其他收录平台或项目传送门:
开源扫描器收录地址:https://github.com/We5ter/Scanners-Box
T00ls论坛收集工具集 https://github.com/tengzhangchao/Sec-Box
渗透师导航:https://www.shentoushi.top/
信息收集工具集:https://github.com/redhuntlabs/Awesome-Asset-Discovery
K8工具集: https://github.com/k8gege/K8tools
APP测试:https://github.com/Brucetg/App_Security
红队资源链接合集(干货超多):https://github.com/hudunkey/Red-Team-links
红队实用工具 :https://github.com/Threekiii/Awesome-Redteam 另一个工具+EXP合集:https://github.com/Mr-xn/Penetration_Testing_POC/
以下为个人整理收集
- java 无文件webshell:https://github.com/rebeyond/memShell
- 瑞士军刀Bettercap:https://github.com/bettercap/bettercap
- XSS批量扫描,源自先知:https://github.com/bsmali4/xssfork
- 个人收集编写的POC:
- 跨站数据劫持POC https://github.com/nccgroup/CrossSiteContentHijacking
- 自动化测试工具,POC在script路径下 https://github.com/Xyntax/POC-T/tree/master
- 收集各种语言的webshell:https://github.com/tennc/webshell
- XXE注入工具 Ruby编写:https://github.com/enjoiz/XXEinjector
- xxe 测试工具:https://github.com/TheTwitchy/xxer
- burp AES加密插件:https://github.com/Ebryx/AES-Killer
- XXE payload生成:https://github.com/BuffaloWill/oxml_xxe/
- Nginx 路径穿越burp测试插件:https://github.com/bayotop/off-by-slash
- 红队自动化部署:https://github.com/360-A-Team/LuWu
- JS反混淆:https://github.com/mindedsecurity/JStillery
- 基于规则匹配的高亮信息标记插件: https://github.com/gh0stkey/HaE
- 添加一些burp右键菜单(Unicode解码、添加常用payload、筛除无关网站等) https://github.com/bit4woo/knife
- HW打点资产管理 https://github.com/bit4woo/domain_hunter_pro
- 配合被动漏扫的插件: https://github.com/c0ny1/passive-scan-client
- 破解前端加密: https://github.com/c0ny1/jsEncrypter
- 自动化扫描shiro漏洞: https://github.com/pmiaowu/BurpShiroPassiveScan
- 结合API对验证码进行识别(可搭配muggle-ocr库食用) https://github.com/c0ny1/captcha-killer
- 自动扫描网页中的链接(可在插件商店下载) https://github.com/GerbenJavado/LinkFinder
- 针对webservice(wsdl接口)生成poc测试(插件商店有,在装不上时可以直接下载release版本) https://github.com/NetSPI/Wsdler
- 方便筛选和记录burp流量的插件(可在插件商店下载):https://github.com/nccgroup/LoggerPlusPlus
- SN1PER(功能:扫描开放端口、waf、指纹识别、目录扫描):https://github.com/1N3/Sn1per
- web页面直接调用工具(dirsearch、masscan、amass、patator)扫描:https://github.com/c0rvax/project-black
- 自动化扫描网站的CORS配置的漏洞:https://github.com/chenjj/CORScanner
- 长亭X-ray漏洞扫描器:https://github.com/chaitin/xray/
- 美杜莎漏扫:https://github.com/Ascotbe/Medusa
- w13scan:https://github.com/w-digital-scanner/w13scan
- 利用github action 进行自动化扫描:https://github.com/inbug-team/InCloud
- 集成了fofa、漏洞扫描、web指纹等多个扫描功能(也可在内网扫):https://github.com/P1-Team/AlliN
- 应急响应工具集:https://github.com/meirwah/awesome-incident-response
- 应急实战笔记:https://github.com/Bypass007/Emergency-Response-Notes
- 进程查看:
- https://www.nomoreransom.org/crypto-sheriff.php
- 奇安信:https://lesuobingdu.qianxin.com/
- VenusEye:https://lesuo.venuseye.com.cn/
- 深信服:https://edr.sangfor.com.cn/#/information/ransom_search
- 360:https://lesuobingdu.360.cn/
- 腾讯:https://guanjia.qq.com/pr/ls/
- https://github.com/jiansiting/Decryption-Tools
- 弱口令字典:https://weakpass.com/
- https://github.com/7hang/Fuzz_dic
- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://github.com/berzerk0/Probable-Wordlists
- https://github.com/danielmiessler/SecLists
- 文件上传时文件名fuzz:https://github.com/c0ny1/upload-fuzz-dic-builder
- robots.txt 不允许访问的目录:https://github.com/danielmiessler/RobotsDisallowed
- https://github.com/TheKingOfDuck/fuzzDicts
- https://github.com/1N3/IntruderPayloads (burp_payload)
- 网站暴破+xss+sqli:https://github.com/SilverPoision/a-full-list-of-wordlists/tree/master/Wordlists/burp_pack
- 键盘组合、字母+数字混合密码暴破:https://github.com/huyuanzhi2/password_brute_dictionary
- https://github.com/ppbibo/PentesterSpecialDict
- https://github.com/r35tart/RW_Password
- 假名生成器:https://github.com/joke2k/faker
- 在线协作markdown,可用于团队内部信息共享(可在离线环境搭建):https://github.com/hackmdio/codimd
- FOFA浏览器插件:https://github.com/fofapro/fofa_view
- WAF指纹识别及Bypass https://github.com/Ekultek/WhatWaf
- 带截图go语言脚本扫描端口: https://github.com/michenriksen/aquatone
- wfuzz:https://github.com/xmendez/wfuzz
- 可用于host头碰撞或者各种fuzz:https://github.com/ffuf/ffuf
- host头碰撞:https://github.com/fofapro/Hosts_scan
- .git、.svn和.DS_Store利用:https://github.com/0xHJK/dumpall
- 指纹识别:
- 集成了HaE的规则的浏览器插件:https://github.com/ResidualLaugh/FindSomething
- 目录扫描工具:
- https://github.com/maurosoria/dirsearch
- caesar(自带扫描字典,原版已被删除):https://github.com/zhanglei/Caesar
- JSFinder:
- 子域名收集:
- 基于企业备案信息查询:https://github.com/canc3s/cDomain
- 根据SSL证书收集子域名:https://github.com/yassineaboukir/sublert
- python脚本+mangodb实时监控:https://github.com/guimaizi/get_domain
- 可发现二级、三级子域名:https://github.com/infosec-au/altdns
- asyncio+aiodns大字典暴破子域名 https://github.com/ldbfpiaoran/subdns
- 基于Python3.8,可以通过多种API来获取并验证子域名: https://github.com/shmilylty/OneForAll
- MYSQL_SQL注入: https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI
- waf指纹字典及绕过方式:https://github.com/0xInfection/Awesome-WAF
- waf识别脚本:https://github.com/stamparm/identYwaf
- 自动化绕WAF:https://github.com/khalilbijjou/WAFNinja
- Windows
-
windows提权在线辅助:http://bugs.hacking8.com/tiquan/
-
windows内核提权EXP:https://github.com/SecWiki/windows-kernel-exploits
-
windows系统提权脚本:https://github.com/bitsadmin/wesng
-
windows exp提权:https://github.com/lyshark/Windows-exploits
-
potato:可能会被杀
- JuicyPotato:
- https://github.com/uknowsec/SweetPotato
- 域提权:https://github.com/antonioCoco/RemotePotato0
- PipePotato
- PrintNotifyPotato:https://github.com/BeichenDream/PrintNotifyPotato
-
通过窃取
system权限进程的token来创建一个具有system权限的进程来执行命令:https://github.com/uknowsec/getSystem
- Linux
- Linux系统提权脚本:
- linux 内核提权EXP:https://github.com/SecWiki/linux-kernel-exploits
- 提权工具套件(win、linux):https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
- 内核提权: https://github.com/bcoles/kernel-exploits
- 非root权限监听Linux进程(监控定时任务比较有用):https://github.com/DominicBreuker/pspy
- 基于redis主从复制无损上传文件:https://github.com/r35tart/RedisWriteFile
- 带dll劫持的主从复制利用redis:https://github.com/0671/RabR
- 数据库一键getshell:https://github.com/SafeGroceryStore/MDUT
- 伪MySQL服务器读取任意文件:https://github.com/allyshka/Rogue-MySql-Server
- mssql:
- 内网渗透tips :https://github.com/Ridter/Intranet_Penetration_Tips
- 域渗透笔记:https://github.com/uknowsec/Active-Directory-Pentest-Notes
- powershell 红队内网渗透 https://github.com/samratashok/nishang
- powershell 实现的一些工具:https://github.com/clymb3r/PowerShell
- powershell 反弹tcpshell https://github.com/ZHacker13/ReverseTCPShell
- powershell 混淆:
- 后门制作(kali已集成): https://github.com/secretsquirrel/the-backdoor-factory
- RAT:https://github.com/Screetsec/TheFatRat
- vSphere批量利用:https://github.com/RicterZ/PySharpSphere
- 图形化的MSF:https://github.com/FunnyWolf/Viper
- 白利用(lolbins):https://lolbas-project.github.io/
golang实现的支持多种场合的隧道代理工具:https://github.com/ginuerzh/gost
- http隧道:
- 加密流量版的reGeorg,原生的regeorg已经能够被设备识别了:https://github.com/L-codes/Neo-reGeorg
- node.js版的内网流量转发:https://github.com/johncant/node-http-tunnel
- https://github.com/blackarrowsec/pivotnacci
- 不出网上线cs:https://github.com/FunnyWolf/pystinger
- 高性能的http代理,但只支持java,可植入内存马使用:https://github.com/zema1/suo5
- socks隧道
- frp内网流量转发,支持tcp、udp,不支持正向:https://github.com/fatedier/frp
- rust编写的类frp内网穿透工具:https://github.com/rapiz1/rathole
- EarthWorm开启Socks5代理:https://github.com/idlefire/ew
- 带Meterpreter的HTTP加密通道流量转发:https://github.com/nccgroup/ABPTTS
- nps内网穿透:https://github.com/ehang-io/nps (nps使用教程)
- 端口转发:https://github.com/EddieIvan01/iox
- 正向socks代理,支持设置用户名和密码:https://github.com/jqqjj/socks5
- 多级代理(frp也支持多级代理):
- mssqlproxy:https://github.com/blackarrowsec/mssqlproxy
- pingtunnel:https://github.com/esrrhs/pingtunnel
-
Windows密码暴力破解:https://github.com/shinnok/johnny
-
mimikatz: https://github.com/gentilkiwi/mimikatz
-
对Navicat,TeamViewer,FileZilla,WinSCP,Xmangager,Xshell等产品进行解密:
-
python脚本获取系统软件各类密码:https://github.com/AlessandroZ/LaZagne
-
浏览器相关信息搜集:
- C#收集浏览器保存的密码信息(老版本SharpWeb):https://github.com/djhohnstein/SharpWeb
- C#提取浏览器密码:https://github.com/QAX-A-Team/BrowserGhost
- 跨平台提取浏览器密码 https://github.com/moonD4rk/HackBrowserData
- C#提取浏览器密码(安恒星火实验室出品):https://github.com/StarfireLab/SharpWeb
-
内网信息收集,支持cs扩展:https://github.com/Adminisme/ServerScan
-
寻找内网核心网段(多网卡扫描):https://github.com/r35tart/GetIPinfo
-
内网端口扫描,部分自动指纹识别:
-
cs插件:
-
NTLM Hash获取exchange 邮件:
-
用友nc数据库解密:https://github.com/jas502n/ncDecode
- powershell混淆:https://github.com/danielbohannon/Invoke-Obfuscation
- 掩日:https://github.com/1y0n/AV_Evasion_Tool
- https://github.com/Hangingsword/HouQing
- 搭配cs4.1新出的bof实现内存执行PE:https://github.com/phra/PEzor
- windows api添加用户:https://github.com/lengjibo/NetUser
学习:https://github.com/JDArmy/DCSec
- powershell 内网利用脚本:https://github.com/PowerShellMafia/PowerSploit
- 域内杀伤链:https://github.com/infosecn1nja/AD-Attack-Defense
