Exploits Database 💥

Vulnerabilities Database 🎯

Hacking Tutorials 💻

Virus Scan 🦠

Not distribute to AV

Tools Download 🛠

Network Online Tools 🌐

IP Lookup 🔎

Encrypt / Decrypt ⛓

Online Hash Crackers 🧱

File Upload 📁

Anonymous Test 🕵️

Torcheck 🧅

SMS 📩

Fake Identity 🙃

Blogs and Articles


News


Communities


Forums


Books

Writeups

Official Websites

Bug Bounty Platforms

Individual Programs

Crowdsourcing

Bug Bounty Beginner's Roadmap

Technical

Computer Fundamentals

Computer Networking

Operating Systems

Command Line

Windows:

Linux:

Programming

C

Python

JavaScript

PHP


Challenges


Podcasts


Services


Telegram channels


YouTube Channels


Other directories


PRACTICE!

CTF

Online Labs

Offline Labs

Hack The Box
Attack Defense 1000+ Labs!
VulnHub
Root.me
Penetration Testing Practice Lab / Vulnerable Apps/Systems
Vulhub
Vulapps
Vulnspy
Upload-Labs
TryHackMe

BLOGS

[ * ] https://scriptkidd1e.wordpress.com/oscp-journey/
[ * ] http://www.securitysift.com/offsec-pwb-oscp/
[ * ] http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
[ * ] http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
[ * ] http://hackingandsecurity.blogspot.com
[ * ] http://carnal0wnage.blogspot.com/
[ * ] http://www.mcgrewsecurity.com/
[ * ] http://www.gnucitizen.org/blog/
[ * ] http://www.darknet.org.uk/
[ * ] http://spylogic.net/
[ * ] http://taosecurity.blogspot.com/
[ * ] http://www.room362.com/
[ * ] http://blog.sipvicious.org/
[ * ] http://blog.portswigger.net/
[ * ] http://pentestmonkey.net/blog/
[ * ] http://jeremiahgrossman.blogspot.com/
[ * ] http://i8jesus.com/
[ * ] http://blog.c22.cc/
[ * ] http://www.skullsecurity.org/blog/
[ * ] http://blog.metasploit.com/
[ * ] http://www.darkoperator.com/
[ * ] http://blog.skeptikal.org/
[ * ] http://preachsecurity.blogspot.com/
[ * ] http://www.tssci-security.com/
[ * ] http://www.gdssecurity.com/l/b/
[ * ] http://websec.wordpress.com/
[ * ] http://bernardodamele.blogspot.com/
[ * ] http://laramies.blogspot.com/
[ * ] http://www.spylogic.net/
[ * ] http://blog.andlabs.org/
[ * ] http://xs-sniper.com/blog/
[ * ] http://www.commonexploits.com/
[ * ] http://www.sensepost.com/blog/
[ * ] http://wepma.blogspot.com/
[ * ] http://exploit.co.il/
[ * ] http://securityreliks.wordpress.com/
[ * ] http://www.madirish.net/index.html
[ * ] http://sirdarckcat.blogspot.com/
[ * ] http://reusablesec.blogspot.com/
[ * ] http://myne-us.blogspot.com/
[ * ] http://www.notsosecure.com/
[ * ] http://blog.spiderlabs.com/
[ * ] http://www.corelan.be/
[ * ] http://www.digininja.org/
[ * ] http://www.pauldotcom.com/
[ * ] http://www.attackvector.org/
[ * ] http://deviating.net/
[ * ] http://www.alphaonelabs.com/
[ * ] http://www.smashingpasswords.com/
[ * ] http://wirewatcher.wordpress.com/
[ * ] http://gynvael.coldwind.pl/
[ * ] http://www.nullthreat.net/
[ * ] http://www.question-defense.com/
[ * ] http://archangelamael.blogspot.com/
[ * ] http://memset.wordpress.com/
[ * ] http://sickness.tor.hu/
[ * ] http://punter-infosec.com/
[ * ] http://www.securityninja.co.uk/
[ * ] http://securityandrisk.blogspot.com/
[ * ] http://esploit.blogspot.com/
[ * ] http://www.pentestit.com/

