干货大放送!Github最全渗透测试资源!
在线资源:
渗透测试资源:
Metasploit Unleashed 链接地址 - 免费攻防安全metasploita课程
PTES 链接地址 - 渗透测试执行标准
OWASP 链接地址 - 开源Web应用安全项目
Shellcode开发:
Shellcode Tutorials 链接地址 - 如何写shellcode的指导
Shellcode Examples 链接地址 - Shellcode数据库
社会工程学资源:
社工库框架 链接地址 - 社工所需信息资源
"撬锁"(Lock Picking)资源:
Schuyler Towne channel 链接地址 - 撬锁视频和安全演讲
/r/lockpicking 链接地址 - 学习撬锁的资源和设备推荐
渗透工具:
渗透测试分布工具:
Kali 链接地址 - 一个专门的数字取证和渗透测试的Linux版本
BlackArch 链接地址 - 渗透测试员和研究人员的Arch Linux分布
NST 链接地址 - 网络安全工具包
Pentoo 链接地址 - 基于Gentoo
BackBox 链接地址 - 基于Ubuntu的渗透测试和安全评估
基本渗透测试工具:
Metasploit Framework 链接地址 - 全球最常用的渗透测试工具
Burp Suite 链接地址 - 执行Web安全测试的集成平台
ExploitPack 链接地址 - 用户渗透测试的图形工具
漏洞扫描器:
Netsparker 链接地址 - Web应用程序安全扫描
Nexpose 链接地址 - 漏洞管理和风险管理软件
Nessus 链接地址 - 漏洞、配置和评估
Nikto 链接地址 - Web应用漏洞扫描器
OpenVAS 链接地址 - 开源漏洞扫描和管理工具
OWASP Zed Attack Proxy 链接地址 - web应用的渗透测试工具
Secapps 链接地址 - 集成的Web应用程序安全测试环境
w3af 链接地址 - Web应用攻击和审计框架
Wapiti 链接地址 - Web应用漏洞扫描器
WebReaver 链接地址 - Mac OS X的Web应用漏洞扫描
网络工具:
nmap 链接地址 - 用于网络探测和安全审计的免费安全扫描器
tcpdump/libpcap 链接地址 - 命令行的通用数据包分析器
Wireshark 链接地址 - 网络协议分析,Unix和Windows版本均有
Network Tools 链接地址 - 不同的网络工具:ping, lookup, whois, 等
netsniff-ng 链接地址 - 瑞士军刀网络嗅探
Intercepter-NG 链接地址 - 一个多功能网络工具包
SPARTA 链接地址 - 网络基础架构渗透测试工具包
无线网络工具:
Aircrack-gn 链接地址 - 一系列无线网络审计工具
Kismet 链接地址 - 无线网络探测器、嗅探器和入侵检测系统
Reaver 链接地址 - WiFi暴力攻击
SSL分析工具
SSLyze链接地址 - SSL配置扫描仪
sslstrip 链接地址 - 一个HTTPS攻击演示
十六进制编辑器
HexEdit.js 链接地址 - 基于浏览器的十六进制编辑器
破解工具
John the Ripper 链接地址 - 最快的密码破解
在线MD5破解 链接地址 - 在线MD5哈希破解
Windows Utils
Sysinternals Suite 链接地址 - Sysinternals 故障诊断工具
Windows Credentials Editor 链接地址 - 列出登录会话、添加、修改、列表、删除相关凭据的安全工具
mimikatz 链接地址 - 针对Windows的凭证提取工具
DDoS攻击工具
LOIC 链接地址 - 开源的Windos网络压力工具
JS LOIC 链接地址 - 浏览器的JavaScript LOIC
社工工具
SET 链接地址 - 来自TrustedSec的社工工具包
OSint工具
Maltego 链接地址 - 开源情报取证工具
匿名工具
Tor链接地址 - 免费路由在线匿名工具
I2P链接地址 - 隐形互联网项目
逆向工具
IDA Pro链接地址 - Windows、Linux或Mac OS X反编译调试器
IDA Free 链接地址 - 免费版本的IDA 5.0
WDK/WinDbg 链接地址 - Windows驱动程序工具包和WinDbg
OllyDbg 链接地址 - x86调试器(强调二进制代码分析)
Radare2 链接地址 - 开源跨平台逆向工程框架
x64_dgb 链接地址 - Windows 开源x64/x32调试器
Pyew 链接地址 - 静态恶意软件分析的Python工具
Bokken 链接地址 - Pyew Radare2 GUI
Immunity Debugger 链接地址 - 开发、分析恶意软件的新工具
Evan’s Debugger 链接地址 - Linux上类似于OllyDbg的调试器
图书:
渗透测试图书:
The Art of Exploitation by Jon Erickson, 2008
Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
Rtfm: Red Team Field Manual by Ben Clark, 2014
The Hacker Playbook by Peter Kim, 2014
The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
Professional Penetration Testing by Thomas Wilhelm, 2013
Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
Violent Python by TJ O‘Connor, 2012
Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
Black Hat Python: Python Programming for Hackers and Pentesters, 2014
Penetration Testing: Procedures & Methodologies (EC-Council Press),2010
黑客手册系列
The Shellcoders Handbook by Chris Anley and others, 2007
The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
iOS Hackers Handbook by Charlie Miller and others, 2012
Android Hackers Handbook by Joshua J. Drake and others, 2014
The Browser Hackers Handbook by Wade Alcorn and others, 2014
The Mobile Application Hackers Handbook by Dominic Chell and others, 2015
网络分析图书
Nmap Network Scanning by Gordon Fyodor Lyon, 2009
Practical Packet Analysis by Chris Sanders, 2011
Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012
逆向工程图书
Reverse Engineering for Beginners by Dennis Yurichev (free!)
The IDA Pro Book by Chris Eagle, 2011
Practical Reverse Engineering by Bruce Dang and others, 2014
Reverse Engineering for Beginners
恶意软件分析图书
Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
The Art of Memory Forensics by Michael Hale Ligh and others, 2014
Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010
Windows图书
Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu
社会工程学图书
The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
No Tech Hacking by Johnny Long, Jack Wiles, 2008
Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014
撬锁系列图书
Practical Lock Picking by Deviant Ollam, 2012
Keys to the Kingdom by Deviant Ollam, 2012
CIA Lock Picking Field Operative Training Manual
Lock Picking: Detail Overkill by Solomon
Eddie the Wire books
漏洞数据库
NVD 链接地址 - US National Vulnerability Database
CERT 链接地址 - US Computer Emergency Readiness Team
OSVDB 链接地址 - Open Sourced Vulnerability Database
Bugtraq 链接地址 - Symantec SecurityFocus
Exploit-DB 链接地址 - Offensive Security Exploit Database
Fulldisclosure 链接地址 - Full Disclosure Mailing List
MS Bulletin 链接地址 - Microsoft Security Bulletin
MS Advisory 链接地址 - Microsoft Security Advisories
Inj3ct0r 链接地址 - Inj3ct0r Exploit Database
Packet Storm 链接地址 - Packet Storm Global Security Resource
SecuriTeam 链接地址 - Securiteam Vulnerability Information
CXSecurity 链接地址 - CSSecurity Bugtraq List
Vulnerability Laboratory 链接地址 - Vulnerability Research Laboratory
ZDI 链接地址 - Zero Day Initiative
安全课程
Offensive Security Training 链接地址 - Training from BackTrack/Kali developers
SANS Security Training 链接地址 - Computer Security Training & Certification
Open Security Training 链接地址 - Training material for computer security classes
CTF Field Guide 链接地址 - everything you need to win your next CTF competition
Cybrary 链接地址 - online IT and Cyber Security training platform
信息安全课程
DEF CON - An annual hacker convention in Las Vegas
Black Hat - An annual security conference in Las Vegas
BSides - A framework for organising and holding security conferences
CCC - An annual meeting of the international hacker scene in Germany
DerbyCon - An annual hacker conference based in Louisville
PhreakNIC - A technology conference held annually in middle Tennessee
ShmooCon - An annual US east coast hacker convention
CarolinaCon - An infosec conference, held annually in North Carolina
HOPE - A conference series sponsored by the hacker magazine 2600
SummerCon - One of the oldest hacker conventions, held during Summer
Hack.lu - An annual conference held in Luxembourg
HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
Hack3rCon - An annual US hacker conference
ThotCon - An annual US hacker conference held in Chicago
LayerOne - An annual US security conerence held every spring in Los Angeles
DeepSec - Security Conference in Vienna, Austria
SkyDogCon - A technology conference in Nashville
SECUINSIDE - Security Conference in Seoul
DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
信息安全杂志
2600: The Hacker Quarterly - An American publication about technology and computer "underground"
Phrack Magazine - By far the longest running hacker zine
非常有用的信息列表:
SecTools 链接地址 - Top 125 Network Security Tools
C/C++ Programming 链接地址 - One of the main language for open source security tools
.NET Programming 链接地址 - A software framework for Microsoft Windows platform development
Shell Scripting 链接地址 - Command-line frameworks, toolkits, guides and gizmos
Ruby Programming by @dreikanter 链接地址 - The de-facto language for writing exploits
Ruby Programming by @markets 链接地址 - The de-facto language for writing exploits
Ruby Programming by @Sdogruyol 链接地址 - The de-facto language for writing exploits
JavaScript Programming 链接地址 - In-browser development and scripting
Node.js Programming by @sindresorhus 链接地址 - JavaScript in command-line
Node.js Programming by @vndmtrx 链接地址 - JavaScript in command-line
Python tools for penetration testers 链接地址 - Lots of pentesting tools are written in Python
Python Programming by @svaksha 链接地址 - General Python programming
Python Programming by @vinta 链接地址 - General Python programming
Android Security 链接地址 - A collection of android security related resources
Awesome Awesomness 链接地址 - The List of the Lists