Awesome
Useful Websites For Pentesters and Red Teamers
This repository is to make life of the pentester and red teamers easy. It is a collection of the websites that can be used for day to day studies and to remain updated. New updates always welcome :) any updates reach out on my discord : ctfcracker#4039
- Security News websites
- Information Gathering Websites
- Network Pentesting Websites
- Webapplication Pentesting Websites
- Mobile Application Pentesting Websites
- Internet of Things Pentesting Websites
- Exploit Development Tutorial Websites
- Threat Intelligence Websites
- Social Engineering Tutorials Websites
- Thick Client Pentesting Websites
- Windows Privilege Escalation Websites
- Linux Privilege Escalation Websites
- Telecom Pentesting Websites
- Active Directory Pentesting Websites
- Red Teaming Tips and Tricks Websites
- API Penetration Testing Websites
- ICS/OT Penetration Testing Websites
- Wireless Penetration Testing Websites
- Cloud Penetration Testing Websites
- Hardware Pentesting Websites
- Car Hacking Websites
- VOIP Penetration Testing Websites
- Hacker Gadgets : Evolution
- Tutorial Websites
- Latest Exploit Codes Websites
- Useful Blogs
- Tools Websites
- Machine Learning in Cyber Security
Security News websites
- Wired Threat Level :- Keeps you updated with security news and latest technology.
- krebsonsecurity :- In Depth investigation of the cyber attacks and various articles related to info security.
- Dark Reading:- Dark Reading encompasses communities like Attacks & Breaches, Application Security, Cloud Security, Data Leaks & Insider Threats, Endpoint Security & Privacy etc.
- Threat Post:- Providing real, solid news coverage and details explianation of the attacks.
- Reddit :- It contains all hot, new, rising, controversial topics related to hacking world.
- Naked Security :- One of the award winning security news websites with good solid look at the latest news.
- TheRegister :- Huge collection of security news and not only security news they cover everything.
- DarkNet:- On this blog they share and comment on interesting infosec related news, tools and more.
- Helpnetsecurity:- Net Security is an independent site, focusing on information security since 1998.
- SecurityAffairs :- This website contains all the news from the world of cyber crime, hacking, security, social networks, cyber warfare etc.
- TechRepublic :- Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers
- SecurityWeekly:- Security Weekly newsletter will provide you with information and updates on Security Weekly webcasts, podcasts, training and more!
- GoogleSecurity:- The latest news and insights from Google on security and safety on the Internet
- SCMagazine:- SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.
- TrustedSec :- An organization run by David Kennedy is a good source for news and events.
- HotForSecurity :- Winner of the best european security blog, it covers various security topics and news to learn from.
- Cyren :- Contains various articles on malware analysis, anti-phishing, email-security, anti-spam, security research and analysis etc.
- Offense-in-depth :- Website can be used to learn some tricks while pentesting
- Beyond Security :- Covers the latest vulnerability and its details
- elearnsecurity:- This blog covers updated news and attacks in the field of information security also includes video demonstrations of attacks.
- Infosecurity_Magazine:- This magazine is totally dedicated to infosec and covers daya to day upgrades, hack attacks and news related to IT security world.
- Security_Ledger :- The independent blog focuses on cybersecurity, bringing insight to subjects such as the internet of things, malware, government policy, and consumer security.
- Infosec Island :- InfoSec Island aims to provide a place for IT and network professionals to go to find help and information quickly and easily, by combining an online community, infosec portal, and a social network
- DataLossDB :- DataLossDB provides links to incidents by month, latest and largest incidents, and posts from the Blotter to provide as many details about information security as possible.
- Homeland Security :- Covers the latest news related to cyber security.
- The Hacker News :- Hackernews contains the latest news and updates from security industry
- Security News Portal :- Worth perusing if you are into Cyber Security, covvers only cyber security related topics, chat rooms , etc. also includes subdomain like InfoSysSec.com ,SecurityChatX.co,SecurityForumX.com SecurityNewsPortal.com,HomelandSecurityX.com,InfoSecMagazine.com.
- HackInsight :- Nice webiste to keep you updated on security news and latest attack vectors.
- PacketStorm :- It is home to system administrators who need to keep their network up to date, security researchers who discover and report new findings, governments and corporations that need to understand current events, security vendors that want to develop new signatures for their software, and many others.
Information Gathering Websites
The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful pen test and one that has failed to provide maximum benefit to the client.
- Shodan :- Very useful site for all the pentesters and hackers , as they say it is a search engine for IOT, webcams,power plants, refrigrators for connected devices, however an hacker can also use this search engine to check for open services and applications on their trageted organization.
- ZoomEye :- Works similar as shodan but is underdevelopment but helpfull for pentesters and hackers
- Censys :- Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
- Robtex:- Website which provides graphical informations from DNS and WhoIs
- [Whois](List of whois site) :- ICANN,IANA,NRO,AFRINIC ,APNIC,ARIN,LACNIC,RIPE, all these websites or organizations is best useful for whois lookup for any IP adresses as all the IP adresses are registered here.
- Netcraft :- Netcraft measures and makes available the response times of leading hosting providers' sites.
- Twoogel :- Its a combined search engine for twitter and google, useful in information gathering of some person.
- WhosTalkin :- Quite fast and very useful for whois lookup.
- FOCA :- FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA.
- Recon-ng :- Recon-ng is a full-featured Web Reconnaissance framework.Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
- Kloth :- This site is mostly about radio communications (aeronautical and maritime) and internet (DNS nslookup, whois, bad bots) and anti-spam.
Network Pentesting Websites
Webapplication Pentesting Websites
Mobile Application Pentesting Websites
Internet of Things Pentesting Websites
- IOT Village :- The village consists of workshops on hacking numerous off-the-shelf devices (e.g. medical devices, home appliances, routers, and storage devices), live educational talks and a variety of contests.
- iotlist :- Contains the list of all the IOT products which you can buy , see video . Interesting website
- Particle :- Particle’s full-stack Internet of Things (IoT) device platform gives you everything you need to securely and reliably connect your IoT devices to the web.
Exploit Development Tutorial Websites
- CoreLan :- Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.
- FuzzySecurity :- They contain multi-part exploit development series which are helpful for someone who want to learn exploit development.
- Opensecuritytraining-part1
- Opensecuritytraining-part2
- SecurityTube - exploit research megaprimer
- SecurityTube - buffer overflow megaprimer
- SecurityTuber - Format string vulnerabilities megaprimer
- SecuritySifty - part 1-7 :- They contain seven parts of exploit development series which are helpful for someone who want to learn exploit development.
- Massimiliano Tomassoli’s blog
- Samsclass
- sploitfun :- Linux (x86) Exploit Development Series
- thegreycorner:- Stack Based Buffer Overflow Tutorials
Threat Intelligence Websites
Social Enggineering Tutorials Websites
- trustedsec :- Creator of social engg toolkit and various attack vecctors
Thick Client Pentesting Websites
Windows Privilege Escalation Websites
Linux Privilege Escalation Websites
Telecom Pentetration Testing Websites
- p1sec : Provide some good study material and training on Telecom Pentesting
- ss7map : Provide the Mobile Telecom Operators security level from the perspective of anyone on the international SS7 network.
- Media CCC : This site offers a wide variety of video and audio material distributed by the Chaos Computer Club provided in native formats (usually MPEG and/or Vorbis families) for online viewing.
- ss7MAPer : A SS7 pen testing toolkit
- ()
Active Directory Pentesting Websites
Red Teaming Tips and Tricks Websites
API Penetration Testing Websites
ICS/OT Penetration Testing Websites
Wireless Penetration Testing Websites
Cloud Penetration Testing Websites
Hardware Penetration Testing Websites
Car Hacking Websites
VOIP Penetration Testing Websites
Hacker Gadgets : Evolution
Latest Exploit Codes Wesbites
- ExploitDB :- Bible for all the exploits for hackers, security proffessionals , developers. You can get the latest exploit code from this website and also can upload your own. Amazing site for all.
- GoogleHackingDatabase :- Another bible for those who want to have fun with google and learn google hacking scripts. Importance of google hacking is only understood by true hacker or security proffessional
- CXSecurity :- Vulnerability Database
Tutorial Websites
- Cybrary:- Very useful website for all the pentester and begineer in this field, as they provide free courses based on the skill set, also if you want to share you knowledge you can that as well.
- Samsclass:- Few challenges for testing/sharpening your Linux Kali kills.
- Pentest Standard:- If someone wants to learn pentesting step by step, it is very useful site for those people cover everything related to a penetration test.
- SecurityTube :- Its a youtube for security proffessionals, contains large amount of tutorial from begineer to advance level. Watch, Learn and Contribute
- FuzzySecurity :- You can expect to find here are: tutorials, interesting links/videos and some scripting related to hacking.
- PentesterAcademy :- It is part of security tube organization where they provide paid access to there resources, videos tutorials and also certifications related to programming and pentesting.
Useful Blogs
- HackSecure007 :- Its my blog where i update my new tricks and my ways of pentesting.
- SecuritySift :- Mike Czumak constantly researching various security topics and use this blog as a means to share some of that research and give back to a security community.
- FoxGloveSecurity :- A blog run by the team of foxglovesecurity is an interesting blog to follow as they covers practical pentesting topics and interesting to read from.
Tools Websites
- SecList :- IS a Community WITH SCOPE Privileges Escallation, Harvesting, Enummeration, Interception, Reconnaissance, Cryptography, Encryption, MiTM-Man-In-The-Middle-Attack, Reverse Engineering, Backdoors, Payload, Phishing, Brute Force, Fuzzer, Forensics, DFIR, Malware, Anti-Malware, Penetration-Testing, Firewall, Ethical Hacker, Injector, Denial Of Service, Obfuscator, Automation, Sniffer, Keylogger, Scada Tester, Voip/Sip, Linux-Distro, Vulnerability-Scanner, Mobile-Security, Exploits, Trojan, Security-Researchers, HMI-SCADA AND OTHER RANDOM GARBAGE.
Machine Learning in Cyber Security
- SecurityOnline : Good resource to start and learn machine learning in Cyber Security