PentestDictionary Save Abandoned

A list of useful resources for pentesting, Bug Bounty, CTF and similars.

Project README

📌PENTEST DICTIONARY📌

A list of great resources for pentesting and similars.

Always try to search in internet for potential vulnerabilities, default credentials and things you don't know about.

If you think my repository has been interesting please give me a star.

LISTS OF TOOLS

I will keep updated the project with new tools or changes.

⭕ DISCOVERY / FUZZING:

wfuzz
gobuster
dirbuster
dirb
feroxbuster
ffuz
sublist3r

⭕ SCANNING / RECOGNIZEMENT:

nmap
masscan
smbmap
enum4linux
rpcclient
Bingoo (for dorking searching and exploitation)
WhatWaf (useful to discover the exactly WAF of a server)
whatw00f
snmpwalk

⭕ NETWORK EXPLOITATION:

⭕ WEB / CMS SCANNERS:

WhatWeb (for identifying technologies on a webpage)
wpscan (the best wordpress scanner)
WPSeku
joomscan

⭕ ACTIVE DIRECTORY / WINDOWS:

⭕ BYPASSING RESTRICTIONS:

PSByPassCLM (for bypassing ConstrainedLanguage)
AppLocker
Chimera
Ebowla (not longer updated but useful)
PowerShdll
Chankro
PHP_disabled_functions
Phantom-Evasion (for bypassing antivirus)

⭕ WEB HACKING:

Burp Suite (for intercepting web requests)
sqlmap
NoSQLMap
kiterunner
xsshunter

⭕ PRIVILEGE ESCALATION:

PEASS-ng (the best system enumeration tool)
LinEnum
Windows-Exploit-Suggester
GTFOBins (binaries exploitations)
juicy-potato (for abusing SeImpersonatePrivilege)
pspy (for capturing running processes)
JAWS
BeRoot

⭕ PIVOTING:

socat
proxychains (for establishing connections with proxys)
chisel (used for port forwarding)
Precompiled-Binaries
reGeorg (used for port forwarding throught a uploaded file)
proxify
peirates (useful for kubernetes pivoting)

⭕ PAYLOADS / AUTOMATED EXPLOITATION:

searchsploit
metasploit (Not allowed in the OSCP)
merlin
Graffiti
legion
SILENTTRINITY
Covenant
msfvenom (the best shellcode/exploit generator)
bin-sploits
One-Lin3r (a framework with a useful list of one-liners)

⭕ FAMOUS VULNS:

⭕ CRYPTOGRAPHY / HASH CRACKING:

john (And john variants like ssh2john or zip2john...)
hashcat
CyberChef (for resolving a lot of crypto CFTs)
hash-identifier
HashID
Crackstation (a huge list of rainbow tables with precomputed hashes)
RsaCtfTool (useful for different cryptography situations)
NameThatHash (for identifying unknown hashes)
quipqiup

⭕ WI-FI:

aircrack-ng (the well known aircrack suite)
Wireshark (for intercepting wifi and bluethooth packets)
wifite2
macchanger (the most famous tool to change your mac address)
bettercap
Pyrit (deprecated)
hcxtools (for the PKMID attack)
Evil-Trust (for the evil twin attack)
wifiphiser
routersploit

⭕ RADIO FRECUENCIES:

gps-sdr-sim (useful to do GPS spoofing and much more)
RFAnalyzer (used to analyze the radio frecuncies spectrum)
portapack-hackrf (a extra module to make your HackRF portable)
proxmark3 (for cloning RFID signals)
hackrf (the best radio frecuencies gadget)
FCC (a list with the most used frecuencies and much more info)
gqrx (another great spectrum analyzer to discover the objects frecuencies)

⭕ DEBUGGING / BUFFER OVERFLOW:

brakeman
radare2 (for debugging binaries in the terminal)
gdb (a command line tool to interact with binaries)
gef (it's a gdb extension)
peda
ghydra (a debugging framework developed by the NSA)
ropper (for searching gadgets)
InmunityDebugger
badchars (a list of badchars that may be used in a BoF)
x64dbg
mona
apktool (for debugging apk files)
dotPeek (a windows debugging application)

gophish (the best tool for creating templates and campaigns)
SET
BITB (templates for the Browser In Ihe Browser attack)
urlcrazy
theHarvester
CredSniper
BeEF
goclone
Mythic-Macro-Generator
KnockMail (to verify if an email exists)
evilginx2

⭕ OSINT:

Maltego
Shodan (The famous IoT browser)
recon-ng
WayBack Machine (A big list of websites, databases, and more)
OSINT Framework
email2phonenumber
Ahria
PhoneInfoga
Ashok
TinEye

⭕ MOBILE:

mvt (for checking if you're infected with pegasus)
MobSF
Needle
Vezir-Project
objection
apktool
RMS
Jadx

⭕ FORENSICS:

Volatily
exiftool (used to view the metadata of a file)
UsnJrnl2Csv
usbkill (it shuts down your pc if it's manipulated)
Inception

⭕ CAR HACKING:

⭕ BLACK HAT:

pegasus_spyware (you know what is this)
GoldenEye (a python ddos tool)
GOD_KILLER (for sms spamming)
pandora-carding (a carding blog in spanish)
ufonet (used for ddos, it abuses Open Redirections)
Dorkify (for performing google dorking)
AdoBot (and android spyware)
LaZagne (used to find passwords once you have access to a pc)
rootkit

⭕ BLUETHOOTH:

btlejack (best BLE hijacking tool)
bettercap
crackle (used for cracking protected connections)
hcitool
esptool
wireshark

⭕ EXTRAS:

CommandoVM (a totaly offensive windows machine)
GitTools (tools to recompile a git project)
DDexec
odat (for attacking Oracle services)
Ghostpack
cewl (for creating dictionaries based on a webpage)
rlwrap
phpsploit
onesixtyone (for bruteforcing SNMP string)
Honeypot
HomePWN (an IoT device pwner)
Gopherus
Stego-Toolkit
PRET (for printer exploitation)
deserialization-Log4j
jwt_tool
dronesploit
Reptile (A linux rootkit)
SprayingToolkit (used for password spraying)
smtp-user-enum

⭕ USEFUL BROWSER ADD-ONS:

FoxyProxy (for sending requests to BurpSuite)
Wappalyzer (for web scanning)
EasyXSS
Authenticator
DarkReader (for changing the white colors to black ones, hackers take care of their eyes)
Anonymox
Keepass (for keeping secure your passwords)

📝 REFERENCES:

⚪ Created by D3Ext

Open Source Agenda is not affiliated with "PentestDictionary" Project. README Source: D3Ext/PentestDictionary

Stars

Open Issues

Last Commit

1 year ago

License

MIT

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/pentestdictionary"><img src="https://www.opensourceagenda.com/projects/pentestdictionary/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog