The Toolshed!
Frameworks
Kali Linux – https://www.kali.org/
This Debian-based Linux Distro is the X Hat’s Dream! Chock full of tools for hacking delights. For example, Kali Linux has the Metasploit framework installed and ready to rock.
Metasploit – https://www.metasploit.com/
This is an advanced hacker framework. It has the latest scanning and exploits with predefined settings and databases. This is often considered the premier pentester framework. This is pre-built into Kali Linux – helping to make that distro so popular.
Reconnaissance/Scanning Tools
ClearanceJobs – https://www.clearancejobs.com
dig – Linux OS – DNS lookups
dnsrecon – https://github.com/darkoperator/dnsrecon
A powerful script for DNS enumeration
host – Linux OS – DNS operations
fping
Handy for ping sweeps; built right in to Kali
Facebook – https://facebook.com
LinkedIn – https://linkedin.com
masscan – https://github.com/robertdavidgraham/masscan
This is a port scanner with many of the same features as nmap
MegaPing – https://magnetosoft.com/product-megaping
This is very similar to fping, but offers a GUI as it is Windows-based
nmap/zenmap – nmap.org
“Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform free and open-source application that aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows the interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.
nslookup
Multi-platform DNS tool
Twitter – https://twitter.com
USA Jobs – https://www.usajobs.gov/
Vulnerability Resources
Microsoft Security Response Center – https://microsoft.com/msrc
Security Focus – https://bugtraq.securityfocus.com/archive
Hackerstorm – https://hackerstorm.co.uk
National Vulnerability Database – https://nvd.nist.gov
Secunia – https://www.flexera.com/products/software-vulnerability-research/secunia-research
Exploit Database – https://exploit-db.com
Dark Reading – https://www.darkreading.com
Security Magazine – https://www.securitymagazine.com
Common Vulnerability Scoring System – https://first.org/cvss
Common Vulnerabilities and Exposures – https://cve.mitre.org
Security Models
Biba – biba75.pdf (ucdavis.edu)
Bell-La Pedula Model – Bell.pdf (acsac.org)
Clark-Wilson – 06.pdf (ucdavis.edu)
State Machine – Security Architecture and Design/Security Models