Sites/Blogs/Forums/ReportPlatform
- Multi-func sites
-
Blogs
- 信安之路
- 腾讯玄武实验室
- kotowicz
- 夜影二进制安全
- Twosecurity
- https://null-byte.wonderhowto.com/
- Ethan
- https://www.n0tr00t.com/
- https://paper.seebug.org/
- 一些技术博客
- https://github.com/evilcos/papers
- bestwing.me
- MDSec
- evi1m0 (Evil-say)
- hackfun.org
- xsec.io
- 余弦
- 离别歌leavesongs - PHITHON
- 黑暗执行绪
- noob.ninja
-
riusksk
- 《漏洞战争》林桠泉
- hackdog
- qimingyu
- drop
- bluescreenofjeff
- 04z.net
- 黑鸟安全网
- 阿德马Web安全
- dhb133
- neeao
- pkav
- 孤独更可靠
- virink
- chybeta
- 5alt
- 鬼仔’s Blog
- 长亭技术专栏
- x2know
- seay
- wing
- sky
- Ha1g0
- SecuritySite
- 一些有意思的博客
- pentest-bookmarks
-
Report Platform
- http://0day5.com/
- https://www.exploit-db.com/
- w0rms.com
- https://x.threatbook.cn
- 最新漏洞-非安全
- 冠廷漏洞利用代码库 - 0day,Exploit,Shellcode
-
WooYun
- https://wooyun.shuimugan.com/
- http://www.milw0rm.com/
- Forums
- Mailing Lists
Tools - pentest env
- Kali
- BlackArch Linux
- Parrot Security OS
- BackBox - Based on Ubuntu
- Fedora Security Lab - Based on Fedora
- Pentoo - Based on Gentoo
- URIX OS - Based on openSUSE
- Wifislax - Based on Slackware
- docker_msf
-
Vulhub
- Some Docker-Compose files for vulnerabilities environment
- VulApps
-
PHPPHP
- A PHP VM implementation written in PHP.
Tools - Encode/Decode
Tools - Crypto
- Frequency/subsitition/…
- 隐写
-
hash
- Hash-Buster
-
hash (MD5, NTLM, LM, SHA) 密码在线破解网站 list
-
MD5
- http://www.cmd5.com/
- MD5Decrypter(uk)
- Plain-Text
- Crackfoo -NNC
- Hashcrack
- Gdata
- MD5this
- MD5crack
- Noisette
- Joomlaaa
- Igrkio
- MD5decrypter
- Shell
- NetMD5crack
- XMD5
- TheKaine
- InsidePro
- MD5pass
- Generuj
- AuthSecu
- MD5decryption
- Schwett
- Crackfor.me
- MD5-db
- Drasen
- Gromweb
- MD5hood
- MD5.my-addr
- MD5online
- Macrosoftware
- Bokehman
- MD5-decrypter
- Thoran
- C0llision
- Rednoize
- web-security-services
- MD5-lookup
- CMD5
- Tmto
- Shalla
- Hash-Database
- Bokehman
- Benramsey
- Digitalsun
- Kalkulators
- StringFunction
- Toolz
- Fox21
- Gat3way
- Sans
- Appspot
- HashCracking.ru
- Anqel
- Offensive-Security
- Altervista
- Xanadrel
- Beeeer
- Kinginfet
- AskCheck
- hash-cracker.com
- agilobable.pl
- MD5finder
- Wordd
- MD5Rainbow
- overclock
- plain-text.info (irc.Plain-Text.info #rainbowcrack – irc.rizon.net #rainbowcrack)
- md5.overclock.ch (irc.rizon.net #md5)
- c0llision.net (irc.after-all.org #md5crack – ircd.hopto.org #md5crack – ix.dal.net #md5crack)
- NTLM
- LM
- SHA1
- SHA 256-512
- MySQL
- WPA-PSK)
-
MD5
Tools - 域名/ip
- ip 反查域名
-
子域名枚举
- 经典的子域名爆破枚举脚本
- 子域名字典穷举
- 子域名枚举与地图标记
- 在线子域名信息收集工具
- 根据 DNS 记录查询子域名
- 基于谷歌 SSL 透明证书的子域名查询脚本
- 使用 CloudFlare 进行子域名枚举的脚本
- A domain scanner
- Knock Subdomain Scan
- 多方式收集目标子域名信息
- 兄弟域名查询
- 基于 dns 查询的子域名枚举
-
710Kit
- 子域名查询
- 旁站查询
- FTP 暴力破解
-
Gobuster
- Go 语言编写的收集网站 URI 和 DNS 子域名的工具
Tools - XSS
-
XSStrike
- XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
-
xsschef
- a Chrome Extension Exploitation Framework
-
mosquito
- XSS exploitation tool - access victims through HTTP proxy
- xssfork
- XSS 数据接收平台
-
ezXSS
- ezXSS is an easy way to test (blind) XSS
-
扫描
-
BruteXSS
- Cross-Site Scripting Bruteforcer
-
XSSTracer
- A small python script to check for Cross-Site Tracing
-
fuzzXssPHP
- PHP 版本的反射型 xss 扫描
-
xss_scan
- 批量扫描 xss 的 python 脚本
-
autoFindXssAndCsrf
- 自动化检测页面是否存在 XSS 和 CSRF 漏洞的浏览器插件
-
BruteXSS
- xss
Tools - 数据库扫描、注入工具 SQLi
- 注入 工具 之王 sqlmap
- NoSQLMap
-
SQLiScanner
- 一款基于 SQLMAP 和 Charles 的被动 SQL 注入漏洞扫描工具
-
DSSS
- 99 行代码实现的 sql 注入漏洞扫描器
-
Feigong
- 针对各种情况自由变化的 MySQL 注入脚本
-
NoSQLAttack
- 一款针对 mongoDB 的攻击工具
-
bbqsql
- SQL 盲注利用框架
-
PowerUpSQL
- 攻击 SQLSERVER 的 Powershell 脚本框架
-
whitewidow
- 又一款数据库扫描器
-
mongoaudit
- MongoDB审计及渗透工具
-
commix
- 注入点命令执行利用工具
- Short for command injection exploiter,web向命令注入检测工具
-
sqli-hunter
- Web代理,通过加载sqlmap api进行sqli实时检测
Tools - 弱口令或信息泄漏扫描
-
awBruter
- 千倍速一句话密码爆破工具
-
Cr3dOv3r
- 根据邮箱自动搜索泄漏的密码信息,也可测试账户密码在各大网站能否登录的工具
-
x-crack
- Weak password scanner, Support: FTP/SSH/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
-
htpwdScan
- 一个简单的 HTTP 暴力破解、撞库攻击脚本
-
BBScan
- 一个迷你的信息泄漏批量扫描脚本
-
GitHack
-
.git
文件夹泄漏利用工具
-
-
BScanner
- 基于字典的目录扫描小工具
-
fenghuangscanner_v3
- 各种端口及弱口令检测,作者 wilson9x1 ,原地址失效
-
F-Scrack
- 对各类服务进行弱口令检测的脚本
-
cupp
- 根据用户习惯生成弱口令探测字典脚本
-
genpAss
- 中国特色的弱口令生成器
-
crack_ssh
- go写的协程版的 ssh\redis\mongodb 弱口令破解工具
-
Sreg
- 通过输入 email, phone, username 的返回用户注册的所有互联网护照信息
-
GitPrey
- GitHub 敏感信息扫描工具
-
gitscan
- Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信
-
truffleHog
- GitHub 敏感信息扫描工具,包括检测 commit 等
-
GitHarvester
- github Repo信息搜集工具
-
gitleaks
- Searches full repo history for secrets and keys
-
x-patrol
- github泄露扫描系统
-
pydictor
- 暴力破解字典建立工具
-
Blasting_dictionary
- 密码字典
-
xxe-recursive-download
- xxe 漏洞递归下载工具
-
xlog
- web日志扫描工具
Tools - 端口扫描、指纹识别以及中间件扫描
- Nmap - 端口扫描器之王 - https://svn.nmap.org/
-
anoNmap
- anoNmap is a port scanner which utilizes Facebook’s XSPA vulnerability to perform anonymous port scans
-
wyportmap
- 目标端口扫描+系统服务指纹识别
-
weakfilescan
- 动态多线程敏感信息泄露检测工具
-
getcms
- A cms discover recognize tool in python
-
wafw00f
- WAF 产品指纹识别
-
wafid
- Wafid identify and fingerprint Web Application Firewall (WAF) products.
