Penetration Testing Bookmarks Collections

Penetration Testing Bookmarks Collections

Penetration Testing

http://carnal0wnage.blogspot.com/
http://www.mcgrewsecurity.com/
http://www.gnucitizen.org/blog/
http://www.darknet.org.uk/
http://spylogic.net/
http://taosecurity.blogspot.com/
http://www.room362.com/
http://blog.sipvicious.org/
http://blog.portswigger.net/
http://pentestmonkey.net/blog/
http://jeremiahgrossman.blogspot.com/
http://i8jesus.com/
http://blog.c22.cc/
http://www.skullsecurity.org/blog/
http://blog.metasploit.com/
http://www.darkoperator.com/
http://blog.skeptikal.org/
http://preachsecurity.blogspot.com/
http://www.tssci-security.com/
http://www.gdssecurity.com/l/b/
http://websec.wordpress.com/
http://bernardodamele.blogspot.com/
http://laramies.blogspot.com/
http://www.spylogic.net/
http://blog.andlabs.org/
http://xs-sniper.com/blog/
http://www.commonexploits.com/
http://www.sensepost.com/blog/
http://wepma.blogspot.com/
http://exploit.co.il/
http://securityreliks.wordpress.com/
http://www.madirish.net/index.html
http://sirdarckcat.blogspot.com/
http://reusablesec.blogspot.com/
http://myne-us.blogspot.com/
http://www.notsosecure.com/
http://blog.spiderlabs.com/
http://www.corelan.be/
http://www.digininja.org/
http://www.pauldotcom.com/
http://www.attackvector.org/
http://deviating.net/
http://www.alphaonelabs.com/
http://www.smashingpasswords.com/
http://wirewatcher.wordpress.com/
http://gynvael.coldwind.pl/
http://www.nullthreat.net/
http://www.question-defense.com/
http://archangelamael.blogspot.com/
http://memset.wordpress.com/
http://sickness.tor.hu/
http://punter-infosec.com/
http://www.securityninja.co.uk/
http://securityandrisk.blogspot.com/
http://esploit.blogspot.com/
http://www.pentestit.com/ 

Forums:

Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more. 

http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/ 

Magazines:

http://www.net-security.org/insecuremag.php
http://hakin9.org/ 

Video:

http://www.hackernews.com/
http://www.securitytube.net/
http://www.irongeek.com/i.php?page=v...de-winter-2011
http://avondale.good.net/dl/bd/
http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons 

Methodologies:

http://www.vulnerabilityassessment.c...on%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
http://projects.webappsec.org/w/page...Classification
http://www.owasp.org/index.php/Categ...op_Ten_Project
http://www.social-engineer.org/ 

OSINT

Presentations:

http://www.spylogic.net/2009/10/ente...cial-networks/
http://www.spylogic.net/2009/10/ente...-and-metadata/
http://www.spylogic.net/2009/10/ente...-3-monitoring/
http://www.slideshare.net/Laramies/t...tion-gathering
http://www.sans.org/reading_room/whi..._killer__32974
http://infond.blogspot.com/2010/05/t...tprinting.html 

People and Organizational:

http://www.spokeo.com/
http://www.123people.com/
http://www.xing.com/
http://www.zoominfo.com/search
http://pipl.com/
http://www.zabasearch.com/
http://www.searchbug.com/default.aspx
http://theultimates.com/
http://skipease.com/
http://addictomatic.com/
http://socialmention.com/
http://entitycube.research.microsoft.com/
http://www.yasni.com/
http://tweepz.com/
http://tweepsearch.com/
http://www.glassdoor.com/index.htm
http://www.jigsaw.com/
http://searchwww.sec.gov/EDGARFSClie...MainAccess.jsp
http://www.tineye.com/
http://www.peekyou.com/
http://picfog.com/
http://twapperkeeper.com/index.php 

Infrastructure:

http://uptime.netcraft.com/
http://www.serversniff.net/
http://www.domaintools.com/
http://centralops.net/co/
http://hackerfantastic.com/
http://whois.webhosting.info/
https://www.ssllabs.com/ssldb/analyze.html
http://www.clez.net/
http://www.my-ip-neighbors.com/
http://www.shodanhq.com/
http://www.exploit-db.com/google-dorks/
http://www.hackersforcharity.org/ghdb/ 

Exploits and Advisories:

http://www.exploit-db.com/
http://www.cvedetails.com/
http://www.milw0rm.com/ (Down permanently)
http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
http://www.securityfocus.com/bid
http://nvd.nist.gov/
http://osvdb.org/
http://www.nullbyte.org.il/Index.html
http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
http://secunia.com/
http://cve.mitre.org/ 

Cheatsheets and Syntax:

http://cirt.net/ports_dl.php?export=services
http://www.cheat-sheets.org/
http://blog.securitymonks.com/2009/0...-cheat-sheets/ 

Agile Hacking:

http://www.gnucitizen.org/blog/agile...d-portscanner/
http://blog.commandlinekungfu.com/
http://www.securityaegis.com/simple-...-bruteforcing/
http://isc.sans.edu/diary.html?storyid=2376
http://isc.sans.edu/diary.html?storyid=1229
http://ss64.com/nt/
http://pauldotcom.com/2010/02/runnin...every-mac.html
http://synjunkie.blogspot.com/2008/0...-ninjitsu.html
http://www.zonbi.org/2010/06/09/wmic...er-white-meat/
http://rstcenter.com/forum/22324-hac...ls-windows.rst
http://www.coresecurity.com/files/at...n_Cmd_Line.pdf
http://www.scribd.com/Penetration-Te...tcat/d/3064507
http://www.pentesterscripting.com/
http://www.sans.org/reading_room/whi...-windows_33583
http://www.blackhat.com/presentation...ation-1-wp.pdf 

OS and Scripts:

http://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://www.nixtutor.com/linux/all-th...-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://www.linuxsurvival.com/
http://mywiki.wooledge.org/BashPitfalls
http://rubular.com/
http://www.iana.org/assignments/port-numbers
http://www.robvanderwoude.com/ntadmincommands.php
http://www.nixtutor.com/linux/all-th...-cheat-sheets/ 

Tools:

http://www.sans.org/security-resourc...t_sheet_v1.pdf
http://www.secguru.com/files/cheatsh...cheatSheet.pdf
http://sbdtools.googlecode.com/files...t_v1.0-ENG.pdf
http://sbdtools.googlecode.com/files...20eng%20v1.pdf
http://www.sans.org/security-resourc...s_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasplo...reference.html
http://h.ackack.net/cheat-sheets/netcat 

Distros:

http://www.backtrack-linux.org/
http://www.matriux.com/
http://samurai.inguardians.com/
http://www.owasp.org/index.php/Categ...ive_CD_Project
https://pentoo.ch/
http://www.hackfromacave.com/article...2_release.html
http://www.piotrbania.com/all/kon-boot/
http://www.linuxfromscratch.org/
http://sumolinux.suntzudata.com/
http://blog.0x0e.org/2009/11/20/pent...-box/#comments
http://www.backbox.org/ 

Labs:

ISOs and VMs:

http://sourceforge.net/projects/websecuritydojo/
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
http://heorot.net/livecds/
http://informatica.uv.es/~carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://blog.metasploit.com/2010/05/i...ploitable.html
http://pynstrom.net/holynix.php
http://gnacktrack.co.uk/download.php
http://sourceforge.net/projects/lampsecurity/files/
https://www.hacking-lab.com/news/new...available.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.badstore.net/
http://www.irongeek.com/i.php?page=s...p-owasp-top-10
http://www.dvwa.co.uk/
http://sourceforge.net/projects/thebutterflytmp/ 

Vulnerable Software:

http://www.oldapps.com/
http://www.oldversion.com/
http://www.exploit-db.com/webapps/
http://code.google.com/p/wavsep/downloads/list
http://www.owasp.org/index.php/Owasp_SiteGenerator
http://www.mcafee.com/us/downloads/f...acmebooks.aspx
http://www.mcafee.com/us/downloads/f...me-casino.aspx
http://www.mcafee.com/us/downloads/f...eshipping.aspx
http://www.mcafee.com/us/downloads/f...cmetravel.aspx 

