awesome-social-engineering
Social Engineering Resources
A curated list of resources and tools for cybersecurity professionals to learn and practice social engineering tactics in a controlled environment.
A curated list of awesome social engineering resources.
3k stars
107 watching
389 forks
last commit: over 1 year ago
Linked from 1 awesome list
awesome-listinfosecosintpsychologysocial-engineering
Capture the Flag | |||
Social-Engineer.com - DEFCON SECTF | |||
Tools | |||
Tor | The free software for enabling onion routing online anonymity | ||
SET | 11,000 | about 1 month ago | The Social-Engineer Toolkit from TrustedSec |
Gophish | Open-Source Phishing Framework | ||
King Phisher | 2,269 | 4 months ago | Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content |
wifiphisher | 13,314 | 11 months ago | Automated phishing attacks against Wi-Fi networks |
PhishingFrenzy | Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns | ||
Evilginx2 | 10,924 | 3 months ago | MITM attack framework used for phishing credentials and session cookies from any Web service |
Lucy Phishing Server | (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness | ||
Miscellaneous / Slides | |||
OWASP Presentation of Social Engineering | OWASP | ||
Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter | Defcon 23 | ||
Using Social Engineering Tactics For Big Data Espionage | RSA Conference Europe 2012 | ||
Miscellaneous / Videos | |||
Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word | |||
Robert Anderson - US Interrogation Techniques and Social Engineering | |||
Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing | |||
Chris Hadnagy - Social Engineering for Fun and Profit | |||
Chris Hadnagy - Decoding humans live | DerbyCon 2015 | ||
This is how hackers hack you using simple social engineering | |||
Miscellaneous / Articles | |||
The Limits of Social Engineering | MIT, Technology Review | ||
The 7 Best Social Engineering Attacks Ever | DarkReading | ||
Social Engineering: Compromising Users with an Office Document | Infosec Institute | ||
The Persuasion Reading List | Scott Adams' Blog | ||
How I Socially Engineer Myself Into High Security Facilities | Sophie Daniel | ||
Miscellaneous / Movies | |||
Tiger Team (TV series) | |||
Catch Me If You Can | |||
Inception | |||
The Sting | |||
Sneakers | |||
OSINT | |||
Awesome OSINT | 19,100 | 12 days ago | Awesome list of OSINT |
OSINT Framework | Collection of various OSInt tools broken out by category | ||
NetBootcamp OSINT Tools | A collection of OSINT links and custom Web interfaces to other services such as and | ||
Automating OSINT blog | A blog about OSINT curated by Justin Seitz, the same author of BHP | ||
XRay | 2,206 | 4 months ago | XRay is a tool for recon, mapping and OSINT gathering from public networks |
Buscador | A Linux Virtual Machine that is pre-configured for online investigators | ||
Maltego | Proprietary software for open source intelligence and forensics, from Paterva | ||
theHarvester | 11,464 | 4 days ago | E-mail, subdomain and people names harvester |
creepy | 1,278 | almost 9 years ago | A geolocation OSINT tool |
exiftool.rb | 71 | about 1 month ago | A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files |
metagoofil | 1,028 | 8 months ago | Metadata harvester |
Google Hacking Database | a database of Google dorks; can be used for recon | ||
Google-Dorks | 45 | about 9 years ago | Common google dorks and others you prolly don't know |
GooDork | 132 | over 11 years ago | Command line go0gle dorking tool |
dork-cli | 144 | over 7 years ago | Command-line Google dork tool |
Shodan | Shodan is the world's first search engine for Internet-connected devices | ||
recon-ng | A full-featured Web Reconnaissance framework written in Python | ||
github-dorks | 2,824 | 11 months ago | CLI tool to scan github repos/organizations for potential sensitive information leak |
vcsmap | 137 | about 3 years ago | A plugin-based tool to scan public version control systems for sensitive information |
Spiderfoot | multi-source OSINT automation tool with a Web UI and report visualizations | ||
DataSploit | 3,032 | over 4 years ago | OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes |
snitch | 373 | over 2 years ago | information gathering via dorks |
Geotweet_GUI | 118 | about 8 years ago | Track geographical locations of tweets and then export to google maps |