+ UPDATE: Added my huge link of bookmarks / references ❤️
Do you have a million bookmarks saved? Do all of those bookmarks contain unique information? Github repos starred for later?
Well this is a compilation of all of these resources into a single repo known as Cheatsheet-God. No more need for bookmarked links. No need to open a web browser. Its all here for you.
This is a collection of resources, scripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want!
All contributions are welcomed! If you feel like you can contribute and make these documents more complete, please do! I'll acknowledge you.
If you would like to improve anything, and add to this repo, PLEASE DO!
Here's what you do:
- Create Issue Request describing your
enhancement
- Fork this repository
- Push some code to your fork
- Come back to this repository and open a PR
- After some review, get that PR merged to master
- Make sure to update Issue Request so that I can credit you! You ROCK!
Feel free to also open an issue with any questions, help wanted, or requests!
Acknowledgments
- Inspiration: Making a cheatsheet god would be proud of using.
- Hat tip to anyone who ever contributed
-> Much thanks to MrTsRex for Cheatsheet_Windows.txt enumerating Windows version vulnerabilities
-> Much thanks to susmithaaa for his contribution to Cheatsheet_PenTesting.txt password attacks section
-> Much thanks to akshaycbor for his contribution to Cheatsheet_MobileAppTesting.txt regarding apk repackaging instructions
More
WeChat Official Account
Get Some Practice
Hack The Box
Attack Defense 1000+ Labs!
VulnHub
Root.me
Penetration Testing Practice Lab / Vulnerable Apps/Systems
Vulhub
Vulapps
Vulnspy
Upload-Labs
TryHackMe
BLOGS
https://scriptkidd1e.wordpress.com/oscp-journey/
http://www.securitysift.com/offsec-pwb-oscp/
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
http://hackingandsecurity.blogspot.com
Http://carnal0wnage.blogspot.com/
Http://www.mcgrewsecurity.com/
Http://www.gnucitizen.org/blog/
Http://www.darknet.org.uk/
Http://spylogic.net/
Http://taosecurity.blogspot.com/
Http://www.room362.com/
Http://blog.sipvicious.org/
Http://blog.portswigger.net/
Http://pentestmonkey.net/blog/
Http://jeremiahgrossman.blogspot.com/
Http://i8jesus.com/
Http://blog.c22.cc/
Http://www.skullsecurity.org/blog/
Http://blog.metasploit.com/
Http://www.darkoperator.com/
Http://blog.skeptikal.org/
Http://preachsecurity.blogspot.com/
Http://www.tssci-security.com/
Http://www.gdssecurity.com/l/b/
Http://websec.wordpress.com/
Http://bernardodamele.blogspot.com/
Http://laramies.blogspot.com/
Http://www.spylogic.net/
Http://blog.andlabs.org/
Http://xs-sniper.com/blog/
Http://www.commonexploits.com/
Http://www.sensepost.com/blog/
Http://wepma.blogspot.com/
Http://exploit.co.il/
Http://securityreliks.wordpress.com/
Http://www.madirish.net/index.html
Http://sirdarckcat.blogspot.com/
Http://reusablesec.blogspot.com/
Http://myne-us.blogspot.com/
Http://www.notsosecure.com/
Http://blog.spiderlabs.com/
Http://www.corelan.be/
Http://www.digininja.org/
Http://www.pauldotcom.com/
Http://www.attackvector.org/
Http://deviating.net/
Http://www.alphaonelabs.com/
Http://www.smashingpasswords.com/
Http://wirewatcher.wordpress.com/
Http://gynvael.coldwind.pl/
Http://www.nullthreat.net/
Http://www.question-defense.com/
Http://archangelamael.blogspot.com/
Http://memset.wordpress.com/
Http://sickness.tor.hu/
Http://punter-infosec.com/
Http://www.securityninja.co.uk/
Http://securityandrisk.blogspot.com/
Http://esploit.blogspot.com/
Http://www.pentestit.com/
FORUMS
Http://sla.ckers.org/forum/index.php
Http://www.ethicalhacker.net/
Http://www.backtrack-linux.org/forums/
Http://www.elitehackers.info/forums/
Http://www.hackthissite.org/forums/index.php
Http://securityoverride.com/forum/index.php
Http://www.iexploit.org/
Http://bright-shadows.net/
Http://www.governmentsecurity.org/forum/
Http://forum.intern0t.net/
MAGAZINES
Http://www.net-security.org/insecuremag.php
Http://hakin9.org/
VIDEO
Http://www.hackernews.com/
Http://www.securitytube.net/
Http://www.irongeek.com/i.php?page=videos/aide-winter-2011
Http://avondale.good.net/dl/bd/
Http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8tw
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
https://www.youtube.com/user/RootOfTheNull
https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
METHODOLOGIES
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
http://projects.webappsec.org/w/page/13246978/Threat-Classification
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Http://www.social-engineer.org/
PRESENTATIONS
Http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