-
sslscan
- ssl 类型识别
-
whatweb
- web 指纹识别
-
FingerPrint
- web 应用指纹识别
-
Scan-T
- 网络爬虫式指纹识别
-
Nscan
- a fast Network scanner inspired by Masscan and Zmap
-
F-NAScan
- 网络资产信息扫描, ICMP 存活探测,端口扫描,端口指纹服务识别
-
F-MiddlewareScan
- 中间件扫描
-
dirsearch
- Web path scanner
-
bannerscan
- C 段 Banner 与路径扫描
-
RASscan
- 端口服务扫描
-
bypass_waf
- waf 自动暴破
-
WAFNinja
- 自动化绕过WAF脚本
-
xcdn
- 尝试找出 cdn 背后的真实 ip
-
BingC
- 基于 Bing 搜索引擎的 C 段/旁站查询,多线程,支持 API
-
DirBrute
- 多线程 WEB 目录爆破工具
-
httpscan
- 一个爬虫式的网段 Web 主机发现小工具
-
doom
- thorn 上实现的分布式任务分发的ip端口漏洞扫描器
-
grab.js
- 类似 zgrab 的快速 TCP 指纹抓取解析工具,支持更多协议
-
whichCDN
- CDN 识别、检测
-
bcrpscan
- 基于爬虫的web路径扫描器
-
Breacher
- An admin panel finder script written in python.
-
DirBrute
- 多线程WEB目录爆破工具
Tools - 内网安全渗透测试
-
VulScritp
- 企业内网渗透脚本,包括 banner 扫描、端口扫描;各种通用漏洞利用等
-
VulScritp
- 内网渗透脚本
-
network_backdoor_scanner
- 基于网络流量的内网探测框架
-
WebRtcXSS
- 自动化利用 XSS 入侵内网
-
mimikatz
- windows渗透神器
-
PowerSploit
- Powershell渗透库合集
-
PowerShell
- Powershell tools合集
-
p0wnedShell
- PowerShell Runspace Post Exploitation Toolkit
-
hunter
- 调用 Windows API 枚举用户登录信息
-
LaZagne
- 本机密码查看提取工具
-
mimipenguin
- linux 密码抓取神器
-
johnny
- 密码破解工具
-
LaZagne
- 本地存储的各类密码提取利器
-
icebreaker
- 在内网环境下自动化攻击活动目录的工具
-
Powershell-RAT
- Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.
Tools - 针对性漏洞测试工具
-
weblogic_unserialize_exploit
- java反序列化漏洞的weblogic exploit命令回显exp
-
cmsPoc
- phpcmsv9.6.0 wap模块 sql注入 获取passwd
- icmsv7.0.1 admincp.php sql注入 后台任意登陆
-
hackUtils
- 渗透以及 web 攻击脚本
- java 反序列化利用工具集
-
ysoserial
- java 反序列化利用工具
-
Jenkins
- Jenkins 漏洞探测、用户抓取爆破
-
dzscan
- discuz 漏洞扫描
-
CMS-Exploit-Framework
- CMS 攻击框架
-
IIS_shortname_Scanner
- IIS 短文件名漏洞扫描
-
FlashScanner
- flashxss 扫描
-
SSTIF
- 服务器端模板注入漏洞的半自动化工具
-
tplmap
- 服务器端模板注入漏洞检测与利用工具
-
dockerscan
- docker 扫描工具
-
break-fast-serial
- 借助 DNS 解析来检测 Java 反序列化漏洞工具
-
dirtycow.github.io
- 脏牛提权漏洞 exp
-
a2sv
- Auto Scanning to SSL Vulnerability
-
msdat
- MSDAT: Microsoft SQL Database Attacking Tool
-
xxegen
- xxe 在线生成利用工具
-
DSXS
- Damn Small XSS Scanner (DSXS)
- a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.
Tools - 代码静态扫描、代码运行栈跟踪
- VulHint
-
php-static-analysis-tools
- php静态扫描工具集
- phpstan
-
cobra
- 白盒代码安全审计系统
-
phpvulhunter
- 静态 php 代码审计
-
php-malware-finder
- Detect potentially malicious PHP files
-
phptrace
- 跟踪、分析 PHP 运行情况的工具
-
hNodeJsScan
- NodeJS 应用代码审计
-
BadCode
- PHP 代码审计
-
pyvulhunter
- python audit tool 审计 注入 inject
-
dawnscanner
- ruby 源码审计
-
brakeman
- Ruby on Rails 应用程序的安全漏洞
-
Mobile-Security-Framework-MobSF/
- app 黑盒审计
-
iOSSecAudit
- iOS 安全审计
-
gef
- Multi-Architecture GDB Enhanced Features for exploit devs & reversers
-
angr
- The next-generation binary analysis platform from UC Santa Barbara’s Seclab
Tools - fuzz
-
honggfuzz
-
honggfuzz-rs
- Fuzz your Rust code with Honggfuzz!
