[
  {
    "path": ".github/FUNDING.yml",
    "content": "github: #SofianeHamlaoui\ncustom: https://www.paypal.com/pools/c/8ieFHeQ9Li \n"
  },
  {
    "path": "CNAME",
    "content": "bookmarkz.sofianehamlaoui.fr"
  },
  {
    "path": "README.md",
    "content": "# Pentest Bookmarks List Sofiane Hamlaoui\n### Check more on Google : [https://g.co/kgs/FUZgoXi](https://g.co/kgs/FUZgoXi)\n\n## Hacker Media\n\n### Blogs\nThere are a LOT of pentesting blogs, these are the ones I monitor constantly and value in the actual day to day testing work.\n\n* [Carnal 0wnage](http://carnal0wnage.attackresearch.com/) - [atom](http://carnal0wnage.attackresearch.com/feeds/posts/default)\n* [McGrew Security](http://www.mcgrewsecurity.com/)\n* [GNUCITIZEN](http://www.gnucitizen.org)\n* [Darknet - The Darkside](http://www.darknet.org.uk/) - [rss](http://feeds.feedburner.com/darknethackers)\n* [spylogic](http://spylogic.net/) - [rss](http://feeds2.feedburner.com/spylogic)\n* [TaoSecurity](http://taosecurity.blogspot.com/) - [atom](http://taosecurity.blogspot.com/feeds/posts/default)\n* [Room362](http://www.room362.com/)\n* [SIPVicious](http://blog.sipvicious.org/) - [rss](http://feeds.feedburner.com/Sipvicious)\n* [portswigger](http://blog.portswigger.net/)\n* [pentestmonkeyblog](http://pentestmonkey.net/blog/)\n* [jeremiahgrossman](http://jeremiahgrossman.blogspot.com/)\n* [i8jesus](http://i8jesus.com/)\n* [c22](http://blog.c22.cc/)\n* [Skull Security](https://blog.skullsecurity.org/) - [rss](https://blog.skullsecurity.org/feed)\n* [metasploit](http://blog.metasploit.com/)\n* [darkoperator](http://www.darkoperator.com/)\n* [skeptikal](http://blog.skeptikal.org/)\n* [preachsecurity](http://preachsecurity.blogspot.com/)\n* [tssci-security](http://www.tssci-security.com/)\n* [gdssecurityl](http://www.gdssecurity.com/l/b/)\n* [websec](http://websec.wordpress.com/)\n* [bernardodamele](http://bernardodamele.blogspot.com/)\n* [laramies](http://laramies.blogspot.com/)\n* [andlabs](http://blog.andlabs.org/)\n* [xs-sniperblog](http://xs-sniper.com/blog/)\n* [commonexploits](http://www.commonexploits.com/)\n* [sensepostblog](http://www.sensepost.com/blog/)\n* [wepma](http://wepma.blogspot.com/)\n* [Exploit KB](http://exploit.co.il/) - [rss](http://exploit.co.il/feed/)\n* [securityreliks](http://securityreliks.wordpress.com/)\n* [Mad Irish](http://www.madirish.net/) - [rss](http://www.madirish.net/rss.php)\n* [sirdarckcat](http://sirdarckcat.blogspot.com/)\n* [reusablesec](http://reusablesec.blogspot.com/)\n* [myne-us](http://myne-us.blogspot.com/)\n* [notsosecure](http://www.notsosecure.com/)\n* [spiderlabs](http://blog.spiderlabs.com/)\n* [corelan](http://www.corelan.be/)\n* [DigiNinja](https://digi.ninja/) - [rss](https://digi.ninja/rss.xml)\n* [pauldotcom](http://www.pauldotcom.com/)\n* [attackvector](http://www.attackvector.org/)\n* [deviating](http://deviating.net/)\n* [alphaonelabs](http://www.alphaonelabs.com/)\n* [smashingpasswords](http://www.smashingpasswords.com/)\n* [wirewatcher](http://wirewatcher.wordpress.com/)\n* [gynvael](http://gynvael.coldwind.pl/)\n* [nullthreat](http://www.nullthreat.net/)\n* [question-defense](http://www.question-defense.com/)\n* [archangelamael](http://archangelamael.blogspot.com/)\n* [memset](http://memset.wordpress.com/)\n* [sickness](http://sickness.tor.hu/)\n* [punter-infosec](http://punter-infosec.com/)\n* [securityninja](http://www.securityninja.co.uk/)\n* [securityandrisk](http://securityandrisk.blogspot.com/)\n* [pentestit](http://www.pentestit.com/)\n\n### Forums:\n\nCreated for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools.\n\n* [EH-Net Forums](https://www.ethicalhacker.net/forums/index.php)\n* [Hak5 Forums](https://forums.hak5.org/)\n* [Kali Linux Forums](https://forums.kali.org/)\n* [Hack Forums](http://www.hackforums.net/)\n* [Hackthissite Forums](http://www.hackthissite.org/forums/index.php)\n* [Security Override Forums](http://securityoverride.com/forum/index.php)\n* [Government Security](http://www.governmentsecurity.org/forum/)\n\n## Wikis\n* [Pwn Wiki](http://pwnwiki.io/)\n* [Skull Security](https://wiki.skullsecurity.org/)\n* [BlindSeeker Wiki](https://www.blindseeker.com)\n* [SQL Injection Wiki](http://www.sqlinjectionwiki.com/)\n* [Forgotten Security's CTF Wiki](http://ctf.forgottensec.com/wiki/index.php)\n\n### Magazines:\n\n* [(In)Secure Magazine](http://www.net-security.org/insecuremag.php)\n* [Hackin9](http://hakin9.org/)\n\n### Video:\n\n* [SecurityTube](http://www.securitytube.net/)\n\n----\n## Methodologies:\n\n* [Penetration Testing Framework](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)\n* [The Penetration Testing Execution Standard](http://www.pentest-standard.org/index.php/Main_Page)\n* [The WASC Threat Classification](http://projects.webappsec.org/w/page/13246978/Threat-Classification)\n* [OWASP Top Ten Project](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)\n* [The Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/)\n\n----\n## OSINT\n\n### People and Organizational:\n\n* http://www.spokeo.com/\n* http://www.123people.com/\n* http://www.xing.com/\n* http://www.zoominfo.com/search\n* http://pipl.com/\n* http://www.zabasearch.com/\n* http://www.searchbug.com/default.aspx\n* http://theultimates.com/\n* http://skipease.com/\n* http://addictomatic.com/\n* http://socialmention.com/\n* http://entitycube.research.microsoft.com/\n* http://www.yasni.com/\n* http://tweepz.com/\n* http://tweepsearch.com/\n* http://www.glassdoor.com/index.htm\n* http://www.jigsaw.com/\n* http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp\n* http://www.tineye.com/\n* http://www.peekyou.com/\n* http://picfog.com/\n* http://twapperkeeper.com/index.php\n\n### Infrastructure:\n\n* http://uptime.netcraft.com/\n* http://www.serversniff.net/\n* http://www.domaintools.com/\n* http://centralops.net/co/\n* http://hackerfantastic.com/\n* http://whois.webhosting.info/\n* https://www.ssllabs.com/ssldb/analyze.html\n* http://www.clez.net/\n* http://www.my-ip-neighbors.com/\n* https://www.shodan.io/\n* http://www.exploit-db.com/google-dorks/\n* http://www.hackersforcharity.org/ghdb/\n\n----\n## Exploits and Advisories:\n\n* http://www.exploit-db.com/\n* http://www.cvedetails.com/\n* https://cxsecurity.com/\n* http://www.packetstormsecurity.org/\n* http://www.securityforest.com/wiki/index.php/Main_Page\n* http://www.securityfocus.com/bid\n* http://nvd.nist.gov/\n* http://osvdb.org/\n* http://www.nullbyte.org.il/Index.html\n* http://secdocs.lonerunners.net/\n* http://www.phenoelit-us.org/whatSAP/index.html\n* http://secunia.com/\n* http://cve.mitre.org/\n\n----\n## Cheatsheets and Syntax:\n\n* http://cirt.net/ports_dl.php?export=services\n* http://www.cheat-sheets.org/\n* http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/\n\n### Agile Hacking:\n\n* http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/\n* http://blog.commandlinekungfu.com/\n* http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/\n* http://isc.sans.edu/diary.html?storyid=2376\n* http://isc.sans.edu/diary.html?storyid=1229\n* http://ss64.com/nt/\n* http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html\n* http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html\n* http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/\n* http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst\n* http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf\n* http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507\n* http://www.pentesterscripting.com/\n* http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583\n* http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf\n\n### OS and Scripts:\n\n* http://en.wikipedia.org/wiki/IPv4_subnetting_reference\n* http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/\n* http://shelldorado.com/shelltips/beginner.html\n* http://www.linuxsurvival.com/\n* http://mywiki.wooledge.org/BashPitfalls\n* http://rubular.com/\n* http://www.iana.org/assignments/port-numbers\n* http://www.robvanderwoude.com/ntadmincommands.php\n* http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/\n\n### Tools:\n\n* http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf\n* http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf\n* http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf\n* http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf\n* http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf\n* http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html\n* http://h.ackack.net/cheat-sheets/netcat\n\n----\n## Distributions:\n\n* [Kali Linux](http://www.kali.org/)\n* [NodeZero Linux](http://www.nodezero-linux.org/)\n* [BackBox Linux](http://www.backbox.org/)\n* [Samurai Web Testing Framework](http://samurai.inguardians.com/)\n* [Knoppix STD](http://s-t-d.org/)\n* [Pentoo](http://www.pentoo.ch/)\n* [WEAKERTH4N](http://www.weaknetlabs.com/)\n* [Matriux](http://www.matriux.com/index.php?language=en)\n* [DEFT](http://www.deftlinux.net/)\n* [CAINE](http://www.caine-live.net/)\n* [Parrot Security OS](http://www.parrotsec.org/)\n* [BlackArch Linux](http://www.blackarch.org/)\n* [ArchAssualt](https://archassault.org/)\n\n----\n## Labs:\n### ISOs and VMs:\n\n* http://sourceforge.net/projects/websecuritydojo/\n* http://code.google.com/p/owaspbwa/wiki/ProjectSummary\n* http://heorot.net/livecds/\n* http://informatica.uv.es/~carlos/docencia/netinvm/\n* http://www.bonsai-sec.com/en/research/moth.php\n* http://blog.metasploit.com/2010/05/introducing-metasploitable.html\n* http://pynstrom.net/holynix.php\n* http://gnacktrack.co.uk/download.php\n* http://sourceforge.net/projects/lampsecurity/files/\n* https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html\n* http://sourceforge.net/projects/virtualhacking/files/\n* http://www.badstore.net/\n* http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10\n* http://www.dvwa.co.uk/\n* http://sourceforge.net/projects/thebutterflytmp/\n\n### Vulnerable Software:\n\n* http://www.oldapps.com/\n* http://www.oldversion.com/\n* http://www.exploit-db.com/webapps/\n* http://code.google.com/p/wavsep/downloads/list\n* http://www.owasp.org/index.php/Owasp_SiteGenerator\n* http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx\n* http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx\n* http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx\n* http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx\n\n### Test Sites:\n\n* http://www.webscantest.com/\n* http://crackme.cenzic.com/Kelev/view/home.php\n* http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com\n* http://testaspnet.vulnweb.com/\n* http://testasp.vulnweb.com/\n* http://testphp.vulnweb.com/\n* http://demo.testfire.net/\n* http://hackme.ntobjectives.com/\n\n----\n## Exploitation:\n\n* http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html\n* http://www.mgraziano.info/docs/stsi2010.pdf\n* http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/\n* http://www.ethicalhacker.net/content/view/122/2/\n* http://code.google.com/p/it-sec-catalog/wiki/Exploitation\n* http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html\n* http://ref.x86asm.net/index.html\n\n----\n## Reverse Engineering & Malware:\n\n* http://www.woodmann.com/TiGa/idaseries.html\n* http://www.binary-auditing.com/\n* http://visi.kenshoto.com/\n* http://www.radare.org/y/\n* http://www.offensivecomputing.net/\n\n----\n## Passwords and Hashes:\n\n* http://www.irongeek.com/i.php?page=videos/password-exploitation-class\n* http://cirt.net/passwords\n* http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html\n* http://www.foofus.net/~jmk/medusa/medusa-smbnt.html\n* http://www.foofus.net/?page_id=63\n* http://hashcrack.blogspot.com/\n* http://www.nirsoft.net/articles/saved_password_location.html\n* http://www.onlinehashcrack.com/\n* http://www.md5this.com/list.php?\n* http://www.virus.org/default-password\n* http://www.phenoelit-us.org/dpl/dpl.html\n* http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html\n\n### Wordlists:\n* [Korelogic](http://contest.korelogic.com/wordlists.html)\n* [PacketStorm](http://packetstormsecurity.org/Crackers/wordlists/)\n* [Skullsecurity](http://www.skullsecurity.org/wiki/index.php/Passwords)\n* [Wordbook](http://wordbook.xyz/download/)\n\n### Pass the Hash:\n* http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283\n* http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219\n* http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html\n\n----\n## MiTM:\n\n* http://www.giac.org/certified_professionals/practicals/gsec/0810.php\n* http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf\n* http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf\n* http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data\n* http://www.mindcenter.net/uploads/ECCE101.pdf\n* http://toorcon.org/pres12/3.pdf\n* http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf\n* http://packetstormsecurity.org/papers/wireless/cracking-air.pdf\n* http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf\n* http://www.oact.inaf.it/ws-ssri/Costa.pdf\n* http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf\n* http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf\n* http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf\n* http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf\n* http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf\n* http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf\n* http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf\n* http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf\n* http://articles.manugarg.com/arp_spoofing.pdf\n* http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf\n* http://www.ucci.it/docs/ICTSecurity-2004-26.pdf\n* http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf\n* http://blog.spiderlabs.com/2010/12/thicknet.html\n* http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/\n* http://www.go4expert.com/forums/showthread.php?t=11842\n* http://www.irongeek.com/i.php?page=security/ettercapfilter\n* http://openmaniak.com/ettercap_filter.php\n* http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming\n* http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate\n* http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1\n* http://spareclockcycles.org/2010/06/10/sergio-proxy-released/\n\n\n----\n## Tools:\n### OSINT:\n* http://www.edge-security.com/theHarvester.php\n* http://www.mavetju.org/unix/dnstracer-man.php\n* http://www.paterva.com/web5/\n\n## Metadata:\n* http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974\n* http://lcamtuf.coredump.cx/strikeout/\n* http://www.sno.phy.queensu.ca/~phil/exiftool/\n* http://www.edge-security.com/metagoofil.php\n* http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html\n\n### Google Hacking:\n* http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/\n* http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads\n* http://sqid.rubyforge.org/#next\n* http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html\n\n### Web:\n* http://www.bindshell.net/tools/beef\n* http://blindelephant.sourceforge.net/\n* http://xsser.sourceforge.net/\n* http://sourceforge.net/projects/rips-scanner/\n* http://www.divineinvasion.net/authforce/\n* http://andlabs.org/tools.html#sotf\n* http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf\n* http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html\n* http://code.google.com/p/pinata-csrf-tool/\n* http://xsser.sourceforge.net/#intro\n* http://www.contextis.co.uk/resources/tools/clickjacking-tool/\n* http://packetstormsecurity.org/files/view/69896/unicode-fun.txt\n* http://sourceforge.net/projects/ws-attacker/files/\n* https://github.com/koto/squid-imposter\n\n### Attack Strings:\n* http://code.google.com/p/fuzzdb/\n* http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements\n\n### Shells:\n* http://sourceforge.net/projects/yokoso/\n* http://sourceforge.net/projects/ajaxshell/\n\n### Scanners:\n* http://w3af.sourceforge.net/\n* http://code.google.com/p/skipfish/\n* http://sqlmap.sourceforge.net/\n* http://sqid.rubyforge.org/#next\n* http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt\n* http://code.google.com/p/fimap/wiki/WindowsAttack\n* http://code.google.com/p/fm-fsf/\n\n### Proxies:\n## Burp:\n* http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214\n* http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/\n* http://sourceforge.net/projects/belch/files/\n* http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools\n* http://blog.ombrepixel.com/\n* http://andlabs.org/tools.html#dser\n* http://feoh.tistory.com/22\n* http://www.sensepost.com/labs/tools/pentest/reduh\n* http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project\n* http://intrepidusgroup.com/insight/mallory/\n* http://www.fiddler2.com/fiddler2/\n* http://websecuritytool.codeplex.com/documentation?referringTitle=Home\n* http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1\n\n### Social Engineering:\n* http://www.secmaniac.com/\n\n### Password:\n* http://nmap.org/ncrack/\n* http://www.foofus.net/~jmk/medusa/medusa.html\n* http://www.openwall.com/john/\n* http://ophcrack.sourceforge.net/\n* http://blog.0x3f.net/tool/keimpx-in-action/\n* http://code.google.com/p/keimpx/\n* http://sourceforge.net/projects/hashkill/\n\n### Metasploit:\n\n* http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html\n* http://code.google.com/p/msf-hack/wiki/WmapNikto\n* http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html\n* http://seclists.org/metasploit/\n* http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html\n* http://meterpreter.illegalguy.hostzi.com/\n* http://blog.metasploit.com/2010/03/automating-metasploit-console.html\n* http://www.workrobot.com/sansfire2009/561.html\n* http://www.securitytube.net/video/711\n* http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download\n* http://vimeo.com/16852783\n* http://milo2012.wordpress.com/2009/09/27/xlsinjector/\n* http://www.fastandeasyhacking.com/\n* http://trac.happypacket.net/\n* http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf\n* http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf\n\n### Net