Passwords et clef ssh. De diverses sources (citées)
Rappel rapide des hashes windows et outils de dump (Win7 / Win10)
Voir mimikatz (windows)
et depuis linux (debian)
impacket-secretdump -sam fichier-SAM -system fichier-SYSTEM LOCAL(dans c:\/Windows\System32\config)
A PDF analysis tool for visualizing the inner tree-like data structure1 of a PDF in spectacularly large and colorful diagrams as well as scanning the binary streams embedded in the PDF for hidden potentially malicious content (using Yara)
Des tutos basiques d'utilisation de Metasploit, Burp, et plein d'autres choses.
(site horripilant par un popup d'achat)
Parrot Security Edition is a special purpose operating system designed for Penetration Test and Red Team operations. It contains a full arsenal of ready to use pentesting tools.
screenshot-0
Operators for google search, list of dorks, resources for advanced google search. - GitHub - redduxi/Google-Dorks-Resources: Operators for google search, list of dorks, resources for advanced googl...
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous ...
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
Exploitation de failles en local
dont la majorité de https://gtfobins.github.io/
(équivalent pour Windows tps://lolbas-project.github.io/# )
Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips - lobuhi/byp4xx
PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier, and line type on any
Tutoriel Wireshard
In this tutorial, we will try to advance your knowledge and understanding of Wireshark to the level where you can use it's many features in an actual network forensic investigation.
la partie 1 https://www.hackers-arise.com/single-post/2018/09/24/Network-Forensics-Wireshark-Basics-Part-1
via https://twitter.com/three_cube/status/1169634327786745856
et AES-Killer v3.0 - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly
https://www.kitploit.com/2018/11/aes-killer-v30-burp-plugin-to-decrypt.html
WINspect is part of a larger project for auditing different areas of Windows environments.
It focuses on enumerating different parts of a Windows machine to identify security weaknesses
and point to components that need further hardening.