Update render script and Makefile

terminal/pentest

@@ -1,12 +1,12 @@
-                                                          Awesome Penetration Testing !Awesome (https://awesome.re/badge-flat2.svg) (https://awesome.re)
+                                                Awesome Penetration Testing !Awesome (https://awesome.re/badge-flat2.svg) (https://awesome.re)
 
 ▐ A collection of awesome penetration testing and offensive cybersecurity resources.
 
-Penetration testing (https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential 
-security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance (https://kb.cert.org/vuls/guidance/) to report it responsibly.
+Penetration testing (https://en.wikipedia.org/wiki/Penetration_test) is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to 
+expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance (https://kb.cert.org/vuls/guidance/) to report it responsibly.
 
-Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines (CONTRIBUTING.md) for more details. This work is licensed under a Creative Commons Attribution 4.0 
-International License (https://creativecommons.org/licenses/by/4.0/).
+Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines (CONTRIBUTING.md) for more details. This work is licensed under a Creative Commons 
+Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/).
 
 This project is supported by Netsparker Web Application Security Scanner
  (https://www.netsparker.com/?utm_source=github.com&utm_content=awesome+penetration+testing&utm_medium=referral&utm_campaign=generic+advert)
@@ -98,7 +98,8 @@
 Android Utilities
 
 ⟡ cSploit (https://www.csploit.org/) - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
-⟡ Fing (https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
+⟡ Fing
+ (https://www.fing.com/products/fing-app/) - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.
 
 Anonymity Tools
 
@@ -119,7 +120,8 @@
 
 Anti-virus Evasion Tools
 
-⟡ AntiVirus Evasion Tool (AVET) (https://github.com/govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
+⟡ AntiVirus Evasion Tool (AVET)
+ (https://github.com/govolution/avet) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
 ⟡ CarbonCopy (https://github.com/paranoidninja/CarbonCopy) - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
 ⟡ Hyperion (http://nullsecurity.net/tools/binary.html) - Runtime encryptor for 32-bit portable executables ("PE .exes").
 ⟡ Shellter (https://www.shellterproject.com/) - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
@@ -132,8 +134,10 @@
 See also DEF CON Suggested Reading (https://www.defcon.org/html/links/book-list.html).
 
 ⟡ Advanced Penetration Testing by Wil Allsopp, 2017 (https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689/)
-⟡ Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012 (http://www.packtpub.com/networking-and-servers/advanced-penetration-testing-highly-secured-environments-ultimate-security-gu)
-⟡ Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014 (http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
+⟡ Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
+ (http://www.packtpub.com/networking-and-servers/advanced-penetration-testing-highly-secured-environments-ultimate-security-gu)
+⟡ Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
+ (http://www.amazon.com/Advanced-Persistent-Threat-Hacking-Organization/dp/0071828362)
 ⟡ Android Hacker's Handbook by Joshua J. Drake et al., 2014 (http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
 ⟡ BTFM: Blue Team Field Manual by Alan J White & Ben Clark, 2017 (https://www.amazon.de/Blue-Team-Field-Manual-BTFM/dp/154101636X)
 ⟡ Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014 (http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
@@ -177,14 +181,16 @@
 ⟡ CloudHunter (https://github.com/belane/CloudHunter) - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.
 ⟡ Cloudsplaining (https://cloudsplaining.readthedocs.io/) - Identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet.
 ⟡ Endgame (https://endgame.readthedocs.io/) - AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account.
-⟡ GCPBucketBrute (https://github.com/RhinoSecurityLabs/GCPBucketBrute) - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
+⟡ GCPBucketBrute
+ (https://github.com/RhinoSecurityLabs/GCPBucketBrute) - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
 
 Collaboration Tools
 
 ⟡ Dradis (https://dradisframework.com) - Open-source reporting and collaboration tool for IT security professionals.
 ⟡ Hexway Hive (https://hexway.io/hive/) - Commercial collaboration, data aggregation, and reporting framework for red teams with a limited free self-hostable option.
 ⟡ Lair (https://github.com/lair-framework/lair/wiki) - Reactive attack collaboration framework and web application built with meteor.
-⟡ Pentest Collaboration Framework (PCF) (https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
+⟡ Pentest Collaboration Framework (PCF)
+ (https://gitlab.com/invuls/pentest-projects/pcf) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
 ⟡ Reconmap (https://reconmap.com/) - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
 ⟡ RedELK (https://github.com/outflanknl/RedELK) - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.
 
@@ -249,19 +255,23 @@
 
 ⟡ DET (https://github.com/sensepost/DET) - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
 ⟡ Iodine (https://code.kryo.se/iodine/) - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.
-⟡ TrevorC2 (https://github.com/trustedsec/trevorc2) - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
-⟡ dnscat2 (https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
+⟡ TrevorC2
+ (https://github.com/trustedsec/trevorc2) - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.
+⟡ dnscat2
+ (https://github.com/iagox86/dnscat2) - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.
 ⟡ pwnat (https://github.com/samyk/pwnat) - Punches holes in firewalls and NATs.
 ⟡ tgcd (http://tgcd.sourceforge.net/) - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
-⟡ QueenSono (https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).
+⟡ QueenSono (https://github.com/ariary/QueenSono) - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a 
+common case).
 
 Exploit Development Tools
 
 See also Reverse Engineering Tools (#reverse-engineering-tools).
 
-⟡ H26Forge (https://github.com/h26forge/h26forge) - Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.
-⟡ Magic Unicorn (https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake 
-certificates).
+⟡ H26Forge
+ (https://github.com/h26forge/h26forge) - Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.
+⟡ Magic Unicorn (https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil 
+(using fake certificates).
 ⟡ Pwntools (https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.
 ⟡ Wordpress Exploit Framework
  (https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
@@ -269,7 +279,8 @@
 
 File Format Analysis Tools
 
-⟡ ExifTool (https://www.sno.phy.queensu.ca/~phil/exiftool/) - Platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.
+⟡ ExifTool (https://www.sno.phy.queensu.ca/~phil/exiftool/) - Platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide 
+variety of files.
 ⟡ Hachoir (https://hachoir.readthedocs.io/) - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
 ⟡ Kaitai Struct (http://kaitai.io/) - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
 ⟡ peepdf (https://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python tool to explore PDF files in order to find out if the file can be harmful or not.
@@ -344,10 +355,10 @@
 Multi-paradigm Frameworks
 
 ⟡ Armitage (http://fastandeasyhacking.com/) - Java-based GUI front-end for the Metasploit Framework.
-⟡ AutoSploit
- (https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.
-⟡ Decker (https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and 
-using outputs of tools it has run as inputs to others.
+⟡ AutoSploit (https://github.com/NullArray/AutoSploit) - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules
+based on the Shodan query.
+⟡ Decker (https://github.com/stevenaldinger/decker) - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of 
+ingesting variables and using outputs of tools it has run as inputs to others.
 ⟡ Faraday (https://github.com/infobyte/faraday) - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
 ⟡ Metasploit (https://www.metasploit.com/) - Software for offensive security teams to help verify vulnerabilities and manage security assessments.
 ⟡ Pupy (https://github.com/n1nj4sec/pupy) - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.
@@ -359,17 +370,19 @@
 ⟡ Intercepter-NG (http://sniff.su/) - Multifunctional network toolkit.
 ⟡ Legion (https://github.com/GoVanguard/legion) - Graphical semi-automated discovery and reconnaissance framework based on Python 3  and forked from SPARTA.
 ⟡ Network-Tools.com (http://network-tools.com/) - Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
-⟡ Ncrack
- (https://nmap.org/ncrack/) - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
+⟡ Ncrack (https://nmap.org/ncrack/) - High-speed network authentication cracking tool built to help companies secure their networks by proactively testing all their hosts and networking 
+devices for poor passwords.
 ⟡ Praeda (http://h.foofus.net/?page_id=218) - Automated multi-function printer data harvester for gathering usable data during security assessments.
 ⟡ Printer Exploitation Toolkit (PRET)
  (https://github.com/RUB-NDS/PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
 ⟡ SPARTA (https://sparta.secforce.com/) - Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
-⟡ SigPloit
- (https://github.com/SigPloiter/SigPloit) - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.
+⟡ SigPloit (https://github.com/SigPloiter/SigPloit) - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in 
+mobile (cellular phone) operators.
 ⟡ Smart Install Exploitation Tool (SIET) (https://github.com/Sab0tag3d/SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.
-⟡ THC Hydra (https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
-⟡ Tsunami (https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
+⟡ THC Hydra (https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, 
+IMAP, VNC, and more.
+⟡ Tsunami (https://github.com/google/tsunami-security-scanner) - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with 
+high confidence.
 ⟡ Zarp (https://github.com/hatRiot/zarp) - Network attack tool centered around the exploitation of local networks.
 ⟡ dnstwist (https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
 ⟡ dsniff (https://www.monkey.org/~dugsong/dsniff/) - Collection of tools for network auditing and pentesting.
@@ -387,8 +400,8 @@
 ⟡ Memcrashed (https://github.com/649/Memcrashed-DDoS-Exploit) - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.
 ⟡ SlowLoris (https://github.com/gkbrk/slowloris) - DoS tool that uses low bandwidth on the attacking side.
 ⟡ T50 (https://gitlab.com/fredericopissarra/t50/) - Faster network stress tool.
-⟡ UFONet (https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion
-techniques, etc.
+⟡ UFONet (https://github.com/epsylon/ufonet) - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing 
+methods, cache evasion techniques, etc.
 
 Network Reconnaissance Tools
 
@@ -397,17 +410,19 @@
 ⟡ CloudFail (https://github.com/m0rtem/CloudFail) - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
 ⟡ DNSDumpster (https://dnsdumpster.com/) - Online DNS recon and search service.
 ⟡ Mass Scan (https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
-⟡ OWASP Amass (https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
-⟡ ScanCannon (https://github.com/johnnyxmas/ScanCannon) - POSIX-compliant BASH script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the 
-systems/services on those ports.
+⟡ OWASP Amass
+ (https://github.com/OWASP/Amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
+⟡ ScanCannon (https://github.com/johnnyxmas/ScanCannon) - POSIX-compliant BASH script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to 
+gain details on the systems/services on those ports.
 ⟡ XRay (https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
-⟡ dnsenum (https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse 
-look-ups on the results.
+⟡ dnsenum (https://github.com/fwaeytens/dnsenum/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and 
+then performs reverse look-ups on the results.
 ⟡ dnsmap (https://github.com/makefu/dnsmap/) - Passive DNS network mapper.
 ⟡ dnsrecon (https://github.com/darkoperator/dnsrecon/) - DNS enumeration script.
 ⟡ dnstracer (http://www.mavetju.org/unix/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
 ⟡ fierce (https://github.com/mschwager/fierce) - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.
-⟡ netdiscover (https://github.com/netdiscover-scanner/netdiscover) - Network address discovery scanner, based on ARP sweeps, developed mainly for those wireless networks without a DHCP server.
+⟡ netdiscover
+ (https://github.com/netdiscover-scanner/netdiscover) - Network address discovery scanner, based on ARP sweeps, developed mainly for those wireless networks without a DHCP server.
 ⟡ nmap (https://nmap.org/) - Free security scanner for network exploration & security audits.
 ⟡ passivedns-client (https://github.com/chrislee35/passivedns-client) - Library and query tool for querying several passive DNS providers.
 ⟡ passivedns (https://github.com/gamelinux/passivedns) - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
@@ -433,8 +448,8 @@
 
 ⟡ TraceWrangler (https://www.tracewrangler.com/) - Network capture file toolkit that can edit and merge pcap or pcapng files with batch editing features.
 ⟡ WireEdit (https://wireedit.com/) - Full stack WYSIWYG pcap editor (requires a free license to edit packets).
-⟡ bittwist (http://bittwist.sourceforge.net/) - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and IPS, and 
-troubleshooting various network problems.
+⟡ bittwist (http://bittwist.sourceforge.net/) - Simple yet powerful libpcap-based Ethernet packet generator useful in simulating networking traffic or scenario, testing firewall, IDS, and 
+IPS, and troubleshooting various network problems.
 ⟡ hping3 (https://github.com/antirez/hping) - Network tool able to send custom TCP/IP packets.
 ⟡ pig (https://github.com/rafael-santiago/pig) - GNU/Linux packet crafting tool.
 ⟡ scapy (https://github.com/secdev/scapy) - Python-based interactive packet manipulation program and library.
@@ -455,14 +470,16 @@
 ⟡ evilgrade (https://github.com/infobyte/evilgrade) - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
 ⟡ mallory (https://github.com/justmao945/mallory) - HTTP/HTTPS proxy over SSH.
 ⟡ oregano (https://github.com/nametoolong/oregano) - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.
-⟡ sylkie (https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
+⟡ sylkie (https://dlrobertson.github.io/sylkie/) - Command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor 
+Discovery Protocol.
 ⟡ PETEP (https://github.com/Warxim/petep) - Extensible TCP/UDP proxy with GUI for traffic analysis & modification with SSL/TLS support.
 
 Transport Layer Security Tools
 
 ⟡ SSLyze (https://github.com/nabla-c0d3/sslyze) - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.
 ⟡ crackpkcs12 (https://github.com/crackpkcs12/crackpkcs12) - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.
-⟡ testssl.sh (https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
+⟡ testssl.sh
+ (https://github.com/drwetter/testssl.sh) - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
 ⟡ tls_prober (https://github.com/WestpointLtd/tls_prober) - Fingerprint a server's SSL/TLS implementation.
 
 Wireless Network Tools
@@ -482,13 +499,15 @@
 ⟡ Wifite (https://github.com/derv82/wifite) - Automated wireless attack tool.
 ⟡ infernal-twin (https://github.com/entropy1337/infernal-twin) - Automated wireless hacking tool.
 ⟡ krackattacks-scripts (https://github.com/vanhoefm/krackattacks-scripts) - WPA2 Krack attack scripts.
-⟡ pwnagotchi (https://github.com/evilsocket/pwnagotchi) - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA key material captured.
+⟡ pwnagotchi (https://github.com/evilsocket/pwnagotchi) - Deep reinforcement learning based AI that learns from the Wi-Fi environment and instruments BetterCAP in order to maximize the WPA 
+key material captured.
 ⟡ wifi-arsenal (https://github.com/0x90/wifi-arsenal) - Resources for Wi-Fi Pentesting.
 
 Network Vulnerability Scanners
 
 ⟡ celerystalk (https://github.com/sethsec/celerystalk) - Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
-⟡ kube-hunter (https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
+⟡ kube-hunter (https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or 
+inside a cluster.
 ⟡ Nessus (https://www.tenable.com/products/nessus-vulnerability-scanner) - Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
 ⟡ Netsparker Application Security Scanner (https://www.netsparker.com/pricing/) - Application security scanner to automatically find security flaws.
 ⟡ Nexpose (https://www.rapid7.com/products/nexpose/) - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
@@ -506,7 +525,8 @@
 ⟡ WPScan (https://wpscan.org/) - Black box WordPress vulnerability scanner.
 ⟡ Wapiti (http://wapiti.sourceforge.net/) - Black box web application vulnerability scanner with built-in fuzzer.
 ⟡ WebReaver (https://www.webreaver.com/) - Commercial, graphical web application vulnerability scanner designed for macOS.
-⟡ cms-explorer (https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
+⟡ cms-explorer
+ (https://code.google.com/archive/p/cms-explorer/) - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
 ⟡ joomscan (https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla vulnerability scanner.
 ⟡ skipfish (https://www.kali.org/tools/skipfish/) - Performant and adaptable active web application security reconnaissance tool.
 ⟡ w3af (https://github.com/andresriancho/w3af) - Web application attack and audit framework.
@@ -515,7 +535,8 @@
 
 Online Operating Systems Resources
 
-⟡ DistroWatch.com's Security Category (https://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
+⟡ DistroWatch.com's Security Category
+ (https://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
 
 Online Penetration Testing Resources
 
@@ -524,9 +545,10 @@
 ⟡ Open Web Application Security Project (OWASP)
  (https://www.owasp.org/index.php/Main_Page) - Worldwide not-for-profit charitable organization focused on improving the security of especially Web-based and Application-layer software.
 ⟡ PENTEST-WIKI (https://github.com/nixawk/pentest-wiki) - Free online security knowledge library for pentesters and researchers.
-⟡ Penetration Testing Execution Standard (PTES) (http://www.pentest-standard.org/) - Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
-⟡ Penetration Testing Framework (PTF)
- (http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by vulnerability analysts and penetration testers alike.
+⟡ Penetration Testing Execution Standard (PTES)
+ (http://www.pentest-standard.org/) - Documentation designed to provide a common language and scope for performing and reporting the results of a penetration test.
+⟡ Penetration Testing Framework (PTF) (http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) - Outline for performing penetration tests compiled as a general framework usable by 
+vulnerability analysts and penetration testers alike.
 ⟡ XSS-Payloads (http://www.xss-payloads.com) - Resource dedicated to all things XSS (cross-site), including payloads, tools, games, and documentation.
 
 Other Lists Online
@@ -566,14 +588,17 @@
 ⟡ SecTools (http://sectools.org/) - Top 125 Network Security Tools.
 ⟡ Security Talks (https://github.com/PaulSec/awesome-sec-talks) - Curated list of security conferences.
 ⟡ Security (https://github.com/sbilly/awesome-security) - Software, libraries, documents, and other resources.
-⟡ Serverless Security (https://github.com/puresec/awesome-serverless-security/) - Curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers.
+⟡ Serverless Security
+ (https://github.com/puresec/awesome-serverless-security/) - Curated list of awesome serverless security resources such as (e)books, articles, whitepapers, blogs and research papers.
 ⟡ Shell Scripting (https://github.com/alebcay/awesome-shell) - Command line frameworks, toolkits, guides and gizmos.
 ⟡ YARA (https://github.com/InQuest/awesome-yara) - YARA rules, tools, and people.
 
 Penetration Testing Report Templates
 
-⟡ Public Pentesting Reports (https://github.com/juliocesarfort/public-pentesting-reports) - Curated list of public penetration test reports released by several consulting firms and academic security groups.
-⟡ T&VS Pentesting Report Template (https://www.testandverification.com/wp-content/uploads/template-penetration-testing-report-v03.pdf) - Pentest report template provided by Test and Verification Services, Ltd.
+⟡ Public Pentesting Reports
+ (https://github.com/juliocesarfort/public-pentesting-reports) - Curated list of public penetration test reports released by several consulting firms and academic security groups.
+⟡ T&VS Pentesting Report Template
+ (https://www.testandverification.com/wp-content/uploads/template-penetration-testing-report-v03.pdf) - Pentest report template provided by Test and Verification Services, Ltd.
 ⟡ Web Application Security Assessment Report Template (http://lucideus.com/pdf/stw.pdf) - Sample Web application security assessment reporting template provided by Lucideus.
 
 Open Sources Intelligence (OSINT)
@@ -585,10 +610,10 @@
 ⟡ GyoiThon (https://github.com/gyoisamurai/GyoiThon) - GyoiThon is an Intelligence Gathering tool using Machine Learning.
 ⟡ Intrigue (http://intrigue.io) - Automated OSINT & Attack Surface discovery framework with powerful API, UI and CLI.
 ⟡ Maltego (http://www.maltego.com/) - Proprietary software for open sources intelligence and forensics.
-⟡ PacketTotal
- (https://packettotal.com/) - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Zeek and Suricata IDS signatures under the hood).
-⟡ Skiptracer (https://github.com/xillwillx/skiptracer) - OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen
-noodle budget.
+⟡ PacketTotal (https://packettotal.com/) - Simple, free, high-quality packet capture file analysis facilitating the quick detection of network-borne malware (using Zeek and Suricata IDS 
+signatures under the hood).
+⟡ Skiptracer (https://github.com/xillwillx/skiptracer) - OSINT scraping framework that utilizes basic Python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on
+a target on a ramen noodle budget.
 ⟡ Sn1per (https://github.com/1N3/Sn1per) - Automated Pentest Recon Scanner.
 ⟡ Spiderfoot (http://www.spiderfoot.net/) - Multi-source OSINT automation tool with a Web UI and report visualizations.
 ⟡ creepy (https://github.com/ilektrojohn/creepy) - Geolocation OSINT tool.
@@ -622,7 +647,8 @@
 Email search and analysis tools
 
 ⟡ SimplyEmail (https://github.com/SimplySecurity/SimplyEmail) - Email recon made fast and easy.
-⟡ WhatBreach (https://github.com/Ekultek/WhatBreach) - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is publicly available.
+⟡ WhatBreach (https://github.com/Ekultek/WhatBreach) - Search email addresses and discover all known breaches that this email has been seen in, and download the breached database if it is 
+publicly available.
 
 Metadata harvesting and analysis
 
@@ -656,8 +682,10 @@
 
 ⟡ BlindElephant (http://blindelephant.sourceforge.net/) - Web application fingerprinter.
 ⟡ EyeWitness (https://github.com/ChrisTruncer/EyeWitness) - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
-⟡ GraphQL Voyager (https://graphql-kit.com/graphql-voyager/) - Represent any GraphQL API as an interactive graph, letting you explore data models from any Web site with a GraphQL query endpoint.
-⟡ VHostScan (https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
+⟡ GraphQL Voyager
+ (https://graphql-kit.com/graphql-voyager/) - Represent any GraphQL API as an interactive graph, letting you explore data models from any Web site with a GraphQL query endpoint.
+⟡ VHostScan
+ (https://github.com/codingo/VHostScan) - Virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
 ⟡ Wappalyzer (https://www.wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites.
 ⟡ WhatWaf (https://github.com/Ekultek/WhatWaf) - Detect and bypass web application firewalls and protection systems.
 ⟡ WhatWeb (https://github.com/urbanadventurer/WhatWeb) - Website fingerprinter.
@@ -676,8 +704,8 @@
  (http://networksecuritytoolkit.org/) - Fedora-based GNU/Linux bootable live Operating System designed to provide easy access to best-of-breed open source network security applications.
 ⟡ Parrot (https://parrotlinux.org/) - Distribution similar to Kali, with support for multiple hardware architectures.
 ⟡ PentestBox (https://pentestbox.org/) - Open source pre-configured portable penetration testing environment for the Windows Operating System.
-⟡ The Pentesters Framework
- (https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
+⟡ The Pentesters Framework (https://github.com/trustedsec/ptf) - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that 
+omits less frequently used utilities.
 
 Periodicals
 
@@ -686,12 +714,13 @@
 
 Physical Access Tools
 
-⟡ AT Commands (https://atcommands.org/) - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and 
-inject touch events.
+⟡ AT Commands (https://atcommands.org/) - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform 
+screen unlocks, and inject touch events.
 ⟡ Bash Bunny (https://www.hak5.org/gear/bash-bunny) - Local exploit delivery tool in the form of a USB thumbdrive in which you write payloads in a DSL called BunnyScript.
 ⟡ LAN Turtle (https://lanturtle.com/) - Covert "USB Ethernet Adapter" that provides remote access, network intelligence gathering, and MITM capabilities when installed in a local network.
 ⟡ PCILeech (https://github.com/ufrisk/pcileech) - Uses PCIe hardware devices to read and write from the target system memory via Direct Memory Access (DMA) over PCIe.
-⟡ Packet Squirrel (https://www.hak5.org/gear/packet-squirrel) - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch.
+⟡ Packet Squirrel
+ (https://www.hak5.org/gear/packet-squirrel) - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch.
 ⟡ Poisontap (https://samy.pl/poisontap/) - Siphons cookies, exposes internal (LAN-side) router and installs web backdoor on locked computers.
 ⟡ Proxmark3 (https://proxmark3.com/) - RFID/NFC cloning, replay, and spoofing toolkit often used for analyzing and attacking proximity cards/readers, wireless keys/keyfobs, and more.
 ⟡ Thunderclap (https://thunderclap.io/) - Open source I/O security research platform for auditing physical DMA-enabled hardware peripheral ports.
@@ -699,11 +728,11 @@
 
 Privilege Escalation Tools
 
-⟡ Active Directory and Privilege Escalation (ADAPE)
- (https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
+⟡ Active Directory and Privilege Escalation (ADAPE) (https://github.com/hausec/ADAPE-Script) - Umbrella script that automates numerous useful PowerShell modules to discover security 
+misconfigurations and attempt privilege escalation against Active Directory.
 ⟡ GTFOBins (https://gtfobins.github.io/) - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
-⟡ LOLBAS (Living Off The Land Binaries and Scripts) (https://lolbas-project.github.io/) - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, i.e., binaries that can
-be used by an attacker to perform actions beyond their original purpose.
+⟡ LOLBAS (Living Off The Land Binaries and Scripts) (https://lolbas-project.github.io/) - Documents binaries, scripts, and libraries that can be used for "Living Off The Land" techniques, 
+i.e., binaries that can be used by an attacker to perform actions beyond their original purpose.
 ⟡ LinEnum (https://github.com/rebootuser/LinEnum) - Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming.
 ⟡ Postenum (https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
 ⟡ unix-privesc-check (https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
@@ -711,8 +740,8 @@
 Password Spraying Tools
 
 ⟡ DomainPasswordSpray (https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain.
-⟡ SprayingToolkit
- (https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
+⟡ SprayingToolkit (https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, 
+less painful and more efficient.
 
 Reverse Engineering
 
@@ -734,11 +763,11 @@
 ⟡ Evan's Debugger (http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
 ⟡ Frida (https://www.frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
 ⟡ Fridax (https://github.com/NorthwaveNL/fridax) - Read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
-⟡ Ghidra (https://www.ghidra-sre.org/) - Suite of free software reverse engineering tools developed by NSA's Research Directorate originally exposed in WikiLeaks's "Vault 7" publication and now maintained as 
-open source software.
+⟡ Ghidra (https://www.ghidra-sre.org/) - Suite of free software reverse engineering tools developed by NSA's Research Directorate originally exposed in WikiLeaks's "Vault 7" publication and 
+now maintained as open source software.
 ⟡ Immunity Debugger (https://immunityinc.com/products/debugger/) - Powerful way to write exploits and analyze malware.
-⟡ Interactive Disassembler (IDA Pro) (https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free 
-(https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
+⟡ Interactive Disassembler (IDA Pro) (https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free 
+version, IDA Free (https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
 ⟡ Medusa (https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.
 ⟡ OllyDbg (http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
 ⟡ PyREBox (https://github.com/Cisco-Talos/pyrebox) - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
@@ -750,16 +779,19 @@
 ⟡ boxxy (https://github.com/kpcyrd/boxxy-rs) - Linkable sandbox explorer.
 ⟡ dnSpy (https://github.com/0xd4d/dnSpy) - Tool to reverse engineer .NET assemblies.
 ⟡ plasma (https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
-⟡ pwndbg
- (https://github.com/pwndbg/pwndbg) - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
+⟡ pwndbg (https://github.com/pwndbg/pwndbg) - GDB plug-in that eases debugging with GDB, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers,
+and exploit developers.
 ⟡ rVMI (https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
 ⟡ x64dbg (http://x64dbg.com/) - Open source x64/x32 debugger for windows.
 
 Security Education Courses
 
-⟡ ARIZONA CYBER WARFARE RANGE (http://azcwr.org/) - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
-⟡ Cybrary (http://cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
-⟡ European Union Agency for Network and Information Security (https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material.
+⟡ ARIZONA CYBER WARFARE RANGE
+ (http://azcwr.org/) - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
+⟡ Cybrary (http://cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly 
+Secured Environments'.
+⟡ European Union Agency for Network and Information Security
+ (https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material) - ENISA Cyber Security Training material.
 ⟡ Offensive Security Training (https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers.
 ⟡ Open Security Training (http://opensecuritytraining.info/) - Training material for computer security classes.
 ⟡ Roppers Academy Training (https://www.hoppersroppers.org/training.html) - Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF. 
@@ -775,9 +807,10 @@
 Side-channel Tools
 
 ⟡ ChipWhisperer (http://chipwhisperer.com) - Complete open-source toolchain for side-channel power analysis and glitching attacks.
-⟡ SGX-Step
- (https://github.com/jovanbulck/sgx-step) - Open-source framework to facilitate side-channel attack research on Intel x86 processors in general and Intel SGX (Software Guard Extensions) platforms in particular.
-⟡ TRRespass (https://github.com/vusec/trrespass) - Many-sided rowhammer tool suite able to reverse engineer the contents of DDR3 and DDR4 memory chips protected by Target Row Refresh mitigations.
+⟡ SGX-Step (https://github.com/jovanbulck/sgx-step) - Open-source framework to facilitate side-channel attack research on Intel x86 processors in general and Intel SGX (Software Guard 
+Extensions) platforms in particular.
+⟡ TRRespass
+ (https://github.com/vusec/trrespass) - Many-sided rowhammer tool suite able to reverse engineer the contents of DDR3 and DDR4 memory chips protected by Target Row Refresh mitigations.
 
 Social Engineering
 
@@ -801,14 +834,16 @@
 
 ⟡ Beelogger (https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger.
 ⟡ Catphish (https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
-⟡ Evilginx2 (https://github.com/kgretzky/evilginx2) - Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 2FA security schemes.
+⟡ Evilginx2 (https://github.com/kgretzky/evilginx2) - Standalone Machine-in-the-Middle (MitM) reverse proxy attack framework for setting up phishing pages capable of defeating most forms of 
+2FA security schemes.
 ⟡ FiercePhish (https://github.com/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements.
 ⟡ Gophish (https://getgophish.com) - Open-source phishing framework.
-⟡ King Phisher (https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
+⟡ King Phisher
+ (https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
 ⟡ Modlishka (https://github.com/drk1wi/Modlishka) - Flexible and powerful reverse proxy with real-time two-factor authentication.
 ⟡ ReelPhish (https://github.com/fireeye/ReelPhish) - Real-time two-factor phishing tool.
-⟡ Social Engineer Toolkit (SET)
- (https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
+⟡ Social Engineer Toolkit (SET) (https://github.com/trustedsec/social-engineer-toolkit) - Open source pentesting framework designed for social engineering featuring a number of custom attack 
+vectors to make believable attacks quickly.
 ⟡ SocialFish (https://github.com/UndeadSec/SocialFish) - Social media phishing framework that can run on an Android phone or in a Docker container.
 ⟡ phishery (https://github.com/ryhanson/phishery) - TLS/SSL enabled Basic Auth credential harvester.
 ⟡ wifiphisher (https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
@@ -832,28 +867,30 @@
 
