信息安全初步集:包括信息安全博客、认证、课程、社区、播客、工具等 https://github.com/gradiuscypher/infosec_getting_started
WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat
https://github.com/WebGoat/WebGoat-Legacy
https://github.com/RandomStorm/DVWA
DoraBox,多拉盒 - 掌握常见漏洞攻防 https://github.com/gh0stkey/DoraBox
一个功能很全的CTF平台 https://github.com/zjlywjh001/PhrackCTF-Platform-Team
针对Pentest或者CTF的一个fuzz payload项目。 https://github.com/zer0yu/Berserker
Web安全实战:日安全-Web安全攻防小组关于Web安全的系列文章分享和HTB靶场 https://github.com/hongriSec/Web-Security-Attack
upload-labs很全的上传上传漏洞的靶场 https://github.com/c0ny1/upload-labs
跟踪真实漏洞相关靶场环境搭建 https://github.com/yaofeifly/Vub_ENV
数据库注入练习平台 https://github.com/Audi-1/sqli-labs
用node编写的漏洞练习平台,like OWASP Node Goat https://github.com/cr0hn/vulnerable-node
基于https://www.exploit-db.com/的漏洞场景还原 https://github.com/havysec/vulnerable-scene
Ruby编写的一款工具,生成含漏洞的虚拟机 https://github.com/cliffe/secgen
metasploitable3 https://github.com/rapid7/metasploitable3/
pentesterlab渗透测试在线练习 https://pentesterlab.com/exercises/
轻量web漏洞演示平台 https://github.com/stamparm/DSVW
docker搭建的漏洞练习环境 https://github.com/MyKings/docker-vulnerability-environment
黑客技术训练环境 https://github.com/joe-shenouda/awesome-cyber-skills
web及app渗透训练平台 https://github.com/OWASP/SecurityShepherd
DevSecOps技能训练营 https://github.com/devsecops/bootcamp
injectify 生成一个便捷的高级中间人攻击Web站点 https://github.com/samdenty99/injectify
针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具 https://github.com/wupco/weblogger
permeate:一个用于渗透透测试演练的WEB系统,用于提升寻找网站能力,也可以用于web安全教学 https://github.com/78778443/permeate
Google2019CTF web 解题思路 https://xz.aliyun.com/t/5503
2018 第一届安洵杯 题目环境/源码 https://github.com/D0g3-Lab/AXB-CTF
google-ctf 包括2017和2018全部试题和答案 https://github.com/google/google-ctf/
HCTF2017题目及解析 https://github.com/vidar-team/HCTF2017
CTF挑战平台 https://github.com/CTFTraining
灰帽子资源集,包括CTF、密码学、Linux攻击、USB攻击、漏洞等 https://github.com/bt3gl/Gray-Hacker-Resources
CTF和安全工具大合集 https://github.com/zardus/ctf-tools
近年CTF writeup大全 https://github.com/ctfs/write-ups-2016
HITB CTF 2017 Pwn题研究 http://0x48.pw/2017/08/29/0x49
脸谱CTF竞赛平台Demo https://github.com/facebook/fbctf
CTF框架、类库、资源、软件和教程列表 https://github.com/apsdehal/awesome-ctf
CTF的题集 https://github.com/Hcamael/CTF_repo
CTF资源 https://github.com/ctfs/resources
CTF从入门到了解各种工具 https://github.com/SandySekharan/CTF-tool
p4团队的CTF解决方案 https://p4.team https://github.com/p4-team/ctf
ctftools 在线CTF信息网站,包括资源下载、在线工具、信息blog等 https://www.ctftools.com
🔐 All Security Engineering Resources https://github.com/brianlam38/Sec-Dump/
扫描神器Nmap https://github.com/nmap/nmap
Nmap NSE脚本推荐 http://www.polaris-lab.com/index.php/archives/390/
Awesome Burp Extensions https://github.com/snoopysecurity/awesome-burp-extensions
基于WEB的内网扫描 https://github.com/SkyLined/LocalNetworkScanner
子域名扫描工具 https://github.com/lijiejie/subDomainsBrute
OneForAll是一款功能强大的子域收集工具 https://github.com/shmilylty/OneForAll
BBScan是一个迷你的信息泄漏批量扫描脚本 https://github.com/lijiejie/BBScan
探测Waf产品的指纹信息 https://github.com/EnableSecurity/wafw00f
基于端口的漏扫及CVE关联 https://github.com/m0nad/HellRaiser
分布式任务分发端口扫描器 https://github.com/lietdai/doom
常见服务端口弱口令扫描器 https://github.com/wilson9x1/fenghuangscanner_v3
内部网络扫描器 https://github.com/sowish/LNScan
通过扫描全网绕过CDN获取网站IP地址 https://github.com/boy-hack/w8fuckcdn
集成Nmap的一款端口扫描器 https://github.com/screetsec/Dracnmap
便捷的自动化漏洞扫描,报告和分析工具 https://github.com/schubergphilis/Seccubus
对公网IP列表进行端口服务扫描,发现周期内的端口服务变化情况和弱口令安全风险 https://github.com/grayddq/PublicMonitors
Burp Suite的自动化盲注搜索插件 https://github.com/wish-i-was/femida
综合扫描工具,主要用来敏感文件探测(目录扫描与js泄露接口),WAF/CDN识别,端口扫描, 指纹/服务识别,操作系统识别,弱口令探测,POC扫描,SQL注入,绕过CDN,查询旁站等功能 https://github.com/al0ne/Vxscan
https://github.com/aboul3la/Sublist3r
https://github.com/TheRook/subbrute
信息探测及扫描工具(DNS及邮件枚举等) https://github.com/darryllane/Bluto
子域名扫描器 https://github.com/ring04h/wydomain
子域名字典组合生成及暴力破解器 https://github.com/infosec-au/altdns
固件漏洞扫描器 https://github.com/misterch0c/firminator_backend
远程桌面登录扫描器 https://github.com/linuz/Sticky-Keys-Slayer
网络基础设施渗透工具(集成nmap和hydra等) https://github.com/SECFORCE/sparta
快速地SNMP抢注,枚举,CISCO配置下载,密码攻击脚本 https://github.com/SECFORCE/SNMP-Brute
linux漏洞扫描器 https://github.com/future-architect/vuls
被动式漏洞扫描系统 https://github.com/ysrc/GourdScanV2
MongoDB漏洞扫描器 https://github.com/youngyangyang04/NoSQLAttack
Automated script for performing Padding Oracle attacks https://github.com/GDSSecurity/PadBuster
利用ARP探测内网位置设备 https://github.com/joarleymoraes/net_guard
自动漏扫 https://github.com/az0ne/AZScanner
WPScan 漏洞扫描系统的一个fork https://github.com/delvelabs/vane
安全行业从业人员自研开源扫描器合集 https://github.com/We5ter/Scanners-Box
指纹服务,漏洞发现,WebDAV扫描 https://github.com/Graph-X/davscan
快捷友好的网络扫描器 https://github.com/angryziber/ipscan
扫描Tor exit relasy的模块 https://github.com/NullHypothesis/exitmap
DNS监控套件 https://github.com/reyjrar/DreamCatcher
AIRMASTER: 红蓝对抗中对过期域名发现和利用 https://github.com/t94j0/AIRMASTER
基于SSH的穷人vpn
https://github.com/ivanilves/xiringuito
perl脚本评估远程服务的安全设置 (AKA Terminal Services) https://github.com/portcullislabs/rdp-sec-check
Joy思科开源的网络包扑捉、网络流量分析、网络研究取证及安全监控的工具。 https://github.com/cisco/joy
web日志扫描工具 https://github.com/apxar/xlog
自动扫描内网数据库扫描脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch),包含未授权访问及常规弱口令检测 https://github.com/se55i0n/DBScanner
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI https://github.com/knqyf263/trivy
被动扫描器 Passive Security Scanner https://github.com/boy-hack/w13scan
WEB应用攻击预防和审计框架,开源WEB漏洞扫描 https://github.com/andresriancho/w3af
WEB路径扫描 https://github.com/maurosoria/dirsearch
网站指纹识别工具,用来检测网站CMS类型,所采用的博客系统类型,JS库,web服务器,甚至版本号,email地址,web框架等 https://github.com/urbanadventurer/whatweb
一款爬虫框架,用来检测网站是否被恶意攻击过 https://github.com/ciscocsirt/malspider
AWVS10.5 data/script/目录下的脚本docode https://github.com/bollwarm/awvs_script_decode
wordpress漏洞扫描器 https://github.com/wpscanteam/wpscan
discuz论坛漏洞扫描器 https://github.com/code-scan/dzscan
J2EE漏洞扫描器burp插件 https://github.com/ilmila/J2EEScan
Ruby on Rails应用静态分析工具 https://github.com/presidentbeef/brakeman
网络空间指纹扫描器 https://github.com/nanshihui/Scan-T
xsec-proxy-scanner是一款速度超快、小巧的代理扫描器 https://github.com/netxfly/xsec-proxy-scanner
WEB服务扫描 https://github.com/sullo/nikto
WEB主机发现小工具 https://github.com/zer0h/httpscan
WEB扫描器 https://github.com/golismero/golismero
web应用安全扫描器 https://github.com/taipan-scanner/Taipan
漏洞扫描:st2、tomcat、未授权访问等等 https://github.com/SkewwG/VulScan
一个简单WEB中间件扫描 https://github.com/maxlabelle/WebMalwareScanner
ruby源码扫描工具 https://github.com/thesp0nge/dawnscanner
Get、Post参数扫描器 https://github.com/maK-/parameth
路径扫描器 https://github.com/stanislav-web/OpenDoor
WEB路径扫描 https://github.com/maurosoria/dirsearc
FindBugs插件用于Java web应用和安卓应用的安全审计 https://github.com/find-sec-bugs/find-sec-bugs
GitHub敏感信息扫描工具 https://github.com/repoog/GitPrey
mozilla的GitHub配置信息检查工具和程序集 https://github.com/mozilla-services/GitHub-Audit
GitLeak 是一个从 Github 上查找密码信息的小工具 https://github.com/5alt/GitLeak
一款兼容bugscan插件的扫描器 https://github.com/boy-hack/w9scan
Golang安全扫描 https://github.com/securego/gosec
Golang写的命令行工具发现git仓库中不小心泄露的密码,私有证书等 https://github.com/UKHomeOffice/repo-security-scanner
侦察和信息收集安全工具 https://github.com/evyatarmeged/Raccoon
sslscan tests SSL/TLS enabled services to discover supported cipher suites https://github.com/rbsec/sslscan
安全项目列表 https://github.com/zbetcheckin/Security_list
web索引及日志搜索工具 https://github.com/thomaspatzke/WASE
一款CS结构的web debuger https://github.com/Kozea/wdb
sqlite注册数据删除的恢复 https://github.com/aramosf/recoversqlite/
自动化的模板注入攻击检测工具 https://github.com/epinna/tplmap
简单的linux发行版安全监控脚本 https://github.com/EgeBalci/The-Eye
CIDRAM (无类别域间路由访问管理器)是一个PHP脚本,旨在保护网站途经阻止请求该从始发IP地址视为不良的流量来源. https://github.com/Maikuolan/CIDRAM
Android-Vulnerabilities-Overview - 已知安卓漏洞预览 https://github.com/CHEF-KOCH/Android-Vulnerabilities-Overview
Framework-agnostic包给Node.js提供强大的ACL能力 https://github.com/Slynova-Org/node-fence
快速启动kolide Kolide https://kolide.co https://github.com/kolide/kolide-quickstart
Vendor-Neutral Security Tool Automation Controller (over REST) https://github.com/hakbot/hakbot-origin-controller
全天候 DevOps - 安全监控和防御自动化架构(ELK + AWS Lambda) https://github.com/appsecco/alldaydevops-aism
安全开发运维:devsecops.org社区贡献的权威devsecops工具列表 https://github.com/devsecops/awesome-devsecops
API安全检查清单:当你设计、测试、发布API时,需要核对的安全细节清单 https://github.com/shieldfy/API-Security-Checklist/blob/master/README-zh.md
Pcaptools:流量处理的命令集、捕获工具、分析检查、DNS配置等工具资源 https://github.com/caesar0301/awesome-pcaptools
Capturing, analysing and responding to cyber attacks https://github.com/cybermaggedon/cyberprobe
安卓安全加固列表 https://github.com/AndroidTamer/KnowledgeBase/tree/master/Documents
OS X和iOS安全:OS X和iOS安全工具集合 https://github.com/ashishb/osx-and-ios-security-awesome
一款开源WAF https://github.com/SpiderLabs/ModSecurity
Useful for bug bounties, CTF-style challenges, penetration testing. https://github.com/brianlam38/Sec-Cheatsheets
开源WAF,基于web日志进行非法访问渗透探测,并进行统计分析,设置阈值封禁 https://github.com/bollwarm/App-Waf
基于区块链的AUR安全层 https://github.com/clawoflight/aursec
Secure and fast microVMs for serverless computing. https://github.com/firecracker-microvm/firecracker
Secrets bridge - Docker 构建时安全 https://github.com/abourget/secrets-bridge
Windows 2012 R2 兼容DevSec Windows基线的cookbook https://github.com/dev-sec/chef-windows-hardening
Apache防御模块,支持漏洞扫描,防恶意软件,防广告, 防勒索软件, 防恶意站点, Wordpress主题探测和Fail2Ban Jail等。 https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker
Jenkins OWASP独立检查插件 https://github.com/jeremylong/dependency-check-jenkins
Joomla强注防止插件 https://github.com/codeling/bfstop
使用aws KMs的命令行加密工具,加密一次,可以在多区域的aws多实例中解密 https://github.com/aol/mrcrypt
互联网漏洞管理、资产管理、任务扫描、todoLIST https://github.com/RASSec/A_Scan_Framework
Open-Source Security Architecture|开源安全架构 https://github.com/bloodzer0/ossa
噪声协议的Rust语言实现 https://github.com/mcginty/snow
DigSig-ng 一个linux内核安全模块,为ELF可执行程序和共享库提供RSA数字签名验证 https://github.com/digsig-ng/linux-digsig
开源安全项目清单 https://github.com/Bypass007/Safety-Project-Collection
DevSec MySQL安全基线 http://dev-sec.io/ https://github.com/dev-sec/mysql-baseline
PowerShell脚本监控活动目录,当成员关系变更时候发邮件 https://github.com/lazywinadmin/Monitor-ADGroupMembership
评估嵌入式设备CPU的安全性 https://github.com/iadgov/Maplesyrup
KeyGen 生成证书和密码 https://github.com/offa/keygen
AWS Big Brother 一个分析IAM用户的工具 https://github.com/jae2/awsbigbrother
sqli词法解析分析器 https://github.com/client9/libinjection
非法IP每日跟新(with blacklist hit scores) https://github.com/stamparm/ipsum
Windows事件日志分析及可视化,审计非法登陆 https://github.com/JPCERTCC/LogonTracer
CaptfEncoder 跨平台网络安全工具套件,提供网络安全相关编码转换、古典密码、密码学、特殊编码等工具,并聚合各类在线工具。 https://github.com/guyoung/CaptfEncoder
PowerShell模糊处理检测框架 https://github.com/danielbohannon/Revoke-Obfuscation
Symfon安全组件子库 https://github.com/symfony/security
CSRF保护库: php预防CSRF类库 https://github.com/mebjas/CSRF-Protector-PHP
VirusTotal公共,私有,网络接口 https://github.com/blacktop/virustotal-api
新服务器的最初5分钟,用单行命令加固你的服务器 - Ansible playbook https://github.com/chhantyal/5minutes
Red Team SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
https://github.com/outflanknl/RedELK
扩多GCP项目的防火墙加强工具集 https://github.com/spotify/gcp-firewall-enforcer
3600Kee团队的域安全入侵感知系统 https://github.com/0Kee-Team/WatchAD
Linux安全基线,支持puppet、chef和Ansible做安全加固 - InSpec Profile http://dev-sec.io/ https://github.com/dev-sec/linux-baseline
Nginx配置分析工具,防止错误配置,并实现自动缺陷检测 https://github.com/yandex/gixy
GPS欺骗检测工具 https://github.com/zxsecurity/gpsnitch
CloudFront域名误配置检查工具 https://github.com/MindPointGroup/cloudfrunt
Cyber瑞士军刀:加解密、编码、压缩以及数据分析的web应用。 https://github.com/gchq/CyberChef
应急处置响应框架 https://github.com/biggiesmallsAG/nightHawkResponse
secure-ls 高水平加密和数据压缩的本地安全存储 https://github.com/softvar/secure-ls
有关linux容器安全,命名空间,cgroups等等的gitbook https://github.com/makash/linux-container-security-docs
python写的运行在树莓派上安防系统,可以进行运动检测,并通过手机告警 https://github.com/FutureSharks/rpi-security
airgeddon -- linux下多用户的bash脚本无线网络审计 https://github.com/v1s1t0r1sh3r3/airgeddon
Laravel网页认证访问 https://github.com/spatie/laravel-littlegatekeeper
nginx安全配置chef bookbook https://github.com/dev-sec/chef-nginx-hardening
proxy poc implementation of STARTTLS stripping attacks https://github.com/tintinweb/striptls
web安全开发指南 https://github.com/FallibleInc/security-guide-for-developers
自动化代码审计工具 https://github.com/wufeifei/cobra
白盒源代码审计工具(cobra分支) https://github.com/LoRexxar/Cobra-W
Grep rough audit - 源码审计工具 http://www.justanotherhacker.com https://github.com/wireghoul/graudit
AWS云基础设施安全审计工具 https://github.com/SecurityFTW/cs-suite
python编写的离线网络数据包分析器 https://github.com/HatBoy/Pcap-Analyzer
渗透测试常见小工具打包 https://github.com/leonteale/pentestpackage
各知名厂商渗透测试报告模板 https://github.com/juliocesarfort/public-pentesting-reports
安全工具合集 https://github.com/codejanus/ToolSuite
巡风 --一款适用于企业内网的漏洞快速应急,巡航扫描系统。 https://github.com/ysrc/xunfeng
Fuxi-Scanner 是一款开源的网络安全检测工具,适用于中小型企业对企业信息系统进行安全巡航检测 https://github.com/jeffzh3ng/Fuxi-Scanner
Elasticsearch API安全发布到公网插件 https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin
apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM) https://github.com/mthbernardes/ARTLAS
PHP代码审计扫描器 https://github.com/pwnsdx/BadCode
PHP代码审计sublime插件:🐛 AFind-PHP-Vulnerabilities https://github.com/WangYihang/Find-PHP-Vulnerabilities
linux恶意代码检测包 https://github.com/rfxn/linux-malware-detect
操作系统运行指标可视化框架 https://github.com/facebook/osquery
Log-Killer 服务器日志清理工具,支持window(bat)和linux(php)脚本 https://github.com/Rizer0/Log-killer
Mac OS下取证工具 https://github.com/jipegit/OSXAuditor
六道 —— 实时业务风控系统 https://github.com/ysrc/Liudao
Aswan——陌陌风控系统静态规则引擎,零基础简易便捷的配置多种复杂规则,实时高效管控用户异常行为。 https://github.com/momosecurity/aswan
360数据库流量审计MySQL Sniffer https://github.com/Qihoo360/mysql-sniffer
强大的mongodb数据库审计和渗透工具 https://github.com/stampery/mongoaudit
基于Inception开发的MySQL数据库审核平台,支持审核、执行、备份、回滚、钉钉推送、mysql、redis、mongodb查询等功能 https://github.com/lazzyfu/AuditSQL
恶意代码分析系统 https://github.com/cuckoosandbox/cuckoo
定期搜索及存储web应用,可搜漏洞讨论等等 https://github.com/Netflix/Scumblr
事件响应框架(focus on 远程取证) https://github.com/google/grr
Mozilla防守平台 https://github.com/mozilla/MozDef
企业内网安全管理平台,包含资产管理,漏洞管理,账号管理,知识库管、安全扫描自动化功能 https://github.com/qianniaoge/-SecurityManageFramwork
强大的观察分析引擎 https://thehive-project.org https://github.com/CERT-BDF/Cortex
iptables 防火墙规则集分析验证 https://github.com/diekmann/Iptables_Semantics
综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等) https://github.com/ossec/ossec-hids
OS X远程取证与分析工具包 https://github.com/Yelp/osxcollector
分布式实时数字取证系统 https://github.com/mozilla/mig
Microsoft及Unix文件系统及硬盘取证工具 https://github.com/sleuthkit/sleuthkit
开源安全合规解决方案 https://github.com/OpenSCAP/openscap
JVM沙箱容器,一种JVM的非侵入式运行期AOP解决方案 https://github.com/alibaba/jvm-sandbox
开源准实时日志采集器 https://github.com/wgliang/logcool
windows实时ETW事件处理工具 https://github.com/goldshtn/etrace
CPU及内存相关性能分析工具 https://github.com/Microsoft/perfview
SSH服务审计工具 https://github.com/arthepsy/ssh-audit
Python库和命令行工具,提供交互式日志可视化 https://github.com/keithjjones/visualize_logs
OSCP推出安全侦察工具,实现自动化信息收集和服务枚举,创建目录结构以存储用于每个主机的结果,发现和利用工具。 https://github.com/codingo/Reconnoitre
一个僵尸网络分析框架 https://github.com/m4rco-/dorothy2
WAFS审计工具 https://github.com/lightbulb-framework/lightbulb-framework
1000个php代码审计案例 https://github.com/Xyntax/1000php
基于Python的Linux ssh跳板机/堡垒机设置工具 https://github.com/aker-gateway/Aker
Linux常见命令及部分安全软件使用命令列表 https://github.com/andrewjkerr/security-cheatsheets
ssrfDetector ssrf探测器 https://github.com/JacobReynolds/ssrfDetector
fwd 用go开发的网络端口代理 https://github.com/kintoandar/fwd
dev-sec安全基线和加固脚本 https://github.com/dev-sec
使用AngularJS和AJA的Symfony应用CSRF自动探测工具 https://github.com/dunglas/DunglasAngularCsrfBundle
设计用于CDN的高性能DNS缓存 https://github.com/jedisct1/edgedns
BleachBit Windows和Linux系统清理器https://www.bleachbit.org https://github.com/bleachbit/bleachbit
Universal Radio Hacker: 无线协议分析 https://github.com/jopohl/urh
PHP后门检测工具 https://github.com/yassineaddi/BackdoorMan.git
Unix系操作系统安全审计和加固工具 https://github.com/CISOfy/lynis
利用vulners.com漏洞数据库的包审计套件 https://github.com/kreon/freeaudit
垃圾邮件分析工具 https://github.com/SpamScope/spamscope
恶意代码,php shell检测工具 https://github.com/yassineaddi/BackdoorMan
一款精简版github信息泄露搜集工具 https://github.com/dongfangyuxiao/github_dis/
安全程序和漏洞管理工具 https://github.com/OWASP/django-DefectDojo
HaboMalHunter是哈勃分析系统 (https://habo.qq.com) 的开源子项目, 用于Linux平台下进行自动化分析、文件安全性检测的开源工具 https://github.com/Tencent/HaboMalHunte
混淆代码检测工具 https://github.com/Neohapsis/NeoPI
webshell检测工具 https://github.com/emposha/Shell-Detector
社区驱动的Rails安全检查列表 https://github.com/eliotsykes/rails-security-checklist
radius-audit - A RADIUS authentication server audit tool https://github.com/ANSSI-FR/audit-radius
Fathom——基于golang和Preact的简单可信的站点分析 https://github.com/usefathom/fathom
GO HTTP中间件来推进快速安全开发 https://github.com/unrolled/secure
InSpec: 测试和审计框架 https://github.com/chef/inspec
retire.js的自动扫描器,扫描探测常见的JS库漏洞 https://github.com/RetireJS/grunt-retire
Suricata 一个自由开源地,成熟、快速自动化的网络威胁探测引擎 https://github.com/inliniac/suricata
AWS安全扫描检查 https://github.com/cloudsploit/scans
aws-security-viz -- aws安全组可视化工具 https://github.com/anaynayak/aws-security-viz
使用NACL和Go的安全交互密码管理 https://github.com/johnathanhowell/masterkey
Hound Git插件通过探测阻止敏感信息被push到远程公有仓库导致信息泄密 https://github.com/ezekg/git-hound
GitHub敏感信息泄露监控 https://github.com/FeeiCN/GSIL
HULK DoS工具从Python迁移到Golang https://github.com/grafov/hulk
大数据安全检测工具 https://github.com/kotobukki/BigDataAudit
pick -- Linux和OS X最小化密码管理工具 https://github.com/bndw/pick
一个基于浏览器端 JS 实现的在线代理 https://jsproxy.tk https://github.com/EtherDream/jsproxy
基于EK的K8s安全监控方案 https://github.com/k8scop/k8s-security-dashboard
CloudWalker(牧云)是长亭推出的一款开源服务器安全管理平台。根据项目计划会逐步覆盖服务器资产管理、威胁扫描、Webshell 查杀、基线检测等各项功能。 https://github.com/chaitin/cloudwalker
可搜索、标签化,加密的云存储 https://tryingtobeawesome.com/cryptag/
MITRE攻击框架对应的Linux Auditd 审计规则 https://github.com/bfuzzy/auditd-attack
⭐️ An anomaly-based intrusion detection system. https://github.com/alexfrancow/A-Detector
悟空API网关 开源版 https://github.com/eolinker/GoKu-API-Gateway
Hamburglar -- collect useful information from urls, directories, and files https://github.com/needmorecowbell/Hamburglar
ElkarBackup 一个基于RSync/RSnapshot的开源备份方案 https://github.com/elkarbackup/elkarbackup
SSH服务端和客户端安全配置的chef cookbook https://github.com/dev-sec/chef-ssh-hardening
Nextcloud 双因子TOTP (RFC 6238) https://github.com/nextcloud/twofactor_totp
WireGuard — 快速、现代、linux内核只带的安全VPN通道 https://github.com/WireGuard/WireGuard
BoringTun WireGuard® 协议的兼容性和速度性实现,支持window https://github.com/cloudflare/boringtun
wireguard一键安装脚本 https://github.com/atrandys/wireguard
Nixarmor Linux自动安全加固项目 https://github.com/emirozer/nixarmor
SaaS型初创企业安全101 https://github.com/forter/security-101-for-saas-startups/tree/chinese
phpMusse 这是一个根据ClamAV的签名和其他签名对上传文件自动检测的PHP脚本 https://github.com/Maikuolan/phpMussel/
Black Hat Arsenal 官方工具仓库 https://github.com/toolswatch/blackhat-arsenal-tools
windows渗透工具集合 https://github.com/Hack-with-Github/Windows
windows最佳渗透指南 https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
从内存中提取敏感信息的工具 https://github.com/putterpanda/mimikittenz
fireeye红军渗透工具
https://github.com/Raikia/CredNinja
https://github.com/ChrisTruncer/WMIOps
https://github.com/ChrisTruncer/EyeWitness
https://github.com/ChrisTruncer/Egress-Assess
windows渗透神器 https://github.com/gentilkiwi/mimikatz
在线渗透测试资源、Shellcode开发、开源情报资源、社会工程资源等 https://github.com/enaqx/awesome-pentest
frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。 https://github.com/fatedier/frp
hideNsneak: 临时渗透测试架构明亮行 https://github.com/rmikehodges/hideNsneak
Powershell渗透库合集 https://github.com/PowerShellMafia/PowerSploit
Powershell tools合集 https://github.com/clymb3r/PowerShell
MSF--最强大的渗透平台 https://github.com/rapid7/metasploit-framework
Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 https://github.com/erevus-cn/pocscan
Pocsuite -开源的远程漏洞测试框架 https://github.com/knownsec/Pocsuite
fsociety黑客工具集——渗透测试框架 https://github.com/Manisso/fsociety
YAWAST Web应用安全套件 https://github.com/adamcaudill/yawast
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities https://github.com/JuxhinDB/OOB-Server
Beebeeto是由众多安全研究人员所共同维护的一个规范化POC/EXP平台 https://github.com/n0tr00t/Beebeeto-framework
一个用Node.js编写的Web安全测试框架 https://github.com/zhuyingda/veneno
Orc is a post-exploitation framework for Linux written in Bash https://github.com/zMarch/Orc
常见的渗透测试/安全Cheatsheet https://github.com/jshaw87/Cheatsheets
渗透脚本集合包括backdoor,exploit,fuzzing,note,misc,powershell https://github.com/Ridter/Pentest
消息队列和中间人注入工具,可以用于攻击 Redis, RabbitMQ和ZeroMQ。 https://github.com/cr0hn/enteletaor
WPA2 KRACK攻击验证脚本集 https://github.com/vanhoefm/krackattacks-scripts
越过(WAF)和 XSS过滤的pyton脚本集 https://github.com/frizb/Bypassing-Web-Application-Firewalls
A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. https://github.com/SolomonSklash/chomp-scan
MSTG-手机应用安全开发、测试、反向工程详细手册。 https://github.com/OWASP/owasp-mstg
Venom是一款为渗透测试人员设计的使用Go开发的多级代理工具 https://github.com/Dliv3/Venom
DotDotPwn - 目录遍历Fuzzer(http://dotdotpwn.blogspot.com/) https://github.com/wireghoul/dotdotpwn
FuzzLabs Fuzzing框架 https://dcnws.com https://github.com/keymandll/FuzzLabs
谷歌出品强大分析配置项目fuzzing组件 https://github.com/google/honggfuzz
谷歌fuzzing引擎测试集 https://github.com/google/fuzzer-test-suite
可扩展地Fuzzing框架 https://github.com/IOActive/XDiFF
Fuzzinator随机测试框架 https://github.com/renatahodovan/fuzzinator
各种fuzzing图书、课程、工具、教程和易受攻击应用集合 https://github.com/secfigo/Awesome-Fuzzing
Linux内核fuzzing和缺陷相关的资源 https://github.com/xairy/linux-kernel-exploitation
fuzzing框架 https://github.com/MozillaSecurity/peach
fuddly: fuzzing和数据处理框架 https://github.com/k0retux/fuddly
基础fuzzer工具 https://github.com/RootUp/BFuzz
Kitty fuzzing框架扩展库 https://github.com/cisco-sas/katnip
Fuzzer API接口,通过可以用通用的渗透技术和漏洞列表进行fuzz请求 https://github.com/lalithr95/API-fuzzer
找出文件系统存存储的加密文件 https://github.com/antagon/TCHunt-ng
安卓媒体Fuzzing框架 https://github.com/fuzzing/MFFA
安卓fuzz工具 https://github.com/MindMac/IntentFuzzer
Fuzzing数据集 https://github.com/MozillaSecurity/fuzzdata
WebFuzz工具 https://github.com/xmendez/wfuzz
coverage guided fuzz testing for javascript https://github.com/fuzzitdev/jsfuzz
web fuzz https://github.com/henshin/filebuster
AFL的Android移植版本 https://github.com/ele7enxxh/android-afl
Fuzzing results for various interpreters. https://github.com/dyjakan/interpreter-bugs
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem https://github.com/lalithr95/fuzzapi
Test Blue Team detections without running any attack. https://github.com/n0dec/MalwLess
bring your .bashrc, .vimrc, etc. with you when you ssh https://github.com/Russell91/sshrc
Chat over SSH https://github.com/shazow/ssh-chat
AFL—支持源码插桩的代码覆盖引导的Fuzzer,绝对是fuzzer领域的一大里程碑,虽然它也支持基于QEMU的闭源程序,但效果不好,且容易出错,由它衍生出来非常多afl分支版本,借助它已经被挖出非常多的漏洞,但它的变异策略其实有待提高。 http://lcamtuf.coredump.cx/afl/
WinAFL—windows版本的afl,使用DynamoRIO去插桩闭源程序以获取代码覆盖率信息,同时支持硬件PT获取覆盖率信息,但PT获取覆盖率其实并没有插桩获取得全,但速度可能会快一些。 https://github.com/googleprojectzero/winafl
AFLFast—加速版的AFL,Fuzzing速度确实会比原版快一些。 https://github.com/mboehme/aflfast
Vuzzer—支持闭源程序的覆盖引导Fuzzer,使用LibDFT的pin工具实现数据流追踪,结合动静态分析,以获取更多的代码路径,比如比较语句中的比较值,它会先作记录,再未来变异时使用。 https://github.com/vusec/vuzzer
PTfuzzer—Linux平台下的采用 Interl PT硬件支持的覆盖引导Fuzzer,所以它支持闭源程序。 https://github.com/hunter-ht-2018/ptfuzzer
afl-unicorn—采用Unicorn模拟指令的AFL,支持Linux闭源程序 https://github.com/tigerpuma/Afl_unicorn
pe-afl—通过静态插桩实现针对Windows闭源程序的覆盖引导的AFL Fuzzer,支持用户层应用和内核驱动 https://github.com/wmliang/pe-afl
kAFL—支持QEMU虚拟机下的系统内核Fuzzing的AFL,适用于Linux、macOS与Windows https://github.com/RUB-SysSec/kAFL/
TriforceAFL—基于QEMU全系统模拟的AFL,借助系统仿真器实现分支信息跟踪,支持Linux内核Fuzzing https://github.com/nccgroup/TriforceAFL
ClusterFuzzer—Google开源的可扩展的Fuzzing基础设施 https://github.com/google/clusterfuzz
LibFuzzer—进程内覆盖率引导的开源的fuzz引擎库,属于llvm的一部分,在各大主流开源库中,以及Google内部最经常用的安全测试工具 https://llvm.org/docs/LibFuzzer.html
OSS-Fuzz—基于LibFuzzer的开源软件Fuzzer集合,实现docker下自动下载、编译安装及运行 https://github.com/google/oss-fuzz
honggfuzz—Google开发的基于软硬件的覆盖驱动型Fuzzer,单纯暴力Fuzz的效果也挺好的,支持多平台,包括Linux\macOS\Windows\Android https://github.com/google/honggfuzz
KernelFuzzer—跨平台内核Fuzzer框架,不开源策略,只在其paper中提及变异策略,需要自己实现,支持Windows、OSX和QNX系统,但只提供Windows编译脚本 https://github.com/mwrlabs/KernelFuzzer
OSXFuzzer—基于Kernel Fuzzer的macOS内核Fuzzer https://github.com/mwrlabs/OSXFuzz.git
PassiveFuzzFrameworkOSX—通过Hook实现被动式的OSX内核Fuzzer https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX
Bochspwn—基于Boch插桩API实现Double Fetches内核漏洞的检测 https://github.com/googleprojectzero/bochspwn
Bochspwn-reloaded—基于Boch插桩API实现内核信息泄露的检测 https://github.com/googleprojectzero/bochspwn-reloaded
syzkaller—基于覆盖率引导的Linux内核Fuzzer,需要基于其模板语法实现API调用模板,提供给syzkaller进行数据变异,也曾被移植到其它平台 https://github.com/google/syzkaller
dharma—基于语法模板生成的Fuzzer,由Mozilla开源的用于Fuzz Firefox JS引擎 https://github.com/MozillaSecurity/dharma
domator—Project Zero团队开源的DOM Fuzzer,用python实现基于模板生成的Fuzzer https://github.com/googleprojectzero/domato
Fuzzilli—基于语法变异的JavaScript引擎Fuzzer,先通过语法模板生成测试用例,再生成中间语法进行变异,结合覆盖率引导以触发更多代码路径 https://github.com/googleprojectzero/fuzzilli
Razzer—内核竞争条件漏洞Fuzzer https://github.com/compsec-snu/razzer
ViridianFuzzer—用于Fuzzing Hyper-V hypercalls的内核驱动,由MWRLabs公司出品 https://github.com/mwrlabs/ViridianFuzzer
ChromeFuzzer—基于grinder语法生成器改装的Chrome浏览器Fuzzer https://github.com/demi6od/ChromeFuzzer
funfuzz—Mozilla开源的JS fuzzer工具集合,主要用于Fuzz SpiderMonkey https://github.com/MozillaSecurity/funfuzz
webshell大合集 https://github.com/tennc/webshell
渗透以及web攻击脚本 https://github.com/brianwrf/hackUtils
web渗透小工具大合集 https://github.com/rootphantomer/hack_tools_for_me
web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。 https://github.com/blackye/webdirdig
detectem - detect software and its version on websites. https://github.com/spectresearch/detectem
Hydra is a penetration testing tool exclusively focused on dictionary-attacking web-based login forms. https://github.com/opennota/hydra
数据库注入工具 https://github.com/sqlmapproject/sqlmap
通过控制台管理网站 https://github.com/WangYihang/Webshell-Sniper
SQLiScanner -- Automatic SQL injection with Charles and sqlmap api https://github.com/0xbug/SQLiScanner
Web代理,通过加载sqlmap api进行sqli实时检测 https://github.com/zt2/sqli-hunter
新版中国菜刀 https://github.com/Chora10/Cknife
.git泄露利用EXP https://github.com/lijiejie/GitHack
浏览器攻击框架 https://github.com/beefproject/beef
自动化绕过WAF脚本 https://github.com/khalilbijjou/WAFNinja
http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) https://github.com/jkbrzt/httpie
浏览器调试利器 https://github.com/firebug/firebug
WAF绕过检测工具 https://github.com/owtf/wafbypasser
浏览器攻击框架 https://github.com/julienbedard/browsersploit
web端webshell管理器 https://github.com/guillotines/WebShell
tomcat自动后门部署 https://github.com/mgeeky/tomcatWarDeployer
TomcatBrute tool https://github.com/WallbreakerTeam/TomcatBrute
通过调用sqlmap api,自动检测sqli的代理 https://github.com/fengxuangit/Fox-scan/
CMS探测和利用套件,能探测20多种cms,同时对wp,Joomla, Drupadl进行深度渗透 https://github.com/Tuhinshubhra/CMSeeK
免杀payload生成器 https://github.com/Veil-Framework/Veil-Evasion
用gmail充当C&C服务器的后门 https://github.com/byt3bl33d3r/gcat
burp教学payloads集合 https://github.com/1N3/IntruderPayloads
SQL盲注利用工具 https://github.com/Neohapsis/bbqsql
Script for doing evil stuff to Redis servers (for education purposes only). https://github.com/matiasinsaurralde/evilredis
dnscat2的Powershell客户端,加密的DNS命令和控制工具 https://github.com/lukebaggett/dnscat2-powershell
burp插件收集项目 https://github.com/xl7dev/BurpSuite/tree/master/Extender
一个用来辅助WP渗透测试的ruby框架 https://github.com/rastating/wordpress-exploit-framework/
.DS_store文件泄露利用脚本 https://github.com/lijiejie/ds_store_exp
Short for command injection exploiter,web向命令注入检测工具 https://github.com/stasinopoulos/commix
XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver
一个快速的TLS扫描器( non-blocking, event-driven ) https://prbinu.github.io/tls-scan https://github.com/prbinu/tls-scan
一个Python RESTful接口框架,用于提供在线恶意软件和URL分析服务 https://github.com/diogo-fernan/malsub
XSS与CSRF工具 https://github.com/evilcos/xssor
暴力攻击字典生成工具 https://github.com/LandGrey/pydictor
利用深度神经网络tensorflow 对14亿文本密码分析 https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis
ModSecurity—Web应用程序防火墙(支持nginx、iis、apache) https://github.com/SpiderLabs/ModSecurity
Astra:REST API的自动安全测试 https://github.com/flipkart-incubator/Astra
Burp Replicator:自动化复杂漏洞的复制 https://github.com/PortSwigger/replicator
OWASP进攻性Web测试框架 https://github.com/owtf/owtf
OWASP JoomScan项目 https://github.com/rezasp/joomscan
WSSAT Web服务安全评估工具 https://github.com/YalcinYolalan/WSSAT
中间人攻击框架 https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/secretsquirrel/BDFProxy
https://github.com/byt3bl33d3r/MITMf
代码注入,wifi jam以及wifi用户探测 https://github.com/DanMcInerney/LANs.py
可扩展的中间人代理工具 https://github.com/intrepidusgroup/mallory
wifi钓鱼 https://github.com/sophron/wifiphisher
XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver
XSS与CSRF工具 https://github.com/evilcos/xssor
Vegile - Ghost In The Shell 进程隐藏和防止被杀的工具 https://github.com/Screetsec/Vegile
密码破解工具 https://github.com/shinnok/johnny
本地存储的各类密码提取利器 https://github.com/AlessandroZ/LaZagne
HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan
超过80GB密码库总结出的字典项目 https://github.com/berzerk0/Probable-Wordlists
Local Exploit for Meltdown https://github.com/dendisuhubdy/meltdown
Meltdown Spectre PoC https://github.com/paboldin/meltdown-exploit
Meltdown/Spectre PoC 源码集合 https://github.com/turbo/KPTI-PoC-Collection
meltdownspectre补丁 https://github.com/hannob/meltdownspectre-patches
SpecuCheck meltdownspectre win下检查工具 https://github.com/ionescu007/SpecuCheck
Linux本地root提权 https://github.com/5H311-1NJ3C706/local-root-exploits
漏洞研究集合 https://github.com/sergey-pronin/Awesome-Vulnerability-Research
Snyk漏洞库 https://github.com/snyk/vulndb
哈希长度扩展攻击EXP https://github.com/citronneur/rdpy
JAVA反序列化漏洞相关资源列表 https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
JBOSS verify & exp tool https://github.com/joaomatosf/jexboss
安卓十月漏洞POC https://github.com/jiayy/android_vuln_poc-exp
在sebug提交的漏洞详情及poc https://github.com/ganliuzhuo/Sebug
PacketWhisper:使用DNS查询和文本隐藏技术 https://github.com/TryCatchHCF/PacketWhisper
ExploitDB官方git版本 https://github.com/offensive-security/exploit-database
Vulncode-DB is a database for vulnerabilities and their corresponding source code https://github.com/google/vulncode-db
php漏洞代码分析 https://github.com/80vul/phpcodz
Parse: PHP安全扫码器 https://github.com/psecio/parse
NodeJsScan-Node.js应用静态安全代码扫码器 https://github.com/ajinabraham/NodeJsScan
proof-of-concept exploits developed by the Semmle Security Research Team. https://github.com/Semmle/SecurityExploits
CVE-2016-2107简单test程序 https://github.com/FiloSottile/CVE-2016-2107
CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547
一些漏洞和0day的blog https://github.com/pierrekim/pierrekim.github.io JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial
JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits
Jenkins cli漏洞 https://github.com/CaledoniaProject/jenkins-cli-exploit
CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe
web攻击的范例docker环境(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp
php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override
An exploit for Apache Struts CVE-2018-11776 https://github.com/mazen160/struts-pwn_CVE-2018-11776
Struts2 S2-045-Nmap NSE script https://github.com/Z-0ne/ScanS2-045-Nmap
SS payloads designed to turn alert(1) into P1 https://github.com/hakluke/weaponised-XSS-payloads
XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost
scap安全指导 https://github.com/OpenSCAP/scap-security-guide
相对偏学术方向,有不少书籍、会议、报告等推荐 https://github.com/re-pronin/awesome-vulnerability-research
偏Web向的常见漏洞类型案例指导 https://github.com/ngalongc/bug-bounty-reference
13年到现在数十个CVE漏洞的PoC https://github.com/qazbnm456/awesome-cve-poc
恶意软件脚本集 https://github.com/seifreed/malware-scripts
Awesome XSS stuff https://github.com/s0md3v/AwesomeXSS
一大波常见Web攻击Payloads https://github.com/foospidy/payloads
后门仓库,包括各语言直接绑定和反射式的后门,后门加密以及Stager https://github.com/0x00-0x00/ShellPop
常见Web攻击Payloads https://github.com/swisskyrepo/PayloadsAllTheThings
OS X命令行、PowerShell命令行、Google Dorks、Shodan、exploit开发、Java反序列化等列表 https://github.com/coreb1t/awesome-pentest-cheat-sheets
漏洞赏金计划集合和著名赏金猎人博客列表 https://github.com/djadmin/awesome-bug-bounty
Exploit开发学习资源 https://github.com/FabioBaroni/awesome-exploit-development
