信息安全相關資源

滲透測試資源

Metasploit Unleashed 連接地址 - 免費攻防安全metasploita課程
PTES 連接地址 - 滲透測試執行標準
OWASP 連接地址 - 開源Web應用安全項目

Shellcode開發：
Shellcode Tutorials 連接地址 - 如何寫shellcode的指導
Shellcode Examples 連接地址 - Shellcode數據庫

社會工程學資源：
社工庫框架 連接地址 - 社工所需信息資源

"撬鎖"(Lock Picking)資源：
Schuyler Towne channel 連接地址 - 撬鎖視頻和安全演講
/r/lockpicking 連接地址 - 學習撬鎖的資源和設備推薦

 

滲透工具

滲透測試分佈工具：
Kali 連接地址 - 一個專門的數字取證和滲透測試的Linux版本
BlackArch 連接地址 - 滲透測試員和研究人員的Arch Linux分佈
NST 連接地址 - 網絡安全工具包
Pentoo 連接地址 - 基於Gentoo
BackBox 連接地址 - 基於Ubuntu的滲透測試和安全評估

基本滲透測試工具：
Metasploit Framework 連接地址 - 全球最經常使用的滲透測試工具
Burp Suite 連接地址 - 執行Web安全測試的集成平臺
ExploitPack 連接地址 - 用戶滲透測試的圖形工具

漏洞掃描器：
Netsparker 連接地址 - Web應用程序安全掃描
Nexpose 連接地址 - 漏洞管理和風險管理軟件
Nessus 連接地址 - 漏洞、配置和評估
Nikto 連接地址 - Web應用漏洞掃描器
OpenVAS 連接地址 - 開源漏洞掃描和管理工具
OWASP Zed Attack Proxy 連接地址 - web應用的滲透測試工具
Secapps 連接地址 - 集成的Web應用程序安全測試環境
w3af 連接地址 - Web應用攻擊和審計框架
Wapiti 連接地址 - Web應用漏洞掃描器
WebReaver 連接地址 - Mac OS X的Web應用漏洞掃描

網絡工具：
nmap 連接地址 - 用於網絡探測和安全審計的免費安全掃描器
tcpdump/libpcap 連接地址 - 命令行的通用數據包分析器
Wireshark 連接地址 - 網絡協議分析，Unix和Windows版本均有
Network Tools 連接地址 - 不一樣的網絡工具：ping, lookup, whois, 等
netsniff-ng 連接地址 - 瑞士軍刀網絡嗅探
Intercepter-NG 連接地址 - 一個多功能網絡工具包
SPARTA 連接地址 - 網絡基礎架構滲透測試工具包

無線網絡工具：
Aircrack-gn 連接地址 - 一系列無線網絡審計工具
Kismet 連接地址 - 無線網絡探測器、嗅探器和入侵檢測系統
Reaver 連接地址 - WiFi暴力攻擊

SSL分析工具
SSLyze連接地址 - SSL配置掃描儀
sslstrip 連接地址 - 一個HTTPS攻擊演示

十六進制編輯器
HexEdit.js 連接地址 - 基於瀏覽器的十六進制編輯器

破解工具
John the Ripper 連接地址 - 最快的密碼破解
在線MD5破解 連接地址 - 在線MD5哈希破解

Windows Utils
Sysinternals Suite 連接地址 - Sysinternals 故障診斷工具
Windows Credentials Editor 連接地址 - 列出登陸會話、添加、修改、列表、刪除相關憑據的安全工具
mimikatz 連接地址 - 針對Windows的憑證提取工具

DDoS攻擊工具
LOIC 連接地址 - 開源的Windos網絡壓力工具
JS LOIC 連接地址 - 瀏覽器的JavaScript LOIC

社工工具
SET 連接地址 - 來自TrustedSec的社工工具包

OSint工具
Maltego 連接地址 - 開源情報取證工具

匿名工具
Tor連接地址 - 免費路由在線匿名工具
I2P連接地址 - 隱形互聯網項目

逆向工具
IDA Pro連接地址 - Windows、Linux或Mac OS X反編譯調試器
IDA Free 連接地址 - 免費版本的IDA 5.0
WDK/WinDbg 連接地址 - Windows驅動程序工具包和WinDbg
OllyDbg 連接地址 - x86調試器（強調二進制代碼分析）
Radare2 連接地址 - 開源跨平臺逆向工程框架
x64_dgb 連接地址 - Windows 開源x64/x32調試器
Pyew 連接地址 - 靜態惡意軟件分析的Python工具
Bokken 連接地址 - Pyew Radare2 GUI
Immunity Debugger 連接地址 - 開發、分析惡意軟件的新工具
Evan’s Debugger 連接地址 - Linux上相似於OllyDbg的調試器

圖書

滲透測試圖書：
The Art of Exploitation by Jon Erickson, 2008
Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
Rtfm: Red Team Field Manual by Ben Clark, 2014
The Hacker Playbook by Peter Kim, 2014
The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
Professional Penetration Testing by Thomas Wilhelm, 2013
Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
Violent Python by TJ O‘Connor, 2012
Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
Black Hat Python: Python Programming for Hackers and Pentesters, 2014
Penetration Testing: Procedures & Methodologies (EC-Council Press),2010

