Main Page
From pentestwiki.org
pentestwiki.org is a wiki dedicated to professional penetration testing, offensive security and ethical hacking. Based on standards such as PTES, CEH, OSSTMM among others.
Contents
Infrastructure penetration testing
| PHASE I: Reconnaissance |
|---|
| Passive reconnaissance |
| Active reconnaissance |
| PHASE II: Scanning |
| PHASE III: Enumeration |
| PHASE IV: Exploitation |
| Password cracking |
| Brute forcing |
| SQL Exploitation |
| msfvenom payloads |
| Network infrastructure |
| Cloud Providers Security |
| Exploiting Cloud Infrastructure |
| PHASE V: Post exploitation |
| Shells |
| Droppers |
| Privilege Escalation |
| Data exfiltration |
| Meterpreter |
| Sniffers |
| PowerShell frameworks |
| Password dumping |
| RATs |
| Escape environments |
| PHASE VI: Covering Tracks |
| PHASE VII: Lateral Movement |
| PTH: Pass the hash |
| PTT: Pass the ticket |
| Pivoting |
| Tunneling |
| RDP |
Web application penetration testing
Mobile penetration testing
Tools and frameworks
AppSec / Product Security
- DEFECT DOJO: Security program and vulnerability management tool. Features: Imports XML output from nmap, nikto, burp, qualys, nessus, ...Integrates to Jira. Generates reports.
- ArcherySec: Centralize Vulnerability Assessment and Management for DevSecOps Team
- Reapsaw: Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
- HackerOne Hacktivity: See the latest hacker activity on HackerOne
- Bugcrowd VRT: Bugcrowd’s Vulnerability Rating Taxonomy
Red Team
- Kali Linux: The reference Linux-based VM for penetration testing
- Commando VM by Fireeye: Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution
- PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System
- Metasploit: The world’s most used Penetration testing framework
- PTF: Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration testing.
- Faradaysec: Faradaysec is an Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
- Armitage: Cyber Attack Management for Metasploit
- Cobalt Strike: Adversary Simulation and Red team Operations
- OWTF: OWASP Offensive Web Testing Framework
- Pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV
Purple Team
- MITRE CALDERA https://github.com/mitre/caldera: CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
- https://github.com/NextronSystems/APTSimulator
- https://github.com/CyberMonitor/Invoke-Adversary
- https://github.com/securemode/Invoke-Apex
- https://github.com/infosecn1nja/Red-Teaming-Toolkit
Blue Team
- TheHive: An Scalable Open Source and Free Security Incident Response Platform
- MISP: Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
- AIL: AIL framework - Analysis Information Leak framework
- dnstwist: Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
- OpenThreatIntel
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j: Windows Security Log Events Encyclopedia
- https://github.com/spinfoo/windows-evtx-forensics: Perform forensics in Windows Event Log Files
- https://github.com/Neo23x0/sigma: Sigma rules. Generic Signature Format for SIEM Systems
- https://uncoder.io/: Online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers
- honeymap: Real-time websocket stream of GPS events on a fancy SVG world map
- MHN: Modern Honey Network
- IVRE: Network recon framework
IoT/OT
- ISF: Industrial Control System (ICS) Exploitation Framework based on Python
- smod: MODBUS Penetration Testing Framework
- PLCscan: Siemens S7 PLC scanner
- IEC62443
- NIST 800-82: NIST 800-82 Guide to Industrial Control Systems (ICS) Security
- conpot: ICS/SCADA honeypot. Simulating Siemens S7 and other protocols
- modscan: Modbus OT devices scanner for Windows
Social Engineering tools
- gophish: Open-Source Phishing Toolkit
- SET: Open-source penetration testing framework designed for social engineering
Standards, Guidelines, Frameworks
Calculators
Blue Team
- MITRE CAPEC: Common Attack Pattern Enumeration and Classification. Specifies the attack patterns to attacks. I.e.: for a DOS attack (C) Abuse Existing Functionality – (210) -> (M) Flooding – (125) -> (S) UDP Flood – (486) [CVE-2003-0760]
- ATT&CK Navigator
- MITRE ATT&CK matrix for OSes
- MITRE ATT&CK matrix for the cloud
- MITRE ATT&CK matrix for mobile apps
- NIST CSF 1.1: NIST Cybersecurity Framework 1.1
- NIST 800-61: NIST Computer Security Incident Handling Guide
- FIRST CSIRT Services Framework 2.1: FIRST CSIRT Services Framework
- CyberKill Chain: Lockheed Martin Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
Application Security & pentesting
- OWASP ASVS 4.0: OWASP Application Security Verification Standard
- CIS benchmarks
- EICAR virus test
- IRS CIS Nessus audit files
Test/Lab environments
- HTB: Online platform with Penetration testing labs (Similar to OSCP labs)
- DVWA: Damn Vulnerable Web Application
- Kevgir: Multi Vulnerable Virtual Machine
- WebGoat A deliberately insecure Web Application
- Metasploitable 2 Metasploitable login is “msfadmin”; the password is also “msfadmin”.
- Metasploitable 3 Is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
Hardware hacking
- syncStop SyncStop prevents accidental data exchange when your device is plugged into someone else’s computer or a public charging station
- USBninja
Other tools
- Greenshot Screenshots for reports in Windows
- MobaXterm All-in-one terminal for Windows
- TraceWrangler Easy sanitization and anonymization of PCAP and PCAPng files
- noVNC VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support
- butterfly A web terminal based on websocket and tornado
- https://github.com/cure53/XSSChallengeWiki
- Mosh Mosh (mobile shell)
- Ngrok ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
- Serveo Expose local servers to the internet
- ssh-audit SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
- testssl testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more
- httpie A Curl-like tool for humans
- truffleHog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- Rumble Network discovery fast, simple and effective
- gyazo: Take ready-to-share screenshots, GIFs, and replay videos for free.
- markright: WYSIWYG MarkDown editor for Mac
- lolcat: Concatenate files with a rainbow
- asciinema: Record and share your terminal sessions, the right way.
- terminalizer: Record your terminal and generate animated gif images or share a web player
