| #!/bin/sh | |
| #Reconnaissance | |
| yum install dsniff hping3 nc6 nc ncrack ngrep nmap nmap-frontend p0f sing scanssh scapy socat tcpdump unicornscan wireshark-gnome xprobe2 nbtscan tcpxtract firewalk hunt dnsenum iftop argus ettercap ettercap-gtk packETH iptraf pcapdiff etherape lynis netsniff-ng tcpjunk ssldump yersinia net-snmp openvas-client openvas-scanner | |
| #Forensics | |
| yum install ddrescue gparted hexedit testdisk foremost sectool-gui scanmem sleuthkit unhide examiner dc3dd afftools srm firstaidkit-plugin-all ntfs-3g ntfsprogs | |
| #Web Application Testing | |
| yum install httping nikto ratproxy lbd skipfish |
Here is a high level overview for what you need to do to get most of an Android environment setup and maintained.
Prerequisites (for Homebrew at a minimum, lots of other tools need these too):
xcode-select --install will prompt up a dialog)Install Homebrew:
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
| _ _ _ ____ _ _ | |
| | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |
| | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | |
| | _ | (_| | (__| < | |_) | (_| | (__| <|_| | |
| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) | |
| A DIY Guide for those without the patience to wait for whistleblowers | |
| --[ 1 ]-- Introduction |
| http://pentestmonkey.net/blog | |
| http://jeremiahgrossman.blogspot.com | |
| http://www.darknet.org.uk | |
| http://spylogic.net | |
| http://taosecurity.blogspot.com | |
| http://www.room362.com | |
| http://blog.sipvicious.org | |
| http://blog.portswigger.net | |
| http://blog.c22.cc | |
| http://carnal0wnage.blogspot.com |
| I found this list by chance. It is located at: https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList | |
| Its a bit old (compiled in 2012), but links may still be valid. | |
| ------------------ | |
| Hacker Media | |
| Blogs Worth It: | |
| What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work. |
#summary Bookmarks List = Hacker Media =
== Blogs Worth It: == What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
* http://carnal0wnage.blogspot.com/
* http://www.mcgrewsecurity.com/
* http://www.gnucitizen.org/blog/
http://blog.pentestify.com/2014/03/07/getting-started-in-security-a-message-to-a-student/
Recently had a college student reach out for advice, and thought i’d share with the class:
My biggest issue with my current education is the broad scale and lack of clear direction on how to achieve my goals. I know that I am very interested in penetration testing. Ethical hacking in general is a very big interest of mine. But as for what area of security, I’m not even sure what the options are.
Cool – sounds like the biggest thing is to explore your options, and decide on a direction knowing full well this may change as you learn more.
| #/bin/bash | |
| # This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests. | |
| # The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from | |
| # and run on victim machines. | |
| toollist=( | |
| 'https://github.com/ilneill/Py-CiscoT7.git' | |
| 'https://github.com/rsmudge/cortana-scripts.git' | |
| 'https://github.com/CoreSecurity/impacket.git' |
| alias __git_ps1="git branch 2>/dev/null | grep '*' | sed 's/* \(.*\)/(\1)/'" | |
| export CLICOLOR=1 | |
| #export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx | |
| export LSCOLORS=ExFxCxDxBxegedabagacad | |
| RESET="\[\017\]" | |
| NORMAL="\[\033[0m\]" | |
| USER_COLOR="\[\033[1;32m\]" | |
| DIR_COLOR="\[\033[1;35m\]" | |
| GIT_COLOR="\[\033[1;33m\]" |