https://www.hackjie.com/
Web安全视频
- Online-Security-Videos – 红日Web安全攻防视频
- Online-Security-Videos – 西安鹏程网络安全攻防课程
- Online-Security-Videos – Vulhub系列视频
- Online-Security-Videos – 米斯特Web安全攻防视频
- Online-Security-Videos – SSRF漏洞利用与getshell实战
渗透测试靶场
- WebGoat – WebGoat漏洞练习环境
- Damn Vulnerable Web Application – Damn Vulnerable Web Application(漏洞练习平台)
- sqli-labs – 数据库注入练习平台
- kali-linux – kali linux安装教程
渗透测试资源
- Metasploit Unleashed – 免费的metasploit教程
- PTES – 渗透测试执行标准
- OWASP – 开放式Web应用程序安全项目
- PENTEST-WIKI – 开源安全测试方法手册
- Vulnerability Assessment Framework – 渗透测试框架
- XSS-Payloads – Xss构造语句
JavaWeb资源
- Java-Web-Videos – 【第一阶段】JavaWeb基础
- Java-Web-Videos – 【第二阶段】JavaWeb进阶
- Java-Web-Videos – 【第三阶段】Mysql&jdbc
- Java-Web-Videos – 【第四阶段】Linux
渗透测试思维导图
Web安全思维导图
- Web-Security – Web安全思维导图https://www.hackjie.com/
移动安全思维导图
- Android-Security – 移动安全思维导图
安全开发思维导图
- Security – 安全开发思维导图
CTF思维导图
- Security – CTF思维导图
业务安全思维导图
- Security – 业务安全思维导图
基于docker渗透测试平台
Web漏洞docker平台
- Docker-DSVW – DSVW渗透测试平台
- Docker-DVWA_Wooyun – DVWA_Wooyun渗透测试平台
- Docker-DVWA – DVWA渗透测试平台
- Docker-WAVSEP – WAVSEP渗透测试平台
- Docker-WebGoat – WebGoat渗透测试平台
- Docker-bWAPP – bWAPP渗透测试平台
- Docker-ActiveMQ任意文件写入漏洞(CVE-2016-3088) – ActiveMQ任意文件写入漏洞(CVE-2016-3088)
- Docker-Apache 解析漏洞复现环境 – Apache 解析漏洞复现环境
- Docker-fastjson 反序列化导致任意命令执行漏洞 – fastjson 反序列化导致任意命令执行漏洞
- Docker-ffmpeg 任意文件读取漏洞/SSRF漏洞 (CVE-2016-1897/CVE-2016-1898) – ffmpeg 任意文件读取漏洞/SSRF漏洞 (CVE-2016-1897/CVE-2016-1898)
- Docker-Flask(Jinja2) 服务端模板注入漏洞 – Flask(Jinja2) 服务端模板注入漏洞
- Docker-PHP-FPM Fastcgi 未授权访问漏洞 – PHP-FPM Fastcgi 未授权访问漏洞
- Docker-GlassFish 任意文件读取漏洞 – GlassFish 任意文件读取漏洞
- Docker-HTTPoxy漏洞(CVE-2016-5385)测试环境 – HTTPoxy漏洞(CVE-2016-5385)测试环境
- Docker-Imagetragick漏洞(CVE-2016–3714)测试环境 – Imagetragick漏洞(CVE-2016–3714)测试环境
主机漏洞docker平台
- Docker-CVE-2014-0160 – 心脏出血漏洞(CVE-2014-0160)测试环境
- Docker-GIT-SHELL 沙盒绕过(CVE-2017-8386) – GIT-SHELL 沙盒绕过(CVE-2017-8386)
- Docker-Gitlab 任意文件读取漏洞(CVE-2016-9086) – Gitlab 任意文件读取漏洞(CVE-2016-9086)
- Docker-Jenkins-CI 远程代码执行漏洞(CVE-2017-1000353) – Jenkins-CI 远程代码执行漏洞(CVE-2017-1000353)
- Docker-Nginx 解析漏洞复现 – Nginx 解析漏洞复现
基于Python语言POC&EXP收集
- ActiveMQ – ActiveMQ的PUT 上传getshellExP CVE-2016-3088
Exploit
- Shellcode Tutorial – Tutorial on how to write shellcode.
- Shellcode Examples – Shellcodes database.
- Exploit Writing Tutorials – Tutorials on how to develop exploits.
- shellsploit – New Generation Exploit Development Kit.
- Voltron – Hacky debugger UI for hackers.
社会工程学
- Social Engineering Framework – 社会工程学资料和信息
安全工具
集成渗透测试工具
- Kali – 一个Linux发行版,用来做数字取证和渗透测试。
- ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
- BlackArch – Arch GNU/Linux-based distribution for penetration testers and security researchers.
- Network Security Toolkit (NST) – 网络安全工具包发行版
- Pentoo -着眼于安全的基于Gentoo的 LiveCD
- BackBox – 基于Ubuntu的发行版,用于渗透测试及安全评估
- Parrot – Distribution similar to Kali, with multiple architecture.
- Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
- Fedora Security Lab – Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies.
- The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
渗透测试神器
- Metasploit Framework – 应用最广的渗透测试软件
- burp suite – 抓包工具,针对Web应用执行安全检测
- ExploitPack – Graphical tool for penetration testing with a bunch of exploits.
- BeEF – Command and control server for delivering exploits to commandeered Web browsers.
- faraday – Collaborative penetration test and vulnerability management platform.
- evilgrade – The update explotation framework.
- routersploit – Automated penetration testing software for router.
- redsnarf – Post-exploitation tool for grabbing credentials.
- Bella – Pure Python post-exploitation data mining & remote administration tool for Mac OS.
- Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
基于docker渗透测试工具
docker pull kalilinux/kali-linux-docker
official Kali Linuxdocker pull owasp/zap2docker-stable
– official OWASP ZAPdocker pull wpscanteam/wpscan
– official WPScandocker pull citizenstig/dvwa
– Damn Vulnerable Web Application (DVWA)docker pull wpscanteam/vulnerablewordpress
– Vulnerable WordPress Installationdocker pull hmlio/vaas-cve-2014-6271
– Vulnerability as a service: Shellshockdocker pull hmlio/vaas-cve-2014-0160
– Vulnerability as a service: Heartbleeddocker pull opendns/security-ninjas
– Security Ninjasdocker pull diogomonica/docker-bench-security
– Docker Bench for Securitydocker pull ismisepaul/securityshepherd
– OWASP Security Shepherddocker pull danmx/docker-owasp-webgoat
– OWASP WebGoat Project docker imagedocker-compose build && docker-compose up
– OWASP NodeGoatdocker pull citizenstig/nowasp
– OWASP Mutillidae II Web Pen-Test Practice Applicationdocker pull bkimminich/juice-shop
– OWASP Juice Shopdocker pull kalilinux/kali-linux-docker
– Kali Linux Docker Imagedocker pull remnux/metasploit
– docker-metasploit
漏洞扫描神器
- Nexpose – 漏洞管理&风险控制软件
- Nessus – 漏洞,配置,和合规检测
- OpenVAS – 开源漏洞扫描器
- Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
代码审计
- Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
- FindBugs – Free software static analyzer to look for bugs in Java code.
- sobelow – Security-focused static analysis for the Phoenix Framework.
Web安全扫描工具
- Nikto – Web服务器和Web应用程序漏洞扫描程序
- Arachni – Scriptable framework for evaluating the security of web applications.
- w3af – Web应用程序攻击和审计框架
- Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
- SecApps – In-browser web application security testing suite.
- WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
- WPScan – 黑盒wordpress扫描工具
- cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
- joomscan – Joomla vulnerability scanner.
网络安全扫描工具
- zmap – 开源网络端口扫描器
- nmap – 免费的安全扫描器,用于网络勘测和安全审计
- pig – GNU/Linux packet crafting tool.
- scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
- tcpdump/libpcap – Common packet analyzer that runs under the command line.
- Wireshark – 一个Unix和Windows系统的传输协议分析工具
- Network Tools – Different network tools: ping, lookup, whois, etc.
- netsniff-ng – Swiss army knife for for network sniffing.
- Intercepter-NG – Multifunctional network toolkit.
- SPARTA – Network infrastructure penetration testing tool.
- dnschef – Highly configurable DNS proxy for pentesters.
- DNSDumpster – Online DNS recon and search service.
- CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
- dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
- dnsmap – Passive DNS network mapper.
- dnsrecon – DNS enumeration script.
- dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
- passivedns-client – Library and query tool for querying several passive DNS providers.
- passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
- Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- Zarp – Network attack tool centered around the exploitation of local networks.
- mitmproxy – Interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers.
- Morpheus – Automated ettercap TCP/IP Hijacking tool.
- mallory – HTTP/HTTPS proxy over SSH.
- SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
- Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
- DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
- pwnat – Punches holes in firewalls and NATs.
- dsniff – Collection of tools for network auditing and pentesting.
- tgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
- smbmap – Handy SMB enumeration tool.
- scapy – Python-based interactive packet manipulation program & library.
- Dshell – Network forensic analysis framework.
- Debookee (macOS) – Intercept traffic from any device on your network.
- Dripcap – Caffeinated packet analyzer.
- PRET – Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing.
- Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
无线网络扫描工具
- Aircrack-ng – Set of tools for auditing wireless networks.
- Kismet – Wireless network detector, sniffer, and IDS.
- Reaver – Brute force attack against WiFi Protected Setup.
- Wifite – Automated wireless attack tool.
SSL扫描分析工具
- SSLyze – SSL configuration scanner.
- sslstrip – Demonstration of the HTTPS stripping attacks.
- sslstrip2 – SSLStrip version to defeat HSTS.
- tls_prober – Fingerprint a server’s SSL/TLS implementation.
Web exploitation
- OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
- Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
- Burp Suite – Integrated platform for performing security testing of web applications.
- autochrome – Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup.
- WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
- WPSploit – Exploit WordPress-powered websites with Metasploit.
- SQLmap – Automatic SQL injection and database takeover tool.
- tplmap – Automatic server-side template injection and Web server takeover tool.
- weevely3 – Weaponized web shell.
- Wappalyzer – Wappalyzer uncovers the technologies used on websites.
- WhatWeb – Website fingerprinter.
- BlindElephant – Web application fingerprinter.
- wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
- fimap – Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
- Kadabra – Automatic LFI exploiter and scanner.
- Kadimus – LFI scan and exploit tool.
- liffy – LFI exploitation tool.
- Commix – Automated all-in-one operating system command injection and exploitation tool.
- DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
- GitTools – Automatically find and download Web-accessible
.git
repositories.
Hex Editors
- HexEdit.js – Browser-based hex editing.
- Hexinator – World’s finest (proprietary, commercial) Hex Editor.
- Frhed – Binary file editor for Windows.
文件转换分析工具
- Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- Veles – Binary data visualization and analysis tool.
- Hachoir – Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.
Hash破解工具
- John the Ripper – Fast password cracker.
- Hashcat – The more fast hash cracker.
- CeWL – Generates custom wordlists by spidering a target’s website and collecting unique words.
DDoS工具
- LOIC – Open source network stress tool for Windows.
- JS LOIC – JavaScript in-browser version of LOIC.
- SlowLoris – DoS tool that uses low bandwidth on the attacking side.
- HOIC – Updated version of Low Orbit Ion Cannon, has ‘boosters’ to get around common counter measures.
- T50 – Faster network stress tool.
- UFONet – Abuses OSI layer 7 HTTP to create/manage ‘zombies’ and to conduct different attacks using;
GET
/POST
, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
社会工程学工具
- Social Engineer Toolkit (SET) – Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
- King Phisher – Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- Evilginx – MITM attack framework used for phishing credentials and session cookies from any Web service.
- wifiphisher – Automated phishing attacks against WiFi networks.
- Catphish – Tool for phishing and corporate espionage written in Ruby.
逆向分析工具
- IDA Pro – Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger.
- IDA Free – The freeware version of IDA v5.0.
- WDK/WinDbg – Windows Driver Kit and WinDbg.
- OllyDbg – x86 debugger for Windows binaries that emphasizes binary code analysis.
- Radare2 – Open source, crossplatform reverse engineering framework.
- x64dbg – Open source x64/x32 debugger for windows.
- Immunity Debugger – Powerful way to write exploits and analyze malware.
- Evan’s Debugger – OllyDbg-like debugger for GNU/Linux.
- Medusa disassembler – Open source interactive disassembler.
- plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
- peda – Python Exploit Development Assistance for GDB.
- dnSpy – Tool to reverse engineer .NET assemblies.
CTF工具
- ctf-tools – Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
- Pwntools – Rapid exploit development framework built for use in CTFs.
- RsaCtfTool – Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
在线漏洞推荐列表
- Common Vulnerabilities and Exposures (CVE) – Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
- National Vulnerability Database (NVD) – United States government’s National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
- US-CERT Vulnerability Notes Database – Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
- Full-Disclosure – Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
- Bugtraq (BID) – Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
- Exploit-DB – Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
- Microsoft Security Bulletins – Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
- Microsoft Security Advisories – Archive of security advisories impacting Microsoft software.
- Mozilla Foundation Security Advisories – Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
- Packet Storm – Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
- CXSecurity – Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
- SecuriTeam – Independent source of software vulnerability information.
- Vulnerability Lab – Open forum for security advisories organized by category of exploit target.
- Zero Day Initiative – Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
- Vulners – Security database of software vulnerabilities.
- Inj3ct0r (Onion service) – Exploit marketplace and vulnerability information aggregator.
- Open Source Vulnerability Database (OSVDB) – Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. Continued by Risk Based Security as a commercial VDB.
安全课程
- Offensive Security Training – Training from BackTrack/Kali developers.
- SANS Security Training – Computer Security Training & Certification.
- Open Security Training – Training material for computer security classes.
- CTF Field Guide – Everything you need to win your next CTF competition.
- ARIZONA CYBER WARFARE RANGE – 24×7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare.
- Cybrary – Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book ‘Penetration Testing for Highly Secured Enviroments’.
- Computer Security Student – Many free tutorials, great for beginners, $10/mo membership unlocks all content.
- European Union Agency for Network and Information Security – ENISA Cyber Security Training material.
信息安全会议
- DEF CON – Annual hacker convention in Las Vegas.
- Black Hat – Annual security conference in Las Vegas.
- BSides – Framework for organising and holding security conferences.
- CCC – Annual meeting of the international hacker scene in Germany.
- DerbyCon – Annual hacker conference based in Louisville.
- PhreakNIC – Technology conference held annually in middle Tennessee.
- ShmooCon – Annual US East coast hacker convention.
- CarolinaCon – Infosec conference, held annually in North Carolina.
- CHCon – Christchurch Hacker Con, Only South Island of New Zealand hacker con.
- SummerCon – One of the oldest hacker conventions, held during Summer.
- Hack.lu – Annual conference held in Luxembourg.
- Hackfest – Largest hacking conference in Canada.
- HITB – Deep-knowledge security conference held in Malaysia and The Netherlands.
- Troopers – Annual international IT Security event with workshops held in Heidelberg, Germany.
- Hack3rCon – Annual US hacker conference.
- ThotCon – Annual US hacker conference held in Chicago.
- LayerOne – Annual US security conference held every spring in Los Angeles.
- DeepSec – Security Conference in Vienna, Austria.
- SkyDogCon – Technology conference in Nashville.
- SECUINSIDE – Security Conference in Seoul.
- DefCamp – Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania.
- AppSecUSA – Annual conference organised by OWASP.
- BruCON – Annual security conference in Belgium.
- Infosecurity Europe – Europe’s number one information security event, held in London, UK.
- Nullcon – Annual conference in Delhi and Goa, India.
- RSA Conference USA – Annual security conference in San Francisco, California, USA.
- Swiss Cyber Storm – Annual security conference in Lucerne, Switzerland.
- Virus Bulletin Conference – Annual conference going to be held in Denver, USA for 2016.
- Ekoparty – Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina.
- 44Con – Annual Security Conference held in London.
- BalCCon – Balkan Computer Congress, annualy held in Novi Sad, Serbia.
- FSec – FSec – Croatian Information Security Gathering in Varaždin, Croatia.
信息安全杂志
- 2600: The Hacker Quarterly – American publication about technology and computer “underground.”
- Phrack Magazine – By far the longest running hacker zine.