Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/Smi1eSEC/Web-Security-Note

Record some common Web security sites
https://github.com/Smi1eSEC/Web-Security-Note
Last synced: 25 days ago
JSON representation
Record some common Web security sites
Host: GitHub
URL: https://github.com/Smi1eSEC/Web-Security-Note
Owner: Smi1eSEC
Created: 2019-02-08T09:52:31.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2022-08-31T14:52:30.000Z (over 2 years ago)
Last Synced: 2024-08-04T23:11:04.266Z (4 months ago)
Size: 31.3 KB
Stars: 216
Watchers: 2
Forks: 42
Open Issues: 0
Metadata Files:
- Readme: README.md
Awesome Lists containing this project

awesome-security-collection - **98**星
awesome-hacking-lists - Smi1eSEC/Web-Security-Note - Record some common Web security sites (Others)
README

        # [Web-Security-Note](https://github.com/Smi1e521/Web-Security-Note)

Record some common Web security sites

由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了，所以利用这个项目来记录一下，以便查阅。

# 目录：

- [CTF](#CTF)

- [Online-Tools](#Online-Tools)

- [漏洞环境](#%E6%BC%8F%E6%B4%9E%E7%8E%AF%E5%A2%83)

- [信息搜集](#%E4%BF%A1%E6%81%AF%E6%90%9C%E9%9B%86)

- [工具](#%E5%B7%A5%E5%85%B7)

- [面经](#%E9%9D%A2%E7%BB%8F)

- [BypassWAF](#BypassWAF)

- [WEB安全](#WEB%E5%AE%89%E5%85%A8)

- [漏洞挖掘](#%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98)

- [渗透测试](#%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95)

- [内网渗透](#%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F)

- [扫描器开发](#%E6%89%AB%E6%8F%8F%E5%99%A8%E5%BC%80%E5%8F%91)

- [开发](#%E5%BC%80%E5%8F%91)

- [运维](#%E8%BF%90%E7%BB%B4)

# CTF

+ [CTF Time](https://ctftime.org/)

+ [Pwnhub](https://pwnhub.cn/)

+ [CTF_论剑场](http://new.bugku.com/)

+ [南京邮电大学CTF平台](https://cgctf.nuptsast.com/)

+ [Whale CTF](http://whalectf.xin/)

+ [JarvisOJ](https://www.jarvisoj.com/)

+ [Hackme CTF](https://hackme.inndy.tw/)

+ [X计划平台](https://www.linkedbyx.com/)

+ [id0-rsa](https://id0-rsa.pub/)

+ [solveme](http://solveme.peng.kr/)

+ [ctfhub](https://github.com/ByPupil/ctfhub/tree/master/php_characteristics)

+ [CTF_WEB](https://github.com/wonderkun/CTF_web)

+ [Web-CTF-Cheatsheet](https://github.com/w181496/Web-CTF-Cheatsheet)

+ [PHP_Code_Challenge](https://github.com/yaofeifly/PHP_Code_Challenge)

+ [CTFTraining](https://github.com/CTFTraining)

+ [为应对CTF比赛而搭建的各种环境](https://github.com/wonderkun/CTFENV)

# Online-Tools

+ [XSS'OR](http://xssor.io/)

+ [YoungxjTools](http://tools.yum6.cn/)

+ [CEYE](http://ceye.io/)

+ [Linux命令搜索](https://wangchujiang.com/linux-command/)

+ [正则表达式在线测试](https://c.runoob.com/front-end/854)

+ [CEYE](http://ceye.io/)

+ [One-lined Python](http://www.onelinerizer.com/)

+ [carbon代码美化](https://carbon.now.sh/)

+ [Online regex test and debug](https://regex101.com/)

+ [PHP Sandbox](http://sandbox.onlinephpfunctions.com/)

+ [CODELF-给程序变量起名](https://unbug.github.io/codelf/)

+ [几秒内获得一个干净的Linux系统](https://github.com/instantbox/instantbox)

# 漏洞环境

+ [Vulhub](https://vulhub.org/)

+ [Vulnhub](https://www.vulnhub.com/)

+ [VulApps](http://vulapps.evalbug.com/)

+ [VULNSPY](https://www.vulnspy.com/)

+ [XSS Thousand Knocks](https://knock.xss.moe/)

+ [upload-labs](https://github.com/c0ny1/upload-labs)

+ [HackTheBox](https://www.hackthebox.eu/)

+ [AttackDefense](https://attackdefense.com/)

+ [Weblogic环境搭建工具](https://github.com/QAX-A-Team/WeblogicEnvironment)

# 信息搜集

+ [被动信息收集（上）](https://mp.weixin.qq.com/s?__biz=MzUyMzQzOTMwMQ==&mid=2247485824&idx=1&sn=8e1b6b73fde8117410c2ff6e10531a53&chksm=fa3dd42acd4a5d3cfb83795dcf74afe5c7b66ca588976c9048fc1d9ed320271a15d7cefc595e&mpshare=1&scene=23&srcid=1026WJ7g8j0JCi5kvVPZ9Ahz#rd)

+ [被动信息收集（下）](https://mp.weixin.qq.com/s?__biz=MzUyMzQzOTMwMQ==&mid=2247485845&idx=1&sn=a8cbda7f3e0b1e52a594dbfb924e5f29&chksm=fa3dd43fcd4a5d290f6816a9df0854e0c95f4e678b67c84e35ccfca09a8636d92aaff2ecfef3&mpshare=1&scene=23&srcid=1026QbUKhXA2SKFQB5g0LeYP#rd)

+ [渗透测试标准-情报收集（上）](https://mp.weixin.qq.com/s?__biz=MzUyNTk1NDQ3Ng==&mid=2247484029&idx=1&sn=64fe6b9d7e50b044735a8e56131ed363&chksm=fa177ebecd60f7a808e9fddf7227d67e33904f09563e251694a92b693ca8b00c17674b9cf1a8&mpshare=1&scene=23&srcid=%23rd)

+ [渗透测试标准-情报收集（中）](https://mp.weixin.qq.com/s?__biz=MzUyNTk1NDQ3Ng==&mid=2247484034&idx=1&sn=575e356a6fccb22e4cc7c3d612d71879&chksm=fa177e41cd60f757a3ac88f2e039b9c592e7a311b90b112204f4bd9befe1c8288b24673b6cca&mpshare=1&scene=23&srcid=%23rd)

+ [子域名在线搜索](http://tool.chinaz.com/subdomain)

+ [temmo](https://github.com/bit4woo/teemo)

+ [快速提取C段:cscan](https://github.com/lufeirider/cscan)

+ [Async DNS Brute](https://github.com/blark/aiodnsbrute/)

+ [【渗透神器系列】搜索引擎](https://thief.one/2017/05/19/1/)

+ [浅谈信息收集的那些事儿](https://xz.aliyun.com/t/5012#toc-9)

+ [浅谈信息收集](https://mp.weixin.qq.com/s?srcid=&scene=22&sharer_sharetime=1573375803204&mid=2247484128&sharer_shareid=53ce26ebcfc0ab407e8f37bf3cb55ec8&sn=1640c02c03b621eb224de15071ca4e38&idx=1&__biz=MzU4OTExNTk0OA%253D%253D&chksm=fdd325a3caa4acb5e6090cb826873be902d1333c6f7820699080f92541a108c7b6c12da1b222&mpshare=1%23rd)

+ [信息搜集](https://mp.weixin.qq.com/s?__biz=MzU1NjgzOTAyMg==&mid=2247485587&idx=1&sn=2fdc7f93038ddb3d5fa906a2834ffdeb&chksm=fc3fb192cb4838840e3d1b7daa495ee4e6c4ba7ccb6ba27a14044489f8cf90018f9a17423a4e&mpshare=1&scene=23&srcid&sharer_sharetime=1576459880818&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

# 工具

+ [Scanners-Box](https://github.com/We5ter/Scanners-Box/blob/master/README_CN.md)

+ [waf自动爆破(绕过)工具](https://github.com/3xp10it/bypass_waf)

+ [K8工具(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)](https://github.com/k8gege/K8tools)

+ [k8工具使用教程](https://mp.weixin.qq.com/s/Io7YvMLEk_wcmTji36PTZw)

+ [内网渗透必备工具](https://github.com/yuxiaokui/Intranet-Penetration)

+ [XSStrike](https://github.com/s0md3v/XSStrike)

+ [自动扫描内网常见sql、no-sql数据库脚本:DBScanner](https://github.com/se55i0n/DBScanner)

+ [waf指纹识别](https://github.com/EnableSecurity/wafw00f)

+ [goproxy高性能代理工具](https://github.com/snail007/goproxy/blob/master/README_ZH.md#%E9%A6%96%E6%AC%A1%E4%BD%BF%E7%94%A8%E5%BF%85%E7%9C%8B-1)

+ [轻量级渗透测试辅助框架:WebPocket](https://github.com/TuuuNya/WebPocket)

+ [CVE-2018-8120 Windows LPE exploit](https://github.com/unamer/CVE-2018-8120)

+ [Github信息搜集工具](https://github.com/repoog/GitPrey)

+ [v2ray mac科学上网客户端](https://github.com/yanue/V2rayU)

+ [hack-requests](https://github.com/boy-hack/hack-requests)

+ [Github内容高级挖掘工具](https://github.com/UnkL4b/GitMiner)

+ [【渗透神器系列】Metasploit](https://thief.one/2017/08/01/1/)

+ [Metasploit5命令快速查询表](https://mp.weixin.qq.com/s/X84V-OGNzfXTWoXly3xDhA)

+ [CMS漏洞测试用例集合](https://github.com/SecWiki/CMS-Hunter)

+ [proxypool](https://github.com/henson/proxypool)

+ [sublert子域名监控](https://xz.aliyun.com/t/4532)

+ [kunpeng](https://github.com/opensec-cn/kunpeng)

+ [模拟登录一些知名的网站，为了方便爬取需要登录的网站](https://github.com/echohun/fuck-login)

+ [webshell收集项目](https://github.com/tennc/webshell)

+ [打造自己的渗透测试框架 — 溯光](https://bithack.io/forum/232?from=timeline&isappinstalled=0)

+ [jsEncrypter 加密传输爆破的Burp Suite插件](https://github.com/c0ny1/jsEncrypter)

+ [内网穿透代理服务器 nps](https://github.com/cnlh/nps)

# 面经

+ [Pentest_Interview](https://github.com/Leezj9671/Pentest_Interview)

+ [信息安全实习和校招的面经、真题和资料](https://github.com/SecYouth/sec-jobs)

+ [一套实用的渗透测试岗位面试题](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652988672&idx=1&sn=96a3639c33f9506709c23f274a71b2b6&chksm=8c9eea57bbe9634179aff1eaad8d7257532b5abb52fb5c3b5bfb0fb24725065ed517ca14d821&mpshare=1&scene=23&srcid=%23rd)

+ [大型公司安全技术岗位面试杂谈](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247489580&idx=1&sn=dc04f15e96becf922b9f66beb4562dad&chksm=ec1e2804db69a112e056b4c70ac0ac72a0d9f77b269532afe05a534b4e34691a66fe273c31bd&mpshare=1&scene=23&srcid=%23rd)

+ [面试「计算机操作系统」知识点大集合！](https://mp.weixin.qq.com/s?__biz=MzI4MDEwNzAzNg==&mid=2649445419&idx=1&sn=ea3cb5add4b48a3d86294254aa032170&chksm=f3a27558c4d5fc4e6fbf1a605ffe953f60bb4efffc310708f1dee71ad43981c6b0cd78ba8363&mpshare=1&scene=23&srcid=%23rd)

+ [网络信息安全从业者面试指南](https://github.com/FeeiCN/SecurityInterviewQuestions)

+ [安全面试经验收集](https://attacker.cc/index.php/archives/24/)

+ [PHP面试问答](https://github.com/colinlet/PHP-Interview-QA)

+ [最新BAT面试题](https://github.com/lengyue1024/BAT_interviews)

+ [信息安全面试题汇总](https://github.com/Dollarsss/sec-interview)

+ [技术面试最后反问面试官的话](https://github.com/yifeikong/reverse-interview-zh)

+ [知道创宇面试笔记](https://wulidecade.cn/2019/08/30/%E7%9F%A5%E9%81%93%E5%88%9B%E5%AE%87%E9%9D%A2%E8%AF%95%E7%AC%94%E8%AE%B0/)

+ [简历常用例句](https://github.com/resumejob/awesome-resume)

+ [web-sec-interview](https://github.com/zhaoweiho/web-sec-interview/blob/master/README_CN.md)

# BypassWAF

+ [WAF攻防研究之四个层次Bypass WAF](https://xz.aliyun.com/t/15)

+ [Web应用程序防火墙（WAF）绕过技术(一)](https://medium.com/secjuice/waf-evasion-techniques-718026d693d8)

