本文转载自恶意代码分析相关工具&漏洞挖掘相关工具
目录
#Vulnscanner/Sniffer/Tools/Web Exploitation
#Exploits (Exploit/Vulnerability Databases)
0x01 恶意代码分析相关工具
1.Windows系统和应用程序监视工具ProcessExplorer .
2.Windows 系统监视工具 ProcessMonitor
3.内存使用情况的统计工具 Vmmap
4.启动项目管理器Autoruns
5.注册表数据监视软件RegMon
6.网络抓包工具WireShark,SmartSniff
7.安全监控分析应用软件Gmer
8.系统辅助工具 SysinternalsSuite
9.用户访问权限查看工具 AccessChk
10.调试工具OllyDbg, ImmunityDebugger
11.十六进制编码处理工具Hxd,Winhex
12.文件夹和文件对比工具BeyondCompare
13.十六进制(二进制)文件对比工具HexCmp
14.提取字符串的工具Bintext
15.静态调试工具 IDA
16.哈希值检测小工具HashTab
0x02 扫描恶意代码及分析工具
www.virustotal.com
http://virscan.org/
https://malwr.com/
http://www.threattracksecurity.com/
http://www.threatexpert.com/submit.aspx
http://virusscan.jotti.org/en
http://anubis.iseclab.org/
http://wepawet.iseclab.org/
http://eureka.cyber-ta.org/
https://analysis.f-secure.com/portal/login.html
http://www.xandora.net/upload/
0x03 Office文件相关恶意样本分析资料
http://blog.zeltser.com/post/23229415724/malicious-code-inside-office-documents
http://zeltser.com/reverse-malware/analyzing-malicious-documents.html
http://msdn.microsoft.com/en-us/library/cc313118.aspx
http://digital-forensics.sans.org/blog/2012/05/29/extract-flash-from-malicious-office-documents
0x04 PDF文件分析网站
http://www.malwaretracker.com/pdf.php
http://sandsprite.com/blogs/index.php?uid=7&pid=57
http://blog.didierstevens.com/programs/pdf-tools/
http://blog.zeltser.com/post/5360563894/tools-for-malicious-pdf-analysis
0x05 AdobeFlash/SWF 文件分析
http://labs.adobe.com/technologies/swfinvestigator/
http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167#.U0ZLNnCVNyY
http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167
http://betanews.com/2012/01/18/decompile-flash-files-with-hp-swfscan/
0x06 Android逆向相关
http://code.google.com/p/droidbox/
https://github.com/wuntee/androidAuditTools
http://developer.android.com/sdk/index.html
http://www.webopedia.com/TERM/A/Android_SDK.html
http://code.google.com/p/smali/
http://varaneckas.com/jad/
https://www.hex-rays.com/products/ida/6.1/
http://mobilesandbox.org/
http://code.google.com/p/androguard/
apktool
dex2jar
APKtoJava
androidMalwareEvaluating
DroidBox 动态分析应用的方案
fiddler 手机抓包工具
Drozer 安全测试框架
Tamer 实时监控的虚拟环境
jd-gui 分析jar文件工具
simplify 安卓代码混淆和还原dex文件工具
APKfuscator dex文件混淆工具
0x07 安卓漏洞及分析报告提供博客
http://blog.commandlinekungfu.com/http://contagiodump.blogspot.com/
http://malwaremustdie.blogspot.jp/
http://www.hexacorn.com/blog/
http://www.malanalysis.com/blog/
0x08 漏洞挖掘相关工具
#General/Basic Exploitation
http://www.pentest-standard.org/index.php/Main_Page
https://www.offensive-security.com/metasploit-unleashed/
http://null-byte.wonderhowto.com/how-to/metasploit-basics/
https://www.owasp.org/index.php/Main_Page
https://github.com/nixawk/pentest-wiki
https://github.com/beefproject/beef
https://github.com/commixproject/commix
https://github.com/reverse-shell/routersploit
#Distros
https://www.kali.org/
https://www.blackarch.org/
https://www.parrotsec.org/
#Vulnscanner/Sniffer/Tools/Web Exploitation
http://www.askapache.com/security/computer-security-toolbox-2/#common_security_programs
https://pastebin.com/kP04r4PM
http://www.irongeek.com/i.php?page=backtrack-r1-man-pages/netdiscover
http://www.tenable.com/products/nessus-vulnerability-scanner
https://www.rapid7.com/products/nexpose/
https://cirt.net/nikto2
https://nmap.org/
https://github.com/netsniff-ng/netsniff-ng
https://www.wireshark.org/
https://github.com/fwaeytens/dnsenum/
https://github.com/makefu/dnsmap/
http://www.tcpdump.org/
http://sqlmap.org/
https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
https://wpscan.org/
http://networksecuritytoolkit.org/nst/index.html
https://github.com/droope/droopescan
https://github.com/andresriancho/w3af
https://www.netsparker.com/
#Password Cracker
http://www.openwall.com/john/
http://hashcat.net/hashcat/
#Online Tools
http://crackstation.net
http://www.tcpiputils.com/
https://shodan.io
#Exploits (Exploit/Vulnerability Databases)
https://exploit-db.com/
http://kernel-exploits.com
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://nvd.nist.gov/
https://www.us-cert.gov/
https://blog.osvdb.org/
http://www.securityfocus.com/
http://seclists.org/fulldisclosure/
https://technet.microsoft.com/en-us/security/bulletins
https://technet.microsoft.com/en-us/security/advisories
https://packetstormsecurity.com/
http://www.securiteam.com/
http://cxsecurity.com/
https://www.vulnerability-lab.com/
#Payloads/Reverse Shells
https://www.veil-framework.com/framework/veil-evasion/
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
#CTF
https://www.vulnhub.com/
#Info/Blogs/Techniques/etc
http://wiki.bash-hackers.org/scripting/style
https://www.corelan.be/index.php/articles/
https://www.veracode.com/security/xss
http://www.thegeekstuff.com/2012/02/xss-attack-examples/
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://thehackernews.com/
http://securityidiots.com/Web-Pentest/SQL-Injection/Basic-Union-Based-SQL-Injection.html
https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
https://hakin9.org/voip-hacking-techniques/
#Lists
https://code.google.com/archive/p/hacktooldepot/downloads
http://tools.kali.org/tools-listing
http://sectools.org/
https://github.com/fffaraz/awesome-cpp
https://github.com/fffaraz/awesome-cpp
https://github.com/alebcay/awesome-shell
https://github.com/dreikanter/ruby-bookmarks
https://github.com/sorrycc/awesome-javascript
https://github.com/sindresorhus/awesome-nodejs
https://github.com/dloss/python-pentest-tools
https://github.com/ashishb/android-security-awesome
https://github.com/bayandin/awesome-awesomeness
https://github.com/paragonie/awesome-appsec
https://github.com/apsdehal/awesome-ctf
https://github.com/carpedm20/awesome-hacking
https://github.com/paralax/awesome-honeypots
https://github.com/clowwindy/Awesome-Networking
https://github.com/onlurking/awesome-infosec
https://github.com/rshipp/awesome-malware-analysis
https://github.com/caesar0301/awesome-pcaptools
https://github.com/sbilly/awesome-security
https://github.com/sindresorhus/awesome
https://github.com/danielmiessler/SecLists
https://github.com/PaulSec/awesome-sec-talks