一、漏洞挖掘工具

1.自动侦查框架 这个要好好研究，部署

https://github.com/yogeshojha/rengine

2.JS扫描器

https://github.com/dark-warlord14/JSScanner

3.SSRF自动搜索工具

https://github.com/micha3lb3n/SSRFire

4.JS文件网站搜索

https://github.com/robre/scripthunter

5.渗透测试工具集合

https://github.com/gwen001/pentest-tools

6.burp插件：复制请求和返回包

https://blog.compass-security.com/2020/10/burp-extension-copy-request-response/

6.容器图片和文件系统扫描系统

https://www.kitploit.com/2020/10/grype-vulnerability-scanner-for.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

7.域名分析工具

https://github.com/eldraco/domain_analyzer

8.参数挖掘工具

https://github.com/devanshbatham/ParamSpider

二、学习资源

1.敏捷开发中的信息安全

https://www.infosecurity-magazine.com/opinions/infosec-agile-development/?utm_source=dlvr.it&utm_medium=twitter

2.三种劫持Github方案

https://blog.securityinnovation.com/repo-jacking-exploiting-the-dependency-supply-chain

3. 渗透powershell 命令分享

https://www.infosecmatter.com/powershell-commands-for-pentesters/

4.一个白帽子的4年总结 （认真学习）

https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/

5.HTTP头安全知识

在 Medium.com 上查看

6.bugcrowd公共漏洞赏金计划

https://octopus.com/blog/public-bug-bounty

三、漏洞分析

1.CVE-2020-14882分析

https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf

2.一个有趣的bug分析

https://medium.com/@vedanttekale20/story-of-an-interesting-bug-de07fbef4017

3.特斯拉漏洞分析

https://www.anquanke.com/post/id/218396

https://www.anquanke.com/post/id/220907

4.新型JQuery原型污染漏洞

https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/

5.邮件存储XSS

https://hackerone.com/reports/982291

在 Medium.com 上查看

四、AI安全

1.blackhat议题：怎么用AI克隆自己

https://i.blackhat.com/USA-20/Thursday/us-20-Basu-How-I-Created-My-Clone-Using-AI-Next-Gen-Social-Engineering.pdf

2.在私有化部署里偷取DNN模型

https://www.blackhat.com/eu-20/briefings/schedule/#hermes-attack-steal-dnn-models-in-ai-privatization-deployment-scenarios-21534