GitHub - sundowndev/hacker-roadmap: A guide for amateurs pen testers and a colle...
source link: https://github.com/sundowndev/hacker-roadmap
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
This repository is an overview of what you need to learn penetration testing and a collection of hacking tools, resources and references to practice ethical hacking. Most of the tools are UNIX compatible, free and open source.
Before you start
- If you're new to information security, forget everything you know about hacking.
- Don't start using tools without reading about pen testing and how it works (see Additional resources section).
- Don't download or use tools you haven't audited the code.
- Don't use these tools to do stupid things like investigating/hacking without consent on your friends, or worst, your recruiter.
- Read books, manuals, articles, be curious and not just a scritpt kiddie.
- I wish you don't use these tools for illegal purposes, but if you do, I sure hope you know what you're doing.
- Practice using challenges, not real targets !
Table of Contents
- Introduction
- Some vocabulary
- Difference between hacking and ethical hacking
- Languages
- Content Management Systems
- Basic steps of pen testing
- Tools by category
- Additional resources
- License
(TOC made with nGitHubTOC)
Introduction
What is penetration testing?
Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.
If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc. Learn more
Want to become a penetration tester?
Know about risks on the internet and how they can be prevented is very useful. Especially as a developer. Web hacking and penetration testing is the v2.0 of self-defense! But does know about tools and how to use them is really all you need to become a pen tester? Surely not. A real penetration tester must be able to proceed rigorously and detect the weaknesses of an application. He must be able to identify the technology behind and test every single door that might be open to hackers.
This repository aim first to establish a reflection method on penetration testing and explain how to proceed to secure an application. And secondly, to regroup all kind of tools or resources pen testers need. Be sure to know basics of programming languages and Internet security before learning pen testing.
Also, this is important to inform yourself about the law and what you are allowed to do or not. According to your country, the computer laws are not the same. First, check laws about privacy and surveillance : Nine eyes countries, Five eyes and Fourteen Eyes. Always check if what you're doing is legal. Even when it's not offensive, information gathering can also be illegal!
Some vocabulary
Infosec : Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. Wikipedia
Opsec : Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. Wikipedia
Black/grey/white hat hacker : Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if he's a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is usually a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, he might want to be malicious if it can be benefit (data breach, money, whistleblowing ...).
Red team : According to Wikipedia, a red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Little formal doctrine or publications about Red Teaming in the military exist. In infosec exercises, Red teamers are playing the role of attackers. Wikipedia
Blue team : A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders. Wikipedia
Penetration tester : An ethical hacker who practice security, test applications and systems to prevent intrusions or find vulnerabilities.
Security researcher : Someone who practice pen testing and browse the web to find phishing/fake websites, infected servers, bugs or vulnerabilities. He can work for a company as a security consultant, he is most likely a Blue teamer.
Reverse engineering : Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon. Wikipedia
Social engineering : In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. Wikipedia
Threat analyst : A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems. Threat hunters aim to uncover incidents that an enterprise would otherwise not find out about, providing chief information security officers (CISOs) and chief information officers (CIOs) with an additional line of defense against advanced persistent threats (APTs). SearchCIO
Difference between hacking and ethical hacking
A black hat is practicing penetration testing, but unlike a white hat, this is not ethical hacking. Ethical hacking is about find vulnerabilities and improve the security of a system. An ethical hacker is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems, just like a malicious hacker (a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in. An ethical hacker is basically a white hat hacker.
Languages
- Python
- Ruby
- C / C++ / C#
- Perl
- PHP
- Go
- Java
- Bash
Content Management Systems
- Wordpress
- Joomla
- Drupal
- SPIP
These are the most used Content Management Systems (CMS). See a complete list here.
Basic steps of pen testing
Tools by category
🕵 Information Gathering
Information Gathering tools allows you to collect host metadata about services and users. Check informations about a domain, IP address, phone number or an email address.
Tool Language Support Description Th3inspector PerlLinux/Windows/macOS
All in one tool for Information Gathering written in Perl.
Crips
Python
Linux/Windows/macOS
IP Tools To quickly get information about IP Address's, Web Pages and DNS records.
theHarvester
Python
Linux/Windows/macOS
E-mails, subdomains and names Harvester.
Scanless
Python
Linux/Windows/macOS
Online port scan scraper.
CTFR
Python
Linux/Windows/macOS
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Sn1per
bash
Linux/macOS
Automated Pentest Recon Scanner.
ReconDog
Python
Linux/Windows/macOS
Recon Dog is an all in one tool for all your basic information gathering needs.
RED Hawk
PHP
Linux/Windows/macOS
All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers.
Infoga
Python
Linux/Windows/macOS
Email Information Gathering.
KnockMail
Python
Linux/Windows/macOS
Check if email address exists.
Photon
Python
Linux/Windows/macOS
Crawler which is incredibly fast and extracts urls, emails, files, website accounts and much more.
Rapidscan
Python
Linux/Windows/macOS
The Multi-Tool Web Vulnerability Scanner.
a2sv
Python
Linux/Windows/macOS
Auto Scanning to SSL Vulnerability.
Wfuzz
Python
Linux/Windows/macOS
Web application fuzzer.
Nmap
C/C++
Linux/Windows/macOS
Scanner ports vulnerability.
Dracnmap
Shell
Linux/Windows/macOS
open source program which is using to exploit the network and gathering information with nmap
🔒 Password Attacks
Crack passwords and create wordlists.
Tool Language Support Description John the Ripper CLinux/Windows/macOS
John the Ripper is a fast password cracker.
hashcat
C
Linux/Windows/macOS
World's fastest and most advanced password recovery utility.
