mirror of
https://github.com/euphrat1ca/Security-List.git
synced 2026-06-30 21:09:51 +08:00
Merge branch 'master' of https://github.com/euphrat1ca/security_w1k1
This commit is contained in:
commit
adc52e8d7c
30
README.md
30
README.md
@ -11,17 +11,14 @@
|
||||
# 安全相关资源列表
|
||||
- https://arxiv.org //康奈尔大学(Cornell University)开放文档
|
||||
- https://github.com/sindresorhus/awesome //awesome系列
|
||||
- https://github.com/k4m4/movies-for-hackers //安全相关电影
|
||||
- http://www.owasp.org.cn/owasp-project/owasp-things //OWASP项目
|
||||
- https://github.com/Hack-with-Github/Awesome-Hacking //GitHub万星推荐:黑客成长技术清单
|
||||
- https://github.com/SecWiki/sec-chart //安全思维导图集合
|
||||
- https://github.com/Mayter/sec-charts //在sec-wiki的思维导图加上作者收藏
|
||||
- https://github.com/Mayter/sec-charts //在sec-wiki的思维导图 plus
|
||||
- https://github.com/Ascotbe/Osmographic-brain-mapping //安全思维脑图。ctf/web/二进制/ai/区块链/业务/主机/社工/移动/无线/运维/风控
|
||||
- https://github.com/tom0li/collection-document //安全部/攻防/内网/Web/apt/漏洞预警/开发/Bug Bounty/SDL/SRC
|
||||
- https://github.com/secure-data-analysis-data-sharing/data-analysis 资料分为安全态势、攻防对抗、数据分析、威胁情报、应急响应、物联网安全、企业安全建设、其他书籍八部分
|
||||
- https://github.com/hongriSec/AI-Machine-Learning-Security //机器学习算法、AI模型、渗透测试工具
|
||||
- https://github.com/bt3gl/Pentesting-Toolkit //CTF、逆向、移动端、网络安全、web安全、工具使用。welljob。
|
||||
- https://github.com/zhengjim/Chinese-Security-RSS/ //安全RSS订阅列表
|
||||
- http://paper.tidesec.com/ //免杀bypass、红蓝ctf、ics、iot、移动、应急响应、代码审计、工具设计
|
||||
## 安全建设方案
|
||||
- https://www.nist.gov/topics/cybersecurity //美国国家标准与技术研究院。NVD漏洞库
|
||||
@ -97,13 +94,6 @@
|
||||
- https://null-byte.wonderhowto.com //msf/fb/wifi/pass/取证/social/信息收集
|
||||
- https://github.com/knownsec/RD_Checklist //知道创宇技能列表
|
||||
- https://github.com/ChrisLinn/greyhame-2017 //灰袍技能书2017版本
|
||||
### 安全博客论坛
|
||||
- https://github.com/DropsOfZut/awesome-security-weixin-official-accounts //网络安全类公众号推荐
|
||||
- https://www.malwareanalysis.cn/ //安全分析与研究 专注于全球恶意样本的分析与研究
|
||||
- www.52pojie.cn/ //吾爱破解。W:bbs.125.la/ //精易求精;--
|
||||
- https://www.lshack.cn //工控安全入门
|
||||
- http://scz.617.cn:8/network/ //青衣十三楼(飞花堂),小四。W:cnblogs.com/ssooking;--
|
||||
- http://blog.leanote.com/snowming //红队博客。W:lcx.cc //NuclearAtk核总;W:blog.orange.tw //橘子出品必属精品;--
|
||||
### 安全大会资料
|
||||
- https://www.hackinn.com/search/?keyword= //资料站。W:srxh1314.com/;-
|
||||
- http://www.irongeek.com/i.php?page=security/hackingillustrated //国内外安全大会相关视频与文档
|
||||
@ -190,7 +180,7 @@
|
||||
- https://www.nomoreransom.org //在线勒索病毒解决方案
|
||||
## 攻防技术资源学习
|
||||
- https://attack.mitre.org //mitre科技机构对攻击技术的总结wiki,攻击矩阵模型。
|
||||
- https://github.com/infosecn1nja/awesome-mitre-attack //Mitre ATT&CK™框架资源收集。Web:huntingday.github.io;G:lengjibo/ATT-CK-CN //att&ck实操实验记录;W:vulhub.org.cn/attack //att&ck汉化;
|
||||
- https://github.com/infosecn1nja/awesome-mitre-attack //Mitre ATT&CK™框架资源收集。Web:huntingday.github.io;G:lengjibo/ATT-CK-CN //att&ck实操实验记录;W:vulhub.org.cn/attack //att&ck汉化;--
|
||||
- https://github.com/Micropoor/Micro8 //Microporor高级攻防100课。goodjob。PHP安全新闻早8点课程
|
||||
- https://github.com/meitar/awesome-cybersecurity-blueteam // A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
|
||||
- https://bitvijays.github.io //infosec知识总结。goodjob。
|
||||
@ -295,13 +285,15 @@ G:Ehco1996/django-sspanel;G:leitbogioro/SSR.Go;--
|
||||
- https://github.com/fgont/ipv6toolkit //C.si6networks.com组织的ipv6工具集
|
||||
- https://github.com/lavalamp-/ipv666 //GO.ipv6地址枚举扫描
|
||||
- https://github.com/christophetd/IPv6teal //PY.利用ipv6隐蔽隧道传输数据
|
||||
### 信息保护隐匿流量洋葱路由
|
||||
- https://www.torproject.org/ //洋葱浏览器。P:dnmugu4755642434.onion/ kilos搜索引擎;
|
||||
## 信息隐匿保护
|
||||
- https://github.com/ffffffff0x/Digital-Privacy/ //一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗。类wiki_OsintData;wiki_Selfsource;wiki_FreeConnect。goodjob。
|
||||
- https://github.com/leitbogioro/Fuck_Aliyun //关闭阿里云监控服务
|
||||
- https://github.com/Nummer/Destroy-Windows-10-Spying //DWS用来关闭windows监控服务
|
||||
- https://github.com/JusticeRage/freedomfighting //日志清理、文件共享、反向shell
|
||||
- https://github.com/Rizer0/Log-killer //日志清除,Windows/Linux 服务器中的所有
|
||||
- https://github.com/360-A-Team/EventCleaner //日志擦除工具
|
||||
### 隐匿流量洋葱路由
|
||||
- https://www.torproject.org/ //洋葱浏览器。P:dnmugu4755642434.onion/ kilos搜索引擎;
|
||||
- https://github.com/s-rah/onionscan //darkweb暗网爬虫
|
||||
- https://github.com/globaleaks/Tor2web //darkweb暗网代理服务器,将onion的服务变为普通的服务
|
||||
- https://github.com/milesrichardson/docker-onion-nmap //使用nmap扫描Tor网络上隐藏的"onion"服务
|
||||
@ -733,7 +725,17 @@ W:ns4gov.000webhostapp.com;
|
||||
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_ToolDevelop.md/ //kali/nmap/burpsuite/Nessus/awvs/sqlmap/metasploit/cobaltstrike/empire/菜刀/ 插件.mywiki
|
||||
|
||||
---
|
||||
### 博客论坛信息流
|
||||
- https://github.com/k4m4/movies-for-hackers //安全相关电影
|
||||
- https://github.com/Hack-with-Github/Awesome-Hacking //GitHub万星推荐:黑客成长技术清单
|
||||
- https://github.com/DropsOfZut/awesome-security-weixin-official-accounts //网络安全类公众号推荐
|
||||
- https://www.malwareanalysis.cn/ //安全分析与研究 专注于全球恶意样本的分析与研究
|
||||
- www.52pojie.cn/ //吾爱破解。W:bbs.125.la/ //精易求精;--
|
||||
- https://www.lshack.cn //工控安全入门
|
||||
- http://scz.617.cn:8/network/ //青衣十三楼(飞花堂),小四。W:cnblogs.com/ssooking;--
|
||||
- http://blog.leanote.com/snowming //红队博客。W:lcx.cc //NuclearAtk核总;W:blog.orange.tw //橘子出品必属精品;--
|
||||
- https://www.anquanke.com/vul //安全客GitHub安全类目引擎,基于热度、时间,cve漏洞监控。goodjob。
|
||||
- https://github.com/zhengjim/Chinese-Security-RSS/ //国内安全资讯的RSS地址
|
||||
- https://i.hacking8.com/ //安全信息流。
|
||||
- http://wiki.ioin.in/ //sec-news 安全文摘;先知;freebuf
|
||||
- https://github.com/topics/security //GitHub安全类目。G:We5ter/Scanners-Box;--
|
||||
|
||||
@ -8,6 +8,7 @@
|
||||
- http://www.right.com.cn/forum/ //恩山无线论坛,wireless。
|
||||
- https://github.com/peplin/pygatt //PY.蓝牙安全,BLE/Bluetooth/zigbee传感器控制。G:nian-hua/Litchi;
|
||||
- https://www.anquanke.com/post/id/204316 //GPS欺骗实验
|
||||
- https://github.com/asweigart/pyautogui //py。操作电脑桌面库
|
||||
### 通讯安全SDR/RFID/NFC
|
||||
- http://www.freebuf.com/news/others/605.html //RFID Hacking–资源大合集
|
||||
- https://github.com/samyk/magspoof //信用卡信息盗取
|
||||
|
||||
@ -54,7 +54,7 @@
|
||||
- https://github.com/Viralmaniar/Passhunt //PY.simple。用于搜索网络设备Web应用程序等的默认凭证。包含523个厂家的2084组默认密码
|
||||
## ICS工控安全
|
||||
- https://github.com/hslatman/awesome-industrial-control-system-security //工控系统安全方向优秀资源收集仓库
|
||||
- https://collaborate.mitre.org/attackics/index.php/Main_Page //ICS工业安全 ATT&CK矩阵类.
|
||||
- https://collaborate.mitre.org/attackics/index.php/Main_Page //ICS工业安全 ATT&CK矩阵类。
|
||||
- https://github.com/ITI/ICS-Security-Tools //工控安全资源。国内外文章、脚本、固件、协议库、数据包、相关工具。G:euphrat1ca/ICSwiki;
|
||||
- https://github.com/hslatman/awesome-industrial-control-system-security //Industrial Control System (ICS) security安全集
|
||||
- http://jzgkchina.com //剑指工控 工控基础知识。W:linuxscada.info;
|
||||
|
||||
@ -112,13 +112,14 @@
|
||||
- https://github.com/threatexpress/cs2modrewrite //用于将Cobalt Strike配置文件转换为mod_rewrite脚本的工具
|
||||
- https://github.com/Mr-Un1k0d3r/CatMyFish //搜索分类域,为Cobalt Strike beacon C&C设置白名单域
|
||||
- https://github.com/threatexpress/malleable-c2 //利用jquery文件进行C2通讯,在文件内做了JS混淆绕过防火墙
|
||||
#### cobaltstrike后渗透拓展
|
||||
#### cobaltstrike渗透拓展
|
||||
- https://github.com/DeEpinGh0st/Erebus //权限维持、横向拓展、本地提权、痕迹清理
|
||||
- https://github.com/gloxec/CrossC2 //cobaltstrike插件.生成CobaltStrike的跨平台beacon.testjob.
|
||||
- https://github.com/darkr4y/geacon //GO.macos系统beacon上线
|
||||
- https://github.com/QAX-A-Team/EventLogMaster //RDP日志取证&清除
|
||||
#### cobaltstrike提权漏洞利用
|
||||
#### cobaltstrike提权利用
|
||||
- https://github.com/rsmudge/ElevateKit/ //PS.cna插件,CS利用第三方模块提权
|
||||
- https://github.com/Rvn0xsy/CVE_2020_0796_CNA //SMBv3 LPE Exploit
|
||||
### 菜刀相关工具
|
||||
- https://github.com/AntSword-Store/ //中国蚁剑插件市场
|
||||
- https://github.com/yzddmr6/as_webshell_venom //js.免杀webshell无限生成工具蚁剑版
|
||||
|
||||
@ -28,6 +28,7 @@
|
||||
- https://github.com/jas502n/CVE-2019-15642/ //CVE-2019-15642 Webmin远程命令执行,需要登录权限。
|
||||
- https://github.com/petercunha/Jenkins-PreAuth-RCE-PoC //jenkins远程命令执行
|
||||
- https://github.com/euphrat1ca/OtherScript/blob/master/coremail_vul_check.sh //coremail配置文件泄露导致用户导出/资产泄露/邮件伪造发送
|
||||
- https://github.com/dpu/coremail-address-book/ /go。Coremail邮件系统组织通讯录导出脚本
|
||||
- https://slides.com/securitymb/prototype-pollution-in-kibana#/ //kibana <6.6.0 未授权远程代码命令执行。Kibana CVE-2019-7609 RCE Exploit
|
||||
- https://github.com/jas502n/fastjson-RCE //fastjson-v1.2.47-RCE 命令执行漏洞
|
||||
- https://www.corben.io/atlassian-crowd-rce/ //JAVA.atlassian crowd,CVE-2019-11580.
