干货大放送！Github最全渗透测试资源！

在线资源：

渗透测试资源：

Metasploit Unleashed  - 免费攻防安全metasploita课程

PTES  - 渗透测试执行标准

OWASP  - 开源Web应用安全项目

Shellcode开发：

Shellcode Tutorials  - 如何写shellcode的指导

Shellcode Examples  - Shellcode数据库

社会工程学资源：

社工库框架  - 社工所需信息资源

"撬锁"(Lock Picking)资源：

Schuyler Towne channel  - 撬锁视频和安全演讲

/r/lockpicking  - 学习撬锁的资源和设备推荐

渗透工具：

渗透测试分布工具：

Kali  - 一个专门的数字取证和渗透测试的Linux版本

BlackArch  - 渗透测试员和研究人员的Arch Linux分布

NST  - 网络安全工具包

Pentoo  - 基于Gentoo

BackBox  - 基于Ubuntu的渗透测试和安全评估

基本渗透测试工具：

Metasploit Framework  - 全球最常用的渗透测试工具

Burp Suite  - 执行Web安全测试的集成平台

ExploitPack  - 用户渗透测试的图形工具

漏洞扫描器：

Netsparker  - Web应用程序安全扫描

Nexpose  - 漏洞管理和风险管理软件

Nessus  - 漏洞、配置和评估

Nikto  - Web应用漏洞扫描器

OpenVAS  - 开源漏洞扫描和管理工具

OWASP Zed Attack Proxy  - web应用的渗透测试工具

Secapps  - 集成的Web应用程序安全测试环境

w3af  - Web应用攻击和审计框架

Wapiti  - Web应用漏洞扫描器

WebReaver  - Mac OS X的Web应用漏洞扫描

网络工具：

nmap  - 用于网络探测和安全审计的免费安全扫描器

tcpdump/libpcap  - 命令行的通用数据包分析器

Wireshark  - 网络协议分析，Unix和Windows版本均有

Network Tools  - 不同的网络工具：ping, lookup, whois, 等

netsniff-ng  - 瑞士军刀网络嗅探

Intercepter-NG  - 一个多功能网络工具包

SPARTA  - 网络基础架构渗透测试工具包

无线网络工具：

Aircrack-gn  - 一系列无线网络审计工具

Kismet  - 无线网络探测器、嗅探器和入侵检测系统

Reaver  - WiFi暴力攻击

SSL分析工具

SSLyze - SSL配置扫描仪

sslstrip  - 一个HTTPS攻击演示

十六进制编辑器

HexEdit.js  - 基于浏览器的十六进制编辑器

破解工具

John the Ripper  - 最快的密码破解

在线MD5破解  - 在线MD5哈希破解

Windows Utils

Sysinternals Suite  - Sysinternals 故障诊断工具

Windows Credentials Editor  - 列出登录会话、添加、修改、列表、删除相关凭据的安全工具

mimikatz  - 针对Windows的凭证提取工具

DDoS攻击工具

LOIC  - 开源的Windos网络压力工具

JS LOIC  - 浏览器的JavaScript LOIC

社工工具

SET  - 来自TrustedSec的社工工具包

OSint工具

Maltego  - 开源情报取证工具

匿名工具

Tor - 免费路由在线匿名工具

I2P - 隐形互联网项目

逆向工具

IDA Pro - Windows、Linux或Mac OS X反编译调试器

IDA Free  - 免费版本的IDA 5.0

WDK/WinDbg  - Windows驱动程序工具包和WinDbg

OllyDbg  - x86调试器（强调二进制代码分析）

Radare2  - 开源跨平台逆向工程框架

x64_dgb  - Windows 开源x64/x32调试器

Pyew  - 静态恶意软件分析的Python工具

Bokken  - Pyew Radare2 GUI

Immunity Debugger  - 开发、分析恶意软件的新工具

Evan’s Debugger  - Linux上类似于OllyDbg的调试器

图书：

渗透测试图书：

The Art of Exploitation by Jon Erickson, 2008

Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014

Rtfm: Red Team Field Manual by Ben Clark, 2014

The Hacker Playbook by Peter Kim, 2014

The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013

Professional Penetration Testing by Thomas Wilhelm, 2013

Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012

Violent Python by TJ O‘Connor, 2012

Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007

Black Hat Python: Python Programming for Hackers and Pentesters, 2014

Penetration Testing: Procedures & Methodologies (EC-Council Press),2010

黑客手册系列

The Shellcoders Handbook by Chris Anley and others, 2007

The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011

iOS Hackers Handbook by Charlie Miller and others, 2012

Android Hackers Handbook by Joshua J. Drake and others, 2014

The Browser Hackers Handbook by Wade Alcorn and others, 2014

The Mobile Application Hackers Handbook by Dominic Chell and others, 2015

网络分析图书

Nmap Network Scanning by Gordon Fyodor Lyon, 2009

Practical Packet Analysis by Chris Sanders, 2011

Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

逆向工程图书

Reverse Engineering for Beginners by Dennis Yurichev (free!)

The IDA Pro Book by Chris Eagle, 2011

Practical Reverse Engineering by Bruce Dang and others, 2014

Reverse Engineering for Beginners

恶意软件分析图书

Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012

The Art of Memory Forensics by Michael Hale Ligh and others, 2014

Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010

Windows图书

Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

社会工程学图书

The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002

The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005

Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011

No Tech Hacking by Johnny Long, Jack Wiles, 2008

Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010

Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014

Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

撬锁系列图书

Practical Lock Picking by Deviant Ollam, 2012

Keys to the Kingdom by Deviant Ollam, 2012

CIA Lock Picking Field Operative Training Manual

Lock Picking: Detail Overkill by Solomon

Eddie the Wire books

漏洞数据库

NVD  - US National Vulnerability Database

CERT  - US Computer Emergency Readiness Team

OSVDB  - Open Sourced Vulnerability Database

Bugtraq  - Symantec SecurityFocus

Exploit-DB  - Offensive Security Exploit Database

Fulldisclosure  - Full Disclosure Mailing List

MS Bulletin  - Microsoft Security Bulletin

MS Advisory  - Microsoft Security Advisories

Inj3ct0r  - Inj3ct0r Exploit Database

Packet Storm  - Packet Storm Global Security Resource

SecuriTeam  - Securiteam Vulnerability Information

CXSecurity  - CSSecurity Bugtraq List

Vulnerability Laboratory  - Vulnerability Research Laboratory

ZDI  - Zero Day Initiative

安全课程

Offensive Security Training  - Training from BackTrack/Kali developers

SANS Security Training  - Computer Security Training & Certification

Open Security Training  - Training material for computer security classes

CTF Field Guide  - everything you need to win your next CTF competition

Cybrary  - online IT and Cyber Security training platform

信息安全课程

DEF CON - An annual hacker convention in Las Vegas

Black Hat - An annual security conference in Las Vegas

BSides - A framework for organising and holding security conferences

CCC - An annual meeting of the international hacker scene in Germany

DerbyCon - An annual hacker conference based in Louisville

PhreakNIC - A technology conference held annually in middle Tennessee

ShmooCon - An annual US east coast hacker convention

CarolinaCon - An infosec conference, held annually in North Carolina

HOPE - A conference series sponsored by the hacker magazine 2600

SummerCon - One of the oldest hacker conventions, held during Summer

Hack.lu - An annual conference held in Luxembourg

HITB - Deep-knowledge security conference held in Malaysia and The Netherlands

Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany

Hack3rCon - An annual US hacker conference

ThotCon - An annual US hacker conference held in Chicago

LayerOne - An annual US security conerence held every spring in Los Angeles

DeepSec - Security Conference in Vienna, Austria

SkyDogCon - A technology conference in Nashville

SECUINSIDE - Security Conference in Seoul

DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania

信息安全杂志

2600: The Hacker Quarterly - An American publication about technology and computer "underground"

Phrack Magazine - By far the longest running hacker zine

非常有用的信息列表：

SecTools  - Top 125 Network Security Tools

C/C++ Programming  - One of the main language for open source security tools

.NET Programming  - A software framework for Microsoft Windows platform development

Shell Scripting  - Command-line frameworks, toolkits, guides and gizmos

Ruby Programming by @dreikanter  - The de-facto language for writing exploits

Ruby Programming by @markets  - The de-facto language for writing exploits

Ruby Programming by @Sdogruyol  - The de-facto language for writing exploits

JavaScript Programming  - In-browser development and scripting

Node.js Programming by @sindresorhus  - JavaScript in command-line

Node.js Programming by @vndmtrx  - JavaScript in command-line

Python tools for penetration testers  - Lots of pentesting tools are written in Python

Python Programming by @svaksha  - General Python programming

Python Programming by @vinta  - General Python programming

Android Security  - A collection of android security related resources

Awesome Awesomness  - The List of the Lists