- AD CS audit:https://github.com/GhostPack/PSPKIAudit
- https://github.com/GhostPack/Rubeus
- https://github.com/C-Sto/gosecretsdump
- ADFind:https://www.softpedia.com/get/Programming/Other-Programming-Files/AdFind.shtml
- Inveigh: 实测比较有效是python2和powershell版本
- exe版本:https://github.com/HamzaKHIATE/Toolbox/tree/master/Responder
- python2:https://github.com/SpiderLabs/Responder/
- powershell版本:https://github.com/Kevin-Robertson/Inveigh
- C#版本,需要自己编译,未成功运行:InveighZero: https://github.com/Kevin-Robertson/InveighZero
- bloodhound:https://github.com/BloodHoundAD/BloodHound
- 批量HASH传递:https://github.com/Kevin-Robertson/Invoke-TheHash
- impacket横向(集成在examles中):https://github.com/SecureAuthCorp/impacket
- impacket-binary(可执行文件):https://github.com/ropnop/impacket_static_binaries/releases/
- vcenter后利用:https://github.com/horizon3ai/vcenter_saml_login
- 魔改cs4.4:https://github.com/TryGOTry/DogCs4.4
- https://github.com/mandiant/SharPersist
- https://github.com/JamesCooteUK/SharpSphere
- https://github.com/BeichenDream/SharpToken
- 经常更新很全的cve poc收集:https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/fjserna/CVE-2015-7547
- https://github.com/FiloSottile/CVE-2016-2107
- CVE-2015-2426: https://github.com/vlad902/hacking-team-windows-kernel-lpe
- https://github.com/RhinoSecurityLabs/CVEs
- https://github.com/Libraggbond/CVE-2018-3191
- https://github.com/gottburgm/Exploits
- https://github.com/ym2011/POC-EXP
- https://github.com/w1109790800/penetration (CMS居多,还有某些工具)
- https://github.com/chompie1337/SMBGhost_RCE_PoC (CVE-2020-0796)
- docker逃逸:https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/nomi-sec/PoC-in-GitHub
-
ysoserial:https://github.com/frohoff/ysoserial
-
struts2 Python2扫描脚本(使用时有中文乱码,需要在字符串前加u): https://github.com/Lucifer1993/struts-scan
-
weblogic
- 漏扫脚本: https://github.com/dr0op/WeblogicScan
- 密码解密:
- EXP:
-
SpringBootExploit:
- https://github.com/LandGrey/SpringBootVulExploit
- 自动化利用:https://github.com/0x727/SpringBootExploit
- 需要用到的JNDI(原JNDI已被删除,需要自行编译):https://github.com/Jeromeyoung/JNDIExploit-1
- 自动化查询heapdump:
-
fastjson利用总结:
-
集成了内存马和headr命令执行的JNDI:https://github.com/feihong-cs/JNDIExploit
-
fastjson 傻瓜化利用:https://github.com/wyzxxz/fastjson_rce_tool
-
shiro反序列化:
-
内存🐴:
- springboot: https://github.com/threedr3am/ZhouYu
- valve内存马:https://github.com/Ghost2097221/addMemShellsJSP
- agent实现:https://github.com/ethushiroha/JavaAgentTools
- 自动化生成内存马:https://github.com/pen4uin/java-memshell-generator-release
- 哥斯拉插件注入Suo5内存马:https://github.com/TonyNPham/GodzillaPlugin-Suo5-MemProxy
-
内存马查杀:
-
JDBC反序列化:
-
Nacos反序列化:https://github.com/c0olw/NacosRce
- 多个java库漏洞代码实践: https://github.com/threedr3am/learnjavabug/
- Java RCE 回显测试代码 https://github.com/feihong-cs/Java-Rce-Echo
- Java 反序列化cheat sheet: https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- java 反序列化Gadget学习:https://github.com/0range228/Gadgets
- 内存马:https://github.com/bitterzzZZ/MemoryShellLearn
- mysql monitor:https://github.com/fupinglee/MySQLMonitor
- .net反编译:
- java反编译:
- 蚁剑:https://github.com/AntSwordProject/antSword
- 冰蝎:https://github.com/rebeyond/Behinder
- 哥斯拉(支持jsp和reGeorg内存版):https://github.com/BeichenDream/Godzilla
- 天蝎(不再对外更新):https://github.com/shack2/skyscorpion
- 反弹shell管理,可上传文件、建立隧道:https://github.com/WangYihang/Platypus
- supershell:https://github.com/tdragon6/Supershell
- 快速提取app中的资产信息:https://github.com/kelvinBen/AppInfoScanner
- 安卓相关项目和文章合集 https://github.com/alphaSeclab/android-security
- jadx 安卓apk代码逆向:https://github.com/skylot/jadx
- app加解密数据包+burp插件 https://github.com/lyxhh/lxhToolHTTPDecrypt
- APP动态测试框架 https://github.com/MobSF/Mobile-Security-Framework-MobSF
- 完整adb用法:https://github.com/mzlogin/awesome-adb
- 知道创宇远程漏洞测试框架:https://github.com/knownsec/Pocsuite
- python爬虫代理池:https://github.com/jhao104/proxy_pool
- 自建无回显平台(DNS、HTTP、XSS) https://github.com/opensec-cn/vtest
- OOB (dnslog):https://github.com/projectdiscovery/interactsh
- XSS 自建平台:
- https://github.com/firesunCN/BlueLotus_XSSReceiver (原项目代码已撤销,可点击fork查看其他人保存的源码)
- https://github.com/mandatoryprogrammer/xsshunter
- https://github.com/78778443/xssplatform
- tp漏洞扫描:https://github.com/Lotus6/ThinkphpGUI
- 自动化SSRF测试:https://github.com/swisskyrepo/SSRFmap
- 验证码AI训练识别:https://github.com/kerlomz/captcha_trainer
- flash xss 测试:https://github.com/cure53/flashbang
- JWT token破解:https://github.com/brendan-rius/c-jwt-cracker
- 自动化扫描JS中的API: https://github.com/rtcatc/Packer-Fuzzer
- 子域名接管指纹:https://github.com/EdOverflow/can-i-take-over-xyz
- 火眼公司windows测试虚拟机:https://github.com/fireeye/commando-vm
- 巡风漏洞扫描器:https://github.com/ysrc/xunfeng
- 宜信洞察 https://github.com/creditease-sec/insight
- 陌陌风控 https://github.com/momosecurity/aswan
- HIDS:https://github.com/ossec/ossec-hids
- 以Nginx为核心高性能服务器Openresty:https://github.com/openresty/openresty
- Nginx安全配置检查:https://github.com/yandex/gixy
- github监控工具:
- 开源蜜罐合集:https://github.com/paralax/awesome-honeypots
- P牛整理安全思维脑图:https://github.com/phith0n/Mind-Map
- 内网渗透知识tips:https://github.com/Ridter/Intranet_Penetration_Tips
- 面试经验:https://github.com/Leezj9671/Pentest_Interview
- 面试知识点: https://www.yuque.com/books/share/bd8433e2-3682-4bf9-bbf7-cb5070764079
- mi1k7ea: http://www.mi1k7ea.com/
- evi1cg:https://evi1cg.me/
- backlion:http://www.cnblogs.com/backlion
- phith0n :https://www.leavesongs.com/
- 黑白:https://www.heibai.org/
- orange: http://blog.orange.tw/
- c0ny1:https://gv7.me/
- nMask: https://thief.one/
- 冷白开:http://www.lengbaikai.net/
- 三好学生: https://3gstudent.github.io/
- spoock:https://blog.spoock.com/
- http://www.zerokeeper.com/
- https://masterxsec.github.io/
- https://www.hacking8.com/