From 23458cd9a1ddf610705c7a1f72cda1701a7857dc Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Sat, 15 Dec 2018 09:10:18 -0200 Subject: [PATCH 001/148] fix: branch conditional --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5dfa9c9..0d35d41 100644 --- a/README.md +++ b/README.md @@ -632,7 +632,8 @@ unset HISTFILE && exit ###### Perform a branching conditional ```bash -true && { echo success;} || { echo failed; } +true && echo success +false || echo failed ``` ###### Pipe stdout and stderr to separate commands From 2c903c03c0197cc92da9dda9d3672c24f282fa4b Mon Sep 17 00:00:00 2001 From: trimstray Date: Sun, 16 Dec 2018 19:31:31 +0100 Subject: [PATCH 002/148] removed new line after preview - signed-off-by: trimstray --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 0d35d41..1aac6fd 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,6 @@ alt="Master">

-
-

A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more.


From b5f1f3c1d2493f01f270a919536e3d93f82adeb8 Mon Sep 17 00:00:00 2001 From: 0xflotus <0xflotus@gmail.com> Date: Mon, 17 Dec 2018 00:35:27 +0100 Subject: [PATCH 003/148] fixed security --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1aac6fd..02f97cf 100644 --- a/README.md +++ b/README.md @@ -340,7 +340,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
  :small_orange_diamond: PTES - the penetration testing execution standard.
  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
-  :small_orange_diamond: Guifre Ruiz Notes - collection of secuirty, system, network and pentest cheatsheets.
+  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
  :small_orange_diamond: Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
  :small_orange_diamond: The Illustrated TLS Connection - every byte of a TLS connection explained and reproduced.
@@ -528,7 +528,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: sploitus - the exploit and tools database.
  :small_orange_diamond: Packet Storm - information security services, news, files, tools, exploits, aAdvisories and whitepapers.
  :small_orange_diamond: Sekurak - about security, penetration tests, vulnerabilities and many others (PL/EN).
-  :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system securit (PL).
+  :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).

#### Other Cheat Sheets From b0e5b6d25321d909d24ac41dcad5e1d70329ba39 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 11:14:14 +0100 Subject: [PATCH 004/148] updated 'Labs (ethical hacking platforms)'; fixed typos - signed-off-by: trimstray --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 02f97cf..5174ff2 100644 --- a/README.md +++ b/README.md @@ -463,7 +463,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
-  :small_orange_diamond: Penetration Testing Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
+  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.

@@ -506,6 +506,11 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: rozwal.to - a great platform to train your pentesting skills.
  :small_orange_diamond: TryHackMe - learning Cyber Security made easy.
  :small_orange_diamond: OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
+  :small_orange_diamond: Wizard Labs - is an online Penetration Testing Lab.
+  :small_orange_diamond: PentesterLab - provides vulnerable systems that can be used to test and understand vulnerabilities.
+  :small_orange_diamond: RingZer0 - tons of challenges designed to test and improve your hacking skills.
+  :small_orange_diamond: Ubeeri - preconfigured lab environments.
+  :small_orange_diamond: Pentestit - emulate an IT infrastructure of real companies for a legal pen testing and improving penetration testing skills.

#### Your daily knowledge and news From 6de93f7acc54f9b6232a0d0c590058c905272f59 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 11:54:28 +0100 Subject: [PATCH 005/148] #8 - updated url - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5174ff2..d78d7cc 100644 --- a/README.md +++ b/README.md @@ -324,7 +324,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: nixCraft - linux and unix tutorials for new and seasoned sysadmin.
  :small_orange_diamond: TecMint - the ideal Linux blog for Sysadmins & Geeks.
  :small_orange_diamond: Omnisecu - Free Networking, System Administration and Security Tutorials.
-  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
+  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.

##### :black_small_square: Security From 072c4166328b93da4fc346d745ef2eaf2a9e066e Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 12:38:31 +0100 Subject: [PATCH 006/148] added dtrace/ltrace to 'System Diagnostics/Debuggers' - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d78d7cc..d97da74 100644 --- a/README.md +++ b/README.md @@ -128,6 +128,8 @@ for transferring data with URLs.

  :small_orange_diamond: strace - diagnostic, debugging and instructional userspace utility for Linux.
+  :small_orange_diamond: DTrace - is a performance analysis and troubleshooting tool.
+  :small_orange_diamond: ltrace - is a library call tracer, used to trace calls made by programs to library functions.
  :small_orange_diamond: sysdig - system exploration and troubleshooting tool with first class support for containers.
  :small_orange_diamond: glances - cross-platform system monitoring tool written in Python.
  :small_orange_diamond: htop - interactive text-mode process viewer for Unix systems. It aims to be a better 'top'.
From 4d518af3b7517f2c58bdf1ed578700eafccb7b27 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 12:58:51 +0100 Subject: [PATCH 007/148] added new 'strace' one-liners - signed-off-by: trimstray --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index d97da74..e0a4bf3 100644 --- a/README.md +++ b/README.md @@ -890,6 +890,24 @@ ___ ##### Tool: [strace](https://en.wikipedia.org/wiki/Strace) +###### Track child process + +```bash +strace -f -p $(pidof glusterfsd) +``` + +###### Track process after 30 seconds + +```bash +timeout 30 strace $(< /var/run/zabbix/zabbix_agentd.pid) +``` + +###### Track child process and redirect output to a file + +```bash +ps auxw | grep 'sbin/[a]pache' | awk '{print " -p " $2}' | xargs strace -o /tmp/strace-apache-proc.out +``` + ###### Track the open request of a network port ```bash From e278c9eaca334f9cac1aa0919a29972b34594a75 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 13:17:46 +0100 Subject: [PATCH 008/148] updated desc headers; added emoji markups - signed-off-by: trimstray --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e0a4bf3..39e9c8b 100644 --- a/README.md +++ b/README.md @@ -38,23 +38,25 @@ » All suggestions are welcome «

-## What is it? +## :notebook_with_decorative_cover:  What is it? This list is a collection of various materials that I use every day in my work. It contain a lot of useful information gathered in one piece. -This is not a final and full version - I update it on an ongoing basis. + > `This is not a final and full version - I update it on an ongoing basis.` -## For whom? +## :restroom:  For whom? -It is intended for everyone and anyone - especially for system and network administrators, devops, pentesters or security researchers. +It is intended for everyone and anyone - especially for System and Network Administrators, DevOps, Pentesters or Security Researchers. -## :ballot_box_with_check: Todo +## :ballot_box_with_check:  Todo - [ ] Add useful shell functions - [ ] Add one-liners for collection tools (eg. CLI Tools) - [ ] Generate book pdf format -## The Book of Secret Knowledge (Chapters) +
+ +## :anger:  The Book of Secret Knowledge (Chapters) #### CLI Tools From e4544c161dee02fa4be8f2a3235d9426a83cba26 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 13:27:52 +0100 Subject: [PATCH 009/148] removed useless '
' - signed-off-by: trimstray --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 39e9c8b..dc779c0 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,6 @@ It is intended for everyone and anyone - especially for System and Network Admin - [ ] Add one-liners for collection tools (eg. CLI Tools) - [ ] Generate book pdf format -
- ## :anger:  The Book of Secret Knowledge (Chapters) #### CLI Tools From 7167b180b967e224f843d07def322ba8345490fc Mon Sep 17 00:00:00 2001 From: Martin Muzatko Date: Mon, 17 Dec 2018 17:12:34 +0100 Subject: [PATCH 010/148] Added explainshell and exploitdb --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index dc779c0..6372173 100644 --- a/README.md +++ b/README.md @@ -302,6 +302,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: CVE Mitre - list of publicly known cybersecurity vulnerabilities.
  :small_orange_diamond: CVE Details - CVE security vulnerability advanced database.
+  :small_orange_diamond: Exploit DB - CVE compliant archive of public exploits and corresponding vulnerable software.

#### Manuals/Howtos/Tutorials @@ -312,6 +313,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: pure-bash-bible - a collection of pure bash alternatives to external processes.
  :small_orange_diamond: The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.
+  :small_orange_diamond: Explain shell - get interactive help texts for shell commands.

##### :black_small_square: Programming From e7e499b66a7251676f37ab8489d9ec45b1687c83 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Mon, 17 Dec 2018 23:05:20 +0100 Subject: [PATCH 011/148] removed duplicate exploit-db; moved explain-shell to playgrounds --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 6372173..c83d550 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,7 @@ for transferring data with URLs.

  :small_orange_diamond: ShellCheck - finds bugs in your shell scripts.
+  :small_orange_diamond: explainshell - get interactive help texts for shell commands.
  :small_orange_diamond: jsbin - live pastebin for HTML, CSS & JavaScript and more.
  :small_orange_diamond: PHP Sandbox - test your PHP code with this code tester.

@@ -313,7 +314,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: pure-bash-bible - a collection of pure bash alternatives to external processes.
  :small_orange_diamond: The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.
-  :small_orange_diamond: Explain shell - get interactive help texts for shell commands.

##### :black_small_square: Programming @@ -533,7 +533,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: DARKReading - connecting the Information Security Community.
  :small_orange_diamond: publiclyDisclosed - public disclosure watcher who keeps you up to date about the recently disclosed bugs.
  :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits.
-  :small_orange_diamond: Exploit-DB - the exploit database: exploits, shellcode, 0days, remote exploits, local exploits, web Apps and more.
  :small_orange_diamond: sploitus - the exploit and tools database.
  :small_orange_diamond: Packet Storm - information security services, news, files, tools, exploits, aAdvisories and whitepapers.
  :small_orange_diamond: Sekurak - about security, penetration tests, vulnerabilities and many others (PL/EN).
From 174547e1d1bd17dd5d57566ffd1c9cbf7c18e110 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 23:54:17 +0100 Subject: [PATCH 012/148] added 'Contributing' chapter - signed-off-by: trimstray --- README.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c83d550..fa7503f 100644 --- a/README.md +++ b/README.md @@ -34,20 +34,29 @@ *** -

- » All suggestions are welcome « -

- ## :notebook_with_decorative_cover:  What is it? This list is a collection of various materials that I use every day in my work. It contain a lot of useful information gathered in one piece. - > `This is not a final and full version - I update it on an ongoing basis.` - ## :restroom:  For whom? It is intended for everyone and anyone - especially for System and Network Administrators, DevOps, Pentesters or Security Researchers. +## :information_source:  Contributing + +A few simple rules for this project: + +- inviting and clear +- not tiring +- useful + +These below rules may be better: + +- easy to contribute to +- easy to find (no TOC) + +Before add pull request please see **[this](https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/CONTRIBUTING.md)**. + ## :ballot_box_with_check:  Todo - [ ] Add useful shell functions From ed648a91e5ea76cda468148d00c647e428121319 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 23:54:22 +0100 Subject: [PATCH 013/148] updated CONTRIBUTING.md - signed-off-by: trimstray --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4068f08..a8d35e6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,15 +1,15 @@ # Contributing -If you would like to support this project, you have an interesting idea how to improve the operation of this tool or if you found some errors - do fork this add your fixes and add pull-request of your branch to the **testing branch**. +If you would like to support this project, you have an interesting idea how to improve the operation of this tool or if you found some errors - do fork this add your fixes and add pull-request of your branch to the **master branch**. ## Signature of commit Moving forward all commits to this project must include a "signed-off-by" line indicating the name and email address of the contributor signing off on the change. To enable signatures add the following lines to `.git/hooks/prepare-commit-msg` : -`````` +``` SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/- signed-off-by: \1/p') grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" -`````` +``` ## Pull requests From 5b41a1123bee2edcdcb35f9b02e250017c22cfe6 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 17 Dec 2018 23:55:53 +0100 Subject: [PATCH 014/148] removed empty directories and .gitkeep files - signed-off-by: trimstray --- doc/.gitkeep | 0 lib/.gitkeep | 0 skel/.gitkeep | 0 src/.gitkeep | 0 4 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 doc/.gitkeep delete mode 100644 lib/.gitkeep delete mode 100644 skel/.gitkeep delete mode 100644 src/.gitkeep diff --git a/doc/.gitkeep b/doc/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/lib/.gitkeep b/lib/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/skel/.gitkeep b/skel/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/src/.gitkeep b/src/.gitkeep deleted file mode 100644 index e69de29..0000000 From b790486976eb4994e9b75ed0bb802a8bc733be6e Mon Sep 17 00:00:00 2001 From: Marcos Date: Tue, 18 Dec 2018 00:41:37 +0100 Subject: [PATCH 015/148] Fix Nginx website link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fa7503f..951ae91 100644 --- a/README.md +++ b/README.md @@ -422,7 +422,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an

  :small_orange_diamond: Varnish HTTP Cache - HTTP accelerator designed for content-heavy dynamic web sites.
-  :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.
+  :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.

##### :black_small_square: Security/hardening From 1d7499f7bac0aeb0e9b43671af6adbf4ec3161cc Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 07:48:17 +0100 Subject: [PATCH 016/148] updated 'Contributing' - signed-off-by: trimstray --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 951ae91..c3d6fc3 100644 --- a/README.md +++ b/README.md @@ -52,10 +52,10 @@ A few simple rules for this project: These below rules may be better: -- easy to contribute to +- easy to contribute to (Markdown + HTML) - easy to find (no TOC) -Before add pull request please see **[this](https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/CONTRIBUTING.md)**. +Before add pull request please see **[this](https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/CONTRIBUTING.md)**. All suggestions/PR are welcome! ## :ballot_box_with_check:  Todo From 383f5a35eee7d2d129420a22086c1df7b19839e4 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 07:52:19 +0100 Subject: [PATCH 017/148] added 'kb.entersoft.co.in' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c3d6fc3..229b3e5 100644 --- a/README.md +++ b/README.md @@ -478,6 +478,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
+  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.

##### :black_small_square: Bounty programs From 467408a9f1c535ef3a3c821d41a3a91646b373cb Mon Sep 17 00:00:00 2001 From: Manan Date: Tue, 18 Dec 2018 16:05:46 +0530 Subject: [PATCH 018/148] added gobuster to Network section --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 229b3e5..8d27d57 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ for transferring data with URLs.
  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: nmap - free and open source (license) utility for network discovery and security auditing.
+  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go
  :small_orange_diamond: hping - command-line oriented TCP/IP packet assembler/analyzer.
  :small_orange_diamond: mtr - functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
  :small_orange_diamond: masscan - the fastest Internet port scanner, spews SYN packets asynchronously.
From 81fc797f58fcc60c5566bfb0c5938d8f6e770e7b Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 11:45:04 +0100 Subject: [PATCH 019/148] added info about temporary unavailable urls - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 229b3e5..5d12445 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,8 @@ These below rules may be better: - easy to contribute to (Markdown + HTML) - easy to find (no TOC) +Url marked **\*** is temporary unavailable. Please don't delete it without confirming that it has permanently expired. + Before add pull request please see **[this](https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/CONTRIBUTING.md)**. All suggestions/PR are welcome! ## :ballot_box_with_check:  Todo From 66cfde67f42dd311f3bb2f6570a27adfdbad2dde Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 11:48:41 +0100 Subject: [PATCH 020/148] marked 'bankgradesecurity.com' with '*' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d12445..75567a5 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: LZone Cheat Sheets - all cheat sheets.
  :small_orange_diamond: Dan’s Cheat Sheets’s - massive cheat sheets documentation.
  :small_orange_diamond: The C10K problem - it's time for web servers to handle ten thousand clients simultaneously, don't you think?
-  :small_orange_diamond: Bank Grade Security - when companies say they have "Bank Grade Security" they imply that it is a good thing.
+  :small_orange_diamond: Bank Grade Security - when companies say they have "Bank Grade Security" they imply that it is a good thing.*
  :small_orange_diamond: HTTPS on Stack Overflow - this is the story of a long journey regarding the implementation of SSL.
  :small_orange_diamond: Julia's Drawings - some drawings about programming and unix world, zines about systems & debugging tools.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON 26.
From 6420347a95df1d29eb09b812c6a40371582327b4 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 13:38:19 +0100 Subject: [PATCH 021/148] added 'Geeky Blogs' chapter - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 75567a5..e8a8ebb 100644 --- a/README.md +++ b/README.md @@ -385,6 +385,8 @@ performance of any of your sites from across the globe.
#### Blogs +##### :black_small_square: Geeky Blogs +

  :small_orange_diamond: Brendan Gregg's Blog - Brendan Gregg is an industry expert in computing performance and cloud computing.
  :small_orange_diamond: Gynvael "GynDream" Coldwind - Gynvael is a IT security engineer at Google.
From 2d03491b6ec155c8ec706d00b4b5d2da79818ab1 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 13:42:16 +0100 Subject: [PATCH 022/148] added 'Hidden directories' tutorial - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e8a8ebb..d4598a6 100644 --- a/README.md +++ b/README.md @@ -381,6 +381,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON 26.
  :small_orange_diamond: BGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
  :small_orange_diamond: HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
+  :small_orange_diamond: Hidden directories - hidden directories and files as a source of sensitive information about web application.