mimic is a tool for covert execution on Linux x86_64. https://github.com/emptymonkey/mimic
二进制EXP编写工具 https://github.com/t00sh/rop-tool
CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools
python写的pwning开发IO库 https://github.com/zTrix/zio
跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida
收集或编写各种漏洞PoC、ExP https://github.com/bollwarm/POC-EXP
吾爱破解论坛【爱盘】3.0 在线破解工具包 https://github.com/ganlvtech/down_52pojie_cn
Angr http://angr.io/
BAP https://github.com/BinaryAnalysisPlatform/bap
Binary Ninja https://binary.ninja/
Bistro http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.309.105&rep=rep1&type=pdf
Diablo http://diablo.elis.ugent.be/
EEL http://pages.cs.wisc.edu/~larus/eel.html
libdetox https://github.com/HexHive/libdetox
Macaw https://github.com/GaloisInc/macaw
McSema https://github.com/trailofbits/mcsema
MultiVerse https://github.com/utds3lab/multiverse
Pharos https://github.com/cmu-sei/pharos
PSI http://seclab.cs.stonybrook.edu/seclab/pubs/vee14.pdf
Reins https://www.utdallas.edu/~zhiqiang.lin/file/ACSAC12.pdf
Shuffler https://www.usenix.org/system/files/conference/osdi16/osdi16-williams-king.pdf
IRDB https://git.zephyr-software.com/opensrc/irdb-cookbook-examples
Uroboros https://github.com/s3team/uroboros
shellcode分析工具 https://github.com/suraj-root/smap/
Shellcode/Obfuscate Code Generator https://github.com/zscproject/OWASP-ZSC
linux下逆向工具 https://github.com/korcankaraokcu/PINCE
Reverse Shell and Post Exploitation Tool https://github.com/panagiks/RSPET
跨平台二进制分析及逆向工具 https://github.com/programa-stic/barf-project
二进制分析工具 https://github.com/devttys0/binwalk
关于软件虚拟化保护(如VMProtect)的资料 https://github.com/lmy375/awesome-vmp
系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息 https://github.com/quarkslab/binmap
A Qt and C++ GUI for radare2 reverse engineering framework https://github.com/radareorg/cutter
rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O. https://github.com/0vercl0k/rp
Windows Exploit Development工具 https://github.com/lillypad/badger
二进制静态分析工具(python) https://github.com/bdcht/amoco
Python Exploit Development Assistance for GDB https://github.com/longld/peda
对BillGates Linux Botnet系木马活动的监控工具 https://github.com/ValdikSS/billgates-botnet-tracker
Adhrit开源的安卓APK逆向和分析工具 https://github.com/abhi-r3v0/Adhrit/
Assesses CPU security of embedded devices. iadgov https://github.com/iadgov/Maplesyrup
pypacker: The fast and simple packet creation and parsing lib for Python. https://github.com/mike01/pypacker
Windows driver and usermode interface which can hide objects of file-system and registry, protect processes and etc https://github.com/JKornev/hidden
IoTSecurityNAT IoT安全测试系统,方便快速接入各种设备,进行安全测试。 https://github.com/3rdbody/IoTSecurityNAT
木马配置参数提取工具 https://github.com/kevthehermit/RATDecoders
Shellphish编写的二进制分析工具(CTF向) https://github.com/angr/angr
针对python的静态代码分析工具 https://github.com/yinwang0/pysonar2
一个自动化的脚本(shell)分析工具,用来给出警告和建议 https://github.com/koalaman/shellcheck
基于AST变换的简易Javascript反混淆辅助工具 https://github.com/ChiChou/etacsufbo
隐写检测工具 https://github.com/abeluck/stegdetect
针对各种编程语言的静态分析工具、linters、代码质量检查等 https://github.com/mre/awesome-static-analysis
关于逆向的图书、培训、实战、工具等 https://github.com/tylerhalfpop/awesome-reversing
常见软件、类库、书籍、技术分析、开发等 https://github.com/onethawt/reverseengineering-reading-list
awesome-firmware-security是一个平台固件资源的列表,立足于安全和测试 https://github.com/PreOS-Security/awesome-firmware-security
nary Analysis Platform https://github.com/BinaryAnalysisPlatform/bap
libsodium for Universal Windows Platform (UWP) - A secure cryptographic library https://github.com/charlesportwoodii/libsodium-uwp
oletools - python tools to analyze MS OLE2 files https://github.com/decalage2/oletools
chipwhisperer -- toolchain for side-channel power analysis and glitching attacks https://github.com/newaetech/chipwhisperer
OCI (Open Containers Initiative) compatible runtime for Intel® Architectur https://github.com/01org/cc-oci-runtime
ICS Security Tools, Tips, and Trade https://github.com/ITI/ICS-Security-Tools
Mobile Security Framework 是一个自动化的移动app安全测试工具,支持Android、iOS和Windows应用,能够进行静态、动态分析以及web API测试 https://github.com/MobSF/Mobile-Security-Framework-MobSF
MobSF HackingLab定制中文版 https://github.com/HackingLab/MobileSF
APEiD 用于安卓应用编译,打包,封隔器,保护器,混淆器等 https://github.com/rednaga/APKiD
QARK linkedin 开源的安卓应用程序源代码安全漏洞分析工具 https://github.com/linkedin/qark
Drozer FSecureLABS开源的一个全面的Android安全评估框架 https://github.com/FSecureLABS/drozer
威胁情报资源 https://github.com/hslatman/awesome-threat-intelligence
常见IOC资源、工具 https://github.com/sroberts/awesome-iocs
数字取证的常见工具资源 https://github.com/Cugu/awesome-forensics
Ethereum Scam Database诈骗数据库溯新查询 https://github.com/MrLuit/EtherScamDB
开源情报:各种开源情报来源 https://github.com/jivoi/awesome-osint
帮助安全分析师和数字取证人员 https://github.com/meirwah/awesome-incident-response
ThreatHunter攻略-帮助安全分析师利用Sysmon和Windows Events日志来进行事件分析,涉及Splunk、ELK、Sigma、GrayLog等工具 https://github.com/VVard0g/ThreatHunter-Playbook
社工插件,可查找以email、phone、username的注册的所有网站账号信息 https://github.com/n0tr00t/Sreg
Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信息 https://github.com/sea-god/gitscan
People tracker on the Internet: OSINT analysis and research tool https://github.com/jofpin/trape
用于MISP分类系统。 https://github.com/MISP/misp-taxonomies
RegEx 拒绝服务(ReDos)扫描器 https://github.com/jagracey/Regex-DoS https://github.com/jagracey/RegEx-DoS
dataShark 构建在Apache Spark的安全和网络事件分析框架 https://github.com/makemytrip/dataShark
github Repo信息搜集工具 https://github.com/metac0rtex/GitHarvester
CIF v3 -- 安全威胁情报最快获取 https://github.com/csirtgadgets/bearded-avenger
使用CNN进行样本恶意动态行为检测 https://github.com/zwq0320/malicious_dynamic_behavior_detection_by_cnn
屏蔽广告,恶意扫描和非法域名的工具(hosts) https://github.com/zant95/hBlock
Dradis Framework: IT安全团队协作和报告工具 https://github.com/dradis/dradis-ce
EggShell (也被正式称为NeonEggShell) 用python写的iOS,OS X 监控工具 https://github.com/neoneggplant/EggShell
HMAC 时序攻击统计分析 http://eggie5.com/45-hmac-timing-attacks https://github.com/eggie5/hmac-timing-attacks
AIL framework - 弱点信息分析框架 https://github.com/CIRCL/AIL-framework
w11scan是一款分布式的WEB指纹识别系统(包括CMS识别、js框架、组件容器、代码语言、WAF等等) https://github.com/boy-hack/w11scan
OWASP依赖扫描报告转为SonarQube https://github.com/stevespringett/dependency-check-sonar-plugin
SBT插件用来进行OWASP依赖扫描 https://github.com/albuch/sbt-dependency-check
Maltrail——非法流量检测系统 https://github.com/stamparm/maltrail
Seebug、structs、cve漏洞实时监控推送系统🔦 https://github.com/FortuneC00kie/bug-monitor
Logstash 日志安全攻击分析插件 https://github.com/anbai-inc/AttackFilter
net-creds:从网络嗅探或Pcap 文件提取敏感数据的工具 https://github.com/DanMcInerney/net-creds
开源的恶意代码查杀引擎,模式匹配是瑞士军刀(支持二进制) https://github.com/VirusTotal/yara
Klara 基于Rara引擎的威胁情报恶意代码发现辅助项目 https://github.com/KasperskyLab/klara
awesome-yara YARA规则、工具和相关信息集。 https://github.com/InQuest/awesome-yara
scylla: 人性化智能IP代理池 https://github.com/imWildCat/scylla
用于机器学习模型的对抗鲁棒性工具箱 https://github.com/IBM/adversarial-robustness-toolbox
射箭:开源漏洞评估和管理 https://github.com/archerysec/archerysec
A fork and successor of the Sulley Fuzzing Framework https://github.com/jtpereyda/boofuzz
BTA is an open-source Active Directory security audit framework https://github.com/airbus-seclab/bta
Open Cyber Threat Intelligence Platform https://www.opencti.io https://github.com/OpenCTI-Platform/opencti
深度利用 https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
Halcyon IDE:Nmap脚本开发IDE https://github.com/s4n7h0/Halcyon
SimpleRisk资源 https://github.com/simplerisk
TROMMEL:Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators https://github.com/CERTCC/trommel
IoT Pentesting 101 && IoT security 101 https://github.com/V33RU/IoTSecurity101
Deep and Dark Web OSINT Tool https://github.com/DedSecInside/TorBot
蜜罐资源合集 https://github.com/paralax/awesome-honeypots
SSH蜜罐 https://github.com/desaster/kippo
kippo进阶版 https://github.com/micheloosterhof/cowrie
SMTP蜜罐 https://github.com/awhitehatter/mailoney
Web应用蜜罐 https://github.com/mushorg/glastopf
数据库蜜罐 https://github.com/jordan-wright/elastichoney
Web蜜罐 https://github.com/atiger77/Dionaea
ICS/SCADA蜜罐 https://github.com/mushorg/conpot
MongoDB代理蜜罐 https://github.com/Plazmaz/MongoDB-HoneyProxy
T-Pot:多蜜罐平台,可视化分析。 https://github.com/dtag-dev-sec/tpotce/
opencanary_web:蜜罐的网络管理平台。 https://github.com/p1r06u3/opencanary_web
Honeyd:一个小型守护进程,可以在网络上创建虚拟主机。 http://www.honeyd.org/
Glastopf Python Web应用程序蜜罐。 https://github.com/mushorg/glastopf
Cowrie :一种中等交互式SSH和Telnet蜜罐,用于记录暴力攻击和攻击者执行的shell交互。 https://github.com/cowrie/cowrie
Kippo:一个中等交互式SSH蜜罐,用于记录暴力攻击,最重要的是,攻击者执行的整个shell交互。 https://github.com/desaster/kippo
Dionaea:一个低交互的蜜罐,能够模拟FTP/HTTP/MSSQL/MYSQL/SMB等服务。 https://github.com/DinoTools/dionaea
onpot:一个ICS蜜罐,其目标是收集有关针对工业控制系统的敌人的动机和方法的情报。 https://github.com/mushorg/conpot
扩展企业安全测试主动诱导型蜜罐框架系统 https://github.com/hacklcx/HFish
Wordpot:一个Wordpress蜜罐,可以检测用于指纹wordpress安装的插件,主题,timthumb和其他常用文件的探针。 https://github.com/gbrindisi/wordpot
Shockpot:针对CVE-2014-6271的一个Web应蜜罐,用于发现针对Bash远程代码漏洞的攻击者。 https://github.com/threatstream/shockpot
对开源蜜罐的学习研究与理解 https://github.com/XiaoXiaoGuaiXiaShi/OpenSource-HoneyPot
Awesome-Hacking黑客、渗透,安全研究文档集 https://github.com/Hack-with-Github/Awesome-Hacking
黑客必读电子书 https://github.com/Hack-with-Github/Free-Security-eBooks
黑客成长技术清单 https://github.com/carpedm20/awesome-hacking
snowden-archive -- NSA承包商Edward Snowden泄露文档合集 https://github.com/iamcryptoki/snowden-archive
Awesome-Vehicle-Security 汽车安全合集包括文档、软硬件应用 https://github.com/jaredthecoder/awesome-vehicle-security
Awesome-Security——一个社区驱动的知名安全资源分类集合 https://github.com/sbilly/awesome-security
应用程序安全的资源列表 https://github.com/paragonie/awesome-appsec
DFTimewolf A framework for orchestrating forensic collection, processing and data export. https://github.com/log2timeline/dftimewolf
安全脑图合集 https://github.com/phith0n/Mind-Map
有关信息安全的一些流程图收集 https://github.com/SecWiki/sec-chart/tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428
在学习Software安全的过程中整合的一些资料 https://github.com/CHYbeta/Software-Security-Learning
有关cryptography, security, OPSEC以及其他工程的演讲集 https://github.com/freddymartinez9/securitytalks
cis-benchmarks 常用服务器、数据库、中间件安全配置基线(英文pdf下载) https://www.cisecurity.org/cis-benchmarks/
Kinda useful notes collated together publicly https://github.com/unprovable/PentestHardware
一个验证密码JS库,通过对比常见密码,提示密码问题 https://github.com/kn9ts/dumb-passwords
网络安全AI信息:相关研究的数据集、论文、书籍、演讲等 https://github.com/jivoi/awesome-ml-for-cybersecurity
ACM CCS 2017 会议集 https://dl.acm.org/citation.cfm?id=3133956
2017 IEEE Cybersecurity Development (SecDev大会录用论文) http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=8071083
Golang for Security Professionals https://github.com/parsiya/Hacking-with-Go
域渗透教程 https://github.com/l3m0n/pentest_study
python security教程(原文链接http//www.primalsecurity.net/tutorials/python-tutorials/) https://github.com/smartFlash/pySecurity
域渗透学习笔记 https://github.com/uknowsec/Active-Directory-Pentest-Notes
渗透测试文档https://ptestmethod.readthedocs.io/en/latest/ https://github.com/Maximevilla/PtestMethod
data_hacking合集 https://github.com/ClickSecurity/data_hacking
手机安全wiki https://github.com/exploitprotocol/mobile-security-wiki
Web安全入门各种书籍、文档、工具 https://github.com/infoslack/awesome-web-hacking
各种Android工具、报告/研究/书籍、漏洞/利用代码等资源 https://github.com/ashishb/android-security-awesome
恶意软件集、开源威胁情报、检测、沙箱等 https://github.com/rshipp/awesome-malware-analysis
书籍《reverse-engineering-for-beginners》 https://github.com/veficos/reverse-engineering-for-beginners
一些信息安全标准及设备配置 https://github.com/luyg24/IT_security
PENTESTING-BIBLE: hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources. https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLEhttps://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴 https://github.com/ym2011/SecurityManagement
2013-2017年各类安全大会演讲视频集 https://github.com/PaulSec/awesome-sec-talks
⚡️ A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more. Especially for System and Network Administrators, DevOps, Pentesters or Security Researchers. https://github.com/trimstray/the-book-of-secret-knowledge
关于网络安全相关的RSS订阅,情报来源和日常知识库更新: https://github.com/zer0yu/CyberSecurityRSS
社工资源集——仅供网络安全人员、渗透测试人员在受控环境用于教育用途 https://github.com/v2-dev/awesome-social-engineering
密码学的理论、工具、框架、资源等 https://github.com/sobolevn/awesome-cryptography
APT相关笔记 https://github.com/kbandla/APTnotes
Kcon资料 https://github.com/knownsec/KCon
Micro8安全渗透十年经验集合:括但不限制于代码审计,web渗透,内网渗透,域渗透,隧道介绍,日志溯源与暴力溯源等 https://github.com/Micropoor/Micro8
Install and Configure Common Car Hacking Tools. https://carhacking.tools https://github.com/jgamblin/CarHackingTools
安全大礼包(大杂烩) https://github.com/bayandin/awesome-awesomeness
各种信息安全公开课、培训信息 https://github.com/onlurking/awesome-infosec
零碎的GitHub安全项目汇总,涉及PWND、PowerShell、CTF、恶意软件等 https://github.com/FuzzySecurity/Resource-List
Gera安全例程镜像 https://github.com/deadbits/InsecureProgramming
That Doesnt Suck安全指南 https://github.com/rmusser01/Infosec_Reference
Shell命令行、工具、指南列表集 https://github.com/alebcay/awesome-shell
<>电子杂志,分享同领域黑客关注的东西和黑客生活,已出版4期(截止2015) https://github.com/citypw/DNFWAH
安全知识库,包括网络分析、Web应用、开源情报、漏洞分析、编程开发等 https://github.com/nixawk/pentest-wiki
ThatDoesntSuck安全指南 https://github.com/rmusser01/Infosec_Reference
安全测试人员进行评估检查需要用到的技能 https://github.com/danielmiessler/SecLists
WeReport: 渗透报告自动化生成平台 https://github.com/bugsafe/WeReport
射频资源集合,包括SDR、GSM、3G、4G LTE、NFC、RFID、ZigBee等 https://github.com/cn0xroot/RFSec-ToolKit
学习Web/Cloud/Docker 安全、渗透测试、安全建设笔记 https://github.com/JnuSimba/MiscSecNotes
安全文章收集 https://github.com/tom0li/collection-document
Linux 安全时记录笔记 https://github.com/JnuSimba/LinuxSecNotes
信息安全从业者书单推荐 https://github.com/riusksk/secbook
Android 安全笔记 https://github.com/JnuSimba/AndroidSecNotes
安全技能树小密圈2017精选 https://github.com/h4ck0ne/security_circle_2017
Android应用安全的众测list https://github.com/B3nac/Android-Reports-and-Resources
车辆安全的学习资源、项目、软硬件、汽车黑客案例、Twitter follower列表等 https://github.com/jaredmichaelsmith/awesome-vehicle-security
聚合大量IoT破解案例,如RFID、门铃、中控、可穿戴等 https://github.com/nebgnahz/awesome-iot-hacks
包括工具、蜜罐、数据、警报和新闻、会议各种工控安全等 https://github.com/hslatman/awesome-industrial-control-system-security
数字取证论文集合(摄像头特征) https://github.com/NetSecLab/Paper_for_Digital_Forensics
渗透测试技巧 https://github.com/xssfile/Attack-data
以太坊合约审计checkList @知道创宇404区块链安全研究团队 https://github.com/knownsec/Ethereum-Smart-Contracts-Security-CheckList
Spring Security provides security services for the Spring IO Platform. Spring Security 5.0 requires Spring 5.0 as a minimum and also requires Java 8. https://github.com/spring-projects/spring-security
Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications. https://github.com/spring-projects/spring-security-oauth
Iptables Essentials: Common Firewall Rules and Commands. https://github.com/trimstray/iptables-essentials#manuals-howtos-tutorials
Curated list of awesome cloud security blogs, podcasts, standards, projects, and examples. https://github.com/Funkmyster/awesome-cloud-security
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. https://github.com/toniblyx/my-arsenal-of-aws-security-tools
Cloud Custodian is a rules engine for managing public cloud accounts and resources https://github.com/capitalone/cloud-custodian
scripts, tools, extensions, automations, for Azure subscription and resource security https://github.com/azsk/DevOpsKit-docs
甲方企业安全建设开源之路 https://github.com/bloodzer0/Enterprise_Security_Build--Open_Source/
📚 List of awesome university courses for learning Computer Science! https://github.com/prakhar1989/awesome-courses
💻 An awesome & curated list of best applications and tools for Windows. https://github.com/Awesome-Windows/Awesome
Curated list of awesome lists https://github.com/sindresorhus/awesome
Awesome & Interesting Talks concerning Programming https://github.com/hellerve/programming-talks#creative-coding
生信,大数据,机器学习,各种程序语言等等资源集合 https://github.com/shenwei356/awesome
中文公开聊天语料库 https://github.com/codemayq/chaotbot_corpus_Chinese
图书配套代码 精通渗透测试机器学习 https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing
awesome cheatsheet https://github.com/detailyang/awesome-cheatsheet
机器学习和安全 https://github.com/13o-bbr-bbq/machine_learning_security
iOS hack资料 https://github.com/Siguza/ios-resources
Green-hat-suite is a tool to make meterpreter evade antivirus https://github.com/Green-m/green-hat-suite
慢雾安全团队知识库 https://github.com/slowmist/Knowledge-Base/
BlockChain-Security-List 区块链加密币安全列表 (reverse, exploit, fuzz..) https://github.com/im-bug/BlockChain-Security-List
比特币的最佳集合 https://github.com/kennethreitz/awesome-coins
知道创宇研发技能表 https://github.com/knownsec/RD_Checklist
architect-awesome:后端架构师技术图谱 https://github.com/xingshaocheng/architect-awesome
Git学习资料 https://github.com/xirong/my-git
计算机科学视频教程集 https://github.com/Developer-Y/cs-video-courses
安卓开源代码解析 https://github.com/android-cn/android-open-project-analysis
JS 正则表达式库(用于简化构造复杂的JS正则表达式) https://github.com/VerbalExpressions/JSVerbalExpressions
PHP生成安全随机数、加密数据、检查漏洞等类库 https://github.com/ziadoz/awesome-php#security
科学上网工具 https://github.com/XX-net/XX-Net
全功能私有云云平台 https://github.com/zelon88/HRCloud2
亚马逊云服务AWS实践指南 https://github.com/open-guides/og-aws
撰写安全代码最小备忘单子 https://github.com/GoSecure/security-cheat-sheet
关于系统、数据库、IDE、编程语言等方面的免费书 https://github.com/EbookFoundation/free-programming-books/
一个爬取国内技术站点的技术文章 https://github.com/smile0304/Technical_Article_Spider/
渗透和开发小技巧 https://github.com/3gstudent/Pentest-and-Development-Tips
🚀苹果macOS 开源应用集 https://github.com/serhii-londar/open-source-mac-os-apps#games
Python应用安全框架 https://github.com/YosaiProject/yosai
python安全和代码审计相关资料收集 https://github.com/bit4woo/python_sec
pyc反编译脚本 https://github.com/gstarnberger/uncompyle
pycipher python加解密库 https://github.com/jameslyons/pycipher
可视化python性能分析工具 https://github.com/nvdv/vprof
Flask认证 https://github.com/miguelgrinberg/Flask-HTTPAuth
ViperMonkey,VBA解析和模拟机,用来分析非法宏代码 https://github.com/decalage2/ViperMonkey
XLearning是一款支持多种机器学习、深度学习框架调度系统. https://github.com/Qihoo360/XLearning/
一些资源和工具里list https://github.com/pe3zx/my-awesome
Tensorflow实战学习笔记 https://github.com/MachineLP/Tensorflow-
声音可视化工具集 https://github.com/willianjusten/awesome-audio-visualization
多个语言简明教程 http://xahlee.info/comp/comp_lang_tutorials_index.html
An extensive list of interesting open source projects written in С, C++, Clojure, Lisp, Elixir, Erlang, Elm, Golang, Haskell, JavaScript, Lua, OCaml, Python, R, Ruby, Rust, Scala etc. https://github.com/lk-geimfari/awesomo
A curated list of Rust code and resources. https://github.com/rust-unofficial/awesome-rust
python 正则表达式库(用于简化构造复杂的python正则表达式) https://github.com/VerbalExpressions/PythonVerbalExpressions
python任务管理以及命令执行库 https://github.com/pyinvoke/invoke
python exe打包库 https://github.com/pyinstaller/pyinstaller
py3 爬虫框架 https://github.com/orf/cyborg
一个提供底层接口数据包编程和网络协议支持的python库 https://github.com/CoreSecurity/impacket
python requests 库 https://github.com/kennethreitz/requests
python 实用工具合集 https://github.com/mahmoud/boltons
python爬虫系统 https://github.com/binux/pyspider
ScrapedIn,LinkedIn爬虫 https://github.com/dchrastil/ScrapedIn
ctf向 python工具包 https://github.com/P1kachu/v0lt
python框架,库,资源大合集 https://github.com/vinta/awesome-python
python资源大全 https://github.com/jobbole/awesome-python-cn