{"id":22818,"date":"2021-07-24T21:30:19","date_gmt":"2021-07-24T21:30:19","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=22818"},"modified":"2021-07-24T21:35:49","modified_gmt":"2021-07-24T21:35:49","slug":"top-best-201-hacking-penetration-testing-tools-collection","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/top-best-201-hacking-penetration-testing-tools-collection\/","title":{"rendered":"Top &#038; Best 201 Hacking &#038; Penetration Testing Tools Collection"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\">Pentesters arsenal tools<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/www.syhunt.com\/sandcat\/\" target=\"_blank\" rel=\"noopener\"><strong>Sandcat Browser<\/strong><\/a>&nbsp;&#8211; a penetration-oriented browser with plenty of advanced functionality already built in.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.metasploit.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Metasploit<\/strong><\/a>&nbsp;&#8211; tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/portswigger.net\/burp\" target=\"_blank\" rel=\"noopener\"><strong>Burp Suite<\/strong><\/a>&nbsp;&#8211; tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Zed_Attack_Proxy_Project\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Zed Attack Proxy<\/strong><\/a>&nbsp;&#8211; intercepting proxy to replay, inject, scan and fuzz HTTP requests.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/w3af.org\/\" target=\"_blank\" rel=\"noopener\"><strong>w3af<\/strong><\/a>&nbsp;&#8211; is a Web Application Attack and Audit Framework.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/mitmproxy.org\/\" target=\"_blank\" rel=\"noopener\"><strong>mitmproxy<\/strong><\/a>&nbsp;&#8211; an interactive TLS-capable intercepting HTTP proxy for penetration testers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/cirt.net\/Nikto2\" target=\"_blank\" rel=\"noopener\"><strong>Nikto2<\/strong><\/a>&nbsp;&#8211; web server scanner which performs comprehensive tests against web servers for multiple items.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/sqlmap.org\/\" target=\"_blank\" rel=\"noopener\"><strong>sqlmap<\/strong><\/a>&nbsp;&#8211; tool that automates the process of detecting and exploiting SQL injection flaws.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/lanmaster53\/recon-ng\" target=\"_blank\" rel=\"noopener\"><strong>Recon-ng<\/strong><\/a>&nbsp;&#8211; is a full-featured Web Reconnaissance framework written in Python.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Tib3rius\/AutoRecon\" target=\"_blank\" rel=\"noopener\"><strong>AutoRecon<\/strong><\/a>&nbsp;&#8211; is a network reconnaissance tool which performs automated enumeration of services.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.faradaysec.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Faraday<\/strong><\/a>&nbsp;&#8211; an Integrated Multiuser Pentest Environment.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/s0md3v\/Photon\" target=\"_blank\" rel=\"noopener\"><strong>Photon<\/strong><\/a>&nbsp;&#8211; incredibly fast crawler designed for OSINT.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/s0md3v\/XSStrike\" target=\"_blank\" rel=\"noopener\"><strong>XSStrike<\/strong><\/a>&nbsp;&#8211; most advanced XSS detection suite.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/1N3\/Sn1per\" target=\"_blank\" rel=\"noopener\"><strong>Sn1per<\/strong><\/a>&nbsp;&#8211; automated pentest framework for offensive security experts.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/future-architect\/vuls\" target=\"_blank\" rel=\"noopener\"><strong>vuls<\/strong><\/a>&nbsp;&#8211; is an agent-less vulnerability scanner for Linux, FreeBSD, and other.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/google\/tsunami-security-scanner\" target=\"_blank\" rel=\"noopener\"><strong>tsunami<\/strong><\/a>&nbsp;&#8211; is a general purpose network security scanner with an extensible plugin system.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/michenriksen\/aquatone\" target=\"_blank\" rel=\"noopener\"><strong>aquatone<\/strong><\/a>&nbsp;&#8211; a tool for domain flyovers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/GitHackTools\/BillCipher\" target=\"_blank\" rel=\"noopener\"><strong>BillCipher<\/strong><\/a>&nbsp;&#8211; information gathering tool for a website or IP address.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Ekultek\/WhatWaf\" target=\"_blank\" rel=\"noopener\"><strong>WhatWaf<\/strong><\/a>&nbsp;&#8211; detect and bypass web application firewalls and protection systems.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/s0md3v\/Corsy\" target=\"_blank\" rel=\"noopener\"><strong>Corsy<\/strong><\/a>&nbsp;&#8211; CORS misconfiguration scanner.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/evyatarmeged\/Raccoon\" target=\"_blank\" rel=\"noopener\"><strong>Raccoon<\/strong><\/a>&nbsp;&#8211; is a high performance offensive security tool for reconnaissance and vulnerability scanning.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Nekmo\/dirhunt\" target=\"_blank\" rel=\"noopener\"><strong>dirhunt<\/strong><\/a>&nbsp;&#8211; find web directories without bruteforce.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.openwall.com\/john\/\" target=\"_blank\" rel=\"noopener\"><strong>John The Ripper<\/strong><\/a>&nbsp;&#8211; is a fast password cracker, currently available for many flavors of Unix, Windows, and other.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/hashcat.net\/hashcat\/\" target=\"_blank\" rel=\"noopener\"><strong>hashcat<\/strong><\/a>&nbsp;&#8211; world&#8217;s fastest and most advanced password recovery utility.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/lcamtuf.coredump.cx\/p0f3\/\" target=\"_blank\" rel=\"noopener\"><strong>p0f<\/strong><\/a>&nbsp;&#8211; is a tool to identify the players behind any incidental TCP\/IP communications.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/mozilla\/ssh_scan\" target=\"_blank\" rel=\"noopener\"><strong>ssh_scan<\/strong><\/a>&nbsp;&#8211; a prototype SSH configuration and policy scanner.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/woj-ciech\/LeakLooker\" target=\"_blank\" rel=\"noopener\"><strong>LeakLooker<\/strong><\/a>&nbsp;&#8211; find open databases &#8211; powered by Binaryedge.io<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/offensive-security\/exploitdb\" target=\"_blank\" rel=\"noopener\"><strong>exploitdb<\/strong><\/a>&nbsp;&#8211; searchable archive from The Exploit Database.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/vulnersCom\/getsploit\" target=\"_blank\" rel=\"noopener\"><strong>getsploit<\/strong><\/a>&nbsp;&#8211; is a command line utility for searching and downloading exploits.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/zardus\/ctf-tools\" target=\"_blank\" rel=\"noopener\"><strong>ctf-tools<\/strong><\/a>&nbsp;&#8211; some setup scripts for security research tools.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Gallopsled\/pwntools\" target=\"_blank\" rel=\"noopener\"><strong>pwntools<\/strong><\/a>&nbsp;&#8211; CTF framework and exploit development library.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/bl4de\/security-tools\" target=\"_blank\" rel=\"noopener\"><strong>security-tools<\/strong><\/a>&nbsp;&#8211; collection of small security tools created mostly in Python. CTFs, pentests and so on.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/leonteale\/pentestpackage\" target=\"_blank\" rel=\"noopener\"><strong>pentestpackage<\/strong><\/a>&nbsp;&#8211; is a package of Pentest scripts.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/dloss\/python-pentest-tools\" target=\"_blank\" rel=\"noopener\"><strong>python-pentest-tools<\/strong><\/a>&nbsp;&#8211; python tools for penetration testers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/fuzzdb-project\/fuzzdb\" target=\"_blank\" rel=\"noopener\"><strong>fuzzdb<\/strong><\/a>&nbsp;&#8211; dictionary of attack patterns and primitives for black-box application fault injection.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/google\/AFL\" target=\"_blank\" rel=\"noopener\"><strong>AFL<\/strong><\/a>&nbsp;&#8211; is a free software fuzzer maintained by Google.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/AFLplusplus\/AFLplusplus\" target=\"_blank\" rel=\"noopener\"><strong>AFL++<\/strong><\/a>&nbsp;&#8211; is AFL with community patches.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/google\/syzkaller\" target=\"_blank\" rel=\"noopener\"><strong>syzkaller<\/strong><\/a>&nbsp;&#8211; is an unsupervised, coverage-guided kernel fuzzer.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/pwndbg\/pwndbg\" target=\"_blank\" rel=\"noopener\"><strong>pwndbg<\/strong><\/a>&nbsp;&#8211; exploit development and reverse engineering with GDB made easy.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/longld\/peda\" target=\"_blank\" rel=\"noopener\"><strong>GDB PEDA<\/strong><\/a>&nbsp;&#8211; Python Exploit Development Assistance for GDB.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hex-rays.com\/products\/ida\/index.shtml\" target=\"_blank\" rel=\"noopener\"><strong>IDA<\/strong><\/a>&nbsp;&#8211; multi-processor disassembler and debugger useful for reverse engineering malware.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/radare\/radare2\" target=\"_blank\" rel=\"noopener\"><strong>radare2<\/strong><\/a>&nbsp;&#8211; framework for reverse-engineering and analyzing binaries.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/threat9\/routersploit\" target=\"_blank\" rel=\"noopener\"><strong>routersploit<\/strong><\/a>&nbsp;&#8211; exploitation framework for embedded devices.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/NationalSecurityAgency\/ghidra\" target=\"_blank\" rel=\"noopener\"><strong>Ghidra<\/strong><\/a>&nbsp;&#8211; is a software reverse engineering (SRE) framework.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/salesforce\/vulnreport\" target=\"_blank\" rel=\"noopener\"><strong>Vulnreport<\/strong><\/a>&nbsp;&#8211; open-source pentesting management and automation platform by Salesforce Product Security.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/sc0tfree\/mentalist\" target=\"_blank\" rel=\"noopener\"><strong>Mentalist<\/strong><\/a>&nbsp;&#8211; is a graphical tool for custom wordlist generation.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/archerysec\/archerysec\" target=\"_blank\" rel=\"noopener\"><strong>archerysec<\/strong><\/a>&nbsp;&#8211; vulnerability assessment and management helps to perform scans and manage vulnerabilities.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/j3ssie\/Osmedeus\" target=\"_blank\" rel=\"noopener\"><strong>Osmedeus<\/strong><\/a>&nbsp;&#8211; fully automated offensive security tool for reconnaissance and vulnerability scanning.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/beefproject\/beef\" target=\"_blank\" rel=\"noopener\"><strong>beef<\/strong><\/a>&nbsp;&#8211; the browser exploitation framework project.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/NullArray\/AutoSploit\" target=\"_blank\" rel=\"noopener\"><strong>AutoSploit<\/strong><\/a>&nbsp;&#8211; automated mass exploiter.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/TH3xACE\/SUDO_KILLER\" target=\"_blank\" rel=\"noopener\"><strong>SUDO_KILLER<\/strong><\/a>&nbsp;&#8211; is a tool to identify and exploit sudo rules&#8217; misconfigurations and vulnerabilities.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/VirusTotal\/yara\" target=\"_blank\" rel=\"noopener\"><strong>yara<\/strong><\/a>&nbsp;&#8211; the pattern matching swiss knife.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/gentilkiwi\/mimikatz\" target=\"_blank\" rel=\"noopener\"><strong>mimikatz<\/strong><\/a>&nbsp;&#8211; a little tool to play with Windows security.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/sherlock-project\/sherlock\" target=\"_blank\" rel=\"noopener\"><strong>sherlock<\/strong><\/a>&nbsp;&#8211; hunt down social media accounts by username across social networks.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/owasp.org\/www-project-threat-dragon\/\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Threat Dragon<\/strong><\/a>&nbsp;&#8211; is a tool used to create threat model diagrams and to record possible threats.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-pentests-bookmarks-collection\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Pentests bookmarks collection<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/www.pentest-standard.org\/index.php\/Main_Page\" target=\"_blank\" rel=\"noopener\"><strong>PTES<\/strong><\/a>&nbsp;&#8211; the penetration testing execution standard.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.amanhardikar.com\/mindmaps\/Practice.html\" target=\"_blank\" rel=\"noopener\"><strong>Pentests MindMap<\/strong><\/a>&nbsp;&#8211; amazing mind map with vulnerable apps and systems.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.amanhardikar.com\/mindmaps\/webapptest.html\" target=\"_blank\" rel=\"noopener\"><strong>WebApps Security Tests MindMap<\/strong><\/a>&nbsp;&#8211; incredible mind map for WebApps security tests.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/brutelogic.com.br\/blog\/\" target=\"_blank\" rel=\"noopener\"><strong>Brute XSS<\/strong><\/a>&nbsp;&#8211; master the art of Cross Site Scripting.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/portswigger.net\/web-security\/cross-site-scripting\/cheat-sheet\" target=\"_blank\" rel=\"noopener\"><strong>XSS cheat sheet<\/strong><\/a>&nbsp;&#8211; contains many vectors that can help you bypass WAFs and filters.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/jivoi.github.io\/2015\/07\/03\/offensive-security-bookmarks\/\" target=\"_blank\" rel=\"noopener\"><strong>Offensive Security Bookmarks<\/strong><\/a>&nbsp;&#8211; security bookmarks collection, all things that author need to pass OSCP.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/coreb1t\/awesome-pentest-cheat-sheets\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Pentest Cheat Sheets<\/strong><\/a>&nbsp;&#8211; collection of the cheat sheets useful for pentesting.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Hack-with-Github\/Awesome-Hacking\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Hacking by HackWithGithub<\/strong><\/a>&nbsp;&#8211; awesome lists for hackers, pentesters and security researchers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/carpedm20\/awesome-hacking\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Hacking by carpedm20<\/strong><\/a>&nbsp;&#8211; a curated list of awesome hacking tutorials, tools and resources.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/vitalysim\/Awesome-Hacking-Resources\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Hacking Resources<\/strong><\/a>&nbsp;&#8211; collection of hacking\/penetration testing resources to make you better.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/enaqx\/awesome-pentest\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Pentest<\/strong><\/a>&nbsp;&#8211; collection of awesome penetration testing resources, tools and other shiny things.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/m4ll0k\/Awesome-Hacking-Tools\" target=\"_blank\" rel=\"noopener\"><strong>Awesome-Hacking-Tools<\/strong><\/a>&nbsp;&#8211; is a curated list of awesome Hacking Tools.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/ksanchezcld\/Hacking_Cheat_Sheet\" target=\"_blank\" rel=\"noopener\"><strong>Hacking Cheat Sheet<\/strong><\/a>&nbsp;&#8211; author hacking and pentesting notes.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/toolswatch\/blackhat-arsenal-tools\" target=\"_blank\" rel=\"noopener\"><strong>blackhat-arsenal-tools<\/strong><\/a>&nbsp;&#8211; official Black Hat arsenal security tools repository.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.peerlyst.com\/posts\/the-complete-list-of-infosec-related-cheat-sheets-claus-cramon\" target=\"_blank\" rel=\"noopener\"><strong>Penetration Testing and WebApp Cheat Sheets<\/strong><\/a>&nbsp;&#8211; the complete list of Infosec related cheat sheets.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/The-Art-of-Hacking\/h4cker\" target=\"_blank\" rel=\"noopener\"><strong>Cyber Security Resources<\/strong><\/a>&nbsp;&#8211; includes thousands of cybersecurity-related references and resources.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/jhaddix\/pentest-bookmarks\" target=\"_blank\" rel=\"noopener\"><strong>Pentest Bookmarks<\/strong><\/a>&nbsp;&#8211; there are a LOT of pentesting blogs.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/OlivierLaflamme\/Cheatsheet-God\" target=\"_blank\" rel=\"noopener\"><strong>Cheatsheet-God<\/strong><\/a>&nbsp;&#8211; Penetration Testing Reference Bank &#8211; OSCP\/PTP &amp; PTX Cheatsheet.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Cyb3rWard0g\/ThreatHunter-Playbook\" target=\"_blank\" rel=\"noopener\"><strong>ThreatHunter-Playbook<\/strong><\/a>&nbsp;&#8211; to aid the development of techniques and hypothesis for hunting campaigns.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/hmaverickadams\/Beginner-Network-Pentesting\" target=\"_blank\" rel=\"noopener\"><strong>Beginner-Network-Pentesting<\/strong><\/a>&nbsp;&#8211; notes for beginner network pentesting course.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/rewardone\/OSCPRepo\" target=\"_blank\" rel=\"noopener\"><strong>OSCPRepo<\/strong><\/a>&nbsp;&#8211; is a list of resources that author have been gathering in preparation for the OSCP.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings\" target=\"_blank\" rel=\"noopener\"><strong>PayloadsAllTheThings<\/strong><\/a>&nbsp;&#8211; a list of useful payloads and bypass for Web Application Security and Pentest\/CTF.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/foospidy\/payloads\" target=\"_blank\" rel=\"noopener\"><strong>payloads<\/strong><\/a>&nbsp;&#8211; git all the Payloads! A collection of web attack payloads.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/payloadbox\/command-injection-payload-list\" target=\"_blank\" rel=\"noopener\"><strong>command-injection-payload-list<\/strong><\/a>&nbsp;&#8211; command injection payload list.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/jakejarvis\/awesome-shodan-queries\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Shodan Search Queries<\/strong><\/a>&nbsp;&#8211; great search queries to plug into Shodan.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/s0md3v\/AwesomeXSS\" target=\"_blank\" rel=\"noopener\"><strong>AwesomeXSS<\/strong><\/a>&nbsp;&#8211; is a collection of Awesome XSS resources.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/JohnTroony\/php-webshells\" target=\"_blank\" rel=\"noopener\"><strong>php-webshells<\/strong><\/a>&nbsp;&#8211; common php webshells.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/highon.coffee\/blog\/penetration-testing-tools-cheat-sheet\/\" target=\"_blank\" rel=\"noopener\"><strong>Pentesting Tools Cheat Sheet<\/strong><\/a>&nbsp;&#8211; a quick reference high level overview for typical penetration testing.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/cheatsheetseries.owasp.org\/\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Cheat Sheet Series<\/strong><\/a>&nbsp;&#8211; is a collection of high value information on specific application security topics.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/jeremylong.github.io\/DependencyCheck\/index.html\" target=\"_blank\" rel=\"noopener\"><strong>OWASP dependency-check<\/strong><\/a>&nbsp;&#8211; is an open source solution the OWASP Top 10 2013 entry.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Proactive_Controls\" target=\"_blank\" rel=\"noopener\"><strong>OWASP ProActive Controls<\/strong><\/a>&nbsp;&#8211; OWASP Top 10 Proactive Controls 2018.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/blaCCkHatHacEEkr\/PENTESTING-BIBLE\" target=\"_blank\" rel=\"noopener\"><strong>PENTESTING-BIBLE<\/strong><\/a>&nbsp;&#8211; hacking &amp; penetration testing &amp; red team &amp; cyber security resources.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/nixawk\/pentest-wiki\" target=\"_blank\" rel=\"noopener\"><strong>pentest-wiki<\/strong><\/a>&nbsp;&#8211; is a free online security knowledge library for pentesters\/researchers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/media.defcon.org\/\" target=\"_blank\" rel=\"noopener\"><strong>DEF CON Media Server<\/strong><\/a>&nbsp;&#8211; great stuff from DEFCON.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/rshipp\/awesome-malware-analysis\" target=\"_blank\" rel=\"noopener\"><strong>Awesome Malware Analysis<\/strong><\/a>&nbsp;&#8211; a curated list of awesome malware analysis tools and resources.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.netsparker.com\/blog\/web-security\/sql-injection-cheat-sheet\/\" target=\"_blank\" rel=\"noopener\"><strong>SQL Injection Cheat Sheet<\/strong><\/a>&nbsp;&#8211; detailed technical stuff about the many different variants of the SQL Injection.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/kb.entersoft.co.in\/\" target=\"_blank\" rel=\"noopener\"><strong>Entersoft Knowledge Base<\/strong><\/a>&nbsp;&#8211; great and detailed reference about vulnerabilities.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/html5sec.org\/\" target=\"_blank\" rel=\"noopener\"><strong>HTML5 Security Cheatsheet<\/strong><\/a>&nbsp;&#8211; a collection of HTML5 related XSS attack vectors.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/evuln.com\/tools\/xss-encoder\/\" target=\"_blank\" rel=\"noopener\"><strong>XSS String Encoder<\/strong><\/a>&nbsp;&#8211; for generating XSS code to check your input validation filters against XSS.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/gtfobins.github.io\/\" target=\"_blank\" rel=\"noopener\"><strong>GTFOBins<\/strong><\/a>&nbsp;&#8211; list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/guif.re\/\" target=\"_blank\" rel=\"noopener\"><strong>Guifre Ruiz Notes<\/strong><\/a>&nbsp;&#8211; collection of security, system, network and pentest cheatsheets.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/blog.safebuff.com\/2016\/07\/03\/SSRF-Tips\/index.html\" target=\"_blank\" rel=\"noopener\"><strong>SSRF Tips<\/strong><\/a>&nbsp;&#8211; a collection of SSRF Tips.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/shell-storm.org\/repo\/CTF\/\" target=\"_blank\" rel=\"noopener\"><strong>shell-storm repo CTF<\/strong><\/a>&nbsp;&#8211; great archive of CTFs.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/bl4de\/ctf\" target=\"_blank\" rel=\"noopener\"><strong>ctf<\/strong><\/a>&nbsp;&#8211; CTF (Capture The Flag) writeups, code snippets, notes, scripts.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/orangetw\/My-CTF-Web-Challenges\" target=\"_blank\" rel=\"noopener\"><strong>My-CTF-Web-Challenges<\/strong><\/a>&nbsp;&#8211; collection of CTF Web challenges.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/OWASP\/owasp-mstg\" target=\"_blank\" rel=\"noopener\"><strong>MSTG<\/strong><\/a>&nbsp;&#8211; The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/sdcampbell\/Internal-Pentest-Playbook\" target=\"_blank\" rel=\"noopener\"><strong>Internal-Pentest-Playbook<\/strong><\/a>&nbsp;&#8211; notes on the most common things for an Internal Network Penetration Test.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/streaak\/keyhacks\" target=\"_blank\" rel=\"noopener\"><strong>KeyHacks<\/strong><\/a>&nbsp;&#8211; shows quick ways in which API keys leaked by a bug bounty program can be checked.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/securitum\/research\" target=\"_blank\" rel=\"noopener\"><strong>securitum\/research<\/strong><\/a>&nbsp;&#8211; various Proof of Concepts of security research performed by Securitum.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/juliocesarfort\/public-pentesting-reports\" target=\"_blank\" rel=\"noopener\"><strong>public-pentesting-reports<\/strong><\/a>&nbsp;&#8211; is a list of public pentest reports released by several consulting security groups.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/djadmin\/awesome-bug-bounty\" target=\"_blank\" rel=\"noopener\"><strong>awesome-bug-bounty<\/strong><\/a>&nbsp;&#8211; is a comprehensive curated list of available Bug Bounty.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/ngalongc\/bug-bounty-reference\" target=\"_blank\" rel=\"noopener\"><strong>bug-bounty-reference<\/strong><\/a>&nbsp;&#8211; is a list of bug bounty write-ups.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/devanshbatham\/Awesome-Bugbounty-Writeups\" target=\"_blank\" rel=\"noopener\"><strong>Awesome-Bugbounty-Writeups<\/strong><\/a>&nbsp;&#8211; is a curated list of bugbounty writeups.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/pentester.land\/list-of-bug-bounty-writeups.html\" target=\"_blank\" rel=\"noopener\"><strong>Bug bounty writeups<\/strong><\/a>&nbsp;&#8211; list of bug bounty writeups (2012-2020).<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/hackso.me\/\" target=\"_blank\" rel=\"noopener\"><strong>hackso.me<\/strong><\/a>&nbsp;&#8211; a great journey into security.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-backdoorsexploits\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Backdoors\/exploits<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/bartblaze\/PHP-backdoors\" target=\"_blank\" rel=\"noopener\"><strong>PHP-backdoors<\/strong><\/a>&nbsp;&#8211; a collection of PHP backdoors. For educational or testing purposes only.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-wordlists-and-weak-passwords\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Wordlists and Weak passwords<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/weakpass.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Weakpass<\/strong><\/a>&nbsp;&#8211; for any kind of bruteforce find wordlists or unleash the power of them all at once!<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/hashes.org\/\" target=\"_blank\" rel=\"noopener\"><strong>Hashes.org<\/strong><\/a>&nbsp;&#8211; is a free online hash resolving service incorporating many unparalleled techniques.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/danielmiessler\/SecLists\" target=\"_blank\" rel=\"noopener\"><strong>SecLists<\/strong><\/a>&nbsp;&#8211; collection of multiple types of lists used during security assessments, collected in one place.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/berzerk0\/Probable-Wordlists\" target=\"_blank\" rel=\"noopener\"><strong>Probable-Wordlists<\/strong><\/a>&nbsp;&#8211; sorted by probability originally created for password generation and testing.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/wiki.skullsecurity.org\/index.php?title=Passwords\" target=\"_blank\" rel=\"noopener\"><strong>skullsecurity passwords<\/strong><\/a>&nbsp;&#8211; password dictionaries and leaked passwords repository.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/bezpieka.org\/polski-slownik-premium-polish-wordlist\" target=\"_blank\" rel=\"noopener\"><strong>Polish PREMIUM Dictionary<\/strong><\/a>&nbsp;&#8211; official dictionary created by the team on the forum bezpieka.org.<strong>*<\/strong>&nbsp;<sup><a href=\"https:\/\/sourceforge.net\/projects\/kali-linux\/files\/Wordlist\/\" target=\"_blank\" rel=\"noopener\">1<\/a><\/sup><a href=\"https:\/\/sourceforge.net\/projects\/kali-linux\/files\/Wordlist\/\" target=\"_blank\" rel=\"noopener\"><br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<\/a><a href=\"https:\/\/github.com\/insidetrust\/statistically-likely-usernames\" target=\"_blank\" rel=\"noopener\"><strong>statistically-likely-usernames<\/strong><\/a>&nbsp;&#8211; wordlists for creating statistically likely username lists.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-bounty-platforms\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Bounty platforms<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.yeswehack.com\/\" target=\"_blank\" rel=\"noopener\"><strong>YesWeHack<\/strong><\/a>&nbsp;&#8211; bug bounty platform with infosec jobs.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.openbugbounty.org\/\" target=\"_blank\" rel=\"noopener\"><strong>Openbugbounty<\/strong><\/a>&nbsp;&#8211; allows any security researcher reporting a vulnerability on any website.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hackerone.com\/\" target=\"_blank\" rel=\"noopener\"><strong>hackerone<\/strong><\/a>&nbsp;&#8211; global hacker community to surface the most relevant security issues.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.bugcrowd.com\/\" target=\"_blank\" rel=\"noopener\"><strong>bugcrowd<\/strong><\/a>&nbsp;&#8211; crowdsourced cybersecurity for the enterprise.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/crowdshield.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Crowdshield<\/strong><\/a>&nbsp;&#8211; crowdsourced security &amp; bug bounty management.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.synack.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Synack<\/strong><\/a>&nbsp;&#8211; crowdsourced security &amp; bug bounty programs, crowd security intelligence platform, and more.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/hacktrophy.com\/en\/\" target=\"_blank\" rel=\"noopener\"><strong>Hacktrophy<\/strong><\/a>&nbsp;&#8211; bug bounty platform.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-web-training-apps-local-installation\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Web Training Apps (local installation)<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Vulnerable_Web_Applications_Directory_Project\" target=\"_blank\" rel=\"noopener\"><strong>OWASP-VWAD<\/strong><\/a>&nbsp;&#8211; comprehensive and well maintained registry of all known vulnerable web applications.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/www.dvwa.co.uk\/\" target=\"_blank\" rel=\"noopener\"><strong>DVWA<\/strong><\/a>&nbsp;&#8211; PHP\/MySQL web application that is damn vulnerable.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/metasploit.help.rapid7.com\/docs\/metasploitable-2\" target=\"_blank\" rel=\"noopener\"><strong>metasploitable2<\/strong><\/a>&nbsp;&#8211; vulnerable web application amongst security researchers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/rapid7\/metasploitable3\" target=\"_blank\" rel=\"noopener\"><strong>metasploitable3<\/strong><\/a>&nbsp;&#8211; is a VM that is built from the ground up with a large amount of security vulnerabilities.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/stamparm\/DSVW\" target=\"_blank\" rel=\"noopener\"><strong>DSVW<\/strong><\/a>&nbsp;&#8211; is a deliberately vulnerable web application written in under 100 lines of code.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/sourceforge.net\/projects\/mutillidae\/\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Mutillidae II<\/strong><\/a>&nbsp;&#8211; free, open source, deliberately vulnerable web-application.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Juice_Shop_Project\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Juice Shop Project<\/strong><\/a>&nbsp;&#8211; the most bug-free vulnerable application in existence.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.owasp.org\/index.php\/Projects\/OWASP_Node_js_Goat_Project\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Node js Goat Project<\/strong><\/a>&nbsp;&#8211; OWASP Top 10 security risks apply to web apps developed using Node.js.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/iteratec\/juicy-ctf\" target=\"_blank\" rel=\"noopener\"><strong>juicy-ctf<\/strong><\/a>&nbsp;&#8211; run Capture the Flags and Security Trainings with OWASP Juice Shop.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/OWASP\/SecurityShepherd\" target=\"_blank\" rel=\"noopener\"><strong>SecurityShepherd<\/strong><\/a>&nbsp;&#8211; web and mobile application security training platform.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/opendns\/Security_Ninjas_AppSec_Training\" target=\"_blank\" rel=\"noopener\"><strong>Security Ninjas<\/strong><\/a>&nbsp;&#8211; open source application security training program.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/rapid7\/hackazon\" target=\"_blank\" rel=\"noopener\"><strong>hackazon<\/strong><\/a>&nbsp;&#8211; a modern vulnerable web app.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/appsecco\/dvna\" target=\"_blank\" rel=\"noopener\"><strong>dvna<\/strong><\/a>&nbsp;&#8211; damn vulnerable NodeJS application.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/DefectDojo\/django-DefectDojo\" target=\"_blank\" rel=\"noopener\"><strong>django-DefectDojo<\/strong><\/a>&nbsp;&#8211; is an open-source application vulnerability correlation and security orchestration tool.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/google-gruyere.appspot.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Google Gruyere<\/strong><\/a>&nbsp;&#8211; web application exploits and defenses.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/amolnaik4\/bodhi\" target=\"_blank\" rel=\"noopener\"><strong>Bodhi<\/strong><\/a>&nbsp;&#8211; is a playground focused on learning the exploitation of client-side web vulnerabilities.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/websploit.h4cker.org\/\" target=\"_blank\" rel=\"noopener\"><strong>Websploit<\/strong><\/a>&nbsp;&#8211; single vm lab with the purpose of combining several vulnerable appliations in one environment.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/vulhub\/vulhub\" target=\"_blank\" rel=\"noopener\"><strong>vulhub<\/strong><\/a>&nbsp;&#8211; pre-built Vulnerable Environments based on docker-compose.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/rhinosecuritylabs.com\/aws\/introducing-cloudgoat-2\/\" target=\"_blank\" rel=\"noopener\"><strong>CloudGoat 2<\/strong><\/a>&nbsp;&#8211; the new &amp; improved &#8220;Vulnerable by Design&#8221; AWS deployment tool.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/globocom\/secDevLabs\" target=\"_blank\" rel=\"noopener\"><strong>secDevLabs<\/strong><\/a>&nbsp;&#8211; is a laboratory for learning secure web development in a practical manner.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/incredibleindishell\/CORS-vulnerable-Lab\" target=\"_blank\" rel=\"noopener\"><strong>CORS-vulnerable-Lab<\/strong><\/a>&nbsp;&#8211; sample vulnerable code and its exploit code.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/moloch--\/RootTheBox\" target=\"_blank\" rel=\"noopener\"><strong>RootTheBox<\/strong><\/a>&nbsp;&#8211; a Game of Hackers (CTF Scoreboard &amp; Game Manager).<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/application.security\/\" target=\"_blank\" rel=\"noopener\"><strong>KONTRA<\/strong><\/a>&nbsp;&#8211; application security training (OWASP Top Web &amp; Api).<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-labs-ethical-hacking-platformstrainingsctfs\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Labs (ethical hacking platforms\/trainings\/CTFs)<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.offensive-security.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Offensive Security<\/strong><\/a>&nbsp;&#8211; true performance-based penetration testing training for over a decade.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hackthebox.eu\/\" target=\"_blank\" rel=\"noopener\"><strong>Hack The Box<\/strong><\/a>&nbsp;&#8211; online platform allowing you to test your penetration testing skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hacking-lab.com\/index.html\" target=\"_blank\" rel=\"noopener\"><strong>Hacking-Lab<\/strong><\/a>&nbsp;&#8211; online ethical hacking, computer network and security challenge platform.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/pwnable.kr\/index.php\" target=\"_blank\" rel=\"noopener\"><strong>pwnable.kr<\/strong><\/a>&nbsp;&#8211; non-commercial wargame site which provides various pwn challenges.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/pwnable.tw\/\" target=\"_blank\" rel=\"noopener\"><strong>Pwnable.tw<\/strong><\/a>&nbsp;&#8211; is a wargame site for hackers to test and expand their binary exploiting skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/picoctf.com\/\" target=\"_blank\" rel=\"noopener\"><strong>picoCTF<\/strong><\/a>&nbsp;&#8211; is a free computer security game targeted at middle and high school students.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/ctflearn.com\/\" target=\"_blank\" rel=\"noopener\"><strong>CTFlearn<\/strong><\/a>&nbsp;&#8211; is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/ctftime.org\/\" target=\"_blank\" rel=\"noopener\"><strong>ctftime<\/strong><\/a>&nbsp;&#8211; CTF archive and a place, where you can get some another CTF-related info.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/silesiasecuritylab.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Silesia Security Lab<\/strong><\/a>&nbsp;&#8211; high quality security testing services.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/practicalpentestlabs.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Practical Pentest Labs<\/strong><\/a>&nbsp;&#8211; pentest lab, take your Hacking skills to the next level.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.root-me.org\/?lang=en\" target=\"_blank\" rel=\"noopener\"><strong>Root Me<\/strong><\/a>&nbsp;&#8211; the fast, easy, and affordable way to train your hacking skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/rozwal.to\/login\" target=\"_blank\" rel=\"noopener\"><strong>rozwal.to<\/strong><\/a>&nbsp;&#8211; a great platform to train your pentesting skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/tryhackme.com\/\" target=\"_blank\" rel=\"noopener\"><strong>TryHackMe<\/strong><\/a>&nbsp;&#8211; learning Cyber Security made easy.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/hackxor.net\/\" target=\"_blank\" rel=\"noopener\"><strong>hackxor<\/strong><\/a>&nbsp;&#8211; is a realistic web application hacking game, designed to help players of all abilities develop their skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/hack-yourself-first.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Hack Yourself First<\/strong><\/a>&nbsp;&#8211; it&#8217;s full of nasty app sec holes.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/overthewire.org\/wargames\/\" target=\"_blank\" rel=\"noopener\"><strong>OverTheWire<\/strong><\/a>&nbsp;&#8211; can help you to learn and practice security concepts in the form of fun-filled games.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/labs.wizard-security.net\/\" target=\"_blank\" rel=\"noopener\"><strong>Wizard Labs<\/strong><\/a>&nbsp;&#8211; is an online Penetration Testing Lab.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/pentesterlab.com\/\" target=\"_blank\" rel=\"noopener\"><strong>PentesterLab<\/strong><\/a>&nbsp;&#8211; provides vulnerable systems that can be used to test and understand vulnerabilities.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/ringzer0ctf.com\/\" target=\"_blank\" rel=\"noopener\"><strong>RingZer0<\/strong><\/a>&nbsp;&#8211; tons of challenges designed to test and improve your hacking skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/www.try2hack.nl\/\" target=\"_blank\" rel=\"noopener\"><strong>try2hack<\/strong><\/a>&nbsp;&#8211; several security-oriented challenges for your entertainment.