-
安全技能树简版
-
说明
-
V1 By @余弦 201706
-
联系我:evilcos@gmail.com
-
更新动态关注微信公众号:懒人在思考
-
-
工欲善其事必先利其器
-
世界之大总有一款利器适合你
-
这份技能树最适合走向安全工程化之路的人
-
-
高效习惯
-
正则表达式
-
调试工具
-
Kodos
-
RegexBuddy
-
https://regexper.com/
-
-
正则表达式30分钟入门教程
-
https://deerchao.net/tutorials/regex/regex.htm
-
-
Python
-
http://wiki.ubuntu.org.cn/Python正则表达式操作指南
-
-
-
数据相关
-
bsddb
-
SQLite
-
MySQL
-
MongoDB
-
Cassandra
-
ELK
-
Elasticsearch
-
Logstash
-
Kibana
-
-
Neo4j
-
Redis
-
Memcached
-
Hadoop
-
JSON
-
XML
-
cPickle
-
protobuf
-
-
从脚本到大并发
-
JavaScript
-
jQuery
-
Bootstrap
-
前端框架,不仅JavaScript
-
-
Node.js
-
https://nodejs.org/
-
-
npm
-
https://www.npmjs.com/
-
-
-
Python
-
PEP 8编程习惯
-
https://www.python.org/dev/peps/pep-0008/
-
-
urllib2
-
socket
-
requests
-
框架
-
Scrapy
-
爬虫框架
-
-
Django
-
Web开发框架
-
-
-
并发
-
thread/threading
-
multiprocessing
-
gevent
-
-
pip
-
https://pypi.python.org/pypi
-
-
-
Go
-
https://tour.go-zh.org/list
-
-
-
HTTP
-
Burp Suite
-
https://portswigger.net/burp/
-
很多时候,免费版本已经满足需求
-
-
Fiddler
-
http://www.telerik.com/fiddler
-
-
Firefox
-
Firebug
-
NoScript
-
-
Chrome
-
F12
-
-
WhatWeb
-
w3af
-
sqlmap
-
XSS'OR
-
http://xssor.io/
-
-
-
各种协议
-
端口扫描
-
Nmap
-
https://nmap.org/
-
https://highon.coffee/blog/nmap-cheat-sheet/
-
-
Zmap
-
https://www.zmap.io/
-
-
masscan
-
-
Hydra
-
https://www.thc.org/thc-hydra/
-
-
Metasploit
-
https://www.metasploit.com/
-
-
流量
-
Wireshark
-
https://www.wireshark.org/
-
-
TShark
-
https://www.wireshark.org/docs/man-pages/tshark.html
-
-
Tcpdump
-
http://www.tcpdump.org/
-
-
Snort
-
https://www.snort.org/
-
-
Bro
-
https://www.bro.org/
-
-
Moloch
-
http://molo.ch/
-
-
Suricata
-
https://suricata-ids.org/
-
-
-
-
漏洞测试
-
漏洞环境
-
Metasploitable3
-
WebGoat
-
DVWA
-
XVWA
-
-
网络空间搜索引擎
-
Google
-
ZoomEye
-
https://www.zoomeye.org/
-
-
Shodan
-
https://www.shodan.io/
-
-
Censys
-
https://censys.io/
-
-
-
漏洞库
-
Exploit-DB
-
https://www.exploit-db.com/
-
https://www.exploit-db.com/searchsploit/
-
-
Seebug
-
https://www.seebug.org/
-
-
0day.today
-
http://0day.today/
-
-
-
-
渗透测试
-
洛马七步杀
-
http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html
-
-
Penetration Testing Tools Cheat Sheet
-
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
-
-
端口转发
-
最基础的SSH隧道
-
https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/index.html
-
-
iptables -t nat
-
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html
-
-
rtcp.py
-
姿势大全
-
https://artkond.com/2017/03/23/pivoting-guide/
-
-
-
Reverse Shell Cheat Sheet
-
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
-
-
部分框架
-
Kali Linux
-
http://tools.kali.org/tools-listing
-
-
Pentest Box
-
https://pentestbox.org/
-
-
Maltego
-
https://www.paterva.com/web7/
-
-
The Social-Engineer Toolkit (SET)
-
Cobalt Strike
-
https://www.cobaltstrike.com/
-
-
Nmap
-
Metasploit
-
BeEF
-
http://beefproject.com/
-
-
mitmproxy
-
https://mitmproxy.org/
-
-
-
-
防御
-
暴力美学
-
不需要必须放线上的服务都下线
-
默认关闭所有端口,只开需要的
-
服务器登录只允许公私钥形式
-
干掉一切明文传输
-
使用口碑好的第三方服务及组件
-
备份备份再备份
-
假设自己正被“洛马七步杀”
-
-
部分工具
-
流量
-
Security Onion
-
https://securityonion.net/
-
-
OSSEC
-
https://ossec.github.io/
-
-
Splunk
-
https://www.splunk.com/
-
-
ELK
-
Lynis
-
https://cisofy.com/lynis/
-
-
iptables/防火墙
-
JWT
-
https://jwt.io/
-
-
-
资料
-
程序员与黑客系列
-
http://www.infoq.com/cn/presentations/programmers-and-hackers
-
http://www.infoq.com/cn/presentations/programmers-and-hackers-part02
-
-
实用性开发人员安全须知
-
SaaS型初创企业安全101
-
-
-
转载于:https://www.cnblogs.com/captainRoB/p/7146973.html
12万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