-
honggfuzz-rs
- winafl
- NodeFuzz
- oss-fuzz
- halphafuzzer/
- LibFuzzer
-
wfuzz
- Web向Fuzz工具
-
htpwdScan
- HTTP暴力破解,撞库攻击脚本
-
XSS-Radar
- 用于快速 XSS Fuzz 测试的工具,当前仅支持 Chrome 浏览器扩展版本
-
OSS-Fuzz
- Continuous Fuzzing for Open Source Software
-
kDriver-Fuzzer
- 基于ioctlbf框架编写的驱动漏洞挖掘工具
Tools - 漏洞利用及攻击框架
- msf
- OWASP-Nettacker
-
pocscan
- Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等
- Pocsuite
- Beehive
- Bugscan
-
getsploit
- Command line utility for searching and downloading exploits
-
One-Lin3r
- 类似于 Metasploit web-delivery 模块的轻量级攻击框架,将各种复杂攻击简化成一行命令
-
POC-T
- 渗透测试插件化并发框架
Tools - 模块化扫描、综合扫描器
-
nmap-vulners
- NSE script using some well-known service to provide info on vulnerabilities
- 为Nmap添砖加瓦
-
vulners-scanner
- Vulnerability scanner based on vulners.com audit API https://vulners.com
-
V3n0M-Scanner
- Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
-
BlackWidow
- 基于 Python 实现的 Web 爬虫, 用于收集目标网站的情报信息并对 OWASP 漏洞进行模糊测试
-
w8scan
- 一款模仿bugscan的漏洞扫描器
-
whitewidow
- SQL Vulnerability Scanner
- CMSmap
-
AngelSword
- Python3编写的CMS漏洞检测框架
-
Luna
- 一款开源的自动化web漏洞扫描工具
- Zeus-Scanner
- passive_scan
- S7scan
- Striker
-
xunfeng
- 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
-
ZeroExploit
- 前后端结合检测
-
ark
- 分布式扫描框架
- ReconDog
-
http://www.arachni-scanner.com
- http://github.com/Arachni/arachni
- web 应用安全扫描器框架
-
AZScanner
- 自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测
-
lalascan
- 分布式web漏洞扫描框架,集合 owasp top10 漏洞扫描和边界资产发现能力
-
BkScanner
- BkScanner 分布式、插件化 web 漏洞扫描器
-
GourdScanV2
- 被动式漏洞扫描
-
pentestdb
- WEB 渗透测试数据库
-
passive_scan
- 基于 http 代理的 web 漏洞扫描器
-
Sn1per
- 自动化扫描器,包括中间件扫描以及设备指纹识别
-
pentestEr_Fully-automatic-scanner
- 定向全自动化渗透测试工具
-
3xp10it
- 自动化渗透测试框架
-
lcyscan
- 扫描效果未验证
-
POC-T
- 渗透测试插件化并发框架
-
V3n0M-Scanner
- Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns
-
leakScan
- web端的在线漏洞扫描
-
AnyScan
- 开发中…
- Hscan-Win-Gui
-
DorkNet
- Selenium powered Python script to automate searching for vulnerable web apps.
-
AutoSploit
- Automated Mass Exploiter
-
w9scan
- 一款全能型的网站漏洞扫描器,借鉴了各位前辈的优秀代码。内置1200+插件可对网站进行一次规模的检测,功能包括但不限于web指纹检测、端口指纹检测、网站结构分析、各种流行的漏洞检测、爬虫以及SQL注入检测、XSS检测等等,w9scan会自动生成精美HTML格式结果报告。
-
Scanners-Box
- The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑
-
HUNT
- Identify common parameters vulnerable to certain vulnerability classes
Tools - Shell
- webshell
- Cknife
- 中国蚁剑
-
PyShell
- python 后门程序
-
PyCmd
- python+php+jsp WebShell(一句话木马)
- 详细参考: thief.one
-
hackUtils
- 渗透以及 web 攻击脚本
-
phpsploit
- PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
-
hack_tools_for_me
- web渗透小工具大合集
-
p0wnedShell
- 不依赖 powershell.exe 执行 PowerShell 脚本代码的环境
Tools - 无线 wifi /IoT
-
无线网络渗透、扫描
-
fern-wifi-cracker
- 无线安全审计工具
-
PytheM
- Python 网络/渗透测试工具
-
WiFi-Pumpkin
- 无线安全渗透测试套件
- wifi-arsenal
-
wifitest
- 一个简单的WIFI弱口令暴破的python脚本,可自动实时破解,不需要使用aircrack-ng抓包,只是有点慢…
- Wireless-Router-Vulnerability
-
fern-wifi-cracker
-
物联网设备扫描
-
IoTSeeker
- 物联网设备默认密码扫描检测工具
-
iotdb
- 使用 nmap 扫描 IoT 设备
-
Routerhunter-2.0
- 路由器漏洞扫描利用
-
routersploit
- 路由器漏洞利用框架
-
telnet-scanner
- telnet 服务密码撞库
-
PRET
- 打印机攻击框架
-
IoTSeeker
Tools - 企业网络自检
-
LNScan
- 详细的内部网络信息扫描器
-
LocalNetworkScanner
- javascript实现的本地网络扫描器
-
xunfeng
- 网络资产识别引擎,漏洞检测引擎
-
theHarvester
- 企业被搜索引擎收录敏感资产信息监控脚本:员工邮箱、子域名、Hosts
-
Multisearch-v2
- 搜索引擎聚合搜索,可用于发现企业被搜索引擎收录的敏感资产信息
Tools - EXP编写框架及工具
-
rop-tool
- 二进制EXP编写工具
-
pwntools
- CTF Pwn 类题目脚本编写框架
-
zio
- an easy-to-use io library for pwning development
-
frida
- 跨平台注入工具
- Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
-
Sickle
- Shellcode development tool
-
radare2
- unix-like reverse engineering framework and commandline tools
-
CHAOS
- CHAOS allow generate payloads and control remote Windows systems.
Tools - MIM & phishing
-
MIM 中间人攻击框架
- https://github.com/secretsquirrel/the-backdoor-factory
- https://github.com/secretsquirrel/BDFProxy
- https://github.com/byt3bl33d3r/MITMf
-
mallory
- 可扩展的中间人代理工具
-
LANs.py
- Inject code, jam wifi, and spy on wifi users
-
wifiphisher
- wifi钓鱼
-
PhishLulz
- a Ruby toolset aimed at automating Phishing activities
-
mitmproxy
- An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Tools - Defense
-
Malware analysts and reverse-engineering env
- REMnux - Based on Debian
-
webshell 检测以及病毒分析工具
-
Find_webshell
- php后门检测,脚本较简单,因此存在误报高和效率低下的问题
- webshell 样本库
-
ScanBackdoor
- Webshell 扫描工具
-
BackdoorMan
- PHP 后门扫描
-
findWebshell
- 又一款 webshell 检测工具
-
HaboMalHunter
- 哈勃分析系统, linux 系统病毒分析及安全检测
-
PlagueScanner
- 使用 python 实现的集成 ClamAV, ESET, Bitdefender 的反病毒引擎
-
php-malware-finder
- 一款高效率 PHP-webshell 扫描工具
-
PHP-Shell-Detector
- 测试效率高达 99% 的 webshell 检测工具
-
malwarecage
- 用于自动化恶意软件收集/分析系统的组件,由 Python2 编写,支持 REST API
-
x-waf
- 适用于中小企业的云waf
-
Find_webshell
-
二进制及代码分析工具
- binwalk
-
binmap
- 系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息
-
rp
- rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn’t support the FAT binaries) x86/x64 binaries.
-
badger
- Windows Exploit Development工具
-
amoco
- 二进制静态分析工具(python)
-
peda
- Python Exploit Development Assistance for GDB
-
billgates-botnet-tracker
- 对BillGates Linux Botnet系木马活动的监控工具
-
RATDecoders
- 木马配置参数提取工具
-
angr
- Shellphish编写的二进制分析工具(CTF向)
-
pysonar2
- 针对python的静态代码分析工具
-
shellcheck
- 一个自动化的脚本(shell)分析工具,用来给出警告和建议
-
etacsufbo
- 基于AST变换的简易Javascript反混淆辅助工具
- waf 开源及规则
- DDOS 防护
- Database firewall
-
yulong-hids
- 驭龙 HIDS - 一款由 YSRC 开发的主机入侵检测系统
Tools - Mining
Tools - Miscellaneous
- SocialEngineeringPayloads
-
github_arsenal
- github军火库
- SecLists
- fuzzdb
- malwares
- ExploitKit
- nullsecurity
-
BlueLotus_XSSReceiver
- XSS平台
- CTF工具
- Web安全工具
-
scanner
- BB2 scanner
-
AWVS
- 漏洞扫描
-
OwaspZAP
- 漏洞扫描
-
Burp suite
- 漏洞扫描
- 【神器】Burp Suite Pro Loader&Keygen By surferxyz(附带v1.7.31原版)
- Burp_Suite_Pro_v1.7.31.zip with cracker
- 解决全版本burp时间过期问题 -h4ck0ne.docx
-
Worthwhile BurpSuite Plugins
- Literally anything by James Kettle
- backslash-powered-scanner
- ActiveScan++
-
Cloud Storage Tester
- 能够读取有关指向不同云服务(Amazon,Microsoft,Google)的链接的响应,并对这些对象执行一些安全性检查。
- JSON Beautifie
- Content Type Converter
- Copy As Python-Requests (possibly other ‘Copy As’ plugins)
-
HUNT
- 识别一些容易存在漏洞的参数
- Metadata
- payloads
- Nessus
- 爬取微软漏洞信息
- reGeorg
- udfhack
-
科学上网
- XX-Net
-
xsocks
- Reliable , light-weight reverse socks5 server for windows&linux.
- v2ray-core
- TangScan
- Beebeeto-framework
-
httpie
- http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl)
- Browser Exploitation Framework
- Vtools
-
webscanner
- a web path scanner
-
phpaudit
- An env for php code audit (code review) with xdebug
- 筛选一些有用的在线网址
- 必知必会的安全工具
- 渗透测试信息收集工具篇
-
frida
- Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
-
pwnjs
- A Javascript library for browser exploitation
-
Firefox-Security-Toolkit
- A tool that transforms Firefox browsers into a penetration testing suite
-
al-khaser
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
-
pcap-analyzer
- 在线轻量Pcap流量文件分析工具
- awesome-spider
- pentest_tools \
- Java高并发秒杀系统API
Tools - CTF tools
-
Miscellaneous
- pwndocker
-
vFuckingTools
- A CTFer tools bag
- ctf-tools
-
Attacks
- Bettercap - Framework to perform MITM (Man in the Middle) attacks.
- Layer 2 attacks - Attack various protocols on layer 2
-
Crypto
- FeatherDuster - An automated, modular cryptanalysis tool
- PkCrack - A tool for Breaking PkZip-encryption
- RSATool - Generate private key with knowledge of p and q
- XORTool - A tool to analyze multi-byte xor cipher
-
Bruteforcers
- Hashcat - Password Cracker
- John The Jumbo - Community enhanced version of John the Ripper
- John The Ripper - Password Cracker
- Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
- Ophcrack - Windows password cracker based on rainbow tables.
- Patator - Patator is a multi-purpose brute-forcer, with a modular design.
-
Exploits
- DLLInjector - Inject dlls in processes
- libformatstr - Simplify format string exploitation.
- Metasploit - Penetration testing software
-
one_gadget
- A tool to find the one gadget
execve('/bin/sh', NULL, NULL)
call-
gem install one_gadget
-
- Pwntools - CTF Framework for writing exploits
- Qira - QEMU Interactive Runtime Analyser
- ROP Gadget - Framework for ROP exploitation
- V0lt - Security CTF Toolkit
-
Forensics
-
Aircrack-Ng
- Crack 802.11 WEP and WPA-PSK keys
-
apt-get install aircrack-ng
-
-
Audacity
- Analyze sound files (mp3, m4a, whatever)
-
apt-get install audacity
-
-
Bkhive and Samdump2
- Dump SYSTEM and SAM files
-
apt-get install samdump2 bkhive
-
- CFF Explorer - PE Editor
- Creddump - Dump windows credentials
- DVCS Ripper - Rips web accessible (distributed) version control systems
- Exif Tool - Read, write and edit file metadata
- Extundelete - Used for recovering lost data from mountable images
- Fibratus - Tool for exploration and tracing of the Windows kernel
-
Foremost
- Extract particular kind of files using headers
-
apt-get install foremost
-
- Fsck.ext4 - Used to fix corrupt filesystems
- Malzilla - Malware hunting tool
- NetworkMiner - Network Forensic Analysis Tool
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files
- ResourcesExtract - Extract various filetypes from exes
- Shellbags - Investigate NT_USER.dat files
- UsbForensics - Contains many tools for usb forensics
- Volatility - To investigate memory dumps
- RegistryViewer - Used to view windows registries
- Windows Registry Viewers - More registry viewers
-
Aircrack-Ng
- Crack 802.11 WEP and WPA-PSK keys
- Networking
-
Reversing
- Androguard - Reverse engineer Android applications
- Angr - platform-agnostic binary analysis framework
- Apk2Gold - Yet another Android decompiler
- ApkTool - Android Decompiler
- Barf - Binary Analysis and Reverse engineering Framework
- Binary Ninja - Binary analysis framework
- BinUtils - Collection of binary tools
- BinWalk - Analyze, reverse engineer, and extract firmware images.
- Boomerang - Decompile x86 binaries to C
- ctf_import – run basic functions from stripped binaries cross platform
- GDB - The GNU project debugger
- GEF - GDB plugin
- Hopper - Reverse engineering tool (disassembler) for OSX and Linux
- IDA Pro - Most used Reversing software
- Jadx - Decompile Android files
- Java Decompilers - An online decompiler for Java and Android APKs
- Krakatau - Java decompiler and disassembler
- PEDA - GDB plugin (only python2.7)
- Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
- Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
- radare2 - A portable reversing framework
- Uncompyle - Decompile Python 2.7 binaries (.pyc)
- WinDbg - Windows debugger distributed by Microsoft
- Z3 - a theorem prover from Microsoft Research
- Detox - A Javascript malware analysis tool
- Revelo - Analyze obfuscated Javascript code
- RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
- Swftools - Collection of utilities to work with SWF files
- Xxxswf - A Python script for analyzing Flash files.
-
Services
- CSWSH - Cross-Site WebSocket Hijacking Tester
- Request Bin - Lets you inspect http requests to a particular url
-
Steganography
- Convert - Convert images b/w formats and apply filters
- Exif - Shows EXIF information in JPEG files
- Exiftool - Read and write meta information in files
- Exiv2 - Image metadata manipulation tool
- ImageMagick - Tool for manipulating images
- Outguess - Universal steganographic tool
-
Pngtools
- For various analysis related to PNGs
-
apt-get install pngtools
-
- SmartDeblur - Used to deblur and fix defocused images
- Steganabara - Tool for stegano analysis written in Java
- Stegbreak - Launches brute-force dictionary attacks on JPG image
- Steghide - Hide data in various kind of images
- Stegsolve - Apply various steganography techniques to images
-
Web
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- Hackbar - Firefox addon for easy web exploitation
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Postman - Add on for chrome for debugging network requests
- SQLMap - Automatic SQL injection and database takeover tooli
- W3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor
- WhatWaf
Learning - Web application pentesting
-
Prerequisites:
-
Usage of
- Burp
- Nikto
- Openvas
- SQLMap
- Netcat
- Dirbuster/wfuzz
- Hydra
- Kewl
- Wp-scan
- Dig
-
Knowledge of
- HTTP protocol and HTTP Methods (GET, POST, OPTIONS, PUT, TRACE)
- DNS
- CGI
- Web session management
- Cookies and their parameters
- Concepts of XSS (reflected, stored, DOM based), CSRF, SQLi, Remote/Local File Inclusion, Direct Object Reference, Forceful Browsing, Log Poisoning
- Latest/common web application vulnerabilities (e.g. vulnerabilities in WordPress, XAMPP, etc.)
