Hello, 0x00’ers!

@zSec gave us the idea to make a Wiki with working services for things such as email relays, SMS spoofing and the like. Feel free to edit this and add things you have tried and tested. The more we add in useful things, with a very quick way to access them, the more useful this page will become.

The type of information included here, should not be content for teaching new concepts, but something that you can use for reference once you know the techniques. An almost cheatsheet for Pentesters/Hackers. The little things that make you go: “what was that thing again?”

Remember that many hands make light work

Table of Contents: →

1. References
2. Shells
3. Recon
4. Rootkits
5. Exploitation
6. BruteForcing
7. Social Engineering
8. Doxing
9. Web Hacking
10. Exploit Development
11. WiFi Hacking
12. Mobile Pentesting
13. Bluetooth Hacking
14. Anonymity
15. Forensics
16. Reverse Engineering
17. All-In-One OS
18. Malware Sample

---

1. References: →

• Let’s Start Study
• CheatSheet
• My Notpad
• ASCII Table
• Conversion Tools: →
  • CyberChef - kinda a Swiss army knife of encoding, decoding, hashing, etc. Quite handy.
  • exe2hex - Direct Download

2. Shells: →

• Multi Reverse Shell Manager (Platypus)
• PHP Findsock Shell - Direct Download
• PHP Reverse Shell - Direct Download
• Get interactive prompt (sudo)
• python -c 'import pty; pty.spawn("/bin/bash")'
• In TTY Shell → export TERM=linux
• PHPShell - Direct Download
• WebShell List
• PHP WebShell List
• STELF - Direct Download - Tutorial
• Weevely - Direct Download

3. Recon: →

• Google Dork Hacking Database
• Exploit DB
• SerchSploit
• CeWL - Direct Download
• AdminFinder - Direct Download
• Masscan - Direct Download
• TheHarvester - Direct Download
• Shodan Hat - Direct Download
• GitRob - Direct Download
• Nmap - Downloads
• Zenmap - GUI for Nmap
• Sparta - Direct Download
• Sn1per - Direct Download
• IKE-Scanner - Direct Download
• Netdiscover - Direct Download
• Recon-NG - Direct Download
• DMitry - Direct Download
• IP Geolocation
• Free IP Geolocation API - Script Download
• IP lookup
• IP/DNS Detect (LeakTest)
• Reconnoitre (OSCP)

4. Rootkits: →

• Rootkit List

5. Exploitation: →

• EternalBlue-To-PowerShell - Direct Download
• Shell Storm DB
• Termineter - Direct Download
• Cobalt Strike
• w3af (Web Application Attack and Audit Framework) - Download Page
• Metasploit Framework - Downloads
  • Armitage - GUI for MSF - Downloads
  • Kimi Framwork - Generate Malicious Debain Packages - Direct Download
• Veil - Direct Download
• Sqlmap
• SATAN (Security Administrator Tool for Analyzing Networks) - Download Page
• Post-Exploitation: →
  • UACME
  • Priv Escalation for Windows
  • dnscat2
  • PowerShell Empire
  • Nishang - Direct Download
  • Mimikatz - Direct Download
  • Mimipenguin - Direct Download
  • The Backdoor Factory - Direct Download
  • Merlin - Direct Download
• Man In The Middle & Packet Sniffing: →
  • Ettercap - Downloads
  • Bettercap - Downloads
  • XeroSploit - Direct Download
  • EvilGnix2 - Download
  • MITMf - Direct Download
  • Wireshark - Downloads
  • Driftnet - Direct Download
  • Yersinia - Direct Download
  • SSLsplit - Direct Download
  • SSLsniff - Direct Download
  • SSLstrip - Direct Download
  • cports - Download Page
  • netcat - Download Page
  • WPE (Winsock Packet Editor) - Download Page
  • TCPView - Direct Download

6. Bruteforcing: →

• Port Force - Direct Download

• John The Ripper - Direct Download

• Johnny - GUI for JTR

• THC-Hydra - Direct Download

• Medusa - Direct Download

• Ophcrack - Downloads

• RainbowCrack

• Pydictor - Direct Download

• FCrackZip - Direct Download

• Hashcat - Direct Download - Github

• Pyrit - Direct Download

• L0phtCrack - Demo Page

• Wordlists: →

  • Crackstation (4.2GiB) - Torrent - Direct Download
  • John The Ripper Wordlist (10.6kB) - Direct Download
  • Rockyou - Direct Download

• Cain & Abel - Direct Download

7. Social Engineering: →

• Social Engineer Toolkit - Direct Download
• SMS/Call Spoofing
• Spoofcard - Android - iOS
• Burner App - Android
• Email Spoofing
• Emkei
• Trash-Mail
• Assets A/V
• Call Center Soundtrack
• Airport Soundtrack
• City Soundtrack
• Phishing
• Gophish Framework

8. Doxing: →

• Pipl (free services retired)
• Skype resolver
• Wigle.net - WiFi Locations

9. Web Hacking: →

• WordPress/CMS: →
  • WPForce - Direct Download
  • Droopescan - Direct Download
  • WPScan - Direct Download - Scanning wordpress.blogpot sites
• Vulnerable Web App(s)
• Arachni - Direct Download
• Zaproxy - Downloads
  • Zap Community Scripts - Direct Download
• Burp Suite - Downloads - Professional v1.7.35
• Browser Exploitation: →
  • BeEF - Direct Download
• Directory Bruteforce:
  -Dirsearch - Direct Download

