待办
学习安全运营 https://wiki.y1ng.org/
学习自动化审计脚本 https://github.com/Night-Master/sdlc_python
自动化越权检测:https://github.com/y1nglamore/IDOR_detect_tool?tab=readme-ov-file
被动式黑盒扫描:https://github.com/ghtwf01/excavator
灰盒自动化漏洞挖掘实践:http://xz.aliyun.com/t/2603
https://b1ngz.github.io/automatic-blackbox-scanner-based-on-arachni/
sqlmap 检测剖析:
宝藏网站
https://cve.imfht.com/
https://peiqi.wgpsec.org/
https://forum.ywhack.com/infosec.php
信息搜集的一些小技巧:https://forum.ywhack.com/bountytips.php?getinfo
每日更新热点CVE:www.cveshield.com
每日必看漏洞库:https://avd.aliyun.com/nvd/list
大语言模型应用在安全领域的案例 https://github.com/liu673/Awesome-LLM4Security?tab=readme-ov-file
漏洞数据集:https://github.com/Eshe0922/ReposVul
工具
API测试:ReadyAPI、Postman
插件:Wappalyzer
方向
DevSecOp:https://www.secrss.com/articles/31259
靶场
API测试:DVWS
好的博客
https://y1ng.org/tags/%E6%84%9F%E4%BA%86%E4%B8%AA%E6%82%9F/
https://wiki.y1ng.org/