Skip to main content

Security Awesome

Algorithm

Service

  • smicallef/spiderfoot
    • MIT, Python
    • automates OSINT for threat intelligence and mapping your attack surface
    • OSINT - Open-source intelligence

Library

SSL

impllicensewritten inbyadopted by
BoringSSLISCC, C++, GoGoogle
BotanBSDC++
Bouncy CastleMITJava,C#
JSSEGPLv2JavaOracle
LibreSSLApache-2.0, BSD, ISCCOpenBSDmacOS,OpenBSD,DragonflyBSD
MbedTLSApache-2.0, GPLv2+CARMPowerDNS,OpenVPN
NSSMPL-2.0CMozilla...
OpenSSLApache-2.0COpenSSL
s2nApache-2.0, GPLv2+Amazon
Secure TransportAPSL-2.0Apple
GnuTLSLGPLv2.1CFSF
wolfsslGPLv2+C
  • Botan
  • MbedTLS
    • 适用于嵌入式场景
  • LibreSSL
    • 2014-04 - OpenBSD fork OpenSSL
  • BoringSSL
    • 2014-06 Google fork OpenSSL
    • Tink - based on BoringSSL
  • JSSE - Java Secure Socket Extension
  • NSS - Network Security Services
info
  • 使用最多的是 OpenSSL - OpenSSL 3.0 变动较大
  • 2014-04 OpenSSL Heartbleed 事件

Private PKI

AV

Index

Password

Crack

Firewall

Tools

Reference

Web

AES

  • 建议 Key 至少 256
  • CBC/CTR/GCM/CCM/EAX
  • 不要使用 ECB
  • used by
    • US Government to protect their own files - FIPS 197

Block cipher mode

ECB should not be used if encrypting more than one block of data with the same key.

CBC, OFB and CFB are similar, however OFB/CFB is better because you only need encryption and not decryption, which can save code space.

Spam

Scan


  • Nmap
    • 端口扫描 + 指纹探测 + 简单的漏洞扫描
  • AWVS - Acunetix Web Vulnerability Scanner
    • Web 漏洞扫描
  • AppScan
  • Nessus
    • 系统安全漏洞扫描
  • Goby
    • 资产探测和漏洞检查
  • NetSparker
  • Xray
    • 被动 Web 漏洞检查
  • fscan
    • 内网渗透
  • burpsuite
  • msf sqlmap
  • IAST
  • https://ipchaxun.com/

参考