藏址阁

安全资讯

https://www.exploit-db.com/
http://seclists.org/pen-test/
http://www.freebuf.com
http://www.reddit.com/r/netsec/
http://www.intelligentexploit.com/
http://seclists.org/fulldisclosure/

网络空间搜索引擎

https://censys.io/
https://shodan.io
https://viz.greynoise.io/
https://www.zoomeye.org
https://buckets.grayhatwarfare.com/
https://x.threatbook.cn/  (微步威胁情报)

在线工具

https://viewdns.info/reverseip/   (IP反查)
https://www.packettotal.com/    (在线分析pacap文件)
https://www.opengps.cn/Data/IP/LocHighAcc.aspx     (IP定位)
https://who.is/whois/1990day.com   (IP/域名信息查询,含DNS解析历史)

安全工具

1.OWASP Mantra

https://sourceforge.net/projects/getmantra/

2.Hcon Security Testing Framework

https://sourceforge.net/projects/hconframework/

3.Nmap

https://nmap.org/

4.Burp suite

https://portswigger.net/burp

漏洞利用

1.Metasploit

www.metasploit.com
https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers # 快速安装

2.beef

http://beefproject.com/

3.Pentestbox(渗透测试工具包)

https://www.pentestbox.com/

Pentest OS

1.Kali

https://www.kali.org/

2.dracos

https://www.dracos-linux.org/

备忘单

  1. OWASP移动安全测试指南 (andorid/iOS)

    https://github.com/OWASP/owasp-mstg
    

2.iOS / macOS渗透测试备忘单

https://github.com/ansjdnakjdnajkd/iOS

3.网络取证/应急响应

https://www.jaiminton.com/cheatsheet/DFIR/