Tools & References¶

Comprehensive collection of tools, resources, and references for vulnerability scanning and penetration testing.

Scanning Tools¶

Port Scanners¶

Tool	Description	Link
Nmap	Industry-standard port scanner with NSE	nmap.org
Masscan	Fast mass IP port scanner	GitHub
RustScan	Modern, fast port scanner	GitHub
Angry IP Scanner	GUI-based network scanner	angryip.org

Vulnerability Scanners¶

Tool	Type	Link
Nessus	Commercial/Free (Essentials)	tenable.com
OpenVAS/GVM	Open-source (Free)	greenbone.net
Nikto	Web server scanner	cirt.net
Nuclei	Fast vulnerability scanner	GitHub
Trivy	Container/Infrastructure scanner	GitHub

Web Application Scanners¶

Tool	Description	Link
Burp Suite	Web security testing	portswigger.net
OWASP ZAP	Open-source web app scanner	zaproxy.org
Nikto	Web server scanner	GitHub
WPScan	WordPress vulnerability scanner	wpscan.com

Vulnerability Databases¶

CVE Resources¶

Database	Description	URL
NVD	National Vulnerability Database	nvd.nist.gov
CVE	Common Vulnerabilities and Exposures	cve.mitre.org
Vulners	Vulnerability database with search	vulners.com
Exploit-DB	Exploits and vulnerabilities	exploit-db.com
CVE Details	CVE security database	cvedetails.com

Exploit Databases¶

Resource	Description	Link
Exploit-DB	Public exploit database	exploit-db.com
Packet Storm	Security tools and exploits	packetstormsecurity.com
GitHub Security	Security advisories	github.com/advisories
Vulmon	Vulnerability intelligence	vulmon.com

Documentation & Guides¶

Official Documentation¶

Nmap Book - Comprehensive Nmap guide
NSE Documentation - Nmap Scripting Engine docs
Nessus Docs - Official Nessus documentation
Tenable University - Free Nessus training
OWASP Testing Guide - Web security testing

Learning Resources¶

Resource	Type	Link
OffSec Training	Official OSCP prep	offsec.com
Hack The Box Academy	Structured learning	academy.hackthebox.com
TryHackMe	Guided learning paths	tryhackme.com
PentesterLab	Web pentesting	pentesterlab.com
Cybrary	Video courses	cybrary.it

Certification Paths¶

Offensive Security¶

Certification	Focus	Difficulty
OSCP	Penetration testing	Intermediate
OSWE	Web application	Advanced
OSEP	Evasion techniques	Advanced
OSED	Exploit development	Expert
OSMR	Malware reverse engineering	Expert

Other Certifications¶

CEH (Certified Ethical Hacker)
GPEN (GIAC Penetration Tester)
eCPPT (eLearnSecurity Certified Professional Penetration Tester)
PNPT (Practical Network Penetration Tester)

Essential Tools Collection¶

Reconnaissance¶

# Network discovery
nmap, masscan, rustscan

# DNS enumeration
dnsrecon, dnsenum, fierce

# Subdomain enumeration
sublist3r, amass, subfinder

# Web discovery
gobuster, ffuf, dirb, dirbuster

Exploitation¶

# Exploit frameworks
metasploit, searchsploit

# Privilege escalation
linpeas, winpeas, linux-exploit-suggester

# Password attacks
hydra, medusa, john, hashcat

# Post-exploitation
mimikatz, bloodhound, powersploit

Analysis¶

# Packet analysis
wireshark, tcpdump, tshark

# Binary analysis
ghidra, ida, radare2

# Web analysis
burp suite, zap, sqlmap

# Forensics
volatility, autopsy, sleuthkit

Useful Command Snippets¶

Nmap Automation¶

#!/bin/bash
# Full scan automation script
TARGET=$1
OUTPUT_DIR="scans/$(date +%Y%m%d)_${TARGET}"
mkdir -p $OUTPUT_DIR

echo "[*] Starting comprehensive scan of $TARGET"
echo "[*] Output directory: $OUTPUT_DIR"

# Quick port scan
echo "[*] Phase 1: Quick port discovery"
sudo nmap -sS -p- --min-rate 5000 $TARGET -oA $OUTPUT_DIR/quick_scan

# Service detection
echo "[*] Phase 2: Service detection"
PORTS=$(grep open $OUTPUT_DIR/quick_scan.nmap | cut -d'/' -f1 | tr '\n' ',' | sed 's/,$//')
sudo nmap -sV -sC -p$PORTS $TARGET -oA $OUTPUT_DIR/service_scan

# Vulnerability scan
echo "[*] Phase 3: Vulnerability detection"
sudo nmap -sV --script "vuln" -p$PORTS $TARGET -oA $OUTPUT_DIR/vuln_scan

echo "[+] Scan complete! Results in $OUTPUT_DIR"

Vulnerability Search¶

# Search exploits
searchsploit <service_name>
searchsploit -m <exploit_id>

# Update exploit database
searchsploit -u

# Search with CVE
searchsploit CVE-2021-41773

# Copy exploit to current directory
searchsploit -m exploits/linux/remote/12345.py

Mobile & API Security¶

Mobile Tools¶

MobSF - Mobile Security Framework
Frida - Dynamic instrumentation
Objection - Mobile exploration toolkit
APKTool - Android APK reverse engineering

API Testing¶

Postman - API development/testing
Insomnia - API client
HTTPie - Command-line HTTP client
Arjun - HTTP parameter discovery

Reporting Tools¶

Report Generation¶

Tool	Description	Link
Dradis	Collaboration and reporting	dradisframework.com
Faraday	Collaborative penetration test	faradaysec.com
Serpico	Penetration testing report	GitHub
PwnDoc	Pentest reporting application	GitHub

Documentation¶

CherryTree - Hierarchical note-taking
Obsidian - Knowledge management
Notion - All-in-one workspace
Markdown - Plain text formatting

OSCP Resources¶

Preparation Materials¶

TJ Null's OSCP List - HTB/VulnHub boxes
NetSecFocus Trophy Room - OSCP-like machines
Proving Grounds - Official OffSec practice
OSCP Exam Guide - Official exam guide

Study Plans¶

Month 1-2: HTB Easy boxes, basic concepts
Month 3-4: HTB Medium boxes, intermediate techniques
Month 5: OSCP lab time, hard boxes
Month 6: Buffer overflows, exam prep

Community Resources¶

Forums & Communities¶

Reddit r/oscp - OSCP community
Reddit r/netsec - Network security
HTB Forums - HTB discussions
OffSec Discord - Official OffSec server
InfoSec Twitter - Security researchers

YouTube Channels¶

IppSec - HTB walkthroughs
John Hammond - Security tutorials
LiveOverflow - Binary exploitation
The Cyber Mentor - Pentesting tutorials
HackerSploit - Security tools

Cheat Sheets¶

Quick References¶

HackTricks - Pentesting techniques
PayloadsAllTheThings - Payload collection
RTFM - Red team field manual
PentestMonkey - Reverse shell cheatsheet
GTFOBins - Unix binaries exploit

Command Cheat Sheets¶

Download these for quick reference:

# Nmap cheat sheet
wget https://nmap.org/docs/nmap-cheatsheet.pdf

# Metasploit unleashed
wget https://www.offensive-security.com/metasploit-unleashed/

# Linux privilege escalation
git clone https://github.com/swisskyrepo/PayloadsAllTheThings

Stay Updated¶

Security News¶

The Hacker News - Daily security news
Krebs on Security - In-depth analysis
Bleeping Computer - Tech & security
Dark Reading - Enterprise security

CVE Alerts¶

CISA Alerts - Government alerts
NVD Data Feeds - CVE feeds
VulnDB - Vulnerability database

Bookmark This Page

Save this resource page for quick access to essential tools and documentation during your penetration testing journey.

Contribute

Found a useful resource not listed here? Submit a pull request to help the community!