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.ubeeri.com\/preconfig-labs\" target=\"_blank\" rel=\"noopener\"><strong>Ubeeri<\/strong><\/a>&nbsp;&#8211; preconfigured lab environments.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/lab.pentestit.ru\/\" target=\"_blank\" rel=\"noopener\"><strong>Pentestit<\/strong><\/a>&nbsp;&#8211; emulate IT infrastructures of real companies for legal pen testing and improving pentest skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/microcorruption.com\/login\" target=\"_blank\" rel=\"noopener\"><strong>Microcorruption<\/strong><\/a>&nbsp;&#8211; reversal challenges done in the web interface.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/crackmes.one\/\" target=\"_blank\" rel=\"noopener\"><strong>Crackmes<\/strong><\/a>&nbsp;&#8211; download crackmes to help improve your reverse engineering skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/domgo.at\/cxss\/intro\" target=\"_blank\" rel=\"noopener\"><strong>DomGoat<\/strong><\/a>&nbsp;&#8211; DOM XSS security learning and practicing platform.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/chall.stypr.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Stereotyped Challenges<\/strong><\/a>&nbsp;&#8211; upgrade your web hacking techniques today!<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.vulnhub.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Vulnhub<\/strong><\/a>&nbsp;&#8211; allows anyone to gain practical &#8216;hands-on&#8217; experience in digital security.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/w3challs.com\/\" target=\"_blank\" rel=\"noopener\"><strong>W3Challs<\/strong><\/a>&nbsp;&#8211; is a penetration testing training platform, which offers various computer challenges.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/ringzer0ctf.com\/challenges\" target=\"_blank\" rel=\"noopener\"><strong>RingZer0 CTF<\/strong><\/a>&nbsp;&#8211; offers you tons of challenges designed to test and improve your hacking skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/hack.me\/\" target=\"_blank\" rel=\"noopener\"><strong>Hack.me<\/strong><\/a>&nbsp;&#8211; a platform where you can build, host and share vulnerable web apps for educational purposes.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hackthis.co.uk\/levels\/\" target=\"_blank\" rel=\"noopener\"><strong>HackThis!<\/strong><\/a>&nbsp;&#8211; discover how hacks, dumps and defacements are performed and secure your website.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.enigmagroup.org\/#\" target=\"_blank\" rel=\"noopener\"><strong>Enigma Group WebApp Training<\/strong><\/a>&nbsp;&#8211; these challenges cover the exploits listed in the OWASP Top 10 Project.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/challenges.re\/\" target=\"_blank\" rel=\"noopener\"><strong>Reverse Engineering Challenges<\/strong><\/a>&nbsp;&#8211; challenges, exercises, problems and tasks &#8211; by level, by type, and more.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/0x00sec.org\/\" target=\"_blank\" rel=\"noopener\"><strong>0x00sec<\/strong><\/a>&nbsp;&#8211; the home of the Hacker &#8211; Malware, Reverse Engineering, and Computer Science.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.wechall.net\/challs\" target=\"_blank\" rel=\"noopener\"><strong>We Chall<\/strong><\/a>&nbsp;&#8211; there are exist a lots of different challenge types.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hackergateway.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Hacker Gateway<\/strong><\/a>&nbsp;&#8211; is the go-to place for hackers who want to test their skills.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hacker101.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Hacker101<\/strong><\/a>&nbsp;&#8211; is a free class for web security.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/contained.af\/\" target=\"_blank\" rel=\"noopener\"><strong>contained.af<\/strong><\/a>&nbsp;&#8211; a stupid game for learning about containers, capabilities, and syscalls.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/flaws.cloud\/\" target=\"_blank\" rel=\"noopener\"><strong>flAWS challenge!<\/strong><\/a>&nbsp;&#8211; a series of levels you&#8217;ll learn about common mistakes and gotchas when using AWS.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/cybersecurity.wtf\/\" target=\"_blank\" rel=\"noopener\"><strong>CyberSec WTF<\/strong><\/a>&nbsp;&#8211; provides web hacking challenges derived from bounty write-ups.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/ctfchallenge.co.uk\/login\" target=\"_blank\" rel=\"noopener\"><strong>CTF Challenge<\/strong><\/a>&nbsp;&#8211; CTF Web App challenges.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/capturetheflag.withgoogle.com\/\" target=\"_blank\" rel=\"noopener\"><strong>gCTF<\/strong><\/a>&nbsp;&#8211; most of the challenges used in the Google CTF 2017.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.hackthissite.org\/pages\/index\/index.php\" target=\"_blank\" rel=\"noopener\"><strong>Hack This Site<\/strong><\/a>&nbsp;&#8211; is a free, safe and legal training ground for hackers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/attackdefense.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Attack &amp; Defense<\/strong><\/a>&nbsp;&#8211; is a browser-based cloud labs.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/cryptohack.org\/\" target=\"_blank\" rel=\"noopener\"><strong>Cryptohack<\/strong><\/a>&nbsp;&#8211; a fun platform for learning modern cryptography.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/cryptopals.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Cryptopals<\/strong><\/a>&nbsp;&#8211; the cryptopals crypto challenges.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-ctf-platforms\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;CTF platforms<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/facebook\/fbctf\" target=\"_blank\" rel=\"noopener\"><strong>fbctf<\/strong><\/a>&nbsp;&#8211; platform to host Capture the Flag competitions.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/google\/ctfscoreboard\" target=\"_blank\" rel=\"noopener\"><strong>ctfscoreboard<\/strong><\/a>&nbsp;&#8211; scoreboard for Capture The Flag competitions.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-other-resources\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Other resources<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/bugcrowd\/bugcrowd_university\" target=\"_blank\" rel=\"noopener\"><strong>Bugcrowd University<\/strong><\/a>&nbsp;&#8211; open source education content for the researcher community.