#安全# sqlmap 是一个开源的渗透测试工具,可以用来自动化的检测,利用SQL注入漏洞,获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项,包括获取数据库中存储的数据,访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。
#新手入门# A collection of hacking tools, resources and references to practice ethical hacking.
翻译 - :pushpin:面向业余笔测试人员的指南,以及一系列黑客工具,资源以及用于实践道德黑客,笔测试和网络安全的参考。
#夺旗赛 (CTF) 和网络安全资源# fsociety Hacking Tools Pack – A Penetration Testing Framework
翻译 - fsociety Hacking Tools Pack –渗透测试框架
Course materials for Modern Binary Exploitation by RPISEC
翻译 - RPISEC的“现代二进制开发”课程资料
Automated All-in-One OS Command Injection Exploitation Tool.
翻译 - 自动化的多合一OS命令注入和利用工具。
File upload vulnerability scanner and exploitation tool.
UNIX-like reverse engineering framework and command-line toolset.
翻译 - 类似于UNIX的逆向工程框架和命令行工具集。
Offensive Software Exploitation Course
翻译 - 进攻性软件开发课程
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
翻译 - 该死的GraphQL应用程序是Facebook的GraphQL技术的故意脆弱的实现,用于学习和实践GraphQL安全性。
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
翻译 - WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.
How to exploit a double free vulnerability in 2021. Use After Free for Dummies
翻译 - 如何利用 2021 年的双重释放漏洞。 “Use-After-Free for Dummies”
Linux Binary Exploitation
翻译 - Linux 二进制开发
An XSS exploitation command-line interface and payload generator.
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
翻译 - 处理Herpaderping概念,工具和技术深入证明。流程Herpaderping通过模糊流程的意图来绕过安全产品。
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
翻译 - 我想阅读或已经阅读的与模糊测试,二进制分析和漏洞利用开发相关的学术论文
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
翻译 - 利用 CVE-2021-42278 和 CVE-2021-42287 冒充标准域用户的 DA
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
翻译 - 本实验包含易受服务器端请求伪造攻击的示例代码
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
翻译 - 针对Windows 64位上的Firefox的完整漏洞利用链(CVE-2019-11708和CVE-2019-9810)。
#安卓# Android Kernel Exploitation
翻译 - Android内核开发