【Web安全笔记】之【9.0 工具与资源】

最新推荐文章于 2024-06-07 09:41:39 发布

AA8j

最新推荐文章于 2024-06-07 09:41:39 发布

阅读量3k

点赞数 7

分类专栏： Web安全笔记

原文链接：https://blog.csdn.net/zhj082/article/details/80531628

版权

Web安全笔记专栏收录该内容

9 篇文章 10 订阅

订阅专栏

文章目录

9.0 工具与资源

9.0 工具与资源

9.1 推荐资源

9.1.1 书单

1. 前端

Web之困
白帽子讲Web安全
白帽子讲浏览器安全（钱文祥）
Web前端黑客技术揭秘
XSS跨站脚本攻击剖析与防御
SQL注入攻击与防御

2. 网络

Understanding linux network internals
TCP/IP Architecture, Design, and Implementation in Linux
Linux Kernel Networking: Implementation and Theory
Bulletproof SSL and TLS
UNIX Network Programming
TCP / IP 协议详解

3. SEO

SEO艺术

4. 无线攻防

无线网络安全攻防实战
无线网络安全攻防实战进阶
黑客大揭秘——近源渗透测试（柴坤哲等）

5. Hacking Programming

Gray Hat Python

6. 社会工程学

社会工程：安全体系中的人性漏洞
反欺骗的艺术
反入侵的艺术

7. 数据安全

大数据治理与安全从理论到开源实践（刘驰等）
企业大数据处理 Spark、Druid、Flume与Kafka应用实践（肖冠宇）
数据安全架构设计与实战（郑云文）

8. 机器学习与网络安全

Web安全深度学习实战（刘焱）
Web安全机器学习入门（刘焱）
Web安全之强化学习与GAN（刘焱）
AI安全之对抗样本入门（兜哥）

9. 安全建设

企业安全建设入门——基于开源软件打造企业网络安全（刘焱）
企业安全建设指南——金融行业安全架构与技术实践（聂君等）
大型互联网企业安全架构（石祖文）
CISSP官方学习指南
CISSP认证考试指南
Linux系统安全纵深防御、安全扫描与入侵检测（胥峰）

10. 综合

Web安全深度剖析
黑客秘笈——渗透测试实用指南
黑客攻防技术宝典——web实战篇

9.1.2 WebSite

https://adsecurity.org/

9.1.3 Blog

https://www.leavesongs.com/
https://paper.seebug.org/
https://xz.aliyun.com/
https://portswigger.net/blog
https://www.hackerone.com/blog

9.1.4 Bug Bounty

https://www.hackerone.com/
https://bugcrowd.com
https://www.synack.com/
https://cobalt.io/

9.1.5 实验环境

1. Web安全相关CTF题目

https://github.com/orangetw/My-CTF-Web-Challenges
https://www.ripstech.com/php-security-calendar-2017/
https://github.com/wonderkun/CTF_web
https://github.com/CHYbeta/Code-Audit-Challenges
https://github.com/l4wio/CTF-challenges-by-me
https://github.com/tsug0d/MyAwesomeWebChallenge
https://github.com/a0xnirudh/kurukshetra
http://www.xssed.com/

2. 域实验环境

Adaz: Active Directory Hunting Lab in Azure
Detection Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

9.1.6 知识库

1. Awesome 系列

2. Bug Hunting

HowToHunt Tutorials and Things to Do while Hunting Vulnerability

3. Java

learnjavabug Java安全相关的漏洞和技术demo

4. 红蓝对抗

atomic red team Small and highly portable detection tests based on MITRE’s ATT&CK

5. 后渗透

9.2 相关论文

9.2.1 论文列表

PRE-list List of (automatic) protocol reverse engineering tools for network protocols

9.2.2 流量分析

Plohmann D, Yakdan K, Klatt M, et al. A comprehensive measurement study of domain generating malware[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 263-278.
Nasr M, Houmansadr A, Mazumdar A. Compressive traffic analysis: A new paradigm for scalable traffic analysis[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2053-2069.

9.2.3 漏洞自动化

Staicu C A, Pradel M, Livshits B. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS[C]//NDSS. 2018.
Atlidakis V , Godefroid P , Polishchuk M . REST-ler: Automatic Intelligent REST API Fuzzing[J]. 2018.
Alhuzali A, Gjomemo R, Eshete B, et al. {NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 377-392.

