论坛&资讯

http://www.metasploit.cn

http://www.freebuf.com

http://www.backtrack.org.cn/

http://www.hackforums.net 

 

工具包

工具大全http://sectools.org

XSSOR https://github.com/evilcos/xssor xss和csrf攻击辅助工具

XSSEE 3.0 Beta,Monyer开发的,加解密最好用神器;

Online JavaScript beautifier,js美化工具,分析js常用;

AWVS,不仅漏扫方便,自带的一些小工具也好用;

sqlmap,SQL注入利用最牛神器,没有之一

Metasploit,主机渗透框架

Hydra,爆破必备

ZoomEye.org

爆破脚本 http://www.exploit-db.com/

撒旦 shodanhq.com

SHODAN

Wi-fEye

 

信息检索

dns查询 http://searchdns.netcraft.com

google hacking

利用脚本http://www.exploit-db.com/exploits/24320/

信息查询 http://toolbar.netcraft.com

nslookup

whois

 

文章

防御XSS的七条原则http://webappsecuritylab.com/?p=6

我的渗透利器http://zhuanlan.zhihu.com/evilcos/19578244

如何攻击WEB应用程序http://www.freebuf.com/articles/web/12133.html

自动无线渗透测试工具——Wi-fEyehttp://www.freebuf.com/tools/12252.html

sqlmap简单中文说明http://huaidan.org/archives/3244.html

SQLMAP注入拖库过程http://hi.baidu.com/betafish/item/8be96093cc2a8aab82d2953c

Sqlmap注入技巧收集http://www.freebuf.com/articles/web/10789.html

sqlmap 详细用法http://ju.outofmemory.cn/entry/42454

一份渗透测试报告 http://drops.wooyun.org/papers/576

python下的内网渗透笔记http://www.myhack58.com/Article/html/3/8/2013/38282.htm

(入侵时需要注意的事项)

http://kaoticcreations.blogspot.com/2011/05/owning-database-with-sqlmap-and.html

 

漏洞类型:

IIS 图片挂马

nginx 目录遍历漏洞

iframe 点击欺骗

xss非法获取cookie

sql注入,利用错误信息

php爆路径方法收集http://www.myhack58.com/Article/html/3/7/2012/35119.htm

PHP代码执行漏洞总结http://www.myhack58.com/Article/html/3/62/2010/27704.htm

77个XSS用例总结http://www.myhack58.com/Article/html/3/7/2012/35090.htm

dns域传送漏洞DNS域传送信息泄露

sqlmap 和 metaspoilt结合教材http://kaoticcreations.blogspot.com/2011/05/owning-database-with-sqlmap-and.html

 

 


-*-python之禅-*-

Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.

posted on 2013-12-22 14:51  MoonXue  阅读(456)  评论(0编辑  收藏  举报