Skip to content
/ Audit-Learning Public
forked from jiangsir404/Audit-Learning

记录自己对《代码审计》的理解和总结,对危险函数的深入分析以及在p牛的博客和代码审计圈的收获

3 stars 172 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

demonsec666/Audit-Learning

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
allow_url_fopen 和 allow_url_include.md
allow_url_fopen 和 allow_url_include.md
 
 
open_basedir 研究.md
open_basedir 研究.md
 
 
宽字节注入及数据库编码分析.md
宽字节注入及数据库编码分析.md
 
 
通用代码审计思路.md
通用代码审计思路.md
 
 

Repository files navigation

Audit-Learning

开新坑了,准备花一个月的时间对学过的代码审计知识好好总结一下,持续更新,欢迎各位师傅star支持一下。

Tudo

  • open_basedir 研究
  • allow_url_fopen 和 allow_url_include
  • 宽字节注入及数据库编码分析
  • 通用代码审计思路
  • disable_functions 研究
  • parse_url 函数
  • 危险的file_put_contents函数
  • curl

一些资源

代码审计练习题

https://github.com/CHYbeta/Code-Audit-Challenges

wonderkun师傅的ctf web练习题: https://github.com/wonderkun/CTF_web

https://github.com/bowu678/php_bugs

乌云

Xyntax师傅整理的乌云1000个PHP代码审计案例: https://github.com/Xyntax/1000php

乌云Drops文章备份: https://github.com/SecWiki/wooyun_articles

高级PHP应用程序漏洞审核技术(by黑哥)https://github.com/Jyny/pasc2at

思维导图

cheybeta师傅的Web学习资料整理: https://github.com/CHYbeta/Web-Security-Learning

https://github.com/CHYbeta/phith0n-Mind-Map

书籍

《代码审计》

《PHP7内核剖析》 https://github.com/pangudashu/php7-internal

代码审计工具

cobra: https://github.com/wufeifei/cobra

Seay源代码审计系统2.1: http://www.cnseay.com/

rips: https://github.com/ripsscanner/rips

About

记录自己对《代码审计》的理解和总结,对危险函数的深入分析以及在p牛的博客和代码审计圈的收获

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages