This commit fixes numerous CI build issues related to stale or broken
links. These include:
* Removal of Zoom username enumeration tool, covered by WPScan anyway.
* Removal of old Google dork database that is unmaintained/has vanished.
* Removal of `OSVDB.org` zone, which no longer resolves via DNS.
* Fix link to NoSQLmap tool (domain expired, use GitHub.com link now).
* Update link to Social Engineering in IT book from legacy URL.
* Update link to OWASP's AppSecUSA conference; now uses second-level domain.
Further, this commit simplifies the `.travis.yml` file in order to use a
plainer (more standard) certificates bundle. Two URLs have been added to
the whitelist: `www.shodan.io`, which returns a 403 Forbidden error when
accessed by Awesome Bot, and `www.mhprofessional.com`, which generates
an SSLv3 certificate validation error.
Prior to this commit, a custom SSL certificate bundle was generated and
then placed in the `/tmp` directory for use, but this is no longer
required as the latest `ca-certificates` bundle shipped with Ubuntu
contains the root certificates needed for the domains that once required
this custom bundle to be used.
This commit removes items from the Pentesting Report Template section
that are either not templates or have been removed from the source.
Further, line items are updated to use meaningful descriptions and to
follow the Awesome List style guides (capitalization and punctuation).
* SocialFish, a social media phishing framework.
* ShellPhish, a social media site cloner built on SocialFish.
* dos-over-tor, a torifid DoS and stress test tool.
* oregano, a MITM proxy that accepts direct Tor client requests.
Iodine is a DNS tunnel and useful for data exfiltration.
The Network Tools section became very long, so I chunked it up with
subcategories that pertain to the sort of tool. ("Network Tools" is
itself somewhat vague, and multi-paradigm/multi-function tools were
retained in the root of the category.)
Finally, "Defense Evasion Tools" was renamed to "Anti-virus Evasion
Tools" because every utility listed there was actually an AV or
host-based defense evasion tool, which is distinct from the network
evasion tools (exfiltration utilities) already listed in the "Network
Tools" section, above. I believe this clarity will help a reader more
quickly find the specific type of "defense evasion" utility they are
actually looking for.
Added 2 tools to web vulnerability scanning category.
Zoom- an advanced wordpress username enumerator with infinite scanning (much more powerful than the user name enumeration module in wpscan)
Sqlmate- a friend of sqlmap that identifies sqli vulnerabilities based on given dork and website (optional)
