【Web安全笔记】之【9.0 工具与资源】

9.0 工具与资源

9.1 推荐资源

9.1.1 书单

1. 前端

• Web之困
• 白帽子讲Web安全
• 白帽子讲浏览器安全（钱文祥）
• Web前端黑客技术揭秘
• XSS跨站脚本攻击剖析与防御
• SQL注入攻击与防御

2. 网络

• Understanding linux network internals
• TCP/IP Architecture, Design, and Implementation in Linux
• Linux Kernel Networking: Implementation and Theory
• Bulletproof SSL and TLS
• UNIX Network Programming
• TCP / IP 协议详解

3. SEO

• SEO艺术

4. 无线攻防

• 无线网络安全攻防实战
• 无线网络安全攻防实战进阶
• 黑客大揭秘——近源渗透测试（柴坤哲等）

5. Hacking Programming

• Gray Hat Python

6. 社会工程学

• 社会工程：安全体系中的人性漏洞
• 反欺骗的艺术
• 反入侵的艺术

7. 数据安全

• 大数据治理与安全 从理论到开源实践（刘驰等）
• 企业大数据处理 Spark、Druid、Flume与Kafka应用实践（肖冠宇）
• 数据安全 架构设计与实战（郑云文）

8. 机器学习与网络安全

• Web安全深度学习实战（刘焱）
• Web安全机器学习入门（刘焱）
• Web安全之强化学习与GAN（刘焱）
• AI安全之对抗样本入门（兜哥）

9. 安全建设

• 企业安全建设入门——基于开源软件打造企业网络安全 （刘焱）
• 企业安全建设指南——金融行业安全架构与技术实践 （聂君等）
• 大型互联网企业安全架构（石祖文）
• CISSP官方学习指南
• CISSP认证考试指南
• Linux系统安全 纵深防御、安全扫描与入侵检测（胥峰）

10. 综合

• Web安全深度剖析
• 黑客秘笈——渗透测试实用指南
• 黑客攻防技术宝典——web实战篇

9.1.2 WebSite

• https://adsecurity.org/

9.1.3 Blog

• https://www.leavesongs.com/
• https://paper.seebug.org/
• https://xz.aliyun.com/
• https://portswigger.net/blog
• https://www.hackerone.com/blog

9.1.4 Bug Bounty

• https://www.hackerone.com/
• https://bugcrowd.com
• https://www.synack.com/
• https://cobalt.io/

9.1.5 实验环境

1. Web安全相关CTF题目

• https://github.com/orangetw/My-CTF-Web-Challenges
• https://www.ripstech.com/php-security-calendar-2017/
• https://github.com/wonderkun/CTF_web
• https://github.com/CHYbeta/Code-Audit-Challenges
• https://github.com/l4wio/CTF-challenges-by-me
• https://github.com/tsug0d/MyAwesomeWebChallenge
• https://github.com/a0xnirudh/kurukshetra
• http://www.xssed.com/

2. 域实验环境

• Adaz: Active Directory Hunting Lab in Azure
• Detection Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices

9.1.6 知识库

1. Awesome 系列

• Awesome CobaltStrike
• Awesome Cybersecurity Blue Team
• Awesome Hacking
• awesome sec talks
• Awesome Security
• awesome web security
• Awesome-Android-Security

2. Bug Hunting

• HowToHunt Tutorials and Things to Do while Hunting Vulnerability

3. Java

• learnjavabug Java安全相关的漏洞和技术demo

4. 红蓝对抗

• atomic red team Small and highly portable detection tests based on MITRE’s ATT&CK

5. 后渗透

• Powershell攻击指南 黑客后渗透之道
• Active Directory Exploitation Cheat Sheet

9.2 相关论文

9.2.1 论文列表

• PRE-list List of (automatic) protocol reverse engineering tools for network protocols

9.2.2 流量分析

• Plohmann D, Yakdan K, Klatt M, et al. A comprehensive measurement study of domain generating malware[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 263-278.
• Nasr M, Houmansadr A, Mazumdar A. Compressive traffic analysis: A new paradigm for scalable traffic analysis[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2053-2069.

9.2.3 漏洞自动化

• Staicu C A, Pradel M, Livshits B. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE. JS[C]//NDSS. 2018.
• Atlidakis V , Godefroid P , Polishchuk M . REST-ler: Automatic Intelligent REST API Fuzzing[J]. 2018.
• Alhuzali A, Gjomemo R, Eshete B, et al. {NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 377-392.

9.2.4 攻击技巧

• Lekies S, Kotowicz K, Groß S, et al. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1709-1723.
• Papadopoulos P, Ilia P, Polychronakis M, et al. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation[J]. arXiv preprint arXiv:1810.00464, 2018.

9.2.5 攻击检测

• Liu T, Qi Y, Shi L, et al. Locate-then-detect: real-time web attack detection via attention-based deep neural networks[C]//Proceedings of the 28th International Joint Conference on Artificial Intelligence. AAAI Press, 2019: 4725-4731.

9.2.6 隐私

• Klein A, Pinkas B. DNS Cache-Based User Tracking[C]//NDSS. 2019.

9.2.7 指纹

• Hayes J, Danezis G. k-fingerprinting: A robust scalable website fingerprinting technique[C]//25th {USENIX} Security Symposium ({USENIX} Security 16). 2016: 1187-1203.
• Overdorf R, Juarez M, Acar G, et al. How unique is your. onion?: An analysis of the fingerprintability of tor onion services[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 2021-2036.

9.2.8 侧信道

• Rosner N, Kadron I B, Bang L, et al. Profit: Detecting and Quantifying Side Channels in Networked Applications[C]//NDSS. 2019.

9.2.9 认证

• Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? an empirical analysis of single sign-on account hijacking and session management on the web[C]//27th {USENIX} Security Symposium ({USENIX} Security 18). 2018: 1475-1492.

9.2.10 防护

• Pellegrino G, Johns M, Koch S, et al. Deemon: Detecting CSRF with dynamic analysis and property graphs[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017: 1757-1771.

9.3 信息收集

9.3.1 Whois

• who.is
• 万网WHOIS
• 腾讯云WHOIS
• 站长之家WHOIS

9.3.2 网站备案

• 天眼查
• ICP备案查询
• 爱站备案查询

9.3.3 CDN查询

• 多地Ping
• CDN服务商查询

9.3.4 子域爆破

• subDomainsBrute
• wydomain
• broDomain
• ESD
• aiodnsbrute
• OneForAll
• subfinder

9.3.5 域名获取

• the art of subdomain enumeration
• sslScrape
• aquatone A Tool for Domain Flyovers
• teemo A Domain Name & Email Address Collection Tool
• DNS DB 历史记录

9.3.6 弱密码爆破

• hydra
• medusa is a high-speed network authentication cracking tool
• Ncrack
• htpwdScan
• patator

9.3.7 Git信息泄漏

• GitHack By lijiejie
• GitHack By BugScan
• GitTools
• Zen
• dig github history
• gitrob Reconnaissance tool for GitHub organizations
• git secrets
• shhgit Find GitHub secrets in real time
• GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher
• x patrol Github leaked patrol
• GitDorker scrape secrets from GitHub through usage of a large repository of dorks

9.3.8 Github监控

• Github Monitor Github Sensitive Information Leakage Monitor
• Github Dorks
• GSIL
• Hawkeye
• gshark
• GitGot
• gitGraber

9.3.9 路径及文件扫描

• weakfilescan
• DirBrute
• dirsearch
• bfac
• ds_store_exp

9.3.10 路径爬虫

• crawlergo A powerful dynamic crawler for web vulnerability scanners

9.3.11 指纹识别

• Wappalyzer
• whatweb
• Wordpress Finger Print
• CMS指纹识别
• JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way
• TideFinger

9.3.12 Waf指纹

• identywaf
• wafw00f
• WhatWaf

9.3.13 端口扫描

• nmap
• zmap
• masscan
• ShodanHat
• RustScan The Modern Port Scanner
• DNS dnsenum nslookup dig fierce
• SNMP snmpwalk

9.3.14 DNS数据查询

• VirusTotal
• PassiveTotal
• DNSDB
• sitedossier

9.3.15 DNS关联

• Cloudflare Enumeration Tool
• amass
• Certificate Search

9.3.16 云服务

• Find aws s3 buckets
• CloudScraper
• AWS Bucket Dump

9.3.17 数据查询

• Censys
• Shodan
• Zoomeye
• fofa
• scans
• Just Metadata
• publicwww - Find Web Pages via Snippet

9.3.18 Password

• Probable Wordlists Wordlists sorted by probability originally created for password generation and testing
• Common User Passwords Profiler
• chrome password grabber

9.3.19 CI信息泄露

• secretz minimizing the large attack surface of Travis CI

9.3.20 个人数据画像

• GHunt Investigate Google Accounts with emails

9.3.21 邮箱收集

• EmailHarvester

9.3.22 其他

• datasploit
• watchdog
• archive
• HTTPLeaks
• htrace

9.4 社会工程学

9.4.1 OSINT

• osint
• osint git
• OSINT-Collection
• trape
• Photon
• pockint

9.4.2 社交工具

• SlackPirate Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
• twint An advanced Twitter scraping & OSINT tool

9.4.3 个人搜索

• pipl
• hunter
• EagleEye
• LinkedInt
• sherlock
• email enum
• Sreg
• usersearch

9.4.4 Hacking database

• GHDB
• have i been pwned

9.4.5 钓鱼

• spoofcheck
• gophish
• SocialFish
• HFish A Most Convenient Honeypot Platform
• blackeye complete Phishing Tool, with 32 templates +1 customizable
• king phisher Phishing Campaign Toolkit
• espoofer An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures

9.4.6 网盘搜索

• 虫部落
• 盘多多
• Infinite Panc

9.4.7 密码猜测

• OMEN Ordered Markov ENumerator - Password Guesser
• genpAss

9.4.8 伪造

• email_hack 基于 Python 伪造电子邮件发件人

9.4.9 综合框架

• theHarvester
• Th3inspector
• ReconDog

9.5 模糊测试

9.5.1 Web Fuzz

• wfuzz
• SecLists
• fuzzdb
• foospidy payloads
• ffuf Fast web fuzzer written in Go

9.5.2 XSS Payloads

• PORTSWIGGER XSS cheat sheet
• Pgaijin66 XSS-Payloads
• OWASP XSS

9.5.3 Burp插件

• BurpBounty Scan Check Builder
• BurpShiroPassiveScan
• IntruderPayloads A collection of Burpsuite Intruder payloads

9.5.4 字典

• Blasting dictionary
• pydictor A powerful and useful hacker dictionary builder for a brute-force attack
• fuzzDicts Web Pentesting Fuzz 字典
• bruteforce lists
• CT subdomains
• PentesterSpecialDict 渗透测试人员专用精简化字典

9.5.5 Unicode Fuzz

• utf16encode

9.5.6 WAF Bypass

• abuse ssl bypass waf
• wafninja

9.6 漏洞利用/检测

9.6.1 数据库注入

• SQLMap
• bbqsql

9.6.2 非结构化数据库注入

• NoSQLAttack
• NoSQLMap
• Nosql Exploitation Framework
• MongoDB audit

9.6.3 数据库漏洞利用

• mysql unsha1
• ODAT Oracle Database Attacking Tool

9.6.4 XSS

• BeEF
• XSS Reciver
• DSXS
• XSStrike
• xsssniper
• tracy
• xsleaks A collection of browser-based side channel attack vectors

9.6.5 SSRF

• SSRFmap
• SSRF Proxy
• Gopherus
• SSRF Testing

9.6.6 模版注入

• tplmap

9.6.7 HTTP Request Smuggling

• smuggler An HTTP Request Smuggling / Desync testing tool written in Python
• h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

9.6.8 命令注入

• commix

9.6.9 PHP

• Chankro Herramienta para evadir disable_functions y open_basedir

9.6.10 LFI

• LFISuite
• FDsploit

9.6.11 struts

• struts scan

9.6.12 CMS

• Joomla Vulnerability Scanner
• Drupal enumeration & exploitation tool
• Wordpress Vulnerability Scanner
• TPscan 一键ThinkPHP漏洞检测
• dedecmscan 织梦全版本漏洞扫描

9.6.13 Java框架

• ShiroScan Shiro<=1.2.4反序列化检测工具
• fastjson rce tool fastjson命令执行利用工具

9.6.14 DNS相关漏洞

• dnsAutoRebinding
• AngelSword
• Subdomain TakeOver
• mpDNS
• JudasDNS Nameserver DNS poisoning
• singularity A DNS rebinding attack framework by NGC Group

9.6.15 DNS数据提取

• dnsteal
• DNSExfiltrator
• dns exfiltration by krmaxwell
• dns exfiltration by coryschwartz
• requestbin for dns

9.6.16 DNS 隧道

• dnstunnel de
• iodine

9.6.17 DNS Shell

• chashell
• dnscat2

9.6.18 XXE

• XXEinjector
• XXER
• DTD Finder List DTDs and generate XXE payloads using those local DTDs

9.6.19 反序列化

• ysoserial
• JRE8u20 RCE Gadget
• Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form
• marshalsec Java Unmarshaller Security - Turning your data into code execution
• gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications

9.6.20 JNDI

• Rogue JNDI A malicious LDAP server for JNDI injection attacks

9.6.21 端口Hack

• nmap vulners
• nmap nse scripts
• Vulnerability Scanning with Nmap

9.6.22 JWT

• jwtcrack

9.6.23 无线

• infernal twin

9.6.24 中间人攻击

• mitmproxy
• MITMf
• ssh mitm
• injectify
• Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
• toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
• bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks

9.6.25 DHCP

• DHCPwn

9.6.26 DDoS

• Saddam

9.6.27 Shellcode

• go shellcode A repository of Windows Shellcode runners and supporting utilities

9.6.28 越权

• secscan authcheck

9.6.29 利用平台

• DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具
• LuWu 红队基础设施自动化部署工具

9.6.30 漏洞利用库

• Penetration Testing POC
• thc ipv6 IPv6 attack toolkit

9.6.31 Windows

• PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients

9.7 近源渗透

9.7.1 Bad USB

• WiFiDuck Keystroke injection attack plattform
• BadUSB code badusb的一些利用方式及代码
• WHID WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids
• BadUSB cable based on Attiny85 microcontroller
• USB Rubber Ducky

9.7.2 wifi

• wifiphisher
• evilginx
• mana
• pwnagotchi

9.7.3 无线

• hackrf low cost software radio platform

9.8 Web持久化

9.8.1 WebShell管理工具

• 菜刀
• antSword
• 冰蝎 动态二进制加密网站管理客户端
• weevely3 Weaponized web shell
• Altman the cross platform webshell tool in .NET
• Webshell Sniper Manage your website via terminal
• quasibot complex webshell manager, quasi-http botnet

9.8.2 WebShell

• webshell
• PHP backdoors
• php bash - semi-interactive web shell
• Python RSA Encrypted Shell
• b374k - PHP WebShell Custom Tool
• JSP Webshells
• MemShellDemo

9.8.3 Web后门

• pwnginx
• Apache backdoor
• SharpGen .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries
• IIS-Raid A native backdoor module for Microsoft IIS

9.9 横向移动

9.9.1 域

• adidnsdump Active Directory Integrated DNS dump tool
• BloodHound Six Degrees of Domain Admin
• windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
• ldapdomaindump Active Directory information dumper via LDAP
• Kerberoast a series of tools for attacking MS Kerberos implementations
• ADRecon Active Directory Recon

9.9.2 Azure AD

• ROADtools Azure AD exploration framework

9.9.3 Exchange

• ruler A tool to abuse Exchange services
• MailSniper
• PrivExchange Exchange your privileges for Domain Admin privs by abusing Exchange

9.9.4 PowerShell

• PowerShellMafia

9.9.5 内网信息收集

• SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable
• WinShareEnum Windows Share Enumerator
• HackBrowserData 全平台的浏览器数据导出工具

9.9.6 Kerberos

• Rubeus
• kerbrute A tool to perform Kerberos pre-auth bruteforcing

9.9.7 自动化审计

• Infection Monkey Data center Security Testing Tool

9.10 操作系统持久化

9.10.1 Windows

1. 凭证获取

• mimikatz
• RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking
• quarkspwdump Dump various types of Windows credentials without injecting in any process
• SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality

2. 权限提升

• WindowsExploits
• GTFOBins Curated list of Unix binaries that can be exploited to bypass system security restrictions
• JAWS Just Another Windows (Enum) Script

3. UAC Bypass

• WinPwnage UAC bypass, Elevate, Persistence and Execution methods
• UACME Defeating Windows User Account Control
• UAC Bypass In The Wild

4. 免杀

• SigThief Stealing Signatures and Making One Invalid Signature at a Time

5. C2

• SharpSploit .NET post-exploitation library written in C#
• Koadic is a Windows post-exploitation rootkit

6. 隐藏

• ProcessHider Post-exploitation tool for hiding processes from monitoring applications
• Invoke Phant0m Windows Event Log Killer
• EventCleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities

7. 伪造

• parent PID spoofing Scripts for performing and detecting parent PID spoofing
• GetSystem This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.

8. 综合工具

• Nishang Offensive PowerShell for red team, penetration testing and offensive security

9.10.2 Linux

1. 权限提升

• linux exploit suggester
• LinEnum Scripted Local Linux Enumeration & Privilege Escalation Checks
• AutoLocalPrivilegeEscalation

2. rootkit

• rootkit

3. 后门

• prism is an user space stealth reverse shell backdoor
• icmpsh Simple reverse ICMP shell

9.10.3 综合

1. 凭证获取

• sshLooterC program to steal passwords from ssh
• keychaindump A proof-of-concept tool for reading OS X keychain passwords
• LaZagne Credentials recovery project

2. 权限提升

• BeRoot Privilege Escalation Project - Windows / Linux / Mac

3. RAT

• QuasarRAT

4. C2

• Empire
• pupy
• Covenant is a collaborative .NET C2 framework for red teamers

5. DNS Shell

• DNS Shell DNS-Shell is an interactive Shell over DNS channel
• Reverse DNS Shell A python reverse shell that uses DNS as the c2 channel

6. Cobalt Strike

• Cobalt Strike
• CrossC2 generate CobaltStrike’s cross-platform payload
• Cobalt Strike Aggressor Scripts

7. 日志清除

• Log killer Clear all logs in [linux/windows] servers

8. Botnet

• byob Build Your Own Botnet

9. 免杀工具

• AV Evasion Tool 掩日 - 免杀执行器生成工具
• DKMC Dont kill my cat - Malicious payload evasion tool

9.11 审计工具

9.11.1 通用

• Cobra
• Semmle QL
• Sourcetrail free and open-source cross-platform source explorer
• trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
• fortify

9.11.2PHP

• RIPS
• prvd
• phpvulhunter
• chip a simple tool to detect potential security threat in php code

9.11.3 Python

• pyvulhunter
• pyt

9.11.4 Java

• find sec bugs
• Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications

9.11.5 JavaScript

• NodeJsScan

9.11.6 供应链

• Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components

9.12 防御

9.12.1 日志检查

• Sysmon
• LastActivityView
• Regshot

9.12.2 终端监控

• attack monitor Endpoint detection & Malware analysis software
• artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
• yurita Anomaly detection framework @ PayPal
• crowdsec An open-source, lightweight agent to detect and respond to bad behaviours

9.12.3 XSS防护

• js xss
• DOMPurify
• google csp evaluator

9.12.4 配置检查

• Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.
• gixy Nginx 配置检查工具
• dockerscan Docker security analysis & hacking tools

9.12.5 安全检查

• lynis
• linux malware detect

9.12.6 IDS

• ossec
• yulong
• AgentSmith

9.12.7 SIEM

• panther Detect threats with log data and improve cloud security posture

9.12.8 威胁情报

• threatfeeds
• abuseipdb

9.12.9 APT

• APT Groups and Operations
• APTnotes

9.12.10 入侵检查

• huorong
• check rootkit
• rootkit hunter
• PC Hunter
• autoruns

9.12.11 进程查看

• Process Explorer
• ProcessHacker

9.12.12 Waf

• naxsi
• ModSecurity
• ngx_lua_waf
• OpenWAF

9.12.13 病毒在线查杀

• virustotal
• virscan
• habo

9.12.14 WebShell查杀

• D盾
• 深信服WebShell查杀
• php malware finder

9.12.15 规则 / IoC

• malware ioc
• fireeye public iocs
• signature base
• yara rules
• capa rules standard collection of rules for capa
• AttackDetection Suricata PT Open Ruleset
• DailyIOC IOC from articles, tweets for archives

9.12.16 内存取证

• SfAntiBotPro
• volatility

9.12.17 Security Advisories

• Apache httpd Security Advisories
• Apache Solr
• Apache Tomcat
• Jetty Security Reports
• Nginx Security Advisories
• OpenSSL

9.12.18 Security Tracker

• Nginx Security Tracker

9.12.19 匹配工具

• yara The pattern matching swiss knife
• capa The FLARE team’s open-source tool to identify capabilities in executable files.

9.13 安全开发

9.13.1 风险控制

• aswan 陌陌风控系统静态规则引擎

9.13.2 静态分析

• PHP CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards

9.13.3 安全编码规范

• JAVA安全SDK及编码规范
• PHP安全SDK及编码规范

9.13.4 漏洞管理

• SRCMS
• 洞察 宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台
• xunfeng 适用于企业内网的漏洞快速应急，巡航扫描系统
• DefectDojo an open-source application vulnerability correlation and security orchestration tool
• Fuxi Scanner Penetration Testing Platform
• SeMF 企业内网安全管理平台，包含资产管理，漏洞管理，账号管理，知识库管、安全扫描自动化功能模块

9.13.5 DevSecOps

• hunter 中通DevSecOps闭环方案，被动式漏洞扫描器

9.14 运维

9.14.1 流量

• Bro
• Moloch Large scale, open source, indexed packet capture and search
• TCPFlow
• TCPDump
• WireShark
• Argus
• PcapPlusPlus
• ngrep
• cisco joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
• impacket is a collection of Python classes for working with network protocols
• NFStream a Flexible Network Data Analysis Framework
• BruteShark Network Analysis Tool

9.14.2 堡垒机

• jumpserver
• CrazyEye
• GateOne

9.14.3 蜜罐

• Dionaea
• Modern Honey Network
• Cowrie SSH/Telnet蜜罐
• honeything IoT蜜罐
• ConPot 工控设施蜜罐
• MongoDB HoneyProxy
• ElasticHoney
• DCEPT
• Canarytokens
• Honeydrive
• T-Pot The All In One Honeypot Platform
• opencanary
• HFish
• kippo SSH Honeypot

9.14.4 VPN Install

• pptp
• ipsec
• open

9.14.5 隧道 / 代理

• ngrok
• rtcp
• Tunna
• gost GO Simple Tunnel
• reDuh Create a TCP circuit through validly formed HTTP requests
• reGeorg pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
• Neo-reGeorg Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
• ABPTTS TCP tunneling over HTTP/HTTPS for web application servers
• frp A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
• lanproxy 内网穿透工具
• ligolo Reverse Tunneling made easy for pentesters
• EarthWorm 是一款用于开启 SOCKS v5 代理服务的工具，基于标准 C 开发，可提供多平台间的转接通讯，用于复杂网络环境下的数据转发。
• Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP
• mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
• nps a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal

9.14.6 代理链

• Netch Support Socks5, Shadowsocks, ShadowsocksR, V2Ray, Trojan proxies. UDP NAT FullCone
• proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy

9.14.7 资产管理

• BlueKing CMDB 面向资产及应用的企业级配置管理平台
• ARL 资产侦察灯塔系统

9.14.7 合规

• bombus 合规审计平台

9.14.8 风控

• nebula
• Liudao
• aswan 陌陌风控系统静态规则引擎

9.14.9 SIEM

• metron
• MozDef

9.14.10 安全运维

• Scout URL 监控系统
• OpenDnsdb 基于Python的DNS管理系统

9.14.11 系统监控

• netdata Real-time performance monitoring

9.14.12 Windows

• Windows Sysinternals

9.15 其他

9.15.1 综合框架

• metasploit
• w3af
• AutoSploit
• Nikto
• skipfish
• Arachni
• ZAP
• BrupSuite
• Spiderfoot
• AZScanner
• Fuxi
• vooki
• BadMod
• fsociety Hacking Tools Pack
• axiom A dynamic infrastructure toolkit for red teamers and bug bounty hunters

9.15.2 验证码

• CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks.

9.15.3 WebAssembly

• wabt
• binaryen
• wasmdec

9.15.4 混淆

• JStillery
• javascript obfuscator
• 基于hook的php混淆解密
• Invoke Obfuscation

9.15.5 Proxy Pool

• proxy pool by jhao104
• Proxy Pool by Germey
• scylla

9.15.6 Android

• DroidSSLUnpinning Android certificate pinning disable tools

9.15.7 其他

• Serverless Toolkit
• Rendering Engine Probe
• httrack
• curl
• htrace
• Microsoft Sysinternals Utilities