Commit b339ba30 authored by Piolle Guillaume's avatar Piolle Guillaume

Pentest & audit

parent f1f33c20
......@@ -32,4 +32,54 @@ Liste non objective et incomplète de liens utiles pour la sécurité informatiq
*[https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)]
*[http://crackstation.net/hashing-security.htm Secure Salted Password Hashing - How to do it Properly]
*[https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet XSS Filter Evasion Cheat Sheet - OWASP]
*[http://websec.ca/kb/sql_injection The SQL Injection Knowledge Base]
\ No newline at end of file
*[http://websec.ca/kb/sql_injection The SQL Injection Knowledge Base]
=Pentest & audit=
==Cours, tutoriels==
*[https://www.offensive-security.com/ Offensive Security]
*[https://www.pentesterlab.com/ PentesterLab]
*[http://pentest.cryptocity.net/ CTF Field Guide]
*[http://www.kalitutorials.net/ Kali Linux Hacking Tutorials]
*[http://aetherlab.teachable.com/p/burp-suite Learn Burp Suite]
==Outils==
*[http://www.metasploit.com/ Metasploit]
*[https://github.com/pentestmonkey/unix-privesc-check unix-privesc-check]
*[https://github.com/PenturaLabs/Linux_Exploit_Suggester Linux Exploit Suggester]
*[http://code.google.com/p/truecrack/ TrueCrack]
*[https://github.com/zardus/ctf-tools zardus/ctf-tools]
*[http://openwall.info/wiki/john/johnny Johnny - GUI for John the Ripper]
*[https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/ Pwning with Responder]
===Réseau===
*[http://insecure.org/ Nmap]
*[http://www.iodigitalsec.com/fully-automatic-wireless-hacking-station/ Fully automatic wireless hacking station]
*[https://drive.google.com/drive/folders/0BxK09co0m6-_Q05RWmRCTHNYMjQ PDF exploit generator]
===Web===
*[https://portswigger.net/burp/ Burp Suite]
*[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy Project]
*[http://www.cirt.net/Nikto2 Nikto2]
*[http://www.morningstarsecurity.com/research/whatweb WhatWeb]
*[http://wpscan.org/ WPScan]
*[https://code.google.com/p/cms-explorer/ CMS Exporer]
*[http://sourceforge.net/projects/joomscan/ OWASP Joomla! Security Scanner]
*[http://sqlmap.org/ SQLmap]
*[http://tools.kali.org/maintaining-access/weevely Weevely]
*[http://www.scrt.ch/attaque/telechargements/xssploit XSSploit]
==Challenges, CTF, systèmes vulnérables, exercices==
*[https://captf.com/practice-ctf/ Practice CTF list]
*[http://www.r00tsec.com/2011/02/pentest-lab-vulnerable-servers.html Pentest lab vulnerable servers-applications list]
*[http://exploit-exercises.com/ Nebula]
*[http://www.dvwa.co.uk/ DVWA - Damn Vulnerable Web Application]
*[https://google-gruyere.appspot.com/ Google Gruyere]
*[https://www.enigmagroup.org/ The Enigma Group]
*[https://www.vulnhub.com/entry/primer-101,136/ PRIMER]
*[https://pwnable.tw/ pwnable.tw]
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment