Metasploit Unleashed 链接地址 - 免费攻防安全metasploita课程PTES 链接地址 - 渗透测试执行标准OWASP 链接地址 - 开源Web应用安全项目Shellcode开发:Shellcode Tutorials 链接地址 - 如何写shellcode的指导Shellcode Examples 链接地址 - Shellcode数据库社会工程学资源:社工库框架 链接地址 - 社工所需信息资源"撬锁"(Lock Picking)资源:Schuyler Towne channel 链接地址 - 撬锁视频和安全演讲/r/lockpicking 链接地址 - 学习撬锁的资源和设备推荐
渗透测试分布工具:Kali 链接地址 - 一个专门的数字取证和渗透测试的Linux版本BlackArch 链接地址 - 渗透测试员和研究人员的Arch Linux分布NST 链接地址 - 网络安全工具包Pentoo 链接地址 - 基于GentooBackBox 链接地址 - 基于Ubuntu的渗透测试和安全评估基本渗透测试工具:Metasploit Framework 链接地址 - 全球最常用的渗透测试工具Burp Suite 链接地址 - 执行Web安全测试的集成平台ExploitPack 链接地址 - 用户渗透测试的图形工具漏洞扫描器:Netsparker 链接地址 - Web应用程序安全扫描Nexpose 链接地址 - 漏洞管理和风险管理软件Nessus 链接地址 - 漏洞、配置和评估Nikto 链接地址 - Web应用漏洞扫描器OpenVAS 链接地址 - 开源漏洞扫描和管理工具OWASP Zed Attack Proxy 链接地址 - web应用的渗透测试工具Secapps 链接地址 - 集成的Web应用程序安全测试环境w3af 链接地址 - Web应用攻击和审计框架Wapiti 链接地址 - Web应用漏洞扫描器WebReaver 链接地址 - Mac OS X的Web应用漏洞扫描网络工具:nmap 链接地址 - 用于网络探测和安全审计的免费安全扫描器tcpdump/libpcap 链接地址 - 命令行的通用数据包分析器Wireshark 链接地址 - 网络协议分析,Unix和Windows版本均有Network Tools 链接地址 - 不同的网络工具:ping, lookup, whois, 等netsniff-ng 链接地址 - 瑞士军刀网络嗅探Intercepter-NG 链接地址 - 一个多功能网络工具包SPARTA 链接地址 - 网络基础架构渗透测试工具包无线网络工具:Aircrack-gn 链接地址 - 一系列无线网络审计工具Kismet 链接地址 - 无线网络探测器、嗅探器和入侵检测系统Reaver 链接地址 - WiFi暴力攻击SSL分析工具SSLyze链接地址 - SSL配置扫描仪sslstrip 链接地址 - 一个HTTPS攻击演示十六进制编辑器HexEdit.js 链接地址 - 基于浏览器的十六进制编辑器破解工具John the Ripper 链接地址 - 最快的密码破解在线MD5破解 链接地址 - 在线MD5哈希破解Windows UtilsSysinternals Suite 链接地址 - Sysinternals 故障诊断工具Windows Credentials Editor 链接地址 - 列出登录会话、添加、修改、列表、删除相关凭据的安全工具mimikatz 链接地址 - 针对Windows的凭证提取工具DDoS攻击工具LOIC 链接地址 - 开源的Windos网络压力工具JS LOIC 链接地址 - 浏览器的JavaScript LOIC社工工具SET 链接地址 - 来自TrustedSec的社工工具包OSint工具Maltego 链接地址 - 开源情报取证工具匿名工具Tor链接地址 - 免费路由在线匿名工具I2P链接地址 - 隐形互联网项目逆向工具IDA Pro链接地址 - Windows、Linux或Mac OS X反编译调试器IDA Free 链接地址 - 免费版本的IDA 5.0WDK/WinDbg 链接地址 - Windows驱动程序工具包和WinDbgOllyDbg 链接地址 - x86调试器(强调二进制代码分析)Radare2 链接地址 - 开源跨平台逆向工程框架x64_dgb 链接地址 - Windows 开源x64/x32调试器Pyew 链接地址 - 静态恶意软件分析的Python工具Bokken 链接地址 - Pyew Radare2 GUIImmunity Debugger 链接地址 - 开发、分析恶意软件的新工具Evan’s Debugger 链接地址 - Linux上类似于OllyDbg的调试器
渗透测试图书:The Art of Exploitation by Jon Erickson, 2008Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014Rtfm: Red Team Field Manual by Ben Clark, 2014The Hacker Playbook by Peter Kim, 2014The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013Professional Penetration Testing by Thomas Wilhelm, 2013Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012Violent Python by TJ O‘Connor, 2012Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007Black Hat Python: Python Programming for Hackers and Pentesters, 2014Penetration Testing: Procedures & Methodologies (EC-Council Press),2010黑客手册系列The Shellcoders Handbook by Chris Anley and others, 2007The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011iOS Hackers Handbook by Charlie Miller and others, 2012Android Hackers Handbook by Joshua J. Drake and others, 2014The Browser Hackers Handbook by Wade Alcorn and others, 2014The Mobile Application Hackers Handbook by Dominic Chell and others, 2015网络分析图书Nmap Network Scanning by Gordon Fyodor Lyon, 2009Practical Packet Analysis by Chris Sanders, 2011Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012逆向工程图书Reverse Engineering for Beginners by Dennis Yurichev (free!)The IDA Pro Book by Chris Eagle, 2011Practical Reverse Engineering by Bruce Dang and others, 2014Reverse Engineering for Beginners恶意软件分析图书Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012The Art of Memory Forensics by Michael Hale Ligh and others, 2014Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010Windows图书Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu社会工程学图书The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011No Tech Hacking by Johnny Long, Jack Wiles, 2008Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014撬锁系列图书Practical Lock Picking by Deviant Ollam, 2012Keys to the Kingdom by Deviant Ollam, 2012CIA Lock Picking Field Operative Training ManualLock Picking: Detail Overkill by SolomonEddie the Wire books漏洞数据库NVD 链接地址 - US National Vulnerability DatabaseCERT 链接地址 - US Computer Emergency Readiness TeamOSVDB 链接地址 - Open Sourced Vulnerability DatabaseBugtraq 链接地址 - Symantec SecurityFocusExploit-DB 链接地址 - Offensive Security Exploit DatabaseFulldisclosure 链接地址 - Full Disclosure Mailing ListMS Bulletin 链接地址 - Microsoft Security BulletinMS Advisory 链接地址 - Microsoft Security AdvisoriesInj3ct0r 链接地址 - Inj3ct0r Exploit DatabasePacket Storm 链接地址 - Packet Storm Global Security ResourceSecuriTeam 链接地址 - Securiteam Vulnerability InformationCXSecurity 链接地址 - CSSecurity Bugtraq ListVulnerability Laboratory 链接地址 - Vulnerability Research LaboratoryZDI 链接地址 - Zero Day Initiative安全课程Offensive Security Training 链接地址 - Training from BackTrack/Kali developersSANS Security Training 链接地址 - Computer Security Training & CertificationOpen Security Training 链接地址 - Training material for computer security classesCTF Field Guide 链接地址 - everything you need to win your next CTF competitionCybrary 链接地址 - online IT and Cyber Security training platform信息安全课程DEF CON - An annual hacker convention in Las VegasBlack Hat - An annual security conference in Las VegasBSides - A framework for organising and holding security conferencesCCC - An annual meeting of the international hacker scene in GermanyDerbyCon - An annual hacker conference based in LouisvillePhreakNIC - A technology conference held annually in middle TennesseeShmooCon - An annual US east coast hacker conventionCarolinaCon - An infosec conference, held annually in North CarolinaHOPE - A conference series sponsored by the hacker magazine 2600SummerCon - One of the oldest hacker conventions, held during SummerHack.lu - An annual conference held in LuxembourgHITB - Deep-knowledge security conference held in Malaysia and The NetherlandsTroopers - Annual international IT Security event with workshops held in Heidelberg, GermanyHack3rCon - An annual US hacker conferenceThotCon - An annual US hacker conference held in ChicagoLayerOne - An annual US security conerence held every spring in Los AngelesDeepSec - Security Conference in Vienna, AustriaSkyDogCon - A technology conference in NashvilleSECUINSIDE - Security Conference in SeoulDefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania信息安全杂志2600: The Hacker Quarterly - An American publication about technology and computer "underground"Phrack Magazine - By far the longest running hacker zine非常有用的信息列表:SecTools 链接地址 - Top 125 Network Security ToolsC/C++ Programming 链接地址 - One of the main language for open source security tools.NET Programming 链接地址 - A software framework for Microsoft Windows platform developmentShell Scripting 链接地址 - Command-line frameworks, toolkits, guides and gizmosRuby Programming by @dreikanter 链接地址 - The de-facto language for writing exploitsRuby Programming by @markets 链接地址 - The de-facto language for writing exploitsRuby Programming by @Sdogruyol 链接地址 - The de-facto language for writing exploitsJavaScript Programming 链接地址 - In-browser development and scriptingNode.js Programming by @sindresorhus 链接地址 - JavaScript in command-lineNode.js Programming by @vndmtrx 链接地址 - JavaScript in command-linePython tools for penetration testers 链接地址 - Lots of pentesting tools are written in PythonPython Programming by @svaksha 链接地址 - General Python programmingPython Programming by @vinta 链接地址 - General Python programmingAndroid Security 链接地址 - A collection of android security related resourcesAwesome Awesomness 链接地址 - The List of the Lists
原文:http://bar.freebuf.com/comment/9775
转载于:https://www.cnblogs.com/ssooking/p/6548001.html
