渗透测试web安全培训必备知识点
入门指南
https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 中文版
https://wizardforcel.gitbooks.io/asani/content/ 浅入浅出android安全 中文版
https://wizardforcel.gitbooks.io/lpad/content/ Android 渗透测试学习手册 中文版
https://wizardforcel.gitbooks.io ... t-cookbook/content/ Kali Linux Web渗透测试秘籍 中文版
https://github.com/hardenedlinux ... evelopment-tutorial Linux exploit 开发入门
https://www.gitbook.com/book/t0data/burpsuite/details burpsuite实战指南
http://www.kanxue.com/?article-read-1108.htm=&winzoom=1 渗透测试Node.js应用
https://github.com/qazbnm456/awesome-web-security web安全资料和资源列表
https://sec-wiki.com/ sec-wiki安全维基百科
She Is My Sin Nightwish - Wishmaster
fuzz工具收集
https://github.com/ivanfratric/winafl
https://github.com/attekett/NodeFuzz
https://github.com/google/oss-fuzz
http://blog.topsec.com.cn/ad_lab/alphafuzzer/
http://llvm.org/docs/LibFuzzer.html
子域名枚举
Heavy Linkin Park;Kiiara – One More Light
https://github.com/lijiejie/subDomainsBrute (经典的子域名爆破枚举脚本)
https://github.com/ring04h/wydomain (子域名字典穷举)
https://github.com/le4f/dnsmaper (子域名枚举与地图标记)
https://github.com/0xbug/orangescan (在线子域名信息收集工具)
https://github.com/TheRook/subbrute (根据DNS记录查询子域名)
https://github.com/We5ter/GSDF (基于谷歌SSL透明证书的子域名查询脚本)
https://github.com/mandatoryprogrammer/cloudflare_enum (使用CloudFlare进行子域名枚举的脚本)
https://github.com/18F/domain-scan (A domain scanner)
https://github.com/guelfoweb/knock (Knock Subdomain Scan)
https://github.com/Evi1CLAY/Cool ... Python/DomainSeeker (多方式收集目标子域名信息)
https://github.com/code-scan/BroDomain (兄弟域名查询)
https://github.com/chuhades/dnsbrute (基于dns查询的子域名枚举)
web应用扫描器
http://github.com/Arachni/arachni (web应用安全扫描器框架 http://www.arachni-scanner.com)
数据库扫描、注入工具
https://github.com/sqlmapproject/sqlmap (注入工具之王sqlmap)
https://github.com/0xbug/SQLiScanner (一款基于SQLMAP和Charles的被动SQL注入漏洞扫描工具)
https://github.com/stamparm/DSSS (99行代码实现的sql注入漏洞扫描器)
https://github.com/youngyangyang04/NoSQLAttack (一款针对mongoDB的攻击工具)
https://github.com/Neohapsis/bbqsql (SQL盲注利用框架)
https://github.com/NetSPI/PowerUpSQL (攻击SQLSERVER的Powershell脚本框架)
https://github.com/WhitewidowScanner/whitewidow (又一款数据库扫描器)
https://github.com/stampery/mongoaudit (MongoDB审计及渗透工具)
https://github.com/commixproject/commix (注入点命令执行利用工具)
弱口令或信息泄漏扫描
Conquest Of Paradise (征服天堂) Vangelis – 1492 – Conquest of Paradise (Soundtrack from the Motion Picture)
https://github.com/lijiejie/htpwdScan (一个简单的HTTP暴力破解、撞库攻击脚本)
https://github.com/lijiejie/BBScan (一个迷你的信息泄漏批量扫描脚本)
https://github.com/lijiejie/GitHack (.git文件夹泄漏利用工具)
https://github.com/LoRexxar/BScanner (基于字典的目录扫描小工具)
https://github.com/she11c0der/fenghuangscanner_v3 (各种端口及弱口令检测,作者wilson9x1,原地址失效)
https://github.com/ysrc/F-Scrack (对各类服务进行弱口令检测的脚本)
https://github.com/Mebus/cupp (根据用户习惯生成弱口令探测字典脚本)
https://github.com/RicterZ/genpAss (中国特色的弱口令生成器)
https://github.com/netxfly/crack_ssh (go写的协程版的ssh\redis\mongodb弱口令破解工具)
https://github.com/n0tr00t/Sreg (通过输入email、phone、username的返回用户注册的所有互联网护照信息)
https://github.com/repoog/GitPrey (GitHub敏感信息扫描工具)
https://github.com/dxa4481/truffleHog (GitHub敏感信息扫描工具,包括检测commit等)
https://github.com/LandGrey/pydictor (暴力破解字典建立工具)
https://github.com/GDSSecurity/xxe-recursive-download (xxe漏洞递归下载工具)
https://buer.haus/xxegen/ (xxe在线生成利用工具)
物联网设备扫描
Élan Nightwish – Élan
https://github.com/rapid7/IoTSeeker (物联网设备默认密码扫描检测工具)
https://github.com/shodan-labs/iotdb (使用nmap扫描IoT设备)
https://github.com/jh00nbr/Routerhunter-2.0 (路由器漏洞扫描利用)
https://github.com/reverse-shell/routersploit (路由器漏洞利用框架)
https://github.com/scu-igroup/telnet-scanner (telnet服务密码撞库)
https://github.com/RUB-NDS/PRET (打印机攻击框架)
XSS扫描
https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer)
https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing)
https://github.com/0x584A/fuzzXssPHP (PHP版本的反射型xss扫描)
https://github.com/chuhades/xss_scan (批量扫描xss的python脚本)
https://github.com/BlackHole1/autoFindXssAndCsrf (自动化检测页面是否存在XSS和CSRF漏洞的浏览器插件)
企业网络自检
https://github.com/sowish/LNScan (详细的内部网络信息扫描器)
已有8166人参加
