cybersecurity

2023-09-30

网上接单注意

不管什么单子必须在虚拟机里面跑

不得物理机运行未知应用程序否则就会出事

learning resource and bug bounty

https://www.hacker101.com

https://www.hackerone.com

https://www.hacker101.com/resources

open source virus/malware in your arsenal

powershell obfuscator advanced, will bypass any av

post-exploit framework, evasion

https://github.com/PowerShellMafia/PowerSploit

https://github.com/cobbr/SharpSploit

https://github.com/EmpireProject/Empire

thefatrat is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus. the author has some tools to share.

pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

venom - C2 shellcode generator/compiler/handler

virus samples

the malware repo

open source virus

thezoo A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malwares codebase, botnet

open source malware on github, repo list

virus for win10

kafan virus samples

vbgood

debugman reverse engineering

official blackhat arsenal under toolswatch category arsenal

massive hacking tools collection

burpa burp suite automation tool

twitter token generator register twitter in batch, has a large proxy list

i0gan some hacker with automated tools like awd_script

ichunqiu ctf educational resources

cyberchief online ctf interactive tools suite

bugku tools

ctftools curated online tool list

ctf online tools

kanxue home page, articles

52pojie hack tools

kanxue knowledge base

ctfshow

ctfhub tools

渗透师导航

resources recommended by ctfwiki

shellcode storm database can be queried via api

exploitdb find exploits, poc code, google hacking database for finding juicy information/urls, shellcodes with an advanced search interface

cracking.org

OSINT: open source (public source) intelligence is the practice of collecting information from published or otherwise publicly available sources

osint tools:

Maltego
Google dorks
Mitaka
SpiderFoot
Spyse
BuiltWith
Intelligence X
DarkSearch.io
Grep.app
Recon-ng
theHarvester
Shodan
Metagoofil
Searchcode
SpiderFoot
Babel X

Invicti

Invicti is a web application security scanner hacking tool to find SQL Injection, XSS, and vulnerabilities in web applications or services automatically.

Fortify WebInspect

It is used to identify security vulnerabilities by allowing it to test the dynamic behavior of running web applications.

Cain & Abel

It is used to recover the MS Access passwords

Nmap (Network Mapper)

Used in port scanning, one of the phases in ethical hacking, is the finest hacking software ever.

Nessus

Nessus is the world’s most well-known vulnerability scanner, which was designed by tenable network security. It is free and is chiefly recommended for non-enterprise usage.

Nikto

Checks web servers and identifies over 6400 CGIs or files that are potentially dangerous

Kismet

Kismet is basically a sniffer and wireless-network detector that works with other wireless cards and supports raw-monitoring mode.

NetStumbler

Identifying AP (Access Point) network configuration

Acunetix

Integration of scanner results into other platforms and tools

Netsparker

Uniquely verifies identified vulnerabilities, showing that they are genuine, not false positives

Intruder

Integrates with Slack, Jira, and major cloud providers

Nmap

Contains a data transfer, redirection, and debugging tool

Metasploit

Ideal for finding security vulnerabilities

Aircrack-Ng

It can crack WEP keys and WPA2-PSK, and check Wi-Fi cards

Wireshark

Allows coloring rules to packet lists to facilitate analysis

OpenVAS

OpenVAS has the capabilities of various high and low-level Internet and industrial protocols, backed up by a robust internal programming language.

SQLMap

Supports executing arbitrary commands

Ettercap

Live connections sniffer

Maltego

Performs real-time information gathering and data mining

Burp Suite

Uses out-of-band techniques

John the Ripper

Tests different encrypted passwords

Angry IP Scanner

This is a free tool for scanning IP addresses and ports

SolarWinds Security Event Manage

Recognized as one of the best SIEM tools, helping you easily manage memory stick storage

Traceroute NG

Detects paths changes and alerts you about them

LiveAction

Its packet intelligence provides deep analyses

QualysGuard

Responds to real-time threats

WebInspect

Tests dynamic behavior of web applications for the purpose of spotting security vulnerabilities

Hashcat

Supports distributed cracking networks

L0phtCrack

Fixes weak passwords issues by forcing a password reset or locking out accounts

Rainbow Crack
IKECrack

IKECrack is an authentication cracking tool with the bonus of being open source.

Sboxr

Checks for over two dozen types of web vulnerabilities

Medusa

One of the best tools for thread-based parallel testing and brute-force testing

Cain and Abel

uncovers password fields, sniffs networks, recovers MS Access passwords, and cracks encrypted passwords using brute-force, dictionary, and cryptanalysis attacks.