From a2d3cfe116a96dafdd6f9f281321d42423c1081a Mon Sep 17 00:00:00 2001 From: euphrat1ca <> Date: Mon, 6 Jan 2020 17:05:03 +0800 Subject: [PATCH] 227 227 --- README.md | 47 ++++++++++++++++++++-------------------------- wiki_Selfsource.md | 31 +++++++++++++++++------------- wiki_TipSkill.md | 1 + wiki_burpsuite.md | 13 +++++++++++++ 4 files changed, 52 insertions(+), 40 deletions(-) create mode 100644 wiki_burpsuite.md diff --git a/README.md b/README.md index 9608826..1a5aaee 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ - https://www.nist.gov/topics/cybersecurity //美国国家标准与技术研究院。NVD漏洞库 - https://www.mitre.org/publications/all //mitre安全机构。CVE漏洞库 - https://www.alibabacloud.com/blog //阿里安全建设 -- https://security.tencent.com/index.php/blog //腾讯安全建设 +- https://security.tencent.com/index.php/blog/msg/139 //腾讯安全建设。网络空间安全时代的红蓝对抗建设 - https://github.com/baidu-security //百度安全建设 - https://ai.google/research/pubs/?area=SecurityPrivacyandAbusePrevention //谷歌安全建设 - https://aws.amazon.com/cn/blogs/security/ //亚马逊安全建设 @@ -401,7 +401,16 @@ - https://github.com/saghul/aiodns/ //PY.请求后无需关闭连接的情况下有效地进行多次调用的DNS解析器 ## 相关工具拓展插件 - https://github.com/AntSword-Store/ //中国蚁剑插件市场 -#### kali环境拓展插件 +### burpsuit相关工具拓展插件 +- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_burpsuite.md/ //burpsuite插件收集.mywiki +- https://github.com/PortSwigger //burpsuite官方插件库。商业版。 +### CobaltStrike相关工具拓展插件 +- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_Cobaltstrike.md/ //cobaltstrike插件收集.mywiki +- https://www.cobaltstrike.com/aggressor-script/index.html //脱离MSF之后的Aggressor Script 成为了开源脚本引擎 Cortana 的接班人 +- https://github.com/verctor/CS_xor64 //JAVA.生成cobaltstrike破解版所需的xor64.bin +- https://github.com/Mr-Un1k0d3r/SCT-obfuscator //Cobalt Strike SCT有效载荷混淆器 +- https://github.com/dcsync/pycobalt //PY3.Python API for Cobalt Strike +### kali环境拓展插件 - https://github.com/Manisso/fsociety //linux下类似于kali的工具包一键安装工具 - https://github.com/LionSec/katoolin //使用linux服务器自动安装kali工具包 - https://github.com/TrustedSec/ptf/ //PY.基于Debian/Ubuntu/ArchLinux下的测试工具安装管理工具 @@ -413,26 +422,13 @@ - https://github.com/se55i0n/Awvs_Nessus_Scanner_API //扫描器Awvs 11和Nessus 7 Api利用脚本 - https://github.com/DanMcInerney/msf-autoshell //配合nessus扫描结果进行msf攻击 - https://github.com/MooseDojo/apt2 //联动nmap、nessus等工具进行安全测试 -#### awvs相关工具拓展插件 +### awvs相关工具拓展插件 - https://www.52pojie.cn/thread-214819-1-1.html //awvs10.5开发框架破解版。商业版。 - https://github.com/fnmsd/awvs_script_decode //awvs10.5规则scripts解密版,SDK,开发手册 - https://github.com/NS-Sp4ce/AWVS11.X-Chinese-Version //JS.awvs11汉化包 - https://github.com/l3m0n/awvs_190703137 //PY.Linux版awvs - https://github.com/grayddq/PublicSecScan //PY.调用awvsAPI对WEB资产进行分布式WEB安全扫描,发现web环境下常规的一些安全漏洞 -#### burpsuit相关工具拓展插件 -- https://github.com/PortSwigger //burpsuite官方插件库。商业版。 -- https://github.com/snoopysecurity/awesome-burp-extensions //awesome系列之burp拓展 -- https://github.com/d3vilbug/HackBar //hackbar -- https://github.com/bit4woo/knife //burp增强右键菜单 -- https://github.com/c0ny1/jsEncrypter //一个用于加密传输爆破的Burp Suite插件 -- https://github.com/nccgroup/BurpSuiteHTTPSmuggler //使用几种技巧绕过WAF -- https://github.com/nccgroup/argumentinjectionhammer //Burp插件.识别参数注入漏洞 -- https://github.com/modzero/interestingFileScanner //增强敏感文件扫描 -- https://github.com/c0ny1/chunked-coding-converter //本插件主要用于分块传输绕WAF -- https://github.com/ztosec/secscan-authcheck //java.越权漏洞检测,支持web界面配置。Github:portswigger/authz -- https://github.com/m4ll0k/BurpSuite-Secret_Finder //在http请求中扫描apikey/tokens -- https://github.com/TheKingOfDuck/burpFakeIP //IP修改伪造 -#### sqlmap相关工具拓展插件 +### sqlmap相关工具拓展插件 - https://github.com/codewatchorg/sqlipy //burp与sqlmap联动插件 - https://github.com/RicterZ/websocket-injection //PY2.WebSocket 中转注入工具 - https://github.com/Hood3dRob1n/SQLMAP-Web-GUI //PHP.sqlmap的web gui @@ -443,7 +439,7 @@ - https://github.com/ysrc/GourdScanV2 //ysrc出品的被动式漏洞扫描工具,基于sqlmapapi - https://github.com/zt2/sqli-hunter //基于sqlmapapi,ruby编写的漏洞代理型检测工具 - https://github.com/jesuiscamille/AutoSQLi //利用DorkNet,Googler, Ddgr, WhatWaf 和 sqlmap自动注入 -#### nmap相关工具拓展插件 +### nmap相关工具拓展插件 - https://github.com/Ullaakut/nmap //GO.Nmap调用库go - https://github.com/savon-noir/python-libnmap //PY.nmap调用库python - https://github.com/johnnyxmas/scancannon //BASH.联动masscan和nmap @@ -465,7 +461,7 @@ - https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest //集成子域名枚举、nmap、waf指纹识别等模块的web应用扫描器 - https://github.com/ring04h/wyportmap //调用nmap目标端口扫描+系统服务指纹识别 - https://github.com/cloudflare/flan //PY.cloudflare基于nmap开发的漏洞检测工具 -#### metasploit相关工具拓展插件 +### metasploit相关工具拓展插件 - https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit //结合机器学习与msf的全自动测试工具 - https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL //一个可以创建SSL/TLS shell连接的脚本 - https://github.com/DanMcInerney/msf-netpwn //等待msf的session,并自动提为域管理 @@ -478,13 +474,7 @@ - https://github.com/shizzz477/msploitego //将msf数据库与maltego进行图形化展示 - https://github.com/scriptjunkie/msfgui //metasploit的GUI界面,强化Windows下支持 - https://github.com/Zerx0r/Kage //VueJS.图形化MSF的GUI界面,Session Handler控制。 -#### CobaltStrike相关工具拓展插件 -- https://www.cobaltstrike.com/aggressor-script/index.html //脱离MSF之后的Aggressor Script 成为了开源脚本引擎 Cortana 的接班人 -- https://github.com/verctor/CS_xor64 //JAVA.生成cobaltstrike破解版所需的xor64.bin -- https://github.com/Mr-Un1k0d3r/SCT-obfuscator //Cobalt Strike SCT有效载荷混淆器 -- https://github.com/dcsync/pycobalt //PY3.Python API for Cobalt Strike -- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_Cobaltstrike.md/ //cobaltstrike插件收集.mywiki -#### Empire相关工具拓展插件 +### Empire相关工具拓展插件 - https://paper.tuisec.win/detail/f3dce68a0b4baaa //利用Empire获取域控权限 - https://github.com/EmpireProject/Empire-GUI //empire的nodejs界面 - https://github.com/interference-security/empire-web //empire的web界面 @@ -1307,6 +1297,8 @@ endpoint 防护软件 - https://paper.seebug.org/613/ //工控漏洞挖掘方法之固件逆向分析 - https://github.com/unprovable/PentestHardware //硬件渗透测试实用手册 - https://github.com/cwerling/psptool //PY.分析和解析AMD安全处理器的固件工具包 +- https://www.amobbs.com/thread-5703833-1-1.html //【正点原子】XCOM串口调试助手软件 +- https://github.com/nodemcu/nodemcu-flasher //Pascal.firmware Flash tool for nodemcu,包括“ESP8266Flasher.exe”。 ### 智能设备安全 - https://github.com/yaseng/iot-security-wiki/ //物联网安全百科。伏宸安全实验 - https://github.com/vletoux/SpoolerScanner //检测 Windows 远程打印机服务是否开启的工具 @@ -1399,7 +1391,7 @@ endpoint 防护软件 - https://www.pelock.com/articles/reverse-engineering-tools-review //Reverse engineering tools review 逆向工具测评 - https://down.52pojie.cn/ //吾爱破解爱盘工具包。 - https://www.peerlyst.com/posts/resource-learning-how-to-reverse-malware-a-guide //恶意软件逆向指南和工具的集合 -- https://github.com/alphaSeclab/awesome-reverse-engineering //Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT)3000+逆向资源合集.收集的所有开源工具: sec-tool-list;网络相关的安全资源: awesome-network-stuff;攻击性网络安全资源: awesome-cyber-security;开源远控和恶意远控分析报告: awesome-rat;Webshell工具和分析/使用文章: awesome-webshell; +- https://github.com/alphaSeclab/awesome-reverse-engineering //Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT)3000+逆向资源合集. ### PC端逆向二进制文件分析 - https://github.com/ReFirmLabs/binwalk //PY.固件、二进制、pwn等文件自动化识别与逆向,支持多插件配置。goodjob,5k。 - http://www.sweetscape.com/010editor/ //识别不同文件格式(模板)的16进制编辑器,具有文件修复功能。 @@ -1720,6 +1712,7 @@ endpoint 防护软件 - https://github.com/NytroRST/NetRipper //支持截获像putty,winscp,mssql,chrome,firefox,outlook,https中的明文密码 - https://github.com/shramos/polymorph //支持几乎所有现有协议的实时网络数据包操作框架 - https://github.com/nospaceships/raw-socket-sniffer //C.PS.无需驱动抓取Windows流量 +- https://github.com/netsniff-ng/netsniff-ng //C.a fast zero-copy analyzer,pcap捕获和重放工具 ### 常用报文库开源协议库 - https://wiki.wireshark.org/SampleCaptures/ //wireshark维护的报文Captures,包括许多工控协议库等 - https://securityonion.readthedocs.io/en/latest/pcaps.html //安全洋葱维护的回溯pcap列表。securityonion-docs diff --git a/wiki_Selfsource.md b/wiki_Selfsource.md index 10ce4ea..55716de 100644 --- a/wiki_Selfsource.md +++ b/wiki_Selfsource.md @@ -7,7 +7,7 @@ - https://github.com/sym233/core-values-encoder //js.社会主义核心价值观加密,https://sym233.github.io/core-values-encoder/ - https://pdos.csail.mit.edu/archive/scigen/ //SCIgen 学术文档虚拟文件生成钓鱼 - https://github.com/DIYgod/RSSHub //JS.万物皆可rss -- https://lovelive.tools/ //说话的艺术,zn语录 +- https://lovelive.tools/ //说话的艺术,渣男语录 - https://github.com/jxlwqq/id-validator.py //PY3.居住证号码验证工具(Python 版) - https://github.com/sylnsfar/qrcode //PY3.动态二维码 - https://github.com/fire-keeper/BlindWatermark //py.数字水印,使用盲水印保护图片。 @@ -15,17 +15,17 @@ - https://archive.org //Internet Archive is a non-profit library of millions of free books, movies, software, music, websites, and more. - http://web.archive.org //网站时光机 - https://wn.run //万能命令.自动加载网站脚本,视频解析/文档下载/翻译/快照等。 -- http://www.bingdian001.com/ //冰点文库下载 +- http://www.bingdian001.com/ //百度文库冰点下载 - https://2tool.top/ //域名前面加上his.sh,网页快照 - https://www.freenom.com //注册免费域名,dns解析 - https://github.com/luolongfei/freenom //php.freenom域名自动续期。 - https://www.onlinedoctranslator.com/ //在线文档翻译 - https://zh.wikihow.com //生活百科 -- https://pandownload.com/ //下载 +- https://pandownload.com/ //百度下载 - https://www.baiduwp.com/ //网盘下载 - https://github.com/b3log/baidu-netdisk-downloaderx //GO/JS.BND是基于G:BaiduPCS-Go图形界面的百度网盘不限速下载器 - https://github.com/wu-dada/baidupankey //JS.基于云盘万能钥匙api查询百度网盘提取密码 -- http://www.speedpan.com/ //下载 +- http://www.speedpan.com/ //百度下载 - https://github.com/peterq/pan-light //GO.网盘不限速客户端, golang + qt5, 跨平台图形界面。9k。 - https://github.com/devzwy/Crack-Edition-software-for-Mac //各类破解版Mac软件 - http://tool.oschina.net/commons/ //常用对照表,HTTP Content-type、TCP/UDP常见端口参考、字体、颜色等。 @@ -47,12 +47,12 @@ - https://www.pdfpai.com/ //在线pdf转换 - http://www.alltoall.net/ //在线格式转换 ### 搜索引擎 -- https://www.wolframalpha.com //问题答案搜索 +- https://www.dogedoge.com/ //多吉搜索 +- https://weixin.sogou.com/weixin?type=2&query= //微信文章搜索 - http://ac.scmor.com/ //谷歌搜索镜像 -- https://github.com/asciimoo/searx //PY.搭建一个自己的搜索引擎,DEMO网址 https://searx.me/ -- https://www.gobaidugle.com //联合搜索 -- https://lookao.com/ //匿名搜索 -- https://mijisou.com/ //匿名搜索 +- https://www.gobaidugle.com //聚合搜索 +- https://www.wolframalpha.com //问题答案搜索 +- https://github.com/asciimoo/searx //PY.搭建一个自己的搜索引擎,DEMO网址 searx.me. ### 网盘服务 - https://send.firefox.com //火狐网盘 - https://www.upload.ee/ //文件共享平台 @@ -84,6 +84,11 @@ - https://bbs.pediy.com/thread-223178.htm //intro.[原创] 对控制PC端微信发送信息的研究 - https://github.com/TonyChen56/WeChatRobot //C++.微信pc机器人。 - https://github.com/anhkgg/SuperWeChatPC //超级微信电脑客户端,支持多开、防消息撤销、语音消息备份...开放WeChatSDK +## 注册机keygen +- https://github.com/DoubleLabyrinth/MobaXterm-keygen //PY.putty远程服务管理工具,MobaXterm注册机。G:github.com/HyperSine/ +- https://github.com/DoubleLabyrinth/navicat-keygen //C.数据库管理工具navicat注册机。G:github.com/HyperSine/ +- https://github.com/DoubleLabyrinth/winrar-keygen //C++.A keygen for WinRAR注册机。G:github.com/HyperSine/ +- https://github.com/zsdlove/fortify-license-crack //fortify去除证书校验 ## 办公套件 - https://cmder.net //Windows命令行加强版。通过*user_aliases*配置文件配置快捷键 - https://sadd.io/ //在线操作系统 @@ -97,9 +102,6 @@ - http://ohshitgit.com/ //intro.git操作手册 - https://www.mythicsoft.com //全文检索工具。FileLocatorPro,类似如SearchMyFiles - https://www.voidtools.com //文件和文件夹快速定位。Everything -- https://github.com/DoubleLabyrinth/MobaXterm-keygen //PY.putty远程服务管理工具,MobaXterm注册机。G:github.com/HyperSine/ -- https://github.com/DoubleLabyrinth/navicat-keygen //C.数据库管理工具navicat注册机。G:github.com/HyperSine/ -- https://github.com/DoubleLabyrinth/winrar-keygen //C++.A keygen for WinRAR注册机。G:github.com/HyperSine/ - https://github.com/stascorp/rdpwrap //Pascal.开启异步并发rdp请求服务 - http://sc.ftqq.com/3.version //server酱微信通知 - http://www.vuln.cn/tools/ftp //在线FTP登录 @@ -131,10 +133,13 @@ - https://audionautix.com/ //由Jason Shaw创作和制作的免费用于商业。需提供转载声明 - https://www.tosound.com/ //免费 ### 视频素材 +- https://github.com/obsproject/obs-studio //C.用于实时流媒体和屏幕录制.官网obsproject.com。 - https://www.videezy.com/ //免费使用,商用受保护 - https://www.pexels.com/ //图像、视频免费使用 - https://mixkit.co/ //在线视频素材 ### 图片素材 +- https://github.com/nagadomi/waifu2x //lua.无损放大图片.官网“waifu2x.udp.jp/”。P:bigjpg.com; +- https://www.remove.bg/ //图片背景消除 - https://wallhaven.cc/ //大片既视感 - https://www.cleanpng.com/ //矢量png图 - https://www.flaticon.com //免费图标网站 @@ -142,7 +147,7 @@ ### 字体素材 - https://www.hellofont.cn/ // ### 文档素材下载 -- https://www.cn-ki.net/ //知网、论文期刊检索下载 +- https://www.cn-ki.net/ //知网/论文期刊检索下载 - http://sci-hub.tw/ //文献、专利、书籍下载 - https://github.com/gedoor/MyBookshelf //JAVA.安卓app小说阅读器 - http://wenku.baiduvvv.com/doc/ //文库下载 diff --git a/wiki_TipSkill.md b/wiki_TipSkill.md index bd8dadb..e0b4d1a 100644 --- a/wiki_TipSkill.md +++ b/wiki_TipSkill.md @@ -37,6 +37,7 @@ - https://github.com/lancopku/PKUSeg-python //PY3.北大中文分词 - https://github.com//chinese-poetry/chinese-poetry //PY.中华最全诗词库数据 ### 机器学习 +- https://visualgo.net/ //算法库 - https://github.com/google-research/bert //PY.谷歌研究院最强NLP运算模型 - https://paperswithcode.com/sota //机器学习具体项目、演示、代码 - https://www.reddit.com/r/Python/comments/a81mg3/the_entire_mit_intro_computer_science_class_using/ //麻省理工机器学习视频 diff --git a/wiki_burpsuite.md b/wiki_burpsuite.md new file mode 100644 index 0000000..2b0ee0f --- /dev/null +++ b/wiki_burpsuite.md @@ -0,0 +1,13 @@ +### burpsuit相关工具拓展插件 +- https://github.com/snoopysecurity/awesome-burp-extensions //awesome系列之burp拓展 +- https://github.com/alphaSeclab/awesome-burp-suite //Awesome Burp Suite Resources. 400+ open source Burp plugins, 500+ posts and videos. +- https://github.com/d3vilbug/HackBar //hackbar +- https://github.com/bit4woo/knife //burp增强右键菜单 +- https://github.com/c0ny1/jsEncrypter //一个用于加密传输爆破的Burp Suite插件 +- https://github.com/nccgroup/BurpSuiteHTTPSmuggler //使用几种技巧绕过WAF +- https://github.com/nccgroup/argumentinjectionhammer //Burp插件.识别参数注入漏洞 +- https://github.com/modzero/interestingFileScanner //增强敏感文件扫描 +- https://github.com/c0ny1/chunked-coding-converter //本插件主要用于分块传输绕WAF +- https://github.com/ztosec/secscan-authcheck //java.越权漏洞检测,支持web界面配置。Github:portswigger/authz +- https://github.com/m4ll0k/BurpSuite-Secret_Finder //在http请求中扫描 api key/tokens +- https://github.com/TheKingOfDuck/burpFakeIP //PY.IP修改伪造 \ No newline at end of file