前言:本着工具&靶场→提高工作效率,以及寻找方便的态度,自己整理一份合集。
内网扫描和侦察:
fscan
ARL
aliyun-accesskey-Tools
nuclei
Naabu
SharpHostInfo
shuize
OneForAll
Kscan
Web应用渗透测试:
Godzilla
Traitor
Goblin
EasyPen
MYExploit
crack
VScan
dirsearch
Httpx
scan4all
pydictor
Fuso扶桑
AScan
Hikvision
漏洞利用和Exploits:
PEASS-ng
Exphub
Empire
RedGuard
AtlasC2
Struts2-Scan
TPscan
密码和凭证工具:
HackBrowserData
LaZagne
Passive Scan Client - Burp
工具集和辅助工具:
Malleable C2 Profiles
Cloud-Bucket-Leak-Detection-Tools
CloudFlair
POC-bomber
katana
subDomainsBrute
reNgine
SourceDetector
Perun
AntSword
Goby
goby exp库
SatanSword
Dirscan
其他工具:
ObserverWard
Cloud-Bucket-Leak-Detection-Tools
ksubdomain
katana
MDUT
spp
Payer
MobSF
API未授权扫描插件
Bundler-bypass
APP/小程序扫描:
wxapkg-convertor
AppInfoScanner
AppMessenger
apkleaks
apkleaks
APP端口扫描:
naabu
TXPortMap
ServerScan
gonmap
字典/钓鱼/社工/爆破项目:
字典:
SecLists
bruteforce-database
wordlists
top25-parameter
RW_Password
Pwdb-Public
钓鱼/社工:
Cr3dOv3r
maigret
Sreg
osint-scraper
Mailget
cupp
爆破:
goon
中间件工具项目:
OA漏洞利用工具:
OA-EXPTOOL
HVVExploitApply
Spring漏洞利用工具:
SpringExploit
Shiro漏洞利用工具:
shiro_rce_tool
ShiroAttack2
Fastjson漏洞利用工具:
FastjsonScan
FastjsonScan
fastjson-rce-exploit
fastjson_rec_exploit
Weblogic漏洞利用工具:
WeblogicExploit-GUI
weblogicScanner
weblogic-framework
Apache Dubbo漏洞利用工具:
Apache-Dubbo-CVE-2023-23638-exp
dubbo-exp
Jenkins漏洞利用工具:
jenkins-attack-framework
Struts2漏洞利用工具:
Struts2-Scan
Log4j漏洞利用工具:
Log4j_RCE_Tool
log4j-scan
log4j2burpscanner
through_the_wire
其他中间件漏洞利用工具:
CVE-2022-26134-Godzilla-MEMSHELL
YApiRCE
VcenterKiller
SpringBootExploit
应急响应项目:
Windows协议测试套件:
WindowsProtocolTestSuites
Web安全工具:
WebHackersWeapons
FireKylin漏洞扫描工具:
FireKylin
GScan网站漏洞扫描工具:
GScan
Uroboros应急响应框架:
uroboros
WhoHK Web Shell检测工具:
whohk
恶意软件源代码:
MalwareSourceCode
Rootkit Recon木马查杀工具:
rootkitrecon
Web Shell查杀工具:
webshell.cdxy.me
bugscaner
shelldetector
cloudwalker
shellpub
shellpub Windows版
shellpub Linux-amd64版
shellpub Linux-386版
sangfor WebShellKiller
d99net