#### Blogs From 2e60cd46b5b22b89bce1cc3d728409944588f037 Mon Sep 17 00:00:00 2001 From: Marcos Date: Tue, 18 Dec 2018 14:37:09 +0100 Subject: [PATCH 023/148] DNS Trails - repository of historical DNS data --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 951ae91..6805bf8 100644 --- a/README.md +++ b/README.md @@ -225,6 +225,7 @@ for transferring data with URLs.
  :small_orange_diamond: Find subdomains online - find subdomains for security assessment penetration test.
  :small_orange_diamond: DNSdumpster - dns recon & research, find & lookup dns records.
  :small_orange_diamond: DNS Table online - search for DNS records by domain, IP, CIDR, ISP.
+  :small_orange_diamond: DNS Trails - repository of historical DNS data.
  :small_orange_diamond: PTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records.
  :small_orange_diamond: xip.ip - wildcard DNS for everyone.

From b8cdeb12b4586e81462b3d1a157d6bcbd4959bb0 Mon Sep 17 00:00:00 2001 From: Marcos Date: Tue, 18 Dec 2018 14:45:10 +0100 Subject: [PATCH 024/148] Pingdom Tools --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6805bf8..a6dd78f 100644 --- a/README.md +++ b/README.md @@ -298,6 +298,7 @@ for transferring data with URLs.
  :small_orange_diamond: GTmetrix - analyze your site’s speed and make it faster.
  :small_orange_diamond: Sucuri loadtimetester - test here the performance of any of your sites from across the globe.
+  :small_orange_diamond: Pingdom Tools - analyze your site’s speed around the world.

##### :black_small_square: Passwords From 7a977cafb801dd7817d2814dc39f13761de84829 Mon Sep 17 00:00:00 2001 From: Marcos Date: Tue, 18 Dec 2018 14:37:09 +0100 Subject: [PATCH 025/148] Revert "DNS Trails - repository of historical DNS data" This reverts commit 2e60cd46b5b22b89bce1cc3d728409944588f037. --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index a6dd78f..be9876f 100644 --- a/README.md +++ b/README.md @@ -225,7 +225,6 @@ for transferring data with URLs.
  :small_orange_diamond: Find subdomains online - find subdomains for security assessment penetration test.
  :small_orange_diamond: DNSdumpster - dns recon & research, find & lookup dns records.
  :small_orange_diamond: DNS Table online - search for DNS records by domain, IP, CIDR, ISP.
-  :small_orange_diamond: DNS Trails - repository of historical DNS data.
  :small_orange_diamond: PTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records.
  :small_orange_diamond: xip.ip - wildcard DNS for everyone.

From e66d61ddab100ddf86298e8c2988dabb27fb587b Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 15:41:50 +0100 Subject: [PATCH 026/148] added multiple 'Network' chapters (subsections) - signed-off-by: trimstray --- README.md | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 681f0a8..7438def 100644 --- a/README.md +++ b/README.md @@ -89,14 +89,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo ##### :black_small_square: Network

-  :small_orange_diamond: Curl - command line tool and library -for transferring data with URLs.
-  :small_orange_diamond: HTTPie - a user-friendly HTTP client.
-  :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
-  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
-  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: nmap - free and open source (license) utility for network discovery and security auditing.
-  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go
  :small_orange_diamond: hping - command-line oriented TCP/IP packet assembler/analyzer.
  :small_orange_diamond: mtr - functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
  :small_orange_diamond: masscan - the fastest Internet port scanner, spews SYN packets asynchronously.
@@ -104,18 +97,35 @@ for transferring data with URLs.
  :small_orange_diamond: tcpdump - powerful command-line packet analyzer.
  :small_orange_diamond: tshark - dump and analyze network traffic (wireshark cli).
  :small_orange_diamond: bmon - monitoring and debugging tool to capture networking related statistics and prepare them visually.
+  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
+  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
+  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
+  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
+  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
+

+ +##### :black_small_square: Network (DNS) + +

  :small_orange_diamond: fierce - a DNS reconnaissance tool for locating non-contiguous IP space.
  :small_orange_diamond: sublist3r - fast subdomains enumeration tool for penetration testers.
  :small_orange_diamond: amass - tool obtains subdomain names by scraping data sources, crawling web archives and more.
  :small_orange_diamond: namebench - provides personalized DNS server recommendations based on your browsing history.
-  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
-  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
-  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
+

+ + +##### :black_small_square: Network (HTTP) + +

+  :small_orange_diamond: Curl - command line tool and library +for transferring data with URLs.
+  :small_orange_diamond: HTTPie - a user-friendly HTTP client.
+  :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
+  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
+  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
-  :small_orange_diamond: Nipe - script to make Tor Network your default gateway.
-  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
-  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
+  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go

##### :black_small_square: SSL/Security @@ -177,6 +187,13 @@ for transferring data with URLs.
  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.

+##### :black_small_square: TOR + +

+  :small_orange_diamond: Nipe - script to make Tor Network your default gateway.
+  :small_orange_diamond: Multitor - a tool that lets you create multiple TOR instances with a load-balancing.
+

+ ##### :black_small_square: Other

From 51711784c4414e3e036e2661ef3542d23e6c2c11 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 15:48:25 +0100 Subject: [PATCH 027/148] renamed and moved 'Pentesting' chapter -> 'Pentesters arsenal tools' - signed-off-by: trimstray --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 7438def..3e58aa4 100644 --- a/README.md +++ b/README.md @@ -177,16 +177,6 @@ for transferring data with URLs.
  :small_orange_diamond: mycli - terminal client for MySQL with autocompletion and syntax highlighting.

-##### :black_small_square: Pentesting - -

-  :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
-  :small_orange_diamond: Burp Suite - tool for testing Web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
-  :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
-  :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
-  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
-

- ##### :black_small_square: TOR

@@ -491,6 +481,16 @@ Linux Security Expert - trainings, howtos, checklists, security tools an #### Hacking/Penetration Testing +##### :black_small_square: Pentesters arsenal tools + +

+  :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
+  :small_orange_diamond: Burp Suite - tool for testing Web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+  :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+  :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
+  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
+

+ ##### :black_small_square: Pentests bookmarks collection

From 6caf819bce90f52161446a90ae60a91731d2c188 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 16:36:51 +0100 Subject: [PATCH 028/148] added kurly, htrace.sh; fixed typo - signed-off-by: trimstray --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 37dee98..98ee4d0 100644 --- a/README.md +++ b/README.md @@ -117,10 +117,11 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo ##### :black_small_square: Network (HTTP)

-  :small_orange_diamond: Curl - command line tool and library -for transferring data with URLs.
+  :small_orange_diamond: Curl - command line tool and library for transferring data with URLs.
+  :small_orange_diamond: kurly - is an alternative to the widely popular curl program, written in Golang.
  :small_orange_diamond: HTTPie - a user-friendly HTTP client.
  :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
+  :small_orange_diamond: htrace.sh - shell script to debugging http/https; ssllabs, mozilla observatory, testssl.sh and nmap nse support.
  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
@@ -181,7 +182,7 @@ for transferring data with URLs.

  :small_orange_diamond: Nipe - script to make Tor Network your default gateway.
-  :small_orange_diamond: Multitor - a tool that lets you create multiple TOR instances with a load-balancing.
+  :small_orange_diamond: multitor - a tool that lets you create multiple TOR instances with a load-balancing.

##### :black_small_square: Other From e43e9f2267c80d199536076cc35037cda6eab566 Mon Sep 17 00:00:00 2001 From: robcerda60 Date: Tue, 18 Dec 2018 08:26:06 -0800 Subject: [PATCH 029/148] Added Lynx to Network Chapter Added Lynx to Network Chapter --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 98ee4d0..08b34f3 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
+  :small_orange_diamond: Lynx - Lynx is a text browser for the World Wide Web.

##### :black_small_square: Network (DNS) From 7693b283b908854843f019b2c5133556699fc569 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Tue, 18 Dec 2018 18:23:08 +0100 Subject: [PATCH 030/148] fixed Lynx description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 08b34f3..6fbd5bf 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
-  :small_orange_diamond: Lynx - Lynx is a text browser for the World Wide Web.
+  :small_orange_diamond: Lynx - is a text browser for the World Wide Web.

##### :black_small_square: Network (DNS) From a5eb4e709f106e7ba829fc5e4362da8befe2f727 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 18 Dec 2018 19:19:18 +0100 Subject: [PATCH 031/148] moved 'gnutls' to 'SSL/Security' chapter - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6fbd5bf..f9184e1 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
  :small_orange_diamond: htrace.sh - shell script to debugging http/https; ssllabs, mozilla observatory, testssl.sh and nmap nse support.
  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
-  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go
@@ -133,6 +132,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo ##### :black_small_square: SSL/Security

+  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: sslyze - fast and powerful SSL/TLS server scanning library.
  :small_orange_diamond: sslscan - tests SSL/TLS enabled services to discover supported cipher suites.
From 25fb22108f1404a3f53010dfbff42a5bbd9f8399 Mon Sep 17 00:00:00 2001 From: Derek Pollard Date: Tue, 18 Dec 2018 14:14:07 -0600 Subject: [PATCH 032/148] Add Repl.it to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f9184e1..60be57d 100644 --- a/README.md +++ b/README.md @@ -301,6 +301,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: explainshell - get interactive help texts for shell commands.
  :small_orange_diamond: jsbin - live pastebin for HTML, CSS & JavaScript and more.
  :small_orange_diamond: PHP Sandbox - test your PHP code with this code tester.
+  :small_orange_diamond: Repl.it - an instant IDE to learn, build, collaborate, and host all in one place.

##### :black_small_square: Performance From 57d0b251a6bcbc87a4429d22a130e50bb1131a6f Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 00:21:51 +0100 Subject: [PATCH 033/148] #26 - removed 'random.org' - signed-off-by: trimstray --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 60be57d..09e28dd 100644 --- a/README.md +++ b/README.md @@ -316,7 +316,6 @@ performance of any of your sites from across the globe.
##### :black_small_square: Passwords

-  :small_orange_diamond: Random.org - generate random passwords.
  :small_orange_diamond: Gotcha? - list of 1.4 billion accounts circulates around the Internet.
  :small_orange_diamond: have i been pwned? - check if you have an account that has been compromised in a data breach.

From 9954adeaec973c9dc7998e47ceb7ab7b060e50d6 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 00:23:00 +0100 Subject: [PATCH 034/148] added new chapther: GUI Tools - signed-off-by: trimstray --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 09e28dd..99ca8ed 100644 --- a/README.md +++ b/README.md @@ -192,6 +192,20 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: incron - is an inode-based filesystem notification technology.

+#### GUI Tools + +##### :black_small_square: Network + +

+  :small_orange_diamond: Wireshark - is the world’s foremost and widely-used network protocol analyzer.
+

+ +##### :black_small_square: Password Managers + +

+  :small_orange_diamond: KeePassXC - store your passwords safely and auto-type them into your everyday websites and apps.
+

+ #### Web Tools ##### :black_small_square: SSL/Security From 61aeec21555a76422534f12233a2631a376ab8b4 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 00:48:39 +0100 Subject: [PATCH 035/148] #24 - added 'securitynewsletter.co' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 99ca8ed..a5c95b9 100644 --- a/README.md +++ b/README.md @@ -578,6 +578,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an ##### :black_small_square: Security

+  :small_orange_diamond: Security Newsletter - security news as a weekly digest (email notifications).
  :small_orange_diamond: Google Online Security Blog - the latest news and insights from Google on security and safety on the Internet.
  :small_orange_diamond: Qualys Blog - expert network security guidance and news.
  :small_orange_diamond: DARKReading - connecting the Information Security Community.
From 18a5deed2bb8fc492c18c30e21670f11dfda2e27 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 08:16:56 +0100 Subject: [PATCH 036/148] moved 'sploitus.com' and '0day.today' to 'CVE/Exploits databases' chapter - signed-off-by: trimstray --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a5c95b9..c37e2e3 100644 --- a/README.md +++ b/README.md @@ -334,12 +334,14 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: have i been pwned? - check if you have an account that has been compromised in a data breach.

-##### :black_small_square: CVE +##### :black_small_square: CVE/Exploits databases

  :small_orange_diamond: CVE Mitre - list of publicly known cybersecurity vulnerabilities.
  :small_orange_diamond: CVE Details - CVE security vulnerability advanced database.
  :small_orange_diamond: Exploit DB - CVE compliant archive of public exploits and corresponding vulnerable software.
+  :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits.
+  :small_orange_diamond: sploitus - the exploit and tools database.

#### Manuals/Howtos/Tutorials @@ -583,8 +585,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Qualys Blog - expert network security guidance and news.
  :small_orange_diamond: DARKReading - connecting the Information Security Community.
  :small_orange_diamond: publiclyDisclosed - public disclosure watcher who keeps you up to date about the recently disclosed bugs.
-  :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits.
-  :small_orange_diamond: sploitus - the exploit and tools database.
  :small_orange_diamond: Packet Storm - information security services, news, files, tools, exploits, aAdvisories and whitepapers.
  :small_orange_diamond: Sekurak - about security, penetration tests, vulnerabilities and many others (PL/EN).
  :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).
From 1274178f35bef38243f1e7b273bef0ec3045a744 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 08:45:47 +0100 Subject: [PATCH 037/148] minor updates for 'Network' chapter; added 'ngrep' - signed-off-by: trimstray --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c37e2e3..0706304 100644 --- a/README.md +++ b/README.md @@ -90,17 +90,18 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: nmap - free and open source (license) utility for network discovery and security auditing.
+  :small_orange_diamond: masscan - the fastest Internet port scanner, spews SYN packets asynchronously.
  :small_orange_diamond: hping - command-line oriented TCP/IP packet assembler/analyzer.
  :small_orange_diamond: mtr - functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
-  :small_orange_diamond: masscan - the fastest Internet port scanner, spews SYN packets asynchronously.
  :small_orange_diamond: netcat - networking utility which reads and writes data across network connections, using the TCP/IP protocol.
  :small_orange_diamond: tcpdump - powerful command-line packet analyzer.
  :small_orange_diamond: tshark - dump and analyze network traffic (wireshark cli).
+  :small_orange_diamond: ngrep - is like GNU grep applied to the network layer.
  :small_orange_diamond: bmon - monitoring and debugging tool to capture networking related statistics and prepare them visually.
+  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
-  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
  :small_orange_diamond: Lynx - is a text browser for the World Wide Web.

From 6403d58c353c171df3a3d4cd3434a98ac3f0f31f Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 08:46:17 +0100 Subject: [PATCH 038/148] #20 - added 'iPerf3' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0706304..ae76513 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: ngrep - is like GNU grep applied to the network layer.
  :small_orange_diamond: bmon - monitoring and debugging tool to capture networking related statistics and prepare them visually.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
+  :small_orange_diamond: iPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
From dcc658e9b9ea80cebd18c7f74b2bc8a39700bb22 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 08:50:42 +0100 Subject: [PATCH 039/148] added 'siege' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ae76513..a00535c 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
  :small_orange_diamond: htrace.sh - shell script to debugging http/https; ssllabs, mozilla observatory, testssl.sh and nmap nse support.
  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
+  :small_orange_diamond: siege - is an http load testing and benchmarking utility.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go
From 73726de8bbcf6dc3e3efc65f4bc86c5d8bcdcc7a Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 08:54:15 +0100 Subject: [PATCH 040/148] added 'Text editors' chapter - signed-off-by: trimstray --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index a00535c..04c179f 100644 --- a/README.md +++ b/README.md @@ -209,6 +209,13 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: KeePassXC - store your passwords safely and auto-type them into your everyday websites and apps.

+##### :black_small_square: Text editors + +

+  :small_orange_diamond: Sublime Text - is a lightweight, cross-platform code editor known for its speed, ease of use.
+  :small_orange_diamond: Atom - a hackable text editor for the 21st Century.
+

+ #### Web Tools ##### :black_small_square: SSL/Security From 4c814fbff5a8a9877bd9f152ff6de3b9e225f6ef Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 08:56:19 +0100 Subject: [PATCH 041/148] added 'Faraday' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 04c179f..2073229 100644 --- a/README.md +++ b/README.md @@ -518,6 +518,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
  :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
+  :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.

##### :black_small_square: Pentests bookmarks collection From ecdfb3caa7223f14060ae124b27c198c923348bb Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 09:00:52 +0100 Subject: [PATCH 042/148] added 'System hardening' chapter - signed-off-by: trimstray --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 2073229..01b9593 100644 --- a/README.md +++ b/README.md @@ -379,6 +379,13 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.

+##### :black_small_square: System hardening + +

+  :small_orange_diamond: Security Harden CentOS 7 - this walks you through the steps required to security harden CentOS.
+  :small_orange_diamond: CentOS 7 Server Hardening Guide - great guide for hardening CentOS; familiar with OpenSCAP.
+

+ ##### :black_small_square: Security

From 95dda7221bd7ad8b4d10d8f03b511d309f3b43bb Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 09:03:43 +0100 Subject: [PATCH 043/148] updated 'Pull requests' info - signed-off-by: trimstray --- CONTRIBUTING.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a8d35e6..1b4a8c9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,3 +18,4 @@ When creating pull request, please heed the following: - Base your code on the latest master branch to avoid manual merges - Code review may ensue in order to help shape your proposal - Explain the problem and your proposed solution +- One-line description - please don't continue the description on new lines From 1a048cfd1b09a7dce5cdcd792cdd49fe606b0e15 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 09:08:44 +0100 Subject: [PATCH 044/148] updated 'Contributing' description - signed-off-by: trimstray --- README.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 01b9593..f0ef94d 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,6 @@ Branch - - Awesome - License @@ -36,7 +32,7 @@ ## :notebook_with_decorative_cover:  What is it? -This list is a collection of various materials that I use every day in my work. It contain a lot of useful information gathered in one piece. +This list is a collection of various materials that I use every day in my work. It contains a lot of useful information gathered in one piece. ## :restroom:  For whom? @@ -52,12 +48,12 @@ A few simple rules for this project: These below rules may be better: -- easy to contribute to (Markdown + HTML) -- easy to find (no TOC) +- easy to contribute to (Markdown + HTML ...) +- easy to find (no TOC, maybe it's worth creating them?) Url marked **\*** is temporary unavailable. Please don't delete it without confirming that it has permanently expired. -Before add pull request please see **[this](https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/CONTRIBUTING.md)**. All suggestions/PR are welcome! +Before add pull request please see **[this](https://github.com/trimstray/the-book-of-secret-knowledge/blob/master/CONTRIBUTING.md)**. All **suggestions/PR** are welcome! ## :ballot_box_with_check:  Todo From d204b910871d0a1ac105e5d577fdb80414815d76 Mon Sep 17 00:00:00 2001 From: Tom Nicklin Date: Wed, 19 Dec 2018 09:28:11 +0000 Subject: [PATCH 045/148] Add tldr to CLI tools - other --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f0ef94d..54f75fe 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: incron - is an inode-based filesystem notification technology.
+  :small_orange_diamond: tldr - is simplified and community-driven man pagesv.

#### GUI Tools From bde93d77dca1ea203e3b5f419727a71e0e08ae56 Mon Sep 17 00:00:00 2001 From: Tom Nicklin Date: Wed, 19 Dec 2018 09:29:55 +0000 Subject: [PATCH 046/148] Fixed typos --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 54f75fe..8cf054e 100644 --- a/README.md +++ b/README.md @@ -189,7 +189,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: incron - is an inode-based filesystem notification technology.
-  :small_orange_diamond: tldr - is simplified and community-driven man pagesv.
+  :small_orange_diamond: tldr - simplified and community-driven man pages.

#### GUI Tools From edf281631d2d94ab2f9a3f982acb11830093db46 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 10:44:11 +0100 Subject: [PATCH 047/148] minor updates: Security & Pentesting chapters - signed-off-by: trimstray --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index f0ef94d..8581730 100644 --- a/README.md +++ b/README.md @@ -388,14 +388,8 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OWASP - worldwide not-for-profit charitable organization focused on improving the security of software.
  :small_orange_diamond: OWASP ASVS 3.0.1 - OWASP Application Security Verification Standard Project.
  :small_orange_diamond: OWASP ASVS 3.0.1 Web App - simple web app that helps developers understand the ASVS requirements.
-  :small_orange_diamond: Offensive Security - true performance-based penetration testing training for over a decade.
  :small_orange_diamond: Hacking Articles - LRaj Chandel's Security & Hacking Blog.
-  :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
  :small_orange_diamond: AWS security tools - make your AWS cloud environment more secure.
-  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
-  :small_orange_diamond: PTES - the penetration testing execution standard.
-  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
-  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
  :small_orange_diamond: Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
  :small_orange_diamond: The Illustrated TLS Connection - every byte of a TLS connection explained and reproduced.
@@ -498,11 +492,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an

  :small_orange_diamond: Awesome Sysadmin - amazingly awesome open source sysadmin resources.
  :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
-  :small_orange_diamond: Awesome Hacking - awesome lists for hackers, pentesters and security researchers.
-  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
-  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
-  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
  :small_orange_diamond: SecLists - collection of multiple types of lists used during security assessments, collected in one place.
  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
@@ -522,19 +512,28 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
  :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
+  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.

##### :black_small_square: Pentests bookmarks collection

+  :small_orange_diamond: PTES - the penetration testing execution standard.
  :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
  :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all that things I need to pass OSCP.
  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
+  :small_orange_diamond: Awesome Hacking - awesome lists for hackers, pentesters and security researchers.
+  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
+  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
+  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
+  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
+  :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
+  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.

##### :black_small_square: Bounty programs @@ -563,9 +562,10 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.

-##### :black_small_square: Labs (ethical hacking platforms) +##### :black_small_square: Labs (ethical hacking platforms/trainings)

+  :small_orange_diamond: Offensive Security - true performance-based penetration testing training for over a decade.
  :small_orange_diamond: Hack The Box - online platform allowing you to test your penetration testing skills.
  :small_orange_diamond: Hacking-Lab - online ethical hacking, computer network and security challenge platform.
  :small_orange_diamond: pwnable.kr - non-commercial wargame site which provides various pwn challenges regarding system exploitation.
From 6b2925b4011447fe00976517f4d09538083e51b6 Mon Sep 17 00:00:00 2001 From: Max Al Farakh Date: Wed, 19 Dec 2018 12:59:27 +0300 Subject: [PATCH 048/148] Added SSL Check to the list - signed-off-by: Max Al Farakh --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1468b4e..b5514e1 100644 --- a/README.md +++ b/README.md @@ -232,6 +232,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Common CA Database - repository of information about CAs, and their root and intermediate certificates.
  :small_orange_diamond: CERTSTREAM - real-time certificate transparency log update stream.
  :small_orange_diamond: crt.sh - discovers certificates by continually monitoring all of the publicly known CT.
+  :small_orange_diamond: SSL Check - scan your website for non-secure content.

##### :black_small_square: Privacy From 1291cc974522d1a34333434782b5e63ff5973eda Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 12:35:23 +0100 Subject: [PATCH 049/148] added 'security-tools' (by bl4de) - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1468b4e..a1ff041 100644 --- a/README.md +++ b/README.md @@ -514,6 +514,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
  :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
+  :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.

##### :black_small_square: Pentests bookmarks collection From 01c6ee220c580ae59f8aca017ee05754c881d20b Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Wed, 19 Dec 2018 13:04:06 +0100 Subject: [PATCH 050/148] minor update for sslcheck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b5514e1..2d72f7f 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: SSL Server Test - free online service performs a deep analysis of the configuration of any SSL web server.
  :small_orange_diamond: SSL Server Test (DEV) - free online service performs a deep analysis of the configuration of any SSL web server.
  :small_orange_diamond: ImmuniWeb® SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST).
+  :small_orange_diamond: SSL Check - scan your website for non-secure content.
  :small_orange_diamond: urlscan.io - service to scan and analyse websites.
  :small_orange_diamond: Report URI - monitoring security policies like CSP and HPKP.
  :small_orange_diamond: CSP Evaluator - allows developers and security experts to check if a Content Security Policy.
@@ -232,7 +233,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Common CA Database - repository of information about CAs, and their root and intermediate certificates.
  :small_orange_diamond: CERTSTREAM - real-time certificate transparency log update stream.
  :small_orange_diamond: crt.sh - discovers certificates by continually monitoring all of the publicly known CT.
-  :small_orange_diamond: SSL Check - scan your website for non-secure content.

##### :black_small_square: Privacy From ff60439afd9292e4bf9e3d6d263968a42ed64cac Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 14:08:03 +0100 Subject: [PATCH 051/148] added mind maps to 'Pentests bookmarks collection' - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a1ff041..9fc84ae 100644 --- a/README.md +++ b/README.md @@ -521,6 +521,8 @@ Linux Security Expert - trainings, howtos, checklists, security tools an

  :small_orange_diamond: PTES - the penetration testing execution standard.
+  :small_orange_diamond: Pentests MindMap - amazing mind map with vulnerable apps and systems.
+  :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
  :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
  :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all that things I need to pass OSCP.
  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
From eaa97ae2ad3f85f80d4047f0a3d4d8c484142366 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 14:41:00 +0100 Subject: [PATCH 052/148] added 'Browser extensions' subsection - signed-off-by: trimstray --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index cc9d697..8522354 100644 --- a/README.md +++ b/README.md @@ -632,6 +632,16 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: DNS Privacy Server - running your own DoT or DoH server this page provides some ideas.

+###### Browser extensions + +| Extension name | Description | +| :--- | :--- | +| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. | +| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. | +| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. | +| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | +| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | + #### One-liners ##### Table of Contents From f835fd9cc6da00c550f9fbb3f4fe06e72f8218ca Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 19 Dec 2018 10:51:19 -0800 Subject: [PATCH 053/148] added vscode to text editors --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8522354..fafab16 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: Sublime Text - is a lightweight, cross-platform code editor known for its speed, ease of use.
  :small_orange_diamond: Atom - a hackable text editor for the 21st Century.
+  :small_orange_diamond: VSCODE - an open-source and free source code editor developed by Microsoft

#### Web Tools From 3f94398b018df8f5adaef53e8bcbcd20c3206d02 Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 19 Dec 2018 10:52:08 -0800 Subject: [PATCH 054/148] added period to vscode line --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fafab16..ced6da9 100644 --- a/README.md +++ b/README.md @@ -211,7 +211,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: Sublime Text - is a lightweight, cross-platform code editor known for its speed, ease of use.
  :small_orange_diamond: Atom - a hackable text editor for the 21st Century.
-  :small_orange_diamond: VSCODE - an open-source and free source code editor developed by Microsoft
+  :small_orange_diamond: VSCODE - an open-source and free source code editor developed by Microsoft.

#### Web Tools From 0f923b0d4898763db5af758e422fb5a8bc2a2e7b Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 20:24:48 +0100 Subject: [PATCH 055/148] updated 'Pentesters arsenal tools' - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8522354..5f196cb 100644 --- a/README.md +++ b/README.md @@ -511,11 +511,13 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
  :small_orange_diamond: Burp Suite - tool for testing Web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
  :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+  :small_orange_diamond: w3af - is a Web Application Attack and Audit Framework.
  :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
  :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
  :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
+  :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

##### :black_small_square: Pentests bookmarks collection From 37ee2062c953c475b9ff79fb840adf12c58d6be0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 20:28:12 +0100 Subject: [PATCH 056/148] added 'OpenSSL Certificate Authority' tutorial - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5f196cb..43417fe 100644 --- a/README.md +++ b/README.md @@ -417,6 +417,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON 26.
  :small_orange_diamond: BGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
  :small_orange_diamond: HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
+  :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL command-line tools.
  :small_orange_diamond: Hidden directories - hidden directories and files as a source of sensitive information about web application.

From f8e6a565bb0ff1455504edee72c34ecc97935ce5 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 20:40:20 +0100 Subject: [PATCH 057/148] added 'OpenSSL' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 43417fe..e540086 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo ##### :black_small_square: SSL/Security

+  :small_orange_diamond: openssl - is a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols.
  :small_orange_diamond: gnutls-cli - client program to set up a TLS connection to some other computer.
  :small_orange_diamond: sslyze - fast and powerful SSL/TLS server scanning library.
From 7dd6886c5a11ecdefba94c7db885d7eabb10924b Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 22:06:56 +0100 Subject: [PATCH 058/148] added new tools (Sandcat, TOR Browser) and 'Quitting Google' guide - signed-off-by: trimstray --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e540086..5d476ac 100644 --- a/README.md +++ b/README.md @@ -199,6 +199,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: Wireshark - is the world’s foremost and widely-used network protocol analyzer.
+  :small_orange_diamond: TOR Browser - protect your privacy and defend yourself against network surveillance and traffic analysis.

##### :black_small_square: Password Managers @@ -385,7 +386,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: CentOS 7 Server Hardening Guide - great guide for hardening CentOS; familiar with OpenSCAP.

-##### :black_small_square: Security +##### :black_small_square: Security & Privacy

  :small_orange_diamond: OWASP - worldwide not-for-profit charitable organization focused on improving the security of software.
@@ -396,6 +397,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
  :small_orange_diamond: The Illustrated TLS Connection - every byte of a TLS connection explained and reproduced.
+  :small_orange_diamond: Quitting Google - the comprehensive guide to quitting Google.

##### :black_small_square: Web Apps @@ -510,6 +512,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an ##### :black_small_square: Pentesters arsenal tools

+  :small_orange_diamond: Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
  :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
  :small_orange_diamond: Burp Suite - tool for testing Web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
  :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
From 60139a97a4bc4f954692a074bf9d8dcc74a24783 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Dec 2018 22:11:06 +0100 Subject: [PATCH 059/148] updated 'Pentests bookmarks collection' - signed-off-by: trimstray --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d476ac..b11c25d 100644 --- a/README.md +++ b/README.md @@ -500,7 +500,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
-  :small_orange_diamond: SecLists - collection of multiple types of lists used during security assessments, collected in one place.
  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
@@ -534,8 +533,10 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
  :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all that things I need to pass OSCP.
  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
+  :small_orange_diamond: SecLists - collection of multiple types of lists used during security assessments, collected in one place.
  :small_orange_diamond: Awesome Hacking - awesome lists for hackers, pentesters and security researchers.
  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
+  :small_orange_diamond: Awesome Hacking - a curated list of awesome Hacking tutorials, tools and resources.
  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
From fd5914c643d417b851be99c7738fb918326a5758 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 08:57:17 +0100 Subject: [PATCH 060/148] added 'Linux Network Performance' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b11c25d..87e14fc 100644 --- a/README.md +++ b/README.md @@ -500,6 +500,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
+  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
From b2e9646e2d39731282b00f747a7c2ea06f6839cb Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 09:01:32 +0100 Subject: [PATCH 061/148] moved Lynx to 'Network (HTTP)' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 87e14fc..ba6e2af 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
-  :small_orange_diamond: Lynx - is a text browser for the World Wide Web.

##### :black_small_square: Network (DNS) @@ -122,6 +121,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
  :small_orange_diamond: htrace.sh - shell script to debugging http/https; ssllabs, mozilla observatory, testssl.sh and nmap nse support.
  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
+  :small_orange_diamond: Lynx - is a text browser for the World Wide Web.
  :small_orange_diamond: siege - is an http load testing and benchmarking utility.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
From c91449b67b7596fe442556551d301892360dbc88 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 09:21:36 +0100 Subject: [PATCH 062/148] added 'TOP 12 Burp extensions' - signed-off-by: trimstray --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index ba6e2af..1c625e1 100644 --- a/README.md +++ b/README.md @@ -651,6 +651,23 @@ Linux Security Expert - trainings, howtos, checklists, security tools an | **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | | **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | +###### TOP 12 Burp extensions + +| Extension name | Description | +| :--- | :--- | +| **`Autorize`** | Automatically detects authorization enforcement. | +| **`Reflection`** | An efficient blocker: easy on memory and CPU footprint. | +| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. | +| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. | +| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | +| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | +| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | +| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses or other potential weaknesses. | +| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | +| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | +| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | +| **`Software Vulnerability Scanner`** | Software vulnerability scanner based on Vulners.com audit API. | + #### One-liners ##### Table of Contents From 9bb581bb6b6cb1aecb59db129512798e80b3eef3 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 09:43:38 +0100 Subject: [PATCH 063/148] updated 'Browser extensions' - signed-off-by: trimstray --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1c625e1..119342a 100644 --- a/README.md +++ b/README.md @@ -641,7 +641,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: DNS Privacy Server - running your own DoT or DoH server this page provides some ideas.

-###### Browser extensions +###### TOP 10 Browser extensions | Extension name | Description | | :--- | :--- | @@ -650,6 +650,11 @@ Linux Security Expert - trainings, howtos, checklists, security tools an | **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. | | **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | | **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | +| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. | +| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders and more. | +| **`Clear Cache`** | Clear your cache and browsing data. | +| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. | +| **`Web Developer`** | Adds a toolbar button with various web developer tools. | ###### TOP 12 Burp extensions @@ -662,7 +667,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an | **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | | **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | | **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | -| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses or other potential weaknesses. | +| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses.. | | **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | | **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | | **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | From b951e7995a75a0ffe8fe18ca26b057ca8633be0f Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 09:47:18 +0100 Subject: [PATCH 064/148] added 'How To Become A Hacker' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 119342a..3a45027 100644 --- a/README.md +++ b/README.md @@ -422,6 +422,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
  :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL command-line tools.
  :small_orange_diamond: Hidden directories - hidden directories and files as a source of sensitive information about web application.
+  :small_orange_diamond: How To Become A Hacker - if you want to be a hacker, keep reading.

