通用工具
|
工具类型 |
工具地址 |
|
内网扫描 |
https://github.com/shadow1ng/fscan |
|
哥斯拉Webshell管理 |
https://github.com/BeichenDream/Godzilla |
|
aliyun-accesskey-Tools |
https://github.com/mrknow001/aliyun-accesskey-Tools |
|
PEASS-ng 提权套装 |
https://github.com/carlospolop/PEASS-ng |
|
nuclei 漏洞扫描器 |
https://github.com/projectdiscovery/nuclei |
|
railgun 渗透集成化工具 |
https://github.com/lz520520/railgun |
|
YAKIT 网络安全单兵工具 |
https://github.com/yaklang/yakit |
|
EHole (棱洞) 3.0 指纹探测工具 |
https://github.com/EdgeSecurityTeam/EHole |
|
Traitor 提权工具 |
https://github.com/liamg/traitor |
|
Stowaway 内网穿透 |
https://github.com/ph4ntonn/Stowaway |
|
CF 云环境利用框架 |
https://github.com/teamssix/cf |
|
Naabu 端口扫描 |
https://github.com/projectdiscovery/naabu |
|
httpx HTTP状态获取 |
https://github.com/projectdiscovery/httpx |
|
Malleable C2 Profiles |
https://github.com/xx0hcd/Malleable-C2-Profiles |
|
shuize(水泽) 信息收集 |
https://github.com/0x727/ShuiZe_0x727 |
|
工具类型 |
工具地址 |
|
Cloud-Bucket-Leak-Detection- Tools |
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools |
|
SharpHostInfo 内网主机探测 |
https://github.com/shmilylty/SharpHostInfo |
|
pocsuite3 |
https://github.com/knownsec/pocsuite3 |
|
URLFinder |
https://github.com/pingc0y/URLFinder |
|
ALLiN 扫描工具 |
https://github.com/P1-Team/AlliN |
|
ihoneyBakFileScan 备份文件泄露扫 描 |
https://github.com/VMsec/ihoneyBakFileScan_Modify |
|
spark(火花) 自动字典生成器 |
https://github.com/G0mini/spark |
|
Exphub 漏洞利用脚本 |
https://github.com/zhzyker/exphub |
|
EasyPen 综合利用工具 |
https://github.com/lijiejie/EasyPen |
|
Dog Tunnel(狗洞)端口映射工具 |
https://github.com/vzex/dog-tunnel |
|
frp 端口映射工具 |
https://github.com/fatedier/frp |
|
MYExploit 综合利用工具 |
https://github.com/achuna33/MYExploit |
|
dirsearch 目录扫描工具 |
https://github.com/maurosoria/dirsearch |
|
OneForAll 子域收集工具 |
https://github.com/shmilylty/OneForAll |
|
Cloud-Bucket-Leak-Detection- Tools 云储存利用工具 |
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools |
|
ObserverWard 指纹识别工具 |
https://github.com/0x727/ObserverWard |
|
AtlasC2 C2框架Atlas |
https://github.com/Gr1mmie/AtlasC2 |
|
Goblin 钓鱼演练工具 |
https://github.com/xiecat/goblin |
|
工具类型 |
工具地址 |
|
AsamF 资产收集工具 |
https://github.com/Kento-Sec/AsamF |
|
Httpx IP、 Url批量存活探测 |
https://github.com/projectdiscovery/httpx |
|
Ghidra 软件逆向工程框架 |
https://github.com/NationalSecurityAgency/ghidra |
|
crack 弱口令爆破工具 |
https://github.com/niudaii/crack |
|
Empire 后开发框架 |
https://github.com/BC-SECURITY/Empire |
|
ksubdomain 子域名爆破工具 |
https://github.com/knownsec/ksubdomain |
|
scan4all 综合扫描 |
https://github.com/hktalent/scan4all |
|
Kscan 资产测绘工具 |
https://github.com/lcvvvv/kscan |
|
RedGuard C2流量前置工具 |
https://github.com/wikiZ/RedGuard |
|
VScan 漏洞扫描工具 |
https://github.com/veo/vscan |
|
pydictor 字典建立工具 |
https://github.com/LandGrey/pydictor |
|
AutoPWN Suite 漏扫利用工具 |
https://github.com/GamehunterKaan/AutoPWN-Suite |
|
CloudFlair 找CF真实IP工具 |
https://github.com/christophetd/CloudFlair |
|
feroxbuster 目录扫描工具 |
https://github.com/epi052/feroxbuster |
|
POC-bomber 漏洞检测/利用工具 |
https://github.com/tr0uble-mAker/POC-bomber |
|
iox 端口转发工具 |
https://github.com/EddieIvan01/iox |
|
f8x 一键环境搭建 |
https://github.com/ffffffff0x/f8x |
|
URL 搜集工具 |
https://github.com/lc/gau |
|
工具类型 |
工具地址 |
|
子域名发现工具 |
https://github.com/projectdiscovery/subfinder |
|
pocassist POC框架 |
https://github.com/jweny/pocassist |
|
Gobuster 目录文件、 DNS和VHost 爆破工具 |
https://github.com/OJ/gobuster |
|
Vulmap web漏洞扫描和验证工具 |
https://github.com/zhzyker/vulmap |
|
ESP32 Wi-Fi攻击工具 |
https://github.com/risinek/esp32-wifi-penetration-tool |
|
牛屎花C2远控 |
https://github.com/YDHCUI/manjusaka |
|
Amass 资产发现、子域名扫描工具 |
https://github.com/OWASP/Amass |
|
GitHack Git泄露利用工具 |
https://github.com/lijiejie/GitHack |
|
subDomainsBrute 子域名爆破工具 |
https://github.com/lijiejie/subDomainsBrute |
|
JNDI-Inject-Exploit 反序列化测试工 具 |
https://github.com/exp1orer/JNDI-Inject-Exploit |
|
LadonGo 内网渗透扫描器框架 |
https://github.com/k8gege/LadonGo |
|
Dismap 资产发现及指纹识别 |
https://github.com/zhzyker/dismap |
|
afrog 漏洞扫描工具 |
https://github.com/zan8in/afrog |
|
TruffleHog 敏感信息搜集工具 |
https://github.com/trufflesecurity/trufflehog |
|
Komo 综合资产收集和漏洞扫描工具 |
https://github.com/komomon/Komo |
|
xray 被动扫描安全评估工具 |
https://github.com/chaitin/xray |
|
AppInfoScanner 移动端信息收集扫 描工具 |
https://github.com/kelvinBen/AppInfoScanner |
|
Linux提权exp |
https://github.com/Al1ex/LinuxEelvation |
|
工具类型 |
工具地址 |
|
Packer Fuzzer Webpack网站扫描工 具 |
https://github.com/rtcatc/Packer-Fuzzer |
|
Polaris 信息搜集与漏洞利用框架 |
https://github.com/doimet/Polaris |
|
geacon_pro 免杀工具 |
https://github.com/H4de5-7/geacon_pro |
|
spp 隧道代理工具 |
https://github.com/esrrhs/spp |
|
Payer 子域名挖掘机 |
https://github.com/Pik-sec/Payer |
|
MobSF 移动安全测试框架 |
https://github.com/MobSF/Mobile-Security-Framework-MobSF |
|
ByPassGodzilla/哥斯拉免杀生成 |
https://github.com/Tas9er/ByPassGodzilla |
|
katana 下一代爬虫框架 |
https://github.com/projectdiscovery/katana |
|
SourceDetector 自动发现.map文件 |
https://github.com/SunHuawei/SourceDetector |
|
windows提权漏洞检测 |
https://github.com/bitsadmin/wesng |
|
API未授权扫描插件 |
https://github.com/API-Security/APIKit |
|
Dirmap web目录扫描工具 |
https://github.com/H4ckForJob/dirmap |
|
vshell c2主机群管理工具 |
https://github.com/veo/vshell |
|
Yasso 内网渗透辅助工具集 |
https://github.com/sairson/Yasso |
|
JSFinder 信息收集接口 |
https://github.com/Threezh1/JSFinder |
|
Perun 综合扫描器 |
https://github.com/WyAtu/Perun |
|
AntSword 加载器 |
https://github.com/AntSwordProject/AntSword-Loader |
|
AntSword |
https://github.com/AntSwordProject/antSword |
|
工具类型 |
工具地址 |
|
Goby 漏洞扫描 |
https://github.com/gobysec/Goby |
|
goby exp库 |
https://github.com/k3vi-07/goby-exp |
|
reNgine 自动侦察框架 |
https://github.com/yogeshojha/rengine |
|
SatanSword 红队综合渗透框架 |
https://github.com/Lucifer1993/SatanSword |
|
Dirscan 目录扫描 |
https://github.com/corunb/Dirscan |
|
LSTAR CobaltStrike综合后渗透插件 |
https://github.com/lintstar/LSTAR |
|
Platypus 交互式反向Shell 管理器 |
https://github.com/WangYihang/Platypus |
|
Phoenix 新一代目录扫描神器 |
https://github.com/Pik-sec/Phoenix |
|
RouteVulScan 递归式被动检测脆弱 路径的bp插件 |
https://github.com/F6JO/RouteVulScan |
|
MDUT 数据库跨平台利用工具 |
https://github.com/SafeGroceryStore/MDUT |
|
LaZagne 密码凭证收集工具 |
https://github.com/AlessandroZ/LaZagne |
|
Erfrp frp二开-免杀与隐藏 |
https://github.com/Goqi/Erfrp |
|
EventCleaner 日志清理 |
https://github.com/QAX-A-Team/EventCleaner |
|
UACMe Windows bypassUAC |
https://github.com/hfiref0x/UACME |
|
SCAMagicScan POC漏洞扫描工具 |
https://github.com/SCAMagic/SCAMagicScan |
|
ENScan Go 企业信息搜集工具 |
https://github.com/wgpsec/ENScan_GO |
|
ThunderSearch 闪电搜索器 |
https://github.com/xzajyjs/ThunderSearch |
|
EmailAll 邮箱收集工具 |
https://github.com/Taonn/EmailAll |
|
工具类型 |
工具地址 |
|
finger 资产识别工具 |
https://github.com/EASY233/Finger |
|
apk扫描器 |
https://github.com/dwisiswant0/apkleaks |
|
Neo-reGeorg 代理工具 |
https://github.com/L-codes/Neo-reGeorg |
|
blasting 图形化后台爆破工具 |
https://github.com/gubeihc/blasting |
|
HaE 敏感信息收集burp插件 |
https://github.com/gh0stkey/HaE |
|
powershell免杀混淆 |
https://github.com/H4de5-7/powershell-obfuscation |
|
Bundler-bypass 免杀捆绑器 |
https://github.com/H4de5-7/Bundler-bypass |
|
java图形化漏洞利用工具集 |
https://github.com/savior-only/javafx_tools |
漏洞利用
|
漏洞产品 |
工具地址 |
|
SpringBootExploit |
https://github.com/0x727/SpringBootExploit |
|
Springboot漏洞全家桶 |
https://github.com/woodpecker-appstore/springboot-vuldb |
|
Log4j2Scan |
https://github.com/whwlsfb/Log4j2Scan |
|
ShiroExploit |
https://github.com/feihong-cs/ShiroExploit-Deprecated |
|
ShiroAttack2 |
https://github.com/SummerSec/ShiroAttack2 |
|
thinkphp_gui_tools |
https://github.com/bewhale/thinkphp_gui_tools |
|
Fastjson-Patrol |
https://github.com/ce-automne/FastjsonPatrol |
|
漏洞产品 |
工具地址 |
|
Vmware虚拟化漏洞利用 (HCX/vCenter/NSX/Horizon/vRealize) |
https://github.com/NS-Sp4ce/Vm4J |
|
Struts2-Scan 漏洞检测 |
https://github.com/HatBoy/Struts2-Scan |
|
Fastjson 扫描器 |
https://github.com/a1phaboy/FastjsonScan |
|
致远OA综合利用工具 |
https://github.com/Summer177/seeyon_exp |
|
泛微OA综合利用脚本 |
https://github.com/z1un/weaver_exp |
原文始发于微信公众号(乌雲安全):干货|Github优秀安全工具汇总
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论