Never Ending Security

It starts all here

Category Archives: Website’s

3 Websites For Vulnerability Research


After doing some research, we have created a small list of websites that will help you to perform vulnerability research. Here it is,

1. Security Tracker

 
Security Tracker provides daily updating huge database to the users. It is really simple to use and effective. Anyone can search the site for latest vulnerability information listed under various categories. Best tool for security researchers.

2. Hackerstorm

 
Hackerstorm provides a vulnerability database tool, which allows users to get almost all the information about a particular vulnerability. Hackerstorm provides daily updates for free but source is available for those who wish to contribute and enhance the tool. Such huge data is provided by http://www.osvdb.org and its contributors.

3. Hackerwatch

 
Hackerwatch is not a vulnerability database, but it is a useful tool for every security researcher. It is mainly an online community where internet users can report and share information to block and identify security threats and unwanted traffic.

Protopage.com – Create and customize your very own online start page


Getting started
Protopage is your own personal page, which you can access from any computer or mobile phone.
To try Protopage, click here to create your own page
You can choose your own selection of news from thousands of sources.

To read a news article, click the headline inside the news widget.

There are thousands of different widgets that you can add to your page.

To see the list of available widgets, click the ‘Add widgets’ button at the top of the page

Most news sites and blogs make their headlines available to Protopage using a technology called RSS.

To add a news site or blog to your Protopage, simply click the ‘Add widgets’ button, enter the web address, and click ‘Go’.

Your widgets are arranged into columns. You can drag and drop widgets to re-arrange them by clicking and dragging the title bar.

You can resize a widget by dragging the corner.

Some widgets have settings that you can edit. For example, a weather widget will let you choose your city by clicking ‘edit’.

You can remove a widget from your page by clicking the ‘x’ button.

Use bookmark widgets for fast access to all of the web sites you go to most.

Click the ‘edit’ button on a bookmarks widget to enter your favorite web site addresses.

You can add sticky notes on your page. To edit the text, simply click inside the widget and start typing.

You can also add to-do lists, calendars, photos, and much more.

Access your page from most phones, including the iPhone, Blackberry, Nokia, Samsung, Siemens, Palm, LG, Motorola, Sony Ericsson and Windows Mobile.

After you’ve registered your page, access protopage.com/mobile from your phone.

Protopage works with all major web browsers, including Firefox, Google Chrome, Internet Explorer and Safari.

To download the latest Firefox web browser (for PC or Mac), click here

You can organize your widgets under different tabs.

To add a tab, click ‘New tab’. To rename the currently selected tab, simply click it and start typing. Drag tabs to re-order them.

If you want to move a widget to a different tab, simply drag it to the new tab.
Click the arrow on the currently selected tab to see options.

You can make your tabs different colors, change the way widgets are arranged within the tab, or delete the tab.

Click the double arrow on the far right of your page to see the advanced ‘category’ view.

You can organize your tabs into categories, and either keep categories prviate or share them with the world.

When reading news stories, you can press the ‘Z’ key to skip to the next unread story.

To see the entire list of shortcuts, hover over the ‘keyboard shortcuts’ text in the top right corner of the news reader.

Click the ‘Colors/Settings’ button to customize your page with your own choice of colors and wallpaper.
Use the search bar to quickly search hundreds of popular search engines.

GeoIP2 City Demo – A tool from maxmind.com


GeoIP2 City

ISP and Organization data is included with the purchase of the GeoIP2 ISP database or with the purchase of the GeoIP2 Precision City or Insights services.

Domain data is included with the purchase of the GeoIP2 Domain Name database or with the purchase of the GeoIP2 Precision City or Insights services.

If you’d like to test multiple IP addresses, we offer a demo for up to 25 addresses per day.

Try it out online at: https://www.maxmind.com/en/geoip-demo

EXIFdata.com – an online applicatation that lets you take a deeper look at your favorite images!


 What is EXIF data?

EXIF is short for Exchangeable Image File, a format that is a standard for storing interchange information in digital photography image files using JPEG compression. Almost all new digital cameras use the EXIF annotation, storing information on the image such as shutter speed, exposure compensation, F number, what metering system was used, if a flash was used, ISO number, date and time the image was taken, whitebalance, auxiliary lenses that were used and resolution. Some images may even store GPS information so you can easily see where the images were taken!

EXIFdata.com is an online applicatation that lets you take a deeper look at your favorite images!

Check it out yourself at: http://exifdata.com

Tineye – a reverse image search engine


TinEye

TinEye is a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions.

TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks. It is free to use for non-commercial searching.

TinEye regularly crawls the web for new images, and we also accept contributions of complete online image collections. To date, TinEye has indexed 10,763,476,445 images from the web to help you find what you’re looking for. For more information, please see our FAQ, and for some actual TinEye search examples, check out our Cool Searches page.

Company Profile

TinEye is brought to you by the good folks at Idée Inc., an advanced image recognition and search software company. In addition to TinEye – the world’s first reverse image search engine – Idée develops several other image recognition based products and services used by the world’s leading imaging firms:

Adobe Agence France-Presse DiggAssociated Press Splash News & Picture AgencyKAYAK Masterfile
  • PixID – Editorial image monitoring for the news and entertainment photo industry. Clients include Associated Press, Agence France Press, Splash News
  • MulticolorEngine – Remarkable color search and analysis for your photographs and product images.
  • MatchEngine – Automated image matching and deduplication service. Clients include eBay, Kayak, Getty Images, Digg, iStockphoto, SmileTrain, Photoshelter.
  • MobileEngine – Mobile image recognition and identification. An automated high-sensitivity image matching solution for mobile platforms.
  • TinEye API – commercial TinEye searching using image identification.

