Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/404notf0und/Security-Data-Analysis-and-Visualization

2018-2020青年安全圈-活跃技术博主/博客
https://github.com/404notf0und/Security-Data-Analysis-and-Visualization

Last synced: about 2 months ago
JSON representation

2018-2020青年安全圈-活跃技术博主/博客

Awesome Lists containing this project

README

        

# Security-Data-Analysis-and-Visualization
## 2018-2020青年安全圈-活跃技术博主/博客
## 声明
* 所有数据均来自且仅来自公开信息,未加入个人先验知识,如有疑义,请及时联系[email protected]
* 公开这批数据是为了大家一起更快更好地学习,请不要滥用这批数据,由此引发的问题,本人将概不负责。
* 对这批数据的分析文章首发在个人微信公众号,原文为:[我分析了2018-2020年青年安全圈450个活跃技术博客和博主](https://mp.weixin.qq.com/s/QKKUSd3b-X2QQGkyZMQ2Xw),转载请联系作者。

## Why
- **最初目的**:个人日常安全阅读资源不足,需要从博客、Github、Twitter等多个数据源补充。
- **延续目的**:以人为核心,系统化收集博客、Github、当前主要研究方向、所属安全组织、学校、公司、RSS、知乎、微博、Email等信息,缩小安全圈的范围。
- **信息检索**:通过关键字检索,方便找人,缩小人与人之间的交流障碍。比如通过高校关键字,可以快速找到校友,通过网络ID快速找到博主。
- **内容学习**:例如从主要研究方向入手,Follow不同方向活跃博主,补充阅读资源,紧追安全前沿。
- **数据分析**:挖掘人与人之间的社交网络,判断自己当前所处位置,指引未来发展方向。
## What
1. **数据采集**

此版本数据为采集到的公开数据,数据格式为:

Follow,Star,ID,Security_ID,Blog,Individual_Team_Company,Friend_Link_ID,Github,Weibo,Focus_On,Team,School_Company,Skills_Tags,Man_Tags,RSS,Twitter,Zhihu,Email,Contact,Famous_Projects
对应的解释分别是:

笔者在跟着学习的,笔者觉得不错推荐的,索引ID,网络ID,博客链接,个人(1)/团队(2)/公司(3)博客,友情链接的索引ID,Github地址,微博地址,主要研究领域,所属安全团队,所属高校/公司,技能标签(PHP?Python?Java),人物标签(摄影?动漫?文艺),RSS订阅地址,推特地址,知乎地址,邮箱地址,联系方式(QQ?微信?),著名开源项目

采集到的Skillgs_Tags,Man_Tags,Zhihu三个字段数据很少且意义不大,故计划舍弃。
2. **数据缺失补全**

通过挖掘人与人之间的社交关系,补全部分数据,此版本数据暂时不会公开。

## How&&Do
* **数据缺失补全**

## Result
* 输出一份价值较高的原始数据和分析结果,使用者以此可以达到信息检索、内容学习、纵观安全的目的。
* 输出一份Github与大安全资源。
## Github&&大安全

2020-03-12

- [fuzzDicts:Web Pentesting Fuzz 字典](https://github.com/TheKingOfDuck/fuzzDicts)
- [FileMonitor:文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)](https://github.com/TheKingOfDuck/FileMonitor)
- [MySQLMonitor:MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)](https://github.com/TheKingOfDuck/MySQLMonitor)
- [easyXssPayload:XssPayload List for Fuzzing](https://github.com/TheKingOfDuck/easyXssPayload)
- [burpFakeIP:一个用于伪造ip地址进行爆破的Burp Suite插件](https://github.com/TheKingOfDuck/burpFakeIP)

2020-01-02

- [FOFA Pro View:FOFA Pro 资产展示浏览器插件](https://github.com/0nise/fofa_view)
- [crawlergo_x_XRAY:360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能](https://github.com/timwhitez/crawlergo_x_XRAY)
- [LangSrcCurise:SRC子域名资产监控](https://github.com/LangziFun/LangSrcCurise)
- [Passive Scan Client:Burp被动扫描流量转发插件](https://github.com/c0ny1/passive-scan-client)

2019-12-27
- [从0开始你的域渗透之旅](https://github.com/crazywa1ker/DarthSidious-Chinese)
- [get_domain:域名收集与监测V3.0](https://github.com/guimaizi/get_domain)

目录:
- [安全知识大综合](#安全知识大综合)
- [CTF知识大综合](#CTF知识大综合)
- [安全工具大综合](#安全工具大综合)
- [资产](#资产)
- [敏感信息泄露检测工具](#敏感信息泄露检测工具)
- [漏洞](#漏洞)
- [漏洞知识综合](#漏洞知识综合)
- [特定漏洞及利用](#特定漏洞及利用)
- [漏洞通用工具](#漏洞通用工具)
- [渗透测试](#渗透测试)
- [渗透测试知识](#渗透测试知识)
- [渗透测试工具](#渗透测试工具)
- [红队](#红队)
- [Web安全](#Web安全)
- [Web安全知识大综合](#Web安全知识大综合)
- [Web安全工具](#Web安全工具)
- [各语言代码审计](#各语言代码审计)
- [移动安全](#移动安全)
- [IoT安全](#IoT安全)
- [二进制安全](#二进制安全)
- [系统安全](#系统安全)
- [智能安全](#智能安全)
- [域名相关工具](#域名相关工具)
- [密码相关工具](#密码相关工具)
- [BurpSuite相关工具](#BurpSuite相关工具)
- [数据分析](#数据分析)
- [效率工具](#效率工具)
- [其他安全工具](#其他安全工具)

## 安全知识大综合
- [sec-chart:安全思维导图集合](https://github.com/SecWiki/sec-chart)
- [Mind-Map:各种安全相关思维导图整理收集](https://github.com/phith0n/Mind-Map)
- [SecPaper:SecurityPaper For www.polaris-lab.com](https://github.com/PolarisLab/SecPaper)
- [sks:Security Knowledge Structure(安全知识汇总)](https://github.com/JoyChou93/sks)
- [MITRE | ATT&CK-CN ](https://github.com/klionsec/MITRE-ATT-CK-CN)
- [collection-document:Collection of quality safety articles](https://github.com/tom0li/collection-document)
- [GoogleHacking-Page](https://github.com/K0rz3n/GoogleHacking-Page)
- [security-conference-archive:Collection of Security Conference Slides/Papers](https://github.com/Xyntax/security-conference-archive)
- [Security-PPT:大安全各领域各公司各会议分享的PPT](https://github.com/FeeiCN/Security-PPT)
- [Newbie-Security-List:网络安全学习资料](https://github.com/findneo/Newbie-Security-List)

## CTF知识大综合

- [CTF-All-In-One:CTF竞赛入门指南](https://github.com/firmianay/CTF-All-In-One)
- [CTF_repo:收集我参加过的CTF的题集, 只有题目, 不含wp](https://github.com/Hcamael/CTF_repo)
- [CTF_web:a project aim to collect CTF web practices](https://github.com/wonderkun/CTF_web)
- [CTF-Challenge:CTF题目收集](https://github.com/meizjm3i/CTF-Challenge)
- [Writeups:国内各大CTF赛题及writeup整理](https://github.com/susers/Writeups)
- [awd_attack_framework:awd攻防常用脚本+不死马+crontab+防御方法](https://github.com/Wfzsec/awd_attack_framework)

## 安全工具大综合
- [hack-for-tools:常用的黑客神器](https://github.com/backlion/hack-for-tools)
- [Scanners-Box:安全行业从业者自研开源扫描器合辑](https://github.com/We5ter/Scanners-Box)
- [Awesome Platforms](https://github.com/We5ter/Awesome-Platforms)

## 资产
- [w-digital-scanner/w12scan:网络资产发现引擎](https://github.com/w-digital-scanner/w12scan)

## 敏感信息泄露检测工具
- [GSIL:GitHub敏感信息泄露监控](https://github.com/FeeiCN/GSIL)
- [GitLeak:GitLeak 是一个从 Github 上查找密码信息的小工具](https://github.com/5alt/GitLeak)
- [GitHacker: A Git source leak exploit tool that restores the entire Git repository](https://github.com/WangYihang/GitHacker)
- [FileSensor:基于爬虫的动态敏感文件探测工具](https://github.com/Xyntax/FileSensor)
- [VKSRC/Github-Monitor:Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)](https://github.com/VKSRC/Github-Monitor)

## 漏洞
### 漏洞知识综合
- [wooyun_search:乌云公开漏洞、知识库搜索 search from wooyun.org](https://github.com/grt1st/wooyun_search)
- [1000php:1000个PHP代码审计案例(2016.7以前乌云公开漏洞)](https://github.com/Xyntax/1000php)
### 特定漏洞及利用
- [FastjsonExploit:fastjson漏洞快速利用框架](https://github.com/c0ny1/FastjsonExploit)
- [fastjson-remote-code-execute-poc](https://github.com/shengqi158/fastjson-remote-code-execute-poc)
- [upload-labs:一个想帮你总结所有类型的上传漏洞的靶场](https://github.com/c0ny1/upload-labs)
- [upload-fuzz-dic-builder:上传漏洞fuzz字典生成脚本](https://github.com/c0ny1/upload-fuzz-dic-builder)
- [xxe-lab:一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo](https://github.com/c0ny1/xxe-lab)
- [redis-rce:Redis 4.x/5.x RCE](https://github.com/Ridter/redis-rce)
- [redis-rogue-server:Redis(<=5.0.5) RCE](https://github.com/n0b0dyCN/redis-rogue-server)
- [CVE-2017-11882](https://github.com/Ridter/CVE-2017-11882)
- [Exchange2domain:CVE-2018-8581](https://github.com/Ridter/Exchange2domain)
- [CVE-2014-7911_poc:Local root exploit for Nexus5 Android 4.4.4(KTU84P)](https://github.com/retme7/CVE-2014-7911_poc)
- [CVE-2019-2725命令回显](https://github.com/lufeirider/CVE-2019-2725)
### 漏洞通用工具
- [vulhub/vulhub:Pre-Built Vulnerable Environments Based on Docker-Compose](https://github.com/vulhub/vulhub)
- [vulhub/MetaDockers:Responsible for visualization the vulhub and docker](https://github.com/vulhub/MetaDockers)
- [windows-kernel-exploits:windows-kernel-exploits Windows平台提权漏洞集合](https://github.com/SecWiki/windows-kernel-exploits)
- [linux-kernel-exploits:linux-kernel-exploits Linux平台提权漏洞集合](https://github.com/SecWiki/linux-kernel-exploits)
- [java-sec-code:Java common vulnerabilities and security code](https://github.com/JoyChou93/java-sec-code)
- [SharpSploit:SharpSploit is a .NET post-exploitation library written in C#](https://github.com/cobbr/SharpSploit)
- [nse_vuln:Nmap扫描、漏洞利用脚本](https://github.com/Rvn0xsy/nse_vuln)
- [vulstudy:使用docker快速搭建各大漏洞学习平台,目前可以一键搭建12个平台](https://github.com/c0ny1/vulstudy)
- [Exploit-Framework:An Exploit framework for Web Vulnerabilities written in Python](https://github.com/WangYihang/Exploit-Framework)
- [chaitin/xray:xray 安全评估工具](https://github.com/chaitin/xray)
- [crawlergo_x_XRAY:360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能](https://github.com/timwhitez/crawlergo_x_XRAY)

## 渗透测试
### 渗透测试知识
- [Mind-Map:超详细的渗透测试思维导图](https://github.com/iSafeBlue/Mind-Map)
- [pentest_study:从零开始内网渗透学习](https://github.com/l3m0n/pentest_study)
- [Intranet_Penetration_Tips:2018年初整理的一些内网渗透TIPS](https://github.com/Ridter/Intranet_Penetration_Tips)
- [Active-Directory-Pentest-Notes:个人域渗透学习笔记](https://github.com/uknowsec/Active-Directory-Pentest-Notes)
- [Pentest-and-Development-Tips:A collection of pentest and development tips](https://github.com/3gstudent/Pentest-and-Development-Tips)
- [Penetration_Testing_Case:用于记录分享一些有趣的案例](https://github.com/r35tart/Penetration_Testing_Case)
- [ew:内网穿透(跨平台)](https://github.com/idlefire/ew)
- [python-hacker-code:《python黑帽子:黑客与渗透测试编程之道》代码及实验文件,字典等](https://github.com/giantbranch/python-hacker-code)
- [The-Hacker-Playbook-3-Translation:译渗透测试实战第三版(红队版)](https://github.com/Snowming04/The-Hacker-Playbook-3-Translation)
- [从0开始你的域渗透之旅](https://github.com/crazywa1ker/DarthSidious-Chinese)
### 渗透测试工具
- [WebPocket:Exploit management framework](https://github.com/TuuuNya/WebPocket)
- [pentest_tools:收集一些小型实用的工具](https://github.com/l3m0n/pentest_tools)
- [pentest:some pentest scripts & tools by [email protected]](https://github.com/yaseng/pentest)
- [DiscoverTarget:前渗透信息探测工具集-URL采集](https://github.com/coco413/DiscoverTarget)
- [POC-T:渗透测试插件化并发框架](https://github.com/Xyntax/POC-T)
- [cmsPoc:CMS渗透测试框架](https://github.com/CHYbeta/cmsPoc)
- [Pentest:tools](https://github.com/Ridter/Pentest)
- [Berserker:针对Pentest或者CTF的一个fuzz payload项目](https://github.com/zer0yu/Berserker)
- [w-digital-scanner/w13scan:被动安全扫描器](https://github.com/w-digital-scanner/w13scan)
- [Pentest-tools:内网渗透工具](https://github.com/Brucetg/Pentest-tools)
- [TrackRay:溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)](https://github.com/iSafeBlue/TrackRay)
- [saucerframe:python3批量poc检测工具](https://github.com/saucer-man/saucerframe)
- [FOFA Pro View:FOFA Pro 资产展示浏览器插件](https://github.com/0nise/fofa_view)
- [fuzz_dict:常用的一些fuzz及爆破字典,欢迎大神继续提供新的字典及分类。](https://github.com/TuuuNya/fuzz_dict)
- [fuzzDicts:Web Pentesting Fuzz 字典](https://github.com/TheKingOfDuck/fuzzDicts)

## 红队
- [Covenant:Covenant is a collaborative .NET C2 framework for red teamers](https://github.com/cobbr/Covenant)
- [RedTeamManual:红队作战手册](https://github.com/klionsec/RedTeamManual)

## Web安全知识大综合
- [Web-Security-Learning](https://github.com/CHYbeta/Web-Security-Learning)
- [WAF-Bypass:WAF Bypass Cheatsheet](https://github.com/CHYbeta/WAF-Bypass)
## Web安全工具
- [JSFinder:JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.](https://github.com/Threezh1/JSFinder)
- [WebEye:一个快速简单地识别WEB服务器类型、CMS类型、WAF类型、WHOIS信息、以及语言框架的小脚本](https://github.com/zerokeeper/WebEye)
- [whatweb:更快速的进行Web应用指纹识别](https://github.com/l3m0n/whatweb)
- [WebFuzzAttack:web模糊测试 - 将漏洞可能性放大](https://github.com/l3m0n/WebFuzzAttack)
- [CMS-Hunter:CMS漏洞测试用例集合](https://github.com/SecWiki/CMS-Hunter)
- [w-digital-scanner/w9scan:Plug-in type web vulnerability scanner](https://github.com/w-digital-scanner/w9scan)
- [webshell:入侵分析时发现的Webshell后门](https://github.com/JoyChou93/webshell)
- [webshell-venom:免杀webshell无限生成工具(利用随机异或无限免杀D盾)](https://github.com/yzddmr6/webshell-venom)
- [as_webshell_venom:免杀webshell无限生成工具蚁剑版](https://github.com/yzddmr6/as_webshell_venom)
- [webshellSample:webshell sample for WebShell Log Analysis](https://github.com/tanjiti/webshellSample)
- [Javascript-Backdoor:Learn from Casey Smith @subTee](https://github.com/3gstudent/Javascript-Backdoor)
- [Bypass_Disable_functions_Shell:一个各种方式突破Disable_functions达到命令执行的shell](https://github.com/l3m0n/Bypass_Disable_functions_Shell)
- [DirBrute:多线程WEB目录爆破工具](https://github.com/Xyntax/DirBrute)
- [easyXssPayload:XssPayload List for Fuzzing](https://github.com/TheKingOfDuck/easyXssPayload)

## 各语言代码审计

- [Audit-Learning:记录自己对《代码审计》的理解和总结](https://github.com/jiangsir404/Audit-Learning)
- [PHP-code-audit:代码审计,对一些大型cms漏洞的复现研究,更新源码和漏洞exp](https://github.com/jiangsir404/PHP-code-audit)
- [Code-Audit-Challenges](https://github.com/CHYbeta/Code-Audit-Challenges)
- [python_sec:python安全和代码审计相关资料收集](https://github.com/bit4woo/python_sec)
- [pyvulhunter:python audit tool 审计 注入 inject](https://github.com/shengqi158/pyvulhunter)
- [WhaleShark-Team/cobra:源代码安全审计工具](https://github.com/WhaleShark-Team/cobra)
- [Cobra-W:白盒源代码审计工具-白帽子版](https://github.com/LoRexxar/Cobra-W)

## 移动安全
- [App_Security:App安全学习](https://github.com/Brucetg/App_Security)

## IoT安全
- [iot-security-wiki:IOT security wiki](https://github.com/yaseng/iot-security-wiki)

## 二进制安全
- [Some-Kernel-Fuzzing-Paper](https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper)
- [kDriver-Fuzzer:基于ioctlbf框架编写的驱动漏洞挖掘工具kDriver Fuzzer](https://github.com/k0keoyo/kDriver-Fuzzer)
- [awesome-vm-exploit:share some useful archives about vm and qemu escape exploit.](https://github.com/WinMin/awesome-vm-exploit)
- [ROPgadget:This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation](https://github.com/JonathanSalwan/ROPgadget)
- [Triton:Triton is a Dynamic Binary Analysis (DBA) framework](https://github.com/JonathanSalwan/Triton)
- [PinTools:Pintool example and PoC for dynamic binary analysis](https://github.com/JonathanSalwan/PinTools)
- [binary-samples:Samples of binary with different formats and architectures](https://github.com/JonathanSalwan/binary-samples)
- [vm-escape:some interesting vm-escape game](https://github.com/ray-cp/vm-escape)
- [Binary-Reading-List:Things I know and will know about binaries.](https://github.com/firmianay/Binary-Reading-List)

## 系统安全
- [SuperDllHijack:一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了](https://github.com/anhkgg/SuperDllHijack)
- [List-RDP-Connections-History:Use powershell to list the RDP Connections History of logged-in users or all users](https://github.com/3gstudent/List-RDP-Connections-History)
- [Eventlogedit-evtx--Evolution:Remove individual lines from Windows XML Event Log (EVTX) files](https://github.com/3gstudent/Eventlogedit-evtx--Evolution)
- [Software-Security-Learning](https://github.com/CHYbeta/Software-Security-Learning)

