8.4 KiB
Hacker Roadmap
This repository is a guide for amateurs pen testers and a summary of hacking tools to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed. Note that Linux is the best operating system to practice ethical hacking.
What is prenetration testing ?
Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.
If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc. Learn more
Want to become a penetration tester ?
Know about risks on the internet and how they can be prevented is very useful. Especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But does know about tools and how to use them is really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. He must be able to identify the technology behind and test every single door that might be open to hackers.
This repository aim first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need. Be sure to know basics of programming languages and Internet security before learning pen testing.
Some vocabulary
Black/grey/white hat hacker : Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if he's a black, grey or white hat hacker.
Penetration tester : Most likely a white hacker who test applications and systems to secure them or find vulnerabilities.
Security researcher : Someone who practice pen testing and browse the web everyday to find phishing/fake websites, infected servers, bugs or vulnerabilities. He can work for a company so he's responsible for the security of systems.
Languages
- Python
- Ruby
- C / C++ / C#
- Perl
- Go
- Java
Content Management Systems
- Wordpress
- Joomla
- Drupal
- SPIP
Categories and attacks
Information Gathering
Password Attacks : Brute Force ...
Wireless Testing
Exploitation Tools : XSS, SQL injection, CSRF ...
Sniffing & Spoofing : MITM ...
Web Hacking
Private Web Hacking
Post Exploitation
Frameworks
Basic steps of pen testing
Tools by category
🕵️♂️ Information Gathering
Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.
- Th3inspector Perl |
Linux/Windows/macOS
| All in one tool for Information Gathering written in Perl. - Crips Python |
Linux/Android
| IP Tools To quickly get information about IP Address's, Web Pages and DNS records. - theHarvester Python |
Linux/macOS
| E-mails, subdomains and names Harvester. - Scanless Python |
Linux/macOS
| Online port scan scraper.
🔒 Password Attacks
Crack passwords and create wordlists.
-
John the Ripper C |
Linux/Windows/macOS
| John the Ripper is a fast password cracker. -
hashcat C |
Linux/Windows/macOS
| World's fastest and most advanced password recovery utility. -
Hydra C |
Linux/Windows/macOS
| Parallelized login cracker which supports numerous protocols to attack. -
ophcrack C++ |
Linux/Windows/macOS
| Windows password cracker based on rainbow tables. -
Ncrack C |
Linux/Windows/macOS
| High-speed network authentication cracking tool.
📝 Wordlists
- Probable Worlist | Wordlists sorted by probability originally created for password generation and testing.
🌐 Wireless Testing
Used for intrusion detection and wifi attacks.
- Aircrack C |
Linux/Windows/macOS
| WiFi security auditing tools suite. - bettercap Go |
Linux/Windows/macOS/Android
| bettercap is the Swiss army knife for network attacks and monitoring. - WiFi Pumpkin Python |
Linux/Windows/macOS/Android
| Framework for Rogue Wi-Fi Access Point Attack.
🔧 Exploitation Tools
Acesss systems and data with service-oriented exploits.
- SQLmap Python |
Linux/Windows/macOS
| Automatic SQL injection and database takeover tool. - XSStrike Python |
Linux/Windows/macOS
| Advanced XSS detection and exploitation suite.
👥 Sniffing & Spoofing
Listen to network traffic or fake a network entity.
- Wireshark C/C++ |
Linux/Windows/macOS
| Wireshark is a network protocol analyzer. - WiFi Pumpkin Python |
Linux/Windows/macOS/Android
| Framework for Rogue Wi-Fi Access Point Attack.
🚀 Web Hacking
Exploit popular CMSs that are hosted online.
- WPScan Ruby |
Linux/Windows/macOS
| WPScan is a black box WordPress vulnerability scanner. - Droopescan Python |
Linux/Windows/macOS
| A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe. - Joomscan Perl |
Linux/Windows/macOS
| Joomla Vulnerability Scanner. - Drupwn Python |
Linux/Windows/macOS
| Drupal Security Scanner to perform enumerations on Drupal-based web applications.
⚡ Private Web Hacking
Access files and databases.
...
🎉 Post Exploitation
Exploits for after you have already gained access.
...
📦 Frameworks
Frameworks are packs of pen testing tools with custom shell navigation and documentation.
- Metasploit Ruby |
Linux/Windows/macOS
| A penetration testing framework for ethical hackers. - fsociety Python |
Linux/Windows/macOS
| fsociety Hacking Tools Pack – A Penetration Testing Framework. - cSploit Java |
Android
| The most complete and advanced IT security professional toolkit on Android. - radare2 C |
Linux/Windows/macOS/Android
| Unix-like reverse engineering framework and commandline tools. - Social Engineer Toolkit Python |
Linux/macOS
| Penetration testing framework designed for social engineering. - hate_crack Python |
Linux/macOS
| A tool for automating cracking methodologies through Hashcat. - Wifiphisher Python |
Linux
| The Rogue Access Point Framework. - Kickthemout Python |
Linux/macOS
| Kick devices off your network by performing an ARP Spoof attack.