@1kbfree
2018-08-22T11:55:06.000000Z
字数 13970
阅读 4101
渗透测试
http://blog.csdn.net/qq_27446553/ (qq_27446553博客)
http://0x007.blog.51cto.com/6330498/1628943 (0x007博客)
http://www.kavsec.com/ (kavsec博客)
http://www.lorexxar.cn/(lorexxar博客)
http://www.test404.com/(test404博客)
https://evi1cg.me/(evilcg博客)
http://ver007.com/(ver007博客)
http://cciezsm.lofter.com/(颖奇博客)
http://www.secsky.cn/(安全天空博客)
https://www.hackfun.org/(4ido1on博客)
http://helloeveryone.blog.51cto.com/(牛磊博客)
http://lu4n.com/(lun博客)
http://www.cnbraid.com/(cnbiraid博客)
http://blog.neargle.com(neargle博客)
https://lightrains.org(lightrains博客)
https://imlonghao.com/(imlonghao博客)
http://www.zerokeeper.com/(zerokeeper博客)
http://www.thinkings.org/(thinkings博客)
https://www.ohlinge.cn/ (ohlinge博客)
https://www.virzz.com (virzz博客)
https://www.jisec.com/ (jisec博客)
http://www.hfhuge.com/(hfhuge博客)
http://www.91ri.org/(91ri博客)
http://www.codersec.net (codersec博客)
http://www.venenof.com/(venenof博客)
http://blog.leanote.com/thorns(leanote博客)
http://www.droidsec.cn/(安卓中文博客 )
http://linux.im/(im博客)
https://www.iswin.org/(飓风博客)
http://www.shentou.org/ (安全渗透军火库博客)
http://joychou.org (joychou博客)
http://0cx.cc/ (0cx博客)
http://hacktech.cn/(hacketech博客)
http://www.lucien116.com(lucien博客)
http://www.hack1990.com(hack1990博客)
http://www.xmanblog.net/(xmanblog博客)
http://xia0yu.win/(xia0yu博客)
http://littlehann.cnblogs.com/ (littlehann博客)
http://lonelyrain.me/(lonelyrain博客)
http://www.hack-gov.com(hack-gov博客)
http://xdxd.love/(xdxd博客)
https://www.lynahex.com/(lynahex博客)
http://www.cnblogs.com/S4b0r/(S4b0r博客)
http://www.leesec.com/(leesce博客)
https://bl4ck.in/(b14ck博客)
http://www.hksafe.cn.com (hksafe博客)
http://www.n0tr00t.com/(n0tr00t博客)
https://www.92aq.com/(92工具博客)
https://3gstudent.github.io/(三好学生博客)
http://www.nxadmin.com/( nxadmin博客 )
https://www.leavesongs.com/( p牛代码审计博客 )
http://www.code521.com/(code521博客)
http://p2j.cn/( 园长博客)
http://le4f.net/(le4f博客)
http://www.polaris-lab.com/ (polaris-lab实验室)
http://www.programlife.net/(程序人生博客)
http://evilcos.me/(余玄博客)
https://www.blackh4t.org/ (blackh4t博客)
http://www.bugsec.org/tools (bugsec博客)
http://ecma.io/(ecma博客)
http://www.meijj.org/ (meijj博客)
https://ricterz.me/(ricterz博客)
http://yaseng.org(yaseng博客)
http://avfisher.win/(安全小飞侠博客)
http://www.0xmh.com/(0xmh博客)
http://www.lijiejie.com/(lijiejie博客)
http://secoff.net/(secoff博客)
http://twi1ight.com/(twi1ight博客)
https://rinige.com (ringige博客)
http://www.bystudent.com/(bystudent博客)
http://o0xmuhe.me/page/2/ (o0xmuhe博客)
http://www.blue-lotus.net/ (蓝莲花战队博客)
https://www.webshell.cc/( webshell博客)
http://appleu0.sinaapp.com/( appleu0博客)
http://www.lshack.cn/ (lshack博客)
https://phpinfo.me/ ( phpinfo博客)
http://f4le.com/ ( f4le博客)
http://www.03sec.com/ (03sec博客)
http://www.cnbraid.com/(cnbradid博客)
http://www.cnblogs.com/killbit/(killbit博客)
http://blog.nuptzj.cn/ (nuptzj博客)
http://www.cnblogs.com/Ox9A82/(Ox9A82博客 )
https://www.lshack.cn/ (lshack博客)
http://www.cnblogs.com/sevck/ (sevck博客)
https://tom0li.github.io(tom0li博客)
http://www.waitalone.cn/(独自等待博客)
https://wujunze.com/(wujunze博客)
https://ht-sec.org(昊天博客)
http://docs.hackinglab.cn/(hackinglab博客)
http://www.milw0rm.cn(milw0rm博客)
https://www.sitedirsec.com/(非安全中国博客 )
http://www.arvinhk.com/(arivn博客)
http://hk-xg.lofter.com/(hk-xg博客 )
http://www.hackblog.cn/( hackblog博客)
http://piaoyu.org/(piaoyu博客)
http://defcon.cn/script(defcon博客)
http://www.jeehsu.com/(几许博客)
http://www.52bug.cn/(吾爱漏洞博客)
http://www.moonsec.com/(暗月博客)
http://www.cnseay.com/(法师博客)
http://www.exehack.net/(小残博客)
http://blog.knownsec.com/(知道创宇博客)
http://www.keen8.com/(kee8博客 )
http://0ke.org/( 0ke博客 )
http://www.storysec.com/(影风's Blog)
http://www.weixianmanbu.com/(黑客技术博客)
http://www.x14hack.com/ (14xhack博客)
http://rcoil.me/(rcoil博客)
https://perseus.codes/(perseus博客)
http://www.legendsec.org/ (legendsec博客)
http://xiao106347.blog.163.com/(小刘kali博客)
http://blog.sycsec.com/(三叶草博客)
http://www.cnnetsec.com/(cnnetsec博客)
http://iscc.gxu.edu.cn/index.php/Index/start (iscc博客)
http://www.joychou.org/(joychou博客)
http://rootkiter.com/EarthWorm/(rootkiter博客)
https://www.lmva.cc/ (lmva博客)
http://www.evil0x.com/ (十六进制)
https://ha.cker.in/(cker博客)
http://wolvez.club/(lostwolf博客)
http://simeon.blog.51cto.com/(simeon博客)
http://javaweb.org/(javaweb博客)
http://qqhack8.blog.163.com/(k8博客)
http://das.scusec.org/(scusec博客)
http://www.zcgonvh.com/(草泥马之家博客)
http://www.webbaozi.com/(包子博客)
http://blog.safebuff.com/(x17dev博客)
http://k1p4ss.sinaapp.com/(k1p4ss博客)
http://www.daokers.com/(金刀客博客)
https://www.i0day.com/(小马博客)
http://www.cnblogs.com/SEC-fsq/(范世强博客)
http://www.lanmaster53.com/(lanmaster53博客)
http://pen-testing.sans.org/blog/pen-testing(sans渗透测试博客)
https://digi.ninja/(digi渗透测试博客)
http://www.harmj0y.net/blog/(harmj0y渗透测试博客)
http://nullsecurity.net/tools.html(nullsecurity渗透工具博客)
http://www.ehacking.net/(ehacking渗透测试博客)
http://www.kitploit.com/(kitploit.渗透测试博客)
http://www.commonexploits.com/(commonexploits渗透测试博客)
https://adsecurity.org/(AD域渗透测试博客)
http://www.securitytube.net/(securitytube渗透视频教程博客)
https://www.dsinternals.com/en/(AD域渗透测试博客)
https://adsecurity.org/(AD域渗透博客)
http://blog.gentilkiwi.com/(mimikazhi博客)
https://blog.0x80.org/(汽车安全博客)
http://sectools.org/tag/web-scanners/(安全工具下载博客)
https://blog.netspi.com/(SQL注入技能博客)
http://www.sqlinjectionwiki.com/Categories/4/postgresql-sql-injection-cheat-sheet/(注入技能表博客)
https://wn.com/http_header_injectionds(http头注入博客)
http://www.devttys0.com/blog/(路由安全博客)
https://fail0verflow.com/(硬件大牛博客)
http://www.blackhat.com/(黑帽大赛官方博客)
http://www.social-engineer.org/(社会工程学博客)
http://www.windowsecurity.com/(window安全博客)
https://www.blackmoreops.com/(linux安全博客)
http://http-tunnel.sourceforge.net/ (http-tunnel反向代理博客)
https://zmap.io/(zmap博客)
https://www.thc.org/(thc博客)
http://mydowndown.com/y2down (youtuble视频下载)
http://securityxploded.com/download.php(国外密码工具大全)
https://pentest.blog/(渗透测试博客)
http://www.rekings.com/blog/(rekings博客)
http://www.hackingarticles.in(黑客文章知识库)
http://fuzzysecurity.com/tutorials/16.html(fuzzysecurity博客)
https://artkond.com/2017/03/23/pivoting-guide/(artkond博客)
http://www.hacking-tutorial.com(haking博客)
https://legalhackers.com/(legalhackers博客)
https://blog.quarkslab.com/(quarkslab博客)
https://foxglovesecurity.com/ (foxglovesecurity博客)
http://carnal0wnage.attackresearch.com/(attackresearch博客)
https://room362.com/(room362博客)
http://blog.portswigger.net/(burpsuit博客)
https://blog.skullsecurity.org/(关于CTF)
https://community.rapid7.com/community/metasploit/blog(MSF官方博客)
http://www.tssci-security.com/(tssci博客)
http://blog.gdssecurity.com/(gdssecurity博客)
https://websec.wordpress.com(websec博客)
http://bernardodamele.blogspot.com/(blogspot博客)
http://laramies.blogspot.com/(blogspot博客)
https://clymb3r.wordpress.com/ (clymb3r博客)
http://www.spylogic.net/(spylogic博客)
http://pentestmonkey.net/blog(pentestmonkey博客)
https://www.commonexploits.com/(commonexploits博客)
https://sensepost.com/blog/(sensepost博客)
http://exploit.co.il/blog/(exploit博客)
http://sirdarckcat.blogspot.com/(sirdarckcat博客)
http://reusablesec.blogspot.com/(reusablesec博客)
https://www.trustwave.com/(trustwave博客)
https://www.corelan.be/(corelan博客)
https://www.notsosecure.com/blog/(notsosecure博客)
https://securityreliks.wordpress.com/(securityreliks博客)
http://ihazomgsecurityskillz.blogspot.com/(linux内核)
https://memset.wordpress.com/(memset博客)
http://gynvael.coldwind.pl/?blog=1&lang=en(gynvael博客)
https://blog.g0tmi1k.com/(g0tmi1k博客)
https://digi.ninja/(digi博客)
http://pentestit.com/(pentestit博客)
https://www.shellntel.com/(shellntel博客)
http://www.irongeek.com/(irongeek博客)
https://bitvijays.github.io/(bitvijays博客)
https://www.hackthissite.org/forums/index.php(国外黑客论坛)
http://wiki.ioin.in/(安全文库)
http://bobao.360.cn/learning/index(安全客知识库)
https://www.hackfun.org/kali-tools/kali-tools-zh.html( KALI工具使用说明)
https://www.gitbook.com/book/t0data/burpsuite/details (burpsuit中文指南)
http://www.w3school.com.cn/( w3school在线学习 )
http://www.runoob.com/ (it脚本学习)
http://www.ziqiangxuetang.com/django (djiango之python学习)
http://www.sec-wiki.com/(安全技能库)
http://paper.seebug.org/ (seebug安全知识库)
https://bowen.navisec.it/(安全文库)
http://expku.com/(国内exp搜索大全)
http://www.exploitsearch.net(exp搜索)
http://www.hegouvip.com/(合购资源网)
http://www.anquanquan.info/(安全圈导航)
http://navisec.it/ (navisec导航)
http://cmcc.ml/(cmcc网址安全导航)
http://www.pediy.com/(看雪论坛 )
http://www.52pojie.cn/(吾爱破解 )
http://www.metasploit.cn/(metasploit论坛)
https://xianzhi.aliyun.com/forum/read/723.html (先知社区)
http://www.pd521.com/(安卓逆向论坛)
http://bbs.ichunqiu.com/(爱春秋论坛)
http://hackinglab.cn/(hack实验室)
https://www.t00ls.net/(t00ls论坛 )
https://forum.90sec.org/(90sec论坛)
https://www.70sec.com/(70sec论坛)
https://forum.exploit.in/(exploit论坛)
http://forum.exetools.com/index.php(explotools论坛)
https://www.v2ex.com/(v2ex程序员社区)
http://www.freebuf.com/(freebuf安全媒体)
http://www.0daybank.org/( 漏洞银行安全资讯)
https://www.secpulse.com/(安全脉搏安全资讯)
http://www.secbox.cn/(安全盒子资讯)
http://www.secist.com/(即刻安全资讯)
https://www.sec-wiki.com/(wiki安全资讯)
http://www.mottoin.com/(猫眼安全媒体)
http://www.4hou.com/(嘶吼安全媒体)
http://wy.hx99.net/(乌云知识库)
https://loudong.sjtu.edu.cn/(教育行业安全漏洞)
http://webscan.360.cn/vul(网站常见漏洞)
https://cxsecurity.com/wlb/(国外漏洞)
http://blogs.360.cn/(360漏洞技术分享)
http://xteam.baidu.com/(百度实验室 )
http://blog.nsfocus.net/(绿盟漏洞预警博客)
https://www.seebug.org/(漏洞预警)
http://www.cnvd.org.cn/(cnvd漏洞平台)
https://www.vulnhub.com/(漏洞测试平台)
https://www.exploit-db.com/papers/(exploit-db漏洞库)
https://technet.microsoft.com/en-us/library/security/mt637763.aspx(微软exp版本号列表)
https://bugs.chromium.org/p/project-zero/issues/list(微软漏洞下载搜索)
https://www.kernel-exploits.com/(linxu内核exp查询)
http://exploit.linuxnote.org/(国内linux内核EXP查询)
https://packetstormsecurity.com/(packetstormsecurity 的exp查询)
http://cve.mitre.org/(漏洞编号查询)
http://www.securiteam.com/(安全团队)
http://www.securityfocus.com/(安全焦点)
http://www.securitytracker.com(securitytracker)
http://www.guninski.com/(guninski的exp查询)
http://www.routerpwn.com/(路由漏洞查询)
http://www.sebug.net/vuldb/vulnerabilities(WEB漏洞库查询)
http://0day5.com/(WEB漏洞时代)
http://www.ussrback.com/(ussrback的exp查询)
http://cn.0day.today/(oday)
http://xssor.io/ (xss poc大全)
http://site.safedog.cn/index.html
http://www.shiyanbar.com/ctf/practice(CTF训练营)
http://bobao.360.cn/ctf/index(360CTF训练营 )
http://hackinglab.cn/(网络安全对抗平台 )
https://www.xctf.org.cn/(xctf社区)
http://bobao.360.cn/ctf/(360CTF社区)
https://ctftime.org/(ctftime社区)
https://github.com/ctfs/(CTFwrite )
https://github.com/powershellempire/empire(powershllempire项目)
https://github.com/adaptivethreat/EmPyre(EmPyre项目)
https://github.com/HarmJ0y/Malleable-C2-Profiles(Malleable-C2-Profiles项目)
https://github.com/Veil-Framework/Veil-Evasion(Veil-Evasion免杀项目)
https://github.com/offensive-security(offensive-security项目)
https://github.com/secretsquirrel/the-backdoor-factory/(the-backdoor-factory项目)
https://github.com/Veil-Framework/Veil-Evasion/(Veil-Evasion免杀项目)
https://github.com/x3omdax/PenBox(安全测试框架)
https://github.com/SecWiki(安全文库)
http://ip.fbisb.com/(真实IP地址查询地址)
https://phpinfo.me/domain/(子域名在线爆破)
http://www.bugbank.cn/dscan/index.html(在线子域名爆破)
https://phpinfo.me/bing.php(在线c段查询)
https://dnsdb.io/zh-cn/(在线C段查询2)
http://www.yopmail.com/zh/(一次性使用邮箱)
http://objectif-securite.ch/(LM破解)
https://www.mailinator.com/(一次性使用邮箱)
http://tools88.com/safe/vnc.php(在线VNC破解)
https://www.hashkiller.co.uk/(在线hash破解)
http://tool.chacuo.net/cryptdes(在线解密加密)
http://www.xssed.com/(xssed平台)
http://xss.cnit.pro/(cnitxss平台)
http://www.objectif-securite.ch/(在线LMHASH破解)
http://toolbar.netcraft.com(很好的域名搜索引擎)
http://who.is ( 域名解析记录很好使)
https://cirt.net/passwords(常用设备密码字典)
http://www.webscantest.com/datastore/(web在线测试练习)
http://www.pinchins.cn/Tools.aspx?ch=Tools(勒索病毒解密工具)
http://www.shunmay.cn/ (shunmay社工库)
http://www.h123.tv/forum.php (h123社工库)
http://cha.hx99.net/(华西社工库)
http://s.70sec.com/(70sec社工库)
http://so.moonsec.com/index.php(暗月社工库)
http://dnf.mima.re/index.php(DNF密码社工库)
http://www.ckaifang.com/(查开房数据库)
https://boy.findmima.com/ (查找密码社工库)
http://163.donothackme.club/(163邮箱社工库)
https://www.instantcheckmate.com/
http://reg007.com (查询邮箱已注册过的网址)
http://www.zhaohuini.com/(找回密码)
https://qqgroup.insight-labs.org/ (群关系查询)
http://toolsapp.duapp.com/randpw.html(反社工随机密码)
https://www.trustasia.com/tools/ccs-checker/ (css漏洞检查)
http://www.bejson.com/ (json在线验证)
大数据以及端口服务查询:
https://www.zoomeye.org/(钟道之眼)
https://www.shodan.io/(shodan查询)
https://www.oshadan.com/(osshadan查询)
https://www.censys.io/(censys查询)
http://cn.bing.com/ (必应查询)
https://searchcode.com/(代码泄露)
二级域名有可能是真实IP或者C段,只要主域名绑定真实IP(hosts.int文件下绑定)去访问,能访问则是真实IP
邮件服务器不会做cdn,一般和同网站是属于同一个C段,然后用namp扫描整个C段,筛选出开放80的端口。
https://asm.ca.com/en/ping.php
http://www.cdnplanet.com/tools/cdnfinder/
http://toolbar.netcraft.com/site_report
http://viewdns.info/iphistory/?domain=
http://www.hosterstats.com/historicaldns.php
http://whoisrequest.com/history/
http://crimeflare.com(查cloudflare真实ip百试不爽)
http://tool.chinaz.com/(站长工具)
http://whatweb.net/(网站指纹查询)
https://www.t00ls.net/domain.html(t00ls工具)
https://www.t00ls.net/domain.html
http://www.spriteking.com/cmd5/
http://hashchecker.de/find.html
http://www.objectif-securite.ch/ophcrack.php
http://www.md5this.com/latest.html
http://cracker.offensive-security.com/index.php
http://freerainbowtables.mirror.garr.it/mirrors/freerainbowtables/md5/(彩虹表)
https://www.t00ls.net/md5_decode.html
https://hashkiller.co.uk/md5-decrypter.aspx
http://neeao.com/tools/decode/index_eval.php(gzinflate解密)
https://www.onlinehashcrack.com/
http://appscan.360.cn/ (安卓检测)
https://b-chao.com/ (安卓检测)
https://malwr.com/submission/ (病毒分析)
https://www.virustotal.com/ (病毒分析2)