Http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.slideshare.net/Laramies/tactical-information-gathering
Http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
Http://infond.blogspot.com/2010/05/toturial-footprinting.html
PEOPLE AND ORGANIZATIONAL
Http://www.spokeo.com/
Http://www.123people.com/
Http://www.xing.com/
Http://www.zoominfo.com/search
Http://pipl.com/
Http://www.zabasearch.com/
Http://www.searchbug.com/default.aspx
Http://theultimates.com/
Http://skipease.com/
Http://addictomatic.com/
Http://socialmention.com/
Http://entitycube.research.microsoft.com/
Http://www.yasni.com/
Http://tweepz.com/
Http://tweepsearch.com/
Http://www.glassdoor.com/index.htm
Http://www.jigsaw.com/
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
Http://www.tineye.com/
Http://www.peekyou.com/
Http://picfog.com/
Http://twapperkeeper.com/index.php
INFRASTRUCTURE
Http://uptime.netcraft.com/
Http://www.serversniff.net/
Http://www.domaintools.com/
Http://centralops.net/co/
Http://hackerfantastic.com/
Http://whois.webhosting.info/
Https://www.ssllabs.com/ssldb/analyze.html
Http://www.clez.net/
Http://www.my-ip-neighbors.com/
Http://www.shodanhq.com/
Http://www.exploit-db.com/google-dorks/
Http://www.hackersforcharity.org/ghdb/
EXPLOITS AND ADVISORIES
Http://www.exploit-db.com/
Http://www.cvedetails.com/
Http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
Http://www.securityfocus.com/bid
Http://nvd.nist.gov/
Http://osvdb.org/
http://www.nullbyte.org.il/Index.html
Http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
Http://secunia.com/
Http://cve.mitre.org/
CHEATSHEETS AND SYNTAX
Http://www.cheat-sheets.org/
Http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
AGILE HACKING
Http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
Http://blog.commandlinekungfu.com/
Http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
Http://isc.sans.edu/diary.html?storyid=2376
Http://isc.sans.edu/diary.html?storyid=1229
Http://ss64.com/nt/
Http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
Http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
Http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
Http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
Http://www.pentesterscripting.com/
Http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
OS AND SCRIPTS
http://en.wikipedia.org/wiki/IPv4_subnetting_reference
Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
Http://shelldorado.com/shelltips/beginner.html
Http://www.linuxsurvival.com/
http://mywiki.wooledge.org/BashPitfalls
Http://rubular.com/
Http://www.iana.org/assignments/port-numbers
Http://www.robvanderwoude.com/ntadmincommands.php
Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
TOOLS
Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
Http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
Http://h.ackack.net/cheat-sheets/netcat
DISTROS
Http://www.backtrack-linux.org/
Http://www.matriux.com/
Http://samurai.inguardians.com/
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
Https://pentoo.ch/
Http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
Http://www.piotrbania.com/all/kon-boot/
Http://www.linuxfromscratch.org/
Http://sumolinux.suntzudata.com/
Http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
Http://www.backbox.org/
LABS ISOS AND VMS
Http://sourceforge.net/projects/websecuritydojo/
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
Http://heorot.net/livecds/
Http://informatica.uv.es/~carlos/docencia/netinvm/
Http://www.bonsai-sec.com/en/research/moth.php
Http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Http://pynstrom.net/holynix.php
Http://gnacktrack.co.uk/download.php
Http://sourceforge.net/projects/lampsecurity/files/
Https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
Http://sourceforge.net/projects/virtualhacking/files/
Http://www.badstore.net/
Http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Http://www.dvwa.co.uk/
Http://sourceforge.net/projects/thebutterflytmp/
VULNERABLE SOFTWARE
Http://www.oldapps.com/
Http://www.oldversion.com/
Http://www.exploit-db.com/webapps/
Http://code.google.com/p/wavsep/downloads/list
http://www.owasp.org/index.php/Owasp_SiteGenerator
Http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
TEST SITES
Http://www.webscantest.com/
http://crackme.cenzic.com/Kelev/view/home.php
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Http://testaspnet.vulnweb.com/
Http://testasp.vulnweb.com/
Http://testphp.vulnweb.com/
Http://demo.testfire.net/
Http://hackme.ntobjectives.com/
EXPLOITATION INTRO
Http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
Http://www.mgraziano.info/docs/stsi2010.pdf
Http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
Http://www.ethicalhacker.net/content/view/122/2/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
Http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
Http://ref.x86asm.net/index.html
REVERSE ENGINEERING & MALWARE
http://www.woodmann.com/TiGa/idaseries.html
Http://www.binary-auditing.com/
Http://visi.kenshoto.com/
Http://www.radare.org/y/
Http://www.offensivecomputing.net/
PASSWORDS AND HASHES
Http://www.irongeek.com/i.php?page=videos/password-exploitation-class
Http://cirt.net/passwords
Http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
Http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
Http://www.foofus.net/?page_id=63
Http://hashcrack.blogspot.com/
Http://www.nirsoft.net/articles/saved_password_location.html
Http://www.onlinehashcrack.com/
Http://www.md5this.com/list.php?
Http://www.virus.org/default-password
Http://www.phenoelit-us.org/dpl/dpl.html
Http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
WORDLISTS
Http://contest.korelogic.com/wordlists.html
http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords
Http://www.ericheitzman.com/passwd/passwords/
PASS THE HASH
Http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
Http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
Http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
MITM
Http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
Http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
Http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.mindcenter.net/uploads/ECCE101.pdf
Http://toorcon.org/pres12/3.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
Http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
Http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.oact.inaf.it/ws-ssri/Costa.pdf
Http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
Http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
Http://blog.spiderlabs.com/2010/12/thicknet.html
Http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
Http://www.go4expert.com/forums/showthread.php?t=11842
Http://www.irongeek.com/i.php?page=security/ettercapfilter
Http://openmaniak.com/ettercap_filter.php
Http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
Http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
Http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
Http://spareclockcycles.org/2010/06/10/sergio-proxy-released/
TOOLS OSINT
http://www.edge-security.com/theHarvester.php
Http://www.mavetju.org/unix/dnstracer-man.php
Http://www.paterva.com/web5/
Metadata
Http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
Http://lcamtuf.coredump.cx/strikeout/
Http://www.sno.phy.queensu.ca/~phil/exiftool/
Http://www.edge-security.com/metagoofil.php
Http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
GOOGLE HACKING
Http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
Http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
Http://sqid.rubyforge.org/#next
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
WEB
Http://www.bindshell.net/tools/beef
Http://blindelephant.sourceforge.net/
Http://xsser.sourceforge.net/
Http://sourceforge.net/projects/rips-scanner/
Http://www.divineinvasion.net/authforce/
Http://andlabs.org/tools.html#sotf
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
Http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
Http://code.google.com/p/pinata-csrf-tool/
Http://xsser.sourceforge.net/#intro
Http://www.contextis.co.uk/resources/tools/clickjacking-tool/
Http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
Http://sourceforge.net/projects/ws-attacker/files/
Https://github.com/koto/squid-imposter
ATTACK STRINGS
Http://code.google.com/p/fuzzdb/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
SHELLS
Http://sourceforge.net/projects/yokoso/
Http://sourceforge.net/projects/ajaxshell/
SCANNERS
Http://w3af.sourceforge.net/
Http://code.google.com/p/skipfish/
Http://sqlmap.sourceforge.net/
Http://sqid.rubyforge.org/#next
http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://code.google.com/p/fimap/wiki/WindowsAttack
Http://code.google.com/p/fm-fsf/
PROXIES Burp
Http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
Http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
Http://sourceforge.net/projects/belch/files/
Http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
Http://blog.ombrepixel.com/
Http://andlabs.org/tools.html#dser
Http://feoh.tistory.com/22
Http://www.sensepost.com/labs/tools/pentest/reduh
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
Http://intrepidusgroup.com/insight/mallory/
Http://www.fiddler2.com/fiddler2/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
