Google Chrome Add-ons for Web App Hackers

Google Chrome Add-ons for Web App Hackers

Up until now, there have not been so many Chrome extensions unlike Firefox ones  forWeb App Penetration Testing. Thus, this cannot be a comprehensive list. Help posting your favorite add-ons in the comment section. Thank you.
____________________________________________________________________

RECONNAISSANCE

• Web Technology Notifier
• Wappalyzer 
• Chrome Sniffer (another Wappalyzer;not sniffer by meaning)
• Web Server Notifier
• W3Spy
• Exploit DB latest
• All in one web searcher 
• GHDB 
• Oracle Code Search
• Port Scanner 1
• Port Scanner 2

SESSION MANAGEMENT

• Session Manager 1 
• Session Manager 2 
• Session Buddy
• Edit This Cookie
• cookie.txt export
• Swap my cookie
• Cookie Manager
• Remove cookies for site
• Awesome Cookie Manager
• LWP cookie export

HTTP REQUEST REPLAY

• Dev HTTP Client 
• Simple REST Client
• Advanced REST client Application 
• Request Maker
• Change HTTP Request Header

(SEMI-AUTOMATED) SCANNER

• WebSecurify
• WebSecurify (App)
• Recx Security Analyzer 
• AntiXSS 
• XSS Rays

SCRIPTING/MACROS

• Tampermonkey Beta
• Python Shell
• Python Shell (App) 
• Python Fiddle
• Lua Shell
• iMacros for Chrome 
• Coffee Console (CoffeeScript - http://coffeescript.org/) 
• ChroSh
• jsshell
• Simple Form Filler

HTML/JAVASCRIPTING DEBUGGING

• Developer Tools (Chrome Built-in)
• FireBug
• Web Developer
• JsError
• JSONView
• XPath Helper
• PsychoXPath
• JSON Inspector
• Javascript Object Browser 
• Tryit Editor 
• jQuery Shell
• Javascript Populars 
• ChromeAccess

HTML5 STORAGE

• html5 buddy 
• Local Storage Manager 
• LocalStorage Monitor
• LocalStorage DevTool 

ENCODING/DECODING

• d3coder 
• Encode Data URL
• Picture Encoder
• Advanced Encoder/Decoder
• JavaScript Tools
• JavaScript Compression Tool

CROSS-BROWSER SIMULATION

• Dummy FileSystemObject  
• ActiveX for Chrome
• IE Tab Multi 
• IE Tab
• Mozilla Gecko Tab
• FireMobileSimulator
• User-Agent Switcher for Chrome
• User-Agent Switcher
• Ultimate User Agent Switcher

MISC

• Proxy Switchy
• FoxyProxy
• Forget Me 
• FlashControl
• W3Launcher 
• Angry Code Editor
• Google Project
• Remote Desktop
• FTP Editor 
• SSH jcterm 

EVIDENCE COLLECTION/DOCUMENTATION

• Simple Highlighter  
• Screen Capture
• Quick Notepad
• Quick Markup
• MindMeister 

Source

HTTP Header Abuse Check - test online

HTTP Header Abuse Check 
usagae :- Usage: header_options.php?host=xxxxx.com

url :- http://yehg.net/pentest/header_options.php

example :- http://yehg.net/pentest/header_options.php?host=allinonehack.com

Cross-Site Framing Vulnerability Test

Similar Terms: Cross (Site) Frame Scripting,ClickJacking, UI Redressing, CSS Overlay 
Requested URL is (gonna be) loaded in iframe tag. 

http://yehg.net/pentest/cross_site_framing.php

Source

Cross Site Request Forgery - online test

Cross Site Request Forgery 
Test if your site is vulnerable to Cross Site Request Forgery

http://yehg.net/pentest/cross_site_request_forgery.php

Source

inspathx [Internal Path Disclosure Finder]

inspathx [Internal Path Disclosure Finder]

Description: A tool that uses local source tree to make requests to the url and search for error messages like path inclusion, exception error. It's always been a common problem in PHP web applications that we're hating to see for ever. We hope this tool triggers no path disclosure flaws any more. See our article about path disclosure.

Source and download

JHijackv.02 beta -A simple Java Fuzzer

JHijackv.02 beta

Description: A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration.