#### Blogs From 308ec796d9a606ad16b7f6a53aa82eeab54e4fed Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:14:23 +0100 Subject: [PATCH 065/148] added Binni Shah to 'Geeky Blogs/Persons' - signed-off-by: trimstray --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a45027..e3ff530 100644 --- a/README.md +++ b/README.md @@ -427,7 +427,7 @@ performance of any of your sites from across the globe.
#### Blogs -##### :black_small_square: Geeky Blogs +##### :black_small_square: Geeky Blogs/Persons

  :small_orange_diamond: Brendan Gregg's Blog - Brendan Gregg is an industry expert in computing performance and cloud computing.
@@ -437,6 +437,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Nick Craver - Software Developer and Systems Administrator for Stack Exchange.
  :small_orange_diamond: Robert Penz - IT security Expert.
  :small_orange_diamond: Scott Helme - Security Researcher, international speaker and founder of securityheaders.com and report-uri.com.
+  :small_orange_diamond: Binni Shah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
  :small_orange_diamond: Kacper Szurek - Detection Engineer at ESET.
  :small_orange_diamond: Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.
  :small_orange_diamond: Linux Audit - the Linux security blog about Auditing, Hardening and Compliance by Michael Boelen.
From ae06e806ad66f0113718759b13739bf7f04f3a04 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:26:40 +0100 Subject: [PATCH 066/148] added 'Mamont's open FTP Index' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e3ff530..b7dc5c3 100644 --- a/README.md +++ b/README.md @@ -298,6 +298,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Buckets by Grayhatwarfar - database with public search for Open Amazon S3 Buckets and their contents.
  :small_orange_diamond: Vigilante.pw - the breached database directory.
  :small_orange_diamond: builtwith - find out what websites are built with.
+  :small_orange_diamond: Mamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here.

##### :black_small_square: Net-tools From d94426a54948abbe491f7bcb4bf2607de4093c17 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:28:44 +0100 Subject: [PATCH 067/148] added 'ethr' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b7dc5c3..a375af0 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: bmon - monitoring and debugging tool to capture networking related statistics and prepare them visually.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: iPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
+  :small_orange_diamond: ethr - is a Network Performance Measurement Tool for TCP, UDP & HTTP.
  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
From 9700fc3a344f965db14e82812674d8112b3bd62d Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:32:01 +0100 Subject: [PATCH 068/148] added 'Operation Costs in CPU' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a375af0..6b72516 100644 --- a/README.md +++ b/README.md @@ -425,6 +425,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL command-line tools.
  :small_orange_diamond: Hidden directories - hidden directories and files as a source of sensitive information about web application.
  :small_orange_diamond: How To Become A Hacker - if you want to be a hacker, keep reading.
+  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.

#### Blogs From 4085223ef41e1ee9ca4c934e72b7faa3c840ead6 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:35:25 +0100 Subject: [PATCH 069/148] added new subsection: 'Build your own Certificate Authority' - signed-off-by: trimstray --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b72516..06f5538 100644 --- a/README.md +++ b/README.md @@ -422,7 +422,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON 26.
  :small_orange_diamond: BGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
  :small_orange_diamond: HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
-  :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL command-line tools.
  :small_orange_diamond: Hidden directories - hidden directories and files as a source of sensitive information about web application.
  :small_orange_diamond: How To Become A Hacker - if you want to be a hacker, keep reading.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.
@@ -646,6 +645,12 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: DNS Privacy Server - running your own DoT or DoH server this page provides some ideas.

+###### Build your own Certificate Authority + +

+  :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL command-line tools.
+

+ ###### TOP 10 Browser extensions | Extension name | Description | From 54343b1bee2709816e2cd6046619f6b26d92202d Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:37:18 +0100 Subject: [PATCH 070/148] added 'SSRF Tips' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 06f5538..ca5ab29 100644 --- a/README.md +++ b/README.md @@ -552,6 +552,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
  :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
+  :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.

##### :black_small_square: Bounty programs From 15f7e6f599b6e7252abecbd154e026e7f8907c36 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 11:52:39 +0100 Subject: [PATCH 071/148] added new manuals/tutorials - signed-off-by: trimstray --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index ca5ab29..487e221 100644 --- a/README.md +++ b/README.md @@ -379,6 +379,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: TecMint - the ideal Linux blog for Sysadmins & Geeks.
  :small_orange_diamond: Omnisecu - Free Networking, System Administration and Security Tutorials.
  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
+  :small_orange_diamond: http3-explained - a document describing the HTTP/3 and QUIC protocols.

##### :black_small_square: System hardening @@ -399,6 +400,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
  :small_orange_diamond: The Illustrated TLS Connection - every byte of a TLS connection explained and reproduced.
+  :small_orange_diamond: The Art of Subdomain Enumeration - a reference for subdomain enumeration techniques.
  :small_orange_diamond: Quitting Google - the comprehensive guide to quitting Google.

@@ -422,6 +424,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON 26.
  :small_orange_diamond: BGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
  :small_orange_diamond: HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
+  :small_orange_diamond: Gitlab and NFS bug - how we spent two weeks hunting an NFS bug in the Linux kernel.
  :small_orange_diamond: Hidden directories - hidden directories and files as a source of sensitive information about web application.
  :small_orange_diamond: How To Become A Hacker - if you want to be a hacker, keep reading.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.
From d3bd020d80e38076df652ee52c366ed4b1d588a1 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 12:21:50 +0100 Subject: [PATCH 072/148] added 'Terminal emulators' chapter - signed-off-by: trimstray --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 487e221..c69553c 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,13 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: tmux-cssh - sets a comfortable and easy to use functionality, clustering and synchronizing virtual tmux-sessions.

+##### :black_small_square: Terminal emulators + +

+  :small_orange_diamond: Guake - is a dropdown terminal made for the GNOME desktop environment.
+  :small_orange_diamond: Terminator - is based on GNOME Terminal, useful features for sysadmins and other users.
+

+ ##### :black_small_square: Network

From e564680522ade7c53c2c7fe81b48634967dacc69 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 13:28:29 +0100 Subject: [PATCH 073/148] added 'Secure WebMail Providers' - signed-off-by: trimstray --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index c69553c..80cc35b 100644 --- a/README.md +++ b/README.md @@ -484,6 +484,14 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.

+##### :black_small_square: Secure WebMail Providers + +

+  :small_orange_diamond: CounterMail - is a secure and easy to use online email service, designed to provide maximum security and privacy.
+  :small_orange_diamond: Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
+  :small_orange_diamond: Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.
+

+ ##### :black_small_square: Security/hardening

From f6d563bb98ff084a7e858377c99999e7a96cc20d Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 13:33:04 +0100 Subject: [PATCH 074/148] moved 'PGP Keyservers' - signed-off-by: trimstray --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 80cc35b..cff9403 100644 --- a/README.md +++ b/README.md @@ -281,12 +281,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: MultiRBL - complete IP check for sending Mailservers.

-##### :black_small_square: PGP Keyservers - -

-  :small_orange_diamond: SKS OpenPGP Key server - includes a highly-efficient reconciliation algorithm for keeping the keyservers synchronized.
-

- ##### :black_small_square: Mass scanners (search engines)

@@ -492,6 +486,12 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.

+##### :black_small_square: PGP Keyservers + +

+  :small_orange_diamond: SKS OpenPGP Key server - includes a highly-efficient reconciliation algorithm for keeping the keyservers synchronized.
+

+ ##### :black_small_square: Security/hardening

From 922fbee0b4f5ca4fa5279fa69a7f9e4e61301abb Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Thu, 20 Dec 2018 13:39:26 +0100 Subject: [PATCH 075/148] renamed 'VSCODE' to 'Visual Studio Code' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ced6da9..10cf551 100644 --- a/README.md +++ b/README.md @@ -211,7 +211,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: Sublime Text - is a lightweight, cross-platform code editor known for its speed, ease of use.
  :small_orange_diamond: Atom - a hackable text editor for the 21st Century.
-  :small_orange_diamond: VSCODE - an open-source and free source code editor developed by Microsoft.
+  :small_orange_diamond: Visual Studio Code - an open-source and free source code editor developed by Microsoft.

#### Web Tools From ddd3535bccb1e08679c762de29a2491f63263785 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 14:15:06 +0100 Subject: [PATCH 076/148] added 'Enpass' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 479e74c..8679c70 100644 --- a/README.md +++ b/README.md @@ -214,6 +214,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: KeePassXC - store your passwords safely and auto-type them into your everyday websites and apps.
+  :small_orange_diamond: Enpass - password manager and secure wallet.

##### :black_small_square: Text editors From a39311639c6174c41bf6254f62cbc68b1776ad72 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 20 Dec 2018 15:50:13 +0100 Subject: [PATCH 077/148] moved 'Mass scanners (search engines)' chapter - signed-off-by: trimstray --- README.md | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 8679c70..698c3f8 100644 --- a/README.md +++ b/README.md @@ -283,28 +283,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: MultiRBL - complete IP check for sending Mailservers.

-##### :black_small_square: Mass scanners (search engines) - -

-  :small_orange_diamond: Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
-  :small_orange_diamond: Shodan - the world's first search engine for Internet-connected devices.
-  :small_orange_diamond: Shodan 2000 - if you use Shodan for everyday work, be sure to see it - looks for randomly generated data from Shodan.
-  :small_orange_diamond: GreyNoise - mass scanner (such as Shodan and Censys).
-  :small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
-  :small_orange_diamond: FOFA - is a cyberspace search engine.
-  :small_orange_diamond: onyphe - is a search engine for open-source and cyber threat intelligence data collected.
-  :small_orange_diamond: binaryedge - it scan the entire internet space and create real-time threat intelligence streams and reports.
-  :small_orange_diamond: hunter - lets you find email addresses in seconds and connect with the people that matter for your business.
-  :small_orange_diamond: wigle - is a submission-based catalog of wireless networks. All the networks. Found by Everyone.
-  :small_orange_diamond: PublicWWW - find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code.
-  :small_orange_diamond: IntelTechniques - this repository contains hundreds of online search utilities.
-  :small_orange_diamond: GhostProject? - search by full email address or username.
-  :small_orange_diamond: Buckets by Grayhatwarfar - database with public search for Open Amazon S3 Buckets and their contents.
-  :small_orange_diamond: Vigilante.pw - the breached database directory.
-  :small_orange_diamond: builtwith - find out what websites are built with.
-  :small_orange_diamond: Mamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here.
-

- ##### :black_small_square: Net-tools

@@ -342,6 +320,28 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Pingdom Tools - analyze your site’s speed around the world.

+##### :black_small_square: Mass scanners (search engines) + +

+  :small_orange_diamond: Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
+  :small_orange_diamond: Shodan - the world's first search engine for Internet-connected devices.
+  :small_orange_diamond: Shodan 2000 - if you use Shodan for everyday work, be sure to see it - looks for randomly generated data from Shodan.
+  :small_orange_diamond: GreyNoise - mass scanner (such as Shodan and Censys).
+  :small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
+  :small_orange_diamond: FOFA - is a cyberspace search engine.
+  :small_orange_diamond: onyphe - is a search engine for open-source and cyber threat intelligence data collected.
+  :small_orange_diamond: binaryedge - it scan the entire internet space and create real-time threat intelligence streams and reports.
+  :small_orange_diamond: hunter - lets you find email addresses in seconds and connect with the people that matter for your business.
+  :small_orange_diamond: wigle - is a submission-based catalog of wireless networks. All the networks. Found by Everyone.
+  :small_orange_diamond: PublicWWW - find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code.
+  :small_orange_diamond: IntelTechniques - this repository contains hundreds of online search utilities.
+  :small_orange_diamond: GhostProject? - search by full email address or username.
+  :small_orange_diamond: Buckets by Grayhatwarfar - database with public search for Open Amazon S3 Buckets and their contents.
+  :small_orange_diamond: Vigilante.pw - the breached database directory.
+  :small_orange_diamond: builtwith - find out what websites are built with.
+  :small_orange_diamond: Mamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here.
+

+ ##### :black_small_square: Passwords

From 265c3cced8d9901f3567de29b6246ccca785bb9b Mon Sep 17 00:00:00 2001 From: Austin Lowery Date: Sat, 22 Dec 2018 02:11:07 -0600 Subject: [PATCH 078/148] Add dkimvalidator.com under mail section. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 698c3f8..3cf4ba5 100644 --- a/README.md +++ b/README.md @@ -281,6 +281,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: MX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
  :small_orange_diamond: blacklistalert - checks to see if your domain is on a Real Time Spam Blacklist.
  :small_orange_diamond: MultiRBL - complete IP check for sending Mailservers.
+  :small_orange_diamond: DKIM SPF & Spam Assassin Validator - Checks mail authentication and scores messages with Spam Assassin

##### :black_small_square: Net-tools From 67c8ba84fe7c90bed1976cccf5f44e5a12ff4531 Mon Sep 17 00:00:00 2001 From: Austin Lowery Date: Sat, 22 Dec 2018 02:20:48 -0600 Subject: [PATCH 079/148] Add IntoDNS mail and DNS server checker. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 3cf4ba5..bad8894 100644 --- a/README.md +++ b/README.md @@ -273,6 +273,8 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: DNS Table online - search for DNS records by domain, IP, CIDR, ISP.
  :small_orange_diamond: PTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records.
  :small_orange_diamond: xip.ip - wildcard DNS for everyone.
+  :small_orange_diamond: INTO DNS - DNS and mail server health checker.
+

##### :black_small_square: Mail From e73d0000139a365dc4e952af1b5e2e755974008f Mon Sep 17 00:00:00 2001 From: Austin Lowery Date: Sat, 22 Dec 2018 02:24:27 -0600 Subject: [PATCH 080/148] Add Leaf DNS comprehensive DNS tester. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bad8894..24455d9 100644 --- a/README.md +++ b/README.md @@ -274,6 +274,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: PTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records.
  :small_orange_diamond: xip.ip - wildcard DNS for everyone.
  :small_orange_diamond: INTO DNS - DNS and mail server health checker.
+  :small_orange_diamond: Leaf DNS - Comprehensive DNS tester.

From 68756965b3259ca007d7da1bfdaca217a5203d13 Mon Sep 17 00:00:00 2001 From: Austin Lowery Date: Sat, 22 Dec 2018 02:26:21 -0600 Subject: [PATCH 081/148] Add whatsmydns.com DNS Propagation checking tool. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 24455d9..226d24b 100644 --- a/README.md +++ b/README.md @@ -275,6 +275,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: xip.ip - wildcard DNS for everyone.
  :small_orange_diamond: INTO DNS - DNS and mail server health checker.
  :small_orange_diamond: Leaf DNS - Comprehensive DNS tester.
+  :small_orange_diamond: What's My DNS - DNS Propagation Checking Tool.

From 4dae950012116a17e10bdc0cc07a41e3d3c6e776 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sun, 23 Dec 2018 11:05:28 +0100 Subject: [PATCH 082/148] dkimvalidator: fixed typos --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 226d24b..630c235 100644 --- a/README.md +++ b/README.md @@ -285,7 +285,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: MX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
  :small_orange_diamond: blacklistalert - checks to see if your domain is on a Real Time Spam Blacklist.
  :small_orange_diamond: MultiRBL - complete IP check for sending Mailservers.
-  :small_orange_diamond: DKIM SPF & Spam Assassin Validator - Checks mail authentication and scores messages with Spam Assassin
+  :small_orange_diamond: DKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.

##### :black_small_square: Net-tools From d0d174693829652493cf81b39f4edab663318f84 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sun, 23 Dec 2018 11:13:42 +0100 Subject: [PATCH 083/148] fixed typos; added ceipam dnslookup --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 630c235..604c328 100644 --- a/README.md +++ b/README.md @@ -273,9 +273,10 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: DNS Table online - search for DNS records by domain, IP, CIDR, ISP.
  :small_orange_diamond: PTRarchive.com - this site is responsible for the safekeeping of historical reverse DNS records.
  :small_orange_diamond: xip.ip - wildcard DNS for everyone.
-  :small_orange_diamond: INTO DNS - DNS and mail server health checker.
-  :small_orange_diamond: Leaf DNS - Comprehensive DNS tester.
-  :small_orange_diamond: What's My DNS - DNS Propagation Checking Tool.
+  :small_orange_diamond: intoDNS - DNS and mail server health checker.
+  :small_orange_diamond: Leaf DNS - comprehensive DNS tester.
+  :small_orange_diamond: dnslookup (ceipam) - one of the best DNS propagation checker (and not only).
+  :small_orange_diamond: What's My DNS - DNS propagation checking Tool.

From 71a7a5d5a14300fb8d3c195eaa22a7bdec945a16 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sun, 23 Dec 2018 21:30:16 +0100 Subject: [PATCH 084/148] fixed typos - signed-off-by: trimstray --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 604c328..1d62731 100644 --- a/README.md +++ b/README.md @@ -221,8 +221,8 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: Sublime Text - is a lightweight, cross-platform code editor known for its speed, ease of use.
-  :small_orange_diamond: Atom - a hackable text editor for the 21st Century.
  :small_orange_diamond: Visual Studio Code - an open-source and free source code editor developed by Microsoft.
+  :small_orange_diamond: Atom - a hackable text editor for the 21st Century.

#### Web Tools @@ -276,7 +276,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: intoDNS - DNS and mail server health checker.
  :small_orange_diamond: Leaf DNS - comprehensive DNS tester.
  :small_orange_diamond: dnslookup (ceipam) - one of the best DNS propagation checker (and not only).
-  :small_orange_diamond: What's My DNS - DNS propagation checking Tool.
+  :small_orange_diamond: What's My DNS - DNS propagation checking tool.

@@ -301,7 +301,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Network-Tools - network tools for webmasters, IT technicians & geeks.
  :small_orange_diamond: URL Encode/Decode - tool from above to either encode or decode a string of text.
  :small_orange_diamond: Uncoder - the online translator for search queries on log data.
-  :small_orange_diamond: XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
  :small_orange_diamond: RegExr - online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
  :small_orange_diamond: Hardenize - deploy the security standards.
  :small_orange_diamond: VirusTotal - analyze suspicious files and URLs to detect types of malware.
@@ -576,6 +575,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
+  :small_orange_diamond: XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
  :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
  :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.
From 85f64bb9b17ca7bc4d75edb21b8e72f98535b6cb Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 24 Dec 2018 10:48:47 +0100 Subject: [PATCH 085/148] added 'HTTP/2 explained' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1d62731..4fd671f 100644 --- a/README.md +++ b/README.md @@ -387,6 +387,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: TecMint - the ideal Linux blog for Sysadmins & Geeks.
  :small_orange_diamond: Omnisecu - Free Networking, System Administration and Security Tutorials.
  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
+  :small_orange_diamond: http2-explained - a detailed document explaining and documenting HTTP/2.
  :small_orange_diamond: http3-explained - a document describing the HTTP/3 and QUIC protocols.

From c6424a10bac9c50ba9edd2fe28eaaf040d957f43 Mon Sep 17 00:00:00 2001 From: lbonanomi <5369016+lbonanomi@users.noreply.github.com> Date: Mon, 24 Dec 2018 10:06:35 -0500 Subject: [PATCH 086/148] ssh -tt $HOST bash Skip login scripts when SSHing, good for misconfigured .profiles or 100%-full disks. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 4fd671f..79aa7e8 100644 --- a/README.md +++ b/README.md @@ -1627,6 +1627,12 @@ function _scg() { } ``` +###### SSH without processing any login scripts + +```bash +ssh -tt user@host bash +``` + ___ ##### Tool: [linux-dev](https://www.tldp.org/LDP/abs/html/devref1.html) From fb4b42c2e2f6ad6445a1681583efeb903f4b4b70 Mon Sep 17 00:00:00 2001 From: lbonanomi Date: Mon, 24 Dec 2018 10:26:13 -0500 Subject: [PATCH 087/148] SSH without profile processing --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 79aa7e8..4704183 100644 --- a/README.md +++ b/README.md @@ -1627,7 +1627,7 @@ function _scg() { } ``` -###### SSH without processing any login scripts +###### SSH login without processing any login scripts ```bash ssh -tt user@host bash From d667b0cb7f9795d8e79eb30f73006717246b69fd Mon Sep 17 00:00:00 2001 From: lbonanomi Date: Mon, 24 Dec 2018 10:33:34 -0500 Subject: [PATCH 088/148] SSH to host without processing user environment scripts. Signed-off-by: lbonanomi --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4704183..ac37549 100644 --- a/README.md +++ b/README.md @@ -1627,7 +1627,7 @@ function _scg() { } ``` -###### SSH login without processing any login scripts +###### SSH login without processing any login scripts ```bash ssh -tt user@host bash From 667368144b22371781a9dbbfa113acba868da83e Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Mon, 24 Dec 2018 21:53:43 +0100 Subject: [PATCH 089/148] removed last space from header --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ac37549..4704183 100644 --- a/README.md +++ b/README.md @@ -1627,7 +1627,7 @@ function _scg() { } ``` -###### SSH login without processing any login scripts +###### SSH login without processing any login scripts ```bash ssh -tt user@host bash From af8eede5347fdc117d2608c750e38d8fa1329767 Mon Sep 17 00:00:00 2001 From: Tommy Nguyen Date: Tue, 25 Dec 2018 01:47:50 -0500 Subject: [PATCH 090/148] Add link to Linux Guide and Hints - signed-off-by: Tommy Nguyen --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 4704183..093d874 100644 --- a/README.md +++ b/README.md @@ -374,6 +374,12 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.

+##### :black_small_square: Linux + +

+  :small_orange_diamond: Linux Guide and Hints - tutorials on system administration in Fedora® and CentOS®, including OpenLDAP and FreeIPA.
+

+ ##### :black_small_square: Programming

From 23a2bc228b6559465fe999d729798a1e85d07546 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Dec 2018 12:14:19 +0100 Subject: [PATCH 091/148] #34 - security of 3des for openssl - signed-off-by: trimstray --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4704183..7be3f34 100644 --- a/README.md +++ b/README.md @@ -1289,8 +1289,9 @@ openssl s_client -cipher 'AES128-SHA' -connect google.com:443 ###### Generate private key ```bash -# _ciph: des3, aes -( _ciph="des3" ; _fd="private.key" ; _len="2048" ; \ +# _ciph: des3, aes128, aes256 +# _len: 2048, 4096 +( _ciph="aes128" ; _fd="private.key" ; _len="4096" ; \ openssl genrsa -${_ciph} -out ${_fd} ${_len} ) ``` @@ -1311,7 +1312,7 @@ openssl rsa -pubout -in ${_fd} -out ${_fd_pub} ) ###### Generate private key + csr ```bash -( _fd="private.key" ; _fd_csr="request.csr" ; _len="2048" ; \ +( _fd="private.key" ; _fd_csr="request.csr" ; _len="4096" ; \ openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} ) ``` From 6562e06ee21646d44f2551c3a6108bcbd745f731 Mon Sep 17 00:00:00 2001 From: Divyesh Puri Date: Wed, 26 Dec 2018 01:07:51 +0530 Subject: [PATCH 092/148] Added PageSpeed Insights in performance section --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7be3f34..d80894b 100644 --- a/README.md +++ b/README.md @@ -323,6 +323,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Sucuri loadtimetester - test here the performance of any of your sites from across the globe.
  :small_orange_diamond: Pingdom Tools - analyze your site’s speed around the world.
+  :small_orange_diamond: PageSpeed Insights - analyze your site’s speed and make it faster.

##### :black_small_square: Mass scanners (search engines) From f284e674b75dc8a11f270bb403056643fd8ec0ba Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Tue, 25 Dec 2018 21:49:33 +0100 Subject: [PATCH 093/148] updated 'nix & Network' chapter --- README.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 093d874..843efb5 100644 --- a/README.md +++ b/README.md @@ -374,25 +374,20 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.

-##### :black_small_square: Linux - -

-  :small_orange_diamond: Linux Guide and Hints - tutorials on system administration in Fedora® and CentOS®, including OpenLDAP and FreeIPA.
-

- ##### :black_small_square: Programming

  :small_orange_diamond: F’Awk Yeah! - advanced sed and awk usage (Parsing for Pentesters 3).

-##### :black_small_square: Unix & Network +##### :black_small_square: \*nix & Network

  :small_orange_diamond: nixCraft - linux and unix tutorials for new and seasoned sysadmin.
  :small_orange_diamond: TecMint - the ideal Linux blog for Sysadmins & Geeks.
  :small_orange_diamond: Omnisecu - Free Networking, System Administration and Security Tutorials.
  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
+  :small_orange_diamond: Linux Guide and Hints - tutorials on system administration in Fedora® and CentOS®, including OpenLDAP and FreeIPA.
  :small_orange_diamond: http2-explained - a detailed document explaining and documenting HTTP/2.
  :small_orange_diamond: http3-explained - a document describing the HTTP/3 and QUIC protocols.

From 86d62e9b37740c19c7c7ea90cb9d7eec14869c76 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 26 Dec 2018 21:50:34 +0100 Subject: [PATCH 094/148] minor fixes and updates; updated gen private key - signed-off-by: trimstray --- README.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 5ae6f82..807b60f 100644 --- a/README.md +++ b/README.md @@ -375,7 +375,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.

-##### :black_small_square: Programming +##### :black_small_square: Sed & Awk & Other

  :small_orange_diamond: F’Awk Yeah! - advanced sed and awk usage (Parsing for Pentesters 3).
@@ -533,9 +533,9 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
-  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
+  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
  :small_orange_diamond: Free Security eBooks - list of a Free Security and Hacking eBooks.

@@ -565,13 +565,13 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
  :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
  :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all that things I need to pass OSCP.
-  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
  :small_orange_diamond: SecLists - collection of multiple types of lists used during security assessments, collected in one place.
-  :small_orange_diamond: Awesome Hacking - awesome lists for hackers, pentesters and security researchers.
+  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
+  :small_orange_diamond: Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
+  :small_orange_diamond: Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
-  :small_orange_diamond: Awesome Hacking - a curated list of awesome Hacking tutorials, tools and resources.
-  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
+  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
@@ -1290,6 +1290,14 @@ openssl s_client -cipher 'AES128-SHA' -connect google.com:443 ###### Generate private key +```bash +# _len: 2048, 4096 +( _fd="private.key" ; _len="4096" ; \ +openssl genrsa -out ${_fd} ${_len} ) +``` + +###### Generate private key with password + ```bash # _ciph: des3, aes128, aes256 # _len: 2048, 4096 From c239cc30033b3b7984cef70aae8a2239aa47a971 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 26 Dec 2018 23:19:24 +0100 Subject: [PATCH 095/148] added new chapter: Browsers - signed-off-by: trimstray --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 807b60f..29901e1 100644 --- a/README.md +++ b/README.md @@ -247,6 +247,15 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: crt.sh - discovers certificates by continually monitoring all of the publicly known CT.

+##### :black_small_square: Browsers + +

+  :small_orange_diamond: Can I use - provides up-to-date browser support tables for support of front-end web technologies.
+  :small_orange_diamond: Panopticlick 3.0 - is your browser safe against tracking?
+  :small_orange_diamond: Privacy Analyzer - see what data is exposed from your browser.
+  :small_orange_diamond: Web Browser Security - it's all about Web Browser fingerprinting.
+

+ ##### :black_small_square: Privacy

From a22f9a05caf8b259df69054c17db4a7f118fd4f1 Mon Sep 17 00:00:00 2001 From: proclnas Date: Wed, 26 Dec 2018 20:55:51 -0200 Subject: [PATCH 096/148] Added PbScan in network section --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 29901e1..b3051ce 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
+  :small_orange_diamond: pbscan - Faster and more efficient stateless SYN scanner and banner grabber.

##### :black_small_square: Network (DNS) From 985714befd12a695f0b26260d4861ff72888e5b2 Mon Sep 17 00:00:00 2001 From: lbonanomi Date: Wed, 26 Dec 2018 20:02:17 -0500 Subject: [PATCH 097/148] test if the current user is sudo-su'd into this session - signed-off-by: lbonanomi --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 807b60f..9a6178c 100644 --- a/README.md +++ b/README.md @@ -1227,6 +1227,12 @@ ___ who -b ``` +###### Detect a user sudo-su'd into the current shell + +``` +[[ $(who -m | awk '{ print $1 }') == $(whoami) ]] || echo "You are su-ed to $(whoami)" +``` + ___ ##### Tool: [screen](https://en.wikipedia.org/wiki/GNU_Screen) From b8c363ec7e7d2271f76874b644506dd3d5f14f6c Mon Sep 17 00:00:00 2001 From: lbonanomi <5369016+lbonanomi@users.noreply.github.com> Date: Wed, 26 Dec 2018 20:15:05 -0500 Subject: [PATCH 098/148] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a6178c..78036d1 100644 --- a/README.md +++ b/README.md @@ -1229,7 +1229,7 @@ who -b ###### Detect a user sudo-su'd into the current shell -``` +```bash [[ $(who -m | awk '{ print $1 }') == $(whoami) ]] || echo "You are su-ed to $(whoami)" ``` From 66f2a845a6e927ce71006922720d79efa1d55dca Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Thu, 27 Dec 2018 09:39:03 +0100 Subject: [PATCH 099/148] pbscan: minor update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b3051ce..8a2c5df 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: nmap - free and open source (license) utility for network discovery and security auditing.
  :small_orange_diamond: masscan - the fastest Internet port scanner, spews SYN packets asynchronously.
+  :small_orange_diamond: pbscan - faster and more efficient stateless SYN scanner and banner grabber.
  :small_orange_diamond: hping - command-line oriented TCP/IP packet assembler/analyzer.
  :small_orange_diamond: mtr - functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
  :small_orange_diamond: netcat - networking utility which reads and writes data across network connections, using the TCP/IP protocol.
@@ -108,7 +109,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
-  :small_orange_diamond: pbscan - Faster and more efficient stateless SYN scanner and banner grabber.

##### :black_small_square: Network (DNS) From 0b0ea33b65565bd2620c00476c211ad80c7d3968 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 27 Dec 2018 12:11:07 -0500 Subject: [PATCH 100/148] /usr/bin/last --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index e0b609d..a875664 100644 --- a/README.md +++ b/README.md @@ -743,6 +743,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an * [tr](#tool-tr) * [chmod](#tool-chmod) * [who](#tool-who) + * [last](#tool-last) * [screen](#tool-screen) * [du](#tool-du) * [inotifywait](#tool-inotifywait) @@ -1245,6 +1246,16 @@ who -b ___ +##### Tool: [last] + +###### Was the last reboot a panic? + +```bash +(last -x -f $(ls -1t /var/log/wtmp* | head -2 | tail -1);last -x -f /var/log/wtmp) | grep -A1 reboot | head -2 | grep -q shutdown && echo "clean reboot" || echo "panic reboot" +``` + +___ + ##### Tool: [screen](https://en.wikipedia.org/wiki/GNU_Screen) ###### Start screen in detached mode From 39192cfb1b479e9f9811e2d32b4470930e98ab7e Mon Sep 17 00:00:00 2001 From: lbonanomi Date: Thu, 27 Dec 2018 12:12:37 -0500 Subject: [PATCH 101/148] /usr/bin/last --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a875664..a346c13 100644 --- a/README.md +++ b/README.md @@ -1251,7 +1251,7 @@ ___ ###### Was the last reboot a panic? ```bash -(last -x -f $(ls -1t /var/log/wtmp* | head -2 | tail -1);last -x -f /var/log/wtmp) | grep -A1 reboot | head -2 | grep -q shutdown && echo "clean reboot" || echo "panic reboot" +(last -x -f $(ls -1t /var/log/wtmp* | head -2 | tail -1); last -x -f /var/log/wtmp) | grep -A1 reboot | head -2 | grep -q shutdown && echo "Expected reboot" || echo "Panic reboot" ``` ___ From 6c581cb873bd4fd016980dcd00dd0a022d7722f5 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 27 Dec 2018 18:19:44 +0100 Subject: [PATCH 102/148] added wrk - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e0b609d..1c3c97e 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
  :small_orange_diamond: Lynx - is a text browser for the World Wide Web.
  :small_orange_diamond: siege - is an http load testing and benchmarking utility.
+  :small_orange_diamond: wrk - is a modern HTTP benchmarking tool capable of generating significant load.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go
From f55b385f9c89d9227c10aad12fee3d1e8495b7a6 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 27 Dec 2018 19:14:24 +0100 Subject: [PATCH 103/148] lynis -> Lynis - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1c3c97e..6b303eb 100644 --- a/README.md +++ b/README.md @@ -153,7 +153,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo ##### :black_small_square: Auditing Tools

-  :small_orange_diamond: lynis - battle-tested security tool for systems running Linux, macOS, or Unix-based operating system.
+  :small_orange_diamond: Lynis - battle-tested security tool for systems running Linux, macOS, or Unix-based operating system.
  :small_orange_diamond: LinEnum - scripted Local Linux Enumeration & Privilege Escalation Checks.
  :small_orange_diamond: Rkhunter - scanner tool for Linux systems that scans backdoors, rootkits and local exploits on your systems.

From 712559f342bc54b5ce32de90e04ba2db84719234 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 27 Dec 2018 21:02:48 +0100 Subject: [PATCH 104/148] fixed broken url for 'last' command - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f37bc40..0403403 100644 --- a/README.md +++ b/README.md @@ -1247,7 +1247,7 @@ who -b ___ -##### Tool: [last] +##### Tool: [last](https://www.howtoforge.com/linux-last-command/) ###### Was the last reboot a panic? From 8ad7a47b7fd0d4cf8f105602156f483a67893119 Mon Sep 17 00:00:00 2001 From: bryce-b Date: Thu, 27 Dec 2018 18:12:28 -0500 Subject: [PATCH 105/148] - signed-off-by: bryce-b --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 0403403..03337d8 100644 --- a/README.md +++ b/README.md @@ -566,6 +566,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
  :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
  :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
+  :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.

##### :black_small_square: Pentests bookmarks collection @@ -640,6 +641,8 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: RingZer0 - tons of challenges designed to test and improve your hacking skills.
  :small_orange_diamond: Ubeeri - preconfigured lab environments.
  :small_orange_diamond: Pentestit - emulate an IT infrastructure of real companies for a legal pen testing and improving penetration testing skills.
+  :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
+  :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.

#### Your daily knowledge and news From bcc2d72ecc6a83f66355e4a293153830482a3178 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 28 Dec 2018 08:58:04 +0100 Subject: [PATCH 106/148] added Crypto chapter and Keybase - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 0403403..f75993d 100644 --- a/README.md +++ b/README.md @@ -300,6 +300,12 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: DKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.

+##### :black_small_square: Crypto + +

+  :small_orange_diamond: Keybase - it's open source and powered by public-key cryptography.
+

+ ##### :black_small_square: Net-tools

From 1bbe000d715c9538eaad8c25a6575cf90db7e62e Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 28 Dec 2018 09:38:31 +0100 Subject: [PATCH 107/148] added cxsecurity - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1964aa4..29ec959 100644 --- a/README.md +++ b/README.md @@ -380,6 +380,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Exploit DB - CVE compliant archive of public exploits and corresponding vulnerable software.
  :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits.
  :small_orange_diamond: sploitus - the exploit and tools database.
+  :small_orange_diamond: cxsecurity - free vulnerability database.

#### Manuals/Howtos/Tutorials From 6f8a4728611a2ef995df59bb08530349b2f92fea Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 28 Dec 2018 09:41:14 +0100 Subject: [PATCH 108/148] added new chapter: Python - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 29ec959..a5bd7e2 100644 --- a/README.md +++ b/README.md @@ -393,6 +393,12 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.

+##### :black_small_square: Python + +

+  :small_orange_diamond: Awesome Python - A curated list of awesome Python frameworks, libraries, software and resources.
+

+ ##### :black_small_square: Sed & Awk & Other

From 99325fddd9ad613d4842ccb30344b81f5e40f1e2 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 28 Dec 2018 09:43:49 +0100 Subject: [PATCH 109/148] moved Crypto to Systems/Services - signed-off-by: trimstray --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index a5bd7e2..2d2ed01 100644 --- a/README.md +++ b/README.md @@ -300,12 +300,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: DKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.

-##### :black_small_square: Crypto - -

-  :small_orange_diamond: Keybase - it's open source and powered by public-key cryptography.
-

- ##### :black_small_square: Net-tools

@@ -520,6 +514,12 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.

+##### :black_small_square: Crypto + +

+  :small_orange_diamond: Keybase - it's open source and powered by public-key cryptography.
+

+ ##### :black_small_square: PGP Keyservers

From 145e237f73c9172186eb6447330f4ef080e44dc2 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 28 Dec 2018 09:46:40 +0100 Subject: [PATCH 110/148] added Awesome-Selfhosted - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2d2ed01..a41ac84 100644 --- a/README.md +++ b/README.md @@ -555,6 +555,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Awesome Sysadmin - amazingly awesome open source sysadmin resources.
  :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
+  :small_orange_diamond: Awesome-Selfhosted - list of Free Software network services and web applications which can be hosted locally.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
From d7038f6ea68bcb81a43d2521d8f5f63c5174d800 Mon Sep 17 00:00:00 2001 From: jwbensley Date: Fri, 28 Dec 2018 09:38:59 +0000 Subject: [PATCH 111/148] Adding Etherate to 'Networking' --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a41ac84..eae9ff9 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: iPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  :small_orange_diamond: ethr - is a Network Performance Measurement Tool for TCP, UDP & HTTP.
+  :small_orange_diamond: Etherate - is a Linux CLI based Ethernet and MPLS traffic testing tool.
  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
From 1fa33055b48f67847e2f7286035536b27444dcd0 Mon Sep 17 00:00:00 2001 From: Josh Crozier Date: Fri, 28 Dec 2018 18:53:13 -0500 Subject: [PATCH 112/148] Add sites: Regex101.com, CodePen.io, PingMe.io, and Google Lighthouse Tool --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index a41ac84..02df96b 100644 --- a/README.md +++ b/README.md @@ -312,6 +312,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Network-Tools - network tools for webmasters, IT technicians & geeks.
  :small_orange_diamond: URL Encode/Decode - tool from above to either encode or decode a string of text.
  :small_orange_diamond: Uncoder - the online translator for search queries on log data.
+  :small_orange_diamond: Regex101 - online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript.
  :small_orange_diamond: RegExr - online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
  :small_orange_diamond: Hardenize - deploy the security standards.
  :small_orange_diamond: VirusTotal - analyze suspicious files and URLs to detect types of malware.
@@ -323,6 +324,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: ShellCheck - finds bugs in your shell scripts.
  :small_orange_diamond: explainshell - get interactive help texts for shell commands.
  :small_orange_diamond: jsbin - live pastebin for HTML, CSS & JavaScript and more.
+  :small_orange_diamond: CodePen - is a social development environment for front-end designers and developers.
  :small_orange_diamond: PHP Sandbox - test your PHP code with this code tester.
  :small_orange_diamond: Repl.it - an instant IDE to learn, build, collaborate, and host all in one place.

@@ -334,7 +336,9 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: Sucuri loadtimetester - test here the performance of any of your sites from across the globe.
  :small_orange_diamond: Pingdom Tools - analyze your site’s speed around the world.
+  :small_orange_diamond: PingMe.io - run website latency tests across multiple geographic regions.
  :small_orange_diamond: PageSpeed Insights - analyze your site’s speed and make it faster.
+  :small_orange_diamond: Google Lighthouse Tool - analyzes web apps and web pages, collecting modern performance metrics and insights on developer best practices.

##### :black_small_square: Mass scanners (search engines) From 5e9b7c064085a9e67734f11e18332fe3c3dc4385 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sat, 29 Dec 2018 09:27:15 +0100 Subject: [PATCH 113/148] replaced Lighthouse to web.dev (hosted version) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 02df96b..4673b2c 100644 --- a/README.md +++ b/README.md @@ -338,7 +338,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Pingdom Tools - analyze your site’s speed around the world.
  :small_orange_diamond: PingMe.io - run website latency tests across multiple geographic regions.
  :small_orange_diamond: PageSpeed Insights - analyze your site’s speed and make it faster.
-  :small_orange_diamond: Google Lighthouse Tool - analyzes web apps and web pages, collecting modern performance metrics and insights on developer best practices.
+  :small_orange_diamond: web.dev - helps developers like you learn and apply the web's modern capabilities to your own sites and apps.

##### :black_small_square: Mass scanners (search engines) From f8a03197ca5d48fb1f09205883f947579e937f2a Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 29 Dec 2018 09:38:34 +0100 Subject: [PATCH 114/148] separation of chapter: Geeky Blogs/Persons - signed-off-by: trimstray --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4673b2c..daf9512 100644 --- a/README.md +++ b/README.md @@ -465,7 +465,7 @@ performance of any of your sites from across the globe.
#### Blogs -##### :black_small_square: Geeky Blogs/Persons +##### :black_small_square: Geeky Persons

  :small_orange_diamond: Brendan Gregg's Blog - Brendan Gregg is an industry expert in computing performance and cloud computing.
@@ -478,6 +478,11 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Binni Shah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
  :small_orange_diamond: Kacper Szurek - Detection Engineer at ESET.
  :small_orange_diamond: Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.
+

+ +##### :black_small_square: Geeky Blogs + +

  :small_orange_diamond: Linux Audit - the Linux security blog about Auditing, Hardening and Compliance by Michael Boelen.
  :small_orange_diamond: Linux Security Expert - trainings, howtos, checklists, security tools and more.
From cde363e60313807a8d73f0665877756d9cd0845a Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 29 Dec 2018 09:40:17 +0100 Subject: [PATCH 115/148] moved raymii.org to 'Geeky Persons' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index daf9512..0bbcd86 100644 --- a/README.md +++ b/README.md @@ -478,6 +478,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Binni Shah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
  :small_orange_diamond: Kacper Szurek - Detection Engineer at ESET.
  :small_orange_diamond: Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.
+  :small_orange_diamond: raymii.org - linux/unix sysadmin specializing in building high availability cloud environments.

##### :black_small_square: Geeky Blogs @@ -487,7 +488,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Linux Security Expert - trainings, howtos, checklists, security tools and more.
  :small_orange_diamond: The Grymoire - collection of useful incantations for wizards, be you computer wizards, magicians, or whatever.
-  :small_orange_diamond: raymii.org - linux/unix sysadmin specializing in building high availability cloud environments.

##### :black_small_square: A piece of history From 1c55b40c5381e37011345ff1c816fb15a81d69df Mon Sep 17 00:00:00 2001 From: Lint <44368997+C0derLint@users.noreply.github.com> Date: Sun, 30 Dec 2018 16:15:43 +0530 Subject: [PATCH 116/148] Added CodeSandbox --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0bbcd86..6d58af0 100644 --- a/README.md +++ b/README.md @@ -324,7 +324,8 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: ShellCheck - finds bugs in your shell scripts.
  :small_orange_diamond: explainshell - get interactive help texts for shell commands.
  :small_orange_diamond: jsbin - live pastebin for HTML, CSS & JavaScript and more.
-  :small_orange_diamond: CodePen - is a social development environment for front-end designers and developers.
+  :small_orange_diamond: CodePen - a social development environment for front-end designers and developers.
+  :small_orange_diamond: CodeSandbox - Online Code Editor for Web Application Development. Supports React, Vue, Angular, CxJS, Dojo, etc.
  :small_orange_diamond: PHP Sandbox - test your PHP code with this code tester.
  :small_orange_diamond: Repl.it - an instant IDE to learn, build, collaborate, and host all in one place.

@@ -346,7 +347,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
  :small_orange_diamond: Shodan - the world's first search engine for Internet-connected devices.
-  :small_orange_diamond: Shodan 2000 - if you use Shodan for everyday work, be sure to see it - looks for randomly generated data from Shodan.
+  :small_orange_diamond: Shodan 2000 - Do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan.
  :small_orange_diamond: GreyNoise - mass scanner (such as Shodan and Censys).
  :small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
  :small_orange_diamond: FOFA - is a cyberspace search engine.
@@ -663,7 +664,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: PentesterLab - provides vulnerable systems that can be used to test and understand vulnerabilities.
  :small_orange_diamond: RingZer0 - tons of challenges designed to test and improve your hacking skills.
  :small_orange_diamond: Ubeeri - preconfigured lab environments.
-  :small_orange_diamond: Pentestit - emulate an IT infrastructure of real companies for a legal pen testing and improving penetration testing skills.
+  :small_orange_diamond: Pentestit - emulate IT infrastructures of real companies for legal pen testing and improving penetration testing skills.
  :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
  :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.

From ee4ff6571f01f6024d6481d49e6c5c044914f660 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sun, 30 Dec 2018 14:18:45 +0100 Subject: [PATCH 117/148] minor updates --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6d58af0..86d84dd 100644 --- a/README.md +++ b/README.md @@ -325,7 +325,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: explainshell - get interactive help texts for shell commands.
  :small_orange_diamond: jsbin - live pastebin for HTML, CSS & JavaScript and more.
  :small_orange_diamond: CodePen - a social development environment for front-end designers and developers.
-  :small_orange_diamond: CodeSandbox - Online Code Editor for Web Application Development. Supports React, Vue, Angular, CxJS, Dojo, etc.
+  :small_orange_diamond: CodeSandbox - online code editor for web application development. Supports React, Vue, Angular, CxJS, Dojo, etc.
  :small_orange_diamond: PHP Sandbox - test your PHP code with this code tester.
  :small_orange_diamond: Repl.it - an instant IDE to learn, build, collaborate, and host all in one place.

@@ -347,8 +347,8 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
  :small_orange_diamond: Shodan - the world's first search engine for Internet-connected devices.
-  :small_orange_diamond: Shodan 2000 - Do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan.
-  :small_orange_diamond: GreyNoise - mass scanner (such as Shodan and Censys).
+  :small_orange_diamond: Shodan 2000 - do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan.
+  :small_orange_diamond: GreyNoise - mass scanner such as Shodan and Censys.
  :small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
  :small_orange_diamond: FOFA - is a cyberspace search engine.
  :small_orange_diamond: onyphe - is a search engine for open-source and cyber threat intelligence data collected.
From c49454f868678e4a4d26a6eba7333bc61c18c22c Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 3 Jan 2019 10:04:56 +0100 Subject: [PATCH 118/148] added HAProxy - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 86d84dd..2ca5700 100644 --- a/README.md +++ b/README.md @@ -514,6 +514,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an

  :small_orange_diamond: Varnish HTTP Cache - HTTP accelerator designed for content-heavy dynamic web sites.
  :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.
+  :small_orange_diamond: HAProxy - the reliable, high performance TCP/HTTP load balancer.

##### :black_small_square: Secure WebMail Providers From c08b41fe6ed2229f24067a1bfb1bcaa85f5377a0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 3 Jan 2019 10:06:02 +0100 Subject: [PATCH 119/148] renamed 'Varnish HTTP Cache' to 'Varnish Cache' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ca5700..26e75f2 100644 --- a/README.md +++ b/README.md @@ -512,7 +512,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an ##### :black_small_square: HTTP(s) Services

-  :small_orange_diamond: Varnish HTTP Cache - HTTP accelerator designed for content-heavy dynamic web sites.
+  :small_orange_diamond: Varnish Cache - HTTP accelerator designed for content-heavy dynamic web sites.
  :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.
  :small_orange_diamond: HAProxy - the reliable, high performance TCP/HTTP load balancer.

From 0c66c1acb5c354707ac02f1f65870ec0785c5335 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 3 Jan 2019 10:09:52 +0100 Subject: [PATCH 120/148] fixed typos - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 26e75f2..991c83c 100644 --- a/README.md +++ b/README.md @@ -686,7 +686,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Qualys Blog - expert network security guidance and news.
  :small_orange_diamond: DARKReading - connecting the Information Security Community.
  :small_orange_diamond: publiclyDisclosed - public disclosure watcher who keeps you up to date about the recently disclosed bugs.
-  :small_orange_diamond: Packet Storm - information security services, news, files, tools, exploits, aAdvisories and whitepapers.
+  :small_orange_diamond: Packet Storm - information security services, news, files, tools, exploits, advisories and whitepapers.
  :small_orange_diamond: Sekurak - about security, penetration tests, vulnerabilities and many others (PL/EN).
  :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).

From 413c5e973915cde7c17d8d18a3cbd0060b04b370 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 10:09:40 +0100 Subject: [PATCH 121/148] minor updates; added 'webhint.io' - signed-off-by: trimstray --- README.md | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 991c83c..2e33642 100644 --- a/README.md +++ b/README.md @@ -229,6 +229,15 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo #### Web Tools +##### :black_small_square: Browsers + +

+  :small_orange_diamond: Can I use - provides up-to-date browser support tables for support of front-end web technologies.
+  :small_orange_diamond: Panopticlick 3.0 - is your browser safe against tracking?
+  :small_orange_diamond: Privacy Analyzer - see what data is exposed from your browser.
+  :small_orange_diamond: Web Browser Security - it's all about Web Browser fingerprinting.
+

+ ##### :black_small_square: SSL/Security

@@ -249,28 +258,13 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: crt.sh - discovers certificates by continually monitoring all of the publicly known CT.

-##### :black_small_square: Browsers - -

-  :small_orange_diamond: Can I use - provides up-to-date browser support tables for support of front-end web technologies.
-  :small_orange_diamond: Panopticlick 3.0 - is your browser safe against tracking?
-  :small_orange_diamond: Privacy Analyzer - see what data is exposed from your browser.
-  :small_orange_diamond: Web Browser Security - it's all about Web Browser fingerprinting.
-

- -##### :black_small_square: Privacy - -

-  :small_orange_diamond: privacytools.io - provides knowledge and tools to protect your privacy against global mass surveillance.
-  :small_orange_diamond: DNS Privacy Test Servers - DNS privacy recursive servers list (with a 'no logging' policy).
-

- -##### :black_small_square: HTTP Headers +##### :black_small_square: HTTP Headers & Web Linters

  :small_orange_diamond: Security Headers - analyse the HTTP response headers (with rating system to the results).
  :small_orange_diamond: Observatory by Mozilla - set of tools to analyze your website.
  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.
+  :small_orange_diamond: webhint - is a linting tool that will help you with your site's accessibility, speed, security and more.

##### :black_small_square: DNS @@ -318,6 +312,13 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo   :small_orange_diamond: VirusTotal - analyze suspicious files and URLs to detect types of malware.

+##### :black_small_square: Privacy + +

+  :small_orange_diamond: privacytools.io - provides knowledge and tools to protect your privacy against global mass surveillance.
+  :small_orange_diamond: DNS Privacy Test Servers - DNS privacy recursive servers list (with a 'no logging' policy).
+

+ ##### :black_small_square: Code parsers/playgrounds

From 575cd7e43e609e6536c79c6b5ed6ff12879c82fc Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 10:18:05 +0100 Subject: [PATCH 122/148] added 'Build your own System/Virtual Machine' chapter - signed-off-by: trimstray --- README.md | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 2e33642..7a9ae5f 100644 --- a/README.md +++ b/README.md @@ -694,17 +694,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an #### Other Cheat Sheets -###### DNS Servers list (privacy) - -| IP | URL | -| :--- | :--- | -| **`84.200.69.80`** | [dns.watch](https://dns.watch/) | -| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) | -| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) | -| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) | -| **`1.1.1.1`** | [cloudflare.com](https://www.cloudflare.com/dns/) | -| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) | - ###### Build your own DNS Servers

@@ -721,6 +710,24 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: OpenSSL Certificate Authority - build your own certificate authority (CA) using the OpenSSL command-line tools.

+###### Build your own System/Virtual Machine + +

+   :small_orange_diamond: os-tutorial - how to create an OS from scratch.
+  :small_orange_diamond: Write your Own Virtual Machine - how to write your own virtual machine (VM).
+

+ +###### DNS Servers list (privacy) + +| IP | URL | +| :--- | :--- | +| **`84.200.69.80`** | [dns.watch](https://dns.watch/) | +| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) | +| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) | +| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) | +| **`1.1.1.1`** | [cloudflare.com](https://www.cloudflare.com/dns/) | +| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) | + ###### TOP 10 Browser extensions | Extension name | Description | From 9e66dc4aa0e3c5236232e86718314216b287e8cc Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 10:31:42 +0100 Subject: [PATCH 123/148] added 'OWASP Testing Guide v4' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7a9ae5f..22cad76 100644 --- a/README.md +++ b/README.md @@ -430,6 +430,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OWASP - worldwide not-for-profit charitable organization focused on improving the security of software.
  :small_orange_diamond: OWASP ASVS 3.0.1 - OWASP Application Security Verification Standard Project.
  :small_orange_diamond: OWASP ASVS 3.0.1 Web App - simple web app that helps developers understand the ASVS requirements.
+  :small_orange_diamond: OWASP Testing Guide v4 - includes a "best practice" penetration testing framework.
  :small_orange_diamond: Hacking Articles - LRaj Chandel's Security & Hacking Blog.
  :small_orange_diamond: AWS security tools - make your AWS cloud environment more secure.
  :small_orange_diamond: Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
From 022a2acbcbd6b3dec325b364342f4b660b96ef3f Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 10:59:34 +0100 Subject: [PATCH 124/148] added CTFs resources - signed-off-by: trimstray --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 22cad76..f01bfe5 100644 --- a/README.md +++ b/README.md @@ -621,6 +621,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
  :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.
+  :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.

##### :black_small_square: Bounty programs @@ -649,7 +650,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.

-##### :black_small_square: Labs (ethical hacking platforms/trainings) +##### :black_small_square: Labs (ethical hacking platforms/trainings/CTFs)

  :small_orange_diamond: Offensive Security - true performance-based penetration testing training for over a decade.
@@ -657,6 +658,8 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Hacking-Lab - online ethical hacking, computer network and security challenge platform.
  :small_orange_diamond: pwnable.kr - non-commercial wargame site which provides various pwn challenges regarding system exploitation.
  :small_orange_diamond: Pwnable.tw - is a wargame site for hackers to test and expand their binary exploiting skills.
+  :small_orange_diamond: picoCTF - is a free computer security game targeted at middle and high school students.
+  :small_orange_diamond: CTFlearn - is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge and skills.
  :small_orange_diamond: Silesia Security Lab - high quality security testing services.
  :small_orange_diamond: Practical Pentest Labs - pentest lab, take your Hacking skills to the next level.
  :small_orange_diamond: Root Me - the fast, easy, and affordable way to train your hacking skills.
From 97afa900d2c40a721a8cd2ac3161378836c3b47d Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 11:08:57 +0100 Subject: [PATCH 125/148] removed gitignore - signed-off-by: trimstray --- .gitignore | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 10ee1b0..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# This is where the result of the script output. -log/ From 3d138cba8a43226eff60a4621b5fbd2cf578ec23 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 11:12:58 +0100 Subject: [PATCH 126/148] added 'Awesome Malware Analysis' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f01bfe5..237d738 100644 --- a/README.md +++ b/README.md @@ -614,6 +614,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
+  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources..
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
From 49868e5c977721ddf238e9b15e7df2789ceb15c9 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 11:34:38 +0100 Subject: [PATCH 127/148] minor fix; added hackxor.net - signed-off-by: trimstray --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 237d738..360ba13 100644 --- a/README.md +++ b/README.md @@ -614,7 +614,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
-  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources..
+  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
@@ -666,6 +666,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Root Me - the fast, easy, and affordable way to train your hacking skills.
  :small_orange_diamond: rozwal.to - a great platform to train your pentesting skills.
  :small_orange_diamond: TryHackMe - learning Cyber Security made easy.
+  :small_orange_diamond: hackxor - is a realistic web application hacking game, designed to help players of all abilities develop their skills.
  :small_orange_diamond: OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
  :small_orange_diamond: Wizard Labs - is an online Penetration Testing Lab.
  :small_orange_diamond: PentesterLab - provides vulnerable systems that can be used to test and understand vulnerabilities.
From 0d9cacddfa843ad62f8c16096c8d57db97d20253 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 12:50:23 +0100 Subject: [PATCH 128/148] moved 'enable-cors.org' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 46690c9..d9ef8e7 100644 --- a/README.md +++ b/README.md @@ -264,7 +264,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo

  :small_orange_diamond: Security Headers - analyse the HTTP response headers (with rating system to the results).
  :small_orange_diamond: Observatory by Mozilla - set of tools to analyze your website.
-  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.
  :small_orange_diamond: webhint - is a linting tool that will help you with your site's accessibility, speed, security and more.

@@ -445,6 +444,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Mozilla Web Security - help operational teams with creating secure web applications.
+  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.

##### :black_small_square: Other From a8d6bdb367d2ad628c7913eed75f1958bb18ba58 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 13:12:55 +0100 Subject: [PATCH 129/148] added 'Awesome Web Security' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d9ef8e7..dcd30b1 100644 --- a/README.md +++ b/README.md @@ -570,6 +570,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
  :small_orange_diamond: Awesome-Selfhosted - list of Free Software network services and web applications which can be hosted locally.
+  :small_orange_diamond: Awesome Web Security - curated list of Web Security materials and resources.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
From e76d0bb88880f4f76ac839550cab7e39ed38f467 Mon Sep 17 00:00:00 2001 From: lbonanomi Date: Fri, 4 Jan 2019 07:38:37 -0500 Subject: [PATCH 130/148] Get the last 60 minutes of httpd logs from /var/log/httpd/access_log --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index dcd30b1..d0cf496 100644 --- a/README.md +++ b/README.md @@ -2222,6 +2222,12 @@ awk '!x[$0]++' filename awk '{$1=$3=""}1' filename ``` +###### Get the last hour of Apache logs + +```bash +awk '/'$(date -d "1 hours ago" "+%d\\/%b\\/%Y:%H:%M")'/,/'$(date "+%d\\/%b\\/%Y:%H:%M")'/ { print $0 }' /var/log/httpd/access_log +``` + ___ ##### Tool: [sed](http://www.grymoire.com/Unix/Sed.html) From 08bb0f8d811d29e6deac211afdc12f5400c86a84 Mon Sep 17 00:00:00 2001 From: adhoc-king <46354827+adhoc-king@users.noreply.github.com> Date: Fri, 4 Jan 2019 22:49:02 +0530 Subject: [PATCH 131/148] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dcd30b1..e118ee0 100644 --- a/README.md +++ b/README.md @@ -596,6 +596,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
  :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.
+  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - Test security and privacy of mobile apps (iOS & Android).

##### :black_small_square: Pentests bookmarks collection From 791957d328fec1b82eeb2055da9831ea81882c2d Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Fri, 4 Jan 2019 18:34:59 +0100 Subject: [PATCH 132/148] added new chapter: Mobile Apps --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e118ee0..e19c51a 100644 --- a/README.md +++ b/README.md @@ -383,6 +383,12 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: cxsecurity - free vulnerability database.

+##### :black_small_square: Mobile Apps + +

+  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).
+

+ #### Manuals/Howtos/Tutorials ##### :black_small_square: Bash @@ -596,7 +602,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
  :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.
-  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - Test security and privacy of mobile apps (iOS & Android).

##### :black_small_square: Pentests bookmarks collection From 2aa3e147c9f7a18b70ff05888e07726d2508db9e Mon Sep 17 00:00:00 2001 From: adhoc-king <46354827+adhoc-king@users.noreply.github.com> Date: Fri, 4 Jan 2019 23:23:18 +0530 Subject: [PATCH 133/148] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d855109..f6658f8 100644 --- a/README.md +++ b/README.md @@ -387,6 +387,8 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).
+  :small_orange_diamond: Quixxi - Free Mobile App Vulnerability Scanner for Android & iOS Apps.
+  :small_orange_diamond: Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.

#### Manuals/Howtos/Tutorials From 689139f1489774b02627db1f7dc40c43f676b9ba Mon Sep 17 00:00:00 2001 From: adhoc-king <46354827+adhoc-king@users.noreply.github.com> Date: Fri, 4 Jan 2019 23:44:57 +0530 Subject: [PATCH 134/148] Update README.md --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index d855109..92e6544 100644 --- a/README.md +++ b/README.md @@ -633,6 +633,13 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.

+##### :black_small_square: Reverse Engineering Tools +

+  :small_orange_diamond: Hopper - lets you disassemble, decompile and debug applications.
+  :small_orange_diamond: IDA Pro - generates assembly language source code from machine-executable code.
+  :small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.
+

+ ##### :black_small_square: Bounty programs

From 2379461b5c7a7a62d391b4c2b26544f6d076f911 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 4 Jan 2019 21:41:35 +0100 Subject: [PATCH 135/148] #50 - added TOC - signed-off-by: trimstray --- README.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d855109..ddca07e 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,24 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo - [ ] Add one-liners for collection tools (eg. CLI Tools) - [ ] Generate book pdf format -## :anger:  The Book of Secret Knowledge (Chapters) +## :anger:  Table Of Content + +Only main chapters: + +- **[CLI Tools](https://github.com/trimstray/the-book-of-secret-knowledge#cli-tools)** +- **[GUI Tools](https://github.com/trimstray/the-book-of-secret-knowledge#gui-tools)** +- **[Web Tools](https://github.com/trimstray/the-book-of-secret-knowledge#web-tools)** +- **[Manuals/Howtos/Tutorials](https://github.com/trimstray/the-book-of-secret-knowledge#manualshowtostutorials)** +- **[Blogs](https://github.com/trimstray/the-book-of-secret-knowledge#blogs)** +- **[Systems/Services](https://github.com/trimstray/the-book-of-secret-knowledge#systemsservices)** +- **[Networks](https://github.com/trimstray/the-book-of-secret-knowledge#networks)** +- **[Awesome Lists](https://github.com/trimstray/the-book-of-secret-knowledge#awesome-lists)** +- **[Hacking/Penetration Testing](https://github.com/trimstray/the-book-of-secret-knowledge#hackingpenetration-testing)** +- **[Your daily knowledge and news](https://github.com/trimstray/the-book-of-secret-knowledge#your-daily-knowledge-and-news)** +- **[Other Cheat Sheets](https://github.com/trimstray/the-book-of-secret-knowledge#other-cheat-sheets)** +- **[One-liners](https://github.com/trimstray/the-book-of-secret-knowledge#one-liners)** + +## :large_orange_diamond:  The Book of Secret Knowledge (Chapters) #### CLI Tools From 9eaa778d0ad19b98aa0d62aec540a5f867233294 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sat, 5 Jan 2019 08:44:34 +0100 Subject: [PATCH 136/148] fixed typos --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f6658f8..38dbc2c 100644 --- a/README.md +++ b/README.md @@ -387,7 +387,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).
-  :small_orange_diamond: Quixxi - Free Mobile App Vulnerability Scanner for Android & iOS Apps.
+  :small_orange_diamond: Quixxi - free Mobile App Vulnerability Scanner for Android & iOS.
  :small_orange_diamond: Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.

From af8e10bf33f3aeed701225a5ff5691ccab8b2fdb Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sat, 5 Jan 2019 08:53:22 +0100 Subject: [PATCH 137/148] updated 'Pentesters arsenal tools' chapter --- README.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 92e6544..7c0a1e9 100644 --- a/README.md +++ b/README.md @@ -602,6 +602,8 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
  :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.
+  :small_orange_diamond: IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
+  :small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.

##### :black_small_square: Pentests bookmarks collection @@ -633,13 +635,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.

-##### :black_small_square: Reverse Engineering Tools -

-  :small_orange_diamond: Hopper - lets you disassemble, decompile and debug applications.
-  :small_orange_diamond: IDA Pro - generates assembly language source code from machine-executable code.
-  :small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.
-

- ##### :black_small_square: Bounty programs

From fcec52fdbbdf1b03d01fea59161661aab1dec667 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 09:00:24 +0100 Subject: [PATCH 138/148] #50 - fixed TOC - signed-off-by: trimstray --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index c897a3b..6803570 100644 --- a/README.md +++ b/README.md @@ -65,18 +65,18 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo Only main chapters: -- **[CLI Tools](https://github.com/trimstray/the-book-of-secret-knowledge#cli-tools)** -- **[GUI Tools](https://github.com/trimstray/the-book-of-secret-knowledge#gui-tools)** -- **[Web Tools](https://github.com/trimstray/the-book-of-secret-knowledge#web-tools)** -- **[Manuals/Howtos/Tutorials](https://github.com/trimstray/the-book-of-secret-knowledge#manualshowtostutorials)** -- **[Blogs](https://github.com/trimstray/the-book-of-secret-knowledge#blogs)** -- **[Systems/Services](https://github.com/trimstray/the-book-of-secret-knowledge#systemsservices)** -- **[Networks](https://github.com/trimstray/the-book-of-secret-knowledge#networks)** -- **[Awesome Lists](https://github.com/trimstray/the-book-of-secret-knowledge#awesome-lists)** -- **[Hacking/Penetration Testing](https://github.com/trimstray/the-book-of-secret-knowledge#hackingpenetration-testing)** -- **[Your daily knowledge and news](https://github.com/trimstray/the-book-of-secret-knowledge#your-daily-knowledge-and-news)** -- **[Other Cheat Sheets](https://github.com/trimstray/the-book-of-secret-knowledge#other-cheat-sheets)** -- **[One-liners](https://github.com/trimstray/the-book-of-secret-knowledge#one-liners)** +- **[CLI Tools](#cli-tools)** +- **[GUI Tools](#gui-tools)** +- **[Web Tools](#web-tools)** +- **[Manuals/Howtos/Tutorials](#manualshowtostutorials)** +- **[Blogs](#blogs)** +- **[Systems/Services](#systemsservices)** +- **[Networks](#networks)** +- **[Awesome Lists](#awesome-lists)** +- **[Hacking/Penetration Testing](#hackingpenetration-testing)** +- **[Your daily knowledge and news](#your-daily-knowledge-and-news)** +- **[Other Cheat Sheets](#other-cheat-sheets)** +- **[One-liners](#one-liners)** ## :large_orange_diamond:  The Book of Secret Knowledge (Chapters) @@ -153,7 +153,7 @@ Only main chapters:   :small_orange_diamond: wrk - is a modern HTTP benchmarking tool capable of generating significant load.
  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
-  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go
+  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go.

