ZishanAdThandar/pentest

# 渗透测试人员指南 面向渗透测试人员的综合资源：工具、方法论、脚本、认证、学习资源、实验室、职业机会、娱乐及自由职业技巧。 [](https://github.com/ZishanAdThandar/pentest) [](https://www.gnu.org/licenses/gpl-3.0) [](https://zishanhack.com/links/)  ## 目录 - [重要说明](#important-notes) - [认证](#certifications) - [渗透测试练习平台](#pentesting-practice-platforms) - [FOSS 实验室](#foss-labs) - [Bug Bounty 漏洞赏金平台](#bug-bounty-hunting-platforms) - [独立渗透测试平台](#independent-pentesting-platforms) - [0Day 市场](#0Day-market) - [用于黑客攻击的操作系统](#best-os-for-hacking) - [精选链接](#awesome-links) - [黑客手册](#hackers-manuals) - [关于我](#about-me) - [赞助](#sponsor) ## 重要说明 1. [工具](./notes/TOOLS.md) 2. [Active Directory](./notes/ActiveDirectory.md) 3. [渗透测试全览](./notes/AllAboutPentesting.md) 4. [Bug Bounty 漏洞赏金挖掘方法论](./notes/BugBountyHuntingMethodology.md) 5. [HackiFy 字典与工具安装脚本](https://github.com/ZishanAdThandar/hackify) 6. [网络安全 / Bug Bounty 漏洞赏金路线图](./notes/CyberSecurityRoadmap.md) ## 认证

1. INE eJPT $249
2. AlteredSecurity CRTP $249
3. TCM Security PNPT $499
4. INE eCPPT $599
5. Offensive Security - PEN-200 (OSCP) $1749
6. HTB CPTS 随年度白银计划 $490
7. Offensive Security - PEN-300 (OSEP) $1649
8. Google Cybersecurity Professional Certificate 几乎免费（单月低于 $20）
9. Microsoft Certified: Azure Security Engineer Associate (Cloud) $146
10. CompTIA Security+ $500 考试券
11. CREST CRT $500
12. ISC2 CISSP $750
13. ISC2 CCSP $599
14. SANS SEC560: Enterprise Penetration Testing (GPEN) $2,499
15. SANS SEC660: GIAC Exploit Researcher and Advanced Penetration Tester $2,499

注意：价格可能有所变动。 ## 渗透测试练习平台 1. [VulnHub (Offsec)](https://vulnhub.com) – 免费 2. [VulnMachines (BlackHat)](https://www.vulnmachines.com/) – 免费 3. [Web Security Academy (PortSwigger Labs)](https://portswigger.net/web-security/all-labs) – 免费 4. [TryHackMe](https://tryhackme.com) – 免费 + 付费 5. [pwnable.kr](https://pwnable.kr) – 免费 6. [pwnable.tw](https://pwnable.tw) – 免费 7. [HackTheBox](https://referral.hackthebox.com/mzxCoi6) – 免费 + 付费 8. [root-me](https://root-me.org) – 免费 9. [PentesterAcademy (Attackdefense)](https://attackdefense.pentesteracademy.com/) – 免费 + 付费 10. [Pentester Lab](https://www.pentesterlab.com/exercises) – 免费 + 付费 11. [standoff365 hackbase](https://hackbase.standoff365.com/en-US/) – 免费 ## FOSS 实验室 1. [Vulhub](https://github.com/vulhub/vulhub) 2. [Metasploitable3 Box](https://github.com/rapid7/metasploitable3) 3. [OWASP Juice (WEB)](https://owasp.org/www-project-juice-shop) 4. [DVWA (WEB)](https://github.com/digininja/DVWA) 5. [WebGOAT (WEB)](https://owasp.org/www-project-webgoat) 6. [Kubernetes GOAT](https://github.com/madhuakula/kubernetes-goat) 7. [Wrong Secrets (WEB)](https://owasp.org/www-project-wrongsecrets) 8. [SQLi Lab](https://github.com/Audi-1/sqli-labs) 9. [HackerOne CTF](https://github.com/Hacker0x01/hacker101) 10. [更多请查看：精选漏洞应用列表](https://github.com/vavkamil/awesome-vulnerable-apps) ## Bug Bounty 漏洞赏金平台 1. [Hackerone](https://www.hackerone.com/) 2. [Bugcrowd](https://www.bugcrowd.com/bug-bounty-list/) 3. [Intigriti](https://www.intigriti.com/programs) 4. [YesWeHack](https://yeswehack.com/programs) 5. [Standoff365](https://bugbounty.standoff365.com/en-US/) 6. [RedStorm](https://www.redstorm.io/program) 7. [Zerocopter](https://zerocopter.com) 8. [OpenBugBounty](https://www.openbugbounty.org/bugbounty-list) 9. [Immunify Web3](https://immunefi.com/bug-bounty/) 10. [HackenProof WEB3](https://hackenproof.com/) ## 独立渗透测试平台 1. [Yogosha](https://app.yogosha.com) 2. [Synack](https://www.synack.com) ## 0Day 市场 1. [CrowdFense](https://www.crowdfense.com/exploit-acquisition-program/) 2. [Zerodium (0day Bounty)](https://zerodium.com/program.html) 3. [ZeroZenx](https://zerozenx.com) ## 最佳黑客操作系统 1. [Kali Linux (OFFSEC)](https://www.kali.org/get-kali/#kali-platforms) 2. [ParrotSec Security Edition](https://parrotsec.org/download/) 3. [BlackArch](https://blackarch.org/downloads.html) ## 精选链接 1. [秘密知识之书](https://github.com/trimstray/the-book-of-secret-knowledge) 2. [Sirensecurity.io Windows 提权资源](https://sirensecurity.io/blog/windows-privilege-escalation-resources/) 3. [Sindre Sorhus 的精选链接列表](https://github.com/sindresorhus/awesome?tab=readme-ov-file#security) 4. [cheatography.com 速查表](https://cheatography.com) ## 黑客手册 1. [HackTricks](https://book.hacktricks.xyz) 2. [HackingArticles.in](https://www.hackingarticles.in) 3. [InternalAllTheThings by swisskyrepo](https://swisskyrepo.github.io/InternalAllTheThings) 4. [eloypgz.org Active Directory](https://web.archive.org/web/20231207200447/https://zer1t0.gitlab.io/posts/attacking_ad/) 5. [ExplainShell (命令手册)](https://explainshell.com) 6. [Reverse Shell 生成工具](https://www.revshells.com) 7. [Hashcat 示例哈希](https://hashcat.net/wiki/doku.php?id=example_hashes) 8. [GTFObins 提权速查表](https://gtfobins.github.io) 9. [LOLBAS 二进制文件、脚本和库漏洞利用](https://lolbas-project.github.io) 10. [loldrivers 驱动程序漏洞利用](https://www.loldrivers.io/) 11. [WADComs Windows AD 速查表](https://wadcoms.github.io) 12. [漏洞利用列表 haxx.it](https://sploitify.haxx.it/) ## 书籍 1. [终极 Web 安全检查清单](https://zishanhack.com/products/web-security-checklist) 2. [Web 应用黑客手册](https://github.com/0x000NULL/CSSR/blob/master/DOWNLOADED/OSCPRepo-master/PDFs%26Documents/Recommended%20Books/The%20Web%20Application%20Hackers%20Handbook%202nd%20Edition.pdf) 3. [Web 黑客武器库](https://www.linkedin.com/posts/rafaybaloch_web-hacking-arsenal-a-practical-guide-to-activity-7229121194522759168-QUsw/) 4. [Brute XSS Payload 集合 By Rodolfo Assis](https://leanpub.com/brutexss) ## 关于我 - [Linktree](https://zishanhack.com/links) - [作品集](https://zishanhack.com/about) ## 赞助 1. [https://github.com/sponsors/ZishanAdThandar](https://github.com/sponsors/ZishanAdThandar) 2. [https://ZishanAdThandar.github.io/sponsor/](https://ZishanAdThandar.github.io/sponsor/)

标签：0Day, CRTP, eJPT, ffuf, GitHub 优质项目, meg, OSCP, Parrot OS, PNPT, Windows内核, 信息安全, 内核模块, 备忘单, 学习路线, 安全认证, 安全资源, 实战指南, 实战靶场, 工具集, 技能提升, 数据展示, 方法论, 漏洞分析, 漏洞市场, 独立渗透测试, 白帽子, 白皮书, 笔记, 红队, 网络安全, 网络安全工程师, 网络安全研究, 网络安全职业发展, 网络连接监控, 路径探测, 防御加固, 隐私保护, 靶机练习, 黑客手册, 黑客技术