README update : more books and tools

2024-11-10 07:04:22 +00:00 · 2017-04-08 15:59:40 +02:00 · 2017-04-08 15:59:40 +02:00 · 85b62cee39
commit 85b62cee39
parent d21dcdd463
2 changed files with 32 additions and 4 deletions
--- a/files/README.md
+++ b/files/README.md
@ -11,7 +11,7 @@ Github example
 6b4131bb3b84e9446218359414d636bda782d097 a48ee6d6ca840b9130fbaa73bbf55e9e730e4cfd Michael <michael@easyctf.com> 1489390332 +0000        commit: Prevent directory listing.
 ```

-3. Acces the commit based on the hash -> a directory name (first two signs from hash) and filename (rest of it).git/objects/26/e35470d38c4d6815bc4426a862d5399f04865c, 
+3. Access to the commit based on the hash -> a directory name (first two signs from hash) and filename (rest of it).git/objects/26/e35470d38c4d6815bc4426a862d5399f04865c, 
 ```
 # create a .git directory
 git init test
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@ Feel free to improve with your payloads and techniques !
 I <3 pull requests :)

 # Tools
-
+* [Kali Linux](https://www.kali.org/)
 * [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/)
 * [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search)
 * [Burp Proxy](https://portswigger.net)
@ -13,19 +13,46 @@ I <3 pull requests :)
 * [GoBuster](https://github.com/OJ/gobuster)
 * [Knockpy](https://github.com/guelfoweb/knock)
 * [SQLmap](http://sqlmap.org)
-* [Eyewitness](https://github.com/ChrisTruncer/EyeWitness)
 * [Nikto](https://cirt.net/nikto2)
+* [Nessus](http://www.tenable.com/products/nessus-vulnerability-scanner)
 * [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
 * [Wappalyzer](https://wappalyzer.com/download)
+* [Metasploit](https://www.metasploit.com/)
+
+# Docker
+* `docker pull remnux/metasploit` - [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/)
+* `docker pull paoloo/sqlmap` - [docker-sqlmap](https://hub.docker.com/r/paoloo/sqlmap/)
+* `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
+* `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy)
+* `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/)
+
+* `docker pull infoslack/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/infoslack/dvwa/)
+* `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image](https://hub.docker.com/r/danmx/docker-owasp-webgoat/)
+* `docker pull opendns/security-ninjas` - [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/)
+* `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/)
+* `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker)
+* `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/)
+* `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container)

 # More resources
 Book's list:
 * [Web Hacking 101](https://leanpub.com/web-hacking-101)
-* [The Web Application Hacker's Handbook](https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)  
 * [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
 * [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
 * [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
 * [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE)
+* [Black Hat Python: Python Programming for Hackers and Pentesters](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
+* [Metasploit: The Penetration Tester's Guide](https://www.nostarch.com/metasploit)
+
+* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
+* [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
+* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
+* [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
+* [iOS Hackers Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
+* [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
+* [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
+* [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
+* [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)

 Blogs/Websites
 * http://blog.zsec.uk/101-web-testing-tooling/
@ -50,4 +77,5 @@ Practice
 * [Penetration Testing Practice Labs](http://www.amanhardikar.com/mindmaps/Practice.html)
 * [alert(1) to win](https://alf.nu/alert1)
 * [Hacksplaining](https://www.hacksplaining.com/exercises)
+* [HackThisSite](https://hackthissite.org)
 * [PentesterLab :Learn Web Penetration Testing: The Right Way](https://pentesterlab.com/)