FORUMS

[ * ] http://sla.ckers.org/forum/index.php
[ * ] http://www.ethicalhacker.net/
[ * ] http://www.backtrack-linux.org/forums/
[ * ] http://www.elitehackers.info/forums/
[ * ] http://www.hackthissite.org/forums/index.php
[ * ] http://securityoverride.com/forum/index.php
[ * ] http://www.iexploit.org/
[ * ] http://bright-shadows.net/
[ * ] http://www.governmentsecurity.org/forum/
[ * ] http://forum.intern0t.net/

MAGAZINES

[ * ] http://www.net-security.org/insecuremag.php
[ * ] http://hakin9.org/

VIDEO

[ * ] http://www.hackernews.com/
[ * ] http://www.securitytube.net/
[ * ] http://www.irongeek.com/i.php?page=videos/aide-winter-2011
[ * ] http://avondale.good.net/dl/bd/
[ * ] http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
[ * ] http://www.youtube.com/user/ChRiStIaAn008
[ * ] http://www.youtube.com/user/HackingCons
[ * ] https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
[ * ] https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
[ * ] https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
[ * ] https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8tw
[ * ] https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
[ * ] https://www.youtube.com/user/RootOfTheNull
[ * ] https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA

METHODOLOGIES

[ * ] http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
[ * ] http://www.pentest-standard.org/index.php/Main_Page
[ * ] http://projects.webappsec.org/w/page/13246978/Threat-Classification
[ * ] http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
[ * ] http://www.social-engineer.org/

PRESENTATIONS

[ * ] http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
[ * ] http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
[ * ] http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
[ * ] http://www.slideshare.net/Laramies/tactical-information-gathering
[ * ] http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
[ * ] http://infond.blogspot.com/2010/05/toturial-footprinting.html

PEOPLE AND ORGANIZATIONAL

[ * ] http://www.spokeo.com/
[ * ] http://www.123people.com/
[ * ] http://www.xing.com/
[ * ] http://www.zoominfo.com/search
[ * ] http://pipl.com/
[ * ] http://www.zabasearch.com/
[ * ] http://www.searchbug.com/default.aspx
[ * ] http://theultimates.com/
[ * ] http://skipease.com/
[ * ] http://addictomatic.com/
[ * ] http://socialmention.com/
[ * ] http://entitycube.research.microsoft.com/
[ * ] http://www.yasni.com/
[ * ] http://tweepz.com/
[ * ] http://tweepsearch.com/
[ * ] http://www.glassdoor.com/index.htm
[ * ] http://www.jigsaw.com/
[ * ] http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
[ * ] http://www.tineye.com/
[ * ] http://www.peekyou.com/
[ * ] http://picfog.com/
[ * ] http://twapperkeeper.com/index.php

INFRASTRUCTURE

[ * ] http://uptime.netcraft.com/
[ * ] http://www.serversniff.net/
[ * ] http://www.domaintools.com/
[ * ] http://centralops.net/co/
[ * ] http://hackerfantastic.com/
[ * ] http://whois.webhosting.info/
[ * ] https://www.ssllabs.com/ssldb/analyze.html
[ * ] http://www.clez.net/
[ * ] http://www.my-ip-neighbors.com/
[ * ] http://www.shodanhq.com/
[ * ] http://www.exploit-db.com/google-dorks/
[ * ] http://www.hackersforcharity.org/ghdb/
EXPLOITS AND ADVISORIES
[ * ] http://www.exploit-db.com/
[ * ] http://www.cvedetails.com/
[ * ] http://www.packetstormsecurity.org/
[ * ] http://www.securityforest.com/wiki/index.php/Main_Page
[ * ] http://www.securityfocus.com/bid
[ * ] http://nvd.nist.gov/
[ * ] http://osvdb.org/
[ * ] http://www.nullbyte.org.il/Index.html
[ * ] http://secdocs.lonerunners.net/
[ * ] http://www.phenoelit-us.org/whatSAP/index.html
[ * ] http://secunia.com/
[ * ] http://cve.mitre.org/
CHEATSHEETS AND SYNTAX
[ * ] http://www.cheat-sheets.org/
[ * ] http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

