Attack Strings: http://code.google.com/p/fuzzdb/http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements Shells: http://sourceforge.net/projects/yokoso/http://sourceforge.net/projects/ajaxshell/ Scanners: http://w3af.sourceforge.net/http://code.google.com/p/skipfish/http://sqlmap.sourceforge.net/http://sqid.rubyforge.org/#nexthttp://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txthttp://code.google.com/p/fimap/wiki/WindowsAttackhttp://code.google.com/p/fm-fsf/ Proxies: Burp: http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/http://sourceforge.net/projects/belch/files/http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-toolshttp://blog.ombrepixel.com/http://andlabs.org/tools.html#dserhttp://feoh.tistory.com/22 http://www.sensepost.com/labs/tools/pentest/reduhhttp://www.owasp.org/index.php/OWASP_WebScarab_NG_Projecthttp://intrepidusgroup.com/insight/mallory/http://www.fiddler2.com/fiddler2/http://websecuritytool.codeplex.com/documentation?referringTitle=Homehttp://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1 Social Engineering: http://www.secmaniac.com/ Password: http://nmap.org/ncrack/http://www.foofus.net/~jmk/medusa/medusa.htmlhttp://www.openwall.com/john/http://ophcrack.sourceforge.net/http://blog.0x3f.net/tool/keimpx-in-action/http://code.google.com/p/keimpx/http://sourceforge.net/projects/hashkill/ Metasploit: http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.htmlhttp://code.google.com/p/msf-hack/wiki/WmapNiktohttp://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.htmlhttp://seclists.org/metasploit/http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.htmlhttp://meterpreter.illegalguy.hostzi.com/http://blog.metasploit.com/2010/03/automating-metasploit-console.htmlhttp://www.workrobot.com/sansfire2009/561.htmlhttp://www.securitytube.net/video/711http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#downloadhttp://vimeo.com/16852783http://milo2012.wordpress.com/2009/09/27/xlsinjector/http://www.fastandeasyhacking.com/http://trac.happypacket.net/http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf MSF Exploits or Easy: http://www.nessus.org/plugins/index.php?view=single&id=12204http://www.nessus.org/plugins/index.php?view=single&id=11413http://www.nessus.org/plugins/index.php?view=single&id=18021http://www.nessus.org/plugins/index.php?view=single&id=26918http://www.nessus.org/plugins/index.php?view=single&id=34821http://www.nessus.org/plugins/index.php?view=single&id=22194http://www.nessus.org/plugins/index.php?view=single&id=34476http://www.nessus.org/plugins/index.php?view=single&id=25168http://www.nessus.org/plugins/index.php?view=single&id=19408http://www.nessus.org/plugins/index.php?view=single&id=21564http://www.nessus.org/plugins/index.php?view=single&id=10862http://www.nessus.org/plugins/index.php?view=single&id=26925http://www.nessus.org/plugins/index.php?view=single&id=29314http://www.nessus.org/plugins/index.php?view=single&id=23643http://www.nessus.org/plugins/index.php?view=single&id=12052http://www.nessus.org/plugins/index.php?view=single&id=12052http://www.nessus.org/plugins/index.php?view=single&id=34477http://www.nessus.org/plugins/index.php?view=single&id=15962http://www.nessus.org/plugins/index.php?view=single&id=42106http://www.nessus.org/plugins/index.php?view=single&id=15456http://www.nessus.org/plugins/index.php?view=single&id=21689http://www.nessus.org/plugins/index.php?view=single&id=12205http://www.nessus.org/plugins/index.php?view=single&id=22182http://www.nessus.org/plugins/index.php?view=single&id=26919http://www.nessus.org/plugins/index.php?view=single&id=26921http://www.nessus.org/plugins/index.php?view=single&id=21696http://www.nessus.org/plugins/index.php?view=single&id=40887http://www.nessus.org/plugins/index.php?view=single&id=10404http://www.nessus.org/plugins/index.php?view=single&id=18027http://www.nessus.org/plugins/index.php?view=single&id=19402http://www.nessus.org/plugins/index.php?view=single&id=11790http://www.nessus.org/plugins/index.php?view=single&id=12209http://www.nessus.org/plugins/index.php?view=single&id=10673 NSE: http://www.securitytube.net/video/931http://nmap.org/nsedoc/ Net Scanners and Scripts: http://nmap.org/http://asturio.gmxhome.de/software/sambascan2/i.htmlhttp://www.softperfect.com/products/networkscanner/http://www.openvas.org/http://tenable.com/products/nessushttp://www.rapid7.com/vulnerability-scanner.jsphttp://www.eeye.com/products/retina/community Post Exploitation: http://www.awarenetwork.org/home/rattle/source/python/exe2bat.pyhttp://www.phx2600.org/archive/2008/08/29/metacab/ Netcat: http://readlist.com/lists/insecure.org/nmap-dev/1/7779.htmlhttp://www.radarhack.com/tutorial/ads.pdfhttp://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdfhttp://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdfhttp://www.dest-unreach.org/socat/http://www.antionline.com/archive/index.php/t-230603.htmlhttp://technotales.wordpress.com/2009/06/14/netcat-tricks/http://seclists.org/nmap-dev/2009/q1/581http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdfhttp://gse-compliance.blogspot.com/2008/07/netcat.html Source Inspection: http://www.justanotherhacker.com/projects/graudit.htmlhttp://code.google.com/p/javasnoop/ Firefox Addons: https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8https://addons.mozilla.org/en-US/firefox/addon/osvdb/https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/https://addons.mozilla.org/en-US/firefox/addon/hackbar/ Tool Listings: http://packetstormsecurity.org/files/tags/toolhttp://tools.securitytube.net/index.php?title=Main_Page Training/Classes: Sec/Hacking: http://pentest.cryptocity.net/http://www.irongeek.com/i.php?page=videos/network-sniffers-classhttp://samsclass.info/124/124_Sum09.shtmlhttp://www.cs.ucsb.edu/~vigna/courses/cs279/http://crypto.stanford.edu/cs142/http://crypto.stanford.edu/cs155/http://cseweb.ucsd.edu/classes/wi09/cse227/http://www-inst.eecs.berkeley.edu/~cs161/sp11/http://security.ucla.edu/pages/Security_Talkshttp://www.cs.rpi.edu/academics/courses/spring10/csci4971/http://cr.yp.to/2004-494.htmlhttp://www.ece.cmu.edu/~dbrumley/courses/18732-f09/https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennothttp://stuff.mit.edu/iap/2009/#websecurity Metasploit: http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Traininghttp://www.irongeek.com/i.php?page=videos/metasploit-classhttp://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/http://vimeo.com/16925188http://www.ustream.tv/recorded/13396511http://www.ustream.tv/recorded/13397426http://www.ustream.tv/recorded/13398740 Programming: Python: http://code.google.com/edu/languages/google-python-class/index.htmlhttp://www.swaroopch.com/notes/Python_en:Table_of_Contentshttp://www.thenewboston.com/?cat=40&pOpen=tutorialhttp://showmedo.com/videotutorials/pythonhttp://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/ Ruby: http://www.tekniqal.com/ Other Misc: http://www.cs.sjtu.edu.cn/~kzhu/cs490/https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/http://resources.infosecinstitute.com/http://vimeo.com/user2720399 Web Vectors SQLi: http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/http://isc.sans.edu/diary.html?storyid=9397http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/http://www.evilsql.com/main/index.phphttp://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.htmlhttp://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injectionshttp://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/http://sqlzoo.net/hack/http://www.sqlteam.com/article/sql-server-versionshttp://www.krazl.com/blog/?p=3http://www.owasp.org/index.php/Testing_for_MS_Accesshttp://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.htmlhttp://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.htmlhttp://www.youtube.com/watch?v=WkHkryIoLD0http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdfhttp://vimeo.com/3418947http://sla.ckers.org/forum/read.php?24,33903http://websec.files.wordpress.com/2010/11/sqli2.pdfhttp://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/http://ha.ckers.org/sqlinjection/http://lab.mediaservice.net/notes_more.php?id=MSSQL Upload Tricks: http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.htmlhttp://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/http://www.ravenphpscripts.com/article2974.htmlhttp://www.acunetix.com/cross-site-scripting/scanner.htmhttp://www.vupen.com/english/advisories/2009/3634http://msdn.microsoft.com/en-us/library/aa478971.aspxhttp://dev.tangocms.org/issues/237http://seclists.org/fulldisclosure/2006/Jun/508http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.htmlhttp://shsc.info/FileUploadSecurity LFI/RFI: http://pastie.org/840199http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitterhttp://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/http://www.digininja.org/blog/when_all_you_can_do_is_read.php XSS: http://www.infosecwriters.com/hhworld/hh8/csstut.htmhttp://www.technicalinfo.net/papers/CSS.htmlhttp://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspxhttp://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.htmlhttps://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdfhttp://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.htmlhttp://www.securityaegis.com/filter-evasion-houdini-on-the-wire/http://heideri.ch/jso/#javascripthttp://www.reddit.com/r/xss/http://sla.ckers.org/forum/list.php?2 Coldfusion: http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/http://zastita.com/02114/Attacking_ColdFusion..htmlhttp://www.nosec.org/2010/0809/629.htmlhttp://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf Sharepoint: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678 Lotus: http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Securityhttp://seclists.org/pen-test/2002/Nov/43http://www.sectechno.com/2010/07/12/hacking-lotus-domino/? JBoss: http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdfhttp://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html VMWare Web: http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav Oracle App Servers: http://www.hideaway.net/2007/07/hacking-oracle-application-servers.htmlhttp://www.owasp.org/index.php/Testing_for_Oraclehttp://www.ngssoftware.com/services/software-products/internet-security/orascan.aspxhttp://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspxhttp://www.ngssoftware.com/papers/hpoas.pdf SAP: http://www.onapsis.com/research.html#bizploithttp://marc.info/?l=john-users&m=121444075820309&w=2http://www.phenoelit-us.org/whatSAP/index.html Wireless: http://code.google.com/p/pyrit/ Capture the Flag/Wargames: http://intruded.net/http://smashthestack.org/http://flack.hkpco.kr/http://ctf.hcesperer.org/http://ictf.cs.ucsb.edu/http://capture.thefl.ag/calendar/ Conferences: https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK Misc/Unsorted: http://www.ikkisoft.com/stuff/SMH_XSS.txthttp://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitterhttp://whatthefuckismyinformationsecuritystrategy.com/http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#http://www.sensepost.com/blog/4552.htmlhttp://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.htmlhttp://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210http://carnal0wnage.attackresearch.com/node/410http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdfhttp://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdfhttp://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ Comment by agrrr...@gmail.com, May 4, 2011 Exploits and Advisories: http://dsecrg.com/pages/vul/ Pass the Hash: http://dsecrg.blogspot.com/search/label/SMBRelay%20bible SAP: http://erpscan.com/products/erpscan-black-free/ Blogs Worth It: http://dsecrg.blogspot.com/ Magazines: http://magazine.hackinthebox.org/ http://www.phrack.com/ Tool Listings: http://www.xxxsoft.net/ Links don't work: http://www.ikkisoft.com/stuff/SMH_XSS.txt 本文转hackfreer51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/586387,如需转载请自行联系原作者
Exploits and Advisories: http://dsecrg.com/pages/vul/
Pass the Hash: http://dsecrg.blogspot.com/search/label/SMBRelay%20bible
SAP: http://erpscan.com/products/erpscan-black-free/
Blogs Worth It: http://dsecrg.blogspot.com/
Magazines: http://magazine.hackinthebox.org/ http://www.phrack.com/
Tool Listings: http://www.xxxsoft.net/
Links don't work: http://www.ikkisoft.com/stuff/SMH_XSS.txt
本文转hackfreer51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/586387,如需转载请自行联系原作者