看到的一个文档里学习的网站,记录在这把,方便自己翻看
漏洞及渗透练习平台:
WebGoat漏洞练习平台: https://github.com/WebGoat/WebGoatwebgoat-legacy 漏洞练习平台: https://github.com/WebGoat/WebGoat-Legacy zvuldirll漏洞练习平台: https://github.com/710leo/ZVulDrill vulapps漏洞练习平台: https://github.com/Medicean/VulApps dvwa漏洞练习平台: https://github.com/RandomStorm/DVWA 数据库注入练习平台 : https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Goat: https://github.com/cr0hn/vulnerable-node Ruby编写的一款工具,生成含漏洞的虚拟机: https://github.com/cliffe/secgen 花式扫描器 : Nmap端口扫描器: https://github.com/nmap/nmap 本地网络扫描器: https://github.com/SkyLined/LocalNetworkScanner 子域名扫描器: https://github.com/lijiejie/subDomainsBrute https://github.com/aboul3la/Sublist3r https://github.com/TheRook/subbrute https://github.com/infosec-au/altdns linux漏洞扫描: https://github.com/future-architect/vuls 基于端口扫描以及关联CVE: https://github.com/m0nad/HellRaiser 漏洞路由扫描器: https://github.com/jh00nbr/Routerhunter-2.0 迷你批量信息泄漏扫描脚本: https://github.com/lijiejie/BBScan Waf类型检测工具: https://github.com/EnableSecurity/wafw00f 服务器端口弱口令扫描器: https://github.com/wilson9x1/fenghuangscanner_v3 Fox-scan扫描器: https://github.com/fengxuangit/Fox-scan/ 信息搜集工具 : 社工收集器: https://github.com/n0tr00t/Sreg Github信息搜集: https://github.com/sea-god/gitscan github Repo信息搜集工具: https://github.com/metac0rtex/GitHarvester 信息探测及扫描工具: https://github.com/darryllane/Bluto 内部网络信息扫描器: https://github.com/sowish/LNScan 远程桌面登录扫描器: https://github.com/linuz/Sticky-Keys-Slayer 网络基础设施渗透工具 https://github.com/SECFORCE/sparta SNMAP密码破解: https://github.com/SECFORCE/SNMP-Brute WEB: webshell大合集: https://github.com/tennc/webshell 渗透以及web攻击脚本: https://github.com/brianwrf/hackUtils web渗透小工具大合集: https://github.com/rootphantomer/hack中国黑客协会for_me XSS数据接收平台: https://github.com/firesunCN/BlueLotus_XSSReceiver XSS与CSRF工具: https://github.com/evilcos/xssor xss多功能扫描器: https://github.com/shawarkhanethicalhacker/BruteXSS web漏洞扫描器: https://github.com/andresriancho/w3af WEB漏洞扫描器: https://github.com/sullo/nikto 渗透常用小工具包: https://github.com/leonteale/pentestpackage web目录扫描器: https://github.com/maurosoria/dirsearch 固件漏洞扫描器: https://github.com/misterch0c/firminator_backend 数据库注入工具 https://github.com/sqlmapproject/sqlmap Web代理: https://github.com/zt2/sqli-hunter 新版中国菜刀: https://github.com/Chora10/Cknife git泄露利用EXP: https://github.com/lijiejie/GitHack 浏览器攻击框架: https://github.com/beefproject/beef 自动化绕过WAF脚本: https://github.com/khalilbijjou/WAFNinja https://github.com/owtf/wafbypasser 一款开源WAF: https://github.com/SpiderLabs/ModSecurity http命令行客户端: https://github.com/jkbrzt/httpie 浏览器调试利器: https://github.com/firebug/firebug DISCUZ漏洞扫描器: https://github.com/code-scan/dzscan 自动化代码审计工具 https://github.com/wufeifei/cobra 浏览器攻击框架: https://github.com/julienbedard/browsersploit tomcat自动后门部署: https://github.com/mgeeky/tomcatWarDeployer 网络空间指纹扫描器: https://github.com/nanshihui/Scan-Tburpsuit之J2EE扫描插件: https://github.com/ilmila/J2EEScan windows域渗透工具: mimikatz明文注入: https://github.com/gentilkiwi/mimikatz Powershell渗透库合集: https://github.com/PowerShellMafia/PowerSploit Powershell 中国黑客协会合集: https://github.com/clymb3r/PowerShell powershell的mimikittenz: https://github.com/putterpanda/mimikittenz 域渗透教程: https://github.com/l3m0n/pentest_study Fuzz: Web向Fuzz工具 https://github.com/xmendez/wfuzz HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan 漏洞利用及攻击框架: msf框架: https://github.com/rapid7/metasploit-framework https://github.com/hussein-aitlahcen/BlackHole