AGILE HACKING

[ * ] http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
[ * ] http://blog.commandlinekungfu.com/
[ * ] http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
[ * ] http://isc.sans.edu/diary.html?storyid=2376
[ * ] http://isc.sans.edu/diary.html?storyid=1229
[ * ] http://ss64.com/nt/
[ * ] http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
[ * ] http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
[ * ] http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
[ * ] http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
[ * ] http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
[ * ] http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
[ * ] http://www.pentesterscripting.com/
[ * ] http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
[ * ] http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

OS AND SCRIPTS

[ * ] http://en.wikipedia.org/wiki/IPv4_subnetting_reference
[ * ] http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
[ * ] http://shelldorado.com/shelltips/beginner.html
[ * ] http://www.linuxsurvival.com/
[ * ] http://mywiki.wooledge.org/BashPitfalls
[ * ] http://rubular.com/
[ * ] http://www.iana.org/assignments/port-numbers
[ * ] http://www.robvanderwoude.com/ntadmincommands.php
[ * ] http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

TOOLS

[ * ] http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
[ * ] http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
[ * ] http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
[ * ] http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
[ * ] http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
[ * ] http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
[ * ] http://h.ackack.net/cheat-sheets/netcat

DISTROS

[ * ] http://www.backtrack-linux.org/
[ * ] http://www.matriux.com/
[ * ] http://samurai.inguardians.com/
[ * ] http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
[ * ] https://pentoo.ch/
[ * ] http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
[ * ] http://www.piotrbania.com/all/kon-boot/
[ * ] http://www.linuxfromscratch.org/
[ * ] http://sumolinux.suntzudata.com/
[ * ] http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
[ * ] http://www.backbox.org/

LABS ISOS AND VMS

[ * ] http://sourceforge.net/projects/websecuritydojo/
[ * ] http://code.google.com/p/owaspbwa/wiki/ProjectSummary
[ * ] http://heorot.net/livecds/
[ * ] http://informatica.uv.es/~carlos/docencia/netinvm/
[ * ] http://www.bonsai-sec.com/en/research/moth.php
[ * ] http://blog.metasploit.com/2010/05/introducing-metasploitable.html
[ * ] http://pynstrom.net/holynix.php
[ * ] http://gnacktrack.co.uk/download.php
[ * ] http://sourceforge.net/projects/lampsecurity/files/
[ * ] https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
[ * ] http://sourceforge.net/projects/virtualhacking/files/
[ * ] http://www.badstore.net/
[ * ] http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
[ * ] http://www.dvwa.co.uk/
[ * ] http://sourceforge.net/projects/thebutterflytmp/

VULNERABLE SOFTWARE

[ * ] http://www.oldapps.com/
[ * ] http://www.oldversion.com/
[ * ] http://www.exploit-db.com/webapps/
[ * ] http://code.google.com/p/wavsep/downloads/list
[ * ] http://www.owasp.org/index.php/Owasp_SiteGenerator
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

TEST SITES

[ * ] http://www.webscantest.com/
[ * ] http://crackme.cenzic.com/Kelev/view/home.php
[ * ] http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=[ * ] http://www.Freebank.com
[ * ] http://testaspnet.vulnweb.com/
[ * ] http://testasp.vulnweb.com/
[ * ] http://testphp.vulnweb.com/
[ * ] http://demo.testfire.net/
[ * ] http://hackme.ntobjectives.com/

EXPLOITATION INTRO

[ * ] http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
[ * ] http://www.mgraziano.info/docs/stsi2010.pdf
[ * ] http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
[ * ] http://www.ethicalhacker.net/content/view/122/2/
[ * ] http://code.google.com/p/it-sec-catalog/wiki/Exploitation
[ * ] http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
[ * ] http://ref.x86asm.net/index.html

REVERSE ENGINEERING & MALWARE

[ * ] http://www.woodmann.com/TiGa/idaseries.html
[ * ] http://www.binary-auditing.com/
[ * ] http://visi.kenshoto.com/
[ * ] http://www.radare.org/y/
[ * ] http://www.offensivecomputing.net/

PASSWORDS AND HASHES

[ * ] http://www.irongeek.com/i.php?page=videos/password-exploitation-class
[ * ] http://cirt.net/passwords
[ * ] http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
[ * ] http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
[ * ] http://www.foofus.net/?page_id=63
[ * ] http://hashcrack.blogspot.com/
[ * ] http://www.nirsoft.net/articles/saved_password_location.html
[ * ] http://www.onlinehashcrack.com/
[ * ] http://www.md5this.com/list.php?
[ * ] http://www.virus.org/default-password
[ * ] http://www.phenoelit-us.org/dpl/dpl.html
[ * ] http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

WORDLISTS

[ * ] http://contest.korelogic.com/wordlists.html
[ * ] http://packetstormsecurity.org/Crackers/wordlists/
[ * ] http://www.skullsecurity.org/wiki/index.php/Passwords
[ * ] http://www.ericheitzman.com/passwd/passwords/

PASS THE HASH

[ * ] http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
[ * ] http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
[ * ] http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

MITM

[ * ] http://www.giac.org/certified_professionals/practicals/gsec/0810.php
[ * ] http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
[ * ] http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
[ * ] http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
[ * ] http://www.mindcenter.net/uploads/ECCE101.pdf
[ * ] http://toorcon.org/pres12/3.pdf
[ * ] http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
[ * ] http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
[ * ] http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
[ * ] http://www.oact.inaf.it/ws-ssri/Costa.pdf
[ * ] http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
[ * ] http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
[ * ] http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
[ * ] http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
[ * ] http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
[ * ] http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
[ * ] http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
[ * ] http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
[ * ] http://articles.manugarg.com/arp_spoofing.pdf
[ * ] http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
[ * ] http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
[ * ] http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
[ * ] http://blog.spiderlabs.com/2010/12/thicknet.html
[ * ] http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
[ * ] http://www.go4expert.com/forums/showthread.php?t=11842
[ * ] http://www.irongeek.com/i.php?page=security/ettercapfilter
[ * ] http://openmaniak.com/ettercap_filter.php
[ * ] http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
[ * ] http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
[ * ] http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
[ * ] http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

TOOLS OSINT

[ * ] http://www.edge-security.com/theHarvester.php
[ * ] http://www.mavetju.org/unix/dnstracer-man.php
[ * ] http://www.paterva.com/web5/

Metadata

[ * ] http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
[ * ] http://lcamtuf.coredump.cx/strikeout/
[ * ] http://www.sno.phy.queensu.ca/~phil/exiftool/
[ * ] http://www.edge-security.com/metagoofil.php
[ * ] http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

GOOGLE HACKING

[ * ] http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
[ * ] http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
[ * ] http://sqid.rubyforge.org/#next
[ * ] http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

WEB

[ * ] http://www.bindshell.net/tools/beef
[ * ] http://blindelephant.sourceforge.net/
[ * ] http://xsser.sourceforge.net/
[ * ] http://sourceforge.net/projects/rips-scanner/
[ * ] http://www.divineinvasion.net/authforce/
[ * ] http://andlabs.org/tools.html#sotf
[ * ] http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
[ * ] http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
[ * ] http://code.google.com/p/pinata-csrf-tool/
[ * ] http://xsser.sourceforge.net/#intro
[ * ] http://www.contextis.co.uk/resources/tools/clickjacking-tool/
[ * ] http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
[ * ] http://sourceforge.net/projects/ws-attacker/files/
[ * ] https://github.com/koto/squid-imposter

ATTACK STRINGS

[ * ] http://code.google.com/p/fuzzdb/
[ * ] http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

SHELLS

[ * ] http://sourceforge.net/projects/yokoso/
[ * ] http://sourceforge.net/projects/ajaxshell/

SCANNERS

[ * ] http://w3af.sourceforge.net/
[ * ] http://code.google.com/p/skipfish/
[ * ] http://sqlmap.sourceforge.net/
[ * ] http://sqid.rubyforge.org/#next
[ * ] http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
[ * ] http://code.google.com/p/fimap/wiki/WindowsAttack
[ * ] http://code.google.com/p/fm-fsf/

PROXIES Burp

[ * ] http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
[ * ] http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
[ * ] http://sourceforge.net/projects/belch/files/
[ * ] http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
[ * ] http://blog.ombrepixel.com/
[ * ] http://andlabs.org/tools.html#dser
[ * ] http://feoh.tistory.com/22
[ * ] http://www.sensepost.com/labs/tools/pentest/reduh
[ * ] http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
[ * ] http://intrepidusgroup.com/insight/mallory/
[ * ] http://www.fiddler2.com/fiddler2/
[ * ] http://websecuritytool.codeplex.com/documentation?referringTitle=Home
[ * ] http://translate.google.com/translate?hl=en&sl=es&u=[ * ] http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3D[ * ] http://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

SOCIAL ENGINEERING

[ * ] http://www.secmaniac.com/

PASSWORD

[ * ] http://nmap.org/ncrack/
[ * ] http://www.foofus.net/~jmk/medusa/medusa.html
[ * ] http://www.openwall.com/john/
[ * ] http://ophcrack.sourceforge.net/
[ * ] http://blog.0x3f.net/tool/keimpx-in-action/
[ * ] http://code.google.com/p/keimpx/
[ * ] http://sourceforge.net/projects/hashkill/

METASPLOIT

[ * ] http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
[ * ] http://code.google.com/p/msf-hack/wiki/WmapNikto
[ * ] http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
[ * ] http://seclists.org/metasploit/
[ * ] http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
[ * ] http://meterpreter.illegalguy.hostzi.com/
[ * ] http://blog.metasploit.com/2010/03/automating-metasploit-console.html
[ * ] http://www.workrobot.com/sansfire2009/561.html
[ * ] http://www.securitytube.net/video/711
[ * ] http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
[ * ] http://vimeo.com/16852783
[ * ] http://milo2012.wordpress.com/2009/09/27/xlsinjector/
[ * ] http://www.fastandeasyhacking.com/
[ * ] http://trac.happypacket.net/
[ * ] http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
[ * ] http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
[ * ] http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
[ * ] http://www.irongeek.com/i.php?page=videos/metasploit-class
[ * ] http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
[ * ] http://vimeo.com/16925188
[ * ] http://www.ustream.tv/recorded/13396511
[ * ] http://www.ustream.tv/recorded/13397426
[ * ] http://www.ustream.tv/recorded/13398740

MSF Exploits or Easy

[ * ] http://www.nessus.org/plugins/index.php?view=single&id=12204 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=11413 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=18021 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26918 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=34821 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=22194 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=34476 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=25168 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=19408 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=21564 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=10862 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26925 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=29314 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=23643 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12052 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12052 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=34477 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=15962 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=42106 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=15456 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=21689 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12205 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=22182 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26919 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26921 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=21696 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=40887 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=10404 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=18027 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=19402 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=11790 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12209 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=10673

NSE

[ * ] http://www.securitytube.net/video/931
[ * ] http://nmap.org/nsedoc/

NET SCANNERS AND SCRIPTS

[ * ] http://nmap.org/
[ * ] http://asturio.gmxhome.de/software/sambascan2/i.html
[ * ] http://www.softperfect.com/products/networkscanner/
[ * ] http://www.openvas.org/
[ * ] http://tenable.com/products/nessus
[ * ] http://www.rapid7.com/vulnerability-scanner.jsp
[ * ] http://www.eeye.com/products/retina/community

POST EXPLOITATION

[ * ] http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
[ * ] http://www.phx2600.org/archive/2008/08/29/metacab/
[ * ] http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

NETCAT

[ * ] http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
[ * ] http://www.radarhack.com/tutorial/ads.pdf
[ * ] http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
[ * ] http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
[ * ] http://www.dest-unreach.org/socat/
[ * ] http://www.antionline.com/archive/index.php/t-230603.html
[ * ] http://technotales.wordpress.com/2009/06/14/netcat-tricks/
[ * ] http://seclists.org/nmap-dev/2009/q1/581
[ * ] http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
[ * ] http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
[ * ] http://gse-compliance.blogspot.com/2008/07/netcat.html

SOURCE INSPECTION

[ * ] http://www.justanotherhacker.com/projects/graudit.html
[ * ] http://code.google.com/p/javasnoop/

FIREFOX ADDONS

[ * ] https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/?src=collection [ * ] https://addons.mozilla.org/en-US/firefox/addon/web-developer/?src=collection [ * ] https://addons.mozilla.org/en-CA/firefox/addon/cookie-quick-manager/ [ * ] https://addons.mozilla.org/en-CA/firefox/addon/hackbartool/

TOOL LISTINGS

[ * ] http://packetstormsecurity.org/files/tags/tool
[ * ] http://tools.securitytube.net/index.php?title=Main_Page

TRAINING/CLASSES SEC/HACKING

[ * ] http://pentest.cryptocity.net/
[ * ] http://www.irongeek.com/i.php?page=videos/network-sniffers-class
[ * ] http://samsclass.info/124/124_Sum09.shtml
[ * ] http://www.cs.ucsb.edu/~vigna/courses/cs279/
[ * ] http://crypto.stanford.edu/cs142/
[ * ] http://crypto.stanford.edu/cs155/
[ * ] http://cseweb.ucsd.edu/classes/wi09/cse227/
[ * ] http://www-inst.eecs.berkeley.edu/~cs161/sp11/
[ * ] http://security.ucla.edu/pages/Security_Talks
[ * ] http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
[ * ] http://cr.yp.to/2004-494.html
[ * ] http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
[ * ] https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
[ * ] http://stuff.mit.edu/iap/2009/#websecurity

PROGRAMMING Python

[ * ] http://code.google.com/edu/languages/google-python-class/index.html
[ * ] http://www.swaroopch.com/notes/Python_en: Table_of_Contents
[ * ] http://www.thenewboston.com/?cat=40&pOpen=tutorial
[ * ] http://showmedo.com/videotutorials/python
[ * ] http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/

PROGRAMMING Ruby

[ * ] http://www.tekniqal.com/

OTHER MISC

[ * ] http://www.cs.sjtu.edu.cn/~kzhu/cs490/
[ * ] https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
[ * ] http://i-web.iu-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
[ * ] http://resources.infosecinstitute.com/
[ * ] http://vimeo.com/user2720399

WEB VECTORS SQLI

[ * ] http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
[ * ] http://isc.sans.edu/diary.html?storyid=9397
[ * ] http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
[ * ] http://www.evilsql.com/main/index.php
[ * ] http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
[ * ] http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
[ * ] http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
[ * ] http://sqlzoo.net/hack/
[ * ] http://www.sqlteam.com/article/sql-server-versions
[ * ] http://www.krazl.com/blog/?p=3
[ * ] http://www.owasp.org/index.php/Testing_for_MS_Access
[ * ] http://web.archive.org/web/20101112061524/[ * ] http://seclists.org/pen-test/2003/May/0074.html
[ * ] http://web.archive.org/web/20080822123152/[ * ] http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
[ * ] http://www.youtube.com/watch?v=WkHkryIoLD0
[ * ] http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
[ * ] http://vimeo.com/3418947
[ * ] http://sla.ckers.org/forum/read.php?24,33903
[ * ] http://websec.files.wordpress.com/2010/11/sqli2.pdf
[ * ] http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
[ * ] http://ha.ckers.org/sqlinjection/
[ * ] http://lab.mediaservice.net/notes_more.php?id=MSSQL

WEB VECTORS UPLOAD TRICKS

[ * ] http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
[ * ] http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
[ * ] http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
[ * ] http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
[ * ] http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
[ * ] http://www.ravenphpscripts.com/article2974.html
[ * ] http://www.acunetix.com/cross-site-scripting/scanner.htm
[ * ] http://www.vupen.com/english/advisories/2009/3634
[ * ] http://msdn.microsoft.com/en-us/library/aa478971.aspx
[ * ] http://dev.tangocms.org/issues/237
[ * ] http://seclists.org/fulldisclosure/2006/Jun/508
[ * ] http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
[ * ] http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
[ * ] http://shsc.info/FileUploadSecurity

WEB VECTORS LFI/RFI

[ * ] http://pastie.org/840199
[ * ] http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
[ * ] http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
[ * ] http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
[ * ] http://www.digininja.org/blog/when_all_you_can_do_is_read.php

WEB VECTORS XSS

[ * ] http://www.infosecwriters.com/hhworld/hh8/csstut.htm
[ * ] http://www.technicalinfo.net/papers/CSS.html
[ * ] http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
[ * ] http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
[ * ] https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
[ * ] http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
[ * ] http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
[ * ] http://heideri.ch/jso/#javascript
[ * ] http://www.reddit.com/r/xss/
[ * ] http://sla.ckers.org/forum/list.php?2

COLDFUSION

[ * ] http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
[ * ] http://zastita.com/02114/Attacking_ColdFusion..html
[ * ] http://www.nosec.org/2010/0809/629.html
[ * ] http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
[ * ] http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf

SHAREPOINT

[ * ] http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

LOTUS

[ * ] http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
[ * ] http://seclists.org/pen-test/2002/Nov/43
[ * ] http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?

