一组很棒的渗透测试资源,网络安全工具包 ,包括工具、书籍、会议、杂志和其他的东西
渗透测试工具
A collection of awesome penetration testing resources
Online Resources
Penetration Testing Resources
Metasploit Unleashed - Free Offensive Security metasploit coursePTES - Penetration Testing Execution StandardOWASP - Open Web Application Security Project
Exploit development
Social Engineering Resources
Lock Picking Resources
Tools
Penetration Testing Distributions
Kali - A Linux distribution designed for digital forensics and penetration testingArchStrike - An Arch Linux repository for security professionals and enthusiastsBlackArch - Arch Linux-based distribution for penetration testers and security researchersNST - Network Security Toolkit distributionPentoo - Security-focused livecd based on GentooBackBox - Ubuntu-based distribution for penetration tests and security assessmentsParrot - A distribution similar to Kali, with multiple architecture
Basic Penetration Testing Tools
Metasploit Framework - World's most used penetration testing softwareBurp Suite - An integrated platform for performing security testing of web applicationsExploitPack - Graphical tool for penetration testing with a bunch of exploitsBeeF - The Browser Exploitation Framework Projectfaraday - Collaborative Penetration Test and Vulnerability Management Platformevilgrade - The update explotation frameworkcommix - Automated All-in-One OS Command Injection and Exploitation Toolroutersploit - Automated penetration testing software for router
Docker for Penetration Testing
Vulnerability Scanners
Netsparker - Web Application Security ScannerNexpose - Vulnerability Management & Risk Management SoftwareNessus - Vulnerability, configuration, and compliance assessmentNikto - Web application vulnerability scannerOpenVAS - Open Source vulnerability scanner and managerOWASP Zed Attack Proxy - Penetration testing tool for web applicationsSecapps - Integrated web application security testing environmentw3af - Web application attack and audit frameworkWapiti - Web application vulnerability scannerWebReaver - Web application vulnerability scanner for Mac OS XDVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZRarachni - Web Application Security Scanner Framework
Network Tools
nmap - Free Security Scanner For Network Exploration & Security Auditspig - A Linux packet crafting tooltcpdump/libpcap - A common packet analyzer that runs under the command lineWireshark - A network protocol analyzer for Unix and WindowsNetwork Tools - Different network tools: ping, lookup, whois, etcnetsniff-ng - A Swiss army knife for for network sniffingIntercepter-NG - a multifunctional network toolkitSPARTA - Network Infrastructure Penetration Testing ToolDNSDumpster - Online DNS recond and search serviceMass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.Zarp - Zarp is a network attack tool centered around the exploitation of local networksmitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developersmallory - HTTP/HTTPS proxy over SSHDET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same timepwnat - punches holes in firewalls and NATsdsniff - a collection of tools for network auditing and pentestingtgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewallssmbmap - a handy SMB enumeration toolscapy - a python-based interactive packet manipulation program & library
Wireless Network Tools
Aircrack-ng - a set of tools for auditing wireless networkKismet - Wireless network detector, sniffer, and IDSReaver - Brute force attack against Wifi Protected SetupWifite - Automated wireless attack toolwifiphisher - Automated phishing attacks against Wi-Fi networks
SSL Analysis Tools
SSLyze - SSL configuration scannersslstrip - a demonstration of the HTTPS stripping attackssslstrip2 - SSLStrip version to defeat HSTStls_prober - fingerprint a server's SSL/TLS implementation
Web exploitation
WPScan - Black box WordPress vulnerability scannerSQLmap - Automatic SQL injection and database takeover toolweevely3 - Weaponized web shellWappalyzer - Wappalyzer uncovers the technologies used on websitescms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.joomscan - Joomla CMS scannerWhatWeb - Website FingerprinterBlindElephant - Web Application Fingerprinterfimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugsKadabra - Automatic LFI exploiter and scannerKadimus - LFI scan and exploit toolliffy - LFI exploitation tool
Hex Editors
Crackers
Windows Utils
Linux Utils
DDoS Tools
LOIC - An open source network stress tool for WindowsJS LOIC - JavaScript in-browser version of LOICT50 - The more fast network stress tool
Social Engineering Tools
SET - The Social-Engineer Toolkit from TrustedSec
OSInt Tools
Maltego - Proprietary software for open source intelligence and forensics, from Paterva.theHarvester - E-mail, subdomain and people names harvestercreepy - A geolocation OSINT toolmetagoofil - Metadata harvesterGoogle Hacking Database - a database of Google dorks; can be used for reconCensys - Collects data on hosts and websites through daily ZMap and ZGrab scansShodan - Shodan is the world's first search engine for Internet-connected devicesZoomEye - A cyberspace search engine for Internet-connected devices and websites using Xmap and Wmaprecon-ng - A full-featured Web Reconnaissance framework written in Pythongithub-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak
Anonymity Tools
Tor - The free software for enabling onion routing online anonymityI2P - The Invisible Internet ProjectNipe - Script to redirect all traffic from the machine to the Tor network.
Reverse Engineering Tools
IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debuggerIDA Free - The freeware version of IDA v5.0WDK/WinDbg - Windows Driver Kit and WinDbgOllyDbg - An x86 debugger that emphasizes binary code analysisRadare2 - Opensource, crossplatform reverse engineering framework.x64_dbg - An open-source x64/x32 debugger for windows.Pyew - A Python tool for static malware analysis.Bokken - GUI for Pyew Radare2.Immunity Debugger - A powerful new way to write exploits and analyze malwareEvan's Debugger - OllyDbg-like debugger for LinuxMedusa disassembler - An open source interactive disassemblerplasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
CTF Tools
Pwntools - CTF framework for use in CTFs
Books
Penetration Testing Books
The Art of Exploitation by Jon Erickson, 2008 Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011 Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014 Rtfm: Red Team Field Manual by Ben Clark, 2014 The Hacker Playbook by Peter Kim, 2014 The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013 Professional Penetration Testing by Thomas Wilhelm, 2013 Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012 Violent Python by TJ O'Connor, 2012 Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007 Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014 Penetration Testing: Procedures & Methodologies by EC-Council, 2010 Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010 Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014 Bug Hunter's Diary by Tobias Klein, 2011
Hackers Handbook Series
The Database Hacker's Handbook, David Litchfield et al., 2005 The Shellcoders Handbook by Chris Anley et al., 2007 The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009 The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011 iOS Hackers Handbook by Charlie Miller et al., 2012 Android Hackers Handbook by Joshua J. Drake et al., 2014 The Browser Hackers Handbook by Wade Alcorn et al., 2014 The Mobile Application Hackers Handbook by Dominic Chell et al., 2015 Car Hacker's Handbook by Craig Smith, 2016
Network Analysis Books
Reverse Engineering Books
Malware Analysis Books
Windows Books
Social Engineering Books
Lock Picking Books
Vulnerability Databases
Security Courses
Information Security Conferences
DEF CON - An annual hacker convention in Las VegasBlack Hat - An annual security conference in Las VegasBSides - A framework for organising and holding security conferencesCCC - An annual meeting of the international hacker scene in GermanyDerbyCon - An annual hacker conference based in LouisvillePhreakNIC - A technology conference held annually in middle TennesseeShmooCon - An annual US east coast hacker conventionCarolinaCon - An infosec conference, held annually in North CarolinaHOPE - A conference series sponsored by the hacker magazine 2600SummerCon - One of the oldest hacker conventions, held during SummerHack.lu - An annual conference held in LuxembourgHITB - Deep-knowledge security conference held in Malaysia and The NetherlandsTroopers - Annual international IT Security event with workshops held in Heidelberg, GermanyHack3rCon - An annual US hacker conferenceThotCon - An annual US hacker conference held in ChicagoLayerOne - An annual US security conference held every spring in Los AngelesDeepSec - Security Conference in Vienna, AustriaSkyDogCon - A technology conference in NashvilleSECUINSIDE - Security Conference in Seoul DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, RomaniaAppSecUSA - An annual conference organised by OWASPBruCON - An annual security conference in BelgiumInfosecurity Europe - Europe's number one information security event, held in London, UKNullcon - An annual conference in Delhi and Goa, IndiaRSA Conference USA - An annual security conference in San Francisco, California, USASwiss Cyber Storm - An annual security conference in Lucerne, SwitzerlandVirus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina44Con - Annual Security Conference held in LondonBalCCon - Balkan Computer Congress, annualy held in Novi Sad, SerbiaFSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia
Information Security Magazines
Awesome Lists
Kali Linux Tools - List of tools present in Kali LinuxSecTools - Top 125 Network Security ToolsC/C++ Programming - One of the main language for open source security tools.NET Programming - A software framework for Microsoft Windows platform developmentShell Scripting - Command-line frameworks, toolkits, guides and gizmosRuby Programming by @dreikanter - The de-facto language for writing exploitsRuby Programming by @markets - The de-facto language for writing exploitsRuby Programming by @Sdogruyol - The de-facto language for writing exploitsJavaScript Programming - In-browser development and scriptingNode.js Programming by @sindresorhus - JavaScript in command-lineNode.js Programming by @vndmtrx - JavaScript in command-linePython tools for penetration testers - Lots of pentesting tools are written in PythonPython Programming by @svaksha - General Python programmingPython Programming by @vinta - General Python programmingAndroid Security - A collection of android security related resourcesAwesome Awesomness - The List of the ListsAppSec - Resources for learning about application securityCTFs - Capture The Flag frameworks, libraries, etcHacking - Tutorials, tools, and resourcesHoneypots - Honeypots, tools, components, and moreInfosec - Information security resources for pentesting, forensics, and moreMalware Analysis - Tools and resources for analystsPCAP Tools - Tools for processing network trafficSecurity - Software, libraries, documents, and other resourcesAwesome List - A curated list of awesome listsSecLists - Collection of multiple types of lists used during security assessmentsSecurity Talks - A curated list of security conferences
该渗透测试资源列表是Nick Raienko创建的,且一直在更新,感兴趣的可关注源:https://github.com/enaqx/awesome-pentest#online-resources