Test Sites:

http://www.webscantest.com/
http://crackme.cenzic.com/Kelev/view/home.php
http://zero.webappsecurity.com/bankl...w.Freebank.com
http://testaspnet.vulnweb.com/
http://testasp.vulnweb.com/
http://testphp.vulnweb.com/
http://demo.testfire.net/
http://hackme.ntobjectives.com/ 

Exploitation Intro:

If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.

http://myne-us.blogspot.com/2010/08/...rney-into.html
http://www.mgraziano.info/docs/stsi2010.pdf
http://www.abysssec.com/blog/2010/05...-exploitation/
http://www.ethicalhacker.net/content/view/122/2/
http://code.google.com/p/it-sec-cata...i/Exploitation
http://x9090.blogspot.com/2010/03/tu...rial-from.html
http://ref.x86asm.net/index.html 

Reverse Engineering & Malware:

http://www.woodmann.com/TiGa/idaseries.html
http://www.binary-auditing.com/
http://visi.kenshoto.com/
http://www.radare.org/y/
http://www.offensivecomputing.net/ 

Passwords and Hashes:

http://www.irongeek.com/i.php?page=v...oitation-class
http://cirt.net/passwords
http://sinbadsecurity.blogspot.com/2...-recovery.html
http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
http://www.foofus.net/?page_id=63
http://hashcrack.blogspot.com/
http://www.nirsoft.net/articles/save..._location.html
http://www.onlinehashcrack.com/
http://www.md5this.com/list.php?
http://www.virus.org/default-password
http://www.phenoelit-us.org/dpl/dpl.html
http://news.electricalchemy.net/2009...-in-cloud.html 

Wordlists:

http://contest.korelogic.com/wordlists.html
http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.ericheitzman.com/passwd/passwords/ 

Pass the Hash:

http://www.sans.org/reading_room/whi...tigation_33283
http://www.sans.org/reading_room/whi...ass-hash_33219
http://carnal0wnage.blogspot.com/200...h-toolkit.html 

MiTM:

http://www.giac.org/certified_profes.../gsec/0810.php
http://www.linuxsecurity.com/docs/PD...f-n-mirror.pdf
http://www.cs.uiuc.edu/class/sp08/cs...des/dsniff.pdf
http://www.techvibes.com/blog/a-hack...-personal-data
http://www.mindcenter.net/uploads/ECCE101.pdf
http://toorcon.org/pres12/3.pdf
http://media.techtarget.com/searchUn...ttacks_Ch3.pdf
http://packetstormsecurity.org/paper...acking-air.pdf
http://www.blackhat.com/presentation...03-valleri.pdf
http://www.oact.inaf.it/ws-ssri/Costa.pdf
http://www.defcon.org/images/defcon-...ng_web_2.0.pdf
http://mcafeeseminar.com/focus/downl...ve_Hacking.pdf
http://www.seanobriain.com/docs/Pass...-MITMGuide.pdf
http://www.more.net/sites/default/fi...andKeynote.pdf
http://www.leetupload.com/database/M...rcap_Spoof.pdf
http://bandwidthco.com/whitepapers/n...&%20Beyond.pdf
http://bandwidthco.com/whitepapers/n...%20Filters.pdf
http://www.iac.iastate.edu/iasg/liba...f_Ettercap.pdf
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/IT...tack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://web.mac.com/opticrealm/iWeb/a...v_6_2005-1.pdf
http://blog.spiderlabs.com/2010/12/thicknet.html
http://www.hackyeah.com/2010/10/ette...owser_autopwn/
http://www.go4expert.com/forums/showthread.php?t=11842
http://www.irongeek.com/i.php?page=s...ettercapfilter
http://openmaniak.com/ettercap_filter.php
http://www.irongeek.com/i.php?page=v...ercap-pharming
http://www.irongeek.com/i.php?page=v...scover-isolate
http://www.irongeek.com/i.php?page=v...rcapfiltervid1
http://spareclockcycles.org/2010/06/...roxy-released/ 

Tools:

OSINT:

http://www.edge-security.com/theHarvester.php
http://www.mavetju.org/unix/dnstracer-man.php
http://www.paterva.com/web5/ 


CREDITS: MOR LINKS HERE:

https://code.google.com/p/pentest-bo.../BookmarksList


http://pinoyprogrammer.co/