Security Websites

Herewith, just some bookmarks to websites covering network security topics. 
Standard caveats apply...

• These resources are intended for use by pentesters (IT security consultants) as part of an authorized security test.   Pentesters get called in when a company wants an independent check on the security of its internet & intranet infrastructure, web applications, or whatever.

• Never probe or attack any machine without the consent of the owner and any interested third parties.

• Never run an exploit you found on the Internet unless you have read the code, understood it, and (where appropriate) changed the payload to something you trust. 

• Home users: Please don't panic if your IP address is probed from the Internet.  The scanning box was probably compromised without its owner's knowledge, so responding in kind is pointless as well as illegal. Sustained or intense attacks should be reported to the Abuse contact for the domain, or for the IP, or for the IP block (but not all three).  The system owner probably doesn't realise his box has been owned.   But don't bother reporting brief probes: it happens all the time.  90% of abuse reports are bogus anyway, so don't bother the Abuse contacts with trivia.

Where to Start

• http://sectools.org/  -  the top security tools by category
• http://seclists.org/   -  security mailing lists archive
• http://metasploit.com - awesome exploitation framework
• http://fastandeasyhacking.com - Armitage (GUI front end for Metasploit)
• http://securitytube.net  - YouTube for pentesters 
• http://foofus.net   - all about password hashes

Vulnerability Announcements & Discussions

• http://www.securityfocus.com/
• http://secunia.com/

Exploit Archives

• http://securityreason.com/
• http://exploit-db.com/
• http://packetstormsecurity.org/