The below links are a collection of useful tools and sites that you can use for various purposes within the InfoSec realm. Each link will drop you down to a group of links under that section title. Page may periodically be updated. As the web constantly changes, some links may not work.
Phase 1 – Reconnaissance: Information Gathering before the Attack
Phase 1.1 – People and Orginizational
Phase 2 – Enumeration: Finding Attack Vectors
Phase 3 – Exploitation: Verifying Security Weaknesses
OS Cheat Sheets and Script Syntax
Password Wordlists, Hashes, Tools
Security Forums
http://securityoverride.org/forum/index.php
https://www.hackthissite.org/forums/index.php
https://www.ethicalhacker.net/forums/index.php
https://forum.reverse4you.org/
http://www.truehackers.ru/forum/index.php
http://garage4hackers.com/forum.php
https://www.hellboundhackers.org/
http://www.lockpicking101.com/
https://www.xploitworld.com/index.php
Tor Onion Links
Security Methodologies
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php
http://www.social-engineer.org/
http://projects.webappsec.org/w/page/13246927/FrontPage
Training/Classes/Video
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
https://lab.pentestit.ru/pentestlabs/3
https://trailofbits.github.io/ctf/
http://ctf.forgottensec.com/wiki/?title=Main_Page
https://crypto.stanford.edu/cs155/
https://www.offensive-security.com/metasploit-unleashed/
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://resources.infosecinstitute.com/
https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html
https://www.youtube.com/watch?v=kPxavpgos2I
http://www.securitytube.net/video/7640
http://www.securitytube.net/video/7735
Pentest Tools
https://github.com/pwnwiki/pwnwiki.github.io
https://github.com/sbilly/awesome-security
https://github.com/paragonie/awesome-appsec
https://github.com/enaqx/awesome-pentest
https://github.com/kahun/awesome-sysadmin#security
https://code.google.com/p/fuzzdb/
https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
https://code.google.com/p/skipfish/
https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/
http://www.justanotherhacker.com/projects/graudit.html
https://packetstormsecurity.com/files/tags/tool
Pentest Lab ISO-VMs
http://www.amanhardikar.com/mindmaps/PracticeUrls.html
https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
https://code.google.com/p/owaspbwa/
https://www.mavensecurity.com/web_security_dojo/
http://hackingdojo.com/dojo-media/
http://informatica.uv.es/~carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
http://sourceforge.net/projects/lampsecurity/?source=navbar
https://www.hacking-lab.com/index.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://sourceforge.net/projects/thebutterflytmp/
http://magikh0e.ihtb.org/pubPapers/
Metasploit
http://resources.metasploit.com/
http://seclists.org/metasploit/
https://www.offensive-security.com/metasploit-unleashed/Introduction/
http://www.offensive-security.com/metasploit-unleashed/Msfvenom
https://community.rapid7.com/community/metasploit/
http://www.securitytube.net/video/711?q=METASPLOIT
https://en.wikibooks.org/wiki/Metasploit
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
Net Scanners
http://www.securitytube.net/video/931
http://www.tenable.com/products/nessus-vulnerability-scanner
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Man-in-the-middle attack
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
https://packetstormsecurity.com/papers/wireless/cracking-air.pdf
https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/nf.html
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf_
Phase 1 – Reconnaissance: Information Gathering before the Attack
https://en.wikipedia.org/wiki/Open-sourceintelligence
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.infond.fr/2010/05/toturial-footprinting.html
Phase 1.1 – People and Orginizational
http://entitycube.research.microsoft.com/
http://www.glassdoor.com/index.htm
https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
Phase 1.2 – Infastructure
https://www.ssllabs.com/ssltest/analyze.html
https://www.exploit-db.com/google-hacking-database/
http://www.my-ip-neighbors.com/
Phase 1.2 – Tools
OSINT Tools
http://www.edge-security.com/theharvester.php
http://www.edge-security.com/metagoofil.php
https://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
Phase 2 – Enumeration: Finding Attack Vectors
http://securitysynapse.blogspot.be/201308_01_archive.html
https://hackertarget.com/attacking-wordpress/
https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
http://www.0daysecurity.com/penetration-testing/enumeration.html
https://github.com/n3ko1/WrapMap
http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/
http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html
http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
http://www.iodigitalsec.com/windows-null-session-enumeration/
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
https://github.com/isaudits/autoenum
http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09
http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
http://www.iodigitalsec.com/windows-null-session-enumeration/
http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
http://www.enye-sec.org/en/papers/web_vuln-en.txt_
Phase 3 – Exploitation: Verifying Security Weaknesses
http://download.vulnhub.com/pentesterlab/phpinclude_and_post_exploitation.pdf
http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd
https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf
https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell_
Dump Windows Password Hashes
http://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html
Windows Passhing The Hash
https://www.kali.org/penetration-testing/passing-hash-remote-desktop/
https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/
Windows Privilege Escalation
http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
https://github.com/0xdeafbeef/PSSecSnapshot
http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
http://www.fuzzysecurity.com/tutorials/16.html
http://www.youtube.com/watch?v=kMG8IsCohHA
http://www.youtube.com/watch?v=8xJaaQlpBo
http://www.greyhathacker.net/?p=738
http://bernardodamele.blogspot.ru/2011/12/dump-windows-password-hashes.html
Linux Privilege Escalation
http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf
http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html
http://pentestmonkey.net/tools/audit/unix-privesc-check
http://www.rebootuser.com/?page_id=1721
http://www.rebootuser.com/?p=1758
http://www.rebootuser.com/?p=1623
http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html
Tunneling & Port Forwarding
https://highon.coffee/blog/reverse-shell-cheat-sheet/
https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
http://staff.washington.edu/corey/fw/ssh-port-forwarding.html
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html
http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html
http://www.offensive-security.com/metasploit-unleashed/Portfwd
http://www.offensive-security.com/metasploit-unleashed/Pivoting
http://www.howtoforge.com/reverse-ssh-tunneling
http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla_
XSS Cheat Codes
http://www.xenuser.org/xss-cheat-sheet/
https://gist.github.com/sseffa/11031135
WebShells
https://github.com/b374k/b374k
https://github.com/epinna/weevely3
SQLi General Resources
http://www.w3schools.com/sql/sqlinjection.asp
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf
http://websec.ca/kb/sql_injection
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.unixwiz.net/techtips/sql-injection.html
http://www.sqlinjectionwiki.com/
https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
MySQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
http://resources.infosecinstitute.com/backdoor-sql-injection/
MSSQLi Resources
http://evilsql.com/main/page2.php
http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
Oracle SQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet
Postgres SQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet
SQLite Resources
https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet
RFI/LFI Tutorials
https://evilzone.org/tutorials/remote-file-inclusion%28rfi%29/
http://www.hackersonlineclub.com/lfi-rfi
https://0xzoidberg.wordpress.com/category/security/lfi-rfi/
NASM Tutorial
http://ccm.net/faq/1559-compiling-an-assembly-program-with-nasm
Buffer Overflow Tutorial
http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v1-90-buffer-overflow
http://resources.infosecinstitute.com/author/nikhil-kumar/
http://www.frequency.com/video/athcon-hack-in-paris-demo-1/40181156
http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html
http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148
https://tehaurum.wordpress.com/2015/06/22/exploit-development-stack-buffer-overflow/
http://proactivedefender.blogspot.ru/2013/05/understanding-buffer-overflows.html
https://forum.reverse4you.org/showthread.php?t=1371
http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
http://thepcn3rd.blogspot.ru/2015/07/freeftpd-108-seh-stack-based-overflow.html
Exploit Development
https://www.corelan.be/index.php/articles/
http://www.fuzzysecurity.com/tutorials.html
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit
http://x9090.blogspot.ru/2010/03/tutorial-exploit-writting-tutorial-from.html
http://ref.x86asm.net/index.html
https://forum.reverse4you.org/showthread.php?t=1371
Exploits and Shellcodes
https://packetstormsecurity.com/
http://www.securityfocus.com/bid
http://www.windowsexploits.com/
http://farlight.org/index.html?type=shellcode
http://shell-storm.org/shellcode/
Reverse Engineering
https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/
http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html
http://www.woodmann.com/TiGa/idaseries.html
http://visi.kenshoto.com/viki/MainPage
http://www.offensivecomputing.net/
https://www.exploit-db.com/webapps/
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
OS Cheat Sheets and Script Syntax
https://www.owasp.org/index.php/CheatSheets
https://rstforums.com/forum/22324-hacking-tools-windows.rst
https://en.wikipedia.org/wiki/IPv4subnettingreference
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://mywiki.wooledge.org/BashPitfalls
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
http://www.robvanderwoude.com/ntadmincommands.php
https://www.sans.org/security-resources/sec560/netcatcheatsheetv1.pdf
https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheatsheetimg.png
https://danielmiessler.com/study/tcpdump/
http://www.infosecwriters.com/Papers/nessusNMAPcheatSheet.pdf
Passwords Wordlists, Hashes, Tools
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
http://h.foofus.net/?pageid=55
http://www.onlinehashcrack.com/
http://contest-2010.korelogic.com/wordlists.html
https://packetstormsecurity.com/Crackers/wordlists/
http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html
https://wiki.skullsecurity.org/Passwords
https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283
https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219
http://ophcrack.sourceforge.net/
https://inquisb.github.io/keimpx/
http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/_