剑客
关注科技互联网

Github 安全军火库(三)

Github 安全军火库(三)

不废话,上资源。

==========================华丽丽的分割线==========================

漏洞及渗透练习平台:

https:// github.com/Medicean/Vul Apps

多种漏洞练习环境

花式扫描器:

GitHub – presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications

Ruby on Rails应用静态分析工具

GitHub – future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

linux漏洞扫描器

GitHub – m0nad/HellRaiser: Vulnerability Scanner

基于端口的漏扫及CVE关联

甲方安全工程师生存指南:

GitHub – juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups

各知名厂商渗透测试报告模板

GitHub – codejanus/ToolSuite: Security tools

安全工具合集

GitHub – mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System

apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM)

GitHub – Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool

Destroy-Windows-10-Spying

https:// github.com/pwnsdx/BadCo de

PHP代码审计扫描器

GitHub – rfxn/linux-malware-detect: Linux Malware Detection (LMD)

linux下恶意代码检测包

GitHub – facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics.

操作系统运行指标可视化框架

https:// github.com/jipegit/OSXA uditor

Mac OS下取证工具

GitHub – cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system

恶意代码分析系统

GitHub – Netflix/Scumblr

定期搜索及存储web应用,可搜漏洞讨论等等

GitHub – google/grr: GRR Rapid Response: remote live forensics for incident response

事件响应框架(focus on 远程取证)

GitHub – mozilla/MozDef: MozDef: The Mozilla Defense Platform

The Mozilla Defense Platform

GitHub – ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等)

GitHub – Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X

OS X远程取证与分析工具包

GitHub – mozilla/mig: Distributed & real time digital forensics at the speed of the cloud

分布式实时数字取证系统

GitHub – sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

Microsoft & Unix 文件系统及硬盘取证工具

https:// github.com/OpenSCAP/ope nscap

Open Source Security Compliance Solution

https:// github.com/wgliang/logc ool

开源准实时日志采集器

https:// github.com/goldshtn/etr ace

windows实时ETW事件处理工具

GitHub – Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.

CPU及内存相关性能分析工具

WEB:

GitHub – fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.

通过调用sqlmap api,自动检测sqli的代理

GitHub – Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions

免杀payload生成器

GitHub – byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server

用gmail充当C&C服务器的后门

远控:

GitHub – UbbeLoL/uRAT: Opensource modular Remote Administration Tool

开源模块化远控工具

GitHub – hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool)

C#远控工具

漏洞POC&EXP:

GitHub – GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities

JAVA反序列化漏洞相关资源列表

二进制及代码分析工具:

GitHub – suraj-root/smap: Shellcode mapper

shellcode分析工具

GitHub – zscproject/OWASP-ZSC: OWASP ZSC GitHub – zscproject/OWASP-ZSC: OWASP ZSC

Shellcode/Obfuscate Code Generator

GitHub – korcankaraokcu/PINCE: A reverse engineering tool that’ll (hopefully) supply the place of Cheat Engine for linux

linux下逆向工具

GitHub – panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Reverse Shell and Post Exploitation Tool

GitHub – programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

跨平台二进制分析及逆向工具

Python:

GitHub – gstarnberger/uncompyle: Python decompiler

pyc反编译脚本

https:// github.com/jameslyons/p ycipher

pycipher python加解密库

https:// github.com/nvdv/vprof

可视化python性能分析工具

FUZZ:

https:// github.com/MozillaSecur ity/peach

fuzzing framework

GitHub – google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage

A general-purpose, easy-to-use fuzzer with interesting analysis options.

GitHub – fuzzing/MFFA: Media Fuzzing Framework for Android

Media Fuzzing Framework for Android

GitHub – MindMac/IntentFuzzer: A Tool to fuzz Intent on Android

A tool to fuzz Intent Android

GitHub – MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input.

Fuzzing资源

GitHub – ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)

AFL的Android移植版本

如果当中有描述不正确的地方,还请老司机们指教,鞠躬!

或者各位老司机们有什么日常中用的顺手的开源工具或者项目,也可以私信发我,我收集起来再分享给大家,再鞠躬!

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址