A curated list of awesome social engineering resources, inspired by the awesome-* trend on GitHub.
Those resources and tools are intended only for cybersecurity professional, penetration testers and educational use in a controlled environment.
No humans were manipulated to make this list!
- Online Courses
- Capture the Flag
- Psychology Resources
- Social Engineering Books
- OSINT
- Documentation
- Tools
- Miscellaneus
- Contribution
- License
-
Cybrary - Social Engineering and Manipulation - Free Course
Most of these books covers the basics of psychology useful for a social engineer.
-
The Power of Habit: Why We Do What We Do, and How to Change - Charles Duhigg
-
Influence: The Psychology of Persuasion Paperback – Robert B., PhD Cialdini
-
Emotions Revealed: Understanding Faces and Feelings - Prof Paul Ekman
-
The Psychology of Interrogations and Confessions: A Handbook - Gisli H. Gudjonsson
-
Mindfucking: A Critique of Mental Manipulation - Colin McGinn
-
Social Engineering: The Art of Human Hacking - Chris Hadnagy
-
Unmasking the Social Engineer: The Human Element of Security - Christopher Hadnagy, Dr. Ekman Paul
-
Social Engineering in IT Security: Tools, Tactics, and Techniques, Sharon Conheady
-
The Art of Deception: Controlling the Human Element of Security, Kevin D. Mitnick, William L. Simon
-
The Social Engineer's Playbook: A Practical Guide to Pretexting - Jeremiah Talamantes
- Awesome OSINT - Awesome list of OSINT
- OSINT Framework - Collection of various OSInt tools broken out by category.
- Intel Techniques - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
- NetBootcamp OSINT Tools - A collection of OSINT links and custom Web interfaces to other services such as Facebook Graph Search and various paste sites.
- Automating OSINT blog - A blog about OSINT curated by Justin Seitz, the same author of BHP.
- XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
- Intel Techniques Online Tools - Use the links to the left to access all of the custom search tools.
- Buscador - A Linux Virtual Machine that is pre-configured for online investigators
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- theHarvester - E-mail, subdomain and people names harvester
- creepy - A geolocation OSINT tool
- exiftool.rb - A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files.
- metagoofil - Metadata harvester
- Google Hacking Database - a database of Google dorks; can be used for recon
- Google-dorks - Common google dorks and others you prolly don't know
- GooDork - Command line go0gle dorking tool
- dork-cli - Command-line Google dork tool.
- Shodan - Shodan is the world's first search engine for Internet-connected devices
- recon-ng - A full-featured Web Reconnaissance framework written in Python
- github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak
- vcsmap - A plugin-based tool to scan public version control systems for sensitive information
- Spiderfoot - multi-source OSINT automation tool with a Web UI and report visualizations
- DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
- snitch - information gathering via dorks
- Geotweet_GUI - Track geographical locations of tweets and then export to google maps.
- The Social-Engineer portal - Everything you need to know as a social engineer is in this site. You will find podcasts, resources, framework, informations about next events, blog ecc...
- Tor - The free software for enabling onion routing online anonymity
- SET - The Social-Engineer Toolkit from TrustedSec
- Gophish - Open-Source Phishing Framework
- King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- wifiphisher - Automated phishing attacks against Wi-Fi networks
- PhishingFrenzy - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
- Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service
- Lucy Phishing Server - (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness.
- OWASP Presentation of Social Engineering - OWASP
- Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 23
- Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012
- Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word
- Robert Anderson - US Interrogation Techniques and Social Engineering.mp4
- Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing
- Chris Hadnagy - Social Engineering for Fun and Profit
- Chris Hadnagy - Decoding humans live - DerbyCon 2015
- This is how hackers hack you using simple social engineering
- The Limits of Social Engineering - MIT, Technology Review
- The 7 Best Social Engineering Attacks Ever - DarkReading
- Social Engineering: Compromising Users with an Office Document - Infosec Institute
- The Persuasion Reading List - Scott Adams' Blog
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details.
This work is licensed under a Creative Commons Attribution 4.0 International License