| title | image |
|---|---|
assets/logo.png |
{% include logo.svg %}
"alles ist hackbar" :)
"nmap"
https://github.com/RustScan/RustScan
https://gchq.github.io/CyberChef
OWASP Web Security Testing Guide (WSTG) - https://owasp.org/www-project-web-security-testing-guide
OWASP Mobile Application Security Testing Guide (MASTG) - https://mas.owasp.org/MASTG
OWASP Mobile Top 10 - https://owasp.org/www-project-mobile-top-10
OWASP API Security Top 10 - https://owasp.org/www-project-api-security
OWASP Zed Attack Proxy (ZAP) Project - https://www.zaproxy.org
From A like "Attack Surface Analysis Cheat Sheet" to X like "XSS Filter Evasion Cheat Sheet" https://cheatsheetseries.owasp.org
https://portswigger.net/burp/communitydownload
https://github.com/danielmiessler/SecLists
https://wordlists.assetnote.io
https://d00mfist.gitbooks.io/ctf/content/webshell.html https://github.com/w181496/Web-CTF-Cheatsheet https://www.revshells.com https://www.metasploit.com https://porchetta.industries
https://github.com/byt3bl33d3r/CrackMapExec https://www.crackmapexec.wiki https://github.com/Pennyw0rth/NetExec
https://www.kali.org/tools/peass-ng https://github.com/carlospolop/PEASS-ng https://github.com/lefayjey/linWinPwn
https://hideandsec.sh https://www.ired.team
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet https://orange-cyberdefense.github.io/ocd-mindmaps/
NSA's software reverse engineering (SRE) suite - https://ghidra-sre.org Python CTF framework and exploit development library - https://github.com/Gallopsled/pwntools gdb for pwn - https://github.com/scwuaptx/Pwngdb pwndocker = pwntools + pwngdb + more - https://github.com/skysider/pwndocker strings(1) - print the strings of printable characters in files - https://explainshell.com/explain/1/strings
Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
https://github.com/ReFirmLabs/binwalk
unblob is an accurate, fast, and easy-to-use extraction suite https://unblob.org
An advanced memory forensics framework https://github.com/volatilityfoundation/volatility
Wireshark - network protocol analyzer https://www.wireshark.org
Zeek (formerly Bro) Network Monitoring Tool https://zeek.org
https://github.com/eciavatta/caronte
SecGPT Prompt by @Jhaddix https://loud-ocelot-063.notion.site/SecGPT-test-only-2396727bc1484cec873c0d8aecb08b3b https://chatgptsplitter.com https://twitter.com/Jhaddix/status/1641883028661190657
https://github.com/ZacharyZcR/SecGPT https://github.com/GreyDGL/PentestGPT
A list of useful payloads and bypass for Web Application Security and Pentest/CTF https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/topics/ctf https://github.com/topics/ctf-tools
Google:
- "context" +site:ctftime.org
- "context" +"CTF" +"Writeup"
https://sigterm.ch -> #ProTipp from mcia: Read the descriptions c.a.r.e.f.u.l.l.y.