Find a file
2018-04-02 17:02:38 +02:00
docs Docu meta data 2018-04-02 16:09:34 +02:00
LICENSE Create LICENSE 2018-04-02 16:58:09 +02:00
PULL_REQUEST_TEMPLATE.md Create PULL_REQUEST_TEMPLATE.md 2018-04-02 17:02:38 +02:00
README.md Guide introduction 2018-04-02 16:48:48 +02:00

Hacker Roadmap

This repository is a guide for amateurs pen testers and a summary of hacking tools to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed.

Wants you become a penetration tester ?

Know about risks on the internet and how they can be prevented is very useful. Especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But does know about tools and how to use them is really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. He must be able to identify the technology behind and test every single door that might be open to hackers.

This repository aim to first explain how to proceed as a penetration tester to secure an application. And secondly, to regroup all kind of tools pen testers need to test applications.

Languages

  • Python
  • Ruby
  • C / C#
  • Perl

Content Management Systems

  • Wordpress
  • Joomla
  • Drupal
  • SPIP

Tools by category

🕵️‍♂️ Information Gathering

Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.

  • Th3inspector Perl | Linux/Windows/MacOS | All in one tool for Information Gathering written in Perl.
  • Crips Python | Linux/Android | IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

🔒 Password Attacks

Crack passwords and create wordlists.

...

🌐 Wireless Testing

Used for intrusion detection and wifi attacks.

  • Aircrack C | Linux/Windows/MacOS | WiFi security auditing tools suite.

🔧 Exploitation Tools

Acesss systems and data with service-oriented exploits.

  • SQLmap Python | Linux/Windows/MacOS | Automatic SQL injection and database takeover tool.
  • XSStrike Python | Linux/Windows/MacOS | Advanced XSS detection and exploitation suite.

👥 Sniffing & Spoofing

Listen to network traffic or fake a network entity.

...

🚀 Web Hacking

Exploit popular CMSs that are hosted online.

  • WPScan Ruby | Linux/Windows/MacOS | WPScan is a black box WordPress vulnerability scanner.
  • Droopescan Python | Linux/Windows/MacOS | A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe.
  • Joomscan Perl | Linux/Windows/MacOS | Joomla Vulnerability Scanner.

Private Web Hacking

Access files and databases.

...

🎉 Post Exploitation

Exploits for after you have already gained access.

...

📦 Frameworks

Frameworks are packs of pen testing tools with custom shell navigation and documentation.

  • Metasploit Ruby | Linux/Windows/MacOS | A penetration testing framework for ethical hackers.
  • fsociety Python | Linux/Windows/MacOS | fsociety Hacking Tools Pack A Penetration Testing Framework.
  • cSploit Java | Android | The most complete and advanced IT security professional toolkit on Android.