Scanners and Scripts:\n\n* http://nmap.org/\n* http://asturio.gmxhome.de/software/sambascan2/i.html\n* http://www.softperfect.com/products/networkscanner/\n* http://www.openvas.org/\n* http://tenable.com/products/nessus\n* http://www.rapid7.com/vulnerability-scanner.jsp\n* http://www.eeye.com/products/retina/community\n\n### Post Exploitation:\n\n* http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py\n* http://www.phx2600.org/archive/2008/08/29/metacab/\n* http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html\n\n### Source Inspection:\n\n* http://www.justanotherhacker.com/projects/graudit.html\n* http://code.google.com/p/javasnoop/\n\n### Firefox Addons:\n\n* https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8\n* https://addons.mozilla.org/en-US/firefox/addon/osvdb/\n* https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/\n* https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/\n* https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/\n* https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/\n* https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/\n* https://addons.mozilla.org/en-US/firefox/addon/hackbar/\n\n### Tool Listings:\n\n* http://packetstormsecurity.org/files/tags/tool\n* http://tools.securitytube.net/index.php?title=Main_Page\n\n----\n## Training/Classes:\n### Sec/Hacking:\n\n* http://pentest.cryptocity.net/\n* http://www.irongeek.com/i.php?page=videos/network-sniffers-class\n* http://samsclass.info/124/124_Sum09.shtml\n* http://www.cs.ucsb.edu/~vigna/courses/cs279/\n* http://crypto.stanford.edu/cs142/\n* http://crypto.stanford.edu/cs155/\n* http://cseweb.ucsd.edu/classes/wi09/cse227/\n* http://www-inst.eecs.berkeley.edu/~cs161/sp11/\n* http://security.ucla.edu/pages/Security_Talks\n* http://www.cs.rpi.edu/academics/courses/spring10/csci4971/\n* http://cr.yp.to/2004-494.html\n* http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/\n* https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot\n* http://stuff.mit.edu/iap/2009/#websecurity\n\n### Metasploit:\n\n* http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training\n* http://www.irongeek.com/i.php?page=videos/metasploit-class\n* http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/\n* http://vimeo.com/16925188\n* http://www.ustream.tv/recorded/13396511\n* http://www.ustream.tv/recorded/13397426\n* http://www.ustream.tv/recorded/13398740\n\n### Programming:\n## Python:\n\n* http://code.google.com/edu/languages/google-python-class/index.html\n* http://www.swaroopch.com/notes/Python_en:Table_of_Contents\n* http://www.thenewboston.com/?cat=40&pOpen=tutorial\n* http://showmedo.com/videotutorials/python\n* http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/\n\n## Ruby:\n\n* http://www.tekniqal.com/\n\n### Other Misc:\n\n* http://www.cs.sjtu.edu.cn/~kzhu/cs490/\n* https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/\n* http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/\n* http://resources.infosecinstitute.com/\n* http://vimeo.com/user2720399\n\n----\n## Web Vectors\n### SQLi:\n\n* http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/\n* http://isc.sans.edu/diary.html?storyid=9397\n* http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/\n* http://www.evilsql.com/main/index.php\n* http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html\n* http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections\n* http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/\n* http://sqlzoo.net/hack/\n* http://www.sqlteam.com/article/sql-server-versions\n* http://www.krazl.com/blog/?p=3\n* http://www.owasp.org/index.php/Testing_for_MS_Access\n* http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html\n* http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html\n* http://www.youtube.com/watch?v=WkHkryIoLD0\n* http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf\n* http://vimeo.com/3418947\n* http://sla.ckers.org/forum/read.php?24,33903\n* http://websec.files.wordpress.com/2010/11/sqli2.pdf\n* http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/\n* http://ha.ckers.org/sqlinjection/\n* http://lab.mediaservice.net/notes_more.php?id=MSSQL\n\n### Upload