10. Exploit Development: →

• expdevBadChars - Direct Download
• ShellNoob - Direct Download
• OWASP ZSC - Direct Download

11. Wi-Fi Hacking: →

• WiFite - Direct Download
• Airgeddon - Direct Download
• mdk4 - Direct Download
• Aircrack-NG - Downloads
  • Airodump-NG Scan Visualizer - Direct Download
• WiFi Cracking: →
  • Fern WiFi Cracker - Direct Download
  • PixieWPS - Direct Download
  • ReaverWPS - Direct Download
  • Cowpatty - Direct Download
• Fake AP / Rogue AP: →
  • Fluxion - Direct Download
  • WiFiPhisher - Direct Download
  • WiFi Pumpkin - Downloads
  • Ghost-Phisher - Direct Download
• Fake AP / Rogue AP Prevention: →
  • Kismet - Direct Download

12. Mobile Pentesting: →

• zANTI (ROOT REQUIRED)
• Security Assessment /Testing Framework - Android - iOS
• Mobile Pentesting Apps
• cSploit - direct download (ROOT REQUIRED)
• NetHunter
• Http canary - Burp like tool for android
• Lazymux for Termux - Install pentesting tools on your android terminal

13. Bluetooth Hacking: →

• BlueZ
• BlueHydra
• BlueSnarfer

14. Anonymity: →

• AnonSurf - Downloads
• ProxyChains-NG - Downloads
• TOR Project - Downloads
• I2P - Download - Tutorial

15. Forensics: →

• URLForen - Direct Download
• Maltego - Download Page

16. Reverse Engineering: →

• Flasm - Linux - Mac - Windows
• x64dbg - Download Page
• Resource Hacker - Download Page
• Ghidra: A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission - Download Page
• OllyDBG v1.10 - Direct Download
• OllyDBG v2.01 - Direct Download
• gdb (GNU Project Debugger) - Download Page
• gdb powerups - PEDA, GEF, SymGDB, PwnDbg
• IDA - Demo Page
• Binary Ninja - Demo Page
  suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission - Download Page
• ILSpy - Download Page
• .NET Reflector - Demo Page
• Apktool
• dnSpy: a .NET debugger, decomplier and assembly editor. Mainly uses ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler
• radare: The swiss army knife for any RE related task from the commandline - cutter A GUI for radare2

17. Operating Systems: →

• Parrot Security - Download Page
• Kali Linux - Download Page
• Kali Nethunter - Download Page
• Blackarch Linux - Download Page
• Backbox Linux - Download Page
• Samuari Web Testing Framework - Download Page
• WeakNet’s Demon Linux - Download Page
• Pentoo - Download Page
• Windows 7 Ultimate SP1 64bit Official with Proof
• Windows 7 Ultimate SP1 64bit Official Virtual Machine(vmware) Updated till Feb, 2019
• Complete Mandiant Offensive VM (Commando VM)

18. Malware Samples: →

• Direct Download 44GB
  -Interactive Malware Sandbox

19. OSINT Framework: →

• OSINT framework

Why don’t we make this an actual wiki?

Click on green button on the top right. You should be able to edit it.

EDIT: I am afraid it would be largely unused - and, another account for people to have. Let’s see how this goes for now.

Awesome!! Now I finally don’t have to keep all of those bookmarks around. I’ll have to sort through and post some of them when I get the time.

EDIT: Sorry if I end up editing the wiki at the same time as someone else and accidentally over-write their changes!! (I check the previous edits after I submit my changes) If this happens, I will add back in the changes that you’ve made!

Again, Sorry, and I’m not doing it to be a d-bag lol. I’ve just got a lot of bookmarks.

Awesome idea to make a centralized place for all those nifty tools we might need or come in handy in different scenarios.
This will make our lifes a lot easier

Yes! This is awesome. Thank you!

Love it ! Good initiative !

MAN. This page has exploded! There is so much here!

I think I am going to bookmark this now before I loose it…

It has exploded indeed!
I really like this overview. It can be extremely useful if one needs information or a tool for a specific purpose.
Imagine how this page might look in a year or so.
I’m going to add everything useful I can think of and know about!

I’m really happy that this idea worked out so well, thanks everyone

just a FIY, skype resolvers don’t work anymore on recent skype versions. Microsoft patched it.

-Phoenix750

Yes, sadly.
Do you know any alternatives?

Just send them an IP grabber link using good old reliable SE.

I just added csploit to the list!

But if my target doesn’t know me they won’t just click at that link, unless they are pretty stupid.

This could be really useful in a blackbox pentest. Many companies use Skype for business. With that I could easily get the public IP of their internet outbreak.

Are you sure ? I tried it 2 days ago before adding it to this list and it worked !

You are right, it is working again!
Sadly the target has to be online, otherwise it won’t work.
@Nitrax a year ago or so it wasn’t working anymore, haven’t checked it out since then. But apparently they update it.

Still doesn’t work on my Skype and I have the most recent version of Skype.

Added Burner App to the SMS/Call spoofing

Cool!
Where can i find android debugging tools?

What do we need to do to make that thing a real maintained Wiki?

I think that is something that is really needed around the pentesting environment.
I would propose something with explanation to the software and stuff just like Wikipedia Really.