在线资源 渗透测试靶场 渗透测试资源 渗透测试思维导图 Web安全思维导图 移动安全思维导图 安全开发思维导图 CTF思维导图 业务安全思维导图 基于docker渗透测试平台 Web漏洞docker平台 主机漏洞docker平台 基于Python语言POC&EXP收集 ActiveMQ - ActiveMQ的PUT 上传getshellExP CVE-2016-3088 Exploit 社会工程学 安全工具 集成渗透测试工具 Kali - 一个Linux发行版，用来做数字取证和渗透测试。 ArchStrike - Arch GNU/Linux repository for security professionals and enthusiasts. BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers. Network Security Toolkit (NST) - 网络安全工具包发行版 Pentoo -着眼于安全的基于Gentoo的 LiveCD BackBox - 基于Ubuntu的发行版，用于渗透测试及安全评估 Parrot - Distribution similar to Kali, with multiple architecture. Buscador - GNU/Linux virtual machine that is pre-configured for online investigators. Fedora Security Lab - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains. 渗透测试神器 Metasploit Framework - 应用最广的渗透测试软件 burp suite - 抓包工具，针对Web应用执行安全检测 ExploitPack - Graphical tool for penetration testing with a bunch of exploits. BeEF - Command and control server for delivering exploits to commandeered Web browsers. faraday - Collaborative penetration test and vulnerability management platform. evilgrade - The update explotation framework. routersploit - Automated penetration testing software for router. redsnarf - Post-exploitation tool for grabbing credentials. Bella - Pure Python post-exploitation data mining & remote administration tool for Mac OS. Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide. 基于docker渗透测试工具 漏洞扫描神器 Nexpose - 漏洞管理&风险控制软件 Nessus - 漏洞，配置，和合规检测 OpenVAS - 开源漏洞扫描器 Vuls - Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go. 代码审计 Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications. cppcheck - Extensible C/C++ static analyzer focused on finding bugs. FindBugs - Free software static analyzer to look for bugs in Java code. sobelow - Security-focused static analysis for the Phoenix Framework. Web安全扫描工具 Nikto - Web服务器和Web应用程序漏洞扫描程序 Arachni - Scriptable framework for evaluating the security of web applications. w3af - Web应用程序攻击和审计框架 Wapiti - Black box web application vulnerability scanner with built-in fuzzer. SecApps - In-browser web application security testing suite. WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS. WPScan - 黑盒wordpress扫描工具 cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running. joomscan - Joomla vulnerability scanner. 网络安全扫描工具 zmap - 开源网络端口扫描器 nmap - 免费的安全扫描器，用于网络勘测和安全审计 pig - GNU/Linux packet crafting tool. scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP. tcpdump/libpcap - Common packet analyzer that runs under the command line. Wireshark - 一个Unix和Windows系统的传输协议分析工具 Network Tools - Different network tools: ping, lookup, whois, etc. netsniff-ng - Swiss army knife for for network sniffing. Intercepter-NG - Multifunctional network toolkit. SPARTA - Network infrastructure penetration testing tool. dnschef - Highly configurable DNS proxy for pentesters. DNSDumpster - Online DNS recon and search service. CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS. dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. dnsmap - Passive DNS network mapper. dnsrecon - DNS enumeration script. dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers. passivedns-client - Library and query tool for querying several passive DNS providers. passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup. Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. Zarp - Network attack tool centered around the exploitation of local networks. mitmproxy - Interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers. Morpheus - Automated ettercap TCP/IP Hijacking tool. mallory - HTTP/HTTPS proxy over SSH. SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk. Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols. DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time. pwnat - Punches holes in firewalls and NATs. dsniff - Collection of tools for network auditing and pentesting. tgcd - Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. smbmap - Handy SMB enumeration tool. scapy - Python-based interactive packet manipulation program & library. Dshell - Network forensic analysis framework. Debookee (macOS) - Intercept traffic from any device on your network. Dripcap - Caffeinated packet analyzer. PRET - Printer Exploitation Toolkit offers commands useful for printer attacks and fuzzing. Praeda - Automated multi-function printer data harvester for gathering usable data during security assessments. 无线网络扫描工具 Aircrack-ng - Set of tools for auditing wireless networks. Kismet - Wireless network detector, sniffer, and IDS. Reaver - Brute force attack against WiFi Protected Setup. Wifite - Automated wireless attack tool. SSL扫描分析工具 SSLyze - SSL configuration scanner. sslstrip - Demonstration of the HTTPS stripping attacks. sslstrip2 - SSLStrip version to defeat HSTS. tls_prober - Fingerprint a server's SSL/TLS implementation. Web exploitation OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications. Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools. Burp Suite - Integrated platform for performing security testing of web applications. autochrome - Easy to install a test browser with all the appropriate setting needed for web application testing with native Burp support, from NCCGroup. Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. WPSploit - Exploit WordPress-powered websites with Metasploit. SQLmap - Automatic SQL injection and database takeover tool. tplmap - Automatic server-side template injection and Web server takeover tool. weevely3 - Weaponized web shell. Wappalyzer - Wappalyzer uncovers the technologies used on websites. WhatWeb - Website fingerprinter. BlindElephant - Web application fingerprinter. wafw00f - Identifies and fingerprints Web Application Firewall (WAF) products. fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs. Kadabra - Automatic LFI exploiter and scanner. Kadimus - LFI scan and exploit tool. liffy - LFI exploitation tool. Commix - Automated all-in-one operating system command injection and exploitation tool. DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR. GitTools - Automatically find and download Web-accessible
POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
社会工程学工具 Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service. wifiphisher - Automated phishing attacks against WiFi networks. Catphish - Tool for phishing and corporate espionage written in Ruby. 逆向分析工具 IDA Pro - Windows, GNU/Linux or macOS hosted multi-processor disassembler and debugger. IDA Free - The freeware version of IDA v5.0. WDK/WinDbg - Windows Driver Kit and WinDbg. OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis. Radare2 - Open source, crossplatform reverse engineering framework. x64dbg - Open source x64/x32 debugger for windows. Immunity Debugger - Powerful way to write exploits and analyze malware. Evan's Debugger - OllyDbg-like debugger for GNU/Linux. Medusa disassembler - Open source interactive disassembler. plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. peda - Python Exploit Development Assistance for GDB. dnSpy - Tool to reverse engineer .NET assemblies. CTF工具 ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. Pwntools - Rapid exploit development framework built for use in CTFs. RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks. 在线漏洞推荐列表 Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities. National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine. US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT). Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources. Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc. Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security. Microsoft Security Bulletins - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC). Microsoft Security Advisories - Archive of security advisories impacting Microsoft software. Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability. SecuriTeam - Independent source of software vulnerability information. Vulnerability Lab - Open forum for security advisories organized by category of exploit target. Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. Vulners - Security database of software vulnerabilities. Inj3ct0r ( Onion service) - Exploit marketplace and vulnerability information aggregator. Open Source Vulnerability Database (OSVDB) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. Continued by Risk Based Security as a commercial VDB. 安全课程 信息安全会议 DEF CON - Annual hacker convention in Las Vegas. Black Hat - Annual security conference in Las Vegas. BSides - Framework for organising and holding security conferences. CCC - Annual meeting of the international hacker scene in Germany. DerbyCon - Annual hacker conference based in Louisville. PhreakNIC - Technology conference held annually in middle Tennessee. ShmooCon - Annual US East coast hacker convention. CarolinaCon - Infosec conference, held annually in North Carolina. CHCon - Christchurch Hacker Con, Only South Island of New Zealand hacker con. SummerCon - One of the oldest hacker conventions, held during Summer. Hack.lu - Annual conference held in Luxembourg. Hackfest - Largest hacking conference in Canada. HITB - Deep-knowledge security conference held in Malaysia and The Netherlands. Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany. Hack3rCon - Annual US hacker conference. ThotCon - Annual US hacker conference held in Chicago. LayerOne - Annual US security conference held every spring in Los Angeles. DeepSec - Security Conference in Vienna, Austria. SkyDogCon - Technology conference in Nashville. SECUINSIDE - Security Conference in Seoul. DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania. AppSecUSA - Annual conference organised by OWASP. BruCON - Annual security conference in Belgium. Infosecurity Europe - Europe's number one information security event, held in London, UK. Nullcon - Annual conference in Delhi and Goa, India. RSA Conference USA - Annual security conference in San Francisco, California, USA. Swiss Cyber Storm - Annual security conference in Lucerne, Switzerland. Virus Bulletin Conference - Annual conference going to be held in Denver, USA for 2016. Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina. 44Con - Annual Security Conference held in London. BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia. FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia. 信息安全杂志