+ [Web应用程序防火墙（WAF）绕过技术(二)](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0)

+ [Web应用程序防火墙（WAF）绕过技术(三)](https://www.secjuice.com/web-application-firewall-waf-evasion/)

+ [Web应用程序防火墙（WAF）绕过技术(四)](https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/)

+ [看我如何通过DNS历史记录绕过防火墙](https://mp.weixin.qq.com/s?srcid=02225HSVRBNh4QPJeorGny8D&scene=23&mid=2247487603&sn=278633c3b4d712e1839e6b8c6fa5e2c6&idx=1&__biz=MzIxNjQ0MTEwMg%253D%253D&chksm=97885812a0ffd1046f6b10aaa79de9471e6ad4b62e3b4ef659cef38f705a197c399b9b37b9a6&mpshare=1%23rd)

+ [识别 WAF 的方法](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247489463&idx=1&sn=568e1e4e1cac56dded7c3ac6d310a72d&chksm=ec1e279fdb69ae89fa171b66cc272622e254f282c80aef2a141c26879166a9b0fb2efd7e2ac9&mpshare=1&scene=23&srcid=%23rd)

+ [技术讨论 | 在HTTP协议层面绕过WAF](https://www.freebuf.com/news/193659.html)

+ [利用分块传输吊打所有WAF](https://www.anquanke.com/post/id/169738)

+ [XXE Bypass WAF](https://www.anquanke.com/post/id/170655)

+ [Bypass XSS Detection WAF](https://medium.com/@th3law/fun-bypass-xss-detection-waf-cabd431e030e)

+ [对过WAF的一些认知](https://www.anquanke.com/post/id/177044)

+ [我的WafBypass之道（SQL注入篇）](https://xz.aliyun.com/t/368)

+ [我的WafBypass之道（Upload篇）](https://xz.aliyun.com/t/337)

+ [利用PHP的字符串解析特性Bypass](https://www.freebuf.com/articles/web/213359.html)

+ [Bypass MySQL Safedog](https://www.anquanke.com/post/id/188465)

+ [Waf从入门到Bypass](https://forum.90sec.com/t/topic/532)

# WEB安全

## XSS

+ [Web安全从零开始-XSS I](https://blog.zeddyu.info/2019/03/13/Web%E5%AE%89%E5%85%A8%E4%BB%8E%E9%9B%B6%E5%BC%80%E5%A7%8B-XSS-I/#Encode)

+ [XSS漏洞挖掘-进阶](http://blog.b1ok3n.cn/2019/09/11/XSS%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98-%E8%BF%9B%E9%98%B6/)

+ [XSS Payloads](http://www.xss-payloads.com/index.html)

+ [XSS payload](https://github.com/s0md3v/AwesomeXSS)

+ [Orange: A Wormable XSS on HackMD!](http://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html)

+ [测试WAF来学习XSS姿势](https://www.anquanke.com/post/id/176185)

+ [无需括号与分号的XSS](https://www.anquanke.com/post/id/178610)

+ [JS变异小技巧：使用JavaScript全局变量绕过XSS过滤器](https://zhuanlan.zhihu.com/p/75785844)

+ [XSS Challenge Wiki](https://github.com/cure53/xss-challenge-wiki/wiki)

## CSP

+ [前端防御从入门到弃坑--CSP变迁](https://paper.seebug.org/423/)

+ [CSP绕过思路及总结](https://xz.aliyun.com/t/5084)

+ [CSP Level 3浅析&简单的bypass](https://lorexxar.cn/2016/08/08/ccsp/)

+ [CSP绕过总结](https://hurricane618.me/2018/06/30/csp-bypass-summary/)

+ [通过浏览器缓存来bypass CSP script nonce](https://lorexxar.cn/2017/05/16/nonce-bypass-script/)

+ [那些年我们绕过的CSP](http://heartsky.info/2017/03/03/%E9%82%A3%E4%BA%9B%E5%B9%B4%E6%88%91%E4%BB%AC%E7%BB%95%E8%BF%87%E7%9A%84CSP/)

## SSRF

+ [SSRF 从入门到批量找漏洞](https://mp.weixin.qq.com/s?srcid=&scene=23&mid=2247489585&sn=fcef498cdd1a348e9f02b5861d59b15a&idx=1&__biz=MzI5MDQ2NjExOQ%253D%253D&chksm=ec1e2819db69a10f71e8bd5b342628381c2537549e59f3b1690527e465e417b6bc1be865ea9d&mpshare=1%23rd)

+ [利用SVG图片和SSRF收集服务器内部信息](https://nosec.org/home/detail/2305.html)

+ [SSRF绕过姿势汇总](https://github.com/cujanovic/SSRF-Testing)

+ [IPv6 三个访问本地地址的小Tips](https://www.tttang.com/archive/1293/)

## Sql注入

+ [PDO场景下的SQL注入探究](https://xz.aliyun.com/t/3950)

+ [为什么参数化查询可以防止SQL注入?](https://www.waitalone.cn/sql-preparestatement.html)

+ [通过MySQL LOAD DATA特性来达到任意文件读取](https://xz.aliyun.com/t/3973)

+ [浅析白盒审计中的字符编码及SQL注入](https://www.leavesongs.com/PENETRATION/mutibyte-sql-inject.html#1452)

+ [phpMyAdmin后台GetShell实战应用](https://mp.weixin.qq.com/s?srcid=&scene=23&mid=2649086937&sn=9e0971883d628ed71419ad5109500eb5&idx=1&__biz=MzI1MDA4MTgwMw%253D%253D&chksm=f196dcbdc6e155ab5f4fcb60166bc2182b99a93aec898d98cb4ea7df72f285ffa1116632be64&mpshare=1%23rd)

+ [MYSQL_SQL_BYPASS_WIKI](https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI?from=groupmessage&isappinstalled=0)

+ [oracle无SELEC注入](http://www.yulegeyu.com/2019/11/24/ORACLE-%E6%97%A0SELEC%E6%B3%A8%E5%85%A5/)

## XXE

+ [一篇文章带你深入理解漏洞之 XXE 漏洞](https://xz.aliyun.com/t/3357)

## 命令执行

+ [命令注入新玩法：巧借环境渗透测试目标](https://www.freebuf.com/articles/web/194574.html)

+ [浅谈几种Bypass disable_functions的方法](https://www.mi1k7ea.com/2019/06/02/浅谈几种Bypass-disable-functions的方法/)

## 上传

+ [绕过GD库渲染的WEBSHELL生成器](https://wiki.ioin.in/soft/detail/1q)

