信息安全相关资源

渗透测试资源

Metasploit Unleashed 连接地址 - 免费攻防安全metasploita课程
PTES 连接地址 - 渗透测试执行标准
OWASP 连接地址 - 开源Web应用安全项目

Shellcode开发：
Shellcode Tutorials 连接地址 - 如何写shellcode的指导
Shellcode Examples 连接地址 - Shellcode数据库

社会工程学资源：
社工库框架 连接地址 - 社工所需信息资源

"撬锁"(Lock Picking)资源：
Schuyler Towne channel 连接地址 - 撬锁视频和安全演讲
/r/lockpicking 连接地址 - 学习撬锁的资源和设备推荐

 

渗透工具

渗透测试分布工具：
Kali 连接地址 - 一个专门的数字取证和渗透测试的Linux版本
BlackArch 连接地址 - 渗透测试员和研究人员的Arch Linux分布
NST 连接地址 - 网络安全工具包
Pentoo 连接地址 - 基于Gentoo
BackBox 连接地址 - 基于Ubuntu的渗透测试和安全评估

基本渗透测试工具：
Metasploit Framework 连接地址 - 全球最经常使用的渗透测试工具
Burp Suite 连接地址 - 执行Web安全测试的集成平台
ExploitPack 连接地址 - 用户渗透测试的图形工具

漏洞扫描器：
Netsparker 连接地址 - Web应用程序安全扫描
Nexpose 连接地址 - 漏洞管理和风险管理软件
Nessus 连接地址 - 漏洞、配置和评估
Nikto 连接地址 - Web应用漏洞扫描器
OpenVAS 连接地址 - 开源漏洞扫描和管理工具
OWASP Zed Attack Proxy 连接地址 - web应用的渗透测试工具
Secapps 连接地址 - 集成的Web应用程序安全测试环境
w3af 连接地址 - Web应用攻击和审计框架
Wapiti 连接地址 - Web应用漏洞扫描器
WebReaver 连接地址 - Mac OS X的Web应用漏洞扫描

网络工具：
nmap 连接地址 - 用于网络探测和安全审计的免费安全扫描器
tcpdump/libpcap 连接地址 - 命令行的通用数据包分析器
Wireshark 连接地址 - 网络协议分析，Unix和Windows版本均有
Network Tools 连接地址 - 不一样的网络工具：ping, lookup, whois, 等
netsniff-ng 连接地址 - 瑞士军刀网络嗅探
Intercepter-NG 连接地址 - 一个多功能网络工具包
SPARTA 连接地址 - 网络基础架构渗透测试工具包

无线网络工具：
Aircrack-gn 连接地址 - 一系列无线网络审计工具
Kismet 连接地址 - 无线网络探测器、嗅探器和入侵检测系统
Reaver 连接地址 - WiFi暴力攻击

SSL分析工具
SSLyze连接地址 - SSL配置扫描仪
sslstrip 连接地址 - 一个HTTPS攻击演示

十六进制编辑器
HexEdit.js 连接地址 - 基于浏览器的十六进制编辑器

破解工具
John the Ripper 连接地址 - 最快的密码破解
在线MD5破解 连接地址 - 在线MD5哈希破解

Windows Utils
Sysinternals Suite 连接地址 - Sysinternals 故障诊断工具
Windows Credentials Editor 连接地址 - 列出登陆会话、添加、修改、列表、删除相关凭据的安全工具
mimikatz 连接地址 - 针对Windows的凭证提取工具

DDoS攻击工具
LOIC 连接地址 - 开源的Windos网络压力工具
JS LOIC 连接地址 - 浏览器的JavaScript LOIC

社工工具
SET 连接地址 - 来自TrustedSec的社工工具包

OSint工具
Maltego 连接地址 - 开源情报取证工具

匿名工具
Tor连接地址 - 免费路由在线匿名工具
I2P连接地址 - 隐形互联网项目

逆向工具
IDA Pro连接地址 - Windows、Linux或Mac OS X反编译调试器
IDA Free 连接地址 - 免费版本的IDA 5.0
WDK/WinDbg 连接地址 - Windows驱动程序工具包和WinDbg
OllyDbg 连接地址 - x86调试器（强调二进制代码分析）
Radare2 连接地址 - 开源跨平台逆向工程框架
x64_dgb 连接地址 - Windows 开源x64/x32调试器
Pyew 连接地址 - 静态恶意软件分析的Python工具
Bokken 连接地址 - Pyew Radare2 GUI
Immunity Debugger 连接地址 - 开发、分析恶意软件的新工具
Evan’s Debugger 连接地址 - Linux上相似于OllyDbg的调试器

图书

渗透测试图书：
The Art of Exploitation by Jon Erickson, 2008
Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
Rtfm: Red Team Field Manual by Ben Clark, 2014
The Hacker Playbook by Peter Kim, 2014
The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
Professional Penetration Testing by Thomas Wilhelm, 2013
Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
Violent Python by TJ O‘Connor, 2012
Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
Black Hat Python: Python Programming for Hackers and Pentesters, 2014
Penetration Testing: Procedures & Methodologies (EC-Council Press),2010

黑客手册系列
The Shellcoders Handbook by Chris Anley and others, 2007
The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
iOS Hackers Handbook by Charlie Miller and others, 2012
Android Hackers Handbook by Joshua J. Drake and others, 2014
The Browser Hackers Handbook by Wade Alcorn and others, 2014
The Mobile Application Hackers Handbook by Dominic Chell and others, 2015

网络分析图书
Nmap Network Scanning by Gordon Fyodor Lyon, 2009
Practical Packet Analysis by Chris Sanders, 2011
Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

逆向工程图书
Reverse Engineering for Beginners by Dennis Yurichev (free!)
The IDA Pro Book by Chris Eagle, 2011
Practical Reverse Engineering by Bruce Dang and others, 2014
Reverse Engineering for Beginners

恶意软件分析图书
Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
The Art of Memory Forensics by Michael Hale Ligh and others, 2014
Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010

Windows图书
Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

社会工程学图书
The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
No Tech Hacking by Johnny Long, Jack Wiles, 2008
Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

撬锁系列图书
Practical Lock Picking by Deviant Ollam, 2012
Keys to the Kingdom by Deviant Ollam, 2012
CIA Lock Picking Field Operative Training Manual
Lock Picking: Detail Overkill by Solomon
Eddie the Wire books

漏洞数据库
NVD 连接地址 - US National Vulnerability Database
CERT 连接地址 - US Computer Emergency Readiness Team
OSVDB 连接地址 - Open Sourced Vulnerability Database
Bugtraq 连接地址 - Symantec SecurityFocus
Exploit-DB 连接地址 - Offensive Security Exploit Database
Fulldisclosure 连接地址 - Full Disclosure Mailing List
MS Bulletin 连接地址 - Microsoft Security Bulletin
MS Advisory 连接地址 - Microsoft Security Advisories
Inj3ct0r 连接地址 - Inj3ct0r Exploit Database
Packet Storm 连接地址 - Packet Storm Global Security Resource
SecuriTeam 连接地址 - Securiteam Vulnerability Information
CXSecurity 连接地址 - CSSecurity Bugtraq List
Vulnerability Laboratory 连接地址 - Vulnerability Research Laboratory
ZDI 连接地址 - Zero Day Initiative

安全课程
Offensive Security Training 连接地址 - Training from BackTrack/Kali developers
SANS Security Training 连接地址 - Computer Security Training & Certification
Open Security Training 连接地址 - Training material for computer security classes
CTF Field Guide 连接地址 - everything you need to win your next CTF competition
Cybrary 连接地址 - online IT and Cyber Security training platform

信息安全课程

DEF CON - An annual hacker convention in Las Vegas
Black Hat - An annual security conference in Las Vegas
BSides - A framework for organising and holding security conferences
CCC - An annual meeting of the international hacker scene in Germany
DerbyCon - An annual hacker conference based in Louisville
PhreakNIC - A technology conference held annually in middle Tennessee
ShmooCon - An annual US east coast hacker convention
CarolinaCon - An infosec conference, held annually in North Carolina
HOPE - A conference series sponsored by the hacker magazine 2600
SummerCon - One of the oldest hacker conventions, held during Summer
Hack.lu - An annual conference held in Luxembourg
HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
Hack3rCon - An annual US hacker conference
ThotCon - An annual US hacker conference held in Chicago
LayerOne - An annual US security conerence held every spring in Los Angeles
DeepSec - Security Conference in Vienna, Austria
SkyDogCon - A technology conference in Nashville
SECUINSIDE - Security Conference in Seoul
DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania

信息安全杂志
2600: The Hacker Quarterly - An American publication about technology and computer "underground"
Phrack Magazine - By far the longest running hacker zine

很是有用的信息列表：
SecTools 连接地址 - Top 125 Network Security Tools
C/C++ Programming 连接地址 - One of the main language for open source security tools
.NET Programming 连接地址 - A software framework for Microsoft Windows platform development
Shell Scripting 连接地址 - Command-line frameworks, toolkits, guides and gizmos
Ruby Programming by @dreikanter 连接地址 - The de-facto language for writing exploits
Ruby Programming by @markets 连接地址 - The de-facto language for writing exploits
Ruby Programming by @Sdogruyol 连接地址 - The de-facto language for writing exploits
JavaScript Programming 连接地址 - In-browser development and scripting
Node.js Programming by @sindresorhus 连接地址 - JavaScript in command-line
Node.js Programming by @vndmtrx 连接地址 - JavaScript in command-line
Python tools for penetration testers 连接地址 - Lots of pentesting tools are written in Python
Python Programming by @svaksha 连接地址 - General Python programming
Python Programming by @vinta 连接地址 - General Python programming
Android Security 连接地址 - A collection of android security related resources
Awesome Awesomness 连接地址 - The List of the Lists

 

原文：http://bar.freebuf.com/comment/9775