Awesome List Updates on Aug 23, 2020

16 awesome lists updated today.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Cpp

JSON

• jsoncons (⭐694) - A C++ header-only library for JSON and JSON-like binary formats with JSONPointer, JSONPatch, JSONPath and JMESPath. [Boost]

2. Awesome Pentest

Android Utilities

• cSploit - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.

• Fing - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.

Anonymity Tools

• What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Books / Tor Tools

• Android Hacker's Handbook by Joshua J. Drake et al., 2014

• BTFM: Blue Team Field Manual by Alan J White & Ben Clark, 2017

• Car Hacker's Handbook by Craig Smith, 2016

• RTFM: Red Team Field Manual by Ben Clark, 2014

• The Database Hacker's Handbook, David Litchfield et al., 2005

• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009

• The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015

• iOS Hacker's Handbook by Charlie Miller et al., 2012

CTF Tools / Malware Analysis Books

• CTF Field Guide - Everything you need to win your next CTF competition.

• Ciphey (⭐17k) - Automated decryption tool using artificial intelligence and natural language processing.

Conferences and Events / Malware Analysis Books

• CTFTime.org - Directory of upcoming and archive of past Capture The Flag (CTF) competitions with links to challenge writeups.

Exfiltration Tools / Zealandia

• DET (⭐814) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.

• Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.

• TrevorC2 (⭐1.2k) - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.

• dnscat2 (⭐3.3k) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.

• pwnat (⭐3.1k) - Punches holes in firewalls and NATs.

• tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.

Exploit Development Tools / Zealandia

• Magic Unicorn (⭐3.7k) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).

• Pwntools (⭐12k) - Rapid exploit development framework built for use in CTFs.

• Wordpress Exploit Framework (⭐1k) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

• peda (⭐5.8k) - Python Exploit Development Assistance for GDB.

Hash Cracking Tools / Zealandia

• duplicut (⭐813) - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.

Industrial Control and SCADA Systems / Zealandia

• Industrial Exploitation Framework (ISF) (⭐1k) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.

Intentionally Vulnerable Systems / Intentionally Vulnerable Systems as Docker Containers

• Damn Vulnerable Web Application (DVWA) - docker pull citizenstig/dvwa.

• OWASP Juice Shop (⭐9.8k) - docker pull bkimminich/juice-shop.

• OWASP Mutillidae II Web Pen-Test Practice Application - docker pull citizenstig/nowasp.

• OWASP NodeGoat (⭐1.8k) - docker-compose build && docker-compose up.

• OWASP Security Shepherd - docker pull ismisepaul/securityshepherd.

• OWASP WebGoat Project 7.1 docker image - docker pull webgoat/webgoat-7.1.

• OWASP WebGoat Project 8.0 docker image - docker pull webgoat/webgoat-8.0.

• Vulnerability as a service: Heartbleed - docker pull hmlio/vaas-cve-2014-0160.

• Vulnerability as a service: SambaCry - docker pull vulnerables/cve-2017-7494.

• Vulnerability as a service: Shellshock - docker pull hmlio/vaas-cve-2014-6271.

• Vulnerable WordPress Installation - docker pull wpscanteam/vulnerablewordpress.

macOS Utilities / Intentionally Vulnerable Systems as Docker Containers

• Bella (⭐186) - Pure Python post-exploitation data mining and remote administration tool for macOS.

• EvilOSX (⭐2.2k) - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.

Network Tools / Network Reconnaissance Tools

• RustScan (⭐13k) - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.

Network Tools / Wireless Network Tools

• WiFi Pineapple - Wireless auditing and penetration testing platform.

• pwnagotchi (⭐7.4k) - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.

Online Resources / Other Lists Online

• Blue Team (⭐4.1k) - Awesome resources, tools, and other shiny things for cybersecurity blue teams.

Open Sources Intelligence (OSINT) / Penetration Testing Report Templates

• DataSploit (⭐3k) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.

• GyoiThon (⭐734) - GyoiThon is an Intelligence Gathering tool using Machine Learning.

• Intrigue - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.

• Maltego - Proprietary software for open sources intelligence and forensics.

