When your first starting out one of the hardest things you will find, is what to study, and where to study. I wanted to make this list of resources to help other people who are interested in learning easier to know what to study and what to look into.
As time goes, I will be updating this list. I am not sponsored or affiliated with anything on this list. These are the websites, courses, and videos that I have found useful and hopefully you will as well.
Courses and videos
- Linux Mastery course
- Great for learning the basics of the terminal
- Fundamental’s of networking
- One of the most beneficial courses for understanding how and why things work.
- IppSec
- Does the majority of HackTheBox retired videos.
These are the main two courses that really was the most beneficial to me in my journey of becoming an ethical hacker.
Must-have Tools
- Nmap
- One of, if not the best network recon tool. It is good for monitoring and discovering things on, and in, networks. This tool is great for Red Teamers and Blue Teamers.
- Burpsuite
- A MItM (Man-In-the-Middle) program that sits between your browser and the website that you are attacking to allow you to capture cookies and packets to allow you to review them, edit them, and then send or receive them along with dozens of other features.
- Metasploit
- Exploitation Framework that allows you to search CVE (Common Vulnerabilities and Exploits) Vulnerabilities and deploy them by just filling out the info that is easily displayed. It also makes it extremely easy to create, deploy, and manage your own exploits.
Social Engineering & Wifi Tools
- Maltego
- A tool made for making social maps of people. Great for when you are trying to build a profile of every social media platform someone is on, who they know, phones or addresses they’ve had, ect. It also does a lot of other related things, like helping you find links automatically. A must-have for advanced OSINT.
- Airgeddon
- A wifi tool for breaking all wifi enryption. It automates attacks using the tools you’d normally run manually, such as Airodump-ng, Reaver, Bully, ect. and makes it trivial to attack a wifi AP stealthily or loudly (deauthing).
- Wifiphisher
- A Rouge AP (access point) program that authenticates users on a target AP and forces them to connect to the attacker instead of their normal AP and then serves the user a phishing page telling them to enter their password and that information is harvested by the attacker. It can also be used to perform phishing attacks on websites, such as LinkedIn
- You can see a more in-depth explaination of this tool here.
- A Rouge AP (access point) program that authenticates users on a target AP and forces them to connect to the attacker instead of their normal AP and then serves the user a phishing page telling them to enter their password and that information is harvested by the attacker. It can also be used to perform phishing attacks on websites, such as LinkedIn
- Social-Engineer Toolkit (SET)
- The go-to toolkit for Social Engineering, allows you to do everything from launching Phishing Attacks using a fake login page that it creates from just a URL that can be launched on a computer on your local network, to spoofing SMS (now you must pay for a service and ingrate it yourself), this function of this tool can be seen being used in Episode 5 of Mr. Robot. This tool has it all when it comes to Social Engineering.
- CUPP
- A great tool that generates a small, personalized, wordlist for a specific target. You fill out information gathered via OSINT and/or Phishing, such as, Their name, spouse’s name, hobbies, important years to them, children’s names, pet names, ect. and it uses common password creations schemes (i.i [child’s name + year of birth] = Abby01) as well as some randomization (and 1338 $p34k, if you choose it), to generate a small, very targeted wordlist aimed at cracking weak passwords – works great for non-technical and older targets that equate personalization to security.
- Sherlock
- Finds a username across tons of social media platforms, great for OSINT and building a profile on someone for an attack or when building a network of people when attacking a business.
Github
- dirsearch
- Brute force directories and files in websites.
- impacket
- Collection of Python classes for working with network protocols.
- JAWS
- Quickly identify potential privilege escalation vectors on Windows systems.
- Knock
- Enumerate subdomains on a target domain through a wordlist.
- LinEnum
- Scripted Local Linux Enumeration & Privilege Escalation Checks.
- PsPy
- Monitor Linux processes without root permissions.
- Reconnoitre
- Automate information gathering and service enumeration whilst creating a directory structure to store results.
- SecLists
- Collection of multiple types of lists used during security assessments
- Striker
- Striker is an offensive information and vulnerability scanner.
- Sublist3r
- Fast subdomains enumeration tool for penetration testers.
- unicorn
- Tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
- Amass
- In-depth Attack Surface Mapping and Asset Discovery.
- Evil-WinRM
- The ultimate WinRM shell for hacking/pentesting.
- Wfuzz
- Web application fuzzer.
- Meg
- Fetch many paths for many hosts – without killing the hosts.
- linuxprivchecker
- Linux Privilege Escalation Check Script.
- linux-smart-enumeration
- Linux enumeration tool for pentesting and CTFs with verbosity levels.
The best way to understand these tools is on there respective github pages, at some point or another I have had to use them and they have been very beneficial. I will be making documentations on how to use each of these tools, so stay tuned for that!
Add-on and Scripts
- Tmux
- Terminal add-on that allows you to easily split your terminal into parts to use simultaneously, as well as run multiple terminals in one window and easily swap between them.
- Cherry Tree
- Note taking – allows you structure and nest notes for doing things, such as, keeping multiple scan reports easily accessible; and create more notes extremely easily, as well as name them.
- Wappalyzer
- A browser plugin that shows you multiple services and plugins that websites are running for a very easy and easy to read and understand what’s going on behind-the-scenes
- FoxyProxy
- FireFox proxy extension/plugin that makes switching between different proxies extremely easy and almost trivial.
- Cookie Editor
- A browser plugin that allows you to easily edit and delete a cookie for the a webpage that you are currently on. You can also import and export cookies to edit or delete.
Some of these are obvious to people in the field, but for new people learning, I recommend you get familiar with each of these.
Websites
- Social-Engineer.org
- The best place for framework, tools, and anything related to Social Engineering. You can also keep up-to-date with their podcast, events/cons, ect.
- Web Academy
- A hands-on introduction, and guide, to web hacking. Created by the makers of Burpsuite (the go-to tool for web hacking).
- OWASP’s WebGoat
- A more in-depth, and hands-on, guide to web hacking
- G0tmi1k
- A good guide on things like DVWA (Damn Vulnerable Web Appliion) to Brute Forcing, and more. Is a bit all over the place though, not a straight-forward path to anything, just a collection of different methods and vulnerabilities to add to your toolkit. But what is there is extremely in-depth and well written.
- FuzzySecurity
- An extremely in-depth guide to Windows Enumeration.
- Nmap Manual
- Nmap’s very own guide to using Nmap. Is extremely in-depth and a great reference for learning about the program at length.
- Explain Shell
- Input a Linux/Unix command into the terminal and it gives you a very easy-to-read and well explained break down of what that command is, what it does, and how it works. It even can tell you what a command does for a tool, like Nmap!
I have learned a lot from each of these links, from understanding web site vulnerabilities, to enumerating a host. These have been amazing resources to have.