mirror of
https://github.com/euphrat1ca/Security-List.git
synced 2026-06-30 21:09:51 +08:00
249
This commit is contained in:
parent
66b060a4d0
commit
9c67a54e45
16
README.md
16
README.md
@ -350,7 +350,6 @@
|
||||
- https://github.com/lionsoul2014/ip2region //ip地址定位库,支持python3等多接口。类似于于geoip架构
|
||||
- https://github.com/ultrasecurity/webkiller //PY.渗透辅助。ip信息、端口服务指纹、蜜罐探测、bypass cloudflare
|
||||
- https://github.com/medbenali/CyberScan //PY.渗透测试辅助工具。支持分析数据包、解码、端口扫描、IP地址分析等
|
||||
- https://github.com/opensec-cn/vtest //PY.用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
|
||||
- https://github.com/ismailtasdelen/hackertarget //PY.Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities.
|
||||
- https://technitium.com/ //点对点加密聊天、mac地址修改、dns客户端与服务端、https
|
||||
- https://github.com/feross/SpoofMAC //PY.跨平台mac修改
|
||||
@ -502,7 +501,7 @@ https://nets.ec/Shellcode/Socket-reuse //C.套接字重用
|
||||
- https://github.com/teddysun/across //BASH.npv、bbr、kms等脚本
|
||||
- https://github.com/Nyr/openvpn-install //openvpn一键安装
|
||||
- https://github.com/quericy/one-key-ikev2-vpn //CentOS/Debian/Ubuntu一键安装IPSEC/IKEV2 VPN脚本
|
||||
- http://www.vpngate.net //日本国立筑波大学云局域网
|
||||
- http://www.vpngate.net //日本国立筑波大学云局域网。SoftEther开源、跨平台、多重协议的虚拟专用网方案
|
||||
- https://github.com/zerotier //C++.网络虚拟化平台云自组网
|
||||
- https://github.com/bannedbook/fanqiang/wiki //cross汇总
|
||||
- https://www.wireguard.com/install/ //新一代npv协议
|
||||
@ -838,7 +837,7 @@ W:ns4gov.000webhostapp.com;
|
||||
- https://github.com/klsecservices/bat-armor //PY.bat文件混淆版mimikatz
|
||||
- https://github.com/skelsec/pypykatz //PY3.使用python实现的mimikatz
|
||||
- https://github.com/nccgroup/redsnarf //PS,PY.调用猕猴桃等程序窃取哈希,密码解密,rdp多方法利用,远程启动shell,清除痕迹。
|
||||
- https://github.com/aas-n/spraykatz //py3.Windows计算机和大型Active Directory环境中检索凭据的工具,对计算机进行“procdump(微软官方)”,并远程解析转储。
|
||||
- https://github.com/aas-n/spraykatz //py3.Windows计算机和大型Active Directory环境中检索凭据的工具,对计算机进行“procdump(微软官方lsass内存dump工具)/sqldumper 官方mssql读取”,并远程解析转储。
|
||||
- https://github.com/GhostPack/Rubeus //C#.操作Kerberos的库, 实现了Kekeo的大部分功能。G:gentilkiwi/kekeo PTK(Pass the ticket)
|
||||
- https://github.com/m8r0wn/ldap_search //PY.通过ldap(轻量目录访问协议)认证,列举win域信息,爆破登录
|
||||
- https://github.com/chroblert/domainWeakPasswdCheck //ps.域账号弱口令审计
|
||||
@ -1311,7 +1310,7 @@ W:ns4gov.000webhostapp.com;
|
||||
## 逆向安全分析
|
||||
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_ReverseAnalysis.md/ //逆向分析、反编译、破解。myWiki
|
||||
## 系统监控管理
|
||||
- https://docs.microsoft.com/en-us/sysinternals/ //Windows Sysinternals套件系统管理。autorun(自启动)、Process Explorer(进程管理定位加强)、procmon、procdump(监控应用程序的CPU异常动向, 并在此异常时生成crash dump文件)
|
||||
- https://docs.microsoft.com/en-us/sysinternals/ //Windows Sysinternals套件系统管理。autorun(自启动)、Process Explorer(进程管理定位加强)、procmon、procdump、sqldumper(监控应用程序的CPU异常动向, 并在此异常时生成crash dump文件)
|
||||
- http://www.xuetr.com/ //PC Hunter是一个驱动级的系统维护工具,能够查看各种Windows的各类底层系统信息,包括进程、驱动模块、内核、内核钩子、应用层钩子,网络、注册表、文件、启动项、系统杂项、电脑体检等。pchunter
|
||||
- down4.huorong.cn/hrsword.exe //火绒剑。W:process monitor;
|
||||
- https://github.com/mohuihui/antispy //C/C++.枚举32位系统中隐藏至深的进程、文件、网络连接、内核对象等,并且也可以检测用户态、内核态各种钩子
|
||||
@ -1422,6 +1421,7 @@ W:ns4gov.000webhostapp.com;
|
||||
- https://github.com/susers/Writeups //国内玩各大CTF赛题及writeup整理。Github:hongriSec/CTF-Training;Github:balsn/ctf_writeup;
|
||||
- https://edwardchoijc.github.io/CTF线下AWD经验总结.html/ //CTF攻防AWD经验总结
|
||||
- https://github.com/NEALWE/AWD_FrameWork //PY2.awd框架,比赛常用脚本。
|
||||
- 公众号:VulnHub通关日记-DC_ //vulnhub write up
|
||||
### CTF靶场平台
|
||||
- https://github.com/facebook/fbctf //HACK,PHP.CTF比赛平台搭建。
|
||||
- https://github.com/CTFd/CTFd //py2.基于flask的动态Capture The Flag framework
|
||||
@ -1477,7 +1477,7 @@ W:ns4gov.000webhostapp.com;
|
||||
- https://github.com/iqiyi/qnsm //C/C++.爱奇艺基于dpdk与Suricata,旁路部署的全流量引擎,集成了DDOS检测和IDPS模块。
|
||||
- https://labs.360.cn/malwaredefender/ //HIPS (主机入侵防御系统)软件,用户可以自己编写规则来防范病毒、木马的侵害。另外,Malware Defender提供了很多有效的工具来检测和删除已经安装在您的计算机系统中的恶意软件
|
||||
- https://documentation.wazuh.com //C.wazuh是C/S架构开源主机入侵检测系统网络安全平台,支持日志收集、文件监控、恶意软件检测、漏洞基线检测等。
|
||||
- https://github.com/TheKingOfDuck/FileMonitor //py.基于watchdog的文件变化实时监控工具(代码审计辅助).testjob.
|
||||
- https://github.com/TheKingOfDuck/FileMonitor //py.基于watchdog的文件监视器变化监控(代码审计辅助).testjob.
|
||||
- https://github.com/StamusNetworks/SELKS //基于Debian的入侵检测系统,组件包含Suricata IDPS与ELK和Scirius
|
||||
- https://github.com/grayddq/HIDS //主机型入侵检测系统。一个人的安全部
|
||||
- https://github.com/ysrc/yulong-hids //YSRC开源的驭龙HIDS主机入侵检测系统
|
||||
@ -1506,11 +1506,13 @@ W:ns4gov.000webhostapp.com;
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings //A list of useful payloads and bypass for Web Application Security and Pentest/CTF
|
||||
- https://github.com/sirpsycho/firecall //直接向CiscoASA防火墙发送命令, 无需登录防火墙后再做修改
|
||||
- https://blog.xpnsec.com/evading-sysmon-dns-monitoring/ //INTRO.规避Sysmon DNS监控
|
||||
### CDN识别绕过真实IP获取
|
||||
### 真实IP信息获取
|
||||
- http://requestbin.net/ //Inspect HTTP Requests.获取客户端http、dns请求。requestbin.com。
|
||||
- https://github.com/BugScanTeam/DNSLog //py.基于django监控 DNS 解析记录和 HTTP 访问记录的工具,可以配合盲注、xss、解析对方真实ip使用
|
||||
- http://ceye.io //知道创宇dns查询,http请求解析,dns解析日志记录DNSLog
|
||||
- https://github.com/opensec-cn/vtest //PY.用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
|
||||
- https://github.com/al0ne/Vxscan //PY3.目录扫描/js泄露接口,WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,弱口令探测,POC扫描,SQL注入,绕过CDN,查询旁站。0.5k。
|
||||
- https://github.com/boy-hack/w8fuckcdn //PY.基于masscan通过扫描全网绕过CDN获取网站IP地址
|
||||
- https://github.com/boy-hack/w8fuckcdn //PY.基于masscan通过扫描全网绕过CDN获取网站IP地址。CDN识别绕过
|
||||
- https://github.com/3xp10it/xcdn //尝试找出cdn背后的真实ip,3xp10it.github.io 博客
|
||||
- https://github.com/christophetd/CloudFlair //PY.利用dns与api进行cloudflare绕过,获取真实ip,集成censys。Github:CloudFail;Github:Cloudmare.1K。
|
||||
- https://github.com/Nitr4x/whichCDN //CDN识别、检测
|
||||
|
||||
@ -36,13 +36,15 @@
|
||||
- https://github.com/thunlp/THULAC-Python //PY.清华中文分词
|
||||
- https://github.com/lancopku/PKUSeg-python //PY3.北大中文分词
|
||||
- https://github.com//chinese-poetry/chinese-poetry //PY.中华最全诗词库数据
|
||||
### 机器学习
|
||||
## 机器学习
|
||||
- https://visualgo.net/ //算法库
|
||||
- https://github.com/google-research/bert //PY.谷歌研究院最强NLP运算模型
|
||||
- https://paperswithcode.com/sota //机器学习具体项目、演示、代码
|
||||
- https://www.reddit.com/r/Python/comments/a81mg3/the_entire_mit_intro_computer_science_class_using/ //麻省理工机器学习视频
|
||||
- https://github.com/clone95/Data-Science-Study-Paths-March-2019 //以 TensorFlow 和 Scikit-learn 的机器学习框架的基础库为例,详细介绍了如何成为一名机器学习工程师
|
||||
- https://github.com/fengdu78/Coursera-ML-AndrewNg-Notes //吴恩达机器学习
|
||||
### 深度学习
|
||||
- https://github.com/wangshub/RL-Stock //PY3.使用深度学习进行量化交易
|
||||
### 神经网络GanS
|
||||
- https://github.com/duoergun0729/nlp //一本开源的NLP(神经语言程序学)入门书籍
|
||||
- https://zhuanlan.zhihu.com/p/64895011 //神经网络深度学习框架PyTorch
|
||||
|
||||
15
wiki_vul.md
15
wiki_vul.md
@ -19,9 +19,7 @@
|
||||
- https://github.com/Moham3dRiahi/XAttacker //Web CMS Exploit 工具,包含针对主流 CMS 的 66 个不同的 Exploits
|
||||
- https://github.com/Tuhinshubhra/CMSeeK //PY.WordPress,JOOMLA,DRUPAL等170余种CMS扫描识别检测。
|
||||
- https://github.com/Dionach/CMSmap //支持WordPress,Joomla和Drupal扫描
|
||||
- https://github.com/wpscanteam/wpscan //RUBY.wordpress漏洞扫描工具
|
||||
- https://github.com/swisskyrepo/Wordpresscan //基于WPScan以及WPSeku的优化版wordpress扫描器
|
||||
- https://github.com/m4ll0k/WPSeku //精简的wordpress扫描工具
|
||||
- https://github.com/wpscanteam/wpscan //RUBY.wordpress漏洞扫描工具。G:shadowlabscc/ProjectOpal;G:swisskyrepo/Wordpresscan;G:m4ll0k/WPSeku;
|
||||
- https://github.com/rastating/wordpress-exploit-framework //wordpress漏洞框架
|
||||
- https://github.com/Jamalc0m/wphunter //php.wordpress扫描器
|
||||
- https://github.com/UltimateLabs/Zoom //wordpress漏洞扫描器
|
||||
@ -60,7 +58,6 @@
|
||||
- https://github.com/blacknbunny/libSSH-Authentication-Bypass //CVE-2018-10933,libssh服务端身份验证绕过
|
||||
- https://github.com/leapsecurity/libssh-scanner //CVE-2018-10933,libssh服务端身份验证绕过
|
||||
- https://www.jianshu.com/p/726a3791b5b9 //OpenSSH用户枚举漏洞(CVE-2018-15473)
|
||||
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-0227 //Apache Axis 1.4 Remote Code Execution;CVE-2019-0227: Apache Axis RCE
|
||||
- https://www.corben.io/atlassian-crowd-rce/ //JAVA.atlassian crowd,CVE-2019-11580.
|
||||
- https://github.com/c0d3p1ut0s/CVE-2019-12086-jackson-databind-file-read //CVE-2019-12086.利用jackson进行MySQL服务器任意文件读取漏洞
|
||||
- https://github.com/numirias/security/tree/master/data/2019-06-04_ace-vim-neovim //intro.文本编辑器Vim/Neovim任意代码执行漏洞。修改vimrc在50行这里添加一个“set modeline” 然后esc保存退出,然后执行source ~/.vimrc让它生效。
|
||||
@ -72,6 +69,7 @@
|
||||
- https://slides.com/securitymb/prototype-pollution-in-kibana#/ //kibana <6.6.0 未授权远程代码命令执行。Kibana CVE-2019-7609 RCE Exploit
|
||||
- https://github.com/milo2012/CVE-2018-13379 //PY.FortiOS飞塔防火墙/VPN Pre-auth任意文件读取
|
||||
- https://nosec.org/home/detail/2862.html //intro.如何攻击Fortigate SSL VPN
|
||||
- https://github.com/jas502n/fastjson-RCE //fastjson-v1.2.47-RCE 命令执行漏洞
|
||||
### 数据库漏洞
|
||||
- https://xz.aliyun.com/t/1491 //Mysql数据库渗透及漏洞利用总结。写shell、udf、mof、注册表、os-shell;
|
||||
- https://www.anquanke.com/post/id/86011 //【技术分享】MSSQL 注入攻击与防御。sql server漏洞利用
|
||||
@ -106,14 +104,15 @@
|
||||
- https://github.com/s1kr10s/Apache-Struts-v3 //Apache-Struts漏洞利用工具
|
||||
- https://github.com/euphrat1ca/CVE-2019-0232 //Apache Tomcat Remote Code Execution on Windows - 需要开启CGI-BIN
|
||||
- https://github.com/magicming200/tomcat-weak-password-scanner //py.tomcat后台弱口令扫描器,命令行版+图形界面版。
|
||||
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-0227 //Apache Axis 1.4 Remote Code Execution;CVE-2019-0227: Apache Axis RCE命令执行
|
||||
#### Weblogic相关漏洞
|
||||
- https://github.com/rabbitmask/WeblogicScan //py3.Weblogic一键漏洞检测工具,V1.3,支持2019
|
||||
- https://github.com/dr0op/WeblogicScan //PY3.weblogic系列漏洞扫描。最新支持CVE-2019-2618(DeploymentService接口任意文件上传),CVE-2019-2729(XML反序列化rce)检测
|
||||
- https://github.com/dr0op/WeblogicScan //PY3.weblogic系列漏洞扫描。最新支持CVE-2019-2618(DeploymentService接口任意文件上传),CVE-2019-2729(XML反序列化rce命令执行)检测
|
||||
- https://github.com/mu0gua/VulnPOC //heartbleed心脏滴血改;cve-2019-2618 Weblogic;cve-2019-3395 Confluence
|
||||
- https://github.com/pyn3rd/CVE-2018-3245 //weblogic cve-2018-2893与cve-2018-3245远程代码命令执行
|
||||
- https://github.com/jas502n/CVE-2018-3191 //Weblogic CVE-2018-3191远程代码命令执行
|
||||
- https://github.com/shack2/javaserializetools //JAVA.Weblogic反序列化利用工具,wls9_async_response与wls-wsat组件无身份认证授权远程RCE漏洞。cve-2017-10271/CNVD-C-2019-48814/CNNVD-201904-961/CVE-2019-2725
|
||||
- https://github.com/hktalent/CVE-2020-2551 //py.Weblogic IIOP反序列化漏洞(CVE-2020-2551) 漏洞
|
||||
- https://github.com/shack2/javaserializetools //JAVA.Weblogic反序列化命令执行,wls9_async_response与wls-wsat组件无身份认证授权远程RCE漏洞。cve-2017-10271/CNVD-C-2019-48814/CNNVD-201904-961/CVE-2019-2725;
|
||||
- https://github.com/hktalent/CVE-2020-2551 //py.Weblogic IIOP反序列化命令执行漏洞(CVE-2020-2551) 漏洞
|
||||
### 浏览器漏洞工具
|
||||
- https://github.com/ray-cp/browser_pwn //浏览器二进制溢出漏洞利用
|
||||
- https://github.com/SkyLined/LocalNetworkScanner //JS.浏览器漏洞扫描网站浏览者内网信息
|
||||
@ -153,7 +152,6 @@
|
||||
- https://github.com/Ridter/RTF_11882_0802 //PY.利用CVE-2017-11882与CVE-2018-0802组合漏洞生成hta二进制后门
|
||||
- https://github.com/gentilkiwi/kekeo //C.Kerberos漏洞利用工具箱,包括如MS14-068 (CVE-2014-6324) Kerberos 域控利用漏洞(“ systeminfo |find "KB3011780" 查看是否安装补丁”)。G:mubix/pykek;G:goldenPac.py;
|
||||
- https://github.com/padovah4ck/CVE-2020-0683 //C++.利用伪造MSI重写DACL访问控制列表、任意文件覆盖重写
|
||||
- https://github.com/ollypwn/SMBGhost //py.CVE-2020-0796 - SMBv3 RCE
|
||||
### Exchange漏洞与利用手段
|
||||
- https://www.anquanke.com/post/id/184342 //Exchange渗透测试总结。枚举;钓鱼;pth;猕猴桃抓明文、生成挑战值;劫持;提权
|
||||
- https://blog.riskivy.com/exchange-server-in-pentest/ //深入Exchange Server在网络渗透下的利用方法。自动发现服务暴破;规则和通知功能getshell;邮件内容检索;NTLM Relay。W:evi1cg.me/archives/Exchange_Hack.html;W:paper.seebug.org/833/ 利用 Exchange SSRF 漏洞和 NTLM 中继沦陷域控;
|
||||
@ -215,6 +213,7 @@
|
||||
- Exchange提权利用 //mywiki
|
||||
- http://www.fuzzysecurity.com/tutorials/16.html //windows平台教程级提权参考文章
|
||||
- https://github.com/bitsadmin/wesng //PY.WES-NG,全称为Windows ExploitSuggester - Next Generation,该工具的运行基于Windows systeminfo实用工具的输出,可以给用户提供目标操作系统可能存在的漏洞列表,并针对这些漏洞给出漏洞利用实施建议。该工具的适用系统范围从Windows XP到Windows 10,还包括Windows Server等服务器/工作站版本。1k。
|
||||
- https://github.com/danigargu/CVE-2020-0796 //C.CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost 任意命令执行提权漏洞。G:ollypwn/SMBGhost;
|
||||
- https://github.com/rasta-mouse/Sherlock //PS.win提权漏洞验证。1k。
|
||||
- https://github.com/SecWiki/windows-kernel-exploits //Windows平台提权漏洞Exp集合
|
||||
- https://github.com/51x/WHP //windows下各种提权与利用工具
|
||||
|
||||
@ -125,6 +125,7 @@
|
||||
- https://github.com/D35m0nd142/LFISuite //本地文件包含漏洞利用及扫描工具,支持反弹shell
|
||||
- https://github.com/OsandaMalith/LFiFreak //本地文件包含漏洞利用及扫描工具,支持反弹shell
|
||||
### 上传漏洞利用
|
||||
- https://github.com/WSP-LAB/FUSE //py2.基于NDSS 2020上展示的13种文件上传bypass技巧,Linux下文件上传漏洞fuzz工具。配合文件变化监控查找文件上传位置。TESTJOB。
|
||||
- https://github.com/UltimateHackers/Arjun //扫描网页, 使用正则表达式爆破查找隐藏的GET/POST参数
|
||||
- https://github.com/3xp10it/xupload //用于自动测试上传功能是否可上传webshell的工具
|
||||
- https://github.com/gunnerstahl/JQShell //PY3.CVE-2018-9206 jQuery File Upload利用工具
|
||||
|
||||
Loading…
Reference in New Issue
Block a user