Penetration Testing & Hacking

Penetration Testing Distros’

SiteDescription
KaliMost popular Linux based pen testing OS
Parrot Security OSLinux based OS with mobile pen testing tools
BackBoxLinux based open-source pen testing OS
CommandoVMMandiants Windows based pen testing OS

Vulnerable App’s & Distros’

SiteDescription
Damn Vulnerable Web Application (DVWA)Vulnerable application to practice penetration testing
MetasploitableVulnerable distribution to practice penetration testing
VulnServer ApplicationVulnerable application to test buffer overflow attacks and exploits
SLMail ApplicaitonVulnerable mail application to test buffer overflow attacks and exploits

Exploit Databases

SiteDescription
CVE DetailsCommon Vulnerabilities & Exposures database
Exploit DatabaseOffensive Security owned exploit database

Penetration Testing Labs

SiteDescription
Hack The BoxCTF lab enviornment to practice penetration testing
Virtual Hacking Labs OSCP like practical penetration testing lab environment and coursework
Vulnhub Vulnerable virtual machines to test penetration testing
PentesterLabExercises that cover everything from basic bugs to advanced vulnerabilities.

Penetration Testing Blogs

SiteDescription
Pen Tester LandUseful tutorials, links, & guides
Awesome Hacking ResourcesUseful tutorials, links, & guides
Journey to Try HarderPWK/OSCP Preparation Guide
GoogleDorksHacking with Google / OSINT
HighOn.CoffeePen Testing Tools Cheat Sheet
0day SecurityPen Testing Playbook
wtsxDevPen Testing Resources
FutureOSCP BlogUseful tutorials, links & guides
MADERASPenetration Testing Blog
SMB Enumeation Checklist0xdf.gitlab.io checklist
sushant747Total OSCP Guide

Tools, Guides, & Resources

SiteDescription
GitHub – SecLists Collections of lists (usernames, passwords)
NMAP Scripting Engine Documentation Nmap Scripting Engine Documentation
NSE Script Reference Full list of NSE scripts available
LFI TechniquesLFI techniques
LFI ListsComplete list of LFI file locations to check
HashKillerHash cracker
Metasploit UnleashedFull Metasploit Guide

Bug Bounty Programs

SiteDescription
HackerOne#1 Bug bounty program
Bug Crowd#2 Bug bounty program
IntelPublic bug bounty program with payouts
SnapchatPublic bug bounty program with payouts
CiscoPublic bug bounty program with payouts
DropBoxPublic bug bounty program with payouts
ApplePublic bug bounty program with payouts
FacebookPublic bug bounty program with payouts
GooglePublic bug bounty program with payouts
MicrosoftPublic bug bounty program with payouts
ApachePublic bug bounty program with payouts
TwitterPublic bug bounty program with payouts
PayPalPublic bug bounty program with payouts
UberPublic bug bounty program with payouts
LinkedInPublic bug bounty program with payouts
Project Zero Project Zero follows Google’s vulnerability disclosure policy on all of our vulnerability reports
CERTCERT Vulnerability Disclosure Policy