{"id":31796256,"url":"https://github.com/tapxworld/oswe_tools","last_synced_at":"2026-02-16T07:31:30.763Z","repository":{"id":315997612,"uuid":"1061502933","full_name":"TapXWorld/oswe_tools","owner":"TapXWorld","description":"for offensive security OSWE certification.","archived":false,"fork":false,"pushed_at":"2025-09-23T10:21:46.000Z","size":3,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-10T20:43:22.401Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TapXWorld.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-22T02:21:28.000Z","updated_at":"2025-09-23T10:21:50.000Z","dependencies_parsed_at":"2025-09-22T05:37:08.054Z","dependency_job_id":"8450f06b-237c-41c4-bb72-2ee0d455f580","html_url":"https://github.com/TapXWorld/oswe_tools","commit_stats":null,"previous_names":["tapxworld/oswe_tools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/TapXWorld/oswe_tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TapXWorld%2Foswe_tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TapXWorld%2Foswe_tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TapXWorld%2Foswe_tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TapXWorld%2Foswe_tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TapXWorld","download_url":"https://codeload.github.com/TapXWorld/oswe_tools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TapXWorld%2Foswe_tools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29502934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T05:57:17.024Z","status":"ssl_error","status_checked_at":"2026-02-16T05:56:49.929Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-10T20:43:07.520Z","updated_at":"2026-02-16T07:31:30.755Z","avatar_url":"https://github.com/TapXWorld.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# oswe_tools\n🔑 我的建议学习路线（无 Lab 版本）\n\n# 第一步：通读教材/视频（1~2 周）\n```\n目的：先知道 OSWE 考什么，涉及哪些漏洞类别。\n建议方式：\n第一遍快速看，不用深钻代码，先把漏洞类型和 exploit 流程记下来。\n做笔记：每个章节对应的「漏洞类型 + 利用链模式 + 脚本结构」。\n👉 输出结果：一份 漏洞思维导图（比如 SQLi → auth bypass → file upload → RCE）。\n```\n\n## 第一步学习总结(以下重点练习对象)\n* php(松散比较,魔法hash)\n* 跨站点脚本操纵会话\n* 通过RCE编程扫描内网\n* 原型污染利用逻辑链\n\n# 第二步：HTB / VulnHub 靶机替代 Lab（2~3 个月）\n```\n按教材知识点 → 找对应 HTB 靶机来练习。\n重点是 写自动化脚本，完全模拟考试环境。\n对照关系（举例）：\n教材考点  推荐 HTB 靶机  练习目标\nSQLi + 文件上传  Magic, Mango  SQLi 审计 + 上传绕过 → 一键化脚本\nAuth bypass / JWT  Smasher2, Tenet  登录绕过 + token 伪造\n命令注入  Obscurity, Sense  白盒找到过滤逻辑 → 命令执行\n反序列化漏洞  Json (.NET), Jerry  审计 gadget → 拼 exploit\n多步骤逻辑链  Breadcrumbs, Teacher  漏洞链串接 → 一键化利用\n👉 输出结果：每台靶机一个 exploit.py 脚本，能一键拿到 shell。\n```\n\n# 第三步：模拟 OSWE 考试（11 月）\n```\n自己从 HTB 中挑 2 台机器（难度中等+稍高），设定 48 小时限时：\n先读源码 → 定位漏洞 → 写 PoC → 写全自动化 exploit。\n模拟考试要求：\n必须写成一键脚本（不能手工点命令）。\n必须写成一份报告（截图、漏洞解释、修复建议）。\n👉 输出结果：至少完成 2 次模拟 48h 考试。\n```\n\n# 第四步：等报 OSWE 时\n```\n你已经有完整 exploit 脚本的经验了，Lab 会变成「熟悉考试套路」而不是「学漏洞」。\n等于你提前完成了 70% 的准备。\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftapxworld%2Foswe_tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftapxworld%2Foswe_tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftapxworld%2Foswe_tools/lists"}