Useful Links to Help Your Journey

The below links are a collection of useful tools and sites that you can use for various purposes within the InfoSec realm. Each link will drop you down to a group of links under that section title. Page may periodically be updated. As the web constantly changes, some links may not work.

Security Forums

Tor Onion Links

Security Methodologies

Training/Classes/Video

Pentest Tools

Pentest Lab ISO-VMs

Metasploit

Net Scanners

Man-in-the-middle attack

Phase 1 – Reconnaissance: Information Gathering before the Attack

Phase 1.1 – People and Orginizational

Phase 1.2 – Infastructure

OSINT Tools

Phase 2 – Enumeration: Finding Attack Vectors

Phase 3 – Exploitation: Verifying Security Weaknesses

Dump Windows Password Hashes

Windows Passhing The Hash

Windows Privilege Escalation

Linux Privilege Escalation

Tunneling & Port Forwarding

XSS Cheat Codes

WebShells

SQLi General Resources

MySQLi Resources

MSSQLi Resources

Oracle SQLi Resources

Postgres SQLi Resources

SQLite Resources

RFI/LFI Tutorials

NASM Tutorial

Buffer Overflow Tutorial

Exploit Development

Exploits and Shellcodes

Reverse Engineering

OS Cheat Sheets and Script Syntax

Password Wordlists, Hashes, Tools



Security Forums

http://securityoverride.org/forum/index.php

https://www.hackthissite.org/forums/index.php

https://www.ethicalhacker.net/forums/index.php

https://evilzone.org/

http://forum.antichat.ru/

https://forum.xeksec.com/

https://rdot.org/forum/

https://forum.zloy.bz/

https://forum.reverse4you.org/

https://rstforums.com/forum/

http://www.truehackers.ru/forum/index.php

http://garage4hackers.com/forum.php

https://www.hellboundhackers.org/

http://www.lockpicking101.com/

https://www.xploitworld.com/index.php

http://www.hiddenwiki.info/

Security Methodologies

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

http://www.pentest-standard.org/index.php/Main_Page

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php

http://www.social-engineer.org/

http://projects.webappsec.org/w/page/13246927/FrontPage

Training/Classes/Video

http://www.irongeek.com/i.php?page=videos/aide-winter-2011

https://lab.pentestit.ru/pentestlabs/3

https://trailofbits.github.io/ctf/

http://ctf.forgottensec.com/wiki/?title=Main_Page

http://smashthestack.org/

http://ctf.hcesperer.org/

https://www.google.com/calendar/feeds/noge7b1rg2dg4a8kcm1k68vbjg@group.calendar.google.com/public/basic

