2024年7月20日09:45:41评论80 views字数 34896阅读116分19秒阅读模式

Awesome-Redteam

红队知识仓库|Awesome-Redteam

编解码/加解密 Cryptography

Online:

http://www.ip33.com/
https://evilcos.me/lab/xssee/
http://www.metools.info/
https://www.107000.com/
https://github.com/wangyiwy/oktools
http://www.hiencode.com/
http://www.atoolbox.net/
https://www.sojson.com/
https://the-x.cn/

Offline:

https://github.com/Ciphey/Ciphey
https://github.com/gchq/CyberChef
http://1o1o.xyz/bo_ctfcode.html
https://github.com/guyoung/CaptfEncoder

MD5:

https://www.cmd5.org/
https://www.somd5.com/
https://www.onlinehashcrack.com/
https://crackstation.net/
https://crack.sh/
https://passwordrecovery.io/
https://md5decrypt.net/en/Sha256/
https://hashes.com/en/decrypt/hash

RSA:

https://www.ssleye.com/ssltool/
https://www.lddgo.net/en/encrypt/rsa work with .pem

Encode/Decode:

GB2312: http://code.mcdvisa.com/
Unicode: https://www.compart.com/en/unicode/
UUencode: http://web.chacuo.net/charsetuuencode
Escape/Unescape: https://tool.chinaz.com/tools/escape.aspx
HTML 实体编码: https://zh.rakko.tools/tools/21/

Regular Expressions:

https://regex101.com/
https://github.com/VincentSit/ChinaMobilePhoneNumberRegex
https://github.com/any86/any-rule

威胁情报 Threat Intelligence

Virustotal: https://www.virustotal.com/
腾讯哈勃分析系统: https://habo.qq.com/tool/index
微步在线威胁情报: https://x.threatbook.com/
奇安信威胁情报: https://ti.qianxin.com/
360 威胁情报: https://ti.360.net/
网络安全威胁信息共享平台: https://share.anva.org.cn/web/publicity/listPhishing
安恒威胁情报: https://ti.dbappsecurity.com.cn/
火线安全平台: https://www.huoxian.cn
知道创宇黑客新闻流: https://hackernews.cc/
Hacking8 安全信息流: https://i.hacking8.com/
SecWiki 安全信息流: https://www.sec-wiki.com/

网络空间测绘 Cyberspace Search Engine

Fofa: https://fofa.info/
Shodan: https://www.shodan.io/
ZoomEye: https://www.zoomeye.org/
鹰图: https://hunter.qianxin.com/
谛听: https://www.ditecting.com/
Quake: https://quake.360.cn/quake/
Censys: https://search.censys.io/
Netlas: https://app.netlas.io/domains/
Wayback Machine: 网页历史缓存 https://web.archive.org/
VisualPing: 网页变动监测 https://visualping.io/
Dark Web Exposure: https://www.immuniweb.com/darkweb/
SG TCP/IP 端口数据库: https://www.speedguide.net/ports.php
Google Hacking Database:

https://www.exploit-db.com/google-hacking-database
https://github.com/cipher387/Dorks-collections-list
https://cxsecurity.com/dorks/

Google Hacking Online:

https://dorks.faisalahmed.me/
https://pentest-tools.com/information-gathering/google-hacking
http://advangle.com/
https://0iq.me/gip/

Google Hacking Cli:

https://github.com/obheda12/GitDorker
https://github.com/six2dez/dorks_hunter

Github Dork:

https://github.com/search/advanced
https://github.com/obheda12/GitDorker
https://github.com/damit5/gitdorks_go

开源情报 Open-Source Intelligence

OSINT Resource List: https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list
OSINT Framework: https://osintframework.com/
OSINT Handbook: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf
Public APIs:

https://www.postman.com/explore/
https://rapidapi.com/

Discover secret API keys: https://serene-agnesi-57a014.netlify.app/
Source code Search Engine:

https://publicwww.com/
https://searchcode.com/

攻防相关 Offensive Security

Red Teaming and Offensive Security:

https://www.ired.team/
https://www.thehacker.recipes/
https://ppn.snovvcrash.rocks/
https://book.hacktricks.xyz/
https://blog.harmj0y.net/
https://hausec.com/domain-penetration-testing/
https://dirkjanm.io/
https://casvancooten.com/
https://evasions.checkpoint.com/
https://redteam.guide/docs/definitions
https://github.com/HadessCS/Red-team-Interview-Questions

Blue Teaming and Defensive Security:

https://github.com/Purp1eW0lf/Blue-Team-Notes

OPSEC:

https://github.com/WesleyWong420/OPSEC-Tradecraft

漏洞相关 Vulnerabilities

国内信息披露平台:

国家信息安全漏洞库: https://www.cnnvd.org.cn/
国家互联网应急中心: https://www.cert.org.cn/
360 网络安全响应中心: https://cert.360.cn/
知道创宇漏洞库: https://www.seebug.org/
长亭漏洞库: https://stack.chaitin.com/vuldb/
阿里云漏洞库: https://avd.aliyun.com/high-risk/list
PeiQi 漏洞库: https://peiqi.wgpsec.org/

国外信息披露平台:

https://www.hackerone.com/
https://cve.mitre.org/
https://nvd.nist.gov/
https://www.rapid7.com/db/
https://packetstormsecurity.com/files/tags/exploit
https://github.com/trickest/cve

Exploits 搜索引擎:

https://sploitus.com/
https://www.exploit-db.com/ kali 中可以配合命令 searchsploit <keywords> 使用

社区/知识库 Open-Source Resources

先知社区: https://xz.aliyun.com/
Infocon: https://infocon.org/
ffffffff0x 团队安全知识框架: https://github.com/ffffffff0x/1earn
狼组公开知识库: https://wiki.wgpsec.org/
Mitre ATT&CK:

matrices: https://attack.mitre.org/matrices/enterprise
techniques: http://attack.mitre.org/techniques/enterprise/

Hacking articles: https://www.hackingarticles.in/
PostSwigger blog: https://portswigger.net/blog
InGuardians Labs blog: https://www.inguardians.com/
Pentest Workflow: https://pentest.mxhx.org/
Pentest cheatsheet: https://pentestbook.six2dez.com/
Programming/Toolkit/Command/OS/Shortcuts Cheatsheets:

https://cheatsheets.zip/
https://learnxinyminutes.com/

工具集 Open-Source Toolkit

Nice Tools:

https://forum.ywhack.com/bountytips.php?tools
https://github.com/knownsec/404StarLink
https://pentest-tools.com/

Beautifier:

http://web.chacuo.net/formatsh
https://beautifier.io/
http://jsnice.org/

Reverse Shell Generator:

https://www.revshells.com/
https://forum.ywhack.com/reverse-shell/
https://tex2e.github.io/reverse-shell-generator/index.html
https://github.com/0dayCTF/reverse-shell-generator

File Download Generator:

https://github.com/r0eXpeR/File-Download-Generator

Shorten URLs: https://a.f8x.io/

信息收集 Reconnaissance

综合工具 Nice Tools

AlliN: https://github.com/P1-Team/AlliN
fscan: https://github.com/shadow1ng/fscan
TscanPlus: https://github.com/TideSec/TscanPlus
kscan: https://github.com/lcvvvv/kscan
Kunyu: https://github.com/knownsec/Kunyu
OneForAll: https://github.com/shmilylty/OneForAll
ShuiZe: https://github.com/0x727/ShuiZe_0x727
FofaX: https://github.com/xiecat/fofax
Fofa Viewer: https://github.com/wgpsec/fofa_viewer
ENScan_GO: https://github.com/wgpsec/ENScan_GO
Amass: https://github.com/owasp-amass/amass

IP/域名/子域名 IP/Domain/Subdomain

IP 信息收集:

https://www.ipuu.net/
https://site.ip138.com/
https://myip.ms/
https://ipwhois.cnnic.net.cn

多个地点 Ping 服务器:

https://ping.chinaz.com/
https://www.host-tracker.com/
https://www.webpagetest.org/
https://dnscheck.pingdom.com/

IP 反查域名:

https://site.ip138.com/
https://x.threatbook.cn/
https://www.virustotal.com/

Whois 信息收集:

https://whois.chinaz.com/
https://whois.aliyun.com/
https://who.is/
https://www.whoxy.com/

DNS 信息收集:

https://hackertarget.com/find-dns-host-records
https://dnsdumpster.com
https://dnsdb.io/zh-cn
https://centralops.net/co/
https://viewdns.info/
https://dnsdumpster.com/
https://rapiddns.io/

ASN 信息收集:

https://wq.apnic.net/
https://bgp.he.net/
https://bgpview.io/

TLS 证书查询:

https://censys.io
https://crt.sh

指纹识别 Fingerprint

Fingerprint Collection:

https://github.com/r0eXpeR/fingerprint

Fingerprint Reconnaissance:

https://github.com/EASY233/Finger
https://github.com/EdgeSecurityTeam/EHole
https://github.com/0x727/ObserverWard
https://github.com/TideSec/TideFinger_Go
https://github.com/zhzyker/dismap
https://www.webshell.cc/4697.html
http://www.yunsee.cn/ online

Waf Checks:

https://github.com/stamparm/identYwaf
https://github.com/EnableSecurity/wafw00f
https://github.com/MISP/misp-warninglists

扫描/爆破 Brute Force

扫描/爆破工具 Brute Force Tools

Port:

https://github.com/antirez/hping

Subdomain:

https://github.com/projectdiscovery/subfinder
https://github.com/knownsec/ksubdomain

Web:

https://github.com/pingc0y/URLFinder
https://github.com/s0md3v/Arjun
https://github.com/OJ/gobuster
https://github.com/jaeles-project/gospider
https://github.com/xmendez/wfuzz

Directory:

https://github.com/maurosoria/dirsearch
https://github.com/H4ckForJob/dirmap
https://github.com/ffuf/ffuf

Password:

https://github.com/vanhauser-thc/thc-hydra
https://github.com/openwall/john
https://github.com/hashcat/hashcat
https://github.com/galkan/crowbar supports sshkey and openvpn
https://github.com/evilsocket/legba/

Json web token (JWT):

https://jwt.io/
https://github.com/ticarpi/jwt_tool
https://github.com/brendan-rius/c-jwt-cracker
https://github.com/wallarm/jwt-secrets/blob/master/jwt.secrets.list

扫描/爆破字典 Brute Force Dictionaries

Wordlists for all:

https://github.com/danielmiessler/SecLists 46.4k star
https://github.com/SexyBeast233/SecDictionary + ffuf
https://github.com/insightglacier/Dictionary-Of-Pentesting
https://github.com/TheKingOfDuck/fuzzDicts
https://github.com/gh0stkey/Web-Fuzzing-Box
https://github.com/a3vilc0de/PentesterSpecialDict
https://github.com/Bo0oM/fuzz.txt
https://github.com/assetnote/wordlists

Web fuzz wordlists:

https://github.com/lutfumertceylan/top25-parameter

Others (not frequently used):

https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext
https://github.com/random-robbie/bruteforce-lists
https://github.com/google/fuzzing/tree/master/dictionaries
https://github.com/six2dez/OneListForAll

字典生成 Generate a Custom Dictionary

Online:

Generate wordlists: https://weakpass.com/generate
Generate subdomains and wordlists: https://weakpass.com/generate/domains
汉字转拼音: https://www.aies.cn/pinyin.htm
密码猜解: https://www.hacked.com.cn/pass.html

Private Deployment:

Generate wordlists(offline): https://github.com/zzzteph/weakpass
Generate subdomains and wordlