mirror of
https://github.com/euphrat1ca/Security-List.git
synced 2026-06-30 21:09:51 +08:00
Merge branch 'master' of https://github.com/euphrat1ca/security_w1k1
This commit is contained in:
commit
cfed8af550
12
README.md
12
README.md
@ -79,14 +79,14 @@
|
||||
- https://github.com/imthenachoman/How-To-Secure-A-Linux-Server //Linux服务器保护。9k
|
||||
- https://github.com/trimstray/nginx-admins-handbook //nginx操作手册。8k
|
||||
- https://github.com/valentinxxx/nginxconfig.io/ //在线nginx配置文件生成,W:nginxconfig.io;--
|
||||
### 系统检查基线
|
||||
### 系统安全基线检查
|
||||
- https://www.open-scap.org/ //安全基线评估工具集
|
||||
- https://github.com/re4lity/Benchmarks //常用服务器、数据库、中间件安全配置基线 ,基本包括了所有的操作系统、数据库、中间件、网络设备、浏览器、安卓、IOS、云服务的安全配置。
|
||||
- https://github.com/Jsitech/JShielder //linux下服务器一键加固脚本
|
||||
- https://github.com/trimstray/linux-hardening-checklist //Linux服务器加固基线
|
||||
- https://github.com/a13xp0p0v/kconfig-hardened-check //用于检查 Linux 内核配置中的安全加固选项的脚本
|
||||
- https://gist.github.com/mackwage/08604751462126599d7e52f233490efe //Windows安全加固命令
|
||||
- https://github.com/wstart/DB_BaseLine //数据库基线检查工具
|
||||
- https://github.com/wstart/DB_BaseLine //数据库检查基线工具
|
||||
- https://github.com/drduh/macOS-Security-and-Privacy-Guide //Py。MacOS安全性基线。
|
||||
### 系统ACL策略安全
|
||||
- https://www.4hou.com/penetration/5752.html //Intro。域渗透提权分析工具 BloodHound 1.3 中的ACL攻击路线。
|
||||
@ -107,15 +107,11 @@
|
||||
- https://github.com/juliocesarfort/public-pentesting-reports //由几家咨询公司和学术安全组织发布的公共渗透测试报告的列表。
|
||||
- http://pentestmonkey.net/category/cheat-sheet //渗透测试常见条目
|
||||
- https://github.com/0xRadi/OWASP-Web-Checklist //owasp网站检查条目
|
||||
- https://github.com/arunmagesh/hw_hacking_cheatsheet 硬件hardware测试条目
|
||||
- https://mp.weixin.qq.com/s/O36e0gl4cs0ErQPsb5L68Q //公众号:区块链、以太坊智能合约审计 CheckList
|
||||
- https://github.com/slowmist/eos-bp-nodes-security-checklist //区块链,EOS bp nodes security checklist(EOS超级节点安全执行指南)
|
||||
- https://github.com/GitGuardian/APISecurityBestPractices //api接口测试checklist
|
||||
- https://github.com/shieldfy/API-Security-Checklist //api开发核对清单。12k。
|
||||
- https://github.com/theLSA/CS-checklist //CS客户端检查条目checklist
|
||||
- https://github.com/theLSA/hack-cs-tools //CS客户端测试工具,配合客户端checklist
|
||||
- https://xz.aliyun.com/t/2089 //金融科技SDL安全设计checklist
|
||||
- 汽车安全测试Checklist //水滴安全实验室
|
||||
- https://blog.csdn.net/qq_39541626/article/details/104891590 //小程序、公众号安全测试list
|
||||
- https://www.butian.net/School/content?id=307/ //移动通信网络渗透测试科普
|
||||
## IPv6安全相关
|
||||
@ -204,6 +200,7 @@
|
||||
- https://github.com/digininja/CeWL/ //Ruby。爬取目标网站关键词生成字典。
|
||||
## 社工相关
|
||||
- https://github.com/mehulj94/Radium-Keylogger //py.键盘记录工具。
|
||||
- https://www.snapfiles.com/get/antikeyloggertester.html //Windows客户端键盘记录工具AKLT。
|
||||
- https://github.com/ggerganov/kbd-audio //C++。linux下利用麦克风监控键盘输入测试输入值。
|
||||
- https://github.com/Pickfordmatt/SharpLocker/ //c#。Windows锁屏密码记录。G:/bitsadmin/fakelogonscreen;PS:Invoke-LoginPrompt.ps1;PS:Invoke-CredentialsPhish.ps1;Koadic:password_box;Empire:collection/toasted;Empire:collection/prompt;MSF:phishwindowscredentials;--
|
||||
- https://github.com/thelinuxchoice/lockphish //shell,PHP。基于ngrok利用钓鱼网站获取锁屏密码(手机、电脑)。
|
||||
@ -254,7 +251,8 @@ W:ns4gov.000webhostapp.com;W:smtp2go.com/;--
|
||||
- https://github.com/euphrat1ca/Fast-RDP-Brute-GUI-v2.0-by_Stas-M--Official/ //RDP密码爆破、扫描,Fast RDP Brute GUI by Stas M,stascorp.com解压密码Stas'M Corp.
|
||||
- https://github.com/TunisianEagles/SocialBox //针对fb、gmail、ins、twitter的用户名密码爆破的脚本.
|
||||
- https://github.com/Moham3dRiahi/XBruteForcer //perl。WordPress、Joomla、DruPal、OpenCart、Magento等CMS爆破。
|
||||
- https://github.com/ryanohoro/csbruter/ //cobaltstrike服务密码爆破,3.10版本
|
||||
- https://github.com/ryanohoro/csbruter/ //cobaltstrike服务密码爆破,3.10版本。
|
||||
- https://github.com/theLSA/awBruter //木马一句话爆破
|
||||
### 密码破解哈希还原
|
||||
- https://ophcrack.sourceforge.io/ //C。使用彩虹表Rainbow table来破解视窗操作系统下的LAN Manager散列(LM hash)的计算机程序。xp、vista
|
||||
- https://securityxploded.com/download.php/ //各种密码方向安全小工具
|
||||
|
||||
@ -242,8 +242,9 @@
|
||||
### 权限维持劫持注入
|
||||
- https://payloads.online/archivers/2018-12-22/1 //Intro。DLL Hijacking & COM Hijacking ByPass UAC - 议题解读。qingxuan。
|
||||
- https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows //Windows DLL劫持注入,检查集。G:/wietze/windows-dll-hijacking;G:/jfmaes/TrustJack;--
|
||||
- https://github.com/sensepost/rattler //C++。自动化dll劫持注入。G:/rootm0s/WinPwnage;G:/rek7/dll-hijacking;P:/微软官方的dll注入工具Tracker;Gitee:killvxk/infected_dll;G:/tothi/dll-hijack-by-proxying;G:/Flangvik/SharpDllProxy;--
|
||||
- https://github.com/fatihsnsy/DLInjector-GUI //C++。基于进程名注入,可等待进程启动后再注入,界面GUI。
|
||||
- https://gitee.com/killvxk/infected_dll //恶意DLL文件样例
|
||||
- https://github.com/sensepost/rattler //C++。自动化dll劫持注入。G:/rootm0s/WinPwnage;G:/rek7/dll-hijacking;P:/微软官方的dll注入工具Tracker;G:/tothi/dll-hijack-by-proxying;G:/Flangvik/SharpDllProxy;--
|
||||
- https://github.com/fatihsnsy/DLInjector-GUI //C++。基于进程名注入,可等待进程启动后再注入,GUI界面。
|
||||
- https://www.4hou.com/posts/wRPR //深入分析 DLL 调用过程实现“自适应” DLL 劫持。
|
||||
- https://github.com/stephenfewer/ReflectiveDLLInjection //C。一种库注入技术,让DLL自身不使用LoadLibraryA函数,将自身映射到目标进程内存中。
|
||||
- https://github.com/mdsecactivebreach/RDPInception/ //Bat,CS插件。基于tsclient服务进行rdp劫持,利用ps反弹shell。G:/bohops/SharpRDPHijack;--
|
||||
@ -273,13 +274,13 @@
|
||||
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_vul.md/ //提权相关漏洞。myWiki
|
||||
- https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite //hacktricks提权技巧总结。
|
||||
- https://github.com/AlessandroZ/BeRoot //Py。通过检查常见的错误配置来查找提权方法,支持Windows/Linux/Mac
|
||||
### Windows提权手段
|
||||
### Windows利用手段
|
||||
- http://www.fuzzysecurity.com/tutorials/16.html //windows平台教程级提权参考文章
|
||||
- 公众号:微软不认的“0day”之域内本地提权-烂番茄(Rotten Tomato)
|
||||
- https://github.com/DanMcInerney/icebreaker //处于内网环境但又在AD环境之外,icebreaker将会帮助你获取明文Active Directory凭据(活动目录存储在域控服务器可用于提权)
|
||||
- https://github.com/bitsadmin/wesng //Py。WES-NG,全称为Windows ExploitSuggester - Next Generation,该工具的运行基于Windows systeminfo实用工具的输出,可以给用户提供目标操作系统可能存在的漏洞列表,并针对这些漏洞给出漏洞利用实施建议。该工具的适用系统范围从Windows XP到Windows 10,还包括Windows Server等服务器/工作站版本。1k。
|
||||
- https://github.com/rasta-mouse/Watson //C#。查找Windows 10 & Server 2016 & 2019未打补丁。G:rasta-mouse/Sherlock;--
|
||||
### Linux提权手段
|
||||
### Linux利用手段
|
||||
- https://github.com/rebootuser/LinEnum //Bash。对Linux系统可提权检测。goodjob,2k。Github:/linuxprivchecker;G:/jondonas/linux-exploit-suggester-2;Github:/belane/linux-soft-exploit-suggester;G:/nilotpalbiswas/Auto-Root-Exploit;G:/WazeHell/PE-Linux;--
|
||||
- 内核漏洞、定时任务、Suid文件、Sudo 配置错误、NFS共享、第三方服务
|
||||
- https://guif.re/linuxeop //linux提权命令集合。P:/Ignitetechnologies/Privilege-Escalation //Linux下的提权方法总结;--
|
||||
|
||||
@ -39,4 +39,6 @@
|
||||
- https://github.com/google/honggfuzz //C。具有反馈驱动(Feedback-Driven)的持续性软件代码测试。2k。
|
||||
- https://github.com/bunzen/pySSDeep //Py。一个基于模糊哈希(Fuzzy Hashing)算法的工具。G:/glaslos/ssdeep;G:/ssdeep-project/ssdeep;--
|
||||
- http://blog.topsec.com.cn/alphafuzzer/ //启明星辰阿尔法实验室以文件格式为主的漏洞挖掘工具
|
||||
- https://github.com/Cisco-Talos/mutiny-fuzzer //Py。MikroTik基于pcap包解析的网络协议模糊测试。
|
||||
- https://github.com/Cisco-Talos/mutiny-fuzzer //Py。MikroTik基于pcap包解析的网络协议模糊测试。
|
||||
### 客户端模糊测试
|
||||
- https://github.com/dzzie/COMRaider //客户端溢出风险测试
|
||||
@ -189,7 +189,7 @@
|
||||
- https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ //一个虚拟机文件用于linux提权练习
|
||||
- https://kernel.ubuntu.com/~kernel-ppa/mainline/ //Ubuntu历史kernel
|
||||
- http://old-releases.ubuntu.com/releases/ //Ubuntu历史镜像
|
||||
- https://github.com/secvulture/dvta //CS客户端靶场
|
||||
- https://github.com/secvulture/dvta //客户端C/S架构靶场
|
||||
- https://github.com/OWASP/igoat //适用于ios应用程序测试和安全性的学习工具
|
||||
- https://github.com/prateek147/DVIA-v2 //适用于ios应用程序测试和安全性的学习工具
|
||||
- https://github.com/abhi-r3v0/EVABS //C++。Android靶场
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
## 硬件设备固件分析
|
||||
- https://github.com/scriptingxss/owasp-fstm/ //OWASP固件安全测试条例
|
||||
- https://github.com/unprovable/PentestHardware //硬件渗透测试实用手册
|
||||
- https://github.com/arunmagesh/hw_hacking_cheatsheet //硬件hardware测试条目
|
||||
- https://mp.weixin.qq.com/s/KFm870IFHGEHRnsek9d3lg //Chamd5公众号: 硬件分析的常用工具与基础方法。GZUT,RT809F,ProMan等仪器设备。
|
||||
- https://www.pentestpartners.com/security-blog/how-to-do-firmware-analysis-tools-tips-and-tricks/ //固件硬件逆向分析方法技巧
|
||||
- https://www.jianshu.com/p/3b3df82500b6 //绿盟马良:智能设备漏洞挖掘中几个突破点
|
||||
@ -39,6 +40,7 @@
|
||||
- https://github.com/PX4/Firmware //px4无人机飞控。
|
||||
- https://www.freebuf.com/geek/96399.html //极客DIY:使用树莓派制作一架四轴无人机。
|
||||
## 车联网安全
|
||||
- 汽车安全测试Checklist //水滴安全实验室
|
||||
- https://github.com/jaredthecoder/awesome-vehicle-security //一个用于了解车辆安全和汽车黑客的资源清单
|
||||
- https://www.freebuf.com/articles/terminal/241930.html //车机的渗透思路与实例分析
|
||||
- https://github.com/pasta-auto //智能汽车测试
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
# 应急响应溯源
|
||||
- https://security.tencent.com/opensource/detail/19 //腾讯开源的xSRC应急响应中心cms框架。
|
||||
- https://www.secrss.com/articles/10986 //一次攻防实战演习复盘总结。奇安信
|
||||
- https://github.com/Bypass007/Emergency-Response-Notes //应急响应实战笔记,应急响应/日志分析/僵木蠕分析。2k。G:/theLSA/emergency-response-checklist //应急响应指南;G:/tide-emergency/yingji;P:/应急响应知识手册-360;--
|
||||
- https://github.com/theLSA/hack-er-tools //应急响应工具包。G:/theLSA/emergency-response-checklist //应急响应指南;G:/Bypass007/Emergency-Response-Notes;G:/tide-emergency/yingji;P:/应急响应知识手册-360;--
|
||||
- https://mp.weixin.qq.com/s/suhDsP41P55UpGuIDE7K5Q //公众号:一张图片引发一次完整的应急响应。
|
||||
- https://github.com/tide-emergency/yingji //Py3。查看主机状态/启动项/历史命令/用户特权/文件修改/异常IP等
|
||||
- https://github.com/ppabc/cc_iptables //收集处理DDOS、CC攻击黑名单各类脚本,包括NGINX日志中的CC攻击IP封禁处理。
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
## 逆向破解分析
|
||||
# 逆向破解分析
|
||||
- https://www.pelock.com/articles/reverse-engineering-tools-review //Reverse engineering tools review 逆向工具测评
|
||||
- https://down.52pojie.cn/ //吾爱破解爱盘工具包。W:tool.pediy.com/;--
|
||||
- https://www.peerlyst.com/posts/resource-learning-how-to-reverse-malware-a-guide //恶意软件逆向指南和工具的集合
|
||||
@ -11,6 +11,9 @@
|
||||
- https://github.com/euphrat1ca/PeDoll //C++。基于inlineHook技术的软件分析工具,C/S架构(PeDollc/PeDolls)。
|
||||
- https://bbs.ichunqiu.com/thread-16846-1-1.html //intro。PeDoll 调戏木马病毒的正确姿势-正式篇
|
||||
- https://github.com/everdox/InfinityHook //C++。挂钩系统调用,上下文切换,页面错误等。
|
||||
## 客户端安全
|
||||
- http://www.rohitab.com/apimonitor //客户端C/S架构API监控工具
|
||||
- https://github.com/theLSA/hack-cs-tools //客户端测试工具检查条目checklist。G:/theLSA/CS-checklist;--
|
||||
### PC端逆向分析
|
||||
- https://www.hex-rays.com //IDA pro反汇编工具。商业版。W:youtu.be/qCQRKLaz2nQ;
|
||||
- https://github.com/xrkk/awesome-ida //IDA Pro有关的资源收集
|
||||
|
||||
@ -97,13 +97,14 @@
|
||||
- https://www.u-nas.cn/ //万由U-NAS操作系統,社区版。P:/群晖;P:/蜗牛星际;--
|
||||
- https://github.com/amefs/FreeNAS-Doc-Chs //FreeNAS(网络附加存储)
|
||||
- https://github.com/nextcloud/server //php。基于owncloud的私有云网盘,自带同步功能。G:/owncloud/core;P:/Resilio Sync;--
|
||||
- https://github.com/canton7/SyncTrayzor //C#。同步网盘syncthing。社区版。G:/syncthing/syncthing;P:/freefilesync.org;P:/filegee //商业;P:/goodsync //商业版;--
|
||||
- https://github.com/canton7/SyncTrayzor //C#。同步网盘syncthing。社区版。G:/syncthing/syncthing;P:/freefilesync.org;P:/filegee;P:/goodsync;--
|
||||
- https://blog.csdn.net/qq_39815184/article/details/78215141 //intro。如何利用Syncthing+蒲公英快速实现异地文件同步。
|
||||
### 云盘存储
|
||||
- https://send.firefox.com/ //火狐网盘传输。G:/mozilla/send;--
|
||||
- https://cowtransfer.com/ //奶牛快传。W:wenshushu.cn/;W:anonfile.com/;W:upload.ee/;W:ssavr.com;--
|
||||
- https://send.firefox.com/ //火狐Free网盘传输。G:/mozilla/send;--
|
||||
- https://cowtransfer.com/ //奶牛快传免费网盘。W:wetransfer.com;W:wenshushu.cn/;W:filecad.com;W:anonfile.com/;W:upload.ee/;--
|
||||
- http://www.pastebin.com/ //在线文档分析。W:ssavr.com;--
|
||||
- https://deershare.com/send //P2P文件点对点传输。G:/RobinLinus/snapdrop;W:send-anywhere.com;--
|
||||
- https://www.rejetto.com/hfs/ //DELPHI。Windows下文件传输HFS (HTTP File Server),http网盘存储。
|
||||
- https://www.rejetto.com/hfs/ //Delphi。Windows下文件传输HFS (HTTP File Server),http网盘存储。
|
||||
- https://github.com/kgretzky/pwndrop //基于HTTP and WebDAV的文档、文件、payload共享。
|
||||
- https://github.com/ganlvtech/down_52pojie_cn //PHP。52pojie网盘源码。
|
||||
- https://github.com/micahflee/onionshare //PHP。利用onion洋葱服务器的匿名文件共享。
|
||||
|
||||
@ -63,6 +63,7 @@
|
||||
- https://github.com/DanMcInerney/msf-autoshell //配合nessus扫描结果进行msf攻击
|
||||
- https://github.com/MooseDojo/apt2 //联动nmap、nessus等工具进行安全测试
|
||||
## awvs拓展插件相关工具
|
||||
- awvs下载 //fahai.org;--
|
||||
- https://www.52pojie.cn/thread-214819-1-1.html //awvs10.5开发框架破解版。商业版。
|
||||
- https://github.com/gatlindada/awvs-decode/ //15行代码解码awvs插件解密。G:/fnmsd/awvs_script_decode;
|
||||
- https://github.com/NS-Sp4ce/AWVS11.X-Chinese-Version //JS。awvs11汉化包
|
||||
|
||||
@ -5,6 +5,10 @@
|
||||
- https://github.com/Lcys/Python_PoC //py3。poc、exp快速编写模板,有众多模范版本
|
||||
- https://github.com/vulnersCom/getsploit //Py3。仿照searchsploit通过各种数据库的官方接口进行payload的查找。
|
||||
- https://github.com/Critical-Start/Team-Ares //CVE-2018-10142;CVE-2018-6961;CVE-2019-7550;CVE-2020-3957;CVE-2020-5902;--
|
||||
## 漏洞市场/SRC/BugBounty
|
||||
- https://www.zerodayinitiative.com/ //设备(firmware)漏洞市场
|
||||
- http://www.zerodium.com/ //灰色漏洞交易平台0day市场
|
||||
- https://0day.today //漏洞市场
|
||||
## 漏洞共享平台
|
||||
- https://github.com/offensive-security/exploitdb //美国Offensive Security维护的'exploit-db.com'漏洞库,包含利用插件、漏洞场景、集成kali系统 etc。G:/offensive-security/exploitdb-bin-sploits //已编译漏洞执行文件;G:/HacTF/poc--exp;G:/DrunkenShells/Disclosures;G:/coffeehb/Some-PoC-oR-ExP;G:/zhzyker/exphub;--
|
||||
- https://shuimugan.com //2016/06/24 13:25之前乌云Drops文章,漏洞公开详情。
|
||||
@ -56,12 +60,12 @@
|
||||
- https://github.com/maxchehab/CSS-Keylogging //Chrome扩展程序。Express服务器利用CSS的键盘记录功能
|
||||
- https://github.com/evilcos/cookiehacker //Chrome扩展程序。JavaScript document.cookie / Wireshark Cookie
|
||||
- https://github.com/lfzark/cookie-injecting-tools //Chrome扩展。cookie注入工具包括注入,编辑,添加和删除cookie
|
||||
### 沙盒虚拟机容器逃逸
|
||||
### 沙盒虚拟机容器漏洞
|
||||
- https://github.com/mtalbi/vm_escape //C。cve-2015-5165/cve-2015-7504 VMware虚拟机逃逸
|
||||
- https://github.com/unamer/vmware_escape //C/C++。VMware WorkStation 12.5.5虚拟机逃逸。CVE-2017-4901/CVE-2017-4905
|
||||
- https://github.com/MorteNoir1/virtualbox_e1000_0day //VirtualBox E1000 Guest-to-Host Escape逃逸。教程
|
||||
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2 //Ghostscript:基于漏洞CVE-2018-17961的-dSAFER沙盒逃逸技术
|
||||
- https://github.com/Frichetten/CVE-2019-5736-PoC //Go。Docker虚拟机逃逸通过利用容器内覆盖和执行主机系统runc二进制文件。docker与runc有版本要求。G:/twistlock/RunC-CVE-2019-5736;W:Docker逃逸初探;公众号:Docker逃逸小结第一版;--
|
||||
- https://github.com/Frichetten/CVE-2019-5736-PoC //Go。Docker容器逃逸通过利用容器内覆盖和执行主机系统runc二进制文件。docker与runc有版本要求。G:/twistlock/RunC-CVE-2019-5736;W:Docker逃逸初探;公众号:Docker逃逸小结第一版;--
|
||||
- https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/ //Docker代码编译命令执行 (CVE-2019-13139)
|
||||
- https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/ //Docker cp命令漏洞 (CVE-2019-14271)
|
||||
- https://github.com/shogunlab/awesome-hyper-v-exploitation //Hyper-V漏洞汇总
|
||||
@ -73,8 +77,8 @@
|
||||
- https://github.com/projectzeroindia/CVE-2019-19781 //Citrix产品云服务智能网关vpn命令执行RCE
|
||||
- https://github.com/jas502n/CVE-2020-8193 //Citrix云服务平台任意文件读取漏洞。
|
||||
- https://blog.unauthorizedaccess.nl/2020/07/07/adventures-in-citrix-security-research.html //CitrixSystems CVE-2020-8191;CVE-2020-8193;CVE-2020-8194;CVE-2020-8195;CVE-2020-8196;
|
||||
## Web漏洞利用CMS工具
|
||||
- https://github.com/SecWiki/CMS-Hunter //CMS漏洞测试用例集合。G:/Moham3dRiahi/XAttacker;G:/Mr5m1th/0day;G:/w1109790800/penetration;G/anx1ang/Poc_Pentest;--
|
||||
## Web漏洞利用漏洞
|
||||
- https://github.com/SecWiki/CMS-Hunter //CMS工具漏洞测试用例集合。G:/Moham3dRiahi/XAttacker;G:/Mr5m1th/0day;G:/w1109790800/penetration;G/anx1ang/Poc_Pentest;--
|
||||
- https://github.com/CHYbeta/cmsPoc //CMS渗透测试框架。G:/chuhades/CMS-Exploit-Framework;--
|
||||
- https://github.com/Tuhinshubhra/CMSeeK //Py。WordPress,Joomla,Drupal等170余种CMS扫描识别检测。welljob。G:/Dionach/CMSmap;--
|
||||
- https://github.com/blackye/Jenkins //Jenkins系统监控框架漏洞探测、用户抓取爆破。
|
||||
@ -118,7 +122,7 @@
|
||||
- https://github.com/pwntester/ysoserial.net //C#。配合PowerShell生成有效负载利用.Net反序列化漏洞
|
||||
### Python服务漏洞
|
||||
- https://github.com/ryu22e/django_cve_2019_19844_poc/ //py。Django任意密码重置
|
||||
### Java服务漏洞
|
||||
### Java框架漏洞
|
||||
- https://github.com/threedr3am/learnjavabug //java。Java安全相关的漏洞和技术demo
|
||||
- https://github.com/x41sec/slides/blob/master/2019-bsides-stuttgart/YourStackTracesAreLeakingCVEs.pdf //Java服务异常信息查询敏感信息和漏洞信息列表
|
||||
- https://github.com/NickstaDB/BaRMIe //Java。枚举测试Java RMI(远程调用服务)安全
|
||||
@ -132,10 +136,10 @@
|
||||
- https://www.freebuf.com/column/240174.html/ //Jboss漏洞利用。主要是未授权访问带来的文件上传(CVE-2007-1036、CVE-2010-0738、CVE-2006-5750、JBoss jmx-consoleHtmlAdaptor addURL() File Upload Vulnerability),与反序列化造成的命令执行(CVE-2015-7501、CVE-2017-7504、CVE-2017-12149、CVE-2013-4810)。
|
||||
- https://github.com/joaomatosf/JavaDeserH2HC/ //Java。JBOSSMQ JMS 集群反序列化漏洞(CVE-2017-7504)
|
||||
- https://github.com/hlldz/wildPwn/ //Py,Lua。jboss8更名为WildFly,默认管理控制台弱口令爆破。
|
||||
#### Weblogic中间件相关漏洞
|
||||
#### Weblogic中间件漏洞
|
||||
- https://github.com/hktalent/CVE-2020-2551 //py。Weblogic IIOP反序列化命令执行漏洞(CVE-2020-2551)漏洞
|
||||
- https://github.com/Maskhe/cve-2020-2555 //基于t3协议的Oracle Coherence&WebLogic反序列化远程代码执行。
|
||||
- - https://github.com/potats0/cve_2020_14644 //Java。CVE-2020-14644 Weblogic下Oracle反序列化回显利用
|
||||
- https://github.com/potats0/cve_2020_14644 //Java。CVE-2020-14644 Weblogic下Oracle反序列化回显利用
|
||||
- https://github.com/jas502n/CVE-2018-2628/ //Weblogic 反序列化漏洞,通过T3协议命令执行。
|
||||
- https://github.com/21superman/weblogic_exploit //Java。CVE_2015-CVE_2020,GUI界面。
|
||||
