通用工具
|
工具类型 |
工具地址 |
|
内网扫描 |
https://github.com/shadow1ng/fscan |
|
哥斯拉Webshell管理 |
https://github.com/BeichenDream/Godzilla |
|
ARL资产侦察灯塔 |
https://github.com/TophantTechnology/ARL |
|
aliyun-accesskey-Tools |
https://github.com/mrknow001/aliyun-accesskey-Tools |
|
PEASS-ng 提权套装 |
https://github.com/carlospolop/PEASS-ng |
|
nuclei漏洞扫描器 |
https://github.com/projectdiscovery/nuclei |
|
railgun渗透集成化工具 |
https://github.com/lz520520/railgun |
|
YAKIT网络安全单兵工具 |
https://github.com/yaklang/yakit |
|
EHole(棱洞)3.0 指纹探测工具 |
https://github.com/EdgeSecurityTeam/EHole |
|
Traitor提权工具 |
https://github.com/liamg/traitor |
|
Stowaway内网穿透 |
https://github.com/ph4ntonn/Stowaway |
|
CF云环境利用框架 |
https://github.com/teamssix/cf |
|
Naabu端口扫描 |
https://github.com/projectdiscovery/naabu |
|
httpxHTTP状态获取 |
https://github.com/projectdiscovery/httpx |
|
MalleableC2Profiles |
https://github.com/xx0hcd/Malleable-C2-Profiles |
|
shuize(水泽)信息收集 |
https://github.com/0x727/ShuiZe_0x727 |
|
工具类型 |
工具地址 |
|
Cloud-Bucket-Leak-Detection- Tools |
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools |
|
SharpHostInfo内网主机探测 |
https://github.com/shmilylty/SharpHostInfo |
|
pocsuite3 |
https://github.com/knownsec/pocsuite3 |
|
URLFinder |
https://github.com/pingc0y/URLFinder |
|
ALLiN扫描工具 |
https://github.com/P1-Team/AlliN |
|
ihoneyBakFileScan备份文件泄露扫描 |
https://github.com/VMsec/ihoneyBakFileScan_Modify |
|
spark(火花)自动字典生成器 |
https://github.com/G0mini/spark |
|
Exphub漏洞利用脚本 |
https://github.com/zhzyker/exphub |
|
EasyPen综合利用工具 |
https://github.com/lijiejie/EasyPen |
|
DogTunnel(狗洞)端口映射工具 |
https://github.com/vzex/dog-tunnel |
|
frp端口映射工具 |
https://github.com/fatedier/frp |
|
MYExploit综合利用工具 |
https://github.com/achuna33/MYExploit |
|
dirsearch目录扫描工具 |
https://github.com/maurosoria/dirsearch |
|
OneForAll子域收集工具 |
https://github.com/shmilylty/OneForAll |
|
Cloud-Bucket-Leak-Detection-Tools云储存利用工具 |
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools |
|
ObserverWard指纹识别工具 |
https://github.com/0x727/ObserverWard |
|
AtlasC2C2框架Atlas |
https://github.com/Gr1mmie/AtlasC2 |
|
Goblin钓鱼演练工具 |
https://github.com/xiecat/goblin |
|
工具类型 |
工具地址 |
|
AsamF资产收集工具 |
https://github.com/Kento-Sec/AsamF |
|
HttpxIP、Url批量存活探测 |
https://github.com/projectdiscovery/httpx |
|
Ghidra软件逆向工程框架 |
https://github.com/NationalSecurityAgency/ghidra |
|
crack弱口令爆破工具 |
https://github.com/niudaii/crack |
|
Empire后开发框架 |
https://github.com/BC-SECURITY/Empire |
|
ksubdomain子域名爆破工具 |
https://github.com/knownsec/ksubdomain |
|
scan4all综合扫描 |
https://github.com/hktalent/scan4all |
|
Kscan资产测绘工具 |
https://github.com/lcvvvv/kscan |
|
RedGuardC2流量前置工具 |
https://github.com/wikiZ/RedGuard |
|
VScan漏洞扫描工具 |
