euphrat1ca / Security List
If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中,如果有什么好的意见或建议,请在Issues反馈,感谢您的参与。
Stars: ✭ 684
Projects that are alternatives of or similar to Security List
Saint
👁 (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
Stars: ✭ 522 (-23.68%)
Mutual labels: kali
Anlinux App
AnLinux allow you to run Linux on Android without root access.
Stars: ✭ 614 (-10.23%)
Mutual labels: kali
Webdevelopersecuritychecklist
A checklist of important security issues you should consider when creating a web application.
Stars: ✭ 379 (-44.59%)
Mutual labels: checklist
Chimera
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (-32.31%)
Mutual labels: kali
Redcloud
Automated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (-19.44%)
Mutual labels: kali
Ethical Hacking Tools
Complete Listing and Usage of Tools used for Ethical Hacking
Stars: ✭ 272 (-60.23%)
Mutual labels: kali
Kali Linux Cheatsheet
Kali Linux Cheat Sheet for Penetration Testers
Stars: ✭ 483 (-29.39%)
Mutual labels: kali
K8s Security
Kubernetes security notes and best practices
Stars: ✭ 588 (-14.04%)
Mutual labels: checklist
Project Checklist
✅ A checklist of things to do before releasing your project
Stars: ✭ 390 (-42.98%)
Mutual labels: checklist
Azure Readiness Checklist
This checklist is your guide to the best practices for deploying secure, scalable, and highly available infrastructure in Azure. Before you go live, go through each item, and make sure you haven't missed anything important!
Stars: ✭ 457 (-33.19%)
Mutual labels: checklist
Contributing Template
Template for writing your own contributing guide
Stars: ✭ 565 (-17.4%)
Mutual labels: checklist
Eos Bp Nodes Security Checklist
EOS bp nodes security checklist(EOS超级节点安全执行指南)
Stars: ✭ 347 (-49.27%)
Mutual labels: checklist
Config
Personal checklist for setting up a new Mac's dev environment.
Stars: ✭ 539 (-21.2%)
Mutual labels: checklist
Swiftnessx
A cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (-1.61%)
Mutual labels: checklist
项目简介
根据中华人民共和国《网络安全法》相关政策规定,本文章只做学习研究,不被允许通过本文章内容进行非法行为,使用技术的风险由使用者自行承担。(The author does not assume any legal responsibility)
整个 Red Team 攻击的生命周期包括但不限于:信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、持久化控制(在这个基础上做信息数据分析)、清理痕迹(攻击结束之后扫尾清理并退出战场)
- https://euphrat1ca.github.io/security_w1k1/ Have to say The index is in my mind 几千行的项目在查阅、索引时,有点过于庞大,于是在第两百次更新的时候,选择把一些更新较为频繁的内容单独分类划分。
具体情况如下--->
分类标签:mywiki;教程 TechTeach;介绍 intro;使用手册;通讯技术;威胁情报;恶意样本;自服务应用;研究技术;漏洞利用;Web安全;移动安全;数字取证;权限拓展;模糊测试;极客学习;万物互联;情报研判;工具插件;安全防护;
类型标签:Awesome系列;类似于xx架构;对比于;Kali系统类;ATT&CK矩阵类;
导航标签:模拟测试;一个人的安全部;作者拼音;Github: Web: Page: Connect: 等缩写;
状态标签:NoUpdate;商业版;免费版;社区版;
测评标签:Simple(基础模块);testjob(尚待测试);welljob(表现良好);goodjob(性能稳定);greatjob(行业标杆);
建设解决方案
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_SecSolution.md //安全建设 安全运营 解决方案。mywiki。
模糊测试
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_Fuzzer.md //Fuzzer模糊测试漏洞挖掘。mywiki。
系统防御体系
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_TowerDefence.md //病毒后门查杀,系统监控,混淆命令检测等技术防御体系。mywiki。
文件分析应急
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_MalwareSec.md //病毒分析、应急响应、恶意样本、数据源收集库。mywiki。
渗透拓展利用
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_ExpandAuth.md //远控、免杀、提权、维权、免杀、绕过。mywiki。
无线近源
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_ContactlessSec.md //无线电/通讯WiFi/蓝牙/badusb 安全。mywiki。
万物互联
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_IoT&ICS.md //物联网/工业互联网安全。mywiki。
数据源情报分析
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_OsintData.md //开源情报数据源分析。mywiki。
转发映射代理
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_SocketProxy.md //端口映射,代理穿透,流量代理转发。mywiki。
欺骗防御
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_HoneyPot.md //欺骗防御、蜜罐。myWiki。
分析逆向
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_SecReverse.md //逆向分析、反编译、破解。myWiki。
社会工程
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_SocialSec.md //社工钓鱼、隐私防护、密码破解、主动反制。myWiki。
漏洞收集
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_VulExp.md //web漏洞、软件模板漏洞、数据库、中间件、CMS框架漏洞、MS&Linux等系统组件漏洞、IOT漏洞收集表单。myWiki。
Web安全利用
- https://github.com/euphrat1ca/security_w1k1/blob/master/WebSec.md //web安全测试利用、前端安全、数据库sql注入、xss跨站、上传漏洞、命令注入执行、webshell、https证书加密、web应用扫描器框架。myWiki。
应用安全利用
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_AppSecurity.md //移动端APP,应用代码审计。myWiki。
工具拓展插件
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_ToolDevelop.md //kali/nmap/burpsuite/Nessus/awvs/sqlmap/metasploit/cobaltstrike/empire/菜刀/ 插件。mywiki。
通讯交流
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_FreeConnect.md //通讯工具技术相关。mywiki。
自服务应用
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_SelfServicerce.md //自服务应用在线资源、文件\url\节点检测。mywiki。
计算机服务
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_TipSkill.md //计算机技术相关。myWiki。
中间人攻击
- https://github.com/euphrat1ca/security_w1k1/blob/master/wiki_MiddleAttack.md //中间人劫持攻击欺骗。myWiki。
技术利用套件集合
- https://github.com/infosecn1nja/Red-Teaming-Toolkit //红队攻击生命周期,开源和商业工具。goodjob。
- https://github.com/demonsec666/Security-Toolkit //渗透攻击链中常用工具及使用场景。G:/We5ter/Scanners-Box;G:/shack2/SNETCracker/dic;G:/Penetrum-Security/Security-List;--
- https://github.com/redcanaryco/atomic-red-team //Atomic Red Team团队关于win、linux、mac等多方面apt利用手段、技术与工具集。2k。G:/blaCCkHatHacEEkr/PENTESTING-BIBLE;--
- https://github.com/toolswatch/blackhat-arsenal-tools //blackhat工具集G:/n00py/ReadingList/blob/master/gunsafe.txt;--
- https://github.com/RedTeamWing/RedTeaming2020 //RedTeaming知识星球2020年安全知识汇总
- https://pan.shadowsec.org/ //连接世界的暗影工具包
安全测试系统
- https://www.parrotsec.org //鹦鹉安全操作系统。pentest kali系统类。
- https://tails.boum.org/index.en.html //tails匿名操作系统。pentest kali系统类。
- https://github.com/fireeye/commando-vm //FireEye开源Commando VM,专为红队(pen-testing)定制的Windows。W:blackwin.ir //win-kali系统类;--
- https://github.com/moki-ics/moki //工控渗透测试环境一键配置脚本
Linux利用工具集合
- https://github.com/Z4nzu/hackingtool //Linux安全工具集合,类pentestbox架构。
- https://github.com/Manisso/fsociety //Linux下渗透工具包一键安装。G:/taielab/Taie-RedTeam-OS;--
- https://github.com/LionSec/katoolin //Linux一键kali工具包。G:/thirdbyte/ssj;--
- https://github.com/TrustedSec/ptf/ //Py。基于Debian/Ubuntu/ArchLinux下的测试工具安装管理工具
- https://github.com/undefinedsec/VpsEnvInstall/ //测试环境一键配置脚本
Windows利用工具集合
- http://www.nirsoft.net/ //Windows工具集,密码恢复、系统管理、浏览器监控、系统调试、网络监控、Outlook调试。Goodjob。G:/BlackDiverX/cqtools;--
- https://github.com/RcoIl/CSharp-Tools //安全测试CSharp工具集。编码转换、navicat密码抓取、weblogic反序列化、信息搜集、DES解密、机器类型判断、远程利用、C段标题WebTitle。
- https://github.com/k8gege/K8tools //K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)。W:k8gege.org/;P:/cnblogs.com/k8gege //常见解压密码Kk8team\Kk8gege;G:/zzwlpx/k8fly //k8飞刀源码;--
- https://github.com/3gstudent/Homework-of-C-Sharp/ //C#。三好学生文章、工具、脚本。P:/3gstudent/Homework-of-Python;--
- https://github.com/Al1ex/Pentest-tools //内网渗透工具
- https://github.com/microsoft/WindowsProtocolTestSuites //C#。针对Windows开发规范的Windows协议测试套件。
安全测试辅助
- https://github.com/knownsec/404StarLink-Project //知道创宇404星链。goodjob。Kunlun-Mirror 白盒代码审计;LBot Xss bot模板;ksubdomain 无状态子域名爆破;Zoomeye Tools chrome插件;wam webapp、行业动态监控平台;bin_extractor 二进制敏感信息;CookieTest 测试api或某个请求的必选参数、cookie脚本;ipstatistics 基于ipip库的筛选ip列表脚本;cidrgen 基于cidr的子网IP列表生成器。
- https://github.com/LasCC/Hack-Tools //渗透辅助
- http://requestbin.net/ //Inspect HTTP Requests。获取客户端http、dns请求。requestbin.com。
- https://github.com/BugScanTeam/DNSLog //py。四叶草基于django监控 DNS 解析记录和 HTTP 访问记录的工具,将 DNSServer 集成进 DNSLog 中。
- https://github.com/uknowsec/SharpNetCheck //C#。配合如wmiexec、psexec等横向工具进行批量检测内网是否出网。
- https://github.com/opensec-cn/vtest //Py。安全工程师渗透测试辅助,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
- http://ceye.io //知道创宇dns日志访问记录查询,可配合盲注、xss、解析对方真实ip使用。W:dnslog.cn/;--
- https://github.com/ismailtasdelen/hackertarget //Py。Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities。
- https://github.com/ultrasecurity/webkiller //Py。ip信息、端口服务指纹、蜜罐探测、bypass cloudflare。
- https://github.com/medbenali/CyberScan //Py。分析数据包、解码、端口扫描、IP地址分析等。
- https://github.com/alienwithin/OWASP-mth3l3m3nt-framework //exp搜寻、payload与shell生成、信息收集
- https://github.com/feross/SpoofMAC //Py。跨平台mac修改。P:TMAC v6;--
- https://github.com/foryujian/ipintervalmerge //IP合并区间。
测试总结报告
- https://github.com/gh0stkey/PoCBox //PHP。漏洞测试验证/报告生成平台。SONP劫持、CORS、Flash跨域资源读取、Google Hack语法生成、URL测试字典生成、JavaScript URL跳转、302 URL跳转
- https://github.com/pwndoc/pwndoc //Vue.js。安全服务渗透测试报告生成。
- https://github.com/bugsafe/WeReport //PHP。WeReport报告助手,一键生成测试报告。
压测泛洪
- https://github.com/ywjt/Dshield //Py。DDOS防护。
协议流量压测
- http://www.yykkll.com //压力测试站评测。W:defconpro.net;W:vip-boot.xyz;--
- https://rocketstresser.com/login.php //多协议在线压测,支持cdn测试。
- https://github.com/wenfengshi/ddos-dos-tools //压力测试工具集
- https://github.com/wenfengshi/ddos-dos-tools //压力测试工具集
- https://tools.kali.org/information-gathering/hping3 //HPing3网络工具组包。P:LOIC;P:核武器CC-穿盾版;P:天降激光炮315;P:hyenae;--
- https://github.com/Markus-Go/bonesi //C。模拟僵尸网络进行ICMP/UDP/TCP/HTTP压测
- https://github.com/IKende/Beetle.DT //C#。分布式压力测试工具
- https://github.com/wg/wrk //C。http流量测试。
- https://github.com/mschwager/dhcpwn //Py。DHCP/IP压力测试。
- https://github.com/Microsoft/Ethr //Go。跨平台,TCP, UDP, HTTP, HTTPS压力测试工具
- https://github.com/loadimpact/k6 //GO Javascript组件进行负载测试。goodjob。
- https://github.com/NewEraCracker/LOIC/ //C#,Mono。基于Praetox's LOIC project的压测工具。
- https://github.com/649/Memcrashed-DDoS-Exploit //Py。利用shodan搜索Memcached服务器进行压力测试。
拒绝服务压测
- https://github.com/ajmwagar/lor-axe //Rust。多线程、低带宽消耗的HTTP DoS工具。G:/JuxhinDB/synner;--
- https://github.com/jseidl/GoldenEye //Py。DOS攻击测试
- https://github.com/jagracey/Regex-DoS //RegEx拒绝服务扫描器
- https://github.com/doyensec/regexploit //分析正则表达式,寻找ReDoS漏洞
- https://github.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploit //Py。RDP服务远程命令执行/DOS攻击/蓝屏exp。
- https://xz.aliyun.com/t/7895/ //techteach。利用WAF进行拒绝服务攻击。利用自动加载图片等资源文件的特性。
- https://www.freebuf.com/column/201766.html //techteach。正则表达式所引发的DoS攻击(Redos)。G:/superhuman/rxxr2;--
- https://github.com/EZLippi/WebBench //C。DDOS网站压力测试,最高并发3万
TheEnd
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].