Idée is an independent, privately held company headquartered in Toronto, Canada and we are hiring.

TinEye Contributors

GettyistockphotoWikimediaMasterfilePhotoshelterF1online

Our goal with TinEye is to connect images and information and to make sure that images can be attributed to their creator. If you are managing a large image collection, get in touch to have your image collection added to TinEye. This makes it easier for the original image authors to be found, and for image seekers to get the information they’re looking for. Contributors can submit a range of content from stock and editorial photographs to product images to illustrations and more. Learn more about how you can have TinEye index your image collection.

At TinEye, we want to help connect images to their creator. If you are interested in contributing your images to the TinEye index, create an imagemap and submit it to us. Once we index your images, TinEye users will be able to find the images on your website. Learn more about how to create and submit your TinEye imagemap.


Tineye can be found at: https://tineye.com

CheckUserNames.com – Check the use of your brand or username on 160 Social Networks


Check Usernames allows you to check the availability of your brand or username on 160 popular Social Networking and Social Bookmarking websites.

Check your Username at http://checkusernames.com

FindTheData – www.findthedata.com


Find The Data

See all the information on thousands of topics.Research with confidence.

WhosTalkin.com – a social media search tool


WhosTalkin.com is a social media search tool that allows users to search for conversations surrounding the topics that they care about most. Whether it be your favorite sport, favorite food, celebrity, or your company’s brand name; Whostalkin.com can help you join in on the conversations that you care about most.

Our goal is to deliver the most relevant and current conversations happening in the world of social media.

How do we do that?

Our search and sorting algorithms combine data taken from over 60 of the internet’s most popular social media gateways. We take this data and display it to you through our carefully designed interface that harnesses the power of AJAX to give you a seamlessly well organized user experience.

Just a few of the folks talking about WhosTalkin…

Tools

At WhosTalkin.com our goal is to connect our users with the most up to date conversations that they care about most. In an effort to make that process easier, we are developing a series of tools that you can use to integrate the WhosTalkin.com platform into your daily routine. Feel free to use any of the tools below, and don’t hesitate to contact us with ideas of new tools that we need to build!

iGoogle GadgetThe WhosTalkin iGoogle Gadget brings the power of the WhosTalkin.com platform straight to your iGoogle home page! You can now find out exactly what is being said in the world of social media with out leaving the comfort of your home page. This gadget works in both the standard view and the popular “canvas view”. To get started using this amazing gadget click the link below to subscribe.

Add to Google << Click here to add gadget.

Browser Search PluginThe WhosTalkin Browser Search Plugin brings the power of the WhosTalkin.com platform straight to your browser search bar! You can now use the WhosTalkin.com Platform by simply typing in your search request into your browser’s search bar. To install check out the video guides below.

Installation Instructions for Firefox

Installation Instructions for Internet Explorer

More information on: http://www.WhosTalkin.com

Diary of a reverse-engineer – Because we like to play with weird things.

List of Free Learning Resources


Intro:
If you want to find a learning resource, you should definitely check out our site, Free Learning Resources (http://resrc.io). And for those who want to learn a computer language, you should check out these books on reSRC.io (http://resrc.io/list/10/list-of-free-programming-books) or on github (https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md). This list initially was a clone of stackoverflow – List of Freely Available Programming Books (http://stackoverflow.com/questions/194812/list-of-freely-available-programming-books/392926#392926) by George Stocker. Now updated, with dead links gone and new content.

Moved to GitHub for collaborative updating and for the site mentioned above.
NEW : Search inside free-programming-books.md (and a whole lot more of learning resources) Try it out at http://resrc.io/search

Free Courses (https://github.com/vhf/free-programming-books/blob/master/free-courses-en.md):

Assembly

Android

AngularJS

C

C++

Clojure

Databases

Haskell

HTML / CSS

iOS

Java

JS

MATLAB

Misc

OCaml

Oracle PL/SQL

Python

Ruby

Scala

Swift

Web Development

Free Podscasts and Screencasts (https://github.com/vhf/free-programming-books/blob/master/free-podcasts-screencasts-en.md):

Free Programming books (https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md):
Original Contribution by George Stocker on Stack Overflow
Original Source: Free Programming books

Meta Lists

Graphics Programming

Graphical User Interfaces

Language Agnostic

Algorithms & Data Structures

Cellular Automata

Cloud Computing

Compiler Design

Computer Vision

Database

Datamining

Information Retrieval

Licensing

Machine Learning

Mathematics

Mathematics For Computer Science

Misc

MOOC

Networking

Open Source Ecosystem

Operating systems

Parallel Programming

Partial Evaluation

Professional Development

Programming Paradigms

Regular Expressions

Reverse Engineering

Security

Software Architecture

Standards

Theoretical Computer Science

Web Performance

Ada

Agda

Alef

Android

APL

Arduino

ASP.NET MVC

Assembly Language

Non-X86

AutoHotkey

Autotools

Awk

Bash

Basic

BETA

C

C Sharp

C++

Chapel

Cilk

Clojure

COBOL

CoffeeScript

ColdFusion

Cool

Coq

CUDA

D

Dart

DB2

Delphi / Pascal

DTrace

Elasticsearch

Emacs

Erlang

F Sharp

Flex

Firefox OS

Force.com

Forth

Fortran

FreeBSD

Git

Go

Groovy

Gradle

Grails

Spock Framework

Hadoop

Haskell

HTML / CSS

Bootstrap

Icon

IDL

iOS

Isabelle/HOL

J

Java

Spring

  • Spring Framework Reference Documentation (PDF) – Rod Johnson, Juergen Hoeller, Keith Donald, Colin Sampaleanu, Rob Harrop, Thomas Risberg, Alef Arendsen, Darren Davison, Dmitriy Kopylenko, Mark Pollack, Thierry Templier, Erwin Vervaet, Portia Tung, Ben Hale, Adrian Colyer, John Lewis, Costin Leau, Mark Fisher, Sam Brannen, Ramnivas Laddad, Arjen Poutsma, Chris Beams, Tareq Abedrabbo, Andy Clement, Dave Syer, Oliver Gierke, Rossen Stoyanchev, Phillip Webb, Rob Winch, Brian Clozel, Stephane Nicoll, Sebastien Deleuze

Spring Boot

Spring Security

Wicket

JavaScript

Javascript Frameworks

For resources on Angular.js, Backbone.js, D3.js, Dojo, Ember.js, Express.js, jQuery, Knockout.js, and any other JS toolkit/framework, please refer to Javascript Frameworks Resources and Tutorials, or to its source file javascript-frameworks-resources.md.

Node.js

Jenkins

LaTeX

See also TeX

Limbo

Linux

Lisp

Lua

Markdown

  • Learn Markdown (PDF) (EPUB) (MOBI) – GitBookIO, Sammy P., Aaron O.

Mathematica

MATLAB

Maven

Mercurial

Mercury

MySQL

.NET Framework

Neo4J

NoSQL

Oberon

Objective-C

OCaml

Octave

OpenGL ES

OpenMP

OpenSCAD

Oracle PL/SQL

Oracle Server

Parrot / Perl 6

PC-BSD

Perl

PHP

PicoLisp

PostgreSQL

PowerShell

Processing

Prolog

Constraint Logic Programming (extended Prolog)

PureScript

Python

Django

Flask

Kivy

Pandas

Pyramid

QML

  • Qt5 Cadaques (HTML, PDF, ePub) (work in progress) – Juergen Bocklage-Ryannel and Johan Thelin

R

Racket

Raspberry Pi

REBOL

Ruby

RSpec

Sinatra

Ruby on Rails

Rust

Sage

Scala

Lift

Play Scala

Scheme

Scilab

Scratch

Sed

Silverlight

Smalltalk

SQL (implementation agnostic)

SQL Server

Standard ML

Subversion

Swift

Tcl

Teradata

TeX

See also LaTeX

Tizen

TLA

TypeScript

Unix

Verilog

VHDL

Vim

Visual Basic

Visual Prolog

Web Services

Windows 8

Windows Phone

Workflow

xBase (dBase / Clipper / Harbour)

Free Programming Interactive Tutorials (https://github.com/vhf/free-programming-books/blob/master/free-programming-interactive-tutorials-en.md):

Bash

C

C Sharp

C++

Clojure

CoffeeScript

Erlang

F Sharp

Git

Go

Haskell

HTML / CSS

Java

JavaScript

Language Agnostic

Lisp

MATLAB

Node

NoSQL

Objective-C

Ocaml

PHP

Python

R

Racket

Ruby

Scala

Vim

Javascript Frameworks Resources (https://github.com/vhf/free-programming-books/blob/master/javascript-frameworks-resources.md):

Angular.js

Backbone.js

D3.js

Dojo

Ember.js

Express.js

jQuery

Knockout.js

Meteor

Problem-sets Competitive Programming (https://github.com/vhf/free-programming-books/blob/master/problem-sets-competitive-programming.md):

Index

Competitive Programming

Problem Sets

Free Software Testing Books (https://github.com/ligurio/free-software-testing-books/blob/master/free-software-testing-books.md):

Index

Software testing theory

Standards in software testing

Testing of Free and OpenSource Software

Testing with different programming languages

Testing Tools

The Complete Project Can Be Found On: https://github.com/vhf/free-programming-books

SSLBL – SSL Blacklist Website


SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of “bad” SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists that can found in the SSL Blacklist section at:
https://sslbl.abuse.ch/blacklist

List with useful links and handy webpages for Penetration Testers & Forensics


Forensic Challenges:
Host Forensics:
DigitalCorpora: http://digitalcorpora.org
Digital Forensics Tool Testing Images: http://dftt.sourceforge.net
DFRWS 2014 Forensics Rodeo: http://www.cs.uno.edu/~golden/dfrws-2014-rodeo.html
Linux LEO Supplemental Files: http://linuxleo.com
volatility memory samples: https://code.google.com/p/volatility/wiki/FAQ
ISFCE Sample Practical Exercise: http://www.isfce.com/sample-pe.htm
ForGe Forensic test image generator: https://github.com/hannuvisti/forge

Network Forensics:
Wireshark Sample Captures: http://wiki.wireshark.org/SampleCaptures
Wireshark Network Analysis Book Supplements: http://www.wiresharkbook.com/studyguide.html
pcapr: http://www.pcapr.net
PacketLife Capture Collection: http://packetlife.net/captures
DigitalCorpora Packet Dumps: http://digitalcorpora.org/corpora/packet-dumps
Evil Fingers PCAP Challenges: https://www.evilfingers.com/repository/pcaps_challenge.php
PCAPS Repository: https://github.com/markofu/pcaps
Chris Sanders Packet Captures: http://chrissanders.org/packet-captures
Tcpreplay Sample Captures: http://tcpreplay.appneta.com/wiki/captures.html
Enron Email Dataset: http://www.cs.cmu.edu/~enron
MAWI Working Group Traffic Archive: http://mawi.wide.ad.jp/mawi
LBNL-FTP-PKT: http://ee.lbl.gov/anonymized-traces.html

Malware Analysis:
Open Malware / Offensive Computing: http://openmalware.org
Contagio: http://contagiodump.blogspot.com
VX Heaven: http://vxheaven.org
VirusShare.com / VXShare: http://virusshare.com
VXVault: http://vxvault.siri-urz.net
MalShare: http://malshare.com
Virusign: http://www.virusign.com
theZoo / Malware DB: http://ytisf.github.io/theZoo
malc0de: http://malc0de.com/database
FakeAVs blog: http://www.fakeavs.com
malware_traffic: http://malware-traffic-analysis.net
Georgia Tech malrec page: http://panda.gtisc.gatech.edu/malrec
Kernelmode Forum: http://www.kernelmode.info
Malware Hub Forum: http://malwaretips.com/categories/malware-hub.103
MalwareBlacklist.com: http://www.malwareblacklist.com
Joxean Koret’s List: http://malwareurls.joxeankoret.com
Sucuri Research Labs: http://labs.sucuri.net/?malware
CLEAN MX realtime database: http://support.clean-mx.de/clean-mx/viruses.php
Contagio Mobile Malware: http://contagiominidump.blogspot.com
Android Sandbox: http://androidsandbox.net/samples
maltrieve: http://maltrieve.org
HoneyDrive: http://bruteforce.gr/honeydrive

Online and CTFs:
Honeynet Challenges: https://www.honeynet.org/challenges
Honeynet Challenges: http://old.honeynet.org/scans/index.html
I Smell Packets: http://ismellpackets.com/
Network Forensics Puzzle contest: http://forensicscontest.com/puzzles
DEF CON CTF Archive: https://www.defcon.org/html/links/dc-ctf.html
DFRWS: http://www.dfrws.org/2013/challenge/index.shtml
DFRWS: http://www.dfrws.org/2010/challenge/
DFRWS: http://www.dfrws.org/2011/challenge/index.shtml
DFRWS: http://www.dfrws.org/2007/challenge/index.shtml
DFRWS: http://www.dfrws.org/2006/challenge/
DFRWS: http://www.dfrws.org/2005/challenge/
ForensicKB Practicals: http://www.forensickb.com/2008/01/forensic-practical.html
ForensicKB Practicals: http://www.forensickb.com/2008/01/forensic-practical-2.html
ForensicKB Practicals: http://www.forensickb.com/2010/01/forensic-practical-exercise-3.html
ForensicKB Practicals: http://www.forensickb.com/2010/06/forensic-practical-exercise-4.html
ForensicKB Practicals: http://www.forensickb.com/2011/01/simple-forensic-puzzle-1.html
ForensicKB Practicals: http://www.forensickb.com/2011/02/forensic-puzzle-6.html
HackEire CTF: https://github.com/markofu/hackeire
UMass Trace Repository: http://traces.cs.umass.edu

Wireless:
SANS 802.11 Pocket Guide: http://www.willhackforsushi.com/papers/80211_Pocket_Reference_Guide.pdf
Wireless Pen Test Framework: http://wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html
WPA Packet Capture Explained: http://www.aircrack-ng.org/doku.php?id=wpa_capture

Pentesting VPN:
VPNTester: http://www.amanhardikar.com/software.html
ike-scan, psk-crack: http://www.nta-monitor.com/tools-resources/security-tools/ike-scan
ike-scan-gpu: http://funoverip.net/2012/07/psk-crack-ike-scan-gpu-add-on
Cain & Able: http://www.oxid.it/cain.html
Hashcat: http://hashcat.net/hashcat
Ettercap: http://ettercap.github.io/ettercap
THC-pptp-bruter: http://www.thc.org/releases.php
IKEProbe: http://www.ernw.de/download/ikeprobe.zip
IKECrack: http://sourceforge.net/projects/ikecrack
IPSecScan: http://ntsecurity.nu/toolbox/ipsecscan
VPNMonitor: http://vpnmonitor.sourceforge.net
FakeIKEd: http://www.roe.ch/FakeIKEd
NIST SP800-113: Guide to SSL VPN: http://csrc.nist.gov/publications/nistpubs/800-113/SP800-113.pdf
IPSec Cheat Sheet: http://media.packetlife.net/media/library/6/IPsec.pdf

Pentesting VOIP:
Backtrack Guide: http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
SS7 and Telecomm Related: http://labs.p1sec.com/2013/04/04/ss7-traffic-analysis-with-wireshark
SS7 and Telecomm Related: http://www.o0o.nu/projects/ss7
SS7 and Telecomm Related: http://events.ccc.de/congress/2009/Fahrplan/events/3555.en.html
SS7 and Telecomm Related: http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf
SS7 and Telecomm Related: http://www.slideshare.net/p1sec/telecom-security-from-ss7-to-all-ip-allopenv3zeronights
SS7 and Telecomm Related: https://www.youtube.com/watch?v=m9aruyjQQ_c
More Tools: http://skora.net/voice-over-ip-security
More Tools: http://www.hackingexposedvoip.com/sec_tools.html
More Tools: http://www.infiltrated.net/index.php?option=com_content&view=article&id=13&Itemid=18
VoWLAN: http://en.wikipedia.org/wiki/Voice_over_WLAN
VoWLAN: http://www.ciscopress.com/articles/article.asp?p=703793
VoWLAN: http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch9_Voic.html
mVoIP: http://en.wikipedia.org/wiki/Mobile_VOIP
IMS: http://en.wikipedia.org/wiki/IP_Multimedia_Subsystem
IMS: http://www.rennes.enst-bretagne.fr/~gbertran/files/IMS_an_overview.pdf
IMS: http://www.radio-electronics.com/info/telecommunications_networks/ims-ip-multimedia-subsystem/tutorial-basics.php
Viper VAST: http://vipervast.sourceforge.net
VoIP Related Google Search Terms: http://www.hackingexposedvoip.com/google.html
Default Voicemail Sound Files: http://www.hackingexposedvoip.com/voicemail.html
Wireshark: http://www.wireshark.org/download.html
Xplico: http://www.xplico.org
VideoJak: http://videojak.sourceforge.net
TraceBuster: http://www.touchstone-inc.com/tracebuster.php
Oreka: http://oreka.sourceforge.net
SIPp: http://sipp.sourceforge.net
ACE: http://ucsniff.sourceforge.net/ace.html
OAT: http://voat.sourceforge.net
XTest: http://xtest.sourceforge.net
SIPVicious: https://code.google.com/p/sipvicious
UCSniff: http://ucsniff.sourceforge.net
Bluebox-ng: https://github.com/jesusprubio/bluebox-ng
SCTPScan: http://www.p1sec.com/corp/research/tools/sctpscan
SCTPScan: http://www.dailymotion.com/video/x2nq3d_frnog-10-philippe-langlois-sctpscan_tech
SS7calc: https://github.com/philpraxis/ss7calc

Others:
CommandLineKungFu: http://blog.commandlinekungfu.com
Bernardo’s Password Hashes Dump Tools: https://docs.google.com/spreadsheet/ccc?key=0Ak-eXPencMnydGhwR1VvamhlNEljVHlJdVkxZ2RIaWc

Virtual Machines and Live CD’s:
Backtrack: http://www.backtrack-linux.org
Kali Linux: http://www.kali.org
BackBox Linux: http://www.backbox.org
Matriux: http://www.matriux.com
VAST: http://vipervast.sourceforge.net
Security Onion: http://securityonion.blogspot.co.uk
Samurai: http://sourceforge.net/projects/samurai
OSWA-Assistant: http://securitystartshere.org/page-training-oswa-assistant-tools.htm
RFID Live Hacking System: http://www.openpcd.org/Live_RFID_Hacking_System
Ophcrack: http://ophcrack.sourceforge.net
REMnux: http://zeltser.com/remnux
ARE: https://redmine.honeynet.org/projects/are
HoneyDrive: http://bruteforce.gr/honeydrive
SIFT: http://computer-forensics.sans.org/community/downloads
Orion: http://orionlivecd.sourceforge.net
Raptor: http://forwarddiscovery.com/Raptor
Vyatta CORE: http://www.vyatta.org/downloads
NST: http://sourceforge.net/projects/nst
MobiSec: http://sourceforge.net/projects/mobisec
Santoku Linux: https://santoku-linux.com
Ultimate Boot CD: http://www.ultimatebootcd.com
Hiren’s BootCD: http://www.hiren.info/pages/bootcd
Turnkey Linux: http://www.turnkeylinux.org
Linux Mint: http://www.linuxmint.com
Fedora: http://fedoraproject.org
OpenSUSE: http://www.opensuse.org
Openindiana: http://openindiana.org
Haiku: http://haiku-os.org

.
Browser Addons / Plugins / Extensions:

Firefox:
Recon:
ShowIP: https://addons.mozilla.org/en-US/firefox/addon/showip
Domain Details: https://addons.mozilla.org/en-US/firefox/addon/domain-details
Passive Recon: https://addons.mozilla.org/en-US/firefox/addon/passiverecon

Request Capture and Modification:
Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/tamper-data

Cookies:
Cookie Manager+: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus

Web Services:
Poster: https://addons.mozilla.org/en-us/firefox/addon/poster

Page and Script Analysis:
Firebug: https://addons.mozilla.org/en-US/firefox/addon/firebug
FlashFirebug: https://addons.mozilla.org/en-US/firefox/addon/flashfirebug
Web Developer: https://addons.mozilla.org/en-US/firefox/addon/web-developer
View Dependencies: https://addons.mozilla.org/en-US/firefox/addon/view-dependencies
JavaScript Deobfuscator: https://addons.mozilla.org/en-us/firefox/addon/javascript-deobfuscator

Header Analysis:
Live HTTP Headers: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers
Wappalyzer: https://addons.mozilla.org/en-US/firefox/addon/wappalyzer

Multi Purpose:
Hackbar: https://addons.mozilla.org/en-US/firefox/addon/hackbar

Search Engines:
Offensive Security ExploitDB: https://addons.mozilla.org/en-US/firefox/addon/offensive-security-exploit-dat
OSVDB: https://addons.mozilla.org/en-US/firefox/addon/osvdb
PacketStorm: https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin
SecurityFocus: https://addons.mozilla.org/en-US/firefox/addon/securityfocus-vulnerabilities-
Default Passwords – CIRT.net: https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786

Utilities:
FireShot: https://addons.mozilla.org/en-US/firefox/addon/fireshot
Capture Fox (up to v6): https://addons.mozilla.org/en-US/firefox/addon/capture-fox
TabMix Plus: https://addons.mozilla.org/en-US/firefox/addon/tab-mix-plus
NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
Less Spam, Please: https://addons.mozilla.org/en-US/firefox/addon/less-spam-please
IE Tab 2: https://addons.mozilla.org/en-US/firefox/addon/ie-tab-2-ff-36

Misc:
JSON View: https://addons.mozilla.org/en-US/firefox/addon/jsonview
RESTClient: https://addons.mozilla.org/en-US/firefox/addon/restclient
FirePath: https://addons.mozilla.org/en-US/firefox/addon/firepath
Groundspeed: https://addons.mozilla.org/en-US/firefox/addon/groundspeed
Elite Proxy Switcher: https://addons.mozilla.org/en-US/firefox/addon/elite-proxy-switcher
FoxyProxy Standard: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard
Host Spy: https://addons.mozilla.org/en-US/firefox/addon/host-spy
ViewStatePeeker: https://addons.mozilla.org/en-us/firefox/addon/viewstatepeeker
User Agent Switcher: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher
CryptoFox: https://addons.mozilla.org/en-US/firefox/addon/cryptofox

Chrome:
Recon:

IP Address and Domain Information: https://chrome.google.com/webstore/detail/lhgkegeccnckoiliokondpaaalbhafoa
Network & Internet Tools: https://chrome.google.com/webstore/detail/ekpdpmpcgcmpaeokmclflfpadaklgpji

Request Capture and Modification:
Tampermonkey: https://chrome.google.com/webstore/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
Request Maker: https://chrome.google.com/webstore/detail/kajfghlhfkcocafkcjlajldicbikpgnp
Dev HTTP Client: https://chrome.google.com/webstore/detail/aejoelaoggembcahagimdiliamlcdmfm

Page and Script Analysis:
Firebug Lite: https://chrome.google.com/webstore/detail/bmagokdooijbeehmkpknfglimnifench
Web Developer: https://chrome.google.com/webstore/detail/bfbameneiokkgbdmiekhjnmfkcnldhhm
Web Edit: https://chrome.google.com/webstore/detail/knkafdhggfbbpbdojbegpokhiiclpnml

Cookies:
Swap My Cookies: https://chrome.google.com/webstore/detail/dffhipnliikkblkhpjapbecpmoilcama
Edit This Cookie: https://chrome.google.com/webstore/detail/fngmhnnpilhplaeedifhccceomclgfbg

Header Analysis:
Recx Security Analyzer: https://chrome.google.com/webstore/detail/ljafjhbjenhgcgnikniijchkngljgjda
Wappalyzer: https://chrome.google.com/webstore/detail/gppongmhjkpfnbhagpmjfkannfbllamg
HTTPHeaders: https://chrome.google.com/webstore/detail/hplfkkmefamockhligfdcfgfnbcdddbg

Utilities:
Awesome Screenshot: https://chrome.google.com/webstore/detail/alelhddbbhepgpmgidjdcjakblofbmce
NotScript: https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn
Easy Disposable Email Address https://chrome.google.com/webstore/detail/mkpfodpjhekjdhkchalfflggeoamfajh
IE Tab Multi: https://chrome.google.com/webstore/detail/fnfnbeppfinmnjnjhedifcfllpcfgeea
Advanced Encoder / Decoder https://chrome.google.com/webstore/detail/ochhcobhdebiaimobmlnjogeggcgafgd
Proxy Switchy: https://chrome.google.com/webstore/detail/caehdcpeofiiigpdhbabniblemipncjj
Chrome Remote Desktop: https://chrome.google.com/webstore/detail/gbchcmhmhahfdphkhkmpfmihenigjmpp

Misc:
XSS Rays: https://chrome.google.com/webstore/detail/kkopfbcgaebdaklghbnfmjeeonmabidj
Postman REST Client: https://chrome.google.com/webstore/detail/fdmmgilgnpjigdojojpjoooidkmcomcm
Simple REST Client: https://chrome.google.com/webstore/detail/fhjcajmcbmldlhcimfajhfbgofnpcjmb
JSON View: https://chrome.google.com/webstore/detail/chklaanhfefbnpoihckbnefhakgolnmc
XPath Helper: https://chrome.google.com/webstore/detail/hgimnogjllphhhkhlmebbmlgjoejdpjl

Prepackaged Browsers:
Mantra: http://www.getmantra.com/download/index.html
Sandcat: http://www.syhunt.com/?n=Sandcat.Browser
HconSTF: http://www.hcon.in/downloads.html

Public Key Infrastructure (PKI):
PKIX workgroup: http://datatracker.ietf.org/wg/pkix/charter
NIST PKI Program: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/index.html
NIST PKI Program: http://csrc.nist.gov/publications/PubsTC.html#PKI
EJBCA: http://www.ejbca.org
OpenCA: http://www.openca.org/projects.shtml
XCA: http://xca.sourceforge.net
PHPki: http://phpki.sourceforge.net
UniCERT: http://www.verizonbusiness.com/Products/security/identity/unicert
Entrust Authority: http://www.entrust.com/pki
RSA Digital Certificate Manager: http://uk.emc.com/security/rsa-digital-certificate.htm
Secure PKI: http://uk.safenet-inc.com/Solutions/Industry_Solutions_for/Secure_PKI/
KeyOne: http://www.safelayer.com/en/products-and-services/solutions/public-key-infrastructures
CoSign: http://www.arx.com/products/security-products
Symantec / Verisign: http://www.symantec.com/en/uk/verisign/managed-pki-service
Entrust: http://www.entrust.com/managed_services/index.htm
Digicert: http://www.digicert.com/managed-pki-ssl.htm
Exostar: http://www.exostar.com/products-Federated_Identity_Service.aspx
Verizon: http://www.verizonbusiness.com/terms/us/products/security/managedPKI
QuoVadis: http://www.quovadisglobal.co.uk/CertificateServices/ManagedPKI.aspx
Keynectis OpenTrust: http://www.keynectis.com/en/certificate-based-identity-management
FreeIPA: http://www.freeipa.org/page/Main_Page

PCI DSS:
PCI DSS Standard: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
PCI Council: https://www.pcisecuritystandards.org/
PCI Compliance Guide: http://www.pcicomplianceguide.org/
Focus on PCI: http://www.focusonpci.com/
Practical Threat Analysis: http://www.ptatechnologies.com
PCI DSS Summary of Changes v2.0 to v3.0: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3_Summary_of_Chang es.pdf

ISO:
ISO 27001 Standard: http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54534
ISO 27002 Standard: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54533
ISO27k Forum ISO27k Toolkit: http://www.iso27001security.com/html/iso27k_toolkit.html
SANS ISO 17799 Checklist: http://www.sans.org/score/checklists/ISO_17799_2005.doc
EBIOS: https://adullact.net/projects/ebios2010
openEBIOS: http://sourceforge.net/projects/openebios
Practical Threat Analysis: http://www.ptatechnologies.com
Verinice SerNet: http://www.verinice.org/en/
Guide to Implementing and Auditing of ISMS Controls: http://shop.bsigroup.com/ProductDetail/?pid=000000000030282631
SANS Security Policy Project: http://www.sans.org/security-resources/policies
Mapping of the two versions: http://www.slideshare.net/mpsinghrathore/mapping-of-iso-270012005-with-iso-270012013
BSi ISO27001 Transition Guide: http://www.slideshare.net/BSIGroupThailand/bsi-isoiec27001-transition-guide
More tools: http://rm-inv.enisa.europa.eu/tools

Penetration Testing Practice Lab – Vulnerable Apps / Systems (The Most Complete List)


A complete mindmap about all the courses and trainings from this post can be found here:
http://www.amanhardikar.com/mindmaps/Practice.png

Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.

Vulnerable Web Applications:
OWASP BWA: http://code.google.com/p/owaspbwa
OWASP Hackademic: http://hackademic1.teilar.gr
OWASP SiteGenerator: https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks: http://sourceforge.net/projects/owaspbricks & http://sechow.com/bricks
OWASP Security Shepherd: https://www.owasp.org/index.php/OWASP_Security_Shepherd
Damn Vulnerable Web App (DVWA): http://www.dvwa.co.uk
Damn Vulnerable Web Services (DVWS): http://dvws.professionallyevil.com
WebGoat.NET: https://github.com/jerryhoff/WebGoat.NET
PentesterLab: https://pentesterlab.com
Butterfly Security Project: http://thebutterflytmp.sourceforge.net
Foundstone Hackme Bank: http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books: http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino: http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping: http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel: http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity: http://sourceforge.net/projects/lampsecurity
Moth: http://www.bonsai-sec.com/en/research/moth.php
WackoPicko: https://github.com/adamdoupe/WackoPicko & http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
BadStore: http://www.badstore.net
WebSecurity Dojo: http://www.mavensecurity.com/web_security_dojo
BodgeIt Store: http://code.google.com/p/bodgeit
hackxor: http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench: http://suif.stanford.edu/~livshits/securibench
SQLol: https://github.com/SpiderLabs/SQLol
CryptOMG: https://github.com/SpiderLabs/CryptOMG
XMLmao: https://github.com/SpiderLabs/XMLmao
Exploit KB Vulnerable Web App: http://exploit.co.il/projects/vuln-web-app & http://sourceforge.net/projects/exploitcoilvuln
PHDays iBank CTF: http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
GameOver: http://sourceforge.net/projects/null-gameover
Zap WAVE: http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
PuzzleMall: http://code.google.com/p/puzzlemall
VulnApp: http://www.nth-dimension.org.uk/blog.php?id=88
sqli-labs: https://github.com/Audi-1/sqli-labs
Drunk Admin Web Hacking Challenge: https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge
bWAPP: http://www.mmeit.be/bwapp & http://sourceforge.net/projects/bwapp/files/bee-box & http://www.itsecgames.com
NOWASP / Mutillidae 2: http://sourceforge.net/projects/mutillidae
SocketToMe: http://digi.ninja/projects/sockettome.php
Project GameOver: http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform
OWASP Vicnum Project: https://sourceforge.net/projects/vicnum & http://vicnum.ciphertechs.com
Hackademic Challenges: http://www.hackademic.eu

Vulnerable Operating System Installations:
Damn Vulnerable Linux: http://sourceforge.net/projects/virtualhacking/files/os/dvl & http://www.damnvulnerablelinux.org
Metasploitable: http://sourceforge.net/projects/virtualhacking/files/os/metasploitable & https://sourceforge.net/projects/metasploitable
LAMPSecurity: http://sourceforge.net/projects/lampsecurity
UltimateLAMP: http://www.amanhardikar.com/mindmaps/practice-links.html & http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
De-ICE HackerPedia PenTest LiveCDs http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
pWnOS: http://www.pwnos.com & http://www.krash.in/bond00/pWnOS%20v1.0.zip & http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html
Holynix: http://sourceforge.net/projects/holynix/files & http://pynstrom.net/index.php?page=holynix.php
Kioptrix: http://www.kioptrix.com/blog/?page_id=135
exploit-exercises – nebula, protostar, fusion: http://exploit-exercises.com/download
PenTest Laboratory: http://pentestlab.org/lab-in-a-box
RebootUser Vulnix: http://www.rebootuser.com/?page_id=1041
neutronstar: http://neutronstar.org/goatselinux.html
scriptjunkie.us: http://www.scriptjunkie.us/2012/04/the-hacker-games
21LTR: http://21ltr.com/scenes
SecGame # 1 Sauron: http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
Pentester Lab: https://www.pentesterlab.com/exercises
Vulnserver: http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
TurnKey Linux: http://www.turnkeylinux.org
Bitnami: https://bitnami.com/stacks
Elastic Server: http://elasticserver.com
CentOS: http://www.centos.org
Katana: http://www.hackfromacave.com/katana.html
Virtual Hacking Lab: http://sourceforge.net/projects/virtualhacking/files
Hacking-Lab: http://www.hacking-lab.com/hl_livecd