Hydra
C
Linux/Windows/macOS
Parallelized login cracker which supports numerous protocols to attack.
ophcrack
C++
Linux/Windows/macOS
Windows password cracker based on rainbow tables.
Ncrack
C
Linux/Windows/macOS
High-speed network authentication cracking tool.
WGen
Python
Linux/Windows/macOS
Create awesome wordlists with Python.
SSH Auditor
Go
Linux/macOS
The best way to scan for weak ssh passwords on your network.
📝 Wordlists
Tool
Description
Probable Worlist
Wordlists sorted by probability originally created for password generation and testing.
🌐 Wireless Testing
Used for intrusion detection and wifi attacks.
Tool Language Support Description Aircrack CLinux/Windows/macOS
WiFi security auditing tools suite.
bettercap
Go
Linux/Windows/macOS/Android
bettercap is the Swiss army knife for network attacks and monitoring.
WiFi Pumpkin
Python
Linux/Windows/macOS/Android
Framework for Rogue Wi-Fi Access Point Attack.
Airgeddon
Shell
Linux/Windows/macOS
This is a multi-use bash script for Linux systems to audit wireless networks.
Airbash
C
Linux/Windows/macOS
A POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing.
🔧 Exploitation Tools
Acesss systems and data with service-oriented exploits.
Tool Language Support Description SQLmap PythonLinux/Windows/macOS
Automatic SQL injection and database takeover tool.
XSStrike
Python
Linux/Windows/macOS
Advanced XSS detection and exploitation suite.
Commix
Python
Linux/Windows/macOS
Automated All-in-One OS command injection and exploitation tool.
👥 Sniffing & Spoofing
Listen to network traffic or fake a network entity.
Tool Language Support Description Wireshark C/C++Linux/Windows/macOS
Wireshark is a network protocol analyzer.
WiFi Pumpkin
Python
Linux/Windows/macOS/Android
Framework for Rogue Wi-Fi Access Point Attack.
Zarp
Python
Linux/Windows/macOS
A free network attack framework.
🚀 Web Hacking
Exploit popular CMSs that are hosted online.
Tool Language Support Description WPScan RubyLinux/Windows/macOS
WPScan is a black box WordPress vulnerability scanner.
Droopescan
Python
Linux/Windows/macOS
A plugin-based scanner to identify issues with several CMSs, mainly Drupal & Silverstripe.
Joomscan
Perl
Linux/Windows/macOS
Joomla Vulnerability Scanner.
Drupwn
Python
Linux/Windows/macOS
Drupal Security Scanner to perform enumerations on Drupal-based web applications.
Webpwn3r
Python
Linux/Windows/macOS
Web Applications Security Scanner.
CMSeek
Python
Linux/Windows/macOS
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs.
🎉 Post Exploitation
Exploits for after you have already gained access.
Tool Language Support Description TheFatRat JavaLinux/Windows/macOS
Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack, dll.
Microsploit
Shell
Linux/Windows/macOS
Fast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer Overflow.
📦 Frameworks
Frameworks are packs of pen testing tools with custom shell navigation and documentation.
Tool Language Support Description Operative Framework PythonLinux/Windows/macOS
Framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules.
Metasploit
Ruby
Linux/Windows/macOS
A penetration testing framework for ethical hackers.
fsociety
Python
Linux/Windows/macOS
fsociety Hacking Tools Pack – A Penetration Testing Framework.
cSploit
Java
Android
The most complete and advanced IT security professional toolkit on Android.
radare2
C
Linux/Windows/macOS/Android
Unix-like reverse engineering framework and commandline tools.
Social Engineer Toolkit
Python
Linux/macOS
Penetration testing framework designed for social engineering.
hate_crack
Python
Linux/macOS
A tool for automating cracking methodologies through Hashcat.
Wifiphisher
Python
Linux
The Rogue Access Point Framework.
Kickthemout
Python
Linux/macOS
Kick devices off your network by performing an ARP Spoof attack.
Beef
Javascript
Linux/Windows/macOS
The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Mobile Security Framework (MobSF)
Python
Linux/Windows/macOS
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Additional resources
- Devbreak on Twitter
- The Life of a Security Researcher
- Find an awesome hacking spots in your country
- Awesome-Hacking Lists
- Crack Station
- Exploit Database
- Hackavision
- Hackmethod
- Packet Storm Security
- SecLists
- SecTools
- Smash the Stack
- Don't use VPN services
- How to Avoid Becoming a Script Kiddie
- 2017 Top 10 Application Security Risks
- Starting in cybersecurity ?
Books / Manuals
Warning : I haven't read them all so do not consider I am recommanding as I liked them. They just seem to provide useful resources.
- Penetration Testing: A Hands-On Introduction to Hacking (2014)
- Kali Linux Revealed - PDF (2017)
- Blue Team Field Manual (BTFM) (2017)
- Cybersecurity - Attack and Defense Strategies (2018)
- NMAP Network Scanning : Official Discovery (2009)
- Social Engineering : The Art of Human Hacking (2010)
- Incognito Toolkit: Tools, Apps, and Creative Methods for Remaining Anonymous (2013)
Discussions
- Reddit/HowToHack Learn and ask about hacking, security and pen testing.
- Reddit/hacking Discuss about hacking and web security.
- ax0nes Hacking, security, and software development forum.
- 0Day.rocks on discord Discord server about the 0day.rocks blog for technical and general InfoSec/Cyber discussions & latest news.
Security Advisories
Challenges
- Vulnhub - Has a lot of VMs to play with. some are beginner friendly, some aren't.
- Itsecgames - buggy web app
- Dvwa - Damn Vulnerable Web Application
- Hackthissite
- Hackthis
- Root-me
- HackTheBox
- Overthewire
- Ctftime
License
This repository is under MIT license.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK