Web安全
Awesome Web Security 
¶
>网络安全材料和资源的精选列表.
不用说,大多数网站都遭受各种错误,最终可能导致漏洞. 为什么这种情况经常发生? 可能涉及许多因素,包括配置错误,工程师的安全技能不足等.为解决此问题,这里有一份精选的Web安全材料和资源列表,用于学习尖端的渗透技术,我强烈建议您阅读本文“So you want to be a web security researcher?“首先.
请阅读 contribution guidelines 在捐款之前.
想增强您的渗透能力吗?
我建议玩一些awesome-ctf .
如果您喜欢这个很棒的清单并想支持它,请查看我 Patreon 页面:)
另外,别忘了检查我 repos 或对我说“嗨” Twitter!
Digests¶
- Hacker101 -由 hackerone.
- The Daily Swig - Web security digest -由 PortSwigger.
- Web Application Security Zone by Netsparker -由 Netsparker.
- Infosec Newbie -由 Mark Robinson.
- The Magic of Learning -由 @bitvijays.
- CTF Field Guide -由 Trail of Bits.
- PayloadsAllTheThings -由 @swisskyrepo.
Forums¶
- Phrack Magazine -由和为黑客编写的电子杂志.
- The Hacker News -认真对待安全问题.
- Security Weekly -安全播客网络.
- The Register -咬住喂养IT的手.
- Dark Reading -连接信息安全社区.
- HackDig -为黑客挖掘高质量的网络安全文章.
Introduction¶
XSS - Cross-Site Scripting¶
- Cross-Site Scripting – Application Security – Google -由 Google.
- H5SC -由 @cure53.
- AwesomeXSS -由 @s0md3v.
- XSS.png -由@jackmasa撰写.
- C.XSS Guide -由 @JakobKallin 和 Irene Lobo Valbuena.
- THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS -由 Paulos Yibelo.
- payloadbox/xss-payload-list -由 @payloadbox.
- PayloadsAllTheThings - XSS Injection -由 @swisskyrepo.
Prototype Pollution¶
CSV Injection¶
- CSV Injection -> Meterpreter on Pornhub -由 Andy.
- The Absurdly Underestimated Dangers of CSV Injection -由 George Mauer.
- PayloadsAllTheThings - CSV Injection -由 @swisskyrepo.
SQL Injection¶
- SQL Injection Cheat Sheet -由 @netsparker.
- SQL Injection Wiki -由 NETSPI.
- SQL Injection Pocket Reference -由 @LightOS.
- payloadbox/sql-injection-payload-list -由 @payloadbox.
- PayloadsAllTheThings - SQL Injection -由 @swisskyrepo.
Command Injection¶
- Potential command injection in resolv.rb -由 @drigg3r.
- payloadbox/command-injection-payload-list -由 @payloadbox.
- PayloadsAllTheThings - Command Injection -由 @swisskyrepo.
ORM Injection¶
- HQL for pentesters -由 @h3xstream.
- HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?) -由 @_m0bius.
- ORM2Pwn: Exploiting injections in Hibernate ORM -由 Mikhail Egorov.
- ORM Injection -由 Simone Onofri.
FTP Injection¶
- Advisory: Java/Python FTP Injections Allow for Firewall Bypass -由 Timothy Morgan.
- SMTP over XXE − how to send emails using Java's XML parser -由 Alexander Klink.
XXE - XML eXternal Entity¶
- XXE -由 @phonexicum.
- XML external entity (XXE) injection -由 portswigger.
- XML Schema, DTD, and Entity Attacks -由 Timothy D. Morgan 和奥马尔·易卜拉欣.
- payloadbox/xxe-injection-payload-list -由 @payloadbox
- PayloadsAllTheThings - XXE Injection -由各种贡献者撰写.
CSRF - Cross-Site Request Forgery¶
Clickjacking¶
SSRF - Server-Side Request Forgery¶
- SSRF bible. Cheatsheet -由 Wallarm.
- PayloadsAllTheThings - Server-Side Request Forgery -由 @swisskyrepo.
Web Cache Poisoning¶
- Practical Web Cache Poisoning -由 @albinowax.
- PayloadsAllTheThings - Web Cache Deception -由 @swisskyrepo.
Relative Path Overwrite¶
- Large-scale analysis of style injection by relative path overwrite -由 The Morning Paper.
- MBSD Technical Whitepaper - A few RPO exploitation techniques -由 Mitsui Bussan Secure Directions, Inc..
Open Redirect¶
- Open Redirect Vulnerability -由 s0cket7.
- payloadbox/open-redirect-payload-list -由 @payloadbox.
- PayloadsAllTheThings - Open Redirect -由 @swisskyrepo.
Security Assertion Markup Language (SAML)¶
- How to Hunt Bugs in SAML; a Methodology - Part I -由 epi.
- How to Hunt Bugs in SAML; a Methodology - Part II -由 epi.
- How to Hunt Bugs in SAML; a Methodology - Part III -由 epi.
- PayloadsAllTheThings - SAML Injection -由 @swisskyrepo.
Upload¶
- File Upload Restrictions Bypass -由 Haboob Team.
- PayloadsAllTheThings - Upload Insecure Files -由 @swisskyrepo.
Rails¶
- Rails Security - First part -由 @qazbnm456.
- Zen Rails Security Checklist -由 @brunofacca.
- Rails SQL Injection -由 @presidentbeef.
- Official Rails Security Guide -由 Rails team.
AngularJS¶
- XSS without HTML: Client-Side Template Injection with AngularJS -由 Gareth Heyes.
- DOM based Angular sandbox escapes -由 @garethheyes
ReactJS¶
SSL/TLS¶
Webmail¶
NFS¶
AWS¶
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET -由Dwight Hohnstein撰写,来自 Rhino Security Labs.
- AWS PENETRATION TESTING PART 1. S3 BUCKETS -由 VirtueSecurity.
- AWS PENETRATION TESTING PART 2. S3, IAM, EC2 -由 VirtueSecurity.
- Misadventures in AWS -由克里斯蒂安·德姆科(Christian Demko)撰写
Azure¶
- Common Azure Security Vulnerabilities and Misconfigurations -由 @rhinobenjamin.
- Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability -由 @spengietz.
Fingerprint¶
Sub Domain Enumeration¶
- A penetration tester’s guide to sub-domain enumeration -由 Bharath.
- The Art of Subdomain Enumeration -由 Patrik Hudak.
Crypto¶
Web Shell¶
OSINT¶
- Hacking Cryptocurrency Miners with OSINT Techniques -由 @s3yfullah.
- OSINT x UCCU Workshop on Open Source Intelligence -由 Philippe Lin.
- 102 Deep Dive in the Dark Web OSINT Style Kirby Plessas -由 @kirbstr.
- The most complete guide to finding anyone’s email -由 Timur Daudpota.
DNS Rebinding¶
- Attacking Private Networks from the Internet with DNS Rebinding -由 @brannondorsey
- Hacking home routers from the Internet -由 @radekk
Deserialization¶
- What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. -由 @breenmachine.
- Attacking .NET deserialization -由 @pwntester.
- .NET Roulette: Exploiting Insecure Deserialization in Telerik UI -由 @noperator.
OAuth¶
- Introduction to OAuth 2.0 and OpenID Connect -由 @PhilippeDeRyck.
- What is going on with OAuth 2.0? And why you should not use it for authentication. -由 @damianrusinek.
Evasions¶
XXE¶
CSP¶
- Any protection against dynamic module import? -由 @shhnjk.
- CSP: bypassing form-action with reflected XSS -由 Detectify Labs.
- TWITTER XSS + CSP BYPASS -由 Paulos Yibelo.
- Neatly bypassing CSP -由 Wallarm.
- Evading CSP with DOM-based dangling markup -由 portswigger.
- GitHub's CSP journey -由 @ptoomey3.
- GitHub's post-CSP journey -由 @ptoomey3.
WAF¶
- Web Application Firewall (WAF) Evasion Techniques -由 @secjuice.
- Web Application Firewall (WAF) Evasion Techniques #2 -由 @secjuice.
- Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities -由 @Brett Buerhaus.
- How to bypass libinjection in many WAF/NGWAF -由 @d0znpp.
JSMVC¶
Authentication¶
- Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) -由 @malerisch 和 @steventseeley.
Tricks¶
CSRF¶
- Neat tricks to bypass CSRF-protection -由 Twosecurity.
- Exploiting CSRF on JSON endpoints with Flash and redirects -由 @riyazwalikar.
- Stealing CSRF tokens with CSS injection (without iFrames) -由 @dxa4481.
- Cracking Java’s RNG for CSRF - Javax Faces and Why CSRF Token Randomness Matters -由 @rramgattie.
- If HttpOnly You Could Still CSRF… Of CORS you can! -由 @GraphX.
Clickjacking¶
Remote Code Execution¶
- CVE-2019-1306: ARE YOU MY INDEX? -由 @yu5k3.
- WebLogic RCE (CVE-2019-2725) Debug Diary -由Badcode @ Knownsec 404团队撰写.
- What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. -由 @breenmachine.
- Exploiting Node.js deserialization bug for Remote Code Execution -由 OpSecX.
- DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE -由 Ambionics Security.
- How we exploited a remote code execution vulnerability in math.js -由 @capacitorset.
- GitHub Enterprise Remote Code Execution -由 @iblue.
- Evil Teacher: Code Injection in Moodle -由 RIPS Technologies.
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! -由 Orange.
- $36k Google App Engine RCE -由 Ezequiel Pereira.
- Poor RichFaces -由 CODE WHITE.
- Remote Code Execution on a Facebook server -由 @blaklis_.
XSS¶
- Exploiting XSS with 20 characters limitation -由 Jorge Lajara.
- Upgrade self XSS to Exploitable XSS an 3 Ways Technic -由 HAHWUL.
- XSS without parentheses and semi-colons -由 @garethheyes.
- XSS-Auditor — the protector of unprotected and the deceiver of protected. -由 @terjanq.
- Query parameter reordering causes redirect page to render unsafe URL -由 kenziy.
- ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else -由 Mario Heiderich.
- How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) -由 @marin_m.
- DON'T TRUST THE DOM: BYPASSING XSS MITIGATIONS VIA SCRIPT GADGETS -由 Sebastian Lekies, Krzysztof Kotowicz和 Eduardo Vela.
- Uber XSS via Cookie -由 zhchbin.
- DOM XSS – auth.uber.com -由 StamOne_.
- Stored XSS on Facebook -由 Enguerran Gillier.
- XSS in Google Colaboratory + CSP bypass -由 Michał Bentkowski.
- Another XSS in Google Colaboratory -由 Michał Bentkowski.
- is filtered ? -由 @strukt93.
- $20000 Facebook DOM XSS -由 @vinodsparrow.
SQL Injection¶
- MySQL Error Based SQL Injection Using EXP -由 @osandamalith.
- SQL injection in an UPDATE query - a bug bounty story! -由 Zombiehelp54.
- GitHub Enterprise SQL Injection -由 Orange.
- Making a Blind SQL Injection a little less blind -由 TomNomNom.
- Red Team Tales 0x01: From MSSQL to RCE -由 Tarlogic.
- SQL INJECTION AND POSTGRES - AN ADVENTURE TO EVENTUAL RCE -由 @denandz.
NoSQL Injection¶
FTP Injection¶
- XML Out-Of-Band Data Retrieval -由 @a66at 和阿列克谢·奥西波夫(Alexey Osipov).
- XXE OOB exploitation at Java 1.7+ -由 Ivan Novikov.
XXE¶
- Evil XML with two encodings -由 Arseniy Sharoglazov.
- XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites) -由 Rose Jackcode.
- XML Out-Of-Band Data Retrieval -由Timur Yunusov和Alexey Osipov撰写.
- XXE OOB exploitation at Java 1.7+ (2014):使用FTP协议进行渗透-作者: Ivan Novikov.
- XXE OOB extracting via HTTP+FTP using single opened port -由 skavans.
- What You Didn't Know About XML External Entities Attacks -由 Timothy D. Morgan.
- Pre-authentication XXE vulnerability in the Services Drupal module -由 Renaud Dubourguais.
- Forcing XXE Reflection through Server Error Messages -由 Antti Rantasaari.
- Exploiting XXE with local DTD files -由 Arseniy Sharoglazov.
- Automating local DTD discovery for XXE exploitation -由 Philippe Arteau.
SSRF¶
- AWS takeover through SSRF in JavaScript -由 Gwen.
- SSRF in Exchange leads to ROOT access in all instances -由 @0xacb.
- SSRF to ROOT Access -$ 25,000的SSRF悬赏金可在所有情况下导致ROOT访问 0xacb.
- PHP SSRF Techniques -由 @themiddleblue.
- SSRF in https://imgur.com/vidgif/url -由 aesteral.
- All you need to know about SSRF and how may we write tools to do auto-detect -由 @Auxy233.
- A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! -由 Orange.
- SSRF Tips -由 xl7dev.
- Into the Borg – SSRF inside Google production network -由 opnsec.
- Piercing the Veil: Server Side Request Forgery to NIPRNet access -由 Alyssa Herrera.
Web Cache Poisoning¶
- Bypassing Web Cache Poisoning Countermeasures -由 @albinowax.
- Cache poisoning and other dirty tricks -由 Wallarm.
Header Injection¶
URL¶
- Some Problems Of URLs -由 Chris Palmer.
- Phishing with Unicode Domains -由 Xudong Zheng.
- Unicode Domains are bad and you should feel bad for supporting them -由 VRGSEC. -[[dev.twitter.com] XSS](http://blog.blackfan.ru/2017/09/devtwittercom-xss.html)-撰写者 Sergey Bobrov.
Deserialization¶
OAuth¶
Others¶
- How I hacked Google’s bug tracking system itself for $15,600 in bounties -由 @alex.birsan.
- Some Tricks From My Secret Group -由 phithon.
- Inducing DNS Leaks in Onion Web Services -由 @epidemics-scepticism.
- Stored XSS, and SSRF in Google using the Dataset Publishing Language -由 @signalchaos.
Browser Exploitation¶
Frontend (like SOP bypass, URL spoofing, and something like that)¶
- The world of Site Isolation and compromised renderer -由 @shhnjk.
- The Cookie Monster in Your Browsers -由 @filedescriptor.
- Bypassing Mobile Browser Security For Fun And Profit -由 @rafaybaloch.
- The inception bar: a new phishing method -由 jameshfisher.
- JSON hijacking for the modern web -由 portswigger.
- IE11 Information disclosure - local file detection -由James Lee撰写.
- SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge) -由 Manuel.
- Особенности Safari в client-side атаках -由 Bo0oM.
- How do we Stop Spilling the Beans Across Origins? -由 aaj at google.com 和 mkwst at google.com.
- Setting arbitrary request headers in Chromium via CRLF injection -由 Michał Bentkowski.
- I’m harvesting credit card numbers and passwords from your site. Here’s how. -由 David Gilbertson.
- Sending arbitrary IPC messages via overriding Function.prototype.apply -由 @kinugawamasato.
- Take Advantage of Out-of-Scope Domains in Bug Bounty Programs -由 @Abdulahhusam.
Backend (core of Browser implementation, and often refers to C or C++ part)¶
- Breaking UC Browser -由 Доктор Веб.
- Attacking JavaScript Engines - A case study of JavaScriptCore and CVE-2016-4622 -由 https://github.com/qazbnm456/awesome-web-security/blob/master/phrack@saelo.net.
- Three roads lead to Rome -由 @holynop.
- Exploiting a V8 OOB write. -由 @halbecaf.
- SSD Advisory – Chrome Turbofan Remote Code Execution -由 SecuriTeam Secure Disclosure (SSD).
- Look Mom, I don't use Shellcode - Browser Exploitation Case Study for Internet Explorer 11 -由 @moritzj.
- PUSHING WEBKIT'S BUTTONS WITH A MOBILE PWN2OWN EXPLOIT -由 @wanderingglitch.
- A Methodical Approach to Browser Exploitation -由 RET2 SYSTEMS, INC.
- CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime. -由 Diary of a reverse-engineer.
- CLEANLY ESCAPING THE CHROME SANDBOX -由 @tjbecker_.
PoCs¶
Database¶
- js-vuln-db -通过PoC收集JavaScript引擎CVE @tunz.
- awesome-cve-poc -整理的CVE PoC列表 @qazbnm456.
- Some-PoC-oR-ExP - 各种漏洞poc、Exp的收集或编写 by @coffeehb.
- uxss-db -通过PoC收集UXSS CVE @Metnew.
- SPLOITUS -利用漏洞和工具的搜索引擎 @i_bo0om.
- Exploit Database -漏洞,Shellcode和安全文件的最终存档,作者: Offensive Security.
Cheetsheets¶
Tools¶
Auditing¶
- prowler -通过以下工具进行AWS安全评估,审核和强化的工具 @Alfresco.
- slurp -通过以下方式评估S3存储桶的安全性 @hehnope.
- A2SV -通过自动扫描到SSL漏洞 @hahwul.
Command Injection¶
- commix -自动化的多合一OS命令注入和利用工具 @commixproject.
Reconnaissance¶
OSINT - Open-Source Intelligence¶
- Shodan -Shodan是世界上第一个搜索互联网连接设备的引擎 @shodanhq.
- Censys -Censys是一个搜索引擎,计算机科学家可以通过它搜索有关构成Internet的设备和网络的问题 University of Michigan.
- urlscan.io -分析网站及其请求资源的服务 @heipei.
- ZoomEye -网络空间搜索引擎,由 @zoomeye_team.
- FOFA -网络空间搜索引擎,由 BAIMAOHUI.
- NSFOCUS -绿盟科技全球威胁智能门户网站.
- Photon -由OSINT设计的令人难以置信的快速搜寻器 @s0md3v.
- FOCA -FOCA(具有收集档案的指纹组织)是一种工具,主要用于在其扫描所依据的文档中查找元数据和隐藏信息 ElevenPaths.
- SpiderFoot -开源的足迹和情报收集工具 @binarypool.
- xray -XRay是用于通过以下方式从公共网络进行侦查,映射和OSINT收集的工具: @evilsocket.
- gitrob -由GitHub组织提供的侦察工具 @michenriksen.
- GSIL - Github Sensitive Information Leakage(Github敏感信息泄露)by @FeeiCN.
- raven -raven是Linkedin信息收集工具,渗透测试人员可以使用该工具收集有关使用Linkedin的组织员工的信息, @0x09AL.
- ReconDog -侦察瑞士军刀 @s0md3v.
- Databases - start.me -您可以通过以下各种数据库进行OSINT研究 @technisette.
- peoplefindThor -通过以下方式在Facebook上找到人的简单方法 postkassen.
- tinfoleak -由Twitter提供的最完整的开源情报分析工具 @vaguileradiaz.
- Raccoon -用于侦察和漏洞扫描的高性能进攻安全工具 @evyatarmeged.
- Social Mapper -社交媒体枚举和关联工具,作者:Jacob Wilkin(Greenwolf),作者: @SpiderLabs.
- espi0n/Dockerfiles -用于各种OSINT工具的Dockerfile @espi0n.
Sub Domain Enumeration¶
- Sublist3r -Sublist3r是用于渗透测试人员的多线程子域枚举工具, @aboul3la.
- EyeWitness -EyeWitness旨在获取网站的屏幕截图,提供一些服务器标头信息,并在可能的情况下通过以下方式识别默认凭据: @ChrisTruncer.
- subDomainsBrute -面向渗透测试者的简单快速子域暴力破解工具, @lijiejie.
- AQUATONE -的网域天桥工具 @michenriksen.
- domain_analyzer -通过查找所有可能的信息来分析任何域的安全性 @eldraco.
- VirusTotal domain information -通过搜索域名信息 VirusTotal.
- Certificate Transparency -Google的“证书透明性”项目通过以下方式修复了SSL证书系统中的一些结构性缺陷: @google.
- Certificate Search -输入身份(域名,组织名称等),证书指纹(SHA-1或SHA-256)或crt.sh ID,以通过以下方式搜索证书 @crtsh.
- GSDF -名为GoogleSSLdomainFinder的域搜索者 @We5ter.
Code Generating¶
- VWGen -易受攻击的Web应用程序生成器 @qazbnm456.
Fuzzing¶
- wfuzz -Web应用程序通过 @xmendez.
- charsetinspect -检查多字节字符集以查找具有特定用户定义属性的字符的脚本 @hack-all-the-things.
- IPObfuscator -通过以下工具将IP转换为DWORD IP的简单工具 @OsandaMalith.
- domato -DOM模糊测试者 @google.
- FuzzDB -用于黑盒应用程序故障注入和资源发现的攻击模式和原语字典.