黑客手冊系列
The Shellcoders Handbook by Chris Anley and others, 2007
The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
iOS Hackers Handbook by Charlie Miller and others, 2012
Android Hackers Handbook by Joshua J. Drake and others, 2014
The Browser Hackers Handbook by Wade Alcorn and others, 2014
The Mobile Application Hackers Handbook by Dominic Chell and others, 2015

網絡分析圖書
Nmap Network Scanning by Gordon Fyodor Lyon, 2009
Practical Packet Analysis by Chris Sanders, 2011
Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

逆向工程圖書
Reverse Engineering for Beginners by Dennis Yurichev (free!)
The IDA Pro Book by Chris Eagle, 2011
Practical Reverse Engineering by Bruce Dang and others, 2014
Reverse Engineering for Beginners

惡意軟件分析圖書
Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
The Art of Memory Forensics by Michael Hale Ligh and others, 2014
Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010

Windows圖書
Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

社會工程學圖書
The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
No Tech Hacking by Johnny Long, Jack Wiles, 2008
Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

撬鎖系列圖書
Practical Lock Picking by Deviant Ollam, 2012
Keys to the Kingdom by Deviant Ollam, 2012
CIA Lock Picking Field Operative Training Manual
Lock Picking: Detail Overkill by Solomon
Eddie the Wire books

漏洞數據庫
NVD 連接地址 - US National Vulnerability Database
CERT 連接地址 - US Computer Emergency Readiness Team
OSVDB 連接地址 - Open Sourced Vulnerability Database
Bugtraq 連接地址 - Symantec SecurityFocus
Exploit-DB 連接地址 - Offensive Security Exploit Database
Fulldisclosure 連接地址 - Full Disclosure Mailing List
MS Bulletin 連接地址 - Microsoft Security Bulletin
MS Advisory 連接地址 - Microsoft Security Advisories
Inj3ct0r 連接地址 - Inj3ct0r Exploit Database
Packet Storm 連接地址 - Packet Storm Global Security Resource
SecuriTeam 連接地址 - Securiteam Vulnerability Information
CXSecurity 連接地址 - CSSecurity Bugtraq List
Vulnerability Laboratory 連接地址 - Vulnerability Research Laboratory
ZDI 連接地址 - Zero Day Initiative

安全課程
Offensive Security Training 連接地址 - Training from BackTrack/Kali developers
SANS Security Training 連接地址 - Computer Security Training & Certification
Open Security Training 連接地址 - Training material for computer security classes
CTF Field Guide 連接地址 - everything you need to win your next CTF competition
Cybrary 連接地址 - online IT and Cyber Security training platform

信息安全課程

DEF CON - An annual hacker convention in Las Vegas
Black Hat - An annual security conference in Las Vegas
BSides - A framework for organising and holding security conferences
CCC - An annual meeting of the international hacker scene in Germany
DerbyCon - An annual hacker conference based in Louisville
PhreakNIC - A technology conference held annually in middle Tennessee
ShmooCon - An annual US east coast hacker convention
CarolinaCon - An infosec conference, held annually in North Carolina
HOPE - A conference series sponsored by the hacker magazine 2600
SummerCon - One of the oldest hacker conventions, held during Summer
Hack.lu - An annual conference held in Luxembourg
HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
Hack3rCon - An annual US hacker conference
ThotCon - An annual US hacker conference held in Chicago
LayerOne - An annual US security conerence held every spring in Los Angeles
DeepSec - Security Conference in Vienna, Austria
SkyDogCon - A technology conference in Nashville
SECUINSIDE - Security Conference in Seoul
DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania

信息安全雜誌
2600: The Hacker Quarterly - An American publication about technology and computer "underground"
Phrack Magazine - By far the longest running hacker zine

很是有用的信息列表：
SecTools 連接地址 - Top 125 Network Security Tools
C/C++ Programming 連接地址 - One of the main language for open source security tools
.NET Programming 連接地址 - A software framework for Microsoft Windows platform development
Shell Scripting 連接地址 - Command-line frameworks, toolkits, guides and gizmos
Ruby Programming by @dreikanter 連接地址 - The de-facto language for writing exploits
Ruby Programming by @markets 連接地址 - The de-facto language for writing exploits
Ruby Programming by @Sdogruyol 連接地址 - The de-facto language for writing exploits
JavaScript Programming 連接地址 - In-browser development and scripting
Node.js Programming by @sindresorhus 連接地址 - JavaScript in command-line
Node.js Programming by @vndmtrx 連接地址 - JavaScript in command-line
Python tools for penetration testers 連接地址 - Lots of pentesting tools are written in Python
Python Programming by @svaksha 連接地址 - General Python programming
Python Programming by @vinta 連接地址 - General Python programming
Android Security 連接地址 - A collection of android security related resources
Awesome Awesomness 連接地址 - The List of the Lists

 

原文：http://bar.freebuf.com/comment/9775