红蓝资源
(42)

红队资源

1.红队资料集锦:https://www.lshack.cn/772/
2.AD攻击防御:https://github.com/infosecn1nja/AD-Attack-Defense
3.优秀红队资源:https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
4.零租资料库:https://wiki.0-sec.org/#/md
5.Micro8高级攻防:https://github.com/Micropoor/Micro8
6.红队常用命令:https://github.com/foobarto/redteam-notebook
7.APT笔记:https://github.com/kbandla/APTnotes
8.渗透测试笔记:https://github.com/Techlord-RCE/Penetration-Testing
9.web渗透笔记:https://github.com/qazbnm456/awesome-web-security

hl.jpg

蓝队资源

1.蓝队资源集锦:https://github.com/fabacab/awesome-cybersecurity-blueteam
2.攻防思维导图:https://github.com/SecWiki/sec-chart
3.AWS安全检测:https://github.com/stuhirst/awssecurity/blob/master/arsenal.md
4.AWS安全工具:https://github.com/toniblyx/my-arsenal-of-aws-security-tools
5.GitHub监控工具:https://github.com/0xbug/Hawkeye

  1. github信息监测:https://github.com/Hell0W0rld0/Github-Hunter
    7.服务器安全管理平台:https://github.com/chaitin/cloudwalker

8.评估工具:https://github.com/guardicore/monkey
9.企业安全管理平台:https://github.com/zhaoweiho/SecurityManageFramwork

开源漏洞库

1.乌云漏洞详情文章:https://wooyun.kieran.top
2.同程安全公开漏洞:https://sec.ly.com/bugs
3.中国国家工控漏洞库:http://ics.cnvd.org.cn
4.美国国家工控漏洞库:https://ics-cert.us-cert.gov/advisories
5.绿盟漏洞库:http://www.nsfocus.net/index.php?act=sec_bug
6.威努特工控漏洞库:http://ivd.winicssec.com/
7.CVE中文工控漏洞库:http://cve.scap.org.cn/view/ics
8.美国Offensive Security的漏洞库:https://www.exploit-db.com
9.美国国家信息安全漏洞库:https://nvd.nist.gov/vuln/search

练习靶场

1.124个Hacking技术的网站:https://www.blackmoreops.com/2018/11/06/124-legal-hacking-websites-to-practice-and-learn/
2.vulnhub: https://www.vulnhub.com
3.世界知名ctf交流网站: https://www.wechall.net
4.谷歌XSS挑战:https://www.xssgame.com
5.在线靶场挑战:https://www.hackthebox.eu
6.vulstudy:https://github.com/c0ny1/vulstudy
7.多种漏洞复现系统:https://github.com/bkimminich/juice-shop
8.sql注入:https://github.com/Audi-1/sqli-labs
9.红日靶场:http://vulnstack.qiyuanxuetang.net/vuln/

扫描器

Nmap端口扫描器:
https://github.com/nmap/nmap
被动式注入检测工具: https://github.com/sea-god/GourdScan
高质量扫描Linux / FreeBSD Server中的任何漏洞:
https://github.com/future-architect/vuls

子域名扫描器:

Altdns-通过变更和排列发现子域:https://github.com/infosec-au/altdns
SubBrute使用开放式解析器作为一种代理来规避DNS速率限制:https://github.com/TheRook/subbrute
subDomainsBrute 1.2一个针对渗透测试者的快速子域暴力工具:https://github.com/lijiejie/subDomainsBrute
Sublist3r:https://github.com/aboul3la/Sublist3r
本地网络扫描器(打开网页时扫描本地网络的PoC Javascript):
https://github.com/SkyLined/LocalNetworkScanner
HellRaiser基于端口扫描以及关联CVE:
https://github.com/m0nad/HellRaiser
Routeh-页面上的漏洞路由器:
https://github.com/jh00nbr/Routeh
防火墙检测工具:
https://github.com/EnableSecurity/wafw00f
漏洞扫描程序,以最少的规则集在短时间内扫描大量目标:
https://github.com/lijiejie/BBScan
基于SQLMAP的主动和被动SQL注入的漏洞扫描工具: https://github.com/fengxuangit/Fox-scan/

信息搜集工具

社工收集工具:
https://github.com/n0tr00t/Sreg
信息扫描工具:
https://github.com/darryllane/Bluto
本地网络扫描仪:
https://github.com/sowish/LNScan
通过RDP扫描可访问性工具后门:
https://github.com/linuz/Sticky-Keys-Slayer
网络基础设施渗透测试工具:
https://github.com/SECFORCE/sparta
GitHub信息收集:
https://github.com/metac0rtex/GitHarvester

密码破解

密码破解工具(开膛手Johnny):
https://github.com/shinnok/johnny
获取存储在本地计算机上大量的密码:
https://github.com/AlessandroZ/LaZagne
SNMP暴力破解:
https://github.com/SECFORCE/SNMP-Brute

Web渗透(禁止用作违法)

HTTP暴力破解,撞库攻击脚本:
https://github.com/lijiejie/htpwdScan
webshell:
https://github.com/tennc/webshell
免杀webshell无限生成工具:
https://github.com/yzddmr6/webshell-venom
渗透工具合集:
https://github.com/rootphantomer/hack_tools_for_me
XSSOR-方便XSS与CSRF的工具:
https://github.com/evilcos/xssor2
w3af-Web应用程序攻击和审核框架:
https://github.com/andresriancho/w3af
渗透测试包:
https://github.com/leonteale/pentestpackage
网络路径扫描仪:
https://github.com/maurosoria/dirsearch
代码注入检测工具: https://github.com/epinna/tplmap hackUtils:
https://github.com/brianwrf/hackUtils
Nikto Web服务器扫描仪:
https://github.com/sullo/nikto
自动化的多合一OS命令注入和利用工具:
https://github.com/commixproject/commix
sslscan测试:
https://github.com/rbsec/sslscan
Windows安全工具套件:
https://github.com/codejanus/ToolSuite
Apache实时日志分析器系统:
https://github.com/mthbernardes/ARTLAS
检测网络入侵的特征,恶意蜘蛛(Malspider):
https://github.com/ciscocsirt/malspider
下一代网络扫描仪WhatWeb:
https://github.com/urbanadventurer/whatweb
WPScan,WordPress漏洞扫描程序:
https://github.com/wpscanteam/wpscan
【sqlmap】:
https://github.com/sqlmapproject/sqlmap
SQLi-Hunter(HTTP代理服务器和一个SQLMAP API包装器):
https://github.com/zt2/sqli-hunter
中国菜刀:
https://github.com/Chora10/Cknife

Fuzz

Web应用程序模糊器:
https://github.com/xmendez/wfuzz

漏洞及渗透练习平台

WebGoat漏洞练习平台:
https://webgoat.github.io/WebGoat/
dvwa漏洞练习平台:
https://github.com/ethicalhack3r/DVWA
数据库注入练习平台 :
https://github.com/Audi-1/sqli-labs
like OWASP Node Goat:
https://github.com/cr0hn/vulnerable-node
Ruby编写的一款工具,安全方案生成器(SecGen):
https://github.com/cliffe/secgen
VulApps漏洞练习平台:
https://github.com/Medicean/VulApps
ZVuldrill Web突破演练平台:
https://github.com/710leo/ZVulDrill
WebGoat旧版:
https://github.com/WebGoat/WebGoat-Legacy

本文为作者admin发布,未经允许禁止转载!
上一篇 下一篇
评论
暂无评论 >_<
加入评论