##### :black_small_square: SSL/Security From 6b08e3054ff9aacd59253b973d3a1c488cf132fb Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 09:06:02 +0100 Subject: [PATCH 139/148] added 'Valgrind' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6803570..65509a7 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,7 @@ Only main chapters:   :small_orange_diamond: DTrace - is a performance analysis and troubleshooting tool.
  :small_orange_diamond: ltrace - is a library call tracer, used to trace calls made by programs to library functions.
  :small_orange_diamond: sysdig - system exploration and troubleshooting tool with first class support for containers.
+  :small_orange_diamond: Valgrind - is an instrumentation framework for building dynamic analysis tools.
  :small_orange_diamond: glances - cross-platform system monitoring tool written in Python.
  :small_orange_diamond: htop - interactive text-mode process viewer for Unix systems. It aims to be a better 'top'.
  :small_orange_diamond: atop - ASCII performance monitor. Includes statistics for CPU, memory, disk, swap, network, and processes.
From 39f71c1626c41d7145bdb0686cc455174744555a Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 09:19:20 +0100 Subject: [PATCH 140/148] added 'PE-sieve' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 65509a7..682b2f0 100644 --- a/README.md +++ b/README.md @@ -174,6 +174,7 @@ Only main chapters:   :small_orange_diamond: Lynis - battle-tested security tool for systems running Linux, macOS, or Unix-based operating system.
  :small_orange_diamond: LinEnum - scripted Local Linux Enumeration & Privilege Escalation Checks.
  :small_orange_diamond: Rkhunter - scanner tool for Linux systems that scans backdoors, rootkits and local exploits on your systems.
+  :small_orange_diamond: PE-sieve - is a light-weight tool that helps to detect malware running on the system.

##### :black_small_square: System Diagnostics/Debuggers From 1f8a661ee2f9d47b49818747f9fc7d6ca7fb3988 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 09:45:14 +0100 Subject: [PATCH 141/148] #50 - updated TOC header - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 682b2f0..00948fa 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo - [ ] Add one-liners for collection tools (eg. CLI Tools) - [ ] Generate book pdf format -## :anger:  Table Of Content +## :anger:  Table of Contents Only main chapters: From bb4be174ed58da9d4df293b5b05e23078fccbd1d Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 09:54:05 +0100 Subject: [PATCH 142/148] README.md - chapters reorganization - signed-off-by: trimstray --- README.md | 164 +++++++++++++++++++++++++++--------------------------- 1 file changed, 82 insertions(+), 82 deletions(-) diff --git a/README.md b/README.md index 00948fa..27467d9 100644 --- a/README.md +++ b/README.md @@ -68,17 +68,17 @@ Only main chapters: - **[CLI Tools](#cli-tools)** - **[GUI Tools](#gui-tools)** - **[Web Tools](#web-tools)** -- **[Manuals/Howtos/Tutorials](#manualshowtostutorials)** -- **[Blogs](#blogs)** - **[Systems/Services](#systemsservices)** - **[Networks](#networks)** +- **[Manuals/Howtos/Tutorials](#manualshowtostutorials)** - **[Awesome Lists](#awesome-lists)** +- **[Blogs](#blogs)** - **[Hacking/Penetration Testing](#hackingpenetration-testing)** - **[Your daily knowledge and news](#your-daily-knowledge-and-news)** - **[Other Cheat Sheets](#other-cheat-sheets)** - **[One-liners](#one-liners)** -## :large_orange_diamond:  The Book of Secret Knowledge (Chapters) +## :trident:  The Book of Secret Knowledge (Chapters) #### CLI Tools @@ -410,6 +410,69 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.

+#### Systems/Services + +##### :black_small_square: Systems + +

+  :small_orange_diamond: Slackware - the most "Unix-like" Linux distribution.
+  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
+  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
+  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
+  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
+

+ +##### :black_small_square: HTTP(s) Services + +

+  :small_orange_diamond: Varnish Cache - HTTP accelerator designed for content-heavy dynamic web sites.
+  :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.
+  :small_orange_diamond: HAProxy - the reliable, high performance TCP/HTTP load balancer.
+

+ +##### :black_small_square: Secure WebMail Providers + +

+  :small_orange_diamond: CounterMail - is a secure and easy to use online email service, designed to provide maximum security and privacy.
+  :small_orange_diamond: Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
+  :small_orange_diamond: Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.
+

+ +##### :black_small_square: Crypto + +

+  :small_orange_diamond: Keybase - it's open source and powered by public-key cryptography.
+

+ +##### :black_small_square: PGP Keyservers + +

+  :small_orange_diamond: SKS OpenPGP Key server - includes a highly-efficient reconciliation algorithm for keeping the keyservers synchronized.
+

+ +##### :black_small_square: Security/hardening + +

+  :small_orange_diamond: Emerald Onion - seattle-based encrypted-transit internet service provider.
+  :small_orange_diamond: Unbound - validating, recursive, and caching DNS resolver (with TLS).
+  :small_orange_diamond: Knot Resolver - caching full resolver implementation, including both a resolver library and a daemon.
+  :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
+

+ +#### Networks + +##### :black_small_square: Tools + +

+  :small_orange_diamond: CapAnalysis - web visual tool to analyze large amounts of captured network traffic (PCAP analyzer).
+

+ +##### :black_small_square: Labs + +

+  :small_orange_diamond: NRE Labs - learn automation by doing it. Right now, right here, in your browser.
+

+ #### Manuals/Howtos/Tutorials ##### :black_small_square: Bash @@ -494,6 +557,22 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.

+#### Awesome Lists + +

+  :small_orange_diamond: Awesome Sysadmin - amazingly awesome open source sysadmin resources.
+  :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
+  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
+  :small_orange_diamond: Awesome-Selfhosted - list of Free Software network services and web applications which can be hosted locally.
+  :small_orange_diamond: Awesome Web Security - curated list of Web Security materials and resources.
+  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
+  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
+  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
+  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
+  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
+  :small_orange_diamond: Free Security eBooks - list of a Free Security and Hacking eBooks.
+

+ #### Blogs ##### :black_small_square: Geeky Persons @@ -527,85 +606,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.

-#### Systems/Services - -##### :black_small_square: Systems - -

-  :small_orange_diamond: Slackware - the most "Unix-like" Linux distribution.
-  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
-  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
-  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
-  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
-

- -##### :black_small_square: HTTP(s) Services - -

-  :small_orange_diamond: Varnish Cache - HTTP accelerator designed for content-heavy dynamic web sites.
-  :small_orange_diamond: Nginx - open source web and reverse proxy server that is similar to Apache, but very light weight.
-  :small_orange_diamond: HAProxy - the reliable, high performance TCP/HTTP load balancer.
-

- -##### :black_small_square: Secure WebMail Providers - -

-  :small_orange_diamond: CounterMail - is a secure and easy to use online email service, designed to provide maximum security and privacy.
-  :small_orange_diamond: Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
-  :small_orange_diamond: Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.
-

- -##### :black_small_square: Crypto - -

-  :small_orange_diamond: Keybase - it's open source and powered by public-key cryptography.
-

- -##### :black_small_square: PGP Keyservers - -

-  :small_orange_diamond: SKS OpenPGP Key server - includes a highly-efficient reconciliation algorithm for keeping the keyservers synchronized.
-

- -##### :black_small_square: Security/hardening - -

-  :small_orange_diamond: Emerald Onion - seattle-based encrypted-transit internet service provider.
-  :small_orange_diamond: Unbound - validating, recursive, and caching DNS resolver (with TLS).
-  :small_orange_diamond: Knot Resolver - caching full resolver implementation, including both a resolver library and a daemon.
-  :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
-

- -#### Networks - -##### :black_small_square: Tools - -

-  :small_orange_diamond: CapAnalysis - web visual tool to analyze large amounts of captured network traffic (PCAP analyzer).
-

- -##### :black_small_square: Labs - -

-  :small_orange_diamond: NRE Labs - learn automation by doing it. Right now, right here, in your browser.
-

- -#### Awesome Lists - -

-  :small_orange_diamond: Awesome Sysadmin - amazingly awesome open source sysadmin resources.
-  :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
-  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
-  :small_orange_diamond: Awesome-Selfhosted - list of Free Software network services and web applications which can be hosted locally.
-  :small_orange_diamond: Awesome Web Security - curated list of Web Security materials and resources.
-  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
-  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
-  :small_orange_diamond: Awesome Scalability - best practices in building High Scalability, High Availability, High Stability and more.
-  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
-  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
-  :small_orange_diamond: Free Security eBooks - list of a Free Security and Hacking eBooks.
-

- #### Hacking/Penetration Testing ##### :black_small_square: Pentesters arsenal tools From 346fa460609bb9b076c6db1a1f9fb348ec3c528a Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 10:07:30 +0100 Subject: [PATCH 143/148] added 'TOC' button to main chapters - signed-off-by: trimstray --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 27467d9..2c5fc3d 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ Only main chapters: ## :trident:  The Book of Secret Knowledge (Chapters) -#### CLI Tools +#### CLI Tools  [TOC](#anger-table-of-contents) ##### :black_small_square: Shells @@ -223,7 +223,7 @@ Only main chapters:   :small_orange_diamond: tldr - simplified and community-driven man pages.

-#### GUI Tools +#### GUI Tools  [TOC](#anger-table-of-contents) ##### :black_small_square: Network @@ -247,7 +247,7 @@ Only main chapters:   :small_orange_diamond: Atom - a hackable text editor for the 21st Century.

-#### Web Tools +#### Web Tools  [TOC](#anger-table-of-contents) ##### :black_small_square: Browsers @@ -410,7 +410,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.

-#### Systems/Services +#### Systems/Services  [TOC](#anger-table-of-contents) ##### :black_small_square: Systems @@ -459,7 +459,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.

-#### Networks +#### Networks  [TOC](#anger-table-of-contents) ##### :black_small_square: Tools @@ -473,7 +473,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: NRE Labs - learn automation by doing it. Right now, right here, in your browser.

-#### Manuals/Howtos/Tutorials +#### Manuals/Howtos/Tutorials  [TOC](#anger-table-of-contents) ##### :black_small_square: Bash @@ -557,7 +557,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.

-#### Awesome Lists +#### Awesome Lists  [TOC](#anger-table-of-contents)

  :small_orange_diamond: Awesome Sysadmin - amazingly awesome open source sysadmin resources.
@@ -573,7 +573,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Free Security eBooks - list of a Free Security and Hacking eBooks.

-#### Blogs +#### Blogs  [TOC](#anger-table-of-contents) ##### :black_small_square: Geeky Persons @@ -606,7 +606,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.

-#### Hacking/Penetration Testing +#### Hacking/Penetration Testing  [TOC](#anger-table-of-contents) ##### :black_small_square: Pentesters arsenal tools @@ -708,7 +708,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.

-#### Your daily knowledge and news +#### Your daily knowledge and news  [TOC](#anger-table-of-contents) ##### :black_small_square: RSS Readers @@ -729,7 +729,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).

-#### Other Cheat Sheets +#### Other Cheat Sheets  [TOC](#anger-table-of-contents) ###### Build your own DNS Servers @@ -797,7 +797,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an | **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | | **`Software Vulnerability Scanner`** | Software vulnerability scanner based on Vulners.com audit API. | -#### One-liners +#### One-liners  [TOC](#anger-table-of-contents) ##### Table of Contents From bae4929e5798e48e75f55a0e92f1e05502f37af2 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 10:09:25 +0100 Subject: [PATCH 144/148] updated TOC - signed-off-by: trimstray --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2c5fc3d..4adfa05 100644 --- a/README.md +++ b/README.md @@ -65,18 +65,18 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo Only main chapters: -- **[CLI Tools](#cli-tools)** -- **[GUI Tools](#gui-tools)** -- **[Web Tools](#web-tools)** -- **[Systems/Services](#systemsservices)** -- **[Networks](#networks)** -- **[Manuals/Howtos/Tutorials](#manualshowtostutorials)** -- **[Awesome Lists](#awesome-lists)** -- **[Blogs](#blogs)** -- **[Hacking/Penetration Testing](#hackingpenetration-testing)** -- **[Your daily knowledge and news](#your-daily-knowledge-and-news)** -- **[Other Cheat Sheets](#other-cheat-sheets)** -- **[One-liners](#one-liners)** +- **[CLI Tools](#cli-tools-toc)** +- **[GUI Tools](#gui-tools-toc)** +- **[Web Tools](#web-tools-toc)** +- **[Systems/Services](#systemsservices-toc)** +- **[Networks](#networks-toc)** +- **[Manuals/Howtos/Tutorials](#manualshowtostutorials-toc)** +- **[Awesome Lists](#awesome-lists-toc)** +- **[Blogs](#blogs-toc)** +- **[Hacking/Penetration Testing](#hackingpenetration-testing-toc)** +- **[Your daily knowledge and news](#your-daily-knowledge-and-news-toc)** +- **[Other Cheat Sheets](#other-cheat-sheets-toc)** +- **[One-liners](#one-liners-toc)** ## :trident:  The Book of Secret Knowledge (Chapters) From 90b969a8c669108c9222d142acbf0301a9742376 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 10:37:19 +0100 Subject: [PATCH 145/148] updated Contributing - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4adfa05..676c633 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ A few simple rules for this project: These below rules may be better: - easy to contribute to (Markdown + HTML ...) -- easy to find (no TOC, maybe it's worth creating them?) +- easy to find (simple TOC, maybe it's worth extending them?) Url marked **\*** is temporary unavailable. Please don't delete it without confirming that it has permanently expired. From 995316a7b679bb782f3c5f30923378f0c5a5b74a Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 11:22:19 +0100 Subject: [PATCH 146/148] added 'Bugcrowd University' - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 676c633..6d62743 100644 --- a/README.md +++ b/README.md @@ -708,6 +708,12 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.

+##### :black_small_square: Other resources + +

+  :small_orange_diamond: Bugcrowd University - open source education content for the researcher community.
+

+ #### Your daily knowledge and news  [TOC](#anger-table-of-contents) ##### :black_small_square: RSS Readers From b01908b2df7a4913d7be336d460d4b831a6cd7d0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 5 Jan 2019 17:48:19 +0100 Subject: [PATCH 147/148] updated 'Todo' - signed-off-by: trimstray --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6d62743..69b4b92 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,6 @@ Before add pull request please see **[this](https://github.com/trimstray/the-boo - [ ] Add useful shell functions - [ ] Add one-liners for collection tools (eg. CLI Tools) -- [ ] Generate book pdf format ## :anger:  Table of Contents From 22d1ca8c496a4910febb2e95548e68a9bcc819f7 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sun, 6 Jan 2019 14:14:37 +0100 Subject: [PATCH 148/148] updated 'TOC' buttons - signed-off-by: trimstray --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 69b4b92..872db46 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ Only main chapters: ## :trident:  The Book of Secret Knowledge (Chapters) -#### CLI Tools  [TOC](#anger-table-of-contents) +#### CLI Tools  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Shells @@ -222,7 +222,7 @@ Only main chapters:   :small_orange_diamond: tldr - simplified and community-driven man pages.

-#### GUI Tools  [TOC](#anger-table-of-contents) +#### GUI Tools  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Network @@ -246,7 +246,7 @@ Only main chapters:   :small_orange_diamond: Atom - a hackable text editor for the 21st Century.

-#### Web Tools  [TOC](#anger-table-of-contents) +#### Web Tools  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Browsers @@ -409,7 +409,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.

-#### Systems/Services  [TOC](#anger-table-of-contents) +#### Systems/Services  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Systems @@ -458,7 +458,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.

-#### Networks  [TOC](#anger-table-of-contents) +#### Networks  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Tools @@ -472,7 +472,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: NRE Labs - learn automation by doing it. Right now, right here, in your browser.

-#### Manuals/Howtos/Tutorials  [TOC](#anger-table-of-contents) +#### Manuals/Howtos/Tutorials  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Bash @@ -556,7 +556,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.

-#### Awesome Lists  [TOC](#anger-table-of-contents) +#### Awesome Lists  [[TOC]](#anger-table-of-contents)

  :small_orange_diamond: Awesome Sysadmin - amazingly awesome open source sysadmin resources.
@@ -572,7 +572,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Free Security eBooks - list of a Free Security and Hacking eBooks.

-#### Blogs  [TOC](#anger-table-of-contents) +#### Blogs  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Geeky Persons @@ -605,7 +605,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.

-#### Hacking/Penetration Testing  [TOC](#anger-table-of-contents) +#### Hacking/Penetration Testing  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Pentesters arsenal tools @@ -713,7 +713,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Bugcrowd University - open source education content for the researcher community.

-#### Your daily knowledge and news  [TOC](#anger-table-of-contents) +#### Your daily knowledge and news  [[TOC]](#anger-table-of-contents) ##### :black_small_square: RSS Readers @@ -734,7 +734,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).

-#### Other Cheat Sheets  [TOC](#anger-table-of-contents) +#### Other Cheat Sheets  [[TOC]](#anger-table-of-contents) ###### Build your own DNS Servers @@ -802,7 +802,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an | **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | | **`Software Vulnerability Scanner`** | Software vulnerability scanner based on Vulners.com audit API. | -#### One-liners  [TOC](#anger-table-of-contents) +#### One-liners  [[TOC]](#anger-table-of-contents) ##### Table of Contents