- Midnight Commander - is a visual file manager, licensed under GNU General Public License.
- ranger - is a VIM-inspired filemanager for the console.
- nnn - is a tiny, lightning fast, feature-packed file manager.
- screen - is a full-screen window manager that multiplexes a physical terminal.
- tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
- tmux-cssh - is a tool to set comfortable and easy to use functionality tmux-sessions.
+ :small_orange_diamond: Midnight Commander - is a visual file manager, licensed under GNU General Public License.
+ :small_orange_diamond: ranger - is a VIM-inspired file manager for the console.
+ :small_orange_diamond: nnn - is a tiny, lightning fast, feature-packed file manager.
+ :small_orange_diamond: screen - is a full-screen window manager that multiplexes a physical terminal.
+ :small_orange_diamond: tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
+ :small_orange_diamond: tmux-cssh - is a tool to set comfortable and easy to use functionality, tmux-sessions.
- Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
- Metasploit - tool and framework for pentesting system, web and many more.
- Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
- OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
- w3af - is a Web Application Attack and Audit Framework.
- mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
- Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
- sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
- Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
- AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
- Faraday - an Integrated Multiuser Pentest Environment.
- Photon - incredibly fast crawler designed for OSINT.
- XSStrike - most advanced XSS detection suite.
- Sn1per - automated pentest framework for offensive security experts.
- vuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
- tsunami - is a general purpose network security scanner with an extensible plugin system.
- aquatone - a tool for domain flyovers.
- BillCipher - information gathering tool for a website or IP address.
- WhatWaf - detect and bypass web application firewalls and protection systems.
- Corsy - CORS misconfiguration scanner.
- Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
- dirhunt - find web directories without bruteforce.
- John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
- hashcat - world's fastest and most advanced password recovery utility.
- p0f - is a tool to identify the players behind any incidental TCP/IP communications.
- ssh_scan - a prototype SSH configuration and policy scanner.
- LeakLooker - find open databases - powered by Binaryedge.io
- exploitdb - searchable archive from The Exploit Database.
- getsploit - is a command line utility for searching and downloading exploits.
- ctf-tools - some setup scripts for security research tools.
- pwntools - CTF framework and exploit development library.
- security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
- pentestpackage - is a package of Pentest scripts.
- python-pentest-tools - python tools for penetration testers.
- fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection.
- AFL - is a free software fuzzer maintained by Google.
- AFL++ - is AFL with community patches.
- syzkaller - is an unsupervised, coverage-guided kernel fuzzer.
- pwndbg - exploit development and reverse engineering with GDB made easy.
- GDB PEDA - Python Exploit Development Assistance for GDB.
- IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
- radare2 - framework for reverse-engineering and analyzing binaries.
- routersploit - exploitation framework for embedded devices.
- Ghidra - is a software reverse engineering (SRE) framework.
- Cutter - is an SRE platform integrating Ghidra's decompiler.
- Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
- Mentalist - is a graphical tool for custom wordlist generation.
- archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
- Osmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning.
- beef - the browser exploitation framework project.
- AutoSploit - automated mass exploiter.
- SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
- yara - the pattern matching swiss knife.
- mimikatz - a little tool to play with Windows security.
- sherlock - hunt down social media accounts by username across social networks.
- OWASP Threat Dragon - is a tool used to create threat model diagrams and to record possible threats.
+ :small_orange_diamond: Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
+ :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more.
+ :small_orange_diamond: Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
+ :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+ :small_orange_diamond: w3af - is a Web Application Attack and Audit Framework.
+ :small_orange_diamond: mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
+ :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
+ :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
+ :small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
+ :small_orange_diamond: AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
+ :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
+ :small_orange_diamond: Photon - incredibly fast crawler designed for OSINT.
+ :small_orange_diamond: XSStrike - most advanced XSS detection suite.
+ :small_orange_diamond: Sn1per - automated pentest framework for offensive security experts.
+ :small_orange_diamond: vuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
+ :small_orange_diamond: tsunami - is a general purpose network security scanner with an extensible plugin system.
+ :small_orange_diamond: aquatone - a tool for domain flyovers.
+ :small_orange_diamond: BillCipher - information gathering tool for a website or IP address.
+ :small_orange_diamond: WhatWaf - detect and bypass web application firewalls and protection systems.
+ :small_orange_diamond: Corsy - CORS misconfiguration scanner.
+ :small_orange_diamond: Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
+ :small_orange_diamond: dirhunt - find web directories without bruteforce.
+ :small_orange_diamond: John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
+ :small_orange_diamond: hashcat - world's fastest and most advanced password recovery utility.
+ :small_orange_diamond: p0f - is a tool to identify the players behind any incidental TCP/IP communications.
+ :small_orange_diamond: ssh_scan - a prototype SSH configuration and policy scanner.
+ :small_orange_diamond: LeakLooker - find open databases - powered by Binaryedge.io
+ :small_orange_diamond: exploitdb - searchable archive from The Exploit Database.
+ :small_orange_diamond: getsploit - is a command line utility for searching and downloading exploits.
+ :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
+ :small_orange_diamond: pwntools - CTF framework and exploit development library.
+ :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
+ :small_orange_diamond: pentestpackage - is a package of Pentest scripts.
+ :small_orange_diamond: python-pentest-tools - python tools for penetration testers.
+ :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection.
+ :small_orange_diamond: AFL - is a free software fuzzer maintained by Google.
+ :small_orange_diamond: AFL++ - is AFL with community patches.
+ :small_orange_diamond: syzkaller - is an unsupervised, coverage-guided kernel fuzzer.
+ :small_orange_diamond: pwndbg - exploit development and reverse engineering with GDB made easy.
+ :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.
+ :small_orange_diamond: IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
+ :small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.
+ :small_orange_diamond: routersploit - exploitation framework for embedded devices.
+ :small_orange_diamond: Ghidra - is a software reverse engineering (SRE) framework.
+ :small_orange_diamond: Cutter - is an SRE platform integrating Ghidra's decompiler.
+ :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
+ :small_orange_diamond: Mentalist - is a graphical tool for custom wordlist generation.
+ :small_orange_diamond: archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
+ :small_orange_diamond: Osmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning.
+ :small_orange_diamond: beef - the browser exploitation framework project.
+ :small_orange_diamond: AutoSploit - automated mass exploiter.
+ :small_orange_diamond: SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
+ :small_orange_diamond: yara - the pattern matching swiss knife.
+ :small_orange_diamond: mimikatz - a little tool to play with Windows security.
+ :small_orange_diamond: sherlock - hunt down social media accounts by username across social networks.
+ :small_orange_diamond: OWASP Threat Dragon - is a tool used to create threat model diagrams and to record possible threats.
- PTES - the penetration testing execution standard.
- Pentests MindMap - amazing mind map with vulnerable apps and systems.
- WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
- Brute XSS - master the art of Cross Site Scripting.
- XSS cheat sheet - contains many vectors that can help you bypass WAFs and filters.
- Offensive Security Bookmarks - security bookmarks collection, all things that author need to pass OSCP.
- Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
- Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
- Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
- Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
- Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
- Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
- Hacking Cheat Sheet - author hacking and pentesting notes.
- blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
- Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
- Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
- Pentest Bookmarks - there are a LOT of pentesting blogs.
- Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
- ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
- Beginner-Network-Pentesting - notes for beginner network pentesting course.
- OSCPRepo - is a list of resources that author have been gathering in preparation for the OSCP.
- PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
- payloads - git all the Payloads! A collection of web attack payloads.
- command-injection-payload-list - command injection payload list.
- Awesome Shodan Search Queries - great search queries to plug into Shodan.
- AwesomeXSS - is a collection of Awesome XSS resources.
- php-webshells - common php webshells.
- Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing.
- OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
- OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
- OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
- PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
- pentest-wiki - is a free online security knowledge library for pentesters/researchers.
- DEF CON Media Server - great stuff from DEFCON.
- Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
- SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
- Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
- HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
- XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
- GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
- Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
- SSRF Tips - a collection of SSRF Tips.
- shell-storm repo CTF - great archive of CTFs.
- ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
- My-CTF-Web-Challenges - collection of CTF Web challenges.
- MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
- Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
- KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
- securitum/research - various Proof of Concepts of security research performed by Securitum.
- public-pentesting-reports - is a list of public pentest reports released by several consulting security groups.
- awesome-bug-bounty - is a comprehensive curated list of available Bug Bounty.
- bug-bounty-reference - is a list of bug bounty write-ups.
- Awesome-Bugbounty-Writeups - is a curated list of bugbounty writeups.
- Bug bounty writeups - list of bug bounty writeups (2012-2020).
- hackso.me - a great journey into security.
+ :small_orange_diamond: PTES - the penetration testing execution standard.
+ :small_orange_diamond: Pentests MindMap - amazing mind map with vulnerable apps and systems.
+ :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
+ :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
+ :small_orange_diamond: XSS cheat sheet - contains many vectors that can help you bypass WAFs and filters.
+ :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all things that author need to pass OSCP.
+ :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
+ :small_orange_diamond: Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
+ :small_orange_diamond: Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
+ :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
+ :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
+ :small_orange_diamond: Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
+ :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
+ :small_orange_diamond: blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
+ :small_orange_diamond: Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
+ :small_orange_diamond: Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
+ :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
+ :small_orange_diamond: Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
+ :small_orange_diamond: ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
+ :small_orange_diamond: Beginner-Network-Pentesting - notes for beginner network pentesting course.
+ :small_orange_diamond: OSCPRepo - is a list of resources that author have been gathering in preparation for the OSCP.
+ :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
+ :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
+ :small_orange_diamond: command-injection-payload-list - command injection payload list.
+ :small_orange_diamond: Awesome Shodan Search Queries - great search queries to plug into Shodan.
+ :small_orange_diamond: AwesomeXSS - is a collection of Awesome XSS resources.
+ :small_orange_diamond: php-webshells - common php webshells.
+ :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing.
+ :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
+ :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
+ :small_orange_diamond: OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
+ :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
+ :small_orange_diamond: pentest-wiki - is a free online security knowledge library for pentesters/researchers.
+ :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
+ :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
+ :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
+ :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
+ :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
+ :small_orange_diamond: XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
+ :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
+ :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
+ :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.
+ :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.
+ :small_orange_diamond: ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
+ :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
+ :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
+ :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
+ :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
+ :small_orange_diamond: securitum/research - various Proof of Concepts of security research performed by Securitum.
+ :small_orange_diamond: public-pentesting-reports - is a list of public pentest reports released by several consulting security groups.
+ :small_orange_diamond: awesome-bug-bounty - is a comprehensive curated list of available Bug Bounty.
+ :small_orange_diamond: bug-bounty-reference - is a list of bug bounty write-ups.
+ :small_orange_diamond: Awesome-Bugbounty-Writeups - is a curated list of bugbounty writeups.
+ :small_orange_diamond: Bug bounty writeups - list of bug bounty writeups (2012-2020).
+ :small_orange_diamond: hackso.me - a great journey into security.
- OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
- DVWA - PHP/MySQL web application that is damn vulnerable.
- metasploitable2 - vulnerable web application amongst security researchers.
- metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.
- DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
- OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
- OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
- OWASP Node js Goat Project - OWASP Top 10 security risks apply to web apps developed using Node.js.
- juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
- SecurityShepherd - web and mobile application security training platform.
- Security Ninjas - open source application security training program.
- hackazon - a modern vulnerable web app.
- dvna - damn vulnerable NodeJS application.
- django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
- Google Gruyere - web application exploits and defenses.
- Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
- Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
- vulhub - pre-built Vulnerable Environments based on docker-compose.
- CloudGoat 2 - the new & improved "Vulnerable by Design"
+ :small_orange_diamond: OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
+ :small_orange_diamond: DVWA - PHP/MySQL web application that is damn vulnerable.
+ :small_orange_diamond: metasploitable2 - vulnerable web application amongst security researchers.
+ :small_orange_diamond: metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.
+ :small_orange_diamond: DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
+ :small_orange_diamond: OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
+ :small_orange_diamond: OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
+ :small_orange_diamond: OWASP Node js Goat Project - OWASP Top 10 security risks apply to web apps developed using Node.js.
+ :small_orange_diamond: juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
+ :small_orange_diamond: SecurityShepherd - web and mobile application security training platform.
+ :small_orange_diamond: Security Ninjas - open source application security training program.
+ :small_orange_diamond: hackazon - a modern vulnerable web app.
+ :small_orange_diamond: dvna - damn vulnerable NodeJS application.
+ :small_orange_diamond: django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
+ :small_orange_diamond: Google Gruyere - web application exploits and defenses.
+ :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
+ :small_orange_diamond: Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
+ :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose.
+ :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design"
AWS deployment tool.
secDevLabs - is a laboratory for learning secure web development in a practical manner.
CORS-vulnerable-Lab - sample vulnerable code and its exploit code.
@@ -1560,49 +1560,49 @@ AWS deployment tool.
###### DNS Servers list (privacy)
-| IP | URL |
-| :--- | :--- |
-| **`84.200.69.80`** | [dns.watch](https://dns.watch/) |
-| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) |
-| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) |
-| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) |
-| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) |
-| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) |
+| IP | URL |
+| :------------------- | :-------------------------------------------------------------------------------------- |
+| **`84.200.69.80`** | [dns.watch](https://dns.watch/) |
+| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) |
+| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) |
+| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) |
+| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) |
+| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) |
###### TOP Browser extensions
-| Extension name | Description |
-| :--- | :--- |
-| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. |
-| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. |
-| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. |
-| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. |
-| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. |
-| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. |
-| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. |
-| **`Clear Cache`** | Clear your cache and browsing data. |
-| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. |
-| **`Web Developer`** | Adds a toolbar button with various web developer tools. |
-| **`ThreatPinch Lookup`** | Add threat intelligence hover tool tips. |
+| Extension name | Description |
+| :--------------------------- | :---------------------------------------------------------------------------- |
+| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. |
+| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. |
+| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. |
+| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. |
+| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. |
+| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. |
+| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. |
+| **`Clear Cache`** | Clear your cache and browsing data. |
+| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. |
+| **`Web Developer`** | Adds a toolbar button with various web developer tools. |
+| **`ThreatPinch Lookup`** | Add threat intelligence hover tooltips. |
###### TOP Burp extensions
-| Extension name | Description |
-| :--- | :--- |
-| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. |
-| **`Autorize`** | Automatically detects authorization enforcement. |
-| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. |
-| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. |
-| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. |
-| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. |
-| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. |
-| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. |
-| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. |
-| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. |
-| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. |
-| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. |
-| **`Turbo Intruder`** | Is a powerful bruteforcing tool. |
-| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. |
+| Extension name | Description |
+| :----------------------------------- | :------------------------------------------------------------------------------ |
+| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. |
+| **`Autorize`** | Automatically detects authorization enforcement. |
+| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. |
+| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. |
+| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. |
+| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. |
+| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. |
+| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. |
+| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. |
+| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. |
+| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. |
+| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. |
+| **`Turbo Intruder`** | Is a powerful bruteforcing tool. |
+| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. |
###### Hack Mozilla Firefox address bar
@@ -1642,7 +1642,7 @@ http://192.168.257 → 192.168.1.1
http://192.168.516 → 192.168.2.4
```
- > This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
+> This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.
For more information please see [How to Obscure Any URL](http://www.pc-help.org/obscure.htm) and [Magic IP Address Shortcuts](https://stuff-things.net/2014/09/25/magic-ip-address-shortcuts/).
@@ -1674,60 +1674,60 @@ text :arrow_left: encoded
##### Table of Contents
- * [terminal](#tool-terminal)
- * [busybox](#tool-busybox)
- * [mount](#tool-mount)
- * [fuser](#tool-fuser)
- * [lsof](#tool-lsof)
- * [ps](#tool-ps)
- * [top](#tool-top)
- * [vmstat](#tool-vmstat)
- * [iostat](#tool-iostat)
- * [strace](#tool-strace)
- * [kill](#tool-kill)
- * [find](#tool-find)
- * [diff](#tool-diff)
- * [vimdiff](#tool-vimdiff)
- * [tail](#tool-tail)
- * [cpulimit](#tool-cpulimit)
- * [pwdx](#tool-pwdx)
- * [tr](#tool-tr)
- * [chmod](#tool-chmod)
- * [who](#tool-who)
- * [last](#tool-last)
- * [screen](#tool-screen)
- * [script](#tool-script)
- * [du](#tool-du)
- * [inotifywait](#tool-inotifywait)
- * [openssl](#tool-openssl)
- * [secure-delete](#tool-secure-delete)
- * [dd](#tool-dd)
- * [gpg](#tool-gpg)
- * [system-other](#tool-system-other)
- * [curl](#tool-curl)
- * [httpie](#tool-httpie)
- * [ssh](#tool-ssh)
- * [linux-dev](#tool-linux-dev)
- * [tcpdump](#tool-tcpdump)
- * [tcpick](#tool-tcpick)
- * [ngrep](#tool-ngrep)
- * [hping3](#tool-hping3)
- * [nmap](#tool-nmap)
- * [netcat](#tool-netcat)
- * [socat](#tool-socat)
- * [p0f](#tool-p0f)
- * [gnutls-cli](#tool-gnutls-cli)
- * [netstat](#tool-netstat)
- * [rsync](#tool-rsync)
- * [host](#tool-host)
- * [dig](#tool-dig)
- * [certbot](#tool-certbot)
- * [network-other](#tool-network-other)
- * [git](#tool-git)
- * [awk](#tool-awk)
- * [sed](#tool-sed)
- * [grep](#tool-grep)
- * [perl](#tool-perl)
+- [terminal](#tool-terminal)
+- [busybox](#tool-busybox)
+- [mount](#tool-mount)
+- [fuser](#tool-fuser)
+- [lsof](#tool-lsof)
+- [ps](#tool-ps)
+- [top](#tool-top)
+- [vmstat](#tool-vmstat)
+- [iostat](#tool-iostat)
+- [strace](#tool-strace)
+- [kill](#tool-kill)
+- [find](#tool-find)
+- [diff](#tool-diff)
+- [vimdiff](#tool-vimdiff)
+- [tail](#tool-tail)
+- [cpulimit](#tool-cpulimit)
+- [pwdx](#tool-pwdx)
+- [tr](#tool-tr)
+- [chmod](#tool-chmod)
+- [who](#tool-who)
+- [last](#tool-last)
+- [screen](#tool-screen)
+- [script](#tool-script)
+- [du](#tool-du)
+- [inotifywait](#tool-inotifywait)
+- [openssl](#tool-openssl)
+- [secure-delete](#tool-secure-delete)
+- [dd](#tool-dd)
+- [gpg](#tool-gpg)
+- [system-other](#tool-system-other)
+- [curl](#tool-curl)
+- [httpie](#tool-httpie)
+- [ssh](#tool-ssh)
+- [linux-dev](#tool-linux-dev)
+- [tcpdump](#tool-tcpdump)
+- [tcpick](#tool-tcpick)
+- [ngrep](#tool-ngrep)
+- [hping3](#tool-hping3)
+- [nmap](#tool-nmap)
+- [netcat](#tool-netcat)
+- [socat](#tool-socat)
+- [p0f](#tool-p0f)
+- [gnutls-cli](#tool-gnutls-cli)
+- [netstat](#tool-netstat)
+- [rsync](#tool-rsync)
+- [host](#tool-host)
+- [dig](#tool-dig)
+- [certbot](#tool-certbot)
+- [network-other](#tool-network-other)
+- [git](#tool-git)
+- [awk](#tool-awk)
+- [sed](#tool-sed)
+- [grep](#tool-grep)
+- [perl](#tool-perl)
##### Tool: [terminal](https://en.wikipedia.org/wiki/Linux_console)
@@ -1799,7 +1799,7 @@ http.?://.+:.+@.*\
export PROMPT_COMMAND="sterile"
```
- > Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go).
+> Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go).
###### Quickly backup a file
@@ -1907,9 +1907,9 @@ unset MAIL; export MAILCHECK=1; export MAILPATH='$FILE_TO_WATCH?$MESSAGE'
busybox httpd -p $PORT -h $HOME [-c httpd.conf]
```
-___
+---
-##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix))
+##### Tool: [mount](