Requirement: JRE/JDK 1.4 or above

Demonstrations:    Session Hijacking      BlindSQLInjection      HTTP Form Brute Forcing

Documentation: aldeid.com 

 

Source and Download

 

Joomla! Security/Vulnerability Scanner

Joomla! Security/Vulnerability Scanner
Description: A vulnerability scanner that can detect file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.

Requirements: Perl

The database update is currently taken care by WebCenter Team from Slovenia. You can get update at http://web-center.si/english

 

How to use

 

Source and download

Virtual Hacking Lab

Virtual Hacking Lab

A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.

Virtual Hacking Lab Web Site

Source and download

guide

Learn Ethical Hacking :)

Mobile security testing live environment

This project was a DARPA CFT funded project that is now being released through OWASP. It is focused on providing a live environment for mobile security testing, forensics, reverse engineering and wireless analysis.

Source and download

Matriux is a GNU/Linux, Debian based security distribution

Matriux is a GNU/Linux, Debian based security distribution designed for penetration testing and cyber forensic investigations. It is a distribution designed for security enthusiasts and professionals, can also be used normally as your default OS.


 It is a fully featured security distribution based on Debian consisting of a powerful bunch of more than 300 open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.
With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.

All you need, when you need - tools , must copy ...

Source and credit to Link

All you need, when you need

Anonymous

Anonnews
anonyops communications
anony0ps
anony0ps news
the wiki leaks forum

Blogs

Carnal0wnage
McGrew Security
Blog | GNUCITIZEN
Darknet
spylogic.net
TaoSecurity
Room362.com
SIPVicious
PortSwigger.net
Blog - pentestmonkey.net
Jeremiah Grossman
omg wtf bbq
blog c22.cc
SkullSecurity
Metasploit
Security and Networking
Skeptikal.org
Digital Soapbox
tssci security
Blog - Gotham Digital Science
Reiners Weblog
Bernardo Damele A. G.
Laramies Corner
Attack and Defense Labs
Billy (BK) Rios
Common Exploits
extern blog SensePost;
Weapons of Mass Analysis
Exploit KB
Security Reliks
MadIrish.net
sirdarckcat
Reusable Security
Myne-us
www.notsosecure.com
SpiderLabs Anterior
Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
DigiNinja
Home Of PaulDotCom Security Podcast
Attack Vector
deviating.net
Alpha One Labs
SmashingPasswords.com
wirewatcher
gynvael.coldwind//vx.log
Nullthreat Security
Archangel Amael's BT Tutorials
memset's blog
it has omg security skills
punter-infosec
Security Ninja
Security and risk
GRM n00bs
Kioptrix
::eSploit::
PenTestIT — Your source for Information Security Related information!
Rupesh hack world
anonymous news
anonops communications
technomania
projectX blog
Osmocom BB(track sim cards)
R0gunix
hackerz adda
devils-cafe
Avert labs
beenu arora
Debanshish mandals blog
dark coder Sec home
hacker spaces(labs) around the world

SCADA(supervisory control and data acquisition)exploits videos,white papers

SCADA devices on internet
find vulnerable SCADA systems & exploits
SCADA system vulnerablities to cyber attack
SCADA Security and research tools

Forums

BackTrack Forums
EliteHackers.info
InterN0T forum
Government Security
Hack This Site Forum
iExploit Hacking Forum
Security Override
bright-shadows.net
ethicalhacker.net
sla.ckers.org
anti-online forums

Magazines

(IN)SECURE Magazine
hakin9
the hackernews magazine

Videos

The Hacker News Network
Security Tube
Irongeek -Hacking Illustrated
SecCon Archive
27c3-stream/releases/mkv
YouTube - ChRiStIaAn008's Channel
YouTube - HackingCons's Channel
SQl injection Via XSS

Methodologies

Penetration Testing Framework
The Penetration Testing Execution Standard
Web Application Security Consortium (WASC)
OWASP top 10
social-engineer.org
Owasp mantra penetration testing Browser

OSINT(Open-source intelligence)

Presentations

Enterprise Open Source Intelligence Gathering Part 1 Social Networks spylogic.net
Enterprise Open Source Intelligence Gathering Part 2 Blogs, Message Boards and Metadata spylogic.net
Enterprise Open Source Intelligence Gathering Part 3 Monitoring and Social Media Policies spylogic.net
Tactical Information Gathering
document_metadata_the_silent_killer__32974 (application/pdf Object)
footprinting - passive information gathering before a pentest

