1021.安全資源共享

Web安全視頻

• Online-Security-Videos – 紅日Web安全攻防視頻
• Online-Security-Videos – 西安鵬程網絡安全攻防課程
• Online-Security-Videos – Vulhub系列視頻
• Online-Security-Videos – 米斯特Web安全攻防視頻
• Online-Security-Videos – SSRF漏洞利用與getshell實戰

滲透測試靶場

• WebGoat – WebGoat漏洞練習環境
• Damn Vulnerable Web Application – Damn Vulnerable Web Application(漏洞練習平臺)
• sqli-labs – 數據庫注入練習平臺
• kali-linux – kali linux安裝教程

滲透測試資源

• Metasploit Unleashed – 免費的metasploit教程
• PTES – 滲透測試執行標準
• OWASP – 開放式Web應用程序安全項目
• PENTEST-WIKI – 開源安全測試方法手冊
• Vulnerability Assessment Framework – 滲透測試框架
• XSS-Payloads – Xss構造語句

JavaWeb資源

• Java-Web-Videos – 【第一階段】JavaWeb基礎
• Java-Web-Videos – 【第二階段】JavaWeb進階
• Java-Web-Videos – 【第三階段】Mysql&jdbc
• Java-Web-Videos – 【第四階段】Linux

滲透測試思惟導圖

Web安全思惟導圖

• Web-Security – Web安全思惟導圖

移動安全思惟導圖

• Android-Security – 移動安全思惟導圖

安全開發思惟導圖

• Security – 安全開發思惟導圖

CTF思惟導圖

• Security – CTF思惟導圖

業務安全思惟導圖

• Security – 業務安全思惟導圖

基於docker滲透測試平臺

Web漏洞docker平臺

• Docker-DSVW – DSVW滲透測試平臺
• Docker-DVWA_Wooyun – DVWA_Wooyun滲透測試平臺
• Docker-DVWA – DVWA滲透測試平臺
• Docker-WAVSEP – WAVSEP滲透測試平臺
• Docker-WebGoat – WebGoat滲透測試平臺
• Docker-bWAPP – bWAPP滲透測試平臺
• Docker-ActiveMQ任意文件寫入漏洞（CVE-2016-3088） – ActiveMQ任意文件寫入漏洞（CVE-2016-3088）
• Docker-Apache 解析漏洞復現環境 – Apache 解析漏洞復現環境
• Docker-fastjson 反序列化致使任意命令執行漏洞 – fastjson 反序列化致使任意命令執行漏洞
• Docker-ffmpeg 任意文件讀取漏洞/SSRF漏洞 （CVE-2016-1897/CVE-2016-1898） – ffmpeg 任意文件讀取漏洞/SSRF漏洞 （CVE-2016-1897/CVE-2016-1898）
• Docker-Flask（Jinja2） 服務端模板注入漏洞 – Flask（Jinja2） 服務端模板注入漏洞
• Docker-PHP-FPM Fastcgi 未受權訪問漏洞 – PHP-FPM Fastcgi 未受權訪問漏洞
• Docker-GlassFish 任意文件讀取漏洞 – GlassFish 任意文件讀取漏洞
• Docker-HTTPoxy漏洞（CVE-2016-5385）測試環境 – HTTPoxy漏洞（CVE-2016-5385）測試環境
• Docker-Imagetragick漏洞（CVE-2016–3714）測試環境 – Imagetragick漏洞（CVE-2016–3714）測試環境

主機漏洞docker平臺

• Docker-CVE-2014-0160 – 心臟出血漏洞（CVE-2014-0160）測試環境
• Docker-GIT-SHELL 沙盒繞過（CVE-2017-8386） – GIT-SHELL 沙盒繞過（CVE-2017-8386）
• Docker-Gitlab 任意文件讀取漏洞（CVE-2016-9086） – Gitlab 任意文件讀取漏洞（CVE-2016-9086）
• Docker-Jenkins-CI 遠程代碼執行漏洞（CVE-2017-1000353） – Jenkins-CI 遠程代碼執行漏洞（CVE-2017-1000353）
• Docker-Nginx 解析漏洞復現 – Nginx 解析漏洞復現

基於Python語言POC&EXP收集

• ActiveMQ – ActiveMQ的PUT 上傳getshellExP CVE-2016-3088

Exploit

• Shellcode Tutorial – Tutorial on how to write shellcode.
• Shellcode Examples – Shellcodes database.
• Exploit Writing Tutorials – Tutorials on how to develop exploits.
• shellsploit – New Generation Exploit Development Kit.
• Voltron – Hacky debugger UI for hackers.

社會工程學

• Social Engineering Framework – 社會工程學資料和信息

安全工具

集成滲透測試工具

• Kali – 一個Linux發行版，用來作數字取證和滲透測試。
• ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
• BlackArch – Arch GNU/Linux-based distribution for penetration testers and security researchers.
• Network Security Toolkit (NST) – 網絡安全工具包發行版
• Pentoo -着眼於安全的基於Gentoo的 LiveCD
• BackBox – 基於Ubuntu的發行版，用於滲透測試及安全評估
• Parrot – Distribution similar to Kali, with multiple architecture.
• Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
• Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
• The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.

滲透測試神器

• Metasploit Framework – 應用最廣的滲透測試軟件
• burp suite – 抓包工具，針對Web應用執行安全檢測
• ExploitPack – Graphical tool for penetration testing with a bunch of exploits.
• BeEF – Command and control server for delivering exploits to commandeered Web browsers.
• faraday – Collaborative penetration test and vulnerability management platform.
• evilgrade – The update explotation framework.
• routersploit – Automated penetration testing software for router.
• redsnarf – Post-exploitation tool for grabbing credentials.
• Bella – Pure Python post-exploitation data mining & remote administration tool for Mac OS.
• Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.

基於docker滲透測試工具

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable – official OWASP ZAP
• docker pull wpscanteam/wpscan – official WPScan
• docker pull citizenstig/dvwa – Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress – Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 – Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 – Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas – Security Ninjas
• docker pull diogomonica/docker-bench-security – Docker Bench for Security
• docker pull ismisepaul/securityshepherd – OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat – OWASP WebGoat Project docker image
• docker-compose build && docker-compose up – OWASP NodeGoat
• docker pull citizenstig/nowasp – OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop – OWASP Juice Shop
• docker pull kalilinux/kali-linux-docker – Kali Linux Docker Image
• docker pull remnux/metasploit – docker-metasploit

漏洞掃描神器

• Nexpose – 漏洞管理&風險控制軟件
• Nessus – 漏洞，配置，和合規檢測
• OpenVAS – 開源漏洞掃描器
• Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.

代碼審計

• Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
• cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
• FindBugs – Free software static analyzer to look for bugs in Java code.
• sobelow – Security-focused static analysis for the Phoenix Framework.

Web安全掃描工具

• Nikto – Web服務器和Web應用程序漏洞掃描程序
• Arachni – Scriptable framework for evaluating the security of web applications.
• w3af – Web應用程序攻擊和審計框架
• Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
• SecApps – In-browser web application security testing suite.
• WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
• WPScan – 黑盒wordpress掃描工具
• cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
• joomscan – Joomla vulnerability scanner.

網絡安全掃描工具

• zmap – 開源網絡端口掃描器
• nmap – 免費的安全掃描器，用於網絡勘測和安全審計
• pig – GNU/Linux packet crafting tool.
• scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
• tcpdump/libpcap – Common packet analyzer that runs under the command line.
• Wireshark – 一個Unix和Windows系統的傳輸協議分析工具
• Network Tools – Different network tools: ping, lookup, whois, etc.
• netsniff-ng – Swiss army knife for for network sniffing.
• Intercepter-NG – Multifunctional network toolkit.
• SPARTA – Network infrastructure penetration testing tool.
• dnschef – Highly configurable DNS proxy for pentesters.
• DNSDumpster – Online DNS recon and search service.
• CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
• dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
• dnsmap – Passive DNS network mapper.
• dnsrecon – DNS enumeration script.
• dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
• passivedns-client – Library and query tool for querying several passive DNS providers.
• passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
• Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Zarp – Network attack tool centered around the exploitation of local networks.
• mitmproxy – Interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers.
• Morpheus – Automated ettercap TCP/IP Hijacking tool.
• mallory – HTTP/HTTPS proxy over SSH.
• SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
• Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
• DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
• pwnat – Punches holes in firewalls and NATs.
• dsniff – Collection of tools for network auditing and pentesting.
• tgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
• smbmap – Handy SMB enumeration tool.
• scapy – Python-based interactive packet manipulation program & library.
• Dshell – Network forensic analysis framework.
• Debookee (macOS) – Intercept traffic from any device on your network.
• Dripcap – Caffeinated packet analyzer.
• PRET – Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing.
• Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.

無線網絡掃描工具

• Aircrack-ng – Set of tools for auditing wireless networks.
• Kismet – Wireless network detector, sniffer, and IDS.
• Reaver – Brute force attack against WiFi Protected Setup.
• Wifite – Automated wireless attack tool.

SSL掃描分析工具

• SSLyze – SSL configuration scanner.
• sslstrip – Demonstration of the HTTPS stripping attacks.
• sslstrip2 – SSLStrip version to defeat HSTS.
• tls_prober – Fingerprint a server’s SSL/TLS implementation.

Web exploitation

• OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
• Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
• Burp Suite – Integrated platform for performing security testing of web applications.
• autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
• WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
• WPSploit – Exploit WordPress-powered websites with Metasploit.
• SQLmap – Automatic SQL injection and database takeover tool.
• tplmap – Automatic server-side template injection and Web server takeover tool.
• weevely3 – Weaponized web shell.
• Wappalyzer – Wappalyzer uncovers the technologies used on websites.
• WhatWeb – Website fingerprinter.
• BlindElephant – Web application fingerprinter.
• wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
• fimap – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
• Kadabra – Automatic LFI exploiter and scanner.
• Kadimus – LFI scan and exploit tool.
• liffy – LFI exploitation tool.
• Commix – Automated all-in-one operating system command injection and exploitation tool.
• DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
• GitTools – Automatically find and download Web-accessible .git repositories.

Hex Editors

• HexEdit.js – Browser-based hex editing.
• Hexinator – World’s finest (proprietary, commercial) Hex Editor.
• Frhed – Binary file editor for Windows.

文件轉換分析工具

• Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
• Veles – Binary data visualization and analysis tool.
• Hachoir – Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Hash破解工具

• John the Ripper – Fast password cracker.
• Hashcat – The more fast hash cracker.
• CeWL – Generates custom wordlists by spidering a target’s website and collecting unique words.

DDoS工具

• LOIC – Open source network stress tool for Windows.
• JS LOIC – JavaScript in-browser version of LOIC.
• SlowLoris – DoS tool that uses low bandwidth on the attacking side.
• HOIC – Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
• T50 – Faster network stress tool.
• UFONet – Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

社會工程學工具

• Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
• King Phisher – Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
• Evilginx – MITM attack framework used for phishing credentials and session cookies from any Web service.
• wifiphisher – Automated phishing attacks against WiFi networks.
• Catphish – Tool for phishing and corporate espionage written in Ruby.

逆向分析工具

• IDA Pro – Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger.
• IDA Free – The freeware version of IDA v5.0.
• WDK/WinDbg – Windows Driver Kit and WinDbg.
• OllyDbg – x86 debugger for Windows binaries that emphasizes binary code analysis.
• Radare2 – Open source, crossplatform reverse engineering framework.
• x64dbg – Open source x64/x32 debugger for windows.
• Immunity Debugger – Powerful way to write exploits and analyze malware.
• Evan’s Debugger – OllyDbg-like debugger for GNU/Linux.
• Medusa disassembler – Open source interactive disassembler.
• plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
• peda – Python Exploit Development Assistance for GDB.
• dnSpy – Tool to reverse engineer .NET assemblies.

CTF工具

• ctf-tools – Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
• Pwntools – Rapid exploit development framework built for use in CTFs.
• RsaCtfTool – Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

在線漏洞推薦列表

• Common Vulnerabilities and Exposures (CVE) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
• National Vulnerability Database (NVD) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
• US-CERT Vulnerability Notes Database – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
• Full-Disclosure – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
• Bugtraq (BID) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
• Exploit-DB – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
• Microsoft Security Bulletins – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
• Microsoft Security Advisories – Archive of security advisories impacting Microsoft software.
• Mozilla Foundation Security Advisories – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
• Packet Storm – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
• CXSecurity – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
• SecuriTeam – Independent source of software vulnerability information.
• Vulnerability Lab – Open forum for security advisories organized by category of exploit target.
• Zero Day Initiative – Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
• Vulners – Security database of software vulnerabilities.
• Inj3ct0r (Onion service) – Exploit marketplace and vulnerability information aggregator.
• Open Source Vulnerability Database (OSVDB) – Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. Continued by Risk Based Security as a commercial VDB.

安全課程

• Offensive Security Training – Training from BackTrack/Kali developers.
• SANS Security Training – Computer Security Training & Certification.
• Open Security Training – Training material for computer security classes.
• CTF Field Guide – Everything you need to win your next CTF competition.
• ARIZONA CYBER WARFARE RANGE – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
• Cybrary – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly Secured Enviroments’.
• Computer Security Student – Many free tutorials, great for beginners, $10/mo membership unlocks all content.
• European Union Agency for Network and Information Security – ENISA Cyber Security Training material.

信息安全會議

• DEF CON – Annual hacker convention in Las Vegas.
• Black Hat – Annual security conference in Las Vegas.
• BSides – Framework for organising and holding security conferences.
• CCC – Annual meeting of the international hacker scene in Germany.
• DerbyCon – Annual hacker conference based in Louisville.
• PhreakNIC – Technology conference held annually in middle Tennessee.
• ShmooCon – Annual US East coast hacker convention.
• CarolinaCon – Infosec conference, held annually in North Carolina.
• CHCon – Christchurch Hacker Con, Only South Island of New Zealand hacker con.
• SummerCon – One of the oldest hacker conventions, held during Summer.
• Hack.lu – Annual conference held in Luxembourg.
• Hackfest – Largest hacking conference in Canada.
• HITB – Deep-knowledge security conference held in Malaysia and The Netherlands.
• Troopers – Annual international IT Security event with workshops held in Heidelberg, Germany.
• Hack3rCon – Annual US hacker conference.
• ThotCon – Annual US hacker conference held in Chicago.
• LayerOne – Annual US security conference held every spring in Los Angeles.
• DeepSec – Security Conference in Vienna, Austria.
• SkyDogCon – Technology conference in Nashville.
• SECUINSIDE – Security Conference in Seoul.
• DefCamp – Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania.
• AppSecUSA – Annual conference organised by OWASP.
• BruCON – Annual security conference in Belgium.
• Infosecurity Europe – Europe’s number one information security event, held in London, UK.
• Nullcon – Annual conference in Delhi and Goa, India.
• RSA Conference USA – Annual security conference in San Francisco, California, USA.
• Swiss Cyber Storm – Annual security conference in Lucerne, Switzerland.
• Virus Bulletin Conference – Annual conference going to be held in Denver, USA for 2016.
• Ekoparty – Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
• 44Con – Annual Security Conference held in London.
• BalCCon – Balkan Computer Congress, annualy held in Novi Sad, Serbia.
• FSec – FSec – Croatian Information Security Gathering in Varaždin, Croatia.

信息安全雜誌

• 2600: The Hacker Quarterly – American publication about technology and computer 「underground.」
• Phrack Magazine – By far the longest running hacker zine.