Github 安全军火库(三)
天谕 · 漏洞及渗透练习平台:
https://github.com/Medicean/VulApps
多种漏洞练习环境
花式扫描器:
GitHub – presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
Ruby on Rails应用静态分析工具
GitHub – future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
linux漏洞扫描器
GitHub – m0nad/HellRaiser: Vulnerability Scanner
基于端口的漏扫及CVE关联
甲方安全工程师生存指南:
GitHub – codejanus/ToolSuite: Security tools
安全工具合集
GitHub – mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System
apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM)
GitHub – Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool
Destroy-Windows-10-Spying
https://github.com/pwnsdx/BadCode
PHP代码审计扫描器
GitHub – rfxn/linux-malware-detect: Linux Malware Detection (LMD)
linux下恶意代码检测包
GitHub – facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics.
操作系统运行指标可视化框架
https://github.com/jipegit/OSXAuditor
Mac OS下取证工具
GitHub – cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system
恶意代码分析系统
GitHub – Netflix/Scumblr
定期搜索及存储web应用,可搜漏洞讨论等等
GitHub – google/grr: GRR Rapid Response: remote live forensics for incident response
事件响应框架(focus on 远程取证)
GitHub – mozilla/MozDef: MozDef: The Mozilla Defense Platform
The Mozilla Defense Platform
GitHub – ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等)
GitHub – Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X
OS X远程取证与分析工具包
GitHub – mozilla/mig: Distributed & real time digital forensics at the speed of the cloud
分布式实时数字取证系统
https://github.com/OpenSCAP/openscap
Open Source Security Compliance Solution
https://github.com/wgliang/logcool
开源准实时日志采集器
https://github.com/goldshtn/etrace
windows实时ETW事件处理工具
CPU及内存相关性能分析工具
WEB:
GitHub – fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.
通过调用sqlmap api,自动检测sqli的代理
GitHub – byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server
用gmail充当C&C服务器的后门
远控:
GitHub – UbbeLoL/uRAT: Opensource modular Remote Administration Tool
开源模块化远控工具
GitHub – hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool)
C#远控工具
漏洞POC&EXP:
GitHub – GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
JAVA反序列化漏洞相关资源列表
二进制及代码分析工具:
GitHub – suraj-root/smap: Shellcode mapper
shellcode分析工具
GitHub – zscproject/OWASP-ZSC: OWASP ZSCGitHub – zscproject/OWASP-ZSC: OWASP ZSC
Shellcode/Obfuscate Code Generator
GitHub – panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Reverse Shell and Post Exploitation Tool
GitHub – programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
跨平台二进制分析及逆向工具
Python:
GitHub – gstarnberger/uncompyle: Python decompiler
pyc反编译脚本
https://github.com/jameslyons/pycipher
pycipher python加解密库
可视化python性能分析工具
FUZZ:
https://github.com/MozillaSecurity/peach
fuzzing framework
GitHub – google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage
A general-purpose, easy-to-use fuzzer with interesting analysis options.
GitHub – fuzzing/MFFA: Media Fuzzing Framework for Android
Media Fuzzing Framework for Android
GitHub – MindMac/IntentFuzzer: A Tool to fuzz Intent on Android
A tool to fuzz Intent Android
GitHub – MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input.
Fuzzing资源
GitHub – ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)
AFL的Android移植版本
如果当中有描述不正确的地方,还请老司机们指教,鞠躬!
或者各位老司机们有什么日常中用的顺手的开源工具或者项目,也可以私信发我,我收集起来再分享给大家,再鞠躬!