 Vulnerability Databases
 
-⟡ Bugtraq (BID) (http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
-⟡ CISA Known Vulnerabilities Database (KEV) (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) - Vulnerabilities in various systems already known to America's cyber defense agency, the Cybersecurity 
-and Infrastructure Security Agency, to be actively exploited.
+⟡ Bugtraq (BID)
+ (http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
+⟡ CISA Known Vulnerabilities Database (KEV) (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) - Vulnerabilities in various systems already known to America's cyber defense 
+agency, the Cybersecurity and Infrastructure Security Agency, to be actively exploited.
 ⟡ CXSecurity (https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
-⟡ China National Vulnerability Database (CNNVD) (http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
+⟡ China National Vulnerability Database (CNNVD)
+ (http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
 ⟡ Common Vulnerabilities and Exposures (CVE) (https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
 ⟡ Exploit-DB (https://www.exploit-db.com/) - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
 ⟡ Full-Disclosure (http://seclists.org/fulldisclosure/) - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
 ⟡ GitHub Advisories (https://github.com/advisories/) - Public vulnerability advisories published by or affecting codebases hosted by GitHub, including open source projects.
 ⟡ HPI-VDB (https://hpi-vdb.de/) - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
 ⟡ Inj3ct0r (https://www.0day.today/) - Exploit marketplace and vulnerability information aggregator. (Onion service (http://mvfjfugdwgc5uwho.onion/).)
-⟡ Microsoft Security Advisories and Bulletins
- (https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
+⟡ Microsoft Security Advisories and Bulletins (https://docs.microsoft.com/en-us/security-updates/) - Archive and announcements of security advisories impacting Microsoft software, published 
+by the Microsoft Security Response Center (MSRC).
 ⟡ Mozilla Foundation Security Advisories (https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
-⟡ National Vulnerability Database (NVD)
- (https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
+⟡ National Vulnerability Database (NVD) (https://nvd.nist.gov/) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard 
+CVE List along with a fine-grained search engine.
 ⟡ Open Source Vulnerabilities (OSV) (https://osv.dev/) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
 ⟡ Packet Storm (https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
 ⟡ SecuriTeam (http://www.securiteam.com/) - Independent source of software vulnerability information.
 ⟡ Snyk Vulnerability DB (https://snyk.io/vuln/) - Detailed information and remediation guidance for vulnerabilities known by Snyk.
-⟡ US-CERT Vulnerability Notes Database (https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United
-States Computer Emergency Response Team (US-CERT).
+⟡ US-CERT Vulnerability Notes Database (https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, 
+aggregated by the United States Computer Emergency Response Team (US-CERT).
 ⟡ VulDB (https://vuldb.com) - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)
 ⟡ Vulnerability Lab (https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target.
 ⟡ Vulners (https://vulners.com/) - Security database of software vulnerabilities.
@@ -866,7 +903,8 @@
 ⟡ Offensive Web Testing Framework (OWTF) (https://www.owasp.org/index.php/OWASP_OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
 ⟡ Raccoon (https://github.com/evyatarmeged/Raccoon) - High performance offensive security tool for reconnaissance and vulnerability scanning.
 ⟡ WPSploit (https://github.com/espreto/wpsploit) - Exploit WordPress-powered websites with Metasploit.
-⟡ autochrome (https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
+⟡ autochrome
+ (https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/march/autochrome/) - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
 ⟡ badtouch (https://github.com/kpcyrd/badtouch) - Scriptable network authentication cracker.
 ⟡ gobuster (https://github.com/OJ/gobuster) - Lean multipurpose brute force search/fuzzing tool for Web (and DNS) reconnaissance.
 ⟡ sslstrip2 (https://github.com/LeonardoNve/sslstrip2) - SSLStrip version to defeat HSTS.
@@ -933,8 +971,8 @@
 ⟡ Fibratus (https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
 ⟡ Inveigh (https://github.com/Kevin-Robertson/Inveigh) - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool.
 ⟡ LaZagne (https://github.com/AlessandroZ/LaZagne) - Credentials recovery project.
-⟡ MailSniper (https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange 
-Web Services (EWS), and more.
+⟡ MailSniper (https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access
+(OWA) and Exchange Web Services (EWS), and more.
 ⟡ PowerSploit (https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework.
 ⟡ RID_ENUM (https://github.com/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
 ⟡ Responder (https://github.com/SpiderLabs/Responder) - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
@@ -942,12 +980,13 @@
 ⟡ Ruler (https://github.com/sensepost/ruler) - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
 ⟡ SCOMDecrypt (https://github.com/nccgroup/SCOMDecrypt) - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
 ⟡ Sysinternals Suite (https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite) - The Sysinternals Troubleshooting Utilities.
-⟡ Windows Credentials Editor (https://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
+⟡ Windows Credentials Editor
+ (https://www.ampliasecurity.com/research/windows-credentials-editor/) - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
 ⟡ Windows Exploit Suggester (https://github.com/GDSSecurity/Windows-Exploit-Suggester) - Detects potential missing patches on the target.
 ⟡ mimikatz (http://blog.gentilkiwi.com/mimikatz) - Credentials extraction tool for Windows operating system.
 ⟡ redsnarf (https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
-⟡ wePWNise (https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit 
-mitigation software.
+⟡ wePWNise (https://labs.mwrinfosecurity.com/tools/wepwnise/) - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application 
+control and exploit mitigation software.
 ⟡ WinPwn (https://github.com/SecureThisShit/WinPwn) - Internal penetration test script to perform local and domain reconnaissance, privilege escalation and exploitation.
 
 License