|
||||
@ -81,8 +82,8 @@
|
||||
- https://xz.aliyun.com/t/1491 //Mysql数据库渗透及漏洞利用总结。写shell、udf、mof、注册表、os-shell;
|
||||
- https://www.anquanke.com/post/id/86011 //【技术分享】MSSQL 注入攻击与防御。sql server漏洞利用。
|
||||
- https://github.com/euphrat1ca/CVE-2020-0618 //SQL Server Reporting Services(CVE-2020-0618)利用ysoserial.net命令执行。
|
||||
- https://github.com/oliver006/redis_exporter //GO.redis未授权访问
|
||||
- https://github.com/Ridter/redis-rce //py.A exploit for Redis 4.x/5.x RCE, inspired by Redis post-exploitation.G:n0b0dyCN/redis-rogue-server;G:RicterZ/RedisModules-ExecuteCommand;--
|
||||
- https://github.com/oliver006/redis_exporter //GO.redis未授权访问,主从复制写shell。
|
||||
- https://github.com/Dliv3/redis-rogue-server //Redis 4.x/Redis 5.x RCE利用脚本,附带可利用so文件。G:Ridter/redis-rce;G:RicterZ/RedisModules-ExecuteCommand;--
|
||||
- https://github.com/t0kx/exploit-CVE-2015-1427 //BASH.Elasticsearch 1.4.0 < 1.4.2 Remote Code Execution exploit and vulnerable container远程命令执行。P:CVE-2014-3120 //v1.1.1支持传入动态脚本(MVEL)命令执行;--
|
||||
- https://www.freebuf.com/vuls/212799.html/ //MongoDB未授权访问漏洞分析及整改建议
|
||||
### C#/.Net反序列化漏洞
|
||||
@ -218,7 +219,7 @@
|
||||
- https://github.com/SecWiki/windows-kernel-exploits //Windows平台提权漏洞Exp集合。P:kerberos域控ms14‐068/;G:51x/WHP;G:ianxtianxt/win-exp-/;G:lyshark/Windows-exploits;--
|
||||
- https://github.com/bitsadmin/wesng //PY.WES-NG,全称为Windows ExploitSuggester - Next Generation,该工具的运行基于Windows systeminfo实用工具的输出,可以给用户提供目标操作系统可能存在的漏洞列表,并针对这些漏洞给出漏洞利用实施建议。该工具的适用系统范围从Windows XP到Windows 10,还包括Windows Server等服务器/工作站版本。1k。
|
||||
- https://github.com/rasta-mouse/Sherlock //PS.win提权漏洞验证。1k。
|
||||
- https://github.com/danigargu/CVE-2020-0796 //C.CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost RCE&LPE。G:ollypwn/SMBGhost;G:jiansiting/CVE-2020-0796;goodjob。
|
||||
- https://github.com/danigargu/CVE-2020-0796 //C.CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost RCE&LPE。goodjob。G:ollypwn/SMBGhost;G:jiansiting/CVE-2020-0796;--。
|
||||
- https://github.com/WindowsExploits/Exploits //微软CVE-2012-0217、CVE-2016-3309、CVE-2016-3371、CVE-2016-7255、CVE-2017-0213利用Windows COM提权。
|
||||
- https://github.com/taviso/ctftool/ //C.利用Windows文本服务框架(TSF)下CTF文本服务协议实现权限提升、沙箱逃逸、读写输入内容等。
|
||||
- https://github.com/SandboxEscaper/polarbearrepo //C++.Win 10计划任务本地权限提升,win server 2016-2019提权。
|
||||
|
||||
@ -155,7 +155,7 @@ G:timwhitez/crawlergo_x_XRAY;W:xz.aliyun.com/t/7047;--
|
||||
- http://blog.safebuff.com/2016/07/03/SSRF-Tips/ //ssrf漏洞利用手册
|
||||
- https://github.com/swisskyrepo/SSRFmap //PY.检测ssrf漏洞
|
||||
- https://github.com/tarunkant/Gopherus //PY.利用gopher协议(早期从远程服务器上获取数据的协议)生成ssrf payload执行rce。
|
||||
- https://www.anquanke.com/post/id/145519/ //浅析SSRF原理及利用方式
|
||||
- https://www.anquanke.com/post/id/145519/ //浅析SSRF原理及利用方式。gopher、dict、file、http/s协议利用
|
||||
## XSS跨站脚本检测利用
|
||||
- https://github.com/beefproject/beef //JS,RUBY.BeEF跨平台Web浏览器渗透测试工具
|
||||
- https://xsspt.com/index.php?do=blist //乌云xss学习
|
||||
|
||||
Loading…
Reference in New Issue
Block a user