9.2.4 攻击技巧

Lekies S, Kotowicz K, Groß S, et al. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1709-1723.
Papadopoulos P, Ilia P, Polychronakis M, et al. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation[J]. arXiv preprint arXiv:1810.00464, 2018.

9.2.5 攻击检测

Liu T, Qi Y, Shi L, et al. Locate-then-detect: real-time web attack detection via attention-based deep neural networks[C]//Proceedings of the 28th International Joint Conference on Artificial Intelligence. AAAI Press, 2019: 4725-4731.

9.2.6 隐私

Klein A, Pinkas B. DNS Cache-Based User Tracking[C]//NDSS. 2019.

9.2.7 指纹

Hayes J, Danezis G. k-fingerprinting: A robust scalable website fingerprinting technique[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 1187-1203.
Overdorf R, Juarez M, Acar G, et al. How unique is your. onion?: An analysis of the fingerprintability of tor onion services[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2021-2036.

9.2.8 侧信道

Rosner N, Kadron I B, Bang L, et al. Profit: Detecting and Quantifying Side Channels in Networked Applications[C]//NDSS. 2019.

9.2.9 认证

Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? an empirical analysis of single sign-on account hijacking and session management on the web[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 1475-1492.

9.2.10 防护

Pellegrino G, Johns M, Koch S, et al. Deemon: Detecting CSRF with dynamic analysis and property graphs[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1757-1771.

9.3 信息收集

9.3.1 Whois

9.3.2 网站备案

9.3.3 CDN查询

9.3.4 子域爆破

9.3.5 域名获取

the art of subdomain enumeration
sslScrape
aquatone A Tool for Domain Flyovers
teemo A Domain Name & Email Address Collection Tool
DNS DB 历史记录

9.3.6 弱密码爆破

hydra
medusa is a high-speed network authentication cracking tool
Ncrack
htpwdScan
patator

9.3.7 Git信息泄漏

GitHack By lijiejie
GitHack By BugScan
GitTools
Zen
dig github history
gitrob Reconnaissance tool for GitHub organizations
git secrets
shhgit Find GitHub secrets in real time
GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
x patrol Github leaked patrol
GitDorker scrape secrets from GitHub through usage of a large repository of dorks

9.3.8 Github监控

Github Monitor Github Sensitive Information Leakage Monitor
Github Dorks
GSIL
Hawkeye
gshark
GitGot
gitGraber

9.3.9 路径及文件扫描

9.3.10 路径爬虫

crawlergo A powerful dynamic crawler for web vulnerability scanners

9.3.11 指纹识别

Wappalyzer
whatweb
Wordpress Finger Print
CMS指纹识别
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way
TideFinger

9.3.12 Waf指纹

9.3.13 端口扫描

nmap
zmap
masscan
ShodanHat
RustScan The Modern Port Scanner
DNS dnsenum nslookup dig fierce
SNMP snmpwalk

9.3.14 DNS数据查询

9.3.15 DNS关联

9.3.16 云服务

9.3.17 数据查询

9.3.18 Password

Probable Wordlists Wordlists sorted by probability originally created for password generation and testing
Common User Passwords Profiler
chrome password grabber

9.3.19 CI信息泄露

secretz minimizing the large attack surface of Travis CI

9.3.20 个人数据画像

GHunt Investigate Google Accounts with emails

9.3.21 邮箱收集

EmailHarvester

9.3.22 其他

9.4 社会工程学

9.4.1 OSINT

9.4.2 社交工具

SlackPirate Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
twint An advanced Twitter scraping & OSINT tool

9.4.3 个人搜索

9.4.4 Hacking database

9.4.5 钓鱼

spoofcheck
gophish
SocialFish
HFish A Most Convenient Honeypot Platform
blackeye complete Phishing Tool, with 32 templates +1 customizable
king phisher Phishing Campaign Toolkit
espoofer An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures

9.4.6 网盘搜索

9.4.7 密码猜测

OMEN Ordered Markov ENumerator - Password Guesser
genpAss

9.4.8 伪造

email_hack 基于 Python 伪造电子邮件发件人

9.4.9 综合框架

9.5 模糊测试

9.5.1 Web Fuzz

wfuzz
SecLists
fuzzdb
foospidy payloads
ffuf Fast web fuzzer written in Go

9.5.2 XSS Payloads

9.5.3 Burp插件

BurpBounty Scan Check Builder
BurpShiroPassiveScan
IntruderPayloads A collection of Burpsuite Intruder payloads

9.5.4 字典

Blasting dictionary
pydictor A powerful and useful hacker dictionary builder for a brute-force attack
fuzzDicts Web Pentesting Fuzz 字典
bruteforce lists
CT subdomains
PentesterSpecialDict 渗透测试人员专用精简化字典

9.5.5 Unicode Fuzz

utf16encode

9.5.6 WAF Bypass

9.6 漏洞利用/检测

9.6.1 数据库注入

9.6.2 非结构化数据库注入

9.6.3 数据库漏洞利用

mysql unsha1
ODAT Oracle Database Attacking Tool

9.6.4 XSS

BeEF
XSS Reciver
DSXS
XSStrike
xsssniper
tracy
xsleaks A collection of browser-based side channel attack vectors

9.6.5 SSRF

9.6.6 模版注入

tplmap

9.6.7 HTTP Request Smuggling

smuggler An HTTP Request Smuggling / Desync testing tool written in Python
h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

9.6.8 命令注入

commix

9.6.9 PHP

Chankro Herramienta para evadir disable_functions y open_basedir

9.6.10 LFI

9.6.11 struts

struts scan

9.6.12 CMS

9.6.13 Java框架

ShiroScan Shiro<=1.2.4反序列化检测工具
fastjson rce tool fastjson命令执行利用工具

9.6.14 DNS相关漏洞

dnsAutoRebinding
AngelSword
Subdomain TakeOver
mpDNS
JudasDNS Nameserver DNS poisoning
singularity A DNS rebinding attack framework by NGC Group

9.6.15 DNS数据提取

9.6.16 DNS 隧道

9.6.17 DNS Shell

9.6.18 XXE

XXEinjector
XXER
DTD Finder List DTDs and generate XXE payloads using those local DTDs

9.6.19 反序列化

ysoserial
JRE8u20 RCE Gadget
Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form
marshalsec Java Unmarshaller Security - Turning your data into code execution
gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications

9.6.20 JNDI

Rogue JNDI A malicious LDAP server for JNDI injection attacks

9.6.21 端口Hack

9.6.22 JWT

jwtcrack

9.6.23 无线

infernal twin

9.6.24 中间人攻击

mitmproxy
MITMf
ssh mitm
injectify
Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks

9.6.25 DHCP

DHCPwn

9.6.26 DDoS

Saddam

9.6.27 Shellcode

go shellcode A repository of Windows Shellcode runners and supporting utilities

9.6.28 越权

secscan authcheck

9.6.29 利用平台

DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具
LuWu 红队基础设施自动化部署工具

9.6.30 漏洞利用库

Penetration Testing POC
thc ipv6 IPv6 attack toolkit

9.6.31 Windows

PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients

9.7 近源渗透

9.7.1 Bad USB

WiFiDuck Keystroke injection attack plattform
BadUSB code badusb的一些利用方式及代码
WHID WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids
BadUSB cable based on Attiny85 microcontroller
USB Rubber Ducky

9.7.2 wifi

9.7.3 无线

hackrf low cost software radio platform

9.8 Web持久化

9.8.1 WebShell管理工具

菜刀
antSword
冰蝎动态二进制加密网站管理客户端
weevely3 Weaponized web shell
Altman the cross platform webshell tool in .NET
Webshell Sniper Manage your website via terminal
quasibot complex webshell manager, quasi-http botnet

9.8.2 WebShell

9.8.3 Web后门

pwnginx
Apache backdoor
SharpGen .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries
IIS-Raid A native backdoor module for Microsoft IIS

9.9 横向移动

9.9.1 域

adidnsdump Active Directory Integrated DNS dump tool
BloodHound Six Degrees of Domain Admin
windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
ldapdomaindump Active Directory information dumper via LDAP
Kerberoast a series of tools for attacking MS Kerberos implementations
ADRecon Active Directory Recon

9.9.2 Azure AD

ROADtools Azure AD exploration framework

9.9.3 Exchange

ruler A tool to abuse Exchange services
MailSniper
PrivExchange Exchange your privileges for Domain Admin privs by abusing Exchange

9.9.4 PowerShell

PowerShellMafia

9.9.5 内网信息收集

SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable
WinShareEnum Windows Share Enumerator
HackBrowserData 全平台的浏览器数据导出工具

9.9.6 Kerberos

Rubeus
kerbrute A tool to perform Kerberos pre-auth bruteforcing

9.9.7 自动化审计

Infection Monkey Data center Security Testing Tool

9.10 操作系统持久化

9.10.1 Windows

1. 凭证获取

mimikatz
RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking
quarkspwdump Dump various types of Windows credentials without injecting in any process
SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality

2. 权限提升

WindowsExploits
GTFOBins Curated list of Unix binaries that can be exploited to bypass system security restrictions
JAWS Just Another Windows (Enum) Script

3. UAC Bypass

WinPwnage UAC bypass, Elevate, Persistence and Execution methods
UACME Defeating Windows User Account Control
UAC Bypass In The Wild

4. 免杀

SigThief Stealing Signatures and Making One Invalid Signature at a Time

5. C2

SharpSploit .NET post-exploitation library written in C#
Koadic is a Windows post-exploitation rootkit

6. 隐藏

ProcessHider Post-exploitation tool for hiding processes from monitoring applications
Invoke Phant0m Windows Event Log Killer
EventCleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities

7. 伪造

parent PID spoofing Scripts for performing and detecting parent PID spoofing
GetSystem This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.

8. 综合工具

Nishang Offensive PowerShell for red team, penetration testing and offensive security

9.10.2 Linux

1. 权限提升

linux exploit suggester
LinEnum Scripted Local Linux Enumeration & Privilege Escalation Checks
AutoLocalPrivilegeEscalation

2. rootkit

rootkit

3. 后门

prism is an user space stealth reverse shell backdoor
icmpsh Simple reverse ICMP shell

9.10.3 综合

1. 凭证获取

sshLooterC program to steal passwords from ssh
keychaindump A proof-of-concept tool for reading OS X keychain passwords
LaZagne Credentials recovery project

2. 权限提升

BeRoot Privilege Escalation Project - Windows / Linux / Mac

3. RAT

QuasarRAT

4. C2

Empire
pupy
Covenant is a collaborative .NET C2 framework for red teamers

5. DNS Shell

DNS Shell DNS-Shell is an interactive Shell over DNS channel
Reverse DNS Shell A python reverse shell that uses DNS as the c2 channel

6. Cobalt Strike

Cobalt Strike
CrossC2 generate CobaltStrike’s cross-platform payload
Cobalt Strike Aggressor Scripts

7. 日志清除

Log killer Clear all logs in [linux/windows] servers

8. Botnet

byob Build Your Own Botnet

9. 免杀工具

AV Evasion Tool 掩日 - 免杀执行器生成工具
DKMC Dont kill my cat - Malicious payload evasion tool

9.11 审计工具

9.11.1 通用

Cobra
Semmle QL
Sourcetrail free and open-source cross-platform source explorer
trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
fortify

9.11.2PHP

RIPS
prvd
phpvulhunter
chip a simple tool to detect potential security threat in php code

9.11.3 Python

9.11.4 Java

find sec bugs
Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications

9.11.5 JavaScript

NodeJsScan

9.11.6 供应链

Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components

9.12 防御

9.12.1 日志检查

9.12.2 终端监控

attack monitor Endpoint detection & Malware analysis software
artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
yurita Anomaly detection framework @ PayPal
crowdsec An open-source, lightweight agent to detect and respond to bad behaviours

9.12.3 XSS防护

9.12.4 配置检查

Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.
gixy Nginx 配置检查工具
dockerscan Docker security analysis & hacking tools

9.12.5 安全检查

9.12.6 IDS

9.12.7 SIEM

panther Detect threats with log data and improve cloud security posture

9.12.8 威胁情报

9.12.9 APT

9.12.10 入侵检查

9.12.11 进程查看

9.12.12 Waf

9.12.13 病毒在线查杀

9.12.14 WebShell查杀

9.12.15 规则 / IoC

malware ioc
fireeye public iocs
signature base
yara rules
capa rules standard collection of rules for capa
AttackDetection Suricata PT Open Ruleset
DailyIOC IOC from articles, tweets for archives

9.12.16 内存取证

9.12.17 Security Advisories

9.12.18 Security Tracker

Nginx Security Tracker

9.12.19 匹配工具

yara The pattern matching swiss knife
capa The FLARE team’s open-source tool to identify capabilities in executable files.

9.13 安全开发

9.13.1 风险控制

aswan 陌陌风控系统静态规则引擎

9.13.2 静态分析

PHP CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards

9.13.3 安全编码规范

9.13.4 漏洞管理

SRCMS
洞察宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台
xunfeng 适用于企业内网的漏洞快速应急，巡航扫描系统
DefectDojo an open-source application vulnerability correlation and security orchestration tool
Fuxi Scanner Penetration Testing Platform
SeMF 企业内网安全管理平台，包含资产管理，漏洞管理，账号管理，知识库管、安全扫描自动化功能模块

9.13.5 DevSecOps

hunter 中通DevSecOps闭环方案，被动式漏洞扫描器

9.14 运维

9.14.1 流量

Bro
Moloch Large scale, open source, indexed packet capture and search
TCPFlow
TCPDump
WireShark
Argus
PcapPlusPlus
ngrep
cisco joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
impacket is a collection of Python classes for working with network protocols
NFStream a Flexible Network Data Analysis Framework
BruteShark Network Analysis Tool

9.14.2 堡垒机

9.14.3 蜜罐

Dionaea
Modern Honey Network
Cowrie SSH/Telnet蜜罐
honeything IoT蜜罐
ConPot 工控设施蜜罐
MongoDB HoneyProxy
ElasticHoney
DCEPT
Canarytokens
Honeydrive
T-Pot The All In One Honeypot Platform
opencanary
HFish
kippo SSH Honeypot

9.14.4 VPN Install

9.14.5 隧道 / 代理

ngrok
rtcp
Tunna
gost GO Simple Tunnel
reDuh Create a TCP circuit through validly formed HTTP requests
reGeorg pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
Neo-reGeorg Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
ABPTTS TCP tunneling over HTTP/HTTPS for web application servers
frp A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
lanproxy 内网穿透工具
ligolo Reverse Tunneling made easy for pentesters
EarthWorm 是一款用于开启 SOCKS v5 代理服务的工具，基于标准 C 开发，可提供多平台间的转接通讯，用于复杂网络环境下的数据转发。
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
nps a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal

9.14.6 代理链

Netch Support Socks5, Shadowsocks, ShadowsocksR, V2Ray, Trojan proxies. UDP NAT FullCone
proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy

9.14.7 资产管理

BlueKing CMDB 面向资产及应用的企业级配置管理平台
ARL 资产侦察灯塔系统

9.14.7 合规

bombus 合规审计平台

9.14.8 风控

nebula
Liudao
aswan 陌陌风控系统静态规则引擎

9.14.9 SIEM

9.14.10 安全运维

Scout URL 监控系统
OpenDnsdb 基于Python的DNS管理系统

9.14.11 系统监控

netdata Real-time performance monitoring

9.14.12 Windows

Windows Sysinternals

9.15 其他

9.15.1 综合框架

metasploit
w3af
AutoSploit
Nikto
skipfish
Arachni
ZAP
BrupSuite
Spiderfoot
AZScanner
Fuxi
vooki
BadMod
fsociety Hacking Tools Pack
axiom A dynamic infrastructure toolkit for red teamers and bug bounty hunters

9.15.2 验证码

CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.

9.15.3 WebAssembly

9.15.4 混淆

9.15.5 Proxy Pool

9.15.6 Android

DroidSSLUnpinning Android certificate pinning disable tools

9.15.7 其他

AA8j

关注

7
点赞
踩
34

收藏

觉得还不错? 一键收藏
0
评论
【Web安全笔记】之【9.0 工具与资源】

9.0 工具与资源9.1 推荐资源9.1.1 书单1. 前端Web之困白帽子讲Web安全白帽子讲浏览器安全（钱文祥）Web前端黑客技术揭秘XSS跨站脚本攻击剖析与防御SQL注入攻击与防御2. 网络Understanding linux network internalsTCP/IP Architecture, Design, and Implementation in LinuxLinux Kernel Networking: Implementation and Theor
复制链接

扫一扫

专栏目录