.rapid7.com/products/nexpose/index.jsp Nexpose 86 | http://www.rapid7.com/products/appspider/ App Spider 87 | http://www.milescan.com ParosPro 88 | https://www.qualys.com/enterprises/qualysguard/web-application-scanning/ Qualys Web Application Scanning 89 | http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/ Retina 90 | https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Xenotix XSS Exploit Framework 91 | https://github.com/future-architect/vuls Vulnerability scanner for Linux, agentless, written in golang. 92 | https://github.com/rastating/wordpress-exploit-framework A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. 93 | http://www.xss-payloads.com/ XSS Payloads to leverage XSS vulnerabilities, build custom payloads, practice penetration testing skills. 94 | https://github.com/joaomatosf/jexboss JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool 95 | https://github.com/commixproject/commix Automated All-in-One OS command injection and exploitation tool 96 | https://github.com/pathetiq/BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster! 97 | https://github.com/GoSecure/csp-auditor Burp and ZAP plugin to analyze CSP headers 98 | https://github.com/ffleming/timing_attack Perform timing attacks against web applications 99 | https://github.com/lalithr95/fuzzapi Fuzzapi is a tool used for REST API pentesting 100 | https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF) 101 | https://github.com/nccgroup/wssip Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. 102 | https://github.com/tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS (ACSTIS). 103 | 104 | Cheat Sheets 105 | 106 | http://n0p.net/penguicon/php_app_sec/mirror/xss.html - XSS cheatsheet 107 | https://highon.coffee/blog/lfi-cheat-sheet/ - LFI Cheat Sheet 108 | https://highon.coffee/blog/reverse-shell-cheat-sheet/ - Reverse Shell Cheat Sheet 109 | https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ - SQL Injection Cheat Sheet 110 | https://www.gracefulsecurity.com/path-traversal-cheat-sheet-windows/ - Path Traversal Cheat Sheet: Windows 111 | 112 | Docker images for Penetration Testing 113 | 114 | docker pull kalilinux/kali-linux-docker official Kali Linux 115 | docker pull owasp/zap2docker-stable - official OWASP ZAP 116 | docker pull wpscanteam/wpscan - official WPScan 117 | docker pull pandrew/metasploit - docker-metasploit 118 | docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA) 119 | docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation 120 | docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock 121 | docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed 122 | docker pull opendns/security-ninjas - Security Ninjas 123 | docker pull usertaken/archlinux-pentest-lxde - Arch Linux Penetration Tester 124 | docker pull diogomonica/docker-bench-security - Docker Bench for Security 125 | docker pull ismisepaul/securityshepherd - OWASP Security Shepherd 126 | docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image 127 | docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application 128 | 129 | Vulnerabilities 130 | 131 | http://cve.mitre.org/ - Common Vulnerabilities and Exposures. The Standard for Information Security Vulnerability Names 132 | https://www.exploit-db.com/ - The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers. 133 | http://0day.today/ - Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. 134 | http://osvdb.org/ - OSVDB's goal is to provide accurate, detailed, current, and unbiased technical security information. 135 | http://www.securityfocus.com/ - Since its inception in 1999, SecurityFocus has been a mainstay in the security community. 