Github 安全軍火庫(三)
==========================華麗麗的分割線==========================
漏洞及滲透練習平台:
https://github.com/Medicean/VulApps
多種漏洞練習環境花式掃描器:
GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
Ruby on Rails應用靜態分析工具GitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
linux漏洞掃描器GitHub - m0nad/HellRaiser: Vulnerability Scanner基於埠的漏掃及CVE關聯甲方安全工程師生存指南:
GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
各知名廠商滲透測試報告模板GitHub - codejanus/ToolSuite: Security tools安全工具合集GitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer Systemapache實時日誌分析器(on Telegram, Zabbix and Syslog/SIEM)GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool
Destroy-Windows-10-Spyinghttps://github.com/pwnsdx/BadCodePHP代碼審計掃描器GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD)linux下惡意代碼檢測包GitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics.操作系統運行指標可視化框架https://github.com/jipegit/OSXAuditorMac OS下取證工具GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system
惡意代碼分析系統GitHub - Netflix/Scumblr定期搜索及存儲web應用,可搜漏洞討論等等GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response事件響應框架(focus on 遠程取證)GitHub - mozilla/MozDef: MozDef: The Mozilla Defense PlatformThe Mozilla Defense PlatformGitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.綜合主機監控檢測平台(包含主機防火牆,日誌監控,SIEM等)GitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X
OS X遠程取證與分析工具包GitHub - mozilla/mig: Distributed & real time digital forensics at the speed of the cloud分散式實時數字取證系統GitHub - sleuthkit/sleuthkit: The Sleuth Kit? (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.Microsoft & Unix 文件系統及硬碟取證工具https://github.com/OpenSCAP/openscapOpen Source Security Compliance Solutionhttps://github.com/wgliang/logcool開源准實時日誌採集器https://github.com/goldshtn/etrace
windows實時ETW事件處理工具GitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.CPU及內存相關性能分析工具WEB:
GitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.
通過調用sqlmap api,自動檢測sqli的代理GitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions免殺payload生成器GitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server用gmail充當C&C伺服器的後門遠控:
GitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool
開源模塊化遠控工具GitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool)C#遠控工具漏洞POC&EXP:
GitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
JAVA反序列化漏洞相關資源列表二進位及代碼分析工具:
GitHub - suraj-root/smap: Shellcode mapper
shellcode分析工具
GitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSCShellcode/Obfuscate Code GeneratorGitHub - korcankaraokcu/PINCE: A reverse engineering tool thatll (hopefully) supply the place of Cheat Engine for linuxlinux下逆向工具GitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.Reverse Shell and Post Exploitation ToolGitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework跨平台二進位分析及逆向工具Python:
GitHub - gstarnberger/uncompyle: Python decompiler
pyc反編譯腳本
https://github.com/jameslyons/pycipher
pycipher python加解密庫
https://github.com/nvdv/vprof
可視化python性能分析工具
FUZZ:
https://github.com/MozillaSecurity/peach
fuzzing frameworkGitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverageA general-purpose, easy-to-use fuzzer with interesting analysis options.GitHub - fuzzing/MFFA: Media Fuzzing Framework for Android
Media Fuzzing Framework for AndroidGitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on AndroidA tool to fuzz Intent AndroidGitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input.Fuzzing資源GitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)AFL的Android移植版本如果當中有描述不正確的地方,還請老司機們指教,鞠躬!或者各位老司機們有什麼日常中用的順手的開源工具或者項目,也可以私信發我,我收集起來再分享給大家,再鞠躬!推薦閱讀:
※掌握哪些技能才有希望進入玄武實驗室?
※IE 的一個通用 Cookie 跨域漏洞
※有哪些值得關注的安全技術博客(上)
※Nmap腳本使用指南
※好的安全工具就該藏著?