awesome-social-engineering
Social Engineering Resources
A curated list of resources and tools for cybersecurity professionals to learn and practice social engineering tactics in a controlled environment.
A curated list of awesome social engineering resources.
3k stars
108 watching
390 forks
last commit: over 2 years ago
Linked from 1 awesome list
awesome-listinfosecosintpsychologysocial-engineering
Capture the Flag | |||
| Social-Engineer.com - DEFCON SECTF | |||
Tools | |||
| Tor | The free software for enabling onion routing online anonymity | ||
| SET | 11,136 | about 1 year ago | The Social-Engineer Toolkit from TrustedSec |
| Gophish | Open-Source Phishing Framework | ||
| King Phisher | 2,294 | over 1 year ago | Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content |
| wifiphisher | 13,388 | almost 2 years ago | Automated phishing attacks against Wi-Fi networks |
| PhishingFrenzy | Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns | ||
| Evilginx2 | 11,084 | about 1 year ago | MITM attack framework used for phishing credentials and session cookies from any Web service |
| Lucy Phishing Server | (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness | ||
Miscellaneous / Slides | |||
| OWASP Presentation of Social Engineering | OWASP | ||
| Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter | Defcon 23 | ||
| Using Social Engineering Tactics For Big Data Espionage | RSA Conference Europe 2012 | ||
Miscellaneous / Videos | |||
| Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word | |||
| Robert Anderson - US Interrogation Techniques and Social Engineering | |||
| Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing | |||
| Chris Hadnagy - Social Engineering for Fun and Profit | |||
| Chris Hadnagy - Decoding humans live | DerbyCon 2015 | ||
| This is how hackers hack you using simple social engineering | |||
Miscellaneous / Articles | |||
| The Limits of Social Engineering | MIT, Technology Review | ||
| The 7 Best Social Engineering Attacks Ever | DarkReading | ||
| Social Engineering: Compromising Users with an Office Document | Infosec Institute | ||
| The Persuasion Reading List | Scott Adams' Blog | ||
| How I Socially Engineer Myself Into High Security Facilities | Sophie Daniel | ||
Miscellaneous / Movies | |||
| Tiger Team (TV series) | |||
| Catch Me If You Can | |||
| Inception | |||
| The Sting | |||
| Sneakers | |||
OSINT | |||
| Awesome OSINT | 19,410 | 11 months ago | Awesome list of OSINT |
| OSINT Framework | Collection of various OSInt tools broken out by category | ||
| NetBootcamp OSINT Tools | A collection of OSINT links and custom Web interfaces to other services such as and | ||
| Automating OSINT blog | A blog about OSINT curated by Justin Seitz, the same author of BHP | ||
| XRay | 2,211 | over 1 year ago | XRay is a tool for recon, mapping and OSINT gathering from public networks |
| Buscador | A Linux Virtual Machine that is pre-configured for online investigators | ||
| Maltego | Proprietary software for open source intelligence and forensics, from Paterva | ||
| theHarvester | 11,612 | 11 months ago | E-mail, subdomain and people names harvester |
| creepy | 1,285 | almost 10 years ago | A geolocation OSINT tool |
| exiftool.rb | 72 | about 1 year ago | A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files |
| metagoofil | 1,050 | over 1 year ago | Metadata harvester |
| Google Hacking Database | a database of Google dorks; can be used for recon | ||
| Google-Dorks | 45 | almost 10 years ago | Common google dorks and others you prolly don't know |
| GooDork | 134 | over 12 years ago | Command line go0gle dorking tool |
| dork-cli | 145 | over 8 years ago | Command-line Google dork tool |
| Shodan | Shodan is the world's first search engine for Internet-connected devices | ||
| recon-ng | A full-featured Web Reconnaissance framework written in Python | ||
| github-dorks | 2,842 | almost 2 years ago | CLI tool to scan github repos/organizations for potential sensitive information leak |
| vcsmap | 138 | about 4 years ago | A plugin-based tool to scan public version control systems for sensitive information |
| Spiderfoot | multi-source OSINT automation tool with a Web UI and report visualizations | ||
| DataSploit | 3,049 | over 5 years ago | OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes |
| snitch | 375 | over 3 years ago | information gathering via dorks |
| Geotweet_GUI | 119 | almost 9 years ago | Track geographical locations of tweets and then export to google maps |
cugu/awesome-forensics
redhuntlabs/redhunt-os
sundowndev/hacker-roadmap
zbetcheckin/security_list
cybersecsi/raudi
rmusser01/infosec_reference
intrigueio/intrigue-core
gorhill/ublock
crowdsecurity/crowdsec
dgtlmoon/changedetection.io
wireservice/csvkit
bibanon/tubeup
finos/perspective
alexta69/metube
novitae/sterraxcyl