hacker-roadmap/README.md

104 lines
5.5 KiB
Markdown
Raw Normal View History

2018-04-02 12:22:02 +00:00
# Hacker Roadmap
2018-04-02 14:48:48 +00:00
This repository is a guide for amateurs pen testers and a summary of hacking tools to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed.
2018-04-02 18:26:44 +00:00
## Want to become a penetration tester ?
2018-04-02 14:48:48 +00:00
Know about risks on the internet and how they can be prevented is very useful. Especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But does know about tools and how to use them is really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. He must be able to identify the technology behind and test every single door that might be open to hackers.
This repository aim to first explain how to proceed as a penetration tester to secure an application. And secondly, to regroup all kind of tools pen testers need to test applications.
## Languages
- Python
- Ruby
2018-04-02 16:44:30 +00:00
- C / C++ / C#
2018-04-02 14:48:48 +00:00
- Perl
2018-04-02 16:44:30 +00:00
- Go
- Java
2018-04-02 14:48:48 +00:00
## Content Management Systems
- Wordpress
- Joomla
- Drupal
- SPIP
2018-04-02 12:22:02 +00:00
## Tools by category
2018-04-02 12:29:48 +00:00
#### :male_detective: Information Gathering
2018-04-02 12:22:02 +00:00
Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.
2018-04-02 16:44:30 +00:00
- [Th3inspector](https://github.com/Moham3dRiahi/Th3inspector) **Perl** | `Linux/Windows/macOS` | All in one tool for Information Gathering written in Perl.
2018-04-02 13:37:46 +00:00
- [Crips](https://github.com/Manisso/Crips) **Python** | `Linux/Android` | IP Tools To quickly get information about IP Address's, Web Pages and DNS records.
2018-04-02 16:44:30 +00:00
- [theHarvester](https://github.com/laramies/theHarvester) **Python** | `Linux/macOS` | E-mails, subdomains and names Harvester.
2018-04-02 12:22:02 +00:00
2018-04-02 12:29:48 +00:00
#### :lock: Password Attacks
2018-04-02 12:22:02 +00:00
Crack passwords and create wordlists.
2018-04-02 16:44:30 +00:00
- [John the Ripper](https://github.com/magnumripper/JohnTheRipper) **C** | `Linux/Windows/macOS` | John the Ripper is a fast password cracker.
- [hashcat](https://github.com/hashcat/hashcat) **C** | `Linux/Windows/macOS` | World's fastest and most advanced password recovery utility.
- [Hydra](https://github.com/vanhauser-thc/thc-hydra) **C** | `Linux/Windows/macOS` | Parallelized login cracker which supports numerous protocols to attack.
- [ophcrack](https://gitlab.com/objectifsecurite/ophcrack) **C++** | `Linux/Windows/macOS` | Windows password cracker based on rainbow tables.
- [Ncrack](https://github.com/nmap/ncrack) **C** | `Linux/Windows/macOS` | High-speed network authentication cracking tool.
###### :memo: Wordlists
- [Probable Worlist](https://github.com/berzerk0/Probable-Wordlists) | Wordlists sorted by probability originally created for password generation and testing.
2018-04-02 12:22:02 +00:00
2018-04-02 12:29:48 +00:00
#### :globe_with_meridians: Wireless Testing
2018-04-02 12:22:02 +00:00
Used for intrusion detection and wifi attacks.
2018-04-02 16:44:30 +00:00
- [Aircrack](https://github.com/aircrack-ng/aircrack-ng) **C** | `Linux/Windows/macOS` | WiFi security auditing tools suite.
- [bettercap](https://github.com/bettercap/bettercap) **Go** | `Linux/Windows/macOS/Android` | bettercap is the Swiss army knife for network attacks and monitoring.
2018-04-02 12:22:02 +00:00
2018-04-02 12:29:48 +00:00
#### :wrench: Exploitation Tools
2018-04-02 12:22:02 +00:00
Acesss systems and data with service-oriented exploits.
2018-04-02 16:44:30 +00:00
- [SQLmap](https://github.com/sqlmapproject/sqlmap) **Python** | `Linux/Windows/macOS` | Automatic SQL injection and database takeover tool.
- [XSStrike](https://github.com/UltimateHackers/XSStrike) **Python** | `Linux/Windows/macOS` | Advanced XSS detection and exploitation suite.
2018-04-02 12:22:02 +00:00
2018-04-02 12:29:48 +00:00
#### :busts_in_silhouette: Sniffing & Spoofing
2018-04-02 12:22:02 +00:00
Listen to network traffic or fake a network entity.
2018-04-02 16:44:30 +00:00
- [Wireshark](https://www.wireshark.org) **C/C++** | `Linux/Windows/macOS` | Wireshark is a network protocol analyzer.
2018-04-02 12:22:02 +00:00
2018-04-02 12:29:48 +00:00
#### :rocket: Web Hacking
2018-04-02 12:22:02 +00:00
Exploit popular CMSs that are hosted online.
2018-04-02 16:44:30 +00:00
- [WPScan](https://github.com/wpscanteam/wpscan) **Ruby** | `Linux/Windows/macOS` | WPScan is a black box WordPress vulnerability scanner.
- [Droopescan](https://github.com/droope/droopescan) **Python** | `Linux/Windows/macOS` | A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe.
- [Joomscan](https://github.com/rezasp/joomscan) **Perl** | `Linux/Windows/macOS` | Joomla Vulnerability Scanner.
2018-04-02 12:22:02 +00:00
2018-04-02 12:29:48 +00:00
#### :zap: Private Web Hacking
2018-04-02 12:22:02 +00:00
Access files and databases.
...
2018-04-02 12:29:48 +00:00
#### :tada: Post Exploitation
2018-04-02 12:22:02 +00:00
Exploits for after you have already gained access.
...
2018-04-02 13:05:39 +00:00
#### :package: Frameworks
2018-04-02 12:22:02 +00:00
2018-04-02 12:31:00 +00:00
Frameworks are packs of pen testing tools with custom shell navigation and documentation.
2018-04-02 12:22:02 +00:00
2018-04-02 16:44:30 +00:00
- [Metasploit](https://github.com/rapid7/metasploit-framework) **Ruby** | `Linux/Windows/macOS` | A penetration testing framework for ethical hackers.
- [fsociety](https://github.com/Manisso/fsociety) **Python** | `Linux/Windows/macOS` | fsociety Hacking Tools Pack A Penetration Testing Framework.
2018-04-02 14:13:56 +00:00
- [cSploit](https://github.com/cSploit/android) **Java** | `Android` | The most complete and advanced IT security professional toolkit on Android.
2018-04-02 16:44:30 +00:00
- [radare2](https://github.com/radare/radare2) **C** | `Linux/Windows/macOS/Android` | Unix-like reverse engineering framework and commandline tools.
- [Social Engineer Toolkit](https://github.com/trustedsec/social-engineer-toolkit) **Python** | `Linux/macOS` | Penetration testing framework designed for social engineering.
- [hate_crack](https://github.com/trustedsec/hate_crack) **Python** | `Linux/macOS` | A tool for automating cracking methodologies through Hashcat.
- [Wifiphisher](https://github.com/wifiphisher/wifiphisher) **Python** | `Linux` | The Rogue Access Point Framework.
- [Kickthemout](https://github.com/k4m4/kickthemout) **Python** | `Linux/macOS` | Kick devices off your network by performing an ARP Spoof attack.