awesome-social-engineering

Social Engineering Resources

A curated list of resources and tools for cybersecurity professionals to learn and practice social engineering tactics in a controlled environment.

A curated list of awesome social engineering resources.

GitHub

3k stars
107 watching
389 forks
last commit: over 1 year ago
Linked from 1 awesome list

awesome-listinfosecosintpsychologysocial-engineering

Capture the Flag

Social-Engineer.com - DEFCON SECTF

Tools

Tor The free software for enabling onion routing online anonymity
SET 11,000 about 1 month ago The Social-Engineer Toolkit from TrustedSec
Gophish Open-Source Phishing Framework
King Phisher 2,269 4 months ago Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content
wifiphisher 13,314 11 months ago Automated phishing attacks against Wi-Fi networks
PhishingFrenzy Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns
Evilginx2 10,924 3 months ago MITM attack framework used for phishing credentials and session cookies from any Web service
Lucy Phishing Server (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness

Miscellaneous / Slides

OWASP Presentation of Social Engineering OWASP
Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter Defcon 23
Using Social Engineering Tactics For Big Data Espionage RSA Conference Europe 2012

Miscellaneous / Videos

Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word
Robert Anderson - US Interrogation Techniques and Social Engineering
Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing
Chris Hadnagy - Social Engineering for Fun and Profit
Chris Hadnagy - Decoding humans live DerbyCon 2015
This is how hackers hack you using simple social engineering

Miscellaneous / Articles

The Limits of Social Engineering MIT, Technology Review
The 7 Best Social Engineering Attacks Ever DarkReading
Social Engineering: Compromising Users with an Office Document Infosec Institute
The Persuasion Reading List Scott Adams' Blog
How I Socially Engineer Myself Into High Security Facilities Sophie Daniel

Miscellaneous / Movies

Tiger Team (TV series)
Catch Me If You Can
Inception
The Sting
Sneakers

OSINT

Awesome OSINT 19,100 12 days ago Awesome list of OSINT
OSINT Framework Collection of various OSInt tools broken out by category
NetBootcamp OSINT Tools A collection of OSINT links and custom Web interfaces to other services such as and
Automating OSINT blog A blog about OSINT curated by Justin Seitz, the same author of BHP
XRay 2,206 4 months ago XRay is a tool for recon, mapping and OSINT gathering from public networks
Buscador A Linux Virtual Machine that is pre-configured for online investigators
Maltego Proprietary software for open source intelligence and forensics, from Paterva
theHarvester 11,464 4 days ago E-mail, subdomain and people names harvester
creepy 1,278 almost 9 years ago A geolocation OSINT tool
exiftool.rb 71 about 1 month ago A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files
metagoofil 1,028 8 months ago Metadata harvester
Google Hacking Database a database of Google dorks; can be used for recon
Google-Dorks 45 about 9 years ago Common google dorks and others you prolly don't know
GooDork 132 over 11 years ago Command line go0gle dorking tool
dork-cli 144 over 7 years ago Command-line Google dork tool
Shodan Shodan is the world's first search engine for Internet-connected devices
recon-ng A full-featured Web Reconnaissance framework written in Python
github-dorks 2,824 11 months ago CLI tool to scan github repos/organizations for potential sensitive information leak
vcsmap 137 about 3 years ago A plugin-based tool to scan public version control systems for sensitive information
Spiderfoot multi-source OSINT automation tool with a Web UI and report visualizations
DataSploit 3,032 over 4 years ago OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes
snitch 373 over 2 years ago information gathering via dorks
Geotweet_GUI 118 about 8 years ago Track geographical locations of tweets and then export to google maps

Backlinks from these awesome lists:

More related projects: