文章目录
- 9.0 工具与资源
- 9.1 推荐资源
- 9.2 相关论文
- 9.3 信息收集
- 9.4 社会工程学
- 9.5 模糊测试
- 9.6 漏洞利用/检测
- 9.6.1 数据库注入
- 9.6.2 非结构化数据库注入
- 9.6.3 数据库漏洞利用
- 9.6.4 XSS
- 9.6.5 SSRF
- 9.6.6 模版注入
- 9.6.7 HTTP Request Smuggling
- 9.6.8 命令注入
- 9.6.9 PHP
- 9.6.10 LFI
- 9.6.11 struts
- 9.6.12 CMS
- 9.6.13 Java框架
- 9.6.14 DNS相关漏洞
- 9.6.15 DNS数据提取
- 9.6.16 DNS 隧道
- 9.6.17 DNS Shell
- 9.6.18 XXE
- 9.6.19 反序列化
- 9.6.20 JNDI
- 9.6.21 端口Hack
- 9.6.22 JWT
- 9.6.23 无线
- 9.6.24 中间人攻击
- 9.6.25 DHCP
- 9.6.26 DDoS
- 9.6.27 Shellcode
- 9.6.28 越权
- 9.6.29 利用平台
- 9.6.30 漏洞利用库
- 9.6.31 Windows
- 9.7 近源渗透
- 9.8 Web持久化
- 9.9 横向移动
- 9.10 操作系统持久化
- 9.11 审计工具
- 9.12 防御
- 9.13 安全开发
- 9.14 运维
- 9.15 其他
9.0 工具与资源
9.1 推荐资源
9.1.1 书单
1. 前端
- Web之困
- 白帽子讲Web安全
- 白帽子讲浏览器安全(钱文祥)
- Web前端黑客技术揭秘
- XSS跨站脚本攻击剖析与防御
- SQL注入攻击与防御
2. 网络
- Understanding linux network internals
- TCP/IP Architecture, Design, and Implementation in Linux
- Linux Kernel Networking: Implementation and Theory
- Bulletproof SSL and TLS
- UNIX Network Programming
- TCP / IP 协议详解
3. SEO
- SEO艺术
4. 无线攻防
- 无线网络安全攻防实战
- 无线网络安全攻防实战进阶
- 黑客大揭秘——近源渗透测试(柴坤哲等)
5. Hacking Programming
- Gray Hat Python
6. 社会工程学
- 社会工程:安全体系中的人性漏洞
- 反欺骗的艺术
- 反入侵的艺术
7. 数据安全
- 大数据治理与安全 从理论到开源实践(刘驰等)
- 企业大数据处理 Spark、Druid、Flume与Kafka应用实践(肖冠宇)
- 数据安全 架构设计与实战(郑云文)
8. 机器学习与网络安全
- Web安全深度学习实战(刘焱)
- Web安全机器学习入门(刘焱)
- Web安全之强化学习与GAN(刘焱)
- AI安全之对抗样本入门(兜哥)
9. 安全建设
- 企业安全建设入门——基于开源软件打造企业网络安全 (刘焱)
- 企业安全建设指南——金融行业安全架构与技术实践 (聂君等)
- 大型互联网企业安全架构(石祖文)
- CISSP官方学习指南
- CISSP认证考试指南
- Linux系统安全 纵深防御、安全扫描与入侵检测(胥峰)
10. 综合
- Web安全深度剖析
- 黑客秘笈——渗透测试实用指南
- 黑客攻防技术宝典——web实战篇
9.1.2 WebSite
- https://adsecurity.org/
9.1.3 Blog
- https://www.leavesongs.com/
- https://paper.seebug.org/
- https://xz.aliyun.com/
- https://portswigger.net/blog
- https://www.hackerone.com/blog
9.1.4 Bug Bounty
- https://www.hackerone.com/
- https://bugcrowd.com
- https://www.synack.com/
- https://cobalt.io/
9.1.5 实验环境
1. Web安全相关CTF题目
- https://github.com/orangetw/My-CTF-Web-Challenges
- https://www.ripstech.com/php-security-calendar-2017/
- https://github.com/wonderkun/CTF_web
- https://github.com/CHYbeta/Code-Audit-Challenges
- https://github.com/l4wio/CTF-challenges-by-me
- https://github.com/tsug0d/MyAwesomeWebChallenge
- https://github.com/a0xnirudh/kurukshetra
- http://www.xssed.com/
2. 域实验环境
- Adaz: Active Directory Hunting Lab in Azure
- Detection Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
9.1.6 知识库
1. Awesome 系列
- Awesome CobaltStrike
- Awesome Cybersecurity Blue Team
- Awesome Hacking
- awesome sec talks
- Awesome Security
- awesome web security
- Awesome-Android-Security
2. Bug Hunting
- HowToHunt Tutorials and Things to Do while Hunting Vulnerability
3. Java
- learnjavabug Java安全相关的漏洞和技术demo
4. 红蓝对抗
- atomic red team Small and highly portable detection tests based on MITRE’s ATT&CK
5. 后渗透
9.2 相关论文
9.2.1 论文列表
- PRE-list List of (automatic) protocol reverse engineering tools for network protocols
9.2.2 流量分析
- Plohmann D, Yakdan K, Klatt M, et al. A comprehensive measurement study of domain generating malware[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 263-278.
- Nasr M, Houmansadr A, Mazumdar A. Compressive traffic analysis: A new paradigm for scalable traffic analysis[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2053-2069.
9.2.3 漏洞自动化
- Staicu C A, Pradel M, Livshits B. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS[C]//NDSS. 2018.
- Atlidakis V , Godefroid P , Polishchuk M . REST-ler: Automatic Intelligent REST API Fuzzing[J]. 2018.
- Alhuzali A, Gjomemo R, Eshete B, et al. {NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 377-392.
9.2.4 攻击技巧
- Lekies S, Kotowicz K, Groß S, et al. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1709-1723.
- Papadopoulos P, Ilia P, Polychronakis M, et al. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation[J]. arXiv preprint arXiv:1810.00464, 2018.
9.2.5 攻击检测
- Liu T, Qi Y, Shi L, et al. Locate-then-detect: real-time web attack detection via attention-based deep neural networks[C]//Proceedings of the 28th International Joint Conference on Artificial Intelligence. AAAI Press, 2019: 4725-4731.
9.2.6 隐私
- Klein A, Pinkas B. DNS Cache-Based User Tracking[C]//NDSS. 2019.
9.2.7 指纹
- Hayes J, Danezis G. k-fingerprinting: A robust scalable website fingerprinting technique[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 1187-1203.
- Overdorf R, Juarez M, Acar G, et al. How unique is your. onion?: An analysis of the fingerprintability of tor onion services[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2021-2036.
9.2.8 侧信道
- Rosner N, Kadron I B, Bang L, et al. Profit: Detecting and Quantifying Side Channels in Networked Applications[C]//NDSS. 2019.
9.2.9 认证
- Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? an empirical analysis of single sign-on account hijacking and session management on the web[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 1475-1492.
9.2.10 防护
- Pellegrino G, Johns M, Koch S, et al. Deemon: Detecting CSRF with dynamic analysis and property graphs[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1757-1771.
9.3 信息收集
9.3.1 Whois
9.3.2 网站备案
9.3.3 CDN查询
9.3.4 子域爆破
9.3.5 域名获取
- the art of subdomain enumeration
- sslScrape
- aquatone A Tool for Domain Flyovers
- teemo A Domain Name & Email Address Collection Tool
- DNS DB 历史记录
9.3.6 弱密码爆破
9.3.7 Git信息泄漏
- GitHack By lijiejie
- GitHack By BugScan
- GitTools
- Zen
- dig github history
- gitrob Reconnaissance tool for GitHub organizations
- git secrets
- shhgit Find GitHub secrets in real time
- GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
- x patrol Github leaked patrol
- GitDorker scrape secrets from GitHub through usage of a large repository of dorks
9.3.8 Github监控
- Github Monitor Github Sensitive Information Leakage Monitor
- Github Dorks
- GSIL
- Hawkeye
- gshark
- GitGot
- gitGraber
9.3.9 路径及文件扫描
9.3.10 路径爬虫
- crawlergo A powerful dynamic crawler for web vulnerability scanners
9.3.11 指纹识别
- Wappalyzer
- whatweb
- Wordpress Finger Print
- CMS指纹识别
- JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way
- TideFinger
9.3.12 Waf指纹
9.3.13 端口扫描
- nmap
- zmap
- masscan
- ShodanHat
- RustScan The Modern Port Scanner
- DNS
dnsenum nslookup dig fierce
- SNMP
snmpwalk
9.3.14 DNS数据查询
9.3.15 DNS关联
9.3.16 云服务
9.3.17 数据查询
9.3.18 Password
- Probable Wordlists Wordlists sorted by probability originally created for password generation and testing
- Common User Passwords Profiler
- chrome password grabber
9.3.19 CI信息泄露
- secretz minimizing the large attack surface of Travis CI
9.3.20 个人数据画像
- GHunt Investigate Google Accounts with emails
9.3.21 邮箱收集
9.3.22 其他
9.4 社会工程学
9.4.1 OSINT
9.4.2 社交工具
- SlackPirate Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
- twint An advanced Twitter scraping & OSINT tool
9.4.3 个人搜索
9.4.4 Hacking database
9.4.5 钓鱼
- spoofcheck
- gophish
- SocialFish
- HFish A Most Convenient Honeypot Platform
- blackeye complete Phishing Tool, with 32 templates +1 customizable
- king phisher Phishing Campaign Toolkit
- espoofer An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures
9.4.6 网盘搜索
9.4.7 密码猜测
9.4.8 伪造
- email_hack 基于 Python 伪造电子邮件发件人
9.4.9 综合框架
9.5 模糊测试
9.5.1 Web Fuzz
- wfuzz
- SecLists
- fuzzdb
- foospidy payloads
- ffuf Fast web fuzzer written in Go
9.5.2 XSS Payloads
9.5.3 Burp插件
- BurpBounty Scan Check Builder
- BurpShiroPassiveScan
- IntruderPayloads A collection of Burpsuite Intruder payloads
9.5.4 字典
- Blasting dictionary
- pydictor A powerful and useful hacker dictionary builder for a brute-force attack
- fuzzDicts Web Pentesting Fuzz 字典
- bruteforce lists
- CT subdomains
- PentesterSpecialDict 渗透测试人员专用精简化字典
9.5.5 Unicode Fuzz
9.5.6 WAF Bypass
9.6 漏洞利用/检测
9.6.1 数据库注入
9.6.2 非结构化数据库注入
9.6.3 数据库漏洞利用
- mysql unsha1
- ODAT Oracle Database Attacking Tool
9.6.4 XSS
- BeEF
- XSS Reciver
- DSXS
- XSStrike
- xsssniper
- tracy
- xsleaks A collection of browser-based side channel attack vectors
9.6.5 SSRF
9.6.6 模版注入
9.6.7 HTTP Request Smuggling
- smuggler An HTTP Request Smuggling / Desync testing tool written in Python
- h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
9.6.8 命令注入
9.6.9 PHP
- Chankro Herramienta para evadir disable_functions y open_basedir
9.6.10 LFI
9.6.11 struts
9.6.12 CMS
- Joomla Vulnerability Scanner
- Drupal enumeration & exploitation tool
- Wordpress Vulnerability Scanner
- TPscan 一键ThinkPHP漏洞检测
- dedecmscan 织梦全版本漏洞扫描
9.6.13 Java框架
- ShiroScan Shiro<=1.2.4反序列化检测工具
- fastjson rce tool fastjson命令执行利用工具
9.6.14 DNS相关漏洞
- dnsAutoRebinding
- AngelSword
- Subdomain TakeOver
- mpDNS
- JudasDNS Nameserver DNS poisoning
- singularity A DNS rebinding attack framework by NGC Group
9.6.15 DNS数据提取
- dnsteal
- DNSExfiltrator
- dns exfiltration by krmaxwell
- dns exfiltration by coryschwartz
- requestbin for dns
9.6.16 DNS 隧道
9.6.17 DNS Shell
9.6.18 XXE
- XXEinjector
- XXER
- DTD Finder List DTDs and generate XXE payloads using those local DTDs
9.6.19 反序列化
- ysoserial
- JRE8u20 RCE Gadget
- Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form
- marshalsec Java Unmarshaller Security - Turning your data into code execution
- gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications
9.6.20 JNDI
- Rogue JNDI A malicious LDAP server for JNDI injection attacks
9.6.21 端口Hack
9.6.22 JWT
9.6.23 无线
9.6.24 中间人攻击
- mitmproxy
- MITMf
- ssh mitm
- injectify
- Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
- bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks
9.6.25 DHCP
9.6.26 DDoS
9.6.27 Shellcode
- go shellcode A repository of Windows Shellcode runners and supporting utilities
9.6.28 越权
9.6.29 利用平台
9.6.30 漏洞利用库
- Penetration Testing POC
- thc ipv6 IPv6 attack toolkit
9.6.31 Windows
- PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients
9.7 近源渗透
9.7.1 Bad USB
- WiFiDuck Keystroke injection attack plattform
- BadUSB code badusb的一些利用方式及代码
- WHID WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids
- BadUSB cable based on Attiny85 microcontroller
- USB Rubber Ducky
9.7.2 wifi
9.7.3 无线
- hackrf low cost software radio platform
9.8 Web持久化
9.8.1 WebShell管理工具
- 菜刀
- antSword
- 冰蝎 动态二进制加密网站管理客户端
- weevely3 Weaponized web shell
- Altman the cross platform webshell tool in .NET
- Webshell Sniper Manage your website via terminal
- quasibot complex webshell manager, quasi-http botnet
9.8.2 WebShell
- webshell
- PHP backdoors
- php bash - semi-interactive web shell
- Python RSA Encrypted Shell
- b374k - PHP WebShell Custom Tool
- JSP Webshells
- MemShellDemo
9.8.3 Web后门
- pwnginx
- Apache backdoor
- SharpGen .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries
- IIS-Raid A native backdoor module for Microsoft IIS
9.9 横向移动
9.9.1 域
- adidnsdump Active Directory Integrated DNS dump tool
- BloodHound Six Degrees of Domain Admin
- windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
- ldapdomaindump Active Directory information dumper via LDAP
- Kerberoast a series of tools for attacking MS Kerberos implementations
- ADRecon Active Directory Recon
9.9.2 Azure AD
- ROADtools Azure AD exploration framework
9.9.3 Exchange
- ruler A tool to abuse Exchange services
- MailSniper
- PrivExchange Exchange your privileges for Domain Admin privs by abusing Exchange
9.9.4 PowerShell
9.9.5 内网信息收集
- SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable
- WinShareEnum Windows Share Enumerator
- HackBrowserData 全平台的浏览器数据导出工具
9.9.6 Kerberos
9.9.7 自动化审计
- Infection Monkey Data center Security Testing Tool
9.10 操作系统持久化
9.10.1 Windows
1. 凭证获取
- mimikatz
- RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking
- quarkspwdump Dump various types of Windows credentials without injecting in any process
- SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality
2. 权限提升
- WindowsExploits
- GTFOBins Curated list of Unix binaries that can be exploited to bypass system security restrictions
- JAWS Just Another Windows (Enum) Script
3. UAC Bypass
- WinPwnage UAC bypass, Elevate, Persistence and Execution methods
- UACME Defeating Windows User Account Control
- UAC Bypass In The Wild
4. 免杀
- SigThief Stealing Signatures and Making One Invalid Signature at a Time
5. C2
- SharpSploit .NET post-exploitation library written in C#
- Koadic is a Windows post-exploitation rootkit
6. 隐藏
- ProcessHider Post-exploitation tool for hiding processes from monitoring applications
- Invoke Phant0m Windows Event Log Killer
- EventCleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities
7. 伪造
- parent PID spoofing Scripts for performing and detecting parent PID spoofing
- GetSystem This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.
8. 综合工具
- Nishang Offensive PowerShell for red team, penetration testing and offensive security
9.10.2 Linux
1. 权限提升
- linux exploit suggester
- LinEnum Scripted Local Linux Enumeration & Privilege Escalation Checks
- AutoLocalPrivilegeEscalation
2. rootkit
3. 后门
9.10.3 综合
1. 凭证获取
- sshLooterC program to steal passwords from ssh
- keychaindump A proof-of-concept tool for reading OS X keychain passwords
- LaZagne Credentials recovery project
2. 权限提升
- BeRoot Privilege Escalation Project - Windows / Linux / Mac
3. RAT
4. C2
5. DNS Shell
- DNS Shell DNS-Shell is an interactive Shell over DNS channel
- Reverse DNS Shell A python reverse shell that uses DNS as the c2 channel
6. Cobalt Strike
- Cobalt Strike
- CrossC2 generate CobaltStrike’s cross-platform payload
- Cobalt Strike Aggressor Scripts
7. 日志清除
- Log killer Clear all logs in [linux/windows] servers
8. Botnet
- byob Build Your Own Botnet
9. 免杀工具
- AV Evasion Tool 掩日 - 免杀执行器生成工具
- DKMC Dont kill my cat - Malicious payload evasion tool
9.11 审计工具
9.11.1 通用
- Cobra
- Semmle QL
- Sourcetrail free and open-source cross-platform source explorer
- trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
- fortify
9.11.2PHP
- RIPS
- prvd
- phpvulhunter
- chip a simple tool to detect potential security threat in php code
9.11.3 Python
9.11.4 Java
- find sec bugs
- Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications
9.11.5 JavaScript
9.11.6 供应链
- Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components
9.12 防御
9.12.1 日志检查
9.12.2 终端监控
- attack monitor Endpoint detection & Malware analysis software
- artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
- yurita Anomaly detection framework @ PayPal
- crowdsec An open-source, lightweight agent to detect and respond to bad behaviours
9.12.3 XSS防护
9.12.4 配置检查
- Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.
- gixy Nginx 配置检查工具
- dockerscan Docker security analysis & hacking tools
9.12.5 安全检查
9.12.6 IDS
9.12.7 SIEM
- panther Detect threats with log data and improve cloud security posture
9.12.8 威胁情报
9.12.9 APT
9.12.10 入侵检查
9.12.11 进程查看
9.12.12 Waf
9.12.13 病毒在线查杀
9.12.14 WebShell查杀
9.12.15 规则 / IoC
- malware ioc
- fireeye public iocs
- signature base
- yara rules
- capa rules standard collection of rules for capa
- AttackDetection Suricata PT Open Ruleset
- DailyIOC IOC from articles, tweets for archives
9.12.16 内存取证
9.12.17 Security Advisories
- Apache httpd Security Advisories
- Apache Solr
- Apache Tomcat
- Jetty Security Reports
- Nginx Security Advisories
- OpenSSL
9.12.18 Security Tracker
9.12.19 匹配工具
- yara The pattern matching swiss knife
- capa The FLARE team’s open-source tool to identify capabilities in executable files.
9.13 安全开发
9.13.1 风险控制
- aswan 陌陌风控系统静态规则引擎
9.13.2 静态分析
- PHP CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards
9.13.3 安全编码规范
9.13.4 漏洞管理
- SRCMS
- 洞察 宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台
- xunfeng 适用于企业内网的漏洞快速应急,巡航扫描系统
- DefectDojo an open-source application vulnerability correlation and security orchestration tool
- Fuxi Scanner Penetration Testing Platform
- SeMF 企业内网安全管理平台,包含资产管理,漏洞管理,账号管理,知识库管、安全扫描自动化功能模块
9.13.5 DevSecOps
- hunter 中通DevSecOps闭环方案,被动式漏洞扫描器
9.14 运维
9.14.1 流量
- Bro
- Moloch Large scale, open source, indexed packet capture and search
- TCPFlow
- TCPDump
- WireShark
- Argus
- PcapPlusPlus
- ngrep
- cisco joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
- impacket is a collection of Python classes for working with network protocols
- NFStream a Flexible Network Data Analysis Framework
- BruteShark Network Analysis Tool
9.14.2 堡垒机
9.14.3 蜜罐
- Dionaea
- Modern Honey Network
- Cowrie SSH/Telnet蜜罐
- honeything IoT蜜罐
- ConPot 工控设施蜜罐
- MongoDB HoneyProxy
- ElasticHoney
- DCEPT
- Canarytokens
- Honeydrive
- T-Pot The All In One Honeypot Platform
- opencanary
- HFish
- kippo SSH Honeypot
9.14.4 VPN Install
9.14.5 隧道 / 代理
- ngrok
- rtcp
- Tunna
- gost GO Simple Tunnel
- reDuh Create a TCP circuit through validly formed HTTP requests
- reGeorg pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
- Neo-reGeorg Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
- ABPTTS TCP tunneling over HTTP/HTTPS for web application servers
- frp A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
- lanproxy 内网穿透工具
- ligolo Reverse Tunneling made easy for pentesters
- EarthWorm 是一款用于开启 SOCKS v5 代理服务的工具,基于标准 C 开发,可提供多平台间的转接通讯,用于复杂网络环境下的数据转发。
- Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
- mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
- nps a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal
9.14.6 代理链
- Netch Support Socks5, Shadowsocks, ShadowsocksR, V2Ray, Trojan proxies. UDP NAT FullCone
- proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy
9.14.7 资产管理
- BlueKing CMDB 面向资产及应用的企业级配置管理平台
- ARL 资产侦察灯塔系统
9.14.7 合规
- bombus 合规审计平台
9.14.8 风控
9.14.9 SIEM
9.14.10 安全运维
9.14.11 系统监控
- netdata Real-time performance monitoring
9.14.12 Windows
9.15 其他
9.15.1 综合框架
- metasploit
- w3af
- AutoSploit
- Nikto
- skipfish
- Arachni
- ZAP
- BrupSuite
- Spiderfoot
- AZScanner
- Fuxi
- vooki
- BadMod
- fsociety Hacking Tools Pack
- axiom A dynamic infrastructure toolkit for red teamers and bug bounty hunters
9.15.2 验证码
- CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.
9.15.3 WebAssembly
9.15.4 混淆
9.15.5 Proxy Pool
9.15.6 Android
- DroidSSLUnpinning Android certificate pinning disable tools