+ [Exploiting PHP-GD imagecreatefromjpeg() function](https://github.com/fakhrizulkifli/Defeating-PHP-GD-imagecreatefromjpeg)

+ [构造优质上传漏洞fuzz字典](http://gv7.me/articles/2018/make-upload-vul-fuzz-dic/)

+ [.user.ini文件构成的PHP后门 – phith0n](http://www.vuln.cn/6001)

## CSRF

+ [CSRF 原理与防御案例分析](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247489737&idx=1&sn=db25ccea70cbf6d80126f637109226b4&chksm=ec1e28e1db69a1f7c3f889dc65deb8aa7b6a89d51b30194147388f21e8111ba2cad93cbafb6e&mpshare=1&scene=23&srcid=%23rd)

+ [Bypass SameSite Cookies Default to Lax and get CSRF](https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b)

## 同源策略

+ [跨域方式及其产生的安全问题](https://xz.aliyun.com/t/4470)

+ [cors安全部署最佳实践](https://www.jianjunchen.com/post/cors%E5%AE%89%E5%85%A8%E9%83%A8%E7%BD%B2%E6%9C%80%E4%BD%B3%E5%AE%9E%E8%B7%B5/)

+ [再谈同源策略](https://lightless.me/archives/review-SOP.html)

+ [九种跨域方式实现原理](https://mp.weixin.qq.com/s?__biz=MzA3NTUzNjk1OA==&mid=2651562096&idx=2&sn=e13a8cd585f09ccc4acf90d4863636a5&chksm=84900f21b3e78637b81795f600e325cba6dcf5f97cd7c194584b751c0775067b2ee3f099337b&mpshare=1&scene=23&srcid=%23rd)

## 文件包含

+ [php文件包含漏洞](https://chybeta.github.io/2017/10/08/php%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/)

## 缓存投毒

+ [实战Web缓存投毒（上）](https://www.anquanke.com/post/id/156356)

+ [实战Web缓存投毒（下）](https://www.anquanke.com/post/id/156551)

## 提权

+ [Windows下三种mysql提权剖析](https://xz.aliyun.com/t/2719)

+ [mysql数据库提权总结](https://uuzdaisuki.com/2018/07/02/mysql%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8F%90%E6%9D%83%E6%80%BB%E7%BB%93/)

+ [MySQL UDF Exploitation](https://osandamalith.com/2018/02/11/mysql-udf-exploitation/)

## 反序列化

+ [Phar与Stream Wrapper造成PHP RCE的深入挖掘](https://xz.aliyun.com/t/2958)

## 代码审计

+ [NAVEX->Precise and Scalable Exploit Generation for Dynamic Web Applications](http://zeroyu.xyz/2019/03/11/NAVEX-Precise-and-Scalable-Exploit-Generation-for-Dynamic-Web-Applications/)

+ [PHP内核层解析反序列化漏洞](https://mp.weixin.qq.com/s/RL8_kDoHcZoED1G_BBxlWw)

+ [如何阅读一份源代码？](https://www.codedump.info/post/20190324-how-to-read-code/)

+ [Audit-Learning](https://github.com/jiangsir404/Audit-Learning)

+ [php_bugs](https://github.com/bowu678/php_bugs)

+ [从一道题讲PHP复杂变量](https://xz.aliyun.com/t/4785)

+ [文件变化实时监控工具](https://github.com/TheKingOfDuck/FileMonitor)

+ [Thinkphp 源码阅读](https://www.chabug.org/audit/1102.html)

+ [Thinkphp5 RCE总结](https://www.chabug.org/audit/1078.html)

## 解析漏洞

+ [Web中间件常见漏洞总结](https://www.t00ls.net/thread-51654-1-1.html)

+ [widows系统文件命名规则的特殊利用](https://mp.weixin.qq.com/s/On4yLlCHK20LBzAEEd5h_Q)

+ [IIS短文件名泄露漏洞](https://paper.tuisec.win/detail/70b173f0ab9a4fe)

+ [深入探究：反向代理的攻击面 （上）](https://xz.aliyun.com/t/4577)

+ [深入探究：反向代理的攻击面 （下）](https://xz.aliyun.com/t/4644)

+ [中间件漏洞合集](https://mp.weixin.qq.com/s?__biz=MjM5MDkwNjA2Nw==&mid=2650374608&idx=1&sn=9dc025a8bbc372c0819a7f99f253ad1b&chksm=beb0826c89c70b7ab18819390d9d21bc1ce21ba6a0ab3bc80198d53f01d73802732a967c4289&mpshare=1&scene=23&srcid=%23rd)

+ [CMS、中间件漏洞检测利用合集](https://github.com/mai-lang-chai/Middleware-Vulnerability-detection)

## PHP

+ [PHP7和PHP5在安全上的区别](https://www.freebuf.com/articles/web/197013.html)

+ [PHP 7 的几处函数安全小变化](https://www.xmsec.cc/few-security-changes-between-php-7-and-php-5/)

+ [PHP 连接方式介绍以及如何攻击 PHP-FPM](https://mp.weixin.qq.com/s/z2JVc9kUkmRl9bDaEbkTFg)

+ [PHP 邮件漏洞小结](https://mp.weixin.qq.com/s?__biz=MzU1MzE3Njg2Mw==&mid=2247486554&idx=1&sn=bfcce52abfdb5b18155958460b68c550&chksm=fbf7962acc801f3cbbcb4ba10a345a22dcc3af556589d7b03c9c9350beae45133e21e543acb3&mpshare=1&scene=23&srcid=%23rd)

+ [详细解析PHP mail()函数漏洞利用技巧](https://www.anquanke.com/post/id/86028)

+ [PHP Webshell下绕过disable_function的方法](https://xz.aliyun.com/t/5320)

+ [RCE with strict disable_functions](https://github.com/w181496/FuckFastcgi)

+ [玩转php的编译与执行](https://www.secpulse.com/archives/108771.html)

+ [PHP安全SDK及编码规范](https://github.com/momosecurity/rhizobia_P)

+ [在PHP应用程序中利用远程文件包含（RFI）并绕过远程URL包含限制](http://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html)

+ [PHP绕过disable_function 总结与实践](https://blog.szfszf.top/tech/php%e7%bb%95%e8%bf%87disable_function-%e6%80%bb%e7%bb%93%e4%b8%8e%e5%ae%9e%e8%b7%b5/)

+ [PHP源码注解](https://github.com/hoohack/read-php-src)

+ [通过Antsword看绕过disable_functions](https://www.anquanke.com/post/id/195686)

+ [PHP 7.0-7.4 disable_functions bypass PoC (`*nix only`)](https://cxsecurity.com/issue/WLB-2020010227)

## Thinkphp

+ [Thinkphp3.x/5.x系列漏洞总结学习](https://mp.weixin.qq.com/s/Ri1nkSf3w7JoOQ7ZYh1YcA)

+ [Thinkphp3个版本数据库操作以及底层代码分析](https://xz.aliyun.com/t/6375)

## Python

+ [python安全和代码审计相关资料收集](https://github.com/bit4woo/python_sec)

+ [一篇文章带你理解漏洞之 Python 反序列化漏洞](https://www.k0rz3n.com/2018/11/12/%E4%B8%80%E7%AF%87%E6%96%87%E7%AB%A0%E5%B8%A6%E4%BD%A0%E7%90%86%E8%A7%A3%E6%BC%8F%E6%B4%9E%E4%B9%8BPython%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/)

+ [python爬虫教程系列](https://github.com/wistbean/learn_python3_spider)

+ [BH_US_11_Slaviero_Sour_Pickles_WP.PDF](http://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_WP.pdf)

+ [Sour Pickles](https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf)

+ [Python魔法方法指南](https://pyzh.readthedocs.io/en/latest/python-magic-methods-guide.html)

+ [python 中遇到的坑，躲坑看这一篇就够了](https://mp.weixin.qq.com/s?__biz=MzAxMTkwODIyNA==&mid=2247494328&idx=2&sn=e52f73ef8cfb07067e5b05898164759c&chksm=9bbb4f57acccc641563bac9dd9d98d5fce8b8a2aee8450dd1c1350dc718837dc40ded3054b2c&mpshare=1&scene=23&srcid&sharer_sharetime=1582038784335&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

### flask

+ [Flask 的 Context 机制](https://blog.tonyseek.com/post/the-context-mechanism-of-flask/)

## JAVA

+ [Java快速入门教程:使用IntelliJ IDEA+Maven 创建、开发、管理项目](https://ken.io/note/java-quickstart-idea-maven-console)

+ [java代码审计文章集合](https://www.cnblogs.com/r00tuser/p/10577571.html)

+ [浅谈Fastjson RCE漏洞的绕过史](https://www.freebuf.com/vuls/208339.html)

+ [Java Web安全-代码审计](https://www.freebuf.com/vuls/208339.html)

+ [浅析Java序列化和反序列化](https://github.com/gyyyy/footprint/blob/master/articles/2019/about-java-serialization-and-deserialization.md)

+ [java 泛型详解-绝对是对泛型方法讲解最详细的，没有之一](https://blog.csdn.net/s10461/article/details/53941091)

## JS

+ [深入理解 JavaScript 原型](https://mp.weixin.qq.com/s/qg9LNm3awHBao1Du5n6KMQ)

## 指纹识别技术

+ [Web指纹识别技术研究与优化实现](https://mp.weixin.qq.com/s/v92dLQSgLXv7JVkc8AUyvA)

## Burp 插件

+ [基于BurpSuite快速探测越权-Authz插件](https://gh0st.cn/archives/2019-06-27/1)

## Fuzz Payload

+ [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)

+ [A collection of web attack payloads.](https://github.com/foospidy/payloads)

+ [Command Injection Payload List](https://github.com/ismailtasdelen/command-injection-payload-list)

## JWT

+ [JWT (JSON Web Token) (in)security](https://research.securitum.com/jwt-json-web-token-security/)

+ [攻击JWT的一些方法](https://xz.aliyun.com/t/6776)

## HTTP Request Smuggling

+ [协议层的攻击——HTTP请求走私](https://paper.seebug.org/1048/)

+ [一篇文章带你读懂 HTTP Smuggling 攻击](https://xz.aliyun.com/t/6878)

## 协议

+ [从一道题深入HTTP协议与HTTP请求走私](https://xz.aliyun.com/t/6631)

+ [从一道题到协议层攻击之HTTP请求走私](https://xz.aliyun.com/t/6654)

+ [一文带你了解 HTTP 黑科技](https://segmentfault.com/a/1190000021664229)

## 编码

+ [彻底弄懂 Unicode 编码](https://blog.whezh.com/encoded/)

## 其他

+ [优秀的开源安全项目](https://github.com/Bypass007/Safety-Project-Collection)

+ [WIKI|未授权访问的tips](https://mp.weixin.qq.com/s/ki0RwGtMqi8dhsdJ-qq8Kg)

+ [各漏洞Payload合集](https://github.com/swisskyrepo/PayloadsAllTheThings)

+ [收集质量好的文章](https://github.com/tom0li/collection-document)

+ [session，cookie认证会话中的安全问题](https://xz.aliyun.com/t/4265)

+ [红队后渗透测试中的文件传输技巧](https://paper.seebug.org/834/)

+ [Pentest-and-Development-Tips](https://github.com/3gstudent/Pentest-and-Development-Tips)

+ [JSON Web Token (JWT) 攻击技巧](https://xz.aliyun.com/t/2338)

+ [web安全脑图](https://github.com/SecWiki/sec-chart/tree/master/Web%E5%AE%89%E5%85%A8)

+ [安全漏洞修复建议汇总](https://attacker.cc/index.php/archives/63/)

+ [Redis未授权访问在windows下的利用](https://www.anquanke.com/post/id/170360#h3-3)

+ [redis未授权访问个⼈总结](https://mp.weixin.qq.com/s?__biz=MzUyNTk1NDQ3Ng==&mid=2247484962&idx=1&sn=e0931d70c25bc35218fb26815531cb4b&chksm=fa177ae1cd60f3f78b54b51c9890f9cd2bc90ddfd1f8bd0b97e68269d4d64d845e9d8eb01789&mpshare=1&scene=23&srcid&sharer_sharetime=1579263439295&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

+ [webshell免杀套路](https://mp.weixin.qq.com/s?srcid=&scene=23&mid=2247483653&sn=e94f77981045eff9cf316f602b1fe305&idx=1&__biz=MzU0NDk1NjAwOQ%253D%253D&chksm=fb750a03cc028315c932a3de51d93be96a305090c44a11184bab7d9a0b22f1441f9ecd17cbee&mpshare=1%23rd)

+ [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)

+ [浅谈端口扫描技术](https://xz.aliyun.com/t/5376)

+ [404 Not Found的知识库](http://4o4notfound.org/index.php/page/4/)

+ [常见未授权访问漏洞总结](https://xz.aliyun.com/t/6103)

+ [关于DNS-rebinding的总结](http://www.bendawang.site/2017/05/31/关于DNS-rebinding的总结/)

+ [Web-Security-Learning](https://chybeta.github.io/2017/08/19/Web-Security-Learning/)

+ [个人认为对技术提升很不错的书](https://github.com/songhuiqing/book)

+ [https://github.com/EdOverflow/bugbounty-cheatsheet](https://github.com/EdOverflow/bugbounty-cheatsheet)

# 漏洞挖掘

+ [初探漏洞挖掘基础](https://xz.aliyun.com/t/5428)

+ [逻辑漏洞挖掘初步总结篇](https://mp.weixin.qq.com/s/SDmovMd4IhzNmoCLBIzRKA)

+ [SRC漏洞挖掘经验+技巧篇](https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247485949&idx=1&sn=3f08c681660acecc0bbe996619df66ed&chksm=ec1f5cc2db68d5d4782eec77fa36ad329815f0b70ff34c3c0a893e3b107d2c262e8b37e85d2a&mpshare=1&scene=23&srcid=#rd)

+ [一个基础渗透测试思路](https://mp.weixin.qq.com/s?__biz=MjM5MDkwNjA2Nw==&mid=2650374502&idx=1&sn=f5f0746aea5dca30acff88b5b3bc2bcb&chksm=beb082da89c70bcccd74f7c12138ec839cc835ecf5194133e998918258430fd9b665a4eeb31a&mpshare=1&scene=23&srcid=%23rd)

+ [API渗透测试基础](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247492079&idx=2&sn=fec50619646b1fd516d31caf06d20ab3&chksm=e91531d5de62b8c3b6fb41f67c2e3ccc95f083d599508791eb32f28620bb5bea7161b7876156&mpshare=1&scene=23&srcid=%23rd)

+ [实战经验丨业务逻辑漏洞探索之活动类漏洞](https://mp.weixin.qq.com/s?__biz=MzUzNTkyODI0OA==&mid=2247492541&idx=1&sn=aa300be8e78819191915b2051e3ee094&chksm=fafcaf6acd8b267c6591e50a4c1533fa475fa4d8b85315940c1a93b8dfc4f3de3fee1c9d587a&mpshare=1&scene=23&srcid=0320JwfnmLScnLpubL8sp0fX%23rd)

+ [xss-payload-list](https://github.com/ismailtasdelen/xss-payload-list)

+ [ios+mac app测试环境搭建](https://xz.aliyun.com/t/4703)

+ [浅析渗透实战中url跳转漏洞](https://xz.aliyun.com/t/5189)

+ [京东SRC小课堂系列文章](https://github.com/xiangpasama/JDSRC-Small-Classroom)

+ [src挖掘奇技淫巧](https://github.com/Wh0ale/SRC-experience)

+ [细说验证码安全 —— 测试思路大梳理](https://xz.aliyun.com/t/6029)

+ [漫谈挖洞](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458298625&idx=1&sn=358a35782f5de4833c563c26f11ef231&chksm=b181998b86f6109d605a6e89d4a7a4e8ce14af7dd3e3b05459f26ec71fb6a25c96d0c9c34d90&mpshare=1&scene=23&srcid&sharer_sharetime=1567271396052&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

+ [SRC漏洞挖掘实用技巧](https://xz.aliyun.com/t/6155)

+ [原创干货 | WebFuzzing方法和漏洞案例总结](https://mp.weixin.qq.com/s?__biz=MzU5MzIyNTcxNA==&mid=2247485539&idx=1&sn=178b13f3a814ff415190acead242312c&chksm=fe12fafec96573e8944e5f625c4f3238b0dff8bb32eaee43e4f747299a73dd095415f150e0e3&mpshare=1&scene=23&srcid&sharer_sharetime=1572538235488&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

+ [结合我的逻辑漏洞实战一些见解](https://xz.aliyun.com/t/6962)

+ [SRC逻辑漏洞挖掘详解以及思路和技巧](https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247488715&idx=1&sn=da788c044e2340cb4573739fa1d2237a&chksm=ec1f41f4db68c8e2dd526dca90aab30747edfa0bab8c038209f6fc1fa377064cf3d25d1bd875&mpshare=1&scene=23&srcid=&sharer_sharetime=1582112217383&sharer_shareid=200d0719c85cccf5545665231781df39#rd)

# 渗透测试

+ [渗透测试中弹shell的多种方式及bypass](https://xz.aliyun.com/t/5768)

+ [渗透 Windows 7/2008，兼谈 Windows Server 2003 中文版渗透](https://www.bennythink.com/shadowbroker.html)

+ [三大渗透框架权限维持](https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&mid=2448904307&idx=1&sn=2bc6e7d98b027ee1ec1d6ea84e559c8f&chksm=8b55c02ebc22493835408d3975801d62631c432bc21a3753fb3b1d5f87847e82f2a7aeccf55c&mpshare=1&scene=23&srcid&sharer_sharetime=1569687897621&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

+ [端口渗透总结](http://docs.ioin.in/writeup/blog.heysec.org/_archives_577/index.html)

+ [渗透基础 | 黑客常用端口利用总结](https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247487859&idx=1&sn=361924a47da0fd55170c1afc41526c47&chksm=ec1f444cdb68cd5a0ce7e0e6f5c91c0937f10014a46e98e15d26071a7250f33fadc2398d80af&mpshare=1&scene=23&srcid&sharer_sharetime=1573027144353&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

+ [记一次曲折而又有趣的渗透](https://nosec.org/home/detail/4121.html)

# 内网渗透

+ [三层网络靶场搭建&MSF内网渗透](https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247485799&idx=1&sn=94febf9e32834ce3284aae4c08ab715c&chksm=ec1f5c58db68d54e2cc82295234298e66c8b516a7f4f35be0f3c3bf4bc13ea7b8d995d6f6337&mpshare=1&scene=23&srcid=%23rd)

+ [【第6周】突破内网渗透中的访问策略限制](https://mp.weixin.qq.com/s?__biz=Mzg3NjA4MTQ1NQ==&mid=2247483765&idx=1&sn=0f26fb89399694873e6ce649ce5cdb42&chksm=cf36f935f841702303e05a257340efb0736e29763a7896045b95716fe4110d13b41548002635&mpshare=1&scene=23&srcid=0301eQAjkxUdrN71FHSxROxP%23rd)

+ [潜伏+亮剑-大型内网渗透的实战](https://mp.weixin.qq.com/s?__biz=Mzg5MTA3NTg2MA==&mid=2247483837&idx=1&sn=dfdcbeebc39b8c47b72e69a6b5d98020&chksm=cfd3adc6f8a424d0ab1dea447811834802385010a06ed38968cb054c4c13f47892b3d7341096&mpshare=1&scene=23&srcid=%23rd)

+ [内网渗透tips](https://github.com/Ridter/Intranet_Penetration_Tips#%E5%9F%BA%E4%BA%8E%E4%BC%81%E4%B8%9A%E5%BC%B1%E8%B4%A6%E5%8F%B7%E6%BC%8F%E6%B4%9E)

+ [3gstudent](https://3gstudent.github.io/)

+ [域内信息搜集实战](https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650451733&idx=3&sn=599854cefaee2d8315c2aa098f5cde20&chksm=83bbcaf1b4cc43e7e609926cc054b9275e8fd34005b26526fda59e34707a6b881c17b353202f&mpshare=1&scene=23&srcid=0105H8OKiZClCEu5CPb6W9Do#rd)

+ [内网安全检查/渗透总结](https://mp.weixin.qq.com/s?__biz=MzU4ODU1MzAyNg==&mid=2247485584&idx=1&sn=d0c68d73c7b993b44fdd485163560f78&chksm=fdda46bdcaadcfab92da586d09a04c35b7ce180c01b5ff07bbfc7c1e09b52a84bf3a0938c771&mpshare=1&scene=23&srcid=0127wWlphn2msh3Yu8ewW9bs#rd)

+ [内网渗透知识基础及流程](https://www.anquanke.com/post/id/170471)

+ [从零开始内网渗透学习](https://xz.aliyun.com/t/301)

+ [Cobalt_Strike_wiki](https://github.com/aleenzz/Cobalt_Strike_wiki)

+ [内网渗透之端口转发、映射、代理](https://xz.aliyun.com/t/6349)

+ [meterpreter学习笔记](https://xz.aliyun.com/t/6400)

+ [windows中常见后门持久化方法总结](windows中常见后门持久化方法总结)

+ [Windows-Exploit-Suggester](https://github.com/AonCyberLabs/Windows-Exploit-Suggester)

+ [【基础向】实战讲解内网渗透思路](https://xz.aliyun.com/t/6920)

+ [使用Metasploit进行路由转发](https://www.jianshu.com/p/9eb48aba3fe0)

+ [内网渗透的常见协议(如kerbeos,ntlm,smb,ldap等)分析](https://daiker.gitbook.io/windows-protocol/)

+ [Windows 单行命令获取shell](https://mp.weixin.qq.com/s?__biz=MzA4MzMzOTQ4Mw==&mid=2453660764&idx=1&sn=a97e8e5161916c9a3d7f568756ec59c3&chksm=883cb5e8bf4b3cfe19f3a4839aa82566410adba82205608c121bd977da19cd4aad9dcc7862d8&mpshare=1&scene=23&srcid=0216dOyzpyPQNmhpyAWTLBqk&sharer_sharetime=1581788575354&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

# 扫描器开发

+ [当子域名遇上搜索引擎](https://thief.one/2019/07/01/1/)

+ [扫描器开发笔记-404页面识别](https://xz.aliyun.com/t/5509)

+ [漏洞扫描技巧篇[Web 漏洞扫描器]](http://blog.fatezero.org/2019/07/15/web-scanner-trick/)

+ [网页相似度判断](https://github.com/SPuerBRead/HTMLSimilarity)

## 动态爬虫

+ [爬虫 JavaScript 篇[Web 漏洞扫描器]](http://blog.fatezero.org/2018/04/09/web-scanner-crawler-02/)

+ [NodeJS Headless 动态漏扫爬虫学习记录(爬虫篇)](https://xz.aliyun.com/t/7064)

+ [漏扫动态爬虫实践](https://www.anquanke.com/post/id/178339)

+ [为漏扫动态爬虫定制的浏览器](https://github.com/myvyang/chromium_for_spider)

+ [headless-chrome-crawler](https://github.com/yujiosaka/headless-chrome-crawler)

## XSS

+ [精细化扫描 XSS 漏洞 – 智能化场景分析](https://mp.weixin.qq.com/s/5s9-ZI5bORc_whTBQF3z0w)

+ [基于JS语义分析的Dom-XSS自动化研究](https://mp.weixin.qq.com/s?lang=zh_CN&mid=2247483679&sn=8083906ea7c5e0ddb61c52cda987be51&idx=1&token=1003887932&__biz=MzU2NzcwNTY3Mg%253D%253D&chksm=fc986838cbefe12e7e32cad6237695fa45b1a0bc0fd3293bfd8d6cce51bd6680444e940932f2%23rd)

# 开发

+ [HTTP安全标头及其工作原理（上）](https://mp.weixin.qq.com/s/wUij83cbV7cDuxpu_6EEbg)

+ [HTTP安全标头及其工作原理（上）](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247491279&idx=4&sn=356c26b916025673bd44057a03edf7ea&chksm=e916cef5de6147e3bbf58d4db87575458f44de995c3eb0293d0f3f721d697a84f7ff751fee6a&mpshare=1&scene=23&srcid=#rd)

+ [面试 HTTP 都问了啥？](https://mp.weixin.qq.com/s?__biz=MzA3NTUzNjk1OA==&mid=2651562186&idx=1&sn=7cb0a6f1092e58be1e6e48dc8f0da309&chksm=84900f9bb3e7868dd82263ed0dc311028184595a7e44f70ea861590b1db77a8295b413840e11&mpshare=1&scene=23&srcid=%23rd)

+ [HTTP常见面试题](https://mp.weixin.qq.com/s?__biz=MzA3NTUzNjk1OA==&mid=2651562159&idx=1&sn=50f664e86b3c8b03f4f1ef0e42a648ed&chksm=84900ffeb3e786e81e233daf78fa238fb85ed7745ece76b6da4c42453d3ccdbdef46f6f51af9&mpshare=1&scene=23&srcid=%23rd)

+ [PHP 最优秀资源的整理汇集](https://github.com/shockerli/php-awesome)

+ [PHP底层内核源码分析和扩展开发](https://github.com/huqinlou0123/php-internals-extended-development-course)

+ [深入理解PHP7之zval](https://github.com/laruence/php7-internal/blob/master/zval.md)

+ [我的从零开始 Web 前端自学之路](https://paper.tuisec.win/detail/7171cff0fc63582)

+ [优质前端博客](https://github.com/ljianshu/Blog)

+ [从CGI到FastCGI到PHP-FPM](http://yongxiong.leanote.com/post/%E4%BB%8ECGI%E5%88%B0FastCGI%E5%88%B0PHP-FPM)

+ [uWSGI、WSGI和uwsgi](https://www.cnblogs.com/wspblog/p/8575101.html)

+ [PHP7新特性一览](http://oopsguy.com/2016/10/22/php7-new-features/)

+ [系统的讲解 - PHP 缓存技术](https://mp.weixin.qq.com/s/COGivblI9Gh2xeoXhbyejA)

+ [技术分享周刊，每周五发布](https://github.com/ruanyf/weekly)

+ [Linux下gcc生成和使用静态库和动态库详解](http://www.eonew.cn/article_content/4.html)

+ [前端九部 - 入门者手册2019](https://www.yuque.com/fe9/basic)

+ [python开发笔记](https://bithack.io/forum/198)

+ [一些有趣且鲜为人知的 Python 特性](https://github.com/leisurelicht/wtfpython-cn)

+ [前端入门和进阶学习笔记](https://github.com/qianguyihao/Web)

+ [Redis 的 8 大应用场景！](https://segmentfault.com/a/1190000016188385)

+ [《深入理解Node.js：核心思想与源码分析》](https://github.com/yjhjstz/deep-into-node)

+ [OAuth 2.0 的四种方式](http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html)

+ [深入理解浏览器原理](https://mp.weixin.qq.com/s?__biz=MjM5ODYwMjI2MA==&mid=2649743621&idx=1&sn=069a97a3cf7c3b2402e4b4d3080614ac&chksm=bed3727e89a4fb68f03e5c947aa47a30b128d1a8cb3ad62fb4b53dfdafa2902f8a4eb947c812&mpshare=1&scene=23&srcid&sharer_sharetime=1566067653588&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

+ [收集免费的接口服务,做一个api的搬运工](https://github.com/fangzesheng/free-api)

+ [[教程] 大白话 Laravel 中间件](https://juejin.im/post/5cb54cd46fb9a068a03af3dd)

+ [HTTP2 详解](https://blog.wangriyu.wang/2018/05-HTTP2.html)

+ [解读HTTP/2与HTTP/3 的新特性（推荐）](https://mp.weixin.qq.com/s?__biz=Mzg5ODA5NTM1Mw==&mid=2247484531&idx=1&sn=a1e07654966fe48eba57306ddc8db7d1&chksm=c06685e5f7110cf3cc310e9fcd6fb54287ccd7285f025141d4f3a425c1d4392b76bd75752db8&mpshare=1&scene=23&srcid&sharer_sharetime=1571190092343&sharer_shareid=a3b3f154db92e8d09cdde92bdb778322%23rd)

# 运维

+ [Docker中文文档](https://yeasy.gitbooks.io/docker_practice/compose/commands.html)

+ [系统安全之SSH入侵的检测与响应](https://mp.weixin.qq.com/s/e0FLyOuK1RIQykEiAvAG9g)

+ [如何保护Linux服务器](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server)

+ [译 NAT：网络地址转换](https://paper.tuisec.win/detail/6af63a65ccc5e8a)

+ [Git 命令应急手册](https://zhuanlan.zhihu.com/p/58140227?utm_source=weibo&utm_medium=social&utm_content=snapshot&utm_oi=1062672075189317632)

+ [【协议森林】技术面试，“三次握手，四次挥手”背后那些事](https://mp.weixin.qq.com/s/rSfR0zCRmYXZIiLU-XgzSA)

+ [138 条 Vim 命令、操作、快捷键全集](https://mp.weixin.qq.com/s?__biz=MzA3OTgyMDcwNg==&mid=2650636595&idx=1&sn=9710416369e491633e12d7415bb5e5f6&chksm=87a483feb0d30ae86054888b0bbc1a8a39e6b7acaefe43c6e1567ba2af921f275b14f19869a9&mpshare=1&scene=23&srcid=%23rd)

+ [浅析反向代理](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652988836&idx=1&sn=c6d3a70ad0eda48099894ec0ad31f3c8&chksm=8c9eeaf3bbe963e501c9562fccd5360fd93d4e555756551159c959e8271f9ac2b44c282c5b8c&mpshare=1&scene=23&srcid=%23rd)

+ [Nginx 学习笔记](https://skyao.gitbooks.io/learning-nginx/)

+ [Linux中find命令用法全汇总](https://mp.weixin.qq.com/s?__biz=MzA3OTgyMDcwNg==&mid=2650636660&idx=1&sn=aaa3cc94b7e1bf6ec7abbaa286c3246d&chksm=87a483b9b0d30aafa4beed2822e70a4fe4bef70a431e5d53533220a1714b6928fb301dcb25fa&mpshare=1&scene=23&srcid=%23rd)

+ [一个网络安全基础知识的教程](http://www.buchedan.cn/)

+ [分布式架构的前世今生](https://paper.tuisec.win/detail/80a9a0901637b50)

+ [安全运维技巧整理](https://github.com/NB-STAR/Security-Operation)

+ [mysql用户root多密码成因](https://blog.csdn.net/redwand/article/details/78846538?from=groupmessage&isappinstalled=0)

+ [mysql的.frm .MYD .MYI .idb .par文件说明](https://blog.csdn.net/happydecai/article/details/82840631)

+ [应急响应系统之 Linux 主机安全检查](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247489990&idx=1&sn=db37670d24a97e33b58d30e8f653a909&chksm=ec1e29eedb69a0f8b561d32a08161958f1d340d43046ae8ff63ea4cad51c3494e8f864b30e82&mpshare=1&scene=23&srcid=%23rd)

+ [增加安全性的 HTTP Headers](https://yu-jack.github.io/2017/10/20/secure-header/)

+ [MacOS上路由表的操作记录](http://blog.joylau.cn/2018/12/14/MacOS-Route/)

+ [应急响应实战笔记](https://github.com/Bypass007/Emergency-Response-Notes)

+ [子网划分及子网掩码计算方法](https://www.cnblogs.com/kangxinxin/p/9917961.html)

+ [Linux下/proc目录简介](https://blog.spoock.com/2019/10/08/proc/)

+ [换一种视角理解 awk 命令](https://www.barretlee.com/blog/2019/10/29/awk/)

+ [深入理解HTTPS工作原理](https://juejin.im/post/5ca6a109e51d4544e27e3048)