- https://github.com/rabbitmask/WeblogicScan //py3。Weblogic一键漏洞检测工具,包含CVE-2019前。
|
||||
@ -144,29 +148,30 @@
|
||||
- https://github.com/shack2/javaserializetools //Java。Weblogic反序列化命令执行,‘wls9_async_response’与‘wls-wsat’组件无身份认证授权远程RCE漏洞。cve-2017-10271/CNVD-C-2019-48814/CNNVD-201904-961/CVE-2019-2725;
|
||||
- https://github.com/pyn3rd/CVE-2018-3245 //weblogic cve-2018-2893与cve-2018-3245远程代码命令执行
|
||||
- https://github.com/jas502n/CVE-2018-3191 //Weblogic CVE-2018-3191远程代码命令执行
|
||||
#### Struts2框架相关漏洞
|
||||
#### Struts2框架漏洞
|
||||
- https://github.com/Lucifer1993/struts-scan //Py。批量检测Struts命令执行漏洞,005-057。CVE-2018-11776
|
||||
- https://github.com/shack2/Struts2VulsTools //C#。Struts2漏洞检查工具2018版。
|
||||
#### SpringBoot框架相关漏洞
|
||||
#### SpringBoot框架漏洞
|
||||
- https://github.com/LandGrey/SpringBootVulExploit/ //SpringBoot漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist。
|
||||
- https://github.com/r00tuser111/ActuatorExploitTools/ //攻击spring boot actuator的集成环境,三种方式,仅支持攻击spring boot 1.x。
|
||||
#### Tomcat框架相关漏洞
|
||||
#### Tomcat框架漏洞
|
||||
- https://github.com/euphrat1ca/CVE-2019-0232 //Apache Tomcat Remote Code Execution on Windows - 需要开启CGI-BIN
|
||||
- https://github.com/magicming200/tomcat-weak-password-scanner //py.tomcat后台弱口令扫描器,命令行版+图形界面版。
|
||||
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-0227 //Apache Axis 1.4 Remote Code Execution;CVE-2019-0227: Apache Axis RCE命令执行。
|
||||
- https://github.com/00theway/Ghostcat-CNVD-2020-10487 //tomcat幽灵猫CVE-2020-1938高危文件读取、包含漏洞。
|
||||
- https://tomcat.com/examples/jsp/snp/snoop.html //tomcat信息泄露、实例文档、session样例操纵
|
||||
### Apache框架相关漏洞
|
||||
- https://github.com/artsploit/solr-injection //基于Lucene的全文搜索服务器Apache Solr Injection等漏洞集合研究
|
||||
- https://github.com/mpgn/CVE-2019-0192/ //Apache Solr远程命令执行漏洞。apache solr dataimporthandler RCE。jmx反序列化。
|
||||
- https://github.com/jas502n/CVE-2019-12409/ //CVE-2019-12409 Apache Solr RCE。Java ManagementExtensions(JMX)错误配置。
|
||||
- https://www.freebuf.com/sectool/159970.html //Apache Solr远程代码执行漏洞(CVE-2017-12629)从利用到入侵检测。XML外部实体扩展和命令执行。G:/wyzxxz/Apache_Solr_RCE_via_Velocity_template;--
|
||||
#### Shiro安全框架漏洞
|
||||
- https://github.com/brianwrf/hackUtils //Py。Apache Shiro RememberMe 1.2.4 Remote Code Execution;Jenkins CVE-2016-0792;S2-032;Joomla 1.5 - 3.4.5版本;。G:/wyzxxz/shiro_rce;--
|
||||
- https://paper.seebug.org/shiro-rememberme-1-2-4/ //Intro。Apache Shiro Java安全框架 RememberMe 1.2.4 反序列化导致的命令执行漏洞。
|
||||
- https://github.com/feihong-cs/ShiroExploit/ //java。Shiro550(硬编码秘钥)和Shiro721(Padding Oracle)检测,配合dnslog记录、shiro-urldns回显。G:/nsightglacier/Shiro_exploit;G:/potats0/shiroPoc;--
|
||||
- https://github.com/pmiaowu/BurpShiroPassiveScan //Burp插件。被动检测shiro指纹。
|
||||
- https://github.com/s1kr10s/Apache-Struts-v3 //Apache-Struts漏洞利用工具
|
||||
### Nginx相关漏洞
|
||||
### Web服务器Apache漏洞
|
||||
- https://github.com/artsploit/solr-injection //基于Lucene的全文搜索服务器Apache Solr Injection等漏洞集合研究
|
||||
- https://github.com/mpgn/CVE-2019-0192/ //Apache Solr远程命令执行漏洞。apache solr dataimporthandler RCE。jmx反序列化。
|
||||
- https://github.com/jas502n/CVE-2019-12409/ //CVE-2019-12409 Apache Solr RCE。Java ManagementExtensions(JMX)错误配置。
|
||||
- https://www.freebuf.com/sectool/159970.html //Apache Solr远程代码执行漏洞(CVE-2017-12629)从利用到入侵检测。XML外部实体扩展和命令执行。G:/wyzxxz/Apache_Solr_RCE_via_Velocity_template;--
|
||||
### Web服务器Nginx漏洞
|
||||
- https://gist.github.com/Glassware123/1023720bf4787375a04f32a0c12e956a //CVE-2020-12440_PoC nginx下http请求走私,干扰网站系统获取隐私数据
|
||||
### 数据库漏洞
|
||||
- https://github.com/euphrat1ca/CVE-2020-0618 //SQL Server Reporting Services(CVE-2020-0618)利用ysoserial.net命令执行。
|
||||
@ -175,6 +180,7 @@
|
||||
- https://github.com/Dliv3/redis-rogue-server //Redis 4.x/Redis 5.x RCE利用脚本,附带可利用so文件。G:/Ridter/redis-rce;G:/RicterZ/RedisModules-ExecuteCommand;--
|
||||
- https://github.com/t0kx/exploit-CVE-2015-1427 //Bash。Elasticsearch 1.4.0 < 1.4.2 Remote Code Execution exploit and vulnerable container远程命令执行。P:/CVE-2014-3120 //v1.1.1支持传入动态脚本(MVEL)命令执行;--
|
||||
- https://www.freebuf.com/vuls/212799.html/ //MongoDB未授权访问漏洞分析及整改建议
|
||||
## Linux利用漏洞
|
||||
### Linux提权利用
|
||||
- https://github.com/SecWiki/linux-kernel-exploits //linux kernel exploits,Linux平台提权漏洞集合,CVE与年份对照排列。3k。G:/xairy/kernel-exploits;G:/Kabot/Unix-Privilege-Escalation-Exploits-Pack/;G:/bcoles/kernel-exploits;--
|
||||
- https://github.com/euphrat1ca/CVE-2016-5195 //C++,Go。脏牛条件竞争写入只读(r)文件。Linux/Android 平台,release编译exp。goodjob。
|
||||
@ -186,7 +192,7 @@
|
||||
- https://github.com/0x00-0x00/CVE-2018-1000001 //冲区溢出 suid提权Ubuntu 16.04.3 LTS glibc <= 2.26。goodjob。
|
||||
- https://github.com/mschwager/0wned //Py。利用python包进行高权限用户创建
|
||||
- https://github.com/stanleyb0y/sushell //利用su小偷实现低权限用户窃取root用户口令
|
||||
## MS微软相关漏洞
|
||||
## MS微软漏洞
|
||||
- https://github.com/ZephrFish/CVE-2020-1350 //DNS Server远程代码执行漏洞(CVE-2020-1350),针对Windows Server等开启DNS服务的系统
|
||||
- https://github.com/nu11secur1ty/Windows10Exploits //win10漏洞集合
|
||||
- https://github.com/Sheisback/CVE-2019-0859-1day-Exploit/ //C++。CVE-2019-0859。可利用win32k.sys远程下载运行程序
|
||||
@ -257,8 +263,4 @@
|
||||
- https://github.com/khr0x40sh/MacroShop //一组通过Office宏传递有效载荷的脚本
|
||||
- https://www.anquanke.com/post/id/163000 //利用Excel 4.0宏躲避杀软检测的攻击技术分析
|
||||
- https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/ms-office/subdoc-injector/subdoc_injector.py //Py。配合responder利用word文档窃取ntlm哈希
|
||||
- https://github.com/deepzec/Bad-Pdf //Py。配合responder利用恶意pdf窃取ntlm哈希
|
||||
## 漏洞市场/SRC/BugBounty
|
||||
- https://www.zerodayinitiative.com/ //设备(firmware)漏洞市场
|
||||
- http://www.zerodium.com/ //灰色漏洞交易平台0day市场
|
||||
- https://0day.today //漏洞市场
|
||||
- https://github.com/deepzec/Bad-Pdf //Py。配合responder利用恶意pdf窃取ntlm哈希
|
||||
Loading…
Reference in New Issue
Block a user