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/rewardone\/OSCPRepo\" target=\"_blank\" rel=\"noopener\"><strong>OSCPRepo<\/strong><\/a>&nbsp;&#8211; a list of resources and scripts that I have been gathering in preparation for the OSCP.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/medium.com\/@cxosmo\/owasp-top-10-real-world-examples-part-1-a540c4ea2df5\" target=\"_blank\" rel=\"noopener\"><strong>OWASP Top 10: Real-World Examples<\/strong><\/a>&nbsp;&#8211; test your web apps with real-world examples (two-part series).<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"http:\/\/phrack.org\/index.html\" target=\"_blank\" rel=\"noopener\"><strong>phrack.org<\/strong><\/a>&nbsp;&#8211; an awesome collection of articles from several respected hackers and other thinkers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/github.com\/Gr1mmie\/Practical-Ethical-Hacking-Resources\" target=\"_blank\" rel=\"noopener\"><strong>Practical-Ethical-Hacking-Resources<\/strong><\/a>&nbsp;&#8211; compilation of resources from TCM&#8217;s Udemy Course.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#your-daily-knowledge-and-news-toc\" target=\"_blank\" rel=\"noopener\"><\/a>Your daily knowledge and news &nbsp;<a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#anger-table-of-contents\" target=\"_blank\" rel=\"noopener\"><sup>[TOC]<\/sup><\/a><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">Your daily knowledge and news &nbsp;<a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#anger-table-of-contents\" target=\"_blank\" rel=\"noopener\"><sup>[TOC]<\/sup><\/a><\/h4>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-rss-readers\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;RSS Readers<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/feedly.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Feedly<\/strong><\/a>&nbsp;&#8211; organize, read and share what matters to you.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.inoreader.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Inoreader<\/strong><\/a>&nbsp;&#8211; similar to feedly with a support for filtering what you fetch from rss.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-irc-channels\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;IRC Channels<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/wiki.hackerspaces.org\/IRC_Channel\" target=\"_blank\" rel=\"noopener\"><strong>#hackerspaces<\/strong><\/a>&nbsp;&#8211; hackerspace IRC channels.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge#black_small_square-security-2\" target=\"_blank\" rel=\"noopener\"><\/a>\u25aa\ufe0f&nbsp;Security<\/h5>\n\n\n\n<p>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/thehackernews.com\/\" target=\"_blank\" rel=\"noopener\"><strong>The Hacker News<\/strong><\/a>&nbsp;&#8211; leading news source dedicated to promoting awareness for security experts and hackers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/latesthackingnews.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Latest Hacking News<\/strong><\/a>&nbsp;&#8211; provides the latest hacking news, exploits and vulnerabilities for ethical hackers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/securitynewsletter.co\/\" target=\"_blank\" rel=\"noopener\"><strong>Security Newsletter<\/strong><\/a>&nbsp;&#8211; security news as a weekly digest (email notifications).<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/security.googleblog.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Google Online Security Blog<\/strong><\/a>&nbsp;&#8211; the latest news and insights from Google on security and safety on the Internet.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/blog.qualys.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Qualys Blog<\/strong><\/a>&nbsp;&#8211; expert network security guidance and news.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.darkreading.com\/\" target=\"_blank\" rel=\"noopener\"><strong>DARKReading<\/strong><\/a>&nbsp;&#8211; connecting the Information Security Community.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.darknet.org.uk\/\" target=\"_blank\" rel=\"noopener\"><strong>Darknet<\/strong><\/a>&nbsp;&#8211; latest hacking tools, hacker news, cybersecurity best practices, ethical hacking &amp; pen-testing.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/twitter.com\/disclosedh1\" target=\"_blank\" rel=\"noopener\"><strong>publiclyDisclosed<\/strong><\/a>&nbsp;&#8211; public disclosure watcher who keeps you up to date about the recently disclosed bugs.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/www.reddit.com\/r\/hacking\/\" target=\"_blank\" rel=\"noopener\"><strong>Reddit &#8211; Hacking<\/strong><\/a>&nbsp;&#8211; a subreddit dedicated to hacking and hackers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/packetstormsecurity.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Packet Storm<\/strong><\/a>&nbsp;&#8211; information security services, news, files, tools, exploits, advisories and whitepapers.<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/sekurak.pl\/\" target=\"_blank\" rel=\"noopener\"><strong>Sekurak<\/strong><\/a>&nbsp;&#8211; about security, penetration tests, vulnerabilities and many others (PL\/EN).<br>&nbsp;&nbsp;\ud83d\udd38&nbsp;<a href=\"https:\/\/nfsec.pl\/\" target=\"_blank\" rel=\"noopener\"><strong>nf.sec<\/strong><\/a>&nbsp;&#8211; basic aspects and mechanisms of Linux operating system security (PL).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Reference<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/cloudcommunity\/the-book-of-secret-knowledge<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Pentesters arsenal tools &nbsp;&nbsp;\ud83d\udd38&nbsp;Sandcat Browser&nbsp;&#8211; a penetration-oriented browser with plenty of advanced functionality already built in.&nbsp;&nbsp;\ud83d\udd38&nbsp;Metasploit&nbsp;&#8211; tool and framework for pentesting system, web and many more, contains a lot a&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-22818","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=22818"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22818\/revisions"}],"predecessor-version":[{"id":22824,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/22818\/revisions\/22824"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=22818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=22818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=22818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}