- dirhunt -优化的网络爬虫,用于通过以下方式搜索和分析站点的目录结构 @nekmo.
- ssltest -在线服务,对公共Internet上任何SSL Web服务器的配置进行深入分析. 由...提供 Qualys SSL Labs.
- fuzz.txt -潜在的危险文件 @Bo0oM.
Scanning¶
- wpscan -WPScan是黑匣子WordPress漏洞扫描程序,由 @wpscanteam.
- JoomlaScan -免费软件,用于查找Joomla CMS中安装的组件,这些组件由Joomscan的灰烬构建而成, @drego85.
- WAScan -是使用“黑匣子”方法创建的开源Web应用程序安全扫描程序,由 @m4ll0k.
Penetration Testing¶
- Burp Suite -Burp Suite是一个集成平台,用于通过以下方式对Web应用程序执行安全性测试: portswigger.
- TIDoS-Framework -全面的Web应用程序审核框架,涵盖了从侦察和OSINT到漏洞分析的所有内容, @_tID.
- Astra -REST API的自动化安全测试 @flipkart-incubator.
- aws_pwn -由以下人员收集的AWS渗透测试垃圾 @dagrz.
- grayhatwarfare -公共水桶 grayhatwarfare.
Offensive¶
XSS - Cross-Site Scripting¶
- beef -通过的浏览器开发框架项目 beefproject.
- JShell -通过XSS获得JavaScript shell @s0md3v.
- XSStrike -XSStrike是一个程序,可以模糊和暴力破解XSS的参数. 它还可以通过以下方式检测和绕过WAF: @s0md3v.
- xssor2 -XSS'OR-使用JavaScript入侵 @evilcos.
- csp evaluator -评估内容安全政策的工具 Csper.
SQL Injection¶
- sqlmap -自动SQL注入和数据库接管工具.
Template Injection¶
XXE¶
- dtd-finder -列出DTD并使用以下本地DTD生成XXE负载 @GoSecure.
Cross Site Request Forgery¶
- XSRFProbe -的主要CSRF审核和开发工具包 @0xInfection.
Server-Side Request Forgery¶
- Open redirect/SSRF payload generator -通过以下方式打开重定向/ SSRF有效负载生成器 intigriti.
Leaking¶
- HTTPLeaks -通过所有可能的方式,网站可以通过以下方式泄漏HTTP请求: @cure53.
- dvcs-ripper -Rip Web可访问(分布式)版本控制系统:SVN / GIT / HG ... @kost.
- DVCS-Pillage -通过以下方式访问Pillage网站的GIT,HG和BZR存储库 @evilpacket.
- GitMiner -由Github上的内容高级挖掘工具 @UnkL4b.
- gitleaks -搜索完整的回购历史记录,以查找秘密和密钥 @zricethezav.
- CSS-Keylogging -Chrome扩展程序和Express服务器,可利用CSS的按键记录功能 @maxchehab.
- pwngitmanager -彭特市的Git经理 @allyshka.
- snallygaster -通过以下工具扫描HTTP服务器上的秘密文件的工具 @hannob.
- LinkFinder -通过以下方式在JavaScript文件中查找端点的Python脚本 @GerbenJavado.
Detecting¶
- sqlchop -SQL注入检测引擎 chaitin.
- xsschop -XSS检测引擎 chaitin.
- retire.js -扫描程序通过以下方式检测对已知漏洞的JavaScript库的使用: @RetireJS.
- malware-jail -沙箱,用于半自动Java恶意软件分析,去混淆和有效载荷提取, @HynekPetrak.
- repo-supervisor -扫描您的代码以检查安全性配置错误,搜索密码和机密.
- bXSS -bXSS是一个简单的Blind XSS应用程序,适用于 cure53.de/m 通过 @LewisArdern.
- OpenRASP -百度公司积极维护的开源RASP解决方案.借助上下文感知检测算法,该项目几乎没有出现误报. 在高服务器负载下,性能下降不到3%.
- GuardRails -GitHub应用程序,可在请求请求中提供安全性反馈.
Preventing¶
- DOMPurify -HTML,MathML和SVG的仅DOM,超快速,超耐性XSS消毒剂,由 Cure53.
- js-xss -使用白名单指定的配置对不受信任的HTML进行清理(以防止XSS) @leizongmin.
- Acra -用于SQL数据库的客户端加密引擎,具有强大的选择性加密,防止SQL注入和入侵检测功能 @cossacklabs.
- Csper -一套用于构建/评估/监控内容安全策略的工具,以防止/检测跨站点脚本 Csper.
Proxy¶
- Charles -HTTP代理/ HTTP监视器/反向代理,使开发人员可以查看其计算机与Internet之间的所有HTTP和SSL / HTTPS通信.
- mitmproxy -面向渗透测试人员和软件开发人员的交互式TLS拦截HTTP代理功能 @mitmproxy.
Webshell¶
- nano -代码族使用PHP打高尔夫球 @s0md3v.
- webshell -这是一个Webshell开源项目,由 @tennc.
- Weevely -武器化的网页壳 @epinna.
- Webshell-Sniper -通过终端管理您的网站 @WangYihang.
- Reverse-Shell-Manager -通过终端反向Shell Manager@WangYihang.
- reverse-shell -反向Shell即服务 @lukechilds.
Disassembler¶
- plasma -Plasma是x86 / ARM / MIPS的交互式反汇编程序,作者: @plasma-disassembler.
- radare2 -类似于Unix的逆向工程框架和命令行工具 @radare.
- Iaitō -用于Radar2逆向工程框架的Qt和C ++ GUI @hteso.
Decompiler¶
- CFR -另一个Java反编译器 @LeeAtBenf.
DNS Rebinding¶
- DNS Rebind Toolkit -DNS Rebind Toolkit是一个前端JavaScript框架,用于开发针对局域网(LAN)上易受攻击的主机和服务的DNS Rebinding攻击,方法是: @brannondorsey
- dref -DNS重新绑定开发框架. Dref为DNS重新绑定做了繁重的工作 @mwrlabs
- Singularity of Origin -它包含必要的组件,以将攻击服务器DNS名称的IP地址重新绑定到目标计算机的IP地址,并提供攻击有效载荷以通过以下方式利用目标计算机上的易受攻击的软件 @nccgroup
- Whonow DNS Server -恶意DNS服务器,用于通过以下方式即时执行DNS重新绑定攻击 @brannondorsey
Others¶
- Dnslogger -DNS记录器 @iagox86.
- CyberChef -网络瑞士军刀-用于加密,编码,压缩和数据分析的网络应用- @GCHQ.
- ntlm_challenger -通过以下方式解析NTLM over HTTP质询消息 @b17zr.
- cefdebug -通过以下方式连接到CEF调试器的代码最少 @taviso.
- ctftool -的交互式CTF探索工具 @taviso.
Social Engineering Database¶
- haveibeenpwned -检查您的帐户是否因数据泄露而受到入侵 Troy Hunt.
Blogs¶
- Orange -台湾的网络专家.
- leavesongs -中国的网络专家.
- James Kettle -研究主管 PortSwigger Web Security.
- Broken Browser -有趣的浏览器漏洞.
- Scrutiny -Dhiraj Mishra通过Web浏览器进行的Internet安全性.
- BRETT BUERHAUS -漏洞披露和有关应用程序安全性的漫步.
- n0tr00t - ~# n0tr00t Security Team.
- OpnSec -开放思想安全!
- RIPS Technologies -有关PHP漏洞的内容.
- 0Day Labs -出色的错误赏金并挑战撰写内容.
- Blog of Osanda -安全研究与逆向工程.
Twitter Users¶
- @HackwithGitHub -主动向黑客和渗透测试者展示开源黑客工具
- @filedescriptor -主动的攻击者经常发推文并撰写有用的文章
- @cure53berlin - Cure53 是一家德国网络安全公司.
- @XssPayloads -JavaScript意外使用的仙境,还有更多.
- @kinugawamasato -日本网络渗透者.
- @h3xstream -安全研究员,对网络安全,加密,渗透测试,静态分析感兴趣,但最重要的是,萨米是我的英雄.
- @garethheyes -英文网络穿透者.
- @hasegawayosuke -日本javascript安全研究员.
- @shhnjk -网络和浏览器安全研究员.
Practices¶
Application¶
- OWASP Juice Shop -可能是最现代,最复杂的不安全Web应用程序-作者: @bkimminich 和 @owasp_juiceshop 球队.
- BadLibrary -易受攻击的网络应用程序-撰写者 @SecureSkyTechnology.
- Hackxor -现实的Web应用程序黑客游戏-撰写者 @albinowax.
- SELinux Game -通过实践学习SELinux. 解决难题,显示技能-撰写者 @selinuxgame.
- Portswigger Web Security Academy -免费培训和实验室-撰写者 PortSwigger.
AWS¶
- FLAWS -Amazon AWS CTF挑战-作者: @0xdabbad00.
- CloudGoat -Rhino Security Labs的“设计易受攻击” AWS基础设施设置工具-撰写人 @RhinoSecurityLabs.
XSS¶
- XSS game -Google XSS Challenge-由Google撰写.
- prompt(1) to win -2014年夏季举行的16级复杂XSS挑战赛(+4隐藏级别)-作者: @cure53.
- alert(1) to win -XSS系列挑战-作者: @steike.
- XSS Challenges -系列XSS挑战-由yamagata21撰写.
ModSecurity / OWASP ModSecurity Core Rule Set¶
- ModSecurity / OWASP ModSecurity Core Rule Set -安装,配置和调整ModSecurity和核心规则集的一系列教程-撰写者 @ChrFolini.
Community¶
Miscellaneous¶
- awesome-bug-bounty -可用的漏洞赏金与披露程序和撰写的全面精选清单 @djadmin.
- bug-bounty-reference -按漏洞性质分类的漏洞赏金记录清单 @ngalongc.
- Google VRP and Unicorns -由 Daniel Stelter-Gliese.
- Brute Forcing Your Facebook Email and Phone Number -由 PwnDizzle.
- Pentest + Exploit dev Cheatsheet wallpaper -渗透测试和开发Dev CheatSheet.
- The Definitive Security Data Science and Machine Learning Guide -由JASON TROS撰写.
- EQGRP -解密eqgrp-auction-file.tar.xz的内容 @x0rz.
- notes -一些公共注释 @ChALkeR.
- A glimpse into GitHub's Bug Bounty workflow -由 @gregose.
- Cybersecurity Campaign Playbook -由 Belfer Center for Science and International Affairs.
- Infosec_Reference -不会吸引的信息安全参考 @rmusser01.
- Internet of Things Scanner -检查您的家用互联网连接设备是否在Shodan上公开 BullGuard.
- The Bug Hunters Methodology v2.1 -由 @jhaddix.
- $7.5k Google services mix-up -由 Ezequiel Pereira.
- How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting -由 @fransrosen.
- TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%) -由 voidsec.
- Escape and Evasion Egressing Restricted Networks -由 Chris Patten, Tom Steele.
- Be careful what you copy: Invisibly inserting usernames into text with Zero-Width Characters -由 @umpox.
- Domato Fuzzer's Generation Engine Internals -由 sigpwn.
- CSS Is So Overpowered It Can Deanonymize Facebook Users -由 Ruslan Habalov.
- Introduction to Web Application Security -由 @itsC0rg1, @jmkeads 和 @matir.
- Finding The Real Origin IPs Hiding Behind CloudFlare or TOR -由 Paul Dannewitz.
- Why Facebook's api starts with a for loop -由 @AntoGarand.
- How I could have stolen your photos from Google - my first 3 bug bounty writeups -由 @gergoturcsanyi.
- An example why NAT is NOT security -由 @0daywork.
- WEB APPLICATION PENETRATION TESTING NOTES -由 Jayson.
- Hacking with a Heads Up Display -由 David Scrobonia.
- Alexa Top 1 Million Security - Hacking the Big Ones -由 @slashcrypto.
- The bug bounty program that changed my life -由 Gwen.
- List of bug bounty writeups -由 Mariem.
- Implications of Loading .NET Assemblies -由 Brian Wallace.
- WCTF2019: Gyotaku The Flag -由 @t0nk42.
- How we abused Slack's TURN servers to gain access to internal services -由 @sandrogauci.
Code of Conduct¶
请注意,此项目发布时带有 Contributor Code of Conduct . 通过参与该项目,您同意遵守其条款.
License¶
在法律允许的范围内, @qazbnm456 放弃了此作品的所有版权以及相关或邻近的权利.