People and Organizational

spokeo.com - People Search
123people.com
Spoke.com - Business Directory
Business Network - Social Network for Business Professionals
ZoomInfo
Pipl - People Search
Free People Search by ZabaSearch!
Free People Finder and Company Search | SearchBug
Free People Search
Addictomatic: Inhale the Web
Real Time Search - Social Mention
EntityCube
yasni.com | No. 1 free people search - Find anyone on the web
Tweepz.com - search, find and discover interesting people on twitter
TweepSearch :: Twitter Profile and Bio Search
Glassdoor.com - Company Salaries and Reviews
Jigsaw Business Contact Directory
Full Text Search
TinEye Reverse Image Search
PeekYou
PicFog - Quick Image Search
Twapper Keeper - "We save tweets" - Archive Tweets
White Pages | Email Lookup | People Find Tools at The Ultimates

Infrastructure

Netcraft Uptime Survey
SHODAN - Computer Search Engine
Domain Tools: Whois Lookup and Domain Suggestions
Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger
hackerfantastic
WHOIS and Reverse IP Service
MSN IP Search
SSL Labs - Projects / Public SSL Server Database - SSL Server Test
MyIPNeighbors Reverse IP Lookup
Google Hacking Database, GHDB, Google Dorks
Domain - reports and all about ips, networks and dns
net toolkit::index
IHS | GHDB
Network tools

Exploits and Advisories

The Exploit Database
.:[ packet storm ]:.
SecurityFocus
SecurityForest
NIST
OSVDB: The Open Source Vulnerability Database
SecDocs IT Security and Hacking knowledge base
Nullbyte.Org.IL
CVE security vulnerability database
Secunia.com
CVE - Common Vulnerabilities and Exposures (CVE)
r00t w0rm forums & exploits
exploit packs table
router Pwn

Cheat sheets and Syntax

Big Port DB | Cirt
Cheat Sheet : All Cheat Sheets in one page
Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets

Agile hacking

Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
Command Line Kung Fu
Simple yet effective: Directory Bruteforcing
The Grammar of WMIC
Windows Command-Line Kung Fu with WMIC
Windows CMD Commands
running a command on every mac
Syn: Command-Line Ninjitsu
WMIC, the other OTHER white meat.
Hacking Without Tools: Windows - RST
Pentesting Ninjitsu 1
Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
[PenTester Scripting]
windows-scripting-COM-tricks
Advanced-Command-Exploitation

POS and scripts

IPv4 subnetting reference - Wikipedia, the free encyclopedia
All the Best Linux Cheat Sheets
SHELLdorado - Shell Tips & Tricks (Beginner)
Linux Survival :: Where learning Linux is easy
BashPitfalls - Greg's Wiki
Rubular: a Ruby regular expression editor and tester
port-numbers
Useful commands for Windows administrators
All the Best Linux Cheat Sheets
Basic linux commands - google EDU
My SQL databases basics

Tools

Sh3lls

SourceForge.net: Yokoso!
AJAX/PHP Command Shell
php and asp common shells
ANI-shell

CHEAT SHEETS

netcat cheat sheet (ed skoudis)
nessus/nmap (older)
hping3 cheatsheet
Nmap 5 (new)
MSF, Fgdump, Hping
Metasploit meterpreter cheat sheet reference
Netcat cheat sheet

Anonymity

hide my ass
TOR
free VPN
hot spot sheild
proxy list

Distros

BackTrack Linux
Matriux linux
nUbuntu
Samurai Web Testing Framework
OWASP Live CD Project
Pentoo
Katana
KON-BOOT
Welcome to Linux From Scratch!
SUMO Linux
pentesting packages for ubuntu
BackBox Linux | Flexible Penetration Testing Distribution

Labs

ISO and vmwares

Web Security Dojo
OWASP Broken Web applications Project
Pentest Live CDs
NETinVM
:: moth - Bonsai Information Security ::
Metasploit: Introducing Metasploitable
Holynix pen-test distribution
WackoPico
LAMPSecurity
Hacking-Lab.com LiveCD
Virtual Hacking Lab
Badstore.net
Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
pWnOS
The ButterFly - Security Project

Vulnerable software

Old Version Downloads - OldApps.com
OldVersion.com
Web Application exploits, php exploits, asp exploits
wavsep - Web Application Vulnerability Scanner Evaluation Project
OWASP SiteGenerator - OWASP
Hacme Books | McAfee Free Tools
Hacme Casino v1.0 | McAfee Free Tools
Hacme Shipping | McAfee Free Tools
Hacme Travel | McAfee Free Tools
Damn Vulnerable Web App - DVWA

TEst sites

Test Site
CrackMeBank Investments
http://zero.webappsecurity.com
acutinex asp.net test site
ASP site of acutinex
Home of Acunetix test site(php)
Altoro Mutual
NT OBJECTives

Explotiation intro

Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code
Myne-us: From 0x90 to 0x4c454554, a journey into exploitation.
Past, Present, Future of Windows Exploitation | Abysssec Security Research
Smash the Stack 2010
The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit
x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate
X86 Opcode and Instruction Reference

Reverse engineering and malwares

TiGa's IDA Video Tutorial Site
Binary Auditing
http://visi.kenshoto.com/
radare
Offensive Computing | Community Malicious code research and analysis

Passwords and HAsh3S

Password Exploitation Class
Default Passwords Database
Sinbad Security Blog: MS SQL Server Password Recovery
Foofus Networking Services - Medusa::SMBNT
LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff
MD5 Crackers | Password Recovery | Wordlist Downloads
Password Storage Locations For Popular Windows Applications
Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator
Requested MD5 Hash queue
Virus.Org default passwords
Default Password List
Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR

Wordlists

"Crack Me If You Can" - DEFCON 2011
Packet Storm Word Lists
Passwords - SkullSecurity
Index of /passwd/passwords

Pass the hash

pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
crack-pass-hash_33219 (application/pdf Object)

MitM

Introduction to dsniff - GIAC Certified Student Practical
dsniff-n-mirror.pdf (application/pdf Object)
dsniff.pdf (application/pdf Object)
A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com
ECCE101.pdf (application/pdf Object)
3.pdf (application/pdf Object)
Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
cracking-air.pdf (application/pdf Object)
bh-europe-03-valleri.pdf (application/pdf Object)
Costa.pdf (application/pdf Object)
defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
Live_Hacking.pdf (application/pdf Object)
PasstheParcel-MITMGuide.pdf (application/pdf Object)
2010JohnStrandKeynote.pdf (application/pdf Object)
18.Ettercap_Spoof.pdf (application/pdf Object)
EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
Fun With EtterCap Filters.pdf (application/pdf Object)
The_Magic_of_Ettercap.pdf (application/pdf Object)
arp_spoofing.pdf (application/pdf Object)
Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
ICTSecurity-2004-26.pdf (application/pdf Object)
ettercap_Nov_6_2005-1.pdf (application/pdf Object)
MadIrish.net Mallory is More than a Proxy
Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers

Tools

OSint

Edge-Security - theHarvester- Information Gathering
DNSTRACER man-page
Maltego 3

Metadata

document-metadata-silent-killer_32974 (application/pdf Object)
[strike out]
ExifTool by Phil Harvey
Edge-Security - Metagoofil - Metadata analyzer - Information Gathering
Security and Networking - Blog - Metadata Enumeration with FOCA

Google hacking

Midnight Research Labs - SEAT
Google Hacking Diggity Project Stach & Liu
dorkScan.py

Web

BeEF
BlindElephant Web Application Fingerprinter
XSSer: automatic tool for pentesting XSS attacks against different applications
RIPS | Download RIPS software for free at SourceForge.net
authforce
Attack and Defense Labs - Tools
Browser_Exploitation_for_Fun&Profit
Using sqid (SQL Injection Digger) to look for SQL Injection
pinata-CSRF-tool
XSSer: automatic tool for pentesting XSS attacks against different applications
Clickjacker
unicode-fun.txt Packet Storm
WebService-Attacker
HCON security testing framework

Attack strings

fuzzdb - Project Hosting on Google Code
OWASP Fuzzing Code Database - OWASP

Scanners

w3af - Web Application Attack and Audit Framework
skipfish - Project Hosting on Google Code
sqlmap: automatic SQL injection & database takeover tool
SQID - SQL Injection digger
XSS scanner in python
WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code
fm-fsf - Project Hosting on Google Code
Websecurify
News :: Arachni - Web Application Security Scanner Framework
rfiscan Packet Storm
lfi-rfi2 scanner Packet Storm
inspathx Tool For Finding Path Disclosure Vulnerabilities
DotDotPwn - The Directory Traversal Fuzzer 2.1 Packet Storm

Proxies

Burp proxy

fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)
Constricting the Web: The GDS Burp API - Gotham Digital Science
Browse Belch - Burp External Channel v1.0 Files on SourceForge.net
Burp Suite Tutorial Repeater and Comparer Tools Security Ninja
w3af in burp
Attack and Defense Labs - Tools
burp suite tutorial - English
SensePost - reDuh - HTTP Tunneling Proxy
OWASP WebScarab NG Project - OWASP
Mallory: Transparent TCP and UDP Proxy Intrepidus Group - Insight
Fiddler Web Debugger - A free web debugging tool
Watcher: Web security testing tool and passive vulnerability scanner
X5S
koto/squid-imposter - GitHub

S0cial engineering

Social Engineering Toolkit

Passw0rd

Ncrack
Medusa
Jhon The Ripper
Ophcrack
keimpx in action | 0x3f
keimpx - Project Hosting on Google Code
hashkill
MD5 decrypter/A>

Metasploit

markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb
WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code
markremark: Metasploit Visual Basic Payloads in action
Metasploit Mailing List
PaulDotCom: Archives
OpenSSH-Script for meterpreter available !
Metasploit: Automating the Metasploit Console
561
Deploying Metasploit as a Payload on a Rooted Box Tutorial
Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks
SecTor 2010 - HD Moore - Beyond Exploits on Vimeo
XLSinjector Milo2012's Security Blog

Nsploit
neurosurgery-with-meterpreter
(automating msf) UAV-slides.pdf
Metasploit Unleashed
Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
Metasploit Megaprimer 300+ mins of video
Metasploit Tips and Tricks - Ryan Linn
OffSecOhioChapter, Metasploit Class2 - Part1
OffSecOhioChapter, Metasploit Class2 - Part2
OffSecOhioChapter, Metasploit Class2 - Part3

Nmap scirpting engine

Nmap Scripting Engine Primer Tutorial
NSEDoc Reference Portal

Net Scanners & Scripts

Nmap
sambascan2 - SMB scanner
SoftPerfect Network Scanner
OpenVAS
Nessus Community | Tenable Network Security
Nexpose Community | Rapid7
Retina Community

Post exploitation

http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
Metacab | PHX2600

Netcat

Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com
ads.pdf (application/pdf Object)
Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
netcat_cheat_sheet_v1.pdf (application/pdf Object)
socat
NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World
Netcat tricks Jonathans Techno-tales
Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
Few Useful Netcat Tricks Terminally Incoherent
Skoudis_pentestsecrets.pdf (application/pdf Object)
Cracked, inSecure and Generally Broken: Netcat
Ncat for Netcat Users

Source inspection

Graudit - Just Another Hacker
javasnoop - Project Hosting on Google Code

Useful firefox addons

David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
OSVDB :: Add-ons for Firefox
Packet Storm search plugin. :: Add-ons for Firefox
Default Passwords - CIRT.net :: Add-ons for Firefox
Offsec Exploit-db Search :: Add-ons for Firefox
OVAL repository search plugin :: Add-ons for Firefox
CVE dictionary search plugin :: Add-ons for Firefox
HackBar :: Add-ons for Firefox

Tool listings

.:[ packet storm ]:. - tools
Security and Hacking Tools
Top 125 hacking tools

Training/Classes

Security/hacking

Penetration Testing and Vulnerability Analysis - Home
Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
CNIT 124: Advanced Ethical Hacking -- Sam Bowne
CS 279 - Advanced Topics in Security
CS142 Web Programming and Security - Stanford
CS155 Computer and Network Security - Stanford
CSE 227: Computer Security - UCSD
CS 161: Computer Security - UC Berkley
Security Talks - UCLA
CSCI 4971 Secure Software Principles - RPI
MCS 494 UNIX Security Holes
Software Security - CMU
T-110.6220 Special Topics in Ifocsec -TKK
Sec and Infosec Related - MIT

Programming

Python

Google's Python Class - Google's Python Class - Google Code
Python en:Table of Contents - Notes
TheNewBoston Free Educational Video Tutorials on Computer Programming and More! » Python
Python Videos, Tutorials and Screencasts
Learning Python Programming Language Through Video Lectures - good coders code, great reuse

