ottimo / pentest-bookmarks

Open Penetration Testing Bookmarks Collection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

The Open Penetration Testing Bookmarks Collection

...is just that, a collection of handy bookmarks initially collected and stored on google code that has aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research.

Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.


Who?:

Initially started by Jason Haddix, Director of Penetration Testing at HP Fortify but I noticed that the project had been abandoned for some time so I (Kurobeats) figured I'd get the thing going again.

Work and contributions by:

David Shaw of Redspin Penetration Testing @ownpile

Rob Fuller of Rapid7 @mubix

Nathan Drier of Trustwave SpiderLabs division

James Fitts of Strategic Security

Anthony Cozamanis of Diamond Cyber Security (Linkedin)


How it's working at the moment:

First off, we need help. OCD organizational people and people who can contribute or sort out the best links. I've migrated the project from a Firefox bookmark html to a markdown page on github to allow for easy forking/collaboration.


How to submit your bookmarks:

Since this is a github repo, just fork, add and submit a pull request. If you're new to github, check out the process here.

Try to ensure your submissions are of high quality.

The general categories are:

Forums:

Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but I actually find nice one-off scripts and info I can roll into my own code in these places. Would like to add more.

Blogs Worth It:

What the title says. There are a LOT of pentesting blogs, these are the ones I monitor constantly and value in the actual day to day testing work.

OSINT Sites:

OSINT has become a hug part of the pentest methodology. From fueling social engineering, to passively profiling your target infrastructure. There are subfolders for Presentaions on how-to, sites for profiling people and organizations, ans sites for profiling technical assets.

Exploits and Advisories

Places to go for exploit descriptions, white-papers, and code.

Exploitation Intro

If you'd like to get into exploit development, these are really the guides and docs that will start you off in the right direction.

Agile Hacking

Mostly collections of guides on non-tool command line hacking syntax. Heavily inspired by Ed Skoudis and PDP of GNUCitizen.

Cheatsheets and fu!

Random cheatsheets for heavily used tools and reference.

*nix <3

Collection of *nix command line knowledge and distributions for pentesting.

Training/Classes

Open source classes relating to hacking and penetration testing.

Methodologies

Some practical and some high level methodologies for hacking related activities.

Labs

If you want to practice your fu, these links to test sites, blogs about practice, and lab setup-how to's will help.

Tools

Semi-parsed, nor has it really been inspected for relevancy.

Web Vectors

I do a lot of web stuff. Here are some web vectors and associated useful docs and cheatsheets on each of them. Could always use more in these sections.

Misc Sec

Not categorized, misc, and randomness.

MiTM

It's not even parsed yet, nor has it really been inspected for relevancy.

Hacker Media

Needs additions to main pages of con video archives.

About

Open Penetration Testing Bookmarks Collection