防御
----------------------------------------

日志检查
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Sysmon <https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon>`_
- `LastActivityView <http://www.nirsoft.net/utils/computer_activity_view.html>`_
- `Regshot <https://sourceforge.net/projects/regshot/>`_

终端监控
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `attack monitor <https://github.com/yarox24/attack_monitor>`_ Endpoint detection & Malware analysis software
- `artillery <https://github.com/BinaryDefense/artillery>`_ The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
- `yurita <https://github.com/paypal/yurita>`_ Anomaly detection framework @ PayPal

XSS防护
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `js xss <https://github.com/leizongmin/js-xss>`_
- `DOMPurify <https://github.com/cure53/DOMPurify>`_
- `google csp evaluator <https://csp-evaluator.withgoogle.com/>`_

配置检查
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Attack Surface Analyzer <https://github.com/microsoft/AttackSurfaceAnalyzer>`_ analyze operating system's security configuration for changes during software installation.
- `gixy <https://github.com/yandex/gixy>`_ Nginx 配置检查工具
- `dockerscan <https://github.com/cr0hn/dockerscan>`_ Docker security analysis & hacking tools

安全检查
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `lynis <https://github.com/CISOfy/lynis>`_
- `linux malware detect <https://github.com/rfxn/linux-malware-detect>`_

IDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `ossec <https://github.com/ossec/ossec-hids>`_
- `yulong <https://github.com/ysrc/yulong-hids>`_
- `AgentSmith <https://github.com/DianrongSecurity/AgentSmith-HIDS>`_

SIEM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `panther <https://github.com/panther-labs/panther>`_ Detect threats with log data and improve cloud security posture

威胁情报
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `threatfeeds <https://threatfeeds.io/>`_
- `abuseipdb <https://www.abuseipdb.com/>`_

APT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `APT Groups and Operations <https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml>`_
- `APTnotes <https://github.com/kbandla/APTnotes>`_

入侵检查
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `huorong <https://www.huorong.cn/>`_
- `check rootkit <http://www.chkrootkit.org>`_
- `rootkit hunter <http://rkhunter.sourceforge.net/>`_
- `PC Hunter <http://www.xuetr.com/>`_
- `autoruns <https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns>`_

进程查看
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Process Explorer <https://docs.microsoft.com/zh-cn/sysinternals/downloads/process-explorer>`_
- `ProcessHacker <https://processhacker.sourceforge.io/>`_

Waf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `naxsi <https://github.com/nbs-system/naxsi>`_
- `ModSecurity <https://github.com/SpiderLabs/ModSecurity>`_
- `ngx_lua_waf <https://github.com/loveshell/ngx_lua_waf>`_
- `OpenWAF <https://github.com/titansec/OpenWAF>`_

病毒在线查杀
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `virustotal <https://www.virustotal.com/>`_
- `virscan <http://www.virscan.org>`_
- `habo <https://habo.qq.com>`_

WebShell查杀
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `D盾 <http://www.d99net.net/index.asp>`_
- `深信服WebShell查杀 <http://edr.sangfor.com.cn/backdoor_detection.html>`_

IoC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `malware ioc <https://github.com/eset/malware-ioc>`_
- `fireeye public iocs <https://github.com/fireeye/iocs>`_
- `signature base <https://github.com/Neo23x0/signature-base>`_
- `yara rules <https://github.com/Yara-Rules/rules>`_

内存取证
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `SfAntiBotPro <http://edr.sangfor.com.cn/tool/SfabAntiBot_X64.7z>`_
- `volatility <https://github.com/volatilityfoundation/volatility>`_

审计工具
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Cobra <https://github.com/FeeiCN/cobra>`_
- `NodeJsScan <https://github.com/ajinabraham/NodeJsScan>`_
- `RIPS <http://rips-scanner.sourceforge.net/>`_
- `pyvulhunter <https://github.com/shengqi158/pyvulhunter>`_
- `pyt <https://github.com/python-security/pyt>`_
- `Semmle QL <https://github.com/Semmle/ql>`_
- `prvd <https://github.com/fate0/prvd>`_
- `find sec bugs <https://github.com/find-sec-bugs/find-sec-bugs>`_
- `trivy <https://github.com/knqyf263/trivy>`_
- `chip <https://github.com/phith0n/chip>`_
- `php malware finder <https://github.com/nbs-system/php-malware-finder>`_
- `phpvulhunter <https://github.com/OneSourceCat/phpvulhunter>`_
- `Sourcetrail <https://github.com/CoatiSoftware/Sourcetrail>`_ free and open-source cross-platform source explorer

Security Advisories
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `apache httpd security advisories  <https://httpd.apache.org/security/>`_
- `nginx security advisories <http://nginx.org/en/security_advisories.html>`_
- `Jetty Security Reports <https://www.eclipse.org/jetty/documentation/current/security-reports.html>`_
- `Apache Tomcat <https://tomcat.apache.org/security-8.html>`_
- `OpenSSL <https://www.openssl.org/news/vulnerabilities.html>`_

风险控制
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `aswan <https://github.com/momosecurity/aswan>`_ 陌陌风控系统静态规则引擎