2017 10月份Github 5大受歡迎的資安工具和目錄

Hack with Github在Medium上發布了他們10月份中最受矚目的5大工具和目錄。而所發布的工具以及目錄如下:

Awesome Red Teaming

List of Awesome Red Team / Red Teaming Resources

This list is for anyone wishing to learn about Red Teaming but do not have a starting point.

Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques.

You can help by sending Pull Requests to add more information.

Awesome Security

A list of Web Security materials and resources for learning the cutting edge penetrating technique.

Awesome Yara

A curated list of awesome YARA rules, tools, and resources.

Awesome Hacking

A collection of hacking and penetration testing resouces to make you better!

Deceptiveidn

Phishers are still using Internationalized Domain Names to trick users. This project uses computer vision to automatically check if IDNs have a deceptive reading.

3 大BlackHat Arsenal工具大放送

以下3個工具是在BlackHat arsenal裡面大放光芒,備受歡迎的。

2FAssassin

The tool exploits the common vulnerabilities that caused private keys leakage.

WHID Injector

WiFi HID Injector for Fun & Profit

CERTitude

CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioural patterns described in IOC (Indicator Of Compromise) files.

Notable features:

  • Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for
  • Ability to retrieve some pieces of data from the hosts
  • Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning
  • Built with security considerations in mind (protected database, secure communications with hosts using IPSec)

其他有趣的Tweet

想懂得更多的也可以看看哦。

PCI Express DIY hacking toolkit

This repository contains a set of tools and proof of concepts related to PCI-E bus and DMA attacks.

jSQL Injection automate tool

jSQL Injection is a Java application for automatic SQL database injection.

Radare2

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.

Radare project started as a forensics tool, a scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..

krackattacks-test-ap-ft

This script tests if APs are affected by CVE-2017-13082 (KRACK attack)

relative-url-extractor

During reconnaissance (recon) it is often helpful to get a quick overview of all the relative endpoints in a file. These days web applications have frontend pipelines that make it harder for humans to understand minified code. This tool contains a nifty regular expression to find and extract the relative URLs in such files. This can help surface new targets for security researchers to look at. It can also be used to periodically compare the results of the same file, to see which new endpoints have been deployed. History has shown that this is a goldmine for bug bounty hunters.

0%