杂文3

NOTE-2020/3/3 工具

社工库

https://github.com/davidtavarez/pwndb

输出邮件列表

https://github.com/SimplySecurity/SimplyEmail

子域名劫持

https://github.com/anshumanbh/tko-subs

在github仓库搜集敏感信息

https://github.com/dxa4481/truffleHog

信息收集框架

https://github.com/leebaird/discover

扫描网络并输出网站图片

https://github.com/breenmachine/httpscreenshot

fuzz字典

 https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content

xss payload

http://www.xss-payloads.com/payloads-list.html
https://github.com/foospidy/payloads/tree/master/other/xss

xss混淆

https://github.com/foospidy/payloads/tree/master/other/xss

经典xss事件

1
2
3
4
<svg onload=alert(1)>
<b onmouseover=alert('XSS')>Click Me!</b>
<body onload="alert('XSS')">
<img src="http://test.cyberspacekittens.com" onerror=alert(document.cookie);>

浏览器xss

https://html5sec.org/

xss polyglot

http://bit.ly/2GXxqxH

linux提权dfg

https://github.com/mzet-/linux-exploit-suggester

旧的归档
Misc Web

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!