JBOSS

[ * ] http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
[ * ] http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

VMWARE WEB

[ * ] http://www.metasploit.com/modules/auxiliary/scanner/[ * ] http/vmware_server_dir_trav

ORACLE APP SERVERS

[ * ] http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
[ * ] http://www.owasp.org/index.php/Testing_for_Oracle
[ * ] http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
[ * ] http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
[ * ] http://www.ngssoftware.com/papers/hpoas.pdf

SAP

[ * ] http://www.onapsis.com/research.html#bizploit
[ * ] http://marc.info/?l=john-users&m=121444075820309&w=2
[ * ] http://www.phenoelit-us.org/whatSAP/index.html

WIRELESS

[ * ] http://code.google.com/p/pyrit/

CAPTURE THE FLAG/WARGAMES

[ * ] http://intruded.net/
[ * ] http://smashthestack.org/
[ * ] http://flack.hkpco.kr/
[ * ] http://ctf.hcesperer.org/
[ * ] http://ictf.cs.ucsb.edu/
[ * ] http://capture.thefl.ag/calendar/

MISC/UNSORTED

[ * ] http://www.ikkisoft.com/stuff/SMH_XSS.txt
[ * ] http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter [ * ] http://whatthefuckismyinformationsecuritystrategy.com/
[ * ] http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
[ * ] http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
[ * ] http://www.sensepost.com/blog/4552.html
[ * ] http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
[ * ] http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
[ * ] http://carnal0wnage.attackresearch.com/node/410
[ * ] http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
[ * ] http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
[ * ] http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

====== BLOGS ====== http://carnal0wnage.attackresearch.com/2012/01/psexec-fail-upload-and-exec-instead.html http://overthewire.org/wargames/narnia/ https://github.com/StevenVanAcker/OverTheWire-website https://github.com/StevenVanAcker/OverTheWire-draco-website

===== TOOLS ===== https://github.com/Gallopsled/pwntools http://mh-nexus.de/en/downloads.php?product=HxD https://www.securepla.net/antivirus-now-you-see-me-now-you-dont https://www.securepla.net/password-cracking-for-fun-and-profit/ http://www.nullsecurity.net/tools/binary.html http://www.irongeek.com/i.php?page=videos/hack3rcon5/h01-intro-to-powershell-scripting-for-security

Metasploitable 2 Exploitability Guide -https://community.rapid7.com/docs/DOC-1875

The Art of Writing Penetration Test Reports -http://resources.infosecinstitute.com/writing-penetration-testing-reports/

http://www.serverhardening.com/

About the archive bit and backup methods -https://support.symantec.com/en_US/article.HOWTO22710.html

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration - http://opensecuritytraining.info/IntroX86.html

[Exploit tutorial: Buffer Overflow] - https://www.reddit.com/r/hacking/comments/1wy610/exploit_tutorial_buffer_overflow/

Exploit writing tutorial part 1 : Stack Based Overflows - https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

Introduction To Software Exploits - http://opensecuritytraining.info/Exploits1.html

Protostar Exploits Exercises - https://exploit-exercises.com/protostar/

Wargames - http://overthewire.org/wargames/narnia/

http://archive.cert.uni-stuttgart.de/vuln-dev/2006/05/msg00004.html http://www.infigo.hr/files/INFIGO-TD-2006-04-01-Fuzzing-eng.pdf http://challenges.re/ http://shell-storm.org/ https://samsclass.info/


-> Much thanks to MrTsRex for Cheatsheet_Windows.txt enumerating Windows version vulnerabilities

-> Much thanks to susmithaaa for his contribution to Cheatsheet_PenTesting.txt password attacks section

-> Much thanks to akshaycbor for his contribution to Cheatsheet_MobileAppTesting.txt regarding apk repackaging instructions

+ UPDATE: Added my huge link of bookmarks / references ❤️  
A_Can_Of_Tuna

Webp net-resizeimage