【Web安全笔记】之【9.0 工具与资源】

文章目录

9.0 工具与资源

9.1 推荐资源

9.1.1 书单

1. 前端

  • Web之困
  • 白帽子讲Web安全
  • 白帽子讲浏览器安全(钱文祥)
  • Web前端黑客技术揭秘
  • XSS跨站脚本攻击剖析与防御
  • SQL注入攻击与防御

2. 网络

  • Understanding linux network internals
  • TCP/IP Architecture, Design, and Implementation in Linux
  • Linux Kernel Networking: Implementation and Theory
  • Bulletproof SSL and TLS
  • UNIX Network Programming
  • TCP / IP 协议详解

3. SEO

  • SEO艺术

4. 无线攻防

  • 无线网络安全攻防实战
  • 无线网络安全攻防实战进阶
  • 黑客大揭秘——近源渗透测试(柴坤哲等)

5. Hacking Programming

  • Gray Hat Python

6. 社会工程学

  • 社会工程:安全体系中的人性漏洞
  • 反欺骗的艺术
  • 反入侵的艺术

7. 数据安全

  • 大数据治理与安全 从理论到开源实践(刘驰等)
  • 企业大数据处理 Spark、Druid、Flume与Kafka应用实践(肖冠宇)
  • 数据安全 架构设计与实战(郑云文)

8. 机器学习与网络安全

  • Web安全深度学习实战(刘焱)
  • Web安全机器学习入门(刘焱)
  • Web安全之强化学习与GAN(刘焱)
  • AI安全之对抗样本入门(兜哥)

9. 安全建设

  • 企业安全建设入门——基于开源软件打造企业网络安全 (刘焱)
  • 企业安全建设指南——金融行业安全架构与技术实践 (聂君等)
  • 大型互联网企业安全架构(石祖文)
  • CISSP官方学习指南
  • CISSP认证考试指南
  • Linux系统安全 纵深防御、安全扫描与入侵检测(胥峰)

10. 综合

  • Web安全深度剖析
  • 黑客秘笈——渗透测试实用指南
  • 黑客攻防技术宝典——web实战篇

9.1.2 WebSite

  • https://adsecurity.org/

9.1.3 Blog

  • https://www.leavesongs.com/
  • https://paper.seebug.org/
  • https://xz.aliyun.com/
  • https://portswigger.net/blog
  • https://www.hackerone.com/blog

9.1.4 Bug Bounty

  • https://www.hackerone.com/
  • https://bugcrowd.com
  • https://www.synack.com/
  • https://cobalt.io/

9.1.5 实验环境

1. Web安全相关CTF题目

  • https://github.com/orangetw/My-CTF-Web-Challenges
  • https://www.ripstech.com/php-security-calendar-2017/
  • https://github.com/wonderkun/CTF_web
  • https://github.com/CHYbeta/Code-Audit-Challenges
  • https://github.com/l4wio/CTF-challenges-by-me
  • https://github.com/tsug0d/MyAwesomeWebChallenge
  • https://github.com/a0xnirudh/kurukshetra
  • http://www.xssed.com/

2. 域实验环境

  • Adaz: Active Directory Hunting Lab in Azure
  • Detection Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

9.1.6 知识库

1. Awesome 系列

2. Bug Hunting

  • HowToHunt Tutorials and Things to Do while Hunting Vulnerability

3. Java

4. 红蓝对抗

  • atomic red team Small and highly portable detection tests based on MITRE’s ATT&CK

5. 后渗透

9.2 相关论文

9.2.1 论文列表

  • PRE-list List of (automatic) protocol reverse engineering tools for network protocols

9.2.2 流量分析

  • Plohmann D, Yakdan K, Klatt M, et al. A comprehensive measurement study of domain generating malware[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 263-278.
  • Nasr M, Houmansadr A, Mazumdar A. Compressive traffic analysis: A new paradigm for scalable traffic analysis[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2053-2069.

9.2.3 漏洞自动化

  • Staicu C A, Pradel M, Livshits B. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS[C]//NDSS. 2018.
  • Atlidakis V , Godefroid P , Polishchuk M . REST-ler: Automatic Intelligent REST API Fuzzing[J]. 2018.
  • Alhuzali A, Gjomemo R, Eshete B, et al. {NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 377-392.

9.2.4 攻击技巧

  • Lekies S, Kotowicz K, Groß S, et al. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1709-1723.
  • Papadopoulos P, Ilia P, Polychronakis M, et al. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation[J]. arXiv preprint arXiv:1810.00464, 2018.

9.2.5 攻击检测

  • Liu T, Qi Y, Shi L, et al. Locate-then-detect: real-time web attack detection via attention-based deep neural networks[C]//Proceedings of the 28th International Joint Conference on Artificial Intelligence. AAAI Press, 2019: 4725-4731.

9.2.6 隐私

  • Klein A, Pinkas B. DNS Cache-Based User Tracking[C]//NDSS. 2019.

9.2.7 指纹

  • Hayes J, Danezis G. k-fingerprinting: A robust scalable website fingerprinting technique[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 1187-1203.
  • Overdorf R, Juarez M, Acar G, et al. How unique is your. onion?: An analysis of the fingerprintability of tor onion services[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2021-2036.

9.2.8 侧信道

  • Rosner N, Kadron I B, Bang L, et al. Profit: Detecting and Quantifying Side Channels in Networked Applications[C]//NDSS. 2019.

9.2.9 认证

  • Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? an empirical analysis of single sign-on account hijacking and session management on the web[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 1475-1492.

9.2.10 防护

  • Pellegrino G, Johns M, Koch S, et al. Deemon: Detecting CSRF with dynamic analysis and property graphs[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1757-1771.

9.3 信息收集

9.3.1 Whois

9.3.2 网站备案

9.3.3 CDN查询

9.3.4 子域爆破

9.3.5 域名获取

9.3.6 弱密码爆破

9.3.7 Git信息泄漏

9.3.8 Github监控

9.3.9 路径及文件扫描

9.3.10 路径爬虫

  • crawlergo A powerful dynamic crawler for web vulnerability scanners

9.3.11 指纹识别

9.3.12 Waf指纹

9.3.13 端口扫描

9.3.14 DNS数据查询

9.3.15 DNS关联

9.3.16 云服务

9.3.17 数据查询

9.3.18 Password

9.3.19 CI信息泄露

  • secretz minimizing the large attack surface of Travis CI

9.3.20 个人数据画像

  • GHunt Investigate Google Accounts with emails

9.3.21 邮箱收集

9.3.22 其他

9.4 社会工程学

9.4.1 OSINT

9.4.2 社交工具

  • SlackPirate Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
  • twint An advanced Twitter scraping & OSINT tool

9.4.3 个人搜索

9.4.4 Hacking database

9.4.5 钓鱼

9.4.6 网盘搜索

9.4.7 密码猜测

  • OMEN Ordered Markov ENumerator - Password Guesser
  • genpAss

9.4.8 伪造

  • email_hack 基于 Python 伪造电子邮件发件人

9.4.9 综合框架

9.5 模糊测试

9.5.1 Web Fuzz

9.5.2 XSS Payloads

9.5.3 Burp插件

9.5.4 字典

9.5.5 Unicode Fuzz

9.5.6 WAF Bypass

9.6 漏洞利用/检测

9.6.1 数据库注入

9.6.2 非结构化数据库注入

9.6.3 数据库漏洞利用

9.6.4 XSS

9.6.5 SSRF

9.6.6 模版注入

9.6.7 HTTP Request Smuggling

  • smuggler An HTTP Request Smuggling / Desync testing tool written in Python
  • h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

9.6.8 命令注入

9.6.9 PHP

  • Chankro Herramienta para evadir disable_functions y open_basedir

9.6.10 LFI

9.6.11 struts

9.6.12 CMS

9.6.13 Java框架

9.6.14 DNS相关漏洞

9.6.15 DNS数据提取

9.6.16 DNS 隧道

9.6.17 DNS Shell

9.6.18 XXE

9.6.19 反序列化

9.6.20 JNDI

  • Rogue JNDI A malicious LDAP server for JNDI injection attacks

9.6.21 端口Hack

9.6.22 JWT

9.6.23 无线

9.6.24 中间人攻击

  • mitmproxy
  • MITMf
  • ssh mitm
  • injectify
  • Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
  • toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
  • bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks

9.6.25 DHCP

9.6.26 DDoS

9.6.27 Shellcode

  • go shellcode A repository of Windows Shellcode runners and supporting utilities

9.6.28 越权

9.6.29 利用平台

  • DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具
  • LuWu 红队基础设施自动化部署工具

9.6.30 漏洞利用库

9.6.31 Windows

  • PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients

9.7 近源渗透

9.7.1 Bad USB

9.7.2 wifi

9.7.3 无线

  • hackrf low cost software radio platform

9.8 Web持久化

9.8.1 WebShell管理工具

9.8.2 WebShell

9.8.3 Web后门

  • pwnginx
  • Apache backdoor
  • SharpGen .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries
  • IIS-Raid A native backdoor module for Microsoft IIS

9.9 横向移动

9.9.1 域

  • adidnsdump Active Directory Integrated DNS dump tool
  • BloodHound Six Degrees of Domain Admin
  • windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
  • ldapdomaindump Active Directory information dumper via LDAP
  • Kerberoast a series of tools for attacking MS Kerberos implementations
  • ADRecon Active Directory Recon

9.9.2 Azure AD

9.9.3 Exchange

9.9.4 PowerShell

9.9.5 内网信息收集

  • SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable
  • WinShareEnum Windows Share Enumerator
  • HackBrowserData 全平台的浏览器数据导出工具

9.9.6 Kerberos

9.9.7 自动化审计

9.10 操作系统持久化

9.10.1 Windows

1. 凭证获取

  • mimikatz
  • RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking
  • quarkspwdump Dump various types of Windows credentials without injecting in any process
  • SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality

2. 权限提升

  • WindowsExploits
  • GTFOBins Curated list of Unix binaries that can be exploited to bypass system security restrictions
  • JAWS Just Another Windows (Enum) Script

3. UAC Bypass

4. 免杀

  • SigThief Stealing Signatures and Making One Invalid Signature at a Time

5. C2

  • SharpSploit .NET post-exploitation library written in C#
  • Koadic is a Windows post-exploitation rootkit

6. 隐藏

  • ProcessHider Post-exploitation tool for hiding processes from monitoring applications
  • Invoke Phant0m Windows Event Log Killer
  • EventCleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities

7. 伪造

  • parent PID spoofing Scripts for performing and detecting parent PID spoofing
  • GetSystem This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.

8. 综合工具

  • Nishang Offensive PowerShell for red team, penetration testing and offensive security

9.10.2 Linux

1. 权限提升

2. rootkit

3. 后门

  • prism is an user space stealth reverse shell backdoor
  • icmpsh Simple reverse ICMP shell

9.10.3 综合

1. 凭证获取

  • sshLooterC program to steal passwords from ssh
  • keychaindump A proof-of-concept tool for reading OS X keychain passwords
  • LaZagne Credentials recovery project

2. 权限提升

  • BeRoot Privilege Escalation Project - Windows / Linux / Mac

3. RAT

4. C2

5. DNS Shell

  • DNS Shell DNS-Shell is an interactive Shell over DNS channel
  • Reverse DNS Shell A python reverse shell that uses DNS as the c2 channel

6. Cobalt Strike

7. 日志清除

  • Log killer Clear all logs in [linux/windows] servers

8. Botnet

  • byob Build Your Own Botnet

9. 免杀工具

  • AV Evasion Tool 掩日 - 免杀执行器生成工具
  • DKMC Dont kill my cat - Malicious payload evasion tool

9.11 审计工具

9.11.1 通用

9.11.2PHP

9.11.3 Python

9.11.4 Java

9.11.5 JavaScript

9.11.6 供应链

  • Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components

9.12 防御

9.12.1 日志检查

9.12.2 终端监控

  • attack monitor Endpoint detection & Malware analysis software
  • artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
  • yurita Anomaly detection framework @ PayPal
  • crowdsec An open-source, lightweight agent to detect and respond to bad behaviours

9.12.3 XSS防护

9.12.4 配置检查

  • Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.
  • gixy Nginx 配置检查工具
  • dockerscan Docker security analysis & hacking tools

9.12.5 安全检查

9.12.6 IDS

9.12.7 SIEM

  • panther Detect threats with log data and improve cloud security posture

9.12.8 威胁情报

9.12.9 APT

9.12.10 入侵检查

9.12.11 进程查看

9.12.12 Waf

9.12.13 病毒在线查杀

9.12.14 WebShell查杀

9.12.15 规则 / IoC

9.12.16 内存取证

9.12.17 Security Advisories

9.12.18 Security Tracker

9.12.19 匹配工具

  • yara The pattern matching swiss knife
  • capa The FLARE team’s open-source tool to identify capabilities in executable files.

9.13 安全开发

9.13.1 风险控制

  • aswan 陌陌风控系统静态规则引擎

9.13.2 静态分析

  • PHP CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards

9.13.3 安全编码规范

9.13.4 漏洞管理

  • SRCMS
  • 洞察 宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台
  • xunfeng 适用于企业内网的漏洞快速应急,巡航扫描系统
  • DefectDojo an open-source application vulnerability correlation and security orchestration tool
  • Fuxi Scanner Penetration Testing Platform
  • SeMF 企业内网安全管理平台,包含资产管理,漏洞管理,账号管理,知识库管、安全扫描自动化功能模块

9.13.5 DevSecOps

  • hunter 中通DevSecOps闭环方案,被动式漏洞扫描器

9.14 运维

9.14.1 流量

9.14.2 堡垒机

9.14.3 蜜罐

9.14.4 VPN Install

9.14.5 隧道 / 代理

  • ngrok
  • rtcp
  • Tunna
  • gost GO Simple Tunnel
  • reDuh Create a TCP circuit through validly formed HTTP requests
  • reGeorg pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
  • Neo-reGeorg Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
  • ABPTTS TCP tunneling over HTTP/HTTPS for web application servers
  • frp A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
  • lanproxy 内网穿透工具
  • ligolo Reverse Tunneling made easy for pentesters
  • EarthWorm 是一款用于开启 SOCKS v5 代理服务的工具,基于标准 C 开发,可提供多平台间的转接通讯,用于复杂网络环境下的数据转发。
  • Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
  • mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
  • nps a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal

9.14.6 代理链

  • Netch Support Socks5, Shadowsocks, ShadowsocksR, V2Ray, Trojan proxies. UDP NAT FullCone
  • proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy

9.14.7 资产管理

  • BlueKing CMDB 面向资产及应用的企业级配置管理平台
  • ARL 资产侦察灯塔系统

9.14.7 合规

9.14.8 风控

9.14.9 SIEM

9.14.10 安全运维

9.14.11 系统监控

  • netdata Real-time performance monitoring

9.14.12 Windows

9.15 其他

9.15.1 综合框架

9.15.2 验证码

  • CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.

9.15.3 WebAssembly

9.15.4 混淆

9.15.5 Proxy Pool

9.15.6 Android

9.15.7 其他

参与评论 您还未登录,请先 登录 后发表或查看评论
相关推荐

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
©️2022 CSDN 皮肤主题:黑客帝国 设计师:我叫白小胖 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值