• PacketTotal - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Zeek and Suricata IDS signatures under the hood).

• Skiptracer (⭐1k) - OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.

• Sn1per (⭐7.8k) - Automated Pentest Recon Scanner.

• Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.

• creepy (⭐1.2k) - Geolocation OSINT tool.

• gOSINT (⭐607) - OSINT tool with multiple modules and a telegram scraper.

• image-match (⭐2.9k) - Quickly search over billions of images.

• recon-ng (⭐3.7k) - Full-featured Web Reconnaissance framework written in Python.

• sn0int (⭐1.9k) - Semi-automatic OSINT framework and package manager.

Open Sources Intelligence (OSINT) / Data Broker and Search Engine Services

• Hunter.io - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.

• Threat Crowd - Search engine for threats.

• Virus Total - Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

• surfraw (⭐71) - Fast UNIX command line interface to a variety of popular WWW search engines.

Open Sources Intelligence (OSINT) / Dorking tools

• BinGoo (⭐214) - GNU/Linux bash based Bing and Google Dorking Tool.

• dorkbot (⭐506) - Command-line tool to scan Google (or other) search results for vulnerabilities.

• github-dorks (⭐2.7k) - CLI tool to scan GitHub repos/organizations for potential sensitive information leaks.

• GooDork (⭐131) - Command line Google dorking tool.

• Google Hacking Database - Database of Google dorks; can be used for recon.

• dork-cli (⭐140) - Command line Google dork tool.

• dorks (⭐196) - Google hack database automation tool.

• fast-recon (⭐157) - Perform Google dorks against a domain.

• pagodo (⭐2.7k) - Automate Google Hacking Database scraping.

• snitch (⭐370) - Information gathering via dorks.

Open Sources Intelligence (OSINT) / Email search and analysis tools

• SimplyEmail (⭐939) - Email recon made fast and easy.

• WhatBreach (⭐1.1k) - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.

Open Sources Intelligence (OSINT) / Metadata harvesting and analysis

• FOCA (Fingerprinting Organizations with Collected Archives) - Automated document harvester that searches Google, Bing, and DuckDuckGo to find and extrapolate internal company organizational structures.

• metagoofil (⭐983) - Metadata harvester.

• theHarvester (⭐11k) - E-mail, subdomain and people names harvester.

Open Sources Intelligence (OSINT) / Network device discovery tools

• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.

• Shodan - World's first search engine for Internet-connected devices.

• ZoomEye - Search engine for cyberspace that lets the user find specific network components.

Open Sources Intelligence (OSINT) / OSINT Online Resources

• CertGraph (⭐342) - Crawls a domain's SSL/TLS certificates for its certificate alternative names.

• GhostProject - Searchable database of billions of cleartext passwords, partially visible for free.

• NetBootcamp OSINT Tools - Collection of OSINT links and custom Web interfaces to other services.

• OSINT Framework - Collection of various OSINT tools broken out by category.

• WiGLE.net - Information about wireless networks world-wide, with user-friendly desktop and web applications.

Open Sources Intelligence (OSINT) / Source code repository searching tools

• vcsmap (⭐134) - Plugin-based tool to scan public version control systems for sensitive information.

• Yar (⭐230) - Clone git repositories to search through the whole commit history in order of commit time for secrets, tokens, or passwords.

Privilege Escalation Tools / Web application and resource analysis tools

• Active Directory and Privilege Escalation (ADAPE) (⭐1.1k) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.

• LinEnum (⭐6.8k) - Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming.

• Postenum (⭐271) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.

• unix-privesc-check (⭐1k) - Shell script to check for simple privilege escalation vectors on UNIX systems.

Reverse Engineering / Reverse Engineering Books

• Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015

• Hacking the Xbox by Andrew Huang, 2003

• Practical Reverse Engineering by Bruce Dang et al., 2014

• Reverse Engineering for Beginners by Dennis Yurichev

• The IDA Pro Book by Chris Eagle, 2011

Reverse Engineering / Reverse Engineering Tools

• WDK/WinDbg - Windows Driver Kit and WinDbg.

Shellcoding Guides and Tutorials / Reverse Engineering Tools

• Exploit Writing Tutorials - Tutorials on how to develop exploits.

