• Kali Linux - (Operating system)

    Kali Linux 2.0 was released on 11th August 2015 and comes with more than 600 preinstalled penetration/security tools.

    Tools are categorized as following
    Information Gathering
    Sniffing & Spoofing
    Vulnerability Analysis
    Exploitation Tools
    Password Attacks
    Wireless Attacks
    Forensic Tools
    Maintaining Access
    Hardware Hacking
    Web Applications
    Stress Testing
    Reverse Engineering
    Reporting Tools

    https://www.kali.org/downloads/

    posted in Must-have! ( Hacking Tools
  • Acunetix - (Web Application Security Scanner)

    Acunetix is an end-to-end web security scanner. Allowing you to take control of the security of all you web applications, web services, and APIs to ensure long-term protection. Acunetix’s scanning engine is globally known and trusted for its unbeatable speed and precision.

    https://www.acunetix.com/

    posted in Must-have! ( Hacking Tools
  • Burp Suite - (Vulnerability Scanning Tool)

    Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research.

    https://portswigger.net/burp

    posted in Must-have! ( Hacking Tools
  • Tails - (Operating system)

    Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD. It aims at preserving your privacy and anonymity (use the Internet anonymously and circumvent censorship, leave no trace, use state-of-the-art cryptographic tools )

    https://tails.boum.org

    posted in Must-have! ( Hacking Tools
  • MOST COMMON HIGH AND CRITICAL CVE’S IN PUBLIC INTERNET FACING SYSTEMS

    The following depicts the most common High and Critical Risk CVE’s discovered in the 12 months to December 2019 for public Internet facing systems. It excludes SSL/TLS related issues due to the volume of issues, which tends to skew the overall results. The “NotPetya” ransomware variant utilized in the 2017 attack uses EternalBlue, an exploit which takes advantage of a vulnerability in Windows’ Server Message Block (SMB) protocol.

    Name
    Microsoft Windows Server 2003
    Unsupported system

    CVE-2005-0416, CVE-2005-3483, CVE-2006-2373, CVE-2006-2374, CVE-2007-0038,
    CVE-2007-1765, CVE-2008-0015, CVE-2008-0020, CVE-2009-1923, CVE-2009-1924,
    CVE-2009-3675, CVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231,
    CVE-2010-1886, CVE-2015-1768,CVE-2015-1768

    Name
    MS14-066: Vulnerability in Schannel
    Remote Code Execution

    CVE-2014-6321

    Name
    MS15-034: Vulnerability in HTTP.sys
    Remote Code Execution

    CVE-2015-1635

    Name
    MS17-010: Security Update for Microsoft Windows
    SMB Server ETERNALBLUE WannaCry Petya

    CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146,
    CVE-2017-0147,CVE-2017-0148

    Name
    Microsoft Windows SMBv1 Various Vulnerabilities

    CVE-2017-0267, CVE-2017-0268, CVE-2017-0269, CVE-2017-0270, CVE-2017-0271,
    CVE-2017-0272, CVE-2017-0273, CVE-2017-0274, CVE-2017-0275, CVE-2017-0276,
    CVE-2017-0277, CVE-2017-0278, CVE-2017-0279,CVE-2017-0280

    Name
    PHP 5.6.x < 5.6.33 Various Vulnerabilities

    CVE-2014-9425, CVE-2014-9709, CVE-2015-1351, CVE-2015-1352, CVE-2015-8383,
    CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391,
    CVE-2015-8393, CVE-2015-8394, CVE-2015-8865, CVE-2016-10158, CVE-2016-10159,
    CVE-2016-10160, CVE-2016-10161, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070,
    CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4537, CVE-2016-4539,
    CVE-2016-4540, CVE-2016-4542, CVE-2016-5385, CVE-2016-5399, CVE-2016-6207,
    CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6293,
    CVE-2016-6294, CVE-2016-6295, CVE-2016-6296,CVE-2016-6297, CVE-2016-7124,
    CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129,
    CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-9935, CVE-2017-11142,
    CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-6004, CVE-2017-7890,
    CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229,
    CVE-2018-5711, CVE-2018-5712

    Name
    Apache Traffic Server 4.x < 4.2.1.1 / 5.x < 5.0.1
    Synthetic Health Check Vulnerability

    CVE-2014-3525

    Name
    Dropbear SSH Server < 2016.72
    Various Vulnerabilities

    CVE-2016-7406, CVE-2016-7407, CVE-2016-7408, CVE-2016-7409

    Name
    HP Data Protector - Command Execution

    CVE-2011-0923

    Name
    MS12-020: Vulnerabilities in RDP
    Remote Code Execution

    CVE-2012-0002, CVE-2012-0152

    posted in Report vulnerabilities / Bug Bounty
  • Nmap - (Network Mapper)

    Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

    https://nmap.org

    posted in Must-have! ( Hacking Tools
  • AIRCRACK-NG - (Network WiFi security tool)

    Aircrack-ng is a complete suite of tools to assess WiFi network security. Monitoring: Packet capture, attacking, cracking and testing.

    https://www.aircrack-ng.org

    posted in Must-have! ( Hacking Tools
  • WIRESHARK - (Network protocol analyzer)

    Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.

    https://www.wireshark.org

    posted in Must-have! ( Hacking Tools
  • OWASP ZAP - (Security tools)

    The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. Great for pentesters, devs, QA, and CI/CD integration.

    https://owasp.org/www-project-zap/

    posted in Must-have! ( Hacking Tools
  • MALTEGO - (Black Hat Ethical Hacking)

    Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet. Maltego uses the idea of transforms to automate the process of querying different data sources.

    https://www.maltego.com

    posted in Must-have! ( Hacking Tools