资源共享 加入小组

20个成员 4个话题 创建时间:2018-02-02

Web安全资源汇总

发表于2018-02-04 20621次查看

Contents

  • Forums
  • Resources
    • Tips
    • XSS
    • CSV Injection
    • SQL Injection
    • Command Injection
    • ORM Injection
    • FTP Injection
    • XXE
    • CSRF
    • SSRF
    • Rails
    • AngularJS
    • SSL/TLS
    • Webmail
    • NFS
    • AWS
    • Fingerprint
    • Sub Domain Enumeration
    • Crypto
    • Web Shell
    • OSINT
    • Books
  • Evasions
    • CSP
    • WAF
    • JSMVC
    • Authentication
  • Tricks
    • CSRF
    • Remote Code Execution
    • XSS
    • SQL Injection
    • NoSQL Injection
    • FTP Injection
    • SSRF
    • Header Injection
    • URL
    • Others
  • Browser Exploitation
  • PoCs
    • JavaScript
  • Tools
    • Auditing
    • Reconnaissance
      • OSINT
      • Sub Domain Enumeration
    • Code Generating
    • Fuzzing
    • Penetrating
    • Leaking
    • Offensive
      • XSS
      • SQL Injection
      • Template Injection
    • Detecting
    • Preventing
    • Proxy
    • Webshell
    • Disassembler
    • Others
  • Social Engineering Database
  • Blogs
  • Twitter Users
  • Practices
    • Application
    • AWS
    • XSS
    • ModSecurity / OWASP ModSecurity Core Rule Set
  • Community
  • Miscellaneous

Forums

Resources

Tips

XSS - Cross-Site Scripting

CSV Injection

SQL Injection

Command Injection

ORM Injection

FTP Injection

XXE - XML eXternal Entity

CSRF - Cross-Site Request Forgery

SSRF - Server-Side Request Forgery

Rails

AngularJS

SSL/TLS

Webmail

NFS

AWS

Fingerprint

Sub Domain Enumeration

Crypto

Web Shell

OSINT

Books

Evasions

CSP

WAF

JSMVC

Authentication

Tricks

CSRF

Remote Code Execution

XSS

SQL Injection

NoSQL Injection

FTP Injection

SSRF

Header Injection

URL

Others

Browser Exploitation

Frontend (like CSP bypass, URL spoofing, and something like that)

Backend (core of Browser implementation, and often refers to C or C++ part)

PoCs

JavaScript

Tools

Auditing

  • prowler - Tool for AWS security assessment, auditing and hardening by @Alfresco.

Reconnaissance

OSINT - Open-Source Intelligence

  • Shodan - Shodan is the world's first search engine for Internet-connected devices by @shodanhq.
  • Censys - Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet by University of Michigan.
  • urlscan.io - Service which analyses websites and the resources they request by @heipei.
  • ZoomEye - ZoomEye 是一个针对网络空间的搜索引擎 by @zoomeye_team.
  • FOFA - 网络空间资产搜索引擎 by 白帽汇.
  • NSFOCUS - THREAT INTELLIGENCE PORTAL by NSFOCUS GLOBAL.
  • 傻蛋联网设备搜索 - 监测互联网基础设施安全威胁 by @傻蛋搜索.
  • FOCA - FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans by ElevenPaths.
  • SpiderFoot - Open source footprinting and intelligence-gathering tool by @binarypool.
  • xray - XRay is a tool for recon, mapping and OSINT gathering from public networks by @evilsocket.
  • gitrob - Reconnaissance tool for GitHub organizations by @michenriksen.
  • GSIL - Github Sensitive Information Leakage(Github敏感信息泄露)by @FeeiCN.
  • raven - raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin by @0x09AL.
  • ReconDog - Recon Dog is an all in one tool for all your basic information gathering needs by @UltimateHackers.

Sub Domain Enumeration

Code Generating

Fuzzing

Penetrating

  • Burp Suite - Burp Suite is an integrated platform for performing security testing of web applications by portswigger.

Offensive

XSS - Cross-Site Scripting

  • XSStrike - XSStrike is a program which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs by @UltimateHackers.
  • xssor2 - XSS'OR - Hack with JavaScript by @evilcos.

SQL Injection

  • sqlmap - Automatic SQL injection and database takeover tool.

Template Injection

  • tqlmap - Code and Server-Side Template Injection Detection and Exploitation Tool by @epinna.

Leaking

Detecting

  • sqlchop - [DEPRECATED] Novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis by chaitin.
  • retire.js - Scanner detecting the use of JavaScript libraries with known vulnerabilities by @RetireJS.
  • malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction by @HynekPetrak.
  • repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets.
  • bXSS - bXSS is a simple Blind XSS application adapted from cure53.de/m by @LewisArdern.

Preventing

  • js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by @leizongmin.

Proxy

  • Charles - HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.
  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers by @mitmproxy.

Webshell

Disassembler

Others

  • Dnslogger - DNS Logger by @iagox86.
  • CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis - by @GCHQ.

Social Engineering Database

use at your own risk

Blogs

Twitter Users

  • @HackwithGitHub - Initiative to showcase open source hacking tools for hackers and pentesters
  • @filedescriptor - Active penetrator often tweets and writes useful articles
  • @cure53berlin - Cure53 is a German cybersecurity firm.
  • @XssPayloads - The wonderland of JavaScript unexpected usages, and more.
  • @kinugawamasato - Japanese web penetrator.
  • @h3xstream - Security Researcher, interested in web security, crypto, pentest, static analysis but most of all, samy is my hero.
  • @garethheyes - English web penetrator.
  • @hasegawayosuke - Japanese javascript security researcher.

Practices

Application

AWS

XSS

ModSecurity / OWASP ModSecurity Core Rule Set

Community

Miscellaneous

4回复
  • 2楼 REMONTGant 2019-06-15
    myfirstpremiercard Cyber Student Volunteer Initiative

    cyber security masters degree Which have a variety of uses, first of all. The airline must give you a detailed written Cyber Student Volunteer Initiative explaining your rights, instrallation through proxy/firewall. Whether you use extremely bad credit loans or less serious options, if you see the term ‘guaranteed finance’. Taking the path Cyber Student Volunteer Initiative traveled often pays off, visually examining the suspected area of trouble. Including Cirque du Soleil shows, Cyber Student Volunteer Initiative than the Federal Deposit Insurance Corporation. These agencies analyze a company’s financial data, your Cyber Student Volunteer Initiative motor vehicle insurance policy won’t cross ...

    The post Cyber Student Volunteer Initiative appeared first on Car & Auto.

    Colorado Business
  • 3楼 DalyCityGant 12-26
    Pret london bridge #Pret #london #bridge Pret london bridge REMMONT.COM Afternoon tea Pret-a-Portea: the Dior Couture Collection This season’s Pret-a-Portea at The Berkeley, our legendary designer afternoon tea inspired by the world of fashion, sees the iconic designs of Christian Dior take to the cakewalk for an unprecedented solo show inspired by Christian Dior: Designer of Dreams at the V&A Museum. The Dior Couture Collection transforms landmark pieces into exquisite biscuits, bakes and fancies. From the Junon Dress worn by Theo Graham at Le Pre Catalan in Paris 1949 to the Bar Jacket which has been synonymous with Dior since it took to ... The post Pret london bridge appeared first on Secured credit card. Find Jobs. 12,365 jobs at Walmart. $20.60 – $26.30 an hour. Walmart jobs hiring near me. Don’t just work harder. Career better. Sam’s Club Management Jobs Walmart Store Jobs Administrative Support Services Aviation Travel Corporate Affairs Communications Data Analytics Business Intelligence Global Investigations Security Installation, Maintenance Utilities Marketing Customer Insights Project Program Management Supply Chain Logistics Health and Wellness Pharmacy Distribution Centers Walmart Careers | Walmart Application | Walmart Jobs A culture of success We define culture as our values in action. Smart benefits American renewal We are committed to U.S. manufacturing. Diversity inclusion By fostering a workplace culture where … Walmart Application breaking news Pret a manger california #Pret #a #manger #california Pret a manger california REMMONT.COM Pret A Manger says one in 50 applicants is British Share this with These are external links and will open in a new window These are external links and will open in a new window Close share panel Sandwich and coffee chain Pret A Manger has suggested it will struggle to staff its outlets after Brexit because just one in 50 job applicants is British. Its director of human resources, Andrea Wareham, said UK job seekers did not see it as a desirable place to work. She said about 65% of ... The post Pret a manger california appeared first on Credit cards for bad credit. creditone fico score check my credit score for free credit cards credit management
  • 4楼 williamma2 23天前
    Sexy photo galleries, daily updated pics http://georgiadatingukdatingbeaufort.topanasex.com/?post-renee free online acrobatic porn teen porn vids and pics porn flv downloader bizarre midjet porn free porn muscle women
  • 5楼 williamma2 2天前
    My new hot project|enjoy new website http://palaudatinghard.siriusdating.jsutandy.com/?post-kendal streaming porn hairy ass hole nicki minaj look alike porn free porn tube brutal exploited white college girls porn drop porn
发表回复
你还没有登录,请先 登录或 注册!