Giter VIP home page Giter VIP logo

study's Introduction

工具与靶场

  1. 工具

  2. 靶场

  3. 工具使用方法

    1. github
    2. hashcat
    3. sqlmap
    4. xray
    5. nmap

  4. java安全

  5. ctf

    1. web
    2. misc
    3. crypto
    4. re
    5. pwn

  6. 靶场

    1. dvwa
    2. pikaqiu
    3. uploadlabs
    4. sqllabs
    5. vulhub

  7. wp

千里之行,始于足下

工具与靶场

工具

常用工具与靶场与下载链接

工欲其善必先利器

工具 链接 教程 描述
github https://github.com github
dirsearch https://github.com/maurosoria/dirsearch 目录扫描
xray https://download.xray.cool/xray 漏洞扫描
vulmap https://github.com/zhzyker/vulmap 漏洞扫描
sqlmap https://github.com/sqlmapproject/sqlmap SQL注入
tplmap https://github.com/epinna/tplmap SSTI注入(py2)
CaptfEncoder https://github.com/guyoung/CaptfEncoder/releases 进制转换
BerylEnigma https://github.com/ffffffff0x/BerylEnigma/releases 进制转换
大佬的笔记 https://github.com/ffffffff0x/1earn 笔记
f8x wget -O f8x https://f8x.io/ && mv --force f8x /usr/local/bin/f8x && chmod +x /usr/local/bin/f8x linux环境部署
小皮面板 wget -O install.sh https://download.xp.cn/install.sh && sudo bash install.sh 运维面板
宝塔 wget -O install.sh http://download.bt.cn/install/install-ubuntu_6.0.sh && sudo bash install.sh 运维面板
宝塔卸载 wget http://download.bt.cn/install/bt-uninstall.sh
awd https://github.com/fyfztms/awd_ctf_platform
蚁剑加载器 https://github.com/AntSwordProject/AntSword-Loader
蚁剑 https://github.com/AntSwordProject/antSword 一句话木马利用工具

靶场

工具 链接 wp
dvwa(php7) https://github.com/digininja/DVWA dvwa_wp
pikachu https://github.com/zhuifengshaonianhanlu/pikachu pikachu_wp
uploadlabs(php5.2.17) https://github.com/clriseaa/docker-uploadlabs uploadlabs_wp
sqlilabs(php5) https://github.com/himadriganguly/sqlilabs sqlilabs_wp
vulhub(中间件漏洞) https://github.com/vulhub/vulhub
xsslabs https://xssaq.com/yx/index.php xsslabs_wp
xvwa https://github.com/s4n7h0/xvwa xvwa_wp

工具使用方法

hashcat

sqlmap

xray

  • 使用基础爬虫爬取并对爬虫爬取的链接进行漏洞扫描:

./xray.exe webscan --basic-crawler http://example.com --html-output xxx.html

  • 代理模式

./xray.exe webscan --listen 127.0.0.1:7777 --html-output xray-testphp.html --poc pocs/* --plugin phantasm,baseline,brute-force,cmd-injection,crlf-injection,dirscan,fastjson,jsonp,path-traversal,redirect,shiro,sqldet,ssrf,struts,thinkphp,upload,xss,xxe

nmap

java安全(待更新)

ctf

web

misc

crypto

re

pwn

wp

study's People

Contributors

yyctf avatar

Stargazers

icetm avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.