https://github.com/veo/vscan |
|
pydictor字典建立工具 |
https://github.com/LandGrey/pydictor |
|
AutoPWNSuite漏扫利用工具 |
https://github.com/GamehunterKaan/AutoPWN-Suite |
|
CloudFlair找CF真实IP工具 |
https://github.com/christophetd/CloudFlair |
|
feroxbuster目录扫描工具 |
https://github.com/epi052/feroxbuster |
|
POC-bomber 漏洞检测/利用工具 |
https://github.com/tr0uble-mAker/POC-bomber |
|
iox端口转发工具 |
https://github.com/EddieIvan01/iox |
|
f8x 一键环境搭建 |
https://github.com/ffffffff0x/f8x |
|
URL搜集工具 |
https://github.com/lc/gau |
|
工具类型 |
工具地址 |
|
子域名发现工具 |
https://github.com/projectdiscovery/subfinder |
|
pocassistPOC框架 |
https://github.com/jweny/pocassist |
|
Gobuster目录文件、DNS和VHost爆破工具 |
https://github.com/OJ/gobuster |
|
Vulmapweb漏洞扫描和验证工具 |
https://github.com/zhzyker/vulmap |
|
ESP32 Wi-Fi攻击工具 |
https://github.com/risinek/esp32-wifi-penetration-tool |
|
牛屎花C2远控 |
https://github.com/YDHCUI/manjusaka |
|
Amass资产发现、子域名扫描工具 |
https://github.com/OWASP/Amass |
|
GitHackGit泄露利用工具 |
https://github.com/lijiejie/GitHack |
|
subDomainsBrute子域名爆破工具 |
https://github.com/lijiejie/subDomainsBrute |
|
JNDI-Inject-Exploit 反序列化测试工具 |
https://github.com/exp1orer/JNDI-Inject-Exploit |
|
LadonGo内网渗透扫描器框架 |
https://github.com/k8gege/LadonGo |
|
Dismap资产发现及指纹识别 |
https://github.com/zhzyker/dismap |
|
afrog漏洞扫描工具 |
https://github.com/zan8in/afrog |
|
TruffleHog敏感信息搜集工具 |
https://github.com/trufflesecurity/trufflehog |
|
Komo综合资产收集和漏洞扫描工具 |
https://github.com/komomon/Komo |
|
xray被动扫描安全评估工具 |
https://github.com/chaitin/xray |
|
AppInfoScanner移动端信息收集扫描工具 |
https://github.com/kelvinBen/AppInfoScanner |
|
Linux提权exp |
https://github.com/Al1ex/LinuxEelvation |
|
工具类型 |
工具地址 |
|
PackerFuzzerWebpack网站扫描工具 |
https://github.com/rtcatc/Packer-Fuzzer |
|
Polaris信息搜集与漏洞利用框架 |
https://github.com/doimet/Polaris |
|
geacon_pro免杀工具 |
https://github.com/H4de5-7/geacon_pro |
|
spp隧道代理工具 |
https://github.com/esrrhs/spp |
|
Payer子域名挖掘机 |
https://github.com/Pik-sec/Payer |
|
MobSF移动安全测试框架 |
https://github.com/MobSF/Mobile-Security-Framework-MobSF |
|
ByPassGodzilla/哥斯拉免杀生成 |
https://github.com/Tas9er/ByPassGodzilla |
|
katana下一代爬虫框架 |
https://github.com/projectdiscovery/katana |
|
SourceDetector自动发现.map文件 |
https://github.com/SunHuawei/SourceDetector |
|
windows提权漏洞检测 |
https://github.com/bitsadmin/wesng |
|
API未授权扫描插件 |
https://github.com/API-Security/APIKit |
|
Dirmapweb目录扫描工具 |
https://github.com/H4ckForJob/dirmap |
|
vshellc2主机群管理工具 |
https://github.com/veo/vshell |
|
Yasso内网渗透辅助工具集 |
https://github.com/sairson/Yasso |
|
JSFinder信息收集接口 |
https://github.com/Threezh1/JSFinder |
|
Perun综合扫描器 |
https://github.com/WyAtu/Perun |
|
AntSword加载器 |
https://github.com/AntSwordProject/AntSword-Loader |
|
AntSword |
https://github.com/AntSwordProject/antSword |
|
工具类型 |
工具地址 |
|
Goby漏洞扫描 |
https://github.com/gobysec/Goby |
|
gobyexp库 |
https://github.com/k3vi-07/goby-exp |
|
reNgine自动侦察框架 |
https://github.com/yogeshojha/rengine |
|
SatanSword红队综合渗透框架 |
https://github.com/Lucifer1993/SatanSword |
|
Dirscan目录扫描 |
https://github.com/corunb/Dirscan |
|
LSTARCobaltStrike综合后渗透插件 |
https://github.com/lintstar/LSTAR |
|
Platypus交互式反向Shell管理器 |
https://github.com/WangYihang/Platypus |
|
Phoenix新一代目录扫描神器 |
https://github.com/Pik-sec/Phoenix |
|
RouteVulScan递归式被动检测脆弱路径的bp插件 |
https://github.com/F6JO/RouteVulScan |
|
MDUT数据库跨平台利用工具 |
https://github.com/SafeGroceryStore/MDUT |
|
LaZagne密码凭证收集工具 |
https://github.com/AlessandroZ/LaZagne |
|
Erfrpfrp二开-免杀与隐藏 |
https://github.com/Goqi/Erfrp |
|
EventCleaner日志清理 |
https://github.com/QAX-A-Team/EventCleaner |
|
UACMe WindowsbypassUAC |
https://github.com/hfiref0x/UACME |
|
SCAMagicScanPOC漏洞扫描工具 |
https://github.com/SCAMagic/SCAMagicScan |
|
ENScanGo企业信息搜集工具 |
https://github.com/wgpsec/ENScan_GO |
|
ThunderSearch闪电搜索器 |
https://github.com/xzajyjs/ThunderSearch |
|
EmailAll邮箱收集工具 |
https://github.com/Taonn/EmailAll |
|
工具类型 |
工具地址 |
|
finger资产识别工具 |
https://github.com/EASY233/Finger |
|
apk扫描器 |
https://github.com/dwisiswant0/apkleaks |
|
Neo-reGeorg 代理工具 |
https://github.com/L-codes/Neo-reGeorg |
|
blasting图形化后台爆破工具 |
https://github.com/gubeihc/blasting |
|
HaE敏感信息收集burp插件 |
https://github.com/gh0stkey/HaE |
|
powershell免杀混淆 |
https://github.com/H4de5-7/powershell-obfuscation |
|
Bundler-bypass免杀捆绑器 |
https://github.com/H4de5-7/Bundler-bypass |
|
java图形化漏洞利用工具集 |
https://github.com/savior-only/javafx_tools |
漏洞利用
|
漏洞产品 |
工具地址 |
|
SpringBootExploit |
https://github.com/0x727/SpringBootExploit |
|
Springboot漏洞全家桶 |
https://github.com/woodpecker-appstore/springboot-vuldb |
|
Log4j2Scan |
https://github.com/whwlsfb/Log4j2Scan |
|
ShiroExploit |
https://github.com/feihong-cs/ShiroExploit-Deprecated |
|
ShiroAttack2 |
https://github.com/SummerSec/ShiroAttack2 |
|
thinkphp_gui_tools |
https://github.com/bewhale/thinkphp_gui_tools |
|
Fastjson-Patrol |
https://github.com/ce-automne/FastjsonPatrol |
|
漏洞产品 |
工具地址 |
|
Vmware虚拟化漏洞利用 (HCX/vCenter/NSX/Horizon/vRealize) |
https://github.com/NS-Sp4ce/Vm4J |
|
Struts2-Scan漏洞检测 |
https://github.com/HatBoy/Struts2-Scan |
|
Fastjson扫描器 |
https://github.com/a1phaboy/FastjsonScan |
|
致远OA综合利用工具 |
https://github.com/Summer177/seeyon_exp |
|
泛微OA综合利用脚本 |
https://github.com/z1un/weaver_exp |
加入我们的星球,我们能提供:
1对1就业指导、面试模拟、Golang工具开发学习、Fofo高级会员、各公众号历史文章合集、各种网络安全电子书、面试题合集、最新poc、exp、最常用工具推荐、开放交流环境,解决成员问题。
原文始发于微信公众号(CatalyzeSec):护网中经常使用的一些工具
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论