Tricks:\n\n* http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972\n* http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html\n* http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/\n* http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/\n* http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/\n* http://www.ravenphpscripts.com/article2974.html\n* http://www.acunetix.com/cross-site-scripting/scanner.htm\n* http://www.vupen.com/english/advisories/2009/3634\n* http://msdn.microsoft.com/en-us/library/aa478971.aspx\n* http://dev.tangocms.org/issues/237\n* http://seclists.org/fulldisclosure/2006/Jun/508\n* http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/\n* http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html\n* http://shsc.info/FileUploadSecurity\n\n\n### LFI/RFI:\n\n* http://pastie.org/840199\n* http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/\n* http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter\n* http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/\n* http://www.digininja.org/blog/when_all_you_can_do_is_read.php\n\n### XSS:\n\n* http://www.infosecwriters.com/hhworld/hh8/csstut.htm\n* http://www.technicalinfo.net/papers/CSS.html\n* http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx\n* http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html\n* https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf\n* http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html\n* http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/\n* http://heideri.ch/jso/#javascript\n* http://www.reddit.com/r/xss/\n* http://sla.ckers.org/forum/list.php?2\n\n### Coldfusion:\n\n* http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\n* http://zastita.com/02114/Attacking_ColdFusion..html\n* http://www.nosec.org/2010/0809/629.html\n* http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964\n* http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf\n\n### Sharepoint:\n\n* http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678\n\n### Lotus:\n\n* http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security\n* http://seclists.org/pen-test/2002/Nov/43\n* http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?\n\n### JBoss:\n\n* http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf\n* http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html\n\n### VMWare Web:\n\n* http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav\n\n### Oracle App Servers:\n\n* http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html\n* http://www.owasp.org/index.php/Testing_for_Oracle\n* http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx\n* http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx\n* http://www.ngssoftware.com/papers/hpoas.pdf\n\n### SAP:\n\n* http://www.onapsis.com/research.html#bizploit\n* http://marc.info/?l=john-users&m=121444075820309&w=2\n* http://www.phenoelit-us.org/whatSAP/index.html\n\n----\n## Wireless:\n\n* http://code.google.com/p/pyrit/\n\n----\n## Capture the Flag/Wargames:\n\n* http://intruded.net/\n* http://smashthestack.org/\n* http://flack.hkpco.kr/\n* http://ctf.hcesperer.org/\n* http://ictf.cs.ucsb.edu/\n* http://capture.thefl.ag/calendar/\n\n----\n## Conferences:\n\n* [Information Security Conferences](https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK)\n\n----\n## Misc/Unsorted:\n\n* http://www.ikkisoft.com/stuff/SMH_XSS.txt\n* http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter\n* http://whatthefuckismyinformationsecuritystrategy.com/\n* http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#\n* http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#\n* http://www.sensepost.com/blog/4552.html\n* http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html\n* http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210\n* http://carnal0wnage.attackresearch.com/node/410\n* http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf\n* http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf\n* http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/\n"
  },
  {
    "path": "_config.yml",
    "content": "theme: jekyll-theme-midnight\n"
  }
]