136 | http://packetstormsecurity.com/ - Global Security Resource 137 | https://wpvulndb.com/ - WPScan Vulnerability Database 138 | 139 | Courses 140 | 141 | https://www.elearnsecurity.com/course/web_application_penetration_testing/ eLearnSecurity Web Application Penetration Testing 142 | https://www.elearnsecurity.com/course/web_application_penetration_testing_extreme/ eLearnSecurity Web Application Penetration Testing eXtreme 143 | https://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/ Offensive Security Advanced Web Attacks and Exploitation (live) 144 | https://www.sans.org/course/web-app-penetration-testing-ethical-hacking Sans SEC542: Web App Penetration Testing and Ethical Hacking 145 | https://www.sans.org/course/advanced-web-app-penetration-testing-ethical-hacking Sans SEC642: Advanced Web App Penetration Testing and Ethical Hacking * http://opensecuritytraining.info/ - Open Security Training 146 | http://securitytrainings.net/security-trainings/ - Security Exploded Training 147 | http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/ - FSU - Offensive Computer Security 148 | http://www.cs.fsu.edu/~lawrence/OffNetSec/ - FSU - Offensive Network Security 149 | http://www.securitytube.net/ - World’s largest Infosec and Hacking Portal. 150 | https://www.hacker101.com/ - Free class for web security by Hackerone 151 | 152 | Online Hacking Demonstration Sites 153 | 154 | http://testasp.vulnweb.com/ - Acunetix ASP test and demonstration site 155 | http://testaspnet.vulnweb.com/ - Acunetix ASP.Net test and demonstration site 156 | http://testphp.vulnweb.com/ - Acunetix PHP test and demonstration site 157 | http://crackme.cenzic.com/kelev/view/home.php - Crack Me Bank 158 | http://zero.webappsecurity.com/ - Zero Bank 159 | http://demo.testfire.net/ - Altoro Mutual 160 | 161 | Labs 162 | 163 | http://www.cis.syr.edu/~wedu/seed/all_labs.html - Developing Instructional Laboratories for Computer SEcurity EDucation 164 | https://www.vulnhub.com/ - Virtual Machines for Localhost Penetration Testing. 165 | https://pentesterlab.com/ - PentesterLab is an easy and great way to learn penetration testing. 166 | https://github.com/jerryhoff/WebGoat.NET - This web application is a learning platform about common web security flaws. 167 | http://www.dvwa.co.uk/ - Damn Vulnerable Web Application (DVWA) 168 | http://sourceforge.net/projects/lampsecurity/ - LAMPSecurity Training 169 | https://github.com/Audi-1/sqli-labs - SQLI labs to test error based, Blind boolean based, Time based. 170 | https://github.com/paralax/lfi-labs - small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns 171 | https://hack.me/ - Build, host and share vulnerable web apps in a sandboxed environment for free 172 | http://azcwr.org/az-cyber-warfare-ranges - Free live fire Capture the Flag, blue team, red team Cyber Warfare Range for beginners through advanced users. Must use a cell phone to send a text message requesting access to the range. 173 | https://github.com/adamdoupe/WackoPicko - WackoPicko is a vulnerable web application used to test web application vulnerability scanners. 174 | https://github.com/rapid7/hackazon - Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. 175 | https://github.com/RhinoSecurityLabs/cloudgoat - Rhino Security Labs' "Vulnerable by Design" AWS infrastructure setup tool 176 | https://www.hackthebox.eu/ - Hack The Box is an online platform allowing you to test and advance your skills in cyber security. 177 | 178 | SSL 179 | 180 | https://www.ssllabs.com/ssltest/index.html - This service performs a deep analysis of the configuration of any SSL web server on the public Internet. 181 | https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - Strong SSL Security on nginx 182 | https://weakdh.org/ - Weak Diffie-Hellman and the Logjam Attack 183 | https://letsencrypt.org/ - Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. 184 | https://filippo.io/Heartbleed/ - A checker (site and tool) for CVE-2014-0160 (Heartbleed). 185 | 186 | Security Ruby on Rails 187 | 188 | http://brakemanscanner.org/ - A static analysis security vulnerability scanner for Ruby on Rails applications. 189 | https://github.com/rubysec/ruby-advisory-db - A database of vulnerable Ruby Gems 190 | https://github.com/rubysec/bundler-audit - Patch-level verification for Bundler 191 | https://github.com/hakirisec/hakiri_toolbelt - Hakiri Toolbelt is a command line interface for the Hakiri platform. 192 | https://hakiri.io/facets - Scan Gemfile.lock for vulnerabilities. 193 | http://rails-sqli.org/ - This page lists many query methods and options in ActiveRecord which do not sanitize raw SQL arguments and are not intended to be called with unsafe user input. 194 | https://github.com/0xsauby/yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network 195 | --------------------------------------------------------------------------------