- Heartbleed & ShellShock
-
Usage of
-
sites
- Security
- Web-Security-Learning
- Software-Security-Learning
- web应用渗透测试流程
- web测试方法工具篇
- Mysql注入导图-学习篇
- 数据库查询基础
- sql注入学习总结
- SQL注入的常规思路及奇葩技巧
- 宽字符注入详解与实战
- webgoat-Injection
- postgresql数据库利用方式
- Pentester Lab SQL to shell
- WAF-Bypass
- Browser’s XSS Filter Bypass Cheat Sheet
- PHP代码审计分段讲解
- 高级PHP应用程序漏洞审核技术
- 论PHP常见的漏洞
- php代码审计
- Audit-Learning
- PHP代码审计总结
- PHP+Mysql注入防护与绕过
- PHP开源程序中常见的后台绕过方法总结
- PHP-code-audit
- 高级PHP应用程序漏洞审核技术
- PHP代码审计-sprintf函数中的安全问题
- XSS Cheat Sheet
- AwesomeXSS
-
XSS-Filter-Evasion-Cheat-Sheet-CN
- XSS Filter Evasion Cheat Sheet 中文版
- XSS学习笔记【一】
- XSS学习笔记【二】
- XSS测试载荷
- 代码安全之上传文件
- 代码安全之文件包含
- 代码安全之SSRF
- 十分钟带你了解XXE
- XPath注入:攻击与防御技术
- 奇葩webshell技巧
- 知道创宇研发技能表
- Web Hacking 101 中文版
- burpsuite 实战指南
- 渗透测试 Node.js 应用
- awesome#security
- awesome-infosec
- Web安全资料和资源列表
- How To Become A Hacker
- 有哪些可以深入学习信息安全、网络安全的地方?
- 黑客如何学起?
- 零基础如何学习 Web 安全?
- 诚求黑客书单?
- 大龄、零基础,想转行做网络安全。怎样比较可行?
- 跨行业如何学习黑客技术,专业不对口?
- 学习信息安全怎样入门?
- Hacker Manifesto
- https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles
- https://digi.ninja/blog/when_all_you_can_do_is_read.php
- https://www.exploit-db.com/docs/12389.pdf
- http://www.slideshare.net/SOURCEConference/wfuzz-para-penetration-testers
- https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
- http://www.tutorialspoint.com/http/http_methods.htm
- http://www.elated.com/articles/your-first-cgi-script/
- https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
- http://www.enigmagroup.org/articles/view/Linux%20Hacking/115-LFI-Apache-log-poisoning
- http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
- https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
- http://resources.infosecinstitute.com/file-upload-vulnerabilities/
- http://excess-xss.com/
- https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- http://www.vsecurity.com/download/papers/XMLDTDEntityAttacks.pdf
- ttp://resources.infosecinstitute.com/practical-shellshock-exploitation-part-1/
- http://resources.infosecinstitute.com/practical-shellshock-exploitation-part-2/
- 2018 PHP 应用程序安全设计指北
- 与http头安全相关的安全选项
- sqlmap wiki
- API-Security-Checklist
-
Books
- The Web Application Hacker’s Handbook
- Ethical Hacking and Penetration Testing Guide
- The Hacker Playbook 2: Practical Guide to Penetration Testing
- Kali Linux Web渗透测试秘籍 中文版
-
node-sec-roadmap
- Some thoughts on how Node.js might respond to a changing security environment
- The security roadmap is a gitbook publication available at https://nodesecroadmap.fyi/
Learning - Binary and memory exploitation
-
Prerequisites:
-
Usage of
- Gdb (inc. gdb-peda), Valgrind
- Edb, OllyDBG
- Metasploit (generating payloads)
-
Knowledge of
- Program execution flow
- Stack vs Heap (inc. details on how they work)
- Registers
- Reading assembly code
- Modern mechanisms of buffer overflow prevention (NX/DEP, ASLR, Stack Canaries)
-
Usage of
-
sites
- awesome-malware-analysis
- Reverseng
- 书籍《reverse-engineering-for-beginners》
- RE-for-beginners
- Linux exploit 开发入门
- http://insecure.org/stf/smashstack.html
- http://www.intelligentexploit.com/articles/Linux-Stack-Based-Buffer-Overflows.pdf
- http://beej.us/guide/bggdb/
- http://protostar-solutions.googlecode.com/hg/Stack%206/ret2libc.pdf
- https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- http://www.slideshare.net/saumilshah/dive-into-rop-a-quick-introduction-to-return-oriented-programming
- https://speakerdeck.com/barrebas/rop-primer
- https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf
- https://www.defcon.org/images/defcon-18/dc-18-presentations/Haas/DEFCON-18-Haas-Adv-Format-String-Attacks.pdf
- http://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
- http://blog.knapsy.com/blog/2015/11/25/easy-file-sharing-web-server-v7-dot-2-remote-seh-buffer-overflow-dep-bypass-with-rop/
- secure-ios-app-dev
-
browser-security-whitepaper-2017
- X41 Browser Security White Paper - Tools and PoCs
Learning - Windows and Linux Privilege Escalation
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。