Linki

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
https://scottlinux.com/2015/09/01/use-kali-linux-through-tor-with-whonix-gateway/ - kali via whonix
https://sourceforge.net/projects/networkminer/ -  extract pcap  - Network Forensic Analysis Tool
https://www.youtube.com/watch?v=spfrmsbhBaw https://github.com/Danladi/HttpPwnly - XSS shell
https://dustri.org/b/from-lfi-to-rce-in-php.html - From LFI to RCE in php
https://www.pelock.com/pl/artykuly/przeglad-narzedzi-do-reverse-engineeringu -  Przegląd narzędzi do reverse engineeringu
http://pastebin.com/raw/0SNSvyjJ - writeup z hackowania Hacking Teamu
http://netsec.ws/?p=278 - proxychains
https://github.com/Veil-Framework/Veil-Evasion - generowanie payloadow do metasploita z ominieciem AV
http://resources.infosecinstitute.com/practical-thick-client-application-penetration-testing-using-damn-vulnerable-thick-client-app-part-1/ - pentest aplikacji desktopowej

https://www.suse.com/communities/blog/stunnel-securing-insecure-ssl-and-creating-ssl-tunnels/ - konfiguracja stunnel (jesli gdzies dziala cos po SSL a ja chce miec to bez SSL)
cat stunnel.conf
cert = /etc/stunnel/server.pem
key  = /etc/stunnel/server.key
client = yes

[VNC_to_HostB]
accept = 127.0.0.1:2009
connect = 1.2.3.4:2009

Na 127.0.0.1 bedzie usluga SSLowa z 1.2.3.4


http://www.darknet.org.uk/2016/03/dirb-domain-brute-forcing-tool/ - dirb i kilka zamienników
https://reverse.report/ - reverse dns
http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
http://blog.zsec.uk/ltr101-method-to-madness/
http://www.r00tsec.com/2012/11/howto-manual-pentest-windows-cheatsheet.html
http://null-byte.wonderhowto.com/how-to/create-obfuscate-virus-inside-microsoft-word-document-0167780/ 
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/

https://www.passivetotal.org/ ciekawe info o subdomenach, infekcjach itp

https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/V.Kochetkov_breaking_ASP.NET.pdf - TO HACK AN ASP .NET WEBSITE? HARD, BUT POSSIBLE!

http://www.irongeek.com/homoglyph-attack-generator.php - phishing, unicode, IDN homograph

https://github.com/berzerk0/Probable-Wordlists/tree/master/Real-Passwords 2 miliardy haseł (24GB z wycieków)
https://github.com/maurosoria/dirsearch - dirsearch, fajny :)