进程
| 名称 | 说明 | 链接 |
|---|---|---|
| procdump | 微软官方,进程dump | https://learn.microsoft.com/en-us/sysinternals/downloads/procdump |
| ProcDump-for-Linux | 进程dump | https://github.com/Sysinternals/ProcDump-for-Linux |
jps -l |
java自带工具,用于显示调用的java包 |
反制
| 名称 | 备注 | 链接 |
|---|---|---|
| csbruter | cobaltstrike爆破 | https://github.com/ryanohoro/csbruter |
| Log4Pot | Log4j蜜罐 | https://github.com/thomaspatzke/Log4Pot |
| manuka | osint蜜罐- | https://github.com/spaceraccoon/manuka |
| tpotce | tpotce蜜罐 | https://github.com/telekom-security/tpotce |
| 腾讯云找回密码 | 根据IP反查手机号首位末尾 | https://cloud.tencent.com/account/recover |
解密
| 名称 | 备注 | 链接 |
|---|---|---|
| 360安全卫士勒索病毒解密 | http://lesuobingdu.360.cn | |
| ID Ransomware | https://id-ransomware.malwarehunterteam.com/ | |
| 解密工具 | https://www.nomoreransom.org/zh/decryption-tools.html | |
| No Ransom | https://noransom.kaspersky.com/ | |
| Emsisoft | https://www.emsisoft.com/ransomware-decryption-tools/ | |
| Avast 免费勒索软件解密工具 | https://www.avast.com/zh-cn/ransomware-decryption-tools | |
| NETReactorSlayer | .NET Reactor 脱壳工具 | https://github.com/SychicBoy/NETReactorSlayer |
| Quick Heal | https://www.quickheal.com/free-ransomware-decryption-tool |
病毒
| 名称 | 备注 | 链接 |
|---|---|---|
| 大圣云沙箱 | https://sandbox.freebuf.com/detect | |
| 微步云沙箱 | https://s.threatbook.cn | |
| 腾讯哈勃系统 | https://habo.qq.com | |
| 魔盾安全分析 | https://www.maldun.com/submit/submit_file/ | |
| jotti | https://virusscan.jotti.org | |
| ScanVir | http://www.scanvir.com | |
| virscan | https://www.virscan.org | |
| Virustotal | https://www.virustotal.com/gui/home/upload |
情报
| 名称 | 备注 | 链接 |
|---|---|---|
| webrtc-test | webRTC反溯真实IP | https://ip8.com/webrtc-test |
| 微步在线威胁情报社区 | https://x.threatbook.cn | |
| 奇安信威胁情报中心 | https://ti.qianxin.com | |
| ThreatCrowd | https://www.threatcrowd.org | |
| ThreatMiner | https://www.threatminer.org | |
| VirusTotal | https://www.virustotal.com |
审计
| 名称 | 备注 | 链接 |
|---|---|---|
| 微软日志ID查询 | https://docs.microsoft.com/zh-cn/windows/security/threat-protection /auditing/security-auditing-overview |
|
| MySQLMonitor | MySQL日志分析 | https://github.com/fupinglee/MySQLMonitor |
| iMonitor | 终端行为分析 | https://github.com/wecooperate/iMonitor |
| chainsaw | Windows日志分析 | https://github.com/countercept/chainsaw |
| workbench | Mysql日志分析 | https://dev.mysql.com/downloads/workbench/ |
| web-log-parser | Web日志分析 | https://github.com/JeffXue/web-log-parser |
杀软
| 名称 | 适用系统 | 备注 | 链接 |
|---|---|---|---|
| ASP.NET-Memshell-Scanner | ASP内存马查杀 | https://github.com/yzddmr6/ASP.NET-Memshell-Scanner | |
| aLIEz | Windows | https://github.com/r00t4dm/aLIEz | |
| BlueHound | Windows | GUI版本主机威胁狩猎工具 | https://github.com/10000Tigers/BlueHound |
| chkrootkit-rootkit查杀 | Linux | http://www.chkrootki.org | |
| clamscan | Linux | http://www.clamav.net | |
| CloudWalker牧云 | Windows | http://github.com/chaitin/cloudwalker | |
| copagent | Java内存马查杀 | https://github.com/LandGrey/copagent | |
| D盾 | Windows | http://www.d99net.net/index.asp | |
| iDefender | Windows | 冰盾 | https://github.com/wecooperate/iDefender https://imonitorsdk.com/idefender |
| java-memshell-scanner | Java内存马查杀 | https://github.com/c0ny1/java-memshell-scanner | |
| rkhunter-rootkit查杀 | Linux | http://rkhunter.sourceforge.net | |
| shell-analyzer | Windows Linux |
Java内存马查杀GUI工具 | https://github.com/4ra1n/shell-analyzer |
| shellpub-河马shell查杀 | Windows | https://www.shellpub.com | |
| WebShellDetector | Windows | http://www.shelldetector.com |
WAF
| 名称 | 备注 | 链接 |
|---|---|---|
| jxwaf | https://github.com/jx-sec/jxwaf | |
| https://github.com/chaitin/safeline https://demo.waf-ce.chaitin.cn:9443/ |
预防
| 名称 | 备注 | 链接 |
|---|---|---|
| Coercer | 强制Windows服务器在任意电脑上身份验证 | https://github.com/p0dalirius/Coercer |
| dismap | 主机服务信息收集 | https://github.com/zhzyker/dismap |
| whids | 开源EDR | https://github.com/0xrawsec/whids |