Sites for Downloading Older Versions of Various Software:
Exploit-DB: http://www.exploit-db.com
Old Version: http://www.oldversion.com
Old Apps: http://www.oldapps.com
VirtualHacking Repo: http://sourceforge.net/projects/virtualhacking/files/apps%40realworld

Sites by Vendors of Security Testing Software:
Acunetix acuforum: http://testasp.vulnweb.com
Acunetix acublog: http://testaspnet.vulnweb.com
Acunetix acuart: http://testphp.vulnweb.com
Cenzic crackmebank: http://crackme.cenzic.com
HP freebank: http://zero.webappsecurity.com
IBM altoromutual: http://demo.testfire.net
Mavituna testsparker: http://aspnet.testsparker.com
Mavituna testsparker: http://php.testsparker.com
NTOSpider Test Site: http://www.webscantest.com

Sites for Improving Your Hacking Skills:
EnigmaGroup: http://www.enigmagroup.org
Exploit Exercises: http://exploit-exercises.com
Google Gruyere: http://google-gruyere.appspot.com
Gh0st Lab: http://www.gh0st.net
Hack This Site: http://www.hackthissite.org
HackThis: http://www.hackthis.co.uk
HackQuest: http://www.hackquest.com
Hack.me: https://hack.me
Hacking-Lab: https://www.hacking-lab.com
Hacker Challenge: http://www.dareyourmind.net
Hacker Test: http://www.hackertest.net
hACME Game: http://www.hacmegame.org
Hax.Tor: http://hax.tor.hu
OverTheWire: http://www.overthewire.org/wargames
PentestIT: http://www.pentestit.ru/en
pwn0: https://pwn0.com/home.php
RootContest: http://rootcontest.com
Root Me: http://www.root-me.org/?lang=en
Security Treasure Hunt: http://www.securitytreasurehunt.com
Smash The Stack: http://www.smashthestack.org
TheBlackSheep and Erik: http://www.bright-shadows.net
ThisIsLegal: http://thisislegal.com
Try2Hack: http://www.try2hack.nl
WabLab: http://www.wablab.com/hackme
XSS – Can You XSS This?: http://canyouxssthis.com/HTMLSanitizer
XSS – ProgPHP: http://xss.progphp.com

CTF Sites / Archives:
CTFtime (Details of CTF Challenges): http://ctftime.org/ctfs
shell-storm Repo: http://shell-storm.org/repo/CTF
CAPTF Repo: http://captf.com
VulnHub: https://www.vulnhub.com

Mobile Apps:
ExploitMe Mobile Android Labs: http://securitycompass.github.io/AndroidLabs
ExploitMe Mobile iPhone Labs: http://securitycompass.github.io/iPhoneLabs
OWASP iGoat: http://code.google.com/p/owasp-igoat
OWASP Goatdroid: https://github.com/jackMannino/OWASP-GoatDroid-Project
Damn Vulnerable iOS App (DVIA): http://damnvulnerableiosapp.com
Damn Vulnerable Android App (DVAA): https://code.google.com/p/dvaa
Damn Vulnerable FirefoxOS Application (DVFA): https://github.com/pwnetrationguru/dvfa
NcN Wargame: http://noconname.org/evento/wargame
Hacme Bank Android: http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank: http://www.paladion.net/downloadapp.html

Miscellaneous:
VulnVPN: http://www.rebootuser.com/?page_id=1041
VulnVoIP: http://www.rebootuser.com/?page_id=1041
NETinVM: http://informatica.uv.es/~carlos/docencia/netinvm
GNS3: http://sourceforge.net/projects/gns-3
XAMPP: https://www.apachefriends.org/index.html

Online Automatic Cloud-based Fast (WiFi) Password Crackers


Cloudcracker, crack passwords with the hashes: WPA/WPA2, NTLM, SHA-512, MD5, MS-CHAPv2:
https://www.cloudcracker.com

GPUhash, crack passwords with the hashes: WPA/WPA2:
https://gpuhash.me wpa/wpa2

Darkircop, crack passwords with the hashes: WPA/WPA2:
http://wpa.darkircop.org
A script for Darkircop that will automatically fetch uncracked networks, and try to crack them by uploading the results to http://wpa.darkircop.org. The script can be downloaded from:
http://wpa.darkircop.org/dcrack.py

Hashbreak, crack passwords with the hashes: MD5, MD4, SHA1, LM, NTLM, MYSQL, WPA/WPA2:
http://www.hashbreak.com

Crackq, crack passwords with the hashes: NTLM, LM, MD5, WPA/WPA2:
http://hashcrack.org/crackq
A autopwn script that parses WPA/WPA2 captured handshakes and them to Crackq can be downloaded from:
https://github.com/vnik5287/wpa-autopwn

EXTRA: Useful script that ca become very handy when collecting and capturing handshakes.
The script compares signal strength using wireless interfaces with internal (built-in) and external antennas can be downloaded from:
https://github.com/vnik5287/wifi-scripts