## 智能安全
- [AI-for-Security-Learning:安全场景、基于AI的安全算法和安全数据分析学习资料整理](https://github.com/404notf0und/AI-for-Security-Learning)
- [AI-Security-Learning:自身学习的安全数据科学和算法的学习资料](https://github.com/0xMJ/AI-Security-Learning)

## 域名相关工具
- [dnsAutoRebinding:ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6](https://github.com/Tr3jer/dnsAutoRebinding)
- [domain_hunter:利用burp收集整个企业、组织的域名(不仅仅是单个主域名)的插件](https://github.com/bit4woo/domain_hunter)
- [GSDF:A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具](https://github.com/We5ter/GSDF)
- [ESD:枚举子域名](https://github.com/FeeiCN/ESD)
- [get_domain:域名收集与监测V3.0](https://github.com/guimaizi/get_domain)
- [LangSrcCurise:SRC子域名资产监控](https://github.com/LangziFun/LangSrcCurise)

## 密码相关工具
- [sarkara:A experimental post-quantum cryptography library](https://github.com/quininer/sarkara)
- [genpAss:中国特色的弱口令生成器](https://github.com/RicterZ/genpAss)
- [passmaker:可以自定义规则的密码字典生成器,支持图形界面 A password-generator that base on the rules that you specified](https://github.com/bit4woo/passmaker)
- [WebCrack:网站后台弱口令/万能密码批量检测工具](https://github.com/yzddmr6/WebCrack)
- [Decryption-tool:内网密码搜集部分工具](https://github.com/klionsec/Decryption-tool)
- [RW_Password:此项目用来提取收集以往泄露的密码中符合条件的强弱密码](https://github.com/r35tart/RW_Password)

## BurpSuite相关工具

- [BurpSuite-collections:BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程](https://github.com/Mr-xn/BurpSuite-collections)
- [domain_hunter:利用burp收集整个企业、组织的域名(不仅仅是单个主域名)的插件](https://github.com/bit4woo/domain_hunter)
- [Passive Scan Client:Burp被动扫描流量转发插件](https://github.com/c0ny1/passive-scan-client)
- [chunked-coding-converter:Burp suite 分块传输辅助插件](https://github.com/c0ny1/chunked-coding-converter)
- [reCAPTCHA:自动识别图形验证码并用于burp intruder爆破模块的插件](https://github.com/bit4woo/reCAPTCHA)
- [burpFakeIP:一个用于伪造ip地址进行爆破的Burp Suite插件](https://github.com/TheKingOfDuck/burpFakeIP)

## 数据分析
- [sec_profile:爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号](https://github.com/tanjiti/sec_profile)

## 效率工具
- [一些常用的Python脚本](https://github.com/fupinglee/MyPython)
- [FileMonitor:文件变化实时监控工具(代码审计/黑盒/白盒审计辅助工具)](https://github.com/TheKingOfDuck/FileMonitor)
- [MySQLMonitor:MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)](https://github.com/TheKingOfDuck/MySQLMonitor)

## 其他安全工具
- [mooder:Mooder是一款开源、安全、简洁、强大的团队内部知识分享平台](https://github.com/phith0n/mooder)
- [teemo:A Domain Name & Email Address Collection Tool](https://github.com/bit4woo/teemo)
- [SuperWeChatPC:超级微信电脑客户端,支持多开、防消息撤销、语音消息备份...开放WeChatSDK](https://github.com/anhkgg/SuperWeChatPC)
- [RGPerson:随机身份生成脚本](https://github.com/gh0stkey/RGPerson)
- [opencanary_web:The web management platform of honeypot](https://github.com/p1r06u3/opencanary_web)
- [CyberSecurityRSS:优秀的个人情报来源](https://github.com/zer0yu/CyberSecurityRSS)
- [slides:The slides I have ever presented](https://github.com/A7um/slides)
- [mylamour的issues](https://github.com/mylamour/blog/issues)