Github 安全军火库(三)

Github 安全军火库(三)

不废话,上资源。

==========================华丽丽的分割线==========================

漏洞及渗透练习平台:

github.com/Medicean/Vul

多种漏洞练习环境

花式扫描器:

GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
Ruby on Rails应用静态分析工具

GitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
linux漏洞扫描器

GitHub - m0nad/HellRaiser: Vulnerability Scanner
基于端口的漏扫及CVE关联

甲方安全工程师生存指南:

GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
各知名厂商渗透测试报告模板

GitHub - codejanus/ToolSuite: Security tools
安全工具合集

GitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System
apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM)

GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool
Destroy-Windows-10-Spying

github.com/pwnsdx/BadCo
PHP代码审计扫描器

GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD)
linux下恶意代码检测包

GitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics.
操作系统运行指标可视化框架

github.com/jipegit/OSXA
Mac OS下取证工具

GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system
恶意代码分析系统

GitHub - Netflix/Scumblr
定期搜索及存储web应用,可搜漏洞讨论等等

GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response
事件响应框架(focus on 远程取证)

GitHub - mozilla/MozDef: MozDef: The Mozilla Defense Platform
The Mozilla Defense Platform

GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等)

GitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X
OS X远程取证与分析工具包

GitHub - mozilla/mig: Distributed & real time digital forensics at the speed of the cloud
分布式实时数字取证系统

GitHub - sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Microsoft & Unix 文件系统及硬盘取证工具

github.com/OpenSCAP/ope
Open Source Security Compliance Solution

github.com/wgliang/logc
开源准实时日志采集器

github.com/goldshtn/etr
windows实时ETW事件处理工具

GitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.

CPU及内存相关性能分析工具

WEB:

GitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.
通过调用sqlmap api,自动检测sqli的代理

GitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions
免杀payload生成器

GitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server
用gmail充当C&C服务器的后门


远控:

GitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool
开源模块化远控工具

GitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool)
C#远控工具


漏洞POC&EXP:

GitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
JAVA反序列化漏洞相关资源列表


二进制及代码分析工具:

GitHub - suraj-root/smap: Shellcode mapper
shellcode分析工具

GitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSC
Shellcode/Obfuscate Code Generator

GitHub - korcankaraokcu/PINCE: A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux
linux下逆向工具

GitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Reverse Shell and Post Exploitation Tool

GitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
跨平台二进制分析及逆向工具

Python:

GitHub - gstarnberger/uncompyle: Python decompiler

pyc反编译脚本

github.com/jameslyons/p

pycipher python加解密库

github.com/nvdv/vprof

可视化python性能分析工具



FUZZ:

github.com/MozillaSecur


fuzzing framework

GitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage
A general-purpose, easy-to-use fuzzer with interesting analysis options.

GitHub - fuzzing/MFFA: Media Fuzzing Framework for Android
Media Fuzzing Framework for Android

GitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on Android
A tool to fuzz Intent Android

GitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input.
Fuzzing资源

GitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)

AFL的Android移植版本



如果当中有描述不正确的地方,还请老司机们指教,鞠躬!
或者各位老司机们有什么日常中用的顺手的开源工具或者项目,也可以私信发我,我收集起来再分享给大家,再鞠躬!
编辑于 2016-09-28

文章被以下专栏收录

    本专栏旨在: 1.分享国内外网络安全大事件。 2.科普网络安全。 3.分享技术。 欢迎投稿