Main Page
From pentestwiki.org
pentestwiki.org is an extensive cybersecurity wiki. Describing Red Team Operations, Penetration Testing, Blue Team, IoT/OT, ...
Contents
Infrastructure penetration testing
| PHASE I: Reconnaissance |
|---|
| Passive reconnaissance |
| Active reconnaissance |
| PHASE II: Scanning |
| PHASE III: Enumeration |
| PHASE IV: Exploitation |
| Password cracking |
| Brute forcing |
| SQL Exploitation |
| msfvenom payloads |
| Network infrastructure |
| Cloud Providers Security |
| Exploiting Cloud Infrastructure |
| PHASE V: Post exploitation |
| Shells |
| Droppers |
| Privilege Escalation |
| Data exfiltration |
| Meterpreter |
| Sniffers |
| PowerShell frameworks |
| Password dumping |
| RATs |
| Escape environments |
| PHASE VI: Covering Tracks |
| PHASE VII: Lateral Movement |
| PTH: Pass the hash |
| PTT: Pass the ticket |
| Pivoting |
| Tunneling |
| RDP |
Web application penetration testing
Mobile penetration testing
Tools and frameworks
AppSec / Product Security
- DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.
- ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
- Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
- HackerOne Hacktivity: See the latest hacker activity on HackerOne
- Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy
Red Team
- Kali Linux: The reference Linux-based VM for penetration testing
- Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
- PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
- Metasploit: The world’s most used Penetration testing framework
- PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
- Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
- Armitage: Cyber Attack Management for Metasploit
- Cobalt Strike: Adversary Simulation and Red team Operations
- OWTF: OWASP Offensive Web Testing Framework
- Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
Purple Team
- MITRE CALDERA https://github.com/mitre/caldera: CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
- https://github.com/NextronSystems/APTSimulator
- https://github.com/CyberMonitor/Invoke-Adversary
- https://github.com/securemode/Invoke-Apex
- https://github.com/infosecn1nja/Red-Teaming-Toolkit
Blue Team
- TheHive: An Scalable Open Source and Free Security Incident Response Platform
- MISP: Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
- AIL: AIL framework - Analysis Information Leak framework
- dnstwist: Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- OpenThreatIntel
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j: Windows Security Log Events Encyclopedia
- https://github.com/spinfoo/windows-evtx-forensics: Perform forensics in Windows Event Log Files
- https://github.com/Neo23x0/sigma: Sigma rules. Generic Signature Format for SIEM Systems
- https://uncoder.io/: Online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers
- honeymap: Real-time websocket stream of GPS events on a fancy SVG world map
- MHN: Modern Honey Network
- IVRE: Network recon framework
IoT/OT
- ISF: Industrial Control System (ICS) Exploitation Framework based on Python
- smod: MODBUS Penetration Testing Framework
- PLCscan: Siemens S7 PLC scanner
- IEC62443
- NIST 800-82: NIST 800-82 Guide to Industrial Control Systems (ICS) Security
- conpot: ICS/SCADA honeypot. Simulating Siemens S7 and other protocols
- modscan: Modbus OT devices scanner for Windows
Social Engineering tools
- gophish: Open-Source Phishing Toolkit
- SET: Open-source penetration testing framework designed for social engineering
Standards, Guidelines, Frameworks
Calculators
Blue Team
- MITRE CAPEC: Common Attack Pattern Enumeration and Classification. Specifies the attack patterns to attacks. I.e.: for a DOS attack (C) Abuse Existing Functionality – (210) -> (M) Flooding – (125) -> (S) UDP Flood – (486) [CVE-2003-0760]
- ATT&CK Navigator
- MITRE ATT&CK matrix for OSes
- MITRE ATT&CK matrix for the cloud
- MITRE ATT&CK matrix for mobile apps
- NIST CSF 1.1: NIST Cybersecurity Framework 1.1
- NIST 800-61: NIST Computer Security Incident Handling Guide
- FIRST CSIRT Services Framework 2.1: FIRST CSIRT Services Framework
- CyberKill Chain: Lockheed Martin Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
Application Security & pentesting
- OWASP ASVS 4.0: OWASP Application Security Verification Standard
- CIS benchmarks
- EICAR virus test
- IRS CIS Nessus audit files
Test/Lab environments
- HTB: Online platform with Penetration testing labs (Similar to OSCP labs)
- DVWA: Damn Vulnerable Web Application
- Kevgir: Multi Vulnerable Virtual Machine
- WebGoat A deliberately insecure Web Application
- Metasploitable 2 Metasploitable login is “msfadmin”; the password is also “msfadmin”.
- Metasploitable 3 Is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
Hardware hacking
- syncStop SyncStop prevents accidental data exchange when your device is plugged into someone else’s computer or a public charging station
- USBninja
Other tools
- Greenshot Screenshots for reports in Windows
- MobaXterm All-in-one terminal for Windows
- TraceWrangler Easy sanitization and anonymization of PCAP and PCAPng files
- noVNC VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support
- butterfly A web terminal based on websocket and tornado
- https://github.com/cure53/XSSChallengeWiki
- Mosh Mosh (mobile shell)
- Ngrok ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
- Serveo Expose local servers to the internet
- ssh-audit SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
- testssl testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more
- httpie A Curl-like tool for humans
- truffleHog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- Rumble Network discovery fast, simple and effective
- gyazo: Take ready-to-share screenshots, GIFs, and replay videos for free.
- markright: WYSIWYG MarkDown editor for Mac
- lolcat: Concatenate files with a rainbow
- asciinema: Record and share your terminal sessions, the right way.
- terminalizer: Record your terminal and generate animated gif images or share a web player
Contribute
The best way to contribute is to spread the word or if you contribute improving the content and quality of the wiki. Get an account and register with your email, that's it.