Ruby

Video Tutorials - Technology Demonstrations - tekniqal.com

Others

CS490 Windows Internals
Lectures - Noppa - TKK
Index of /edu/training/ss/lecture/new-documents/Lectures
InfoSec Resources
Robert Hansen on Vimeo

WEB vectors

SQl injection & tools

MSSQL Injection Cheat Sheet - pentestmonkey.net
SQL Injection Cheat Sheet
EvilSQL Cheatsheet
RSnake SQL Injection Cheatsheet
Mediaservice.net SQLi Cheatsheet
MySQL Injection Cheat Sheet
Full MSSQL Injection PWNage
MS Access SQL Injection Cheat Sheet krazl bloggerholic
MS Access SQL Injection Cheat Sheet
Penetration Testing: Access SQL Injection
Testing for MS Access - OWASP
Security Override - Articles: The Complete Guide to SQL Injections
Obfuscated SQL Injection attacks
Exploiting hard filtered SQL Injections Reiners Weblog
SQL Injection Attack
YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009
Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object)
Joseph McCray SQL Injection
sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion
sqli2.pdf (application/pdf Object)
SQL Server Version - SQLTeam.com
Overlooked SQL Injection 20071021.pdf (application/pdf Object)
SQLInjectionCommentary20071021.pdf (application/pdf Object)
SQLi attack and Defence(application/PDF)

Shell and file upload tricks

bypassing upload file type - Google Search
Skeptikal.org: Adobe Responds... Sort Of
Secure File Upload in PHP Web Applications |INSIC DESIGNS
Stupid htaccess Tricks Perishable Press
Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r
Security FCKeditor ADS File Upload Vulnerability - Windows Only
Cross Site Scripting scanner Free XSS Security Scanner
VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634)
Uploading Files Using the File Field Control
TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project
Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
Cross-site File Upload Attacks | GNUCITIZEN
TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
FileUploadSecurity - SH/SC Wiki

LFI/RFI

http://pastie.org/840199
Exploiting PHP File Inclusion Overview Reiners Weblog
LFI..Code Exec..Remote Root!
Local File Inclusion Tricks of the Trade Neohapsis Labs
Blog, When All You Can Do Is Read - DigiNinja

XSS

The Anatomy of Cross Site Scripting
Whitepapers - www.technicalinfo.net
Cross-Site Scripting (XSS)no script required - Tales from the Crypto
Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training
BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
sirdarckcat: Our Favorite XSS Filters and how to Attack them
Filter Evasion Houdini on the Wire Security Aegis
HTML5 Security Cheatsheet
XSS - Cross Site Scripting
sla.ckers.org web application security forum :: XSS Info
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
What's Possible with XSS?
XSS attacks and Defence

Cold-fusion

ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
Attacking ColdFusion. | Sigurnost i zastita informacija
Attacking ColdFusion
HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub
254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com
Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console

SHarepoint

The Ethical Hacker Network - Pen Testing Sharepoint

Lotus

Lotus Notes/Domino Security - David Robert's -castlebbs- Blog
Penetration Testing: Re: Lotus Notes
Hacking Lotus Domino | SecTechno

Jboss

Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
Minded Security Blog: Good Bye Critical Jboss 0day

Wmware

Metasploit Penetration Testing Framework - Module Browser

Oracle

hideaway [dot] net: Hacking Oracle Application Servers
Testing for Oracle - OWASP
OraScan
NGSSQuirreL for Oracle
hpoas.pdf (application/pdf Object)

SAP

Onapsis | Research Labs
'[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC
Phenoelit SAP exploits

Wireless hacks

pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting

CApture flag/WAR games

http://intruded.net/
SmashTheStack Wargaming Network
flack & hkpco.kr
HC's Capture the Flag site
The UCSB iCTF
CTF Calendar

Conferences

Information Security Conferences Calnedar(all in one)

Misc/unsorted

Low orbit ion cannon (mass DDOSer)
IRON browser(hackers browser)
XSS
XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog
What The Fuck Is My Information Security Strategy?
OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4
DeepSec 2007 - Aaron Portnoy Cody Pierce - RPC Auditing Tools and Techniques
extern blog SensePost;
Zen One: PCI Compliance - Disable SSLv2 and Weak Ciphers
HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost
Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com
black-box-scanners-dimva2010.pdf (application/pdf Object)
Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object)
Stupid htaccess Tricks Perishable Press