• Shellcode Examples - Shellcodes database.

• Shellcode Tutorial - Tutorial on how to write shellcode.

• The Shellcoder's Handbook by Chris Anley et al., 2007

Social Engineering / Social Engineering Books

• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011

• No Tech Hacking by Johnny Long & Jack Wiles, 2008

• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002

• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005

• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014

Social Engineering / Social Engineering Online Resources

• Social Engineering Framework - Information resource for social engineers.

Steganography Tools / Social Engineering Tools

• Cloakify (⭐1.5k) - Textual steganography toolkit that converts any filetype into lists of everyday strings.

• StegCracker (⭐538) - Steganography brute-force utility to uncover hidden data inside files.

Vulnerability Databases / Social Engineering Tools

• Microsoft Security Advisories and Bulletins - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).

Web Exploitation / Web Exploitation Books

• The Browser Hacker's Handbook by Wade Alcorn et al., 2014

• The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011

Windows Utilities / Web Exploitation Books

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities.

3. Awesome Crystal

GUI Development

• Iu (⭐72) - UI framework based on the Fusion/libui.cr (⭐177) library, with custom elements and modified bindings from hedron-crystal/hedron (⭐86)

HTTP

• digest-auth (⭐4) - Digest authentication

4. Awesome Selenium

Containers / Kubernetes

• WebGrid (⭐32) - An open-source, decentralized, scalable and robust selenium-grid equivalent.

5. Public Apis

Development

• API: scraperBox

  Description: Undetectable web scraping API

  Auth: apiKey

  HTTPS: Yes

  CORS: Yes

6. Free for Dev

APIs, Data, and ML

• ScraperBox — Undetectable web scraping API using real Chrome browsers and proxy rotation. Use a simple API call to scrape any web page. The free plan has 1000 requests per month.

7. Awesome Sass

Libraries and Mixins / Media Queries

• include-media - Simple, elegant and maintainable media queries.

8. Awesome Tall Stack

Libraries

• Laravel TTALL Preset (⭐48) - A preset for Turbolinks + TALL stack, bundled with some helpful packages and their configurations.

9. Awesome Vue

Projects Using Vue.js / Open Source

• Pathfinding Visualizer ThreeJS (⭐434) - A visualizer for pathfinding algorithms in 3D with maze generation and first-person view

10. Colorful

Tools / Libraries

• pigment (⭐10) - Color information, conversion and manipulation library

Tools / Web App

• Croma - Generate color palettes from image and colors

11. Awesome Python

Static Site Generator

• makesite (⭐1.8k) - Simple, lightweight, and magic-free static site/blog generator (< 130 lines).

12. Awesome Mqtt

Broker

• KMQTT (⭐54) - Kotlin Multiplatform MQTT broker, both embeddable and standalone.

Logging / Firmwares for ESP based Devices

• mqtt2graphite (⭐71) - Archived! Instead use mqttwarn (⭐890) with carbon (⭐890) plugin.

Misc / Firmwares for ESP based Devices

• mqtt-transformer (⭐7) - A simple service which consumes, transforms and periodically republish json messages on MQTT.

Visualization, Dashboards / Firmwares for ESP based Devices

• mqtt-prometheus-message-exporter (⭐17) - A small service which will convert mqtt messages to prometheus metrics.

13. Awesome Esolangs

Languages

• Brackets (⭐3) - Language made of brackets, a lot of brackets.

14. Awesome Piracy

Streaming Sites / Anime

• Kissanime.ac Large cartoon collection, uses RapidVideo/Openload

15. Awesome R Learning Resources

Contributing / Uncategorized

• Your contributions are always welcome! Please visit our contributing.md (⭐431) to learn how to contribute to this list.

16. Awesome Aws

Open Source Repos / CloudFormation

• beaknit/cform 🔥 (⭐103) - SublimeText plugin.

Open Source Repos / Lambda

• lambda-refarch-webapp 🔥🔥🔥🔥 (⭐1.5k) - Reference Architecture for creating a Web Application.

• Prev: Aug 24, 2020
• Next: Aug 22, 2020