14 KiB
A collection of awesome lists, manuals, blogs, hacks and tools for Awesome Ninja Admins.
Who is Ninja Admins?
- race of pure evil who rule the network through a monarchistic feudelic system
- they never opened the door for strangers (or anyone at all)
- they know very nasty piece of code like a fork bombs
- they can make dd is not a disk destroyer
- they know that
#!/usr/bin/env bashsuperior to#!/bin/bash - they know that
su -logs in completely as root - they love the old admin nix-world
Ninja Admins Collection
CLI Tools
▪️ Shells
🔸 Oh My ZSH! - the best framework for managing your Zsh configuration.
🔸 bash-it - a community Bash framework.
▪️ Managers
🔸 Midnight Commander - visual file manager, licensed under GNU General Public License.
🔸 screen - full-screen window manager that multiplexes a physical terminal.
🔸 tmux - terminal multiplexer, lets you switch easily between several programs in one terminal.
▪️ Network
🔸 Curl - command line tool and library
for transferring data with URLs.
🔸 HTTPie - a user-friendly HTTP client.
🔸 gnutls-cli - client program to set up a TLS connection to some other computer.
🔸 netcat - networking utility which reads and writes data across network connections, using the TCP/IP protocol.
🔸 tcpdump - powerful command-line packet analyzer.
▪️ Databases
🔸 pgcli - postgres CLI with autocompletion and syntax highlighting.
Web Tools
▪️ SSL
🔸 SSL Server Test - free online service performs a deep analysis of the configuration of any SSL web server.
🔸 SSL Server Test (DEV) - free online service performs a deep analysis of the configuration of any SSL web server.
🔸 ImmuniWeb® SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST).
🔸 Report URI - monitoring security policies like CSP and HPKP.
🔸 CSP Evaluator - allows developers and security experts to check if a Content Security Policy.
🔸 Common CA Database - repository of information about CAs, and their root and intermediate certificates.
🔸 CERTSTREAM - real-time certificate transparency log update stream.
▪️ HTTP Headers
🔸 Security Headers - analyse the HTTP response headers (with rating system to the results).
🔸 Observatory by Mozilla - set of tools to analyze your website.
▪️ DNS
🔸 ViewDNS - one source for free DNS related tools and information.
🔸 DNS Spy - monitor, validate and verify your DNS configurations.
🔸 DNSlytics - online investigation tool.
▪️ Mail
🔸 MX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
▪️ Mass scanners (search engines)
🔸 Censys - platform that helps information security practitioners discover, monitor, and analyze devices.
🔸 Shodan - the world's first search engine for Internet-connected devices.
🔸 GreyNoise - mass scanner (such as Shodan and Censys).
🔸 Hardenize - deploy the security standards.
▪️ Net-tools
🔸 Netcraft - detailed report about the site, helping you to make informed choices about their integrity.
🔸 Security Trails - APIs for Security Companies, Researchers and Teams.
🔸 Online Curl - curl test, analyze HTTP Response Headers.
🔸 Ping.eu - online Ping, Traceroute, DNS lookup, WHOIS and others.
🔸 Network-Tools - network tools for webmasters, IT technicians & geeks.
🔸 URL Encode/Decode - tool from above to either encode or decode a string of text.
▪️ Performance
🔸 GTmetrix - analyze your site’s speed and make it faster.
🔸 Sucuri loadtimetester - test here the
performance of any of your sites from across the globe.
▪️ Passwords
🔸 Random.org - generate random passwords.
🔸 Gotcha? - list of 1.4 billion accounts circulates around the Internet.
🔸 have i been pwned? - check if you have an account that has been compromised in a data breach.
Manuals/Howtos/Tutorials
▪️ Bash
🔸 pure-bash-bible - a collection of pure bash alternatives to external processes.
🔸 The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.
▪️ Unix tutorials
🔸 nixCraft - linux and unix tutorials for new and seasoned sysadmin.
🔸 TecMint - the ideal Linux blog for Sysadmins & Geeks.
▪️ Hacking
🔸 Hacking Articles - LRaj Chandel's Security & Hacking Blog.
Blogs
🔸 Brendan Gregg's Blog - Brendan Gregg is an industry expert in computing performance and cloud computing.
🔸 Gynvael "GynDream" Coldwind - Gynvael is a IT security engineer at Google.
🔸 Michał "lcamtuf" Zalewski - "white hat" hacker, computer security expert.
🔸 Mattias Geniar - developer, Sysadmin, Blogger, Podcaster and Public Speaker.
🔸 Nick Craver - Software Developer and Systems Administrator for Stack Exchange.
🔸 Robert Penz - IT security Expert.
🔸 Scott Helme - Security Researcher, international speaker and founder of securityheaders.com and report-uri.com.
🔸 Kacper Szurek - Detection Engineer at ESET.
🔸 Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.
Systems/Services
▪️ Systems
🔸 OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
🔸 HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
▪️ HTTP(s) Services
🔸 Varnish HTTP Cache - HTTP accelerator designed for content-heavy dynamic web sites.
▪️ Security/hardening
🔸 Emerald Onion - Seattle-based encrypted-transit internet service provider.
One-liners
🔸 commandlinefu.com - command line diamonds, created and voted on by our members.
🔸 Bash One-Liners - practical, well-explained Bash one-liners, and promote best practices in Bash shell scripting.
Lists
🔸 Awesome Sysadmin - amazingly awesome open source sysadmin resources.
🔸 Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
🔸 Awesome-Hacking - awesome lists for hackers, pentesters and security researchers.
Hacking/Penetration testing
▪️ Bounty programs
🔸 Openbugbounty - allows any security researcher reporting a vulnerability on any website.
🔸 hackerone - global hacker community to surface the most relevant security issues.
🔸 bugcrowd - crowdsourced cybersecurity for the enterprise.
🔸 Crowdshield - crowdsourced Security & Bug Bounty Management.
▪️ Web Training Apps
🔸 DVWA - PHP/MySQL web application that is damn vulnerable.
🔸 OWASP Mutillidae II - free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.
🔸 OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
🔸 OWASP WebGoat Project - insecure web application maintained by OWASP designed to teach web application security lessons.
🔸 Security Ninjas - open source application security training program.