SOCIAL ENGINEERING
PASSWORD
Http://nmap.org/ncrack/
Http://www.foofus.net/~jmk/medusa/medusa.html
Http://www.openwall.com/john/
Http://ophcrack.sourceforge.net/
Http://blog.0x3f.net/tool/keimpx-in-action/
Http://code.google.com/p/keimpx/
Http://sourceforge.net/projects/hashkill/
METASPLOIT
Http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://code.google.com/p/msf-hack/wiki/WmapNikto
Http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
Http://seclists.org/metasploit/
Http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
Http://meterpreter.illegalguy.hostzi.com/
Http://blog.metasploit.com/2010/03/automating-metasploit-console.html
Http://www.workrobot.com/sansfire2009/561.html
Http://www.securitytube.net/video/711
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
Http://vimeo.com/16852783
Http://milo2012.wordpress.com/2009/09/27/xlsinjector/
Http://www.fastandeasyhacking.com/
Http://trac.happypacket.net/
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Http://www.irongeek.com/i.php?page=videos/metasploit-class
Http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
Http://vimeo.com/16925188
Http://www.ustream.tv/recorded/13396511
Http://www.ustream.tv/recorded/13397426
Http://www.ustream.tv/recorded/13398740
MSF Exploits or Easy
Http://www.nessus.org/plugins/index.php?view=single&id=12204 Http://www.nessus.org/plugins/index.php?view=single&id=11413 Http://www.nessus.org/plugins/index.php?view=single&id=18021 Http://www.nessus.org/plugins/index.php?view=single&id=26918 Http://www.nessus.org/plugins/index.php?view=single&id=34821 Http://www.nessus.org/plugins/index.php?view=single&id=22194 Http://www.nessus.org/plugins/index.php?view=single&id=34476 Http://www.nessus.org/plugins/index.php?view=single&id=25168 Http://www.nessus.org/plugins/index.php?view=single&id=19408 Http://www.nessus.org/plugins/index.php?view=single&id=21564 Http://www.nessus.org/plugins/index.php?view=single&id=10862 Http://www.nessus.org/plugins/index.php?view=single&id=26925 Http://www.nessus.org/plugins/index.php?view=single&id=29314 Http://www.nessus.org/plugins/index.php?view=single&id=23643 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=12052 Http://www.nessus.org/plugins/index.php?view=single&id=34477 Http://www.nessus.org/plugins/index.php?view=single&id=15962 Http://www.nessus.org/plugins/index.php?view=single&id=42106 Http://www.nessus.org/plugins/index.php?view=single&id=15456 Http://www.nessus.org/plugins/index.php?view=single&id=21689 Http://www.nessus.org/plugins/index.php?view=single&id=12205 Http://www.nessus.org/plugins/index.php?view=single&id=22182 Http://www.nessus.org/plugins/index.php?view=single&id=26919 Http://www.nessus.org/plugins/index.php?view=single&id=26921 Http://www.nessus.org/plugins/index.php?view=single&id=21696 Http://www.nessus.org/plugins/index.php?view=single&id=40887 Http://www.nessus.org/plugins/index.php?view=single&id=10404 Http://www.nessus.org/plugins/index.php?view=single&id=18027 Http://www.nessus.org/plugins/index.php?view=single&id=19402 Http://www.nessus.org/plugins/index.php?view=single&id=11790 Http://www.nessus.org/plugins/index.php?view=single&id=12209 Http://www.nessus.org/plugins/index.php?view=single&id=10673
NSE
Http://www.securitytube.net/video/931
Http://nmap.org/nsedoc/
NET SCANNERS AND SCRIPTS
Http://nmap.org/
Http://asturio.gmxhome.de/software/sambascan2/i.html
Http://www.softperfect.com/products/networkscanner/
Http://www.openvas.org/
Http://tenable.com/products/nessus
Http://www.rapid7.com/vulnerability-scanner.jsp
Http://www.eeye.com/products/retina/community
POST EXPLOITATION
Http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
Http://www.phx2600.org/archive/2008/08/29/metacab/
Http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
NETCAT
Http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
Http://www.radarhack.com/tutorial/ads.pdf
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
Http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
Http://www.dest-unreach.org/socat/
Http://www.antionline.com/archive/index.php/t-230603.html
Http://technotales.wordpress.com/2009/06/14/netcat-tricks/
Http://seclists.org/nmap-dev/2009/q1/581
Http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Http://gse-compliance.blogspot.com/2008/07/netcat.html
SOURCE INSPECTION
Http://www.justanotherhacker.com/projects/graudit.html
Http://code.google.com/p/javasnoop/
FIREFOX ADDONS
https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/?src=collection https://addons.mozilla.org/en-US/firefox/addon/web-developer/?src=collection https://addons.mozilla.org/en-CA/firefox/addon/cookie-quick-manager/ https://addons.mozilla.org/en-CA/firefox/addon/hackbartool/
TOOL LISTINGS
Http://packetstormsecurity.org/files/tags/tool
http://tools.securitytube.net/index.php?title=Main_Page
TRAINING/CLASSES SEC/HACKING
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
PROGRAMMING Python
Http://code.google.com/edu/languages/google-python-class/index.html
http://www.swaroopch.com/notes/Python_en: Table_of_Contents
http://www.thenewboston.com/?cat=40&pOpen=tutorial
Http://showmedo.com/videotutorials/python
Http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
PROGRAMMING Ruby
OTHER MISC
Http://www.cs.sjtu.edu.cn/~kzhu/cs490/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
http://i-web.iu-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
Http://resources.infosecinstitute.com/
Http://vimeo.com/user2720399
WEB VECTORS SQLI
Http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
Http://isc.sans.edu/diary.html?storyid=9397
Http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
Http://www.evilsql.com/main/index.php
Http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
Http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
Http://sqlzoo.net/hack/
Http://www.sqlteam.com/article/sql-server-versions
Http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://www.youtube.com/watch?v=WkHkryIoLD0
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
Http://vimeo.com/3418947
Http://sla.ckers.org/forum/read.php?24,33903
Http://websec.files.wordpress.com/2010/11/sqli2.pdf
Http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
Http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL
WEB VECTORS UPLOAD TRICKS
Http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
Http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
Http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
Http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
Http://www.ravenphpscripts.com/article2974.html
Http://www.acunetix.com/cross-site-scripting/scanner.htm
Http://www.vupen.com/english/advisories/2009/3634
Http://msdn.microsoft.com/en-us/library/aa478971.aspx
Http://dev.tangocms.org/issues/237
http://seclists.org/fulldisclosure/2006/Jun/508
Http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://shsc.info/FileUploadSecurity
WEB VECTORS LFI/RFI
Http://pastie.org/840199
Http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
Http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
Http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
Http://www.digininja.org/blog/when_all_you_can_do_is_read.php
WEB VECTORS XSS
Http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.technicalinfo.net/papers/CSS.html
Http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
Http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
Http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
Http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
Http://heideri.ch/jso/#javascript
Http://www.reddit.com/r/xss/
Http://sla.ckers.org/forum/list.php?2
COLDFUSION
Http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://zastita.com/02114/Attacking_ColdFusion..html
Http://www.nosec.org/2010/0809/629.html
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
SHAREPOINT
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
LOTUS
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://seclists.org/pen-test/2002/Nov/43
Http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
JBOSS
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
Http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
VMWARE WEB
Http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
ORACLE APP SERVERS
Http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.owasp.org/index.php/Testing_for_Oracle
Http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
Http://www.ngssoftware.com/papers/hpoas.pdf
SAP
Http://www.onapsis.com/research.html#bizploit
Http://marc.info/?l=john-users&m=121444075820309&w=2
http://www.phenoelit-us.org/whatSAP/index.html
WIRELESS
Http://code.google.com/p/pyrit/
CAPTURE THE FLAG/WARGAMES
Http://intruded.net/
Http://smashthestack.org/
Http://flack.hkpco.kr/
Http://ctf.hcesperer.org/
Http://ictf.cs.ucsb.edu/
Http://capture.thefl.ag/calendar/
MISC/UNSORTED
http://www.ikkisoft.com/stuff/SMH_XSS.txt
Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
Http://whatthefuckismyinformationsecuritystrategy.com/
Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
Http://www.sensepost.com/blog/4552.html
Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
Http://carnal0wnage.attackresearch.com/node/410
Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/