1. CEH Tools :
1.1. CEH v7 Instructor Slides
CEH v7 Instructor Slides are 11 PDF Files for you to learn Complete Ethical Hacking or, refer it side by side when learning it from Cybrary. Each file has more than 100 Slides and they also include link to specific tools and softwares for you to use. Size : 170 MB
This is the Disk version of CEH v8 Toolkit. You can find all the tools here.
2. Pentesting OS :
2.1. Kali Linux
Kali Linux, The most powerfull and advanced Pentesting System. Most of you might be familar with else, just visit the link above
2.2. Parrot Security OS
Parrot Security OS is one of the known Pentesting OS available. Little has been known about this OS ( to me ) so i’d like your review on this
2.3. Cyborg Hawk Linux
Cyborg Hawk Linux runs on Ubuntu ( unlike Kali which run on Debain ) and has more features and tools and a sexy little OS. Give it a try !
2.4. Black Arch Linux
For those who liked the BlackTrack much, Black Arch Linux offers a similar GUI but with more than 1288 Tools.
2.5. Arch Assault
Arch Assault is nice and i havent tried this a long time
2.6. Back Box Linux
This OS similar to Cyborg runs on Ubuntu.
2.7. Pentoo Linux
Pentoo is a security-focused livecd based on Gentoo It’s basically a gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included: Hardened Kernel with aufs patches, Backported Wifi stack from latest stable kernel release, Module loading support ala slax, Changes saving on usb stick, XFCE4 wm and Cuda/OPENCL cracking support with development tools.
Pentoo is Gentoo with the pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo. We have a pentoo/pentoo meta ebuild and multiple pentoo profiles, which will install all the pentoo tools based on USE flags.
Pentoo is Gentoo with the pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo. We have a pentoo/pentoo meta ebuild and multiple pentoo profiles, which will install all the pentoo tools based on USE flags.
2.8. Caine Linux
Similar to BackBox, this is also an Italian based distro led NanniBassetti by @NanniBassetti
CAINE stands for (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE has a specific focus on digital forensics, so if this is your area the this distro is highly recommended.
CAINE is configured to help the security expert (digital forensics expert) to exercise the various phases of a digital investigation. A great feature of CAINE is that it includes a semi-automated compilation of a final report, i.e. an audit. Since most security professionals hate doing audit reports this is really a great feature!
CAINE is completely open source and even has a Windows version called Wintaylor.
CAINE stands for (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE has a specific focus on digital forensics, so if this is your area the this distro is highly recommended.
CAINE is configured to help the security expert (digital forensics expert) to exercise the various phases of a digital investigation. A great feature of CAINE is that it includes a semi-automated compilation of a final report, i.e. an audit. Since most security professionals hate doing audit reports this is really a great feature!
CAINE is completely open source and even has a Windows version called Wintaylor.
2.9. Matriux Linux
Matriux is a fully featured security distribution, based on Ubuntu.
It consists of powerful, free and open source computer forensics and data recovery tools which can be used for forensics analysis and investigation purposes.
Apart from forensics usages Matriux also provides a wide platform to let security professionals utilize the power of open source to perform day-to-day web application penetration testing and server hardening tasks.
Matriux is lite and designed to run from a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps in no time.
It consists of powerful, free and open source computer forensics and data recovery tools which can be used for forensics analysis and investigation purposes.
Apart from forensics usages Matriux also provides a wide platform to let security professionals utilize the power of open source to perform day-to-day web application penetration testing and server hardening tasks.
Matriux is lite and designed to run from a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps in no time.
Special Note : Its origin is from India
2.10. Weak Net Linux
Weakerth4n has a very well maintained website and a devoted community. Built from Debian Squeeze (Fluxbox within a desktop environment) this operating system is particularly suited for WiFi hacking as it contains plenty of Wireless cracking and hacking tools.
Tools includes: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing Android Hacking, Networking and creating Shells.
Tools includes: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing Android Hacking, Networking and creating Shells.
2.11. DEFT
For all the Computer Forensics Expert out there. This is the tool you need.
2.12. Node Zero
Node Zero, another great OS.
3. Cheat Sheets :
3.1. Cheat Sheet
This cheat sheet gives you all the commands you need for any part of Computer Forensic or Pentesting to Hacking.
3.2. Cheat Sheet #2
This cheat sheet by pentesting monkey , organizes very well so that you can find out what you are looking for easily. Please note that since all these cheat sheets are old, there is a small possibility that some might not work but always try
This cheat sheet, posted by me in this very own forum will help you with Metasploit.
4. Programming Help :
4.1. Tutorials Point
Tutorials Point can help you learning Programming Languages. But i highly recommend you to visit other Links before this as they just explain with single example with a single sentence. So not worth it.
4.2. W3 Schools
W3Schools.com can help you learn Programming Language easily and hey, they have their own free online IDE to try it out your self
4.3. Online IDE
This link will help you with your programming , as they provide free Online IDE to try your programs. They provide IDE Free for most if not, all of the courses.
5. Misc. Tools :
Thanks to ZeroSuiteSnake for posting about this Ethical Hacking Book.
5.2. Hackers Dictionary
This is the Hackers Dictionary ( as the name says ) and will help you understand a lot of new tersm you will come to know when hacking. Really usefull
Thanks to Cybrary.it , this will help you to set up your very own advanced pentesting lab !
5.4. Pentest Tools
Thanks to Cybrary for this list of Pentesting and Hacking tools and how to use them.
5.5. HackThisSite
HackThisSite is a place where you put your learning and knowledge into test by undertaking various missions.
5.6. WonderHowTo
Null-Byte of WonderHowTo is an amazing place to learn more about Cyber Security, Hacking, Cracking and Post Exploitation Methods and Tutorials. Im C1BR0X btw , if you are going to put my name if they ask referred by xD.
6. Pentesting Labs
This Virtualization Lab, will provide you with easy GUI and setup. Its a paid one so buy it if you have $$$.
6.2 Virtual Box
Virtual Box was designed by Oracle and is completely open source and free. The best Virtual Host to have.
7. Vulnerable Distributions
7.1 Metasploitable
Its a vulnerable VMware virtual machine based on Ubuntu that is released by the Metasploit team in order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to penetrate.
7.2 Hackxor
a web application hacking game built by albino. Players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14.
SIZE : around 600 MB
7.3 Kioptrix
Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image.
7.4 NETinVM
A Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez.
7.5 Lamp Security
A series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities.
7.6 Multilidae
A free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties.
7.7 Webgoat
An OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson.
7.8 DVWA
(Dam Vulnerable Web Application) – This vulnerable PHP/MySQL web application is one of the famous web applications used for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project
7.9 SQLol
Is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs.
7.10 Bodgeit
Is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities.
7.11 Exploit KB
Vulnerable Web App – is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab.
7.12 Wacko Picko
Is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords.