zoukankan      html  css  js  c++  java
  • 渗透测试资源

    在线资源:

    渗透测试资源:
    Metasploit Unleashed 链接地址 - 免费攻防安全metasploita课程
    PTES 链接地址 - 渗透测试执行标准
    OWASP 链接地址 - 开源Web应用安全项目

    Shellcode开发:
    Shellcode Tutorials 链接地址 - 如何写shellcode的指导
    Shellcode Examples 链接地址 - Shellcode数据库

    社会工程学资源:
    社工库框架 链接地址 - 社工所需信息资源

    "撬锁"(Lock Picking)资源:
    Schuyler Towne channel 链接地址 - 撬锁视频和安全演讲
    /r/lockpicking 链接地址 - 学习撬锁的资源和设备推荐


    渗透工具:

    渗透测试分布工具:
    Kali 链接地址 - 一个专门的数字取证和渗透测试的Linux版本
    BlackArch 链接地址 - 渗透测试员和研究人员的Arch Linux分布
    NST 链接地址 - 网络安全工具包
    Pentoo 链接地址 - 基于Gentoo
    BackBox 链接地址 - 基于Ubuntu的渗透测试和安全评估

    基本渗透测试工具:
    Metasploit Framework 链接地址 - 全球最常用的渗透测试工具
    Burp Suite 链接地址 - 执行Web安全测试的集成平台
    ExploitPack 链接地址 - 用户渗透测试的图形工具

    漏洞扫描器:
    Netsparker 链接地址 - Web应用程序安全扫描
    Nexpose 链接地址 - 漏洞管理和风险管理软件
    Nessus 链接地址 - 漏洞、配置和评估
    Nikto 链接地址 - Web应用漏洞扫描器
    OpenVAS 链接地址 - 开源漏洞扫描和管理工具
    OWASP Zed Attack Proxy 链接地址 - web应用的渗透测试工具
    Secapps 链接地址 - 集成的Web应用程序安全测试环境
    w3af 链接地址 - Web应用攻击和审计框架
    Wapiti 链接地址 - Web应用漏洞扫描器
    WebReaver 链接地址 - Mac OS X的Web应用漏洞扫描

    网络工具:
    nmap 链接地址 - 用于网络探测和安全审计的免费安全扫描器
    tcpdump/libpcap 链接地址 - 命令行的通用数据包分析器
    Wireshark 链接地址 - 网络协议分析,Unix和Windows版本均有
    Network Tools 链接地址 - 不同的网络工具:ping, lookup, whois, 等
    netsniff-ng 链接地址 - 瑞士军刀网络嗅探
    Intercepter-NG 链接地址 - 一个多功能网络工具包
    SPARTA 链接地址 - 网络基础架构渗透测试工具包

    无线网络工具:
    Aircrack-gn 链接地址 - 一系列无线网络审计工具
    Kismet 链接地址 - 无线网络探测器、嗅探器和入侵检测系统
    Reaver 链接地址 - WiFi暴力攻击

    SSL分析工具
    SSLyze链接地址 - SSL配置扫描仪
    sslstrip 链接地址 - 一个HTTPS攻击演示

    十六进制编辑器
    HexEdit.js 链接地址 - 基于浏览器的十六进制编辑器

    破解工具
    John the Ripper 链接地址 - 最快的密码破解
    在线MD5破解 链接地址 - 在线MD5哈希破解

    Windows Utils
    Sysinternals Suite 链接地址 - Sysinternals 故障诊断工具
    Windows Credentials Editor 链接地址 - 列出登录会话、添加、修改、列表、删除相关凭据的安全工具
    mimikatz 链接地址 - 针对Windows的凭证提取工具

    DDoS攻击工具
    LOIC 链接地址 - 开源的Windos网络压力工具
    JS LOIC 链接地址 - 浏览器的JavaScript LOIC

    社工工具
    SET 链接地址 - 来自TrustedSec的社工工具包

    OSint工具
    Maltego 链接地址 - 开源情报取证工具

    匿名工具
    Tor链接地址 - 免费路由在线匿名工具
    I2P链接地址 - 隐形互联网项目

    逆向工具
    IDA Pro链接地址 - Windows、Linux或Mac OS X反编译调试器
    IDA Free 链接地址 - 免费版本的IDA 5.0
    WDK/WinDbg 链接地址 - Windows驱动程序工具包和WinDbg
    OllyDbg 链接地址 - x86调试器(强调二进制代码分析)
    Radare2 链接地址 - 开源跨平台逆向工程框架
    x64_dgb 链接地址 - Windows 开源x64/x32调试器
    Pyew 链接地址 - 静态恶意软件分析的Python工具
    Bokken 链接地址 - Pyew Radare2 GUI
    Immunity Debugger 链接地址 - 开发、分析恶意软件的新工具
    Evan’s Debugger 链接地址 - Linux上类似于OllyDbg的调试器


    图书:

    渗透测试图书:
    The Art of Exploitation by Jon Erickson, 2008
    Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
    Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
    Rtfm: Red Team Field Manual by Ben Clark, 2014
    The Hacker Playbook by Peter Kim, 2014
    The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
    Professional Penetration Testing by Thomas Wilhelm, 2013
    Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
    Violent Python by TJ O‘Connor, 2012
    Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
    Black Hat Python: Python Programming for Hackers and Pentesters, 2014
    Penetration Testing: Procedures & Methodologies (EC-Council Press),2010

    黑客手册系列
    The Shellcoders Handbook by Chris Anley and others, 2007
    The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
    iOS Hackers Handbook by Charlie Miller and others, 2012
    Android Hackers Handbook by Joshua J. Drake and others, 2014
    The Browser Hackers Handbook by Wade Alcorn and others, 2014
    The Mobile Application Hackers Handbook by Dominic Chell and others, 2015

    网络分析图书
    Nmap Network Scanning by Gordon Fyodor Lyon, 2009
    Practical Packet Analysis by Chris Sanders, 2011
    Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

    逆向工程图书
    Reverse Engineering for Beginners by Dennis Yurichev (free!)
    The IDA Pro Book by Chris Eagle, 2011
    Practical Reverse Engineering by Bruce Dang and others, 2014
    Reverse Engineering for Beginners

    恶意软件分析图书
    Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
    The Art of Memory Forensics by Michael Hale Ligh and others, 2014
    Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010

    Windows图书
    Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

    社会工程学图书
    The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
    The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
    Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
    No Tech Hacking by Johnny Long, Jack Wiles, 2008
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
    Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
    Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

    撬锁系列图书
    Practical Lock Picking by Deviant Ollam, 2012
    Keys to the Kingdom by Deviant Ollam, 2012
    CIA Lock Picking Field Operative Training Manual
    Lock Picking: Detail Overkill by Solomon
    Eddie the Wire books

    漏洞数据库
    NVD 链接地址 - US National Vulnerability Database
    CERT 链接地址 - US Computer Emergency Readiness Team
    OSVDB 链接地址 - Open Sourced Vulnerability Database
    Bugtraq 链接地址 - Symantec SecurityFocus
    Exploit-DB 链接地址 - Offensive Security Exploit Database
    Fulldisclosure 链接地址 - Full Disclosure Mailing List
    MS Bulletin 链接地址 - Microsoft Security Bulletin
    MS Advisory 链接地址 - Microsoft Security Advisories
    Inj3ct0r 链接地址 - Inj3ct0r Exploit Database
    Packet Storm 链接地址 - Packet Storm Global Security Resource
    SecuriTeam 链接地址 - Securiteam Vulnerability Information
    CXSecurity 链接地址 - CSSecurity Bugtraq List
    Vulnerability Laboratory 链接地址 - Vulnerability Research Laboratory
    ZDI 链接地址 - Zero Day Initiative

    安全课程
    Offensive Security Training 链接地址 - Training from BackTrack/Kali developers
    SANS Security Training 链接地址 - Computer Security Training & Certification
    Open Security Training 链接地址 - Training material for computer security classes
    CTF Field Guide 链接地址 - everything you need to win your next CTF competition
    Cybrary 链接地址 - online IT and Cyber Security training platform

    信息安全课程

    DEF CON - An annual hacker convention in Las Vegas
    Black Hat - An annual security conference in Las Vegas
    BSides - A framework for organising and holding security conferences
    CCC - An annual meeting of the international hacker scene in Germany
    DerbyCon - An annual hacker conference based in Louisville
    PhreakNIC - A technology conference held annually in middle Tennessee
    ShmooCon - An annual US east coast hacker convention
    CarolinaCon - An infosec conference, held annually in North Carolina
    HOPE - A conference series sponsored by the hacker magazine 2600
    SummerCon - One of the oldest hacker conventions, held during Summer
    Hack.lu - An annual conference held in Luxembourg
    HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
    Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
    Hack3rCon - An annual US hacker conference
    ThotCon - An annual US hacker conference held in Chicago
    LayerOne - An annual US security conerence held every spring in Los Angeles
    DeepSec - Security Conference in Vienna, Austria
    SkyDogCon - A technology conference in Nashville
    SECUINSIDE - Security Conference in Seoul
    DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania

    信息安全杂志
    2600: The Hacker Quarterly - An American publication about technology and computer "underground"
    Phrack Magazine - By far the longest running hacker zine

    非常有用的信息列表:
    SecTools 链接地址 - Top 125 Network Security Tools
    C/C++ Programming 链接地址 - One of the main language for open source security tools
    .NET Programming 链接地址 - A software framework for Microsoft Windows platform development
    Shell Scripting 链接地址 - Command-line frameworks, toolkits, guides and gizmos
    Ruby Programming by @dreikanter 链接地址 - The de-facto language for writing exploits
    Ruby Programming by @markets 链接地址 - The de-facto language for writing exploits
    Ruby Programming by @Sdogruyol 链接地址 - The de-facto language for writing exploits
    JavaScript Programming 链接地址 - In-browser development and scripting
    Node.js Programming by @sindresorhus 链接地址 - JavaScript in command-line
    Node.js Programming by @vndmtrx 链接地址 - JavaScript in command-line
    Python tools for penetration testers 链接地址 - Lots of pentesting tools are written in Python
    Python Programming by @svaksha 链接地址 - General Python programming
    Python Programming by @vinta 链接地址 - General Python programming
    Android Security 链接地址 - A collection of android security related resources
    Awesome Awesomness 链接地址 - The List of the Lists

  • 相关阅读:
    ●单例模式
    ●扩展方法
    ●存储过程比sql语句慢
    ●rownum() over()
    ●日期格式化
    ●sql优化
    VS建立Web网站 20141201
    ORM操作(一) 20141128
    流的操作20141104
    控件:菜单、工具栏、状态栏及TreeView的操作 20141103
  • 原文地址:https://www.cnblogs.com/Jsonlu/p/5677930.html
Copyright © 2011-2022 走看看