Web Pentesting

https://github.com/HolyBugx/HolyTips

Websites

• Hacking
• Hackaday.io
• Hackster.io

OS

• Kali Org.
  • Kali Tools Listing
  • Docker Images
• BlackArch
• BackBox
• Parrot Security
• Fedora Security Spin

Reconnaissance

• Online:
  • ping.eu
  • HostingChecker
  • HTTPStatus
  • SSL Server Test
  • Security Headers
• Skipfish
• ReconNG
• NmapAutomator
• DMitry
• SSL Scan

WWW (Path discovery, fuzzers)

• dirsearch
• DirBuster
• GoBuster
• Nikto
• Dirb
• Fuff
• Wfuzz

Exploitation

• Metasploit
  • Metasploit
  • Github
• Exploit Database

---

Decoder

• Rot Decode
• Reqbin

Suite

• Burp
• Nessus
• ZAP

Social Network

• Maltego
• CaseFile

More

• OWASP Foundation
  • OWASP Cheatsheets

---

• https://lab.wallarm.com/test-your-waf-before-hackers
• https://habr.com/en/company/dsec/blog/454592
• WAF Hacking Pt. 1
• WAF Hacking Pt. 2

---

TBR

https://github.com/Hack-with-Github/Awesome-Hacking

Wordlists

• Fictional deities
• Mythologies
• Vampires
• Lovecraft Creatures
• Behind the Name
• https://github.com/gmelodie/awesome-wordlists
• https://github.com/berzerk0/Probable-Wordlists

Google Dork

• ExploitDB Dorks
• GBHackers
• go-dork

  inurl:/view.shtml
  site:hack-yourself-first.com filetype:pdf
  password filetype:pdf site:hack-yourself-first.com
  ?action= site:hack-yourself-first.com