https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK

https://crypto.stanford.edu/cs155/

https://www.offensive-security.com/metasploit-unleashed/

http://www.irongeek.com/i.php?page=videos/metasploit-class

http://www.securitytube.net/

http://resources.infosecinstitute.com/

https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html

https://www.youtube.com/watch?v=kPxavpgos2I

http://www.securitytube.net/video/7640

http://www.securitytube.net/video/7735

Pentest Tools

https://github.com/pwnwiki/pwnwiki.github.io

https://github.com/sbilly/awesome-security

https://github.com/paragonie/awesome-appsec

https://github.com/enaqx/awesome-pentest

https://github.com/kahun/awesome-sysadmin#security

http://beefproject.com/

https://xsser.03c8.net/

https://code.google.com/p/fuzzdb/

https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

http://w3af.org/

https://code.google.com/p/skipfish/

https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214

https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/

http://www.justanotherhacker.com/projects/graudit.html

https://packetstormsecurity.com/files/tags/tool

Pentest Lab ISO-VMs

http://www.amanhardikar.com/mindmaps/PracticeUrls.html

https://www.kali.org/

https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project

http://blackarch.org/

https://code.google.com/p/owaspbwa/

https://www.mavensecurity.com/web_security_dojo/

http://hackingdojo.com/dojo-media/

http://informatica.uv.es/~carlos/docencia/netinvm/

http://www.bonsai-sec.com/en/research/moth.php

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

http://sourceforge.net/projects/lampsecurity/?source=navbar

https://www.hacking-lab.com/index.html

http://sourceforge.net/projects/virtualhacking/files/

http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10

http://www.dvwa.co.uk/

http://sourceforge.net/projects/thebutterflytmp/

http://magikh0e.ihtb.org/pubPapers/

Metasploit

http://resources.metasploit.com/

http://netsec.ws/?p=262

http://seclists.org/metasploit/

https://www.offensive-security.com/metasploit-unleashed/Introduction/

http://www.offensive-security.com/metasploit-unleashed/Msfvenom

https://community.rapid7.com/community/metasploit/

http://www.securitytube.net/video/711?q=METASPLOIT

https://en.wikibooks.org/wiki/Metasploit

https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html

https://github.com/rapid7/metasploit-framework/wiki/Meterpreter

https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

Net Scanners

https://nmap.org/

https://nmap.org/nsedoc/

http://www.securitytube.net/video/931

https://nmap.org/nsedoc/

http://www.openvas.org/

http://www.tenable.com/products/nessus-vulnerability-scanner

https://www.rapid7.com/products/nexpose/compare-downloads.jsp

http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf

Man-in-the-middle attack

http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf

http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf

https://packetstormsecurity.com/papers/wireless/cracking-air.pdf

https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf

http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf

http://bandwidthco.com/nf.html

http://articles.manugarg.com/arp_spoofing.pdf

http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf

http://www.ucci.it/docs/ICTSecurity-2004-26.pdf_

Phase 1 – Reconnaissance: Information Gathering before the Attack

https://en.wikipedia.org/wiki/Open-sourceintelligence

http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/

http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/

http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/

http://www.slideshare.net/Laramies/tactical-information-gathering

http://www.infond.fr/2010/05/toturial-footprinting.html

Phase 1.1 – People and Orginizational

http://www.spokeo.com/

http://www.spoke.com/

https://www.xing.com/

http://www.zoominfo.com/

https://pipl.com/

http://www.zabasearch.com/

http://www.searchbug.com/

http://skipease.com/

http://addictomatic.com/

http://socialmention.com/

http://entitycube.research.microsoft.com/

http://www.yasni.com/

http://www.glassdoor.com/index.htm

https://connect.data.com/

https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp

https://www.tineye.com/

http://www.peekyou.com/_

Phase 1.2 – Infastructure

http://uptime.netcraft.com/

http://www.shodanhq.com/

http://www.domaintools.com/

http://centralops.net/co/

http://whois.webhosting.info/

https://www.ssllabs.com/ssltest/analyze.html

https://www.exploit-db.com/google-hacking-database/

http://www.my-ip-neighbors.com/

Phase 1.2 – Tools

OSINT Tools

http://www.edge-security.com/theharvester.php

http://www.edge-security.com/metagoofil.php

http://www.paterva.com/web6/

https://www.sans.org/reading-room/whitepapers/privacy/document-metadata-silent-killer-32974

http://www.sno.phy.queensu.ca/~phil/exiftool/

http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

Phase 2 – Enumeration: Finding Attack Vectors

http://securitysynapse.blogspot.be/201308_01_archive.html

https://hackertarget.com/attacking-wordpress/

https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

http://www.0daysecurity.com/penetration-testing/enumeration.html

https://github.com/n3ko1/WrapMap

https://cirt.net/Nikto2

http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/

http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html

http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/

http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html

http://www.iodigitalsec.com/windows-null-session-enumeration/

https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions

http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html

https://github.com/isaudits/autoenum

http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09

http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html

http://www.iodigitalsec.com/windows-null-session-enumeration/

http://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions

http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html

http://www.madirish.net/59

http://www.enye-sec.org/en/papers/web_vuln-en.txt_

Phase 3 – Exploitation: Verifying Security Weaknesses

http://pwnwiki.io

http://download.vulnhub.com/pentesterlab/phpinclude_and_post_exploitation.pdf

http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd

https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf

https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell_

Dump Windows Password Hashes

http://bernardodamele.blogspot.com/2011/12/dump-windows-password-hashes.html

Windows Passhing The Hash

https://www.kali.org/penetration-testing/passing-hash-remote-desktop/

https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/

Windows Privilege Escalation

https://labs.mwrinfosecurity.com/system/assets/760/original/Windows_Services_-All_roads_lead_to_SYSTEM.pdf(https://labs.mwrinfosecurity.com/system/assets/760/original/WindowsServices-_All_roads_lead_to_SYSTEM.pdf)_

http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/

https://github.com/0xdeafbeef/PSSecSnapshot

http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html

http://www.fuzzysecurity.com/tutorials/16.html

http://www.youtube.com/watch?v=kMG8IsCohHA

http://www.youtube.com/watch?v=8xJaaQlpBo

http://www.greyhathacker.net/?p=738

http://bernardodamele.blogspot.ru/2011/12/dump-windows-password-hashes.html

Linux Privilege Escalation

http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf

http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html

http://pentestmonkey.net/tools/audit/unix-privesc-check

http://www.rebootuser.com/?page_id=1721

http://www.rebootuser.com/?p=1758

http://www.rebootuser.com/?p=1623

http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html

Tunneling & Port Forwarding

https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117

https://highon.coffee/blog/reverse-shell-cheat-sheet/

https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/

http://staff.washington.edu/corey/fw/ssh-port-forwarding.html

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html

http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html

http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html

http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html

http://www.offensive-security.com/metasploit-unleashed/Portfwd

http://www.offensive-security.com/metasploit-unleashed/Pivoting

http://www.howtoforge.com/reverse-ssh-tunneling

http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla_

XSS Cheat Codes

http://www.xenuser.org/xss-cheat-sheet/

https://gist.github.com/sseffa/11031135

https://html5sec.org/

WebShells

http://www.r57shell.net/

https://github.com/b374k/b374k

https://github.com/epinna/weevely3

SQLi General Resources

http://www.w3schools.com/sql/sqlinjection.asp

http://sqlzoo.net/hack/

https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf

http://websec.ca/kb/sql_injection

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

http://www.unixwiz.net/techtips/sql-injection.html

http://www.sqlinjectionwiki.com/

http://sqlmap.org/

https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf

https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

http://bobby-tables.com/

MySQLi Resources

http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

http://resources.infosecinstitute.com/backdoor-sql-injection/

MSSQLi Resources

http://evilsql.com/main/page2.php

http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet

Oracle SQLi Resources

http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet

Postgres SQLi Resources

http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet

SQLite Resources

https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet

RFI/LFI Tutorials

https://evilzone.org/tutorials/remote-file-inclusion%28rfi%29/

http://www.hackersonlineclub.com/lfi-rfi

https://0xzoidberg.wordpress.com/category/security/lfi-rfi/

NASM Tutorial

http://ccm.net/faq/1559-compiling-an-assembly-program-with-nasm

Buffer Overflow Tutorial

http://www.madirish.net/142

http://n01g3l.tumblr.com/post/49036035399/linux-crossfire-v1-90-buffer-overflow

http://resources.infosecinstitute.com/author/nikhil-kumar/

http://www.frequency.com/video/athcon-hack-in-paris-demo-1/40181156

http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html

http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148

https://tehaurum.wordpress.com/2015/06/22/exploit-development-stack-buffer-overflow/

http://proactivedefender.blogspot.ru/2013/05/understanding-buffer-overflows.html

https://forum.reverse4you.org/showthread.php?t=1371

http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html

http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html

http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html

http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html

http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html

http://thepcn3rd.blogspot.ru/2015/07/freeftpd-108-seh-stack-based-overflow.html

Exploit Development

https://www.corelan.be/index.php/articles/

http://www.fuzzysecurity.com/tutorials.html

https://code.google.com/p/it-sec-catalog/wiki/Exploitation

http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit

http://x9090.blogspot.ru/2010/03/tutorial-exploit-writting-tutorial-from.html

http://ref.x86asm.net/index.html

https://forum.reverse4you.org/showthread.php?t=1371

Exploits and Shellcodes

https://www.exploit-db.com/

https://packetstormsecurity.com/

http://www.securityfocus.com/bid

https://nvd.nist.gov/

http://osvdb.org/

http://www.secdocs.org/

http://www.cvedetails.com/

https://cve.mitre.org/

http://www.windowsexploits.com/

http://farlight.org/index.html?type=shellcode

http://shell-storm.org/shellcode/

Reverse Engineering

https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/

http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html

http://www.woodmann.com/TiGa/idaseries.html

http://visi.kenshoto.com/viki/MainPage

http://www.radare.org/r/

http://www.offensivecomputing.net/

http://www.oldapps.com/

http://www.oldversion.com/

https://www.exploit-db.com/webapps/

http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx

http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx

http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx

http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

OS Cheat Sheets and Script Syntax

https://www.owasp.org/index.php/CheatSheets

http://www.cheat-sheets.org/

http://ss64.com/nt/

https://rstforums.com/forum/22324-hacking-tools-windows.rst

https://en.wikipedia.org/wiki/IPv4subnettingreference

http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

http://shelldorado.com/shelltips/beginner.html

http://mywiki.wooledge.org/BashPitfalls

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

http://www.robvanderwoude.com/ntadmincommands.php

https://www.sans.org/security-resources/sec560/netcatcheatsheetv1.pdf

https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheatsheetimg.png

https://danielmiessler.com/study/tcpdump/

http://www.infosecwriters.com/Papers/nessusNMAPcheatSheet.pdf

Passwords Wordlists, Hashes, Tools

http://www.irongeek.com/i.php?page=videos/password-exploitation-class

https://cirt.net/passwords

http://h.foofus.net/?pageid=55

http://foofus.net/?pageid=63

http://hashcrack.blogspot.ru/

http://www.onlinehashcrack.com/

http://www.md5this.com/

http://contest-2010.korelogic.com/wordlists.html

https://packetstormsecurity.com/Crackers/wordlists/

http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html

https://wiki.skullsecurity.org/Passwords

https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283

https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219

https://nmap.org/ncrack/

http://www.openwall.com/john/

http://ophcrack.sourceforge.net/

https://inquisb.github.io/keimpx/

http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/_

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.