Feb 25, 2011

The Open Penetration Testing Bookmarks Collection

...is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research.
Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

How it's working atm:

First off, we need help. OCD organizational people and people who can contribute or sort out the best links. Comment on the wiki if you wanna pitch in. Free beer at con's ;)
The whole bookmarks html file is ready for import to firefox off of the downloads section. As people submit new links we will add them and restructure the categories as they expand. Otherwise the wiki page should have all the links piecemeal should you not decide to download the whole folder (which is lame).

How to submit your bookmarks:

Since a bookmarks file is not really what you usually use a code repository for we opted just to use the download and wiki sections of google code.
If you have suggestions or a few links to submit, leave a comment on the wiki page.
If you think you have a large set of bookmarks you think can contribute email us and we'll add you to the contributors section.

The general categories are:

Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
OSINT Sites:
OSINT has become a hug part of the pentest methodology. From fueling social engineering, to passively profiling your target infrastructure. There are subfolders for Presentaions on how-to, sites for profiling people and organizations, ans sites for profiling technical assets. This section is doing okay atm.
Exploits and Advisories
Places to go for exploit descriptions, white-papers, and code. Needs work.
Exploitation Intro
If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.
Agile Hacking
Mostly collections of guides on non-tool command line hacking syntax. Heavily inspired by Ed Skoudis and PDP of GNUCitizen. Needs work.
Cheatsheets and fu!
Random cheatsheets for heavily used tools and reference. Need a lot of work.
*nix <3
Collection of *nix command line knowledge and distributions for pentesting. Needs work.
Open source classes relating to hacking and penetration testing. I would really like to find more of these.
Some practical and some high level methodologies for hacking related activities. Needs a lot of work.
If you want to practice your fu, these links to test sites, blogs about practice, and lab setup-how to's will help. needs work, would like to convert to direct links as well.
Semi-parsed, nor has it really been inspected for relevancy. More of just a place i dump links for new tools and tools i use often. Needs a LOT of help, parsing, additions, etc.
Web Vectors
I do a lot of web stuff. Here are some web vectors and associated useful docs and cheatsheets on each of them. Could always use more in these sections.
Misc Sec
Not categorized, misc, and randomness.
It's not even parsed yet, nor has it really been inspected for relevancy. needs lots of work.
Hacker Media
Needs additions to main pages of con video archives. It's an okay start though. Needs work.

Source: http://code.google.com/p/pentest-bookmarks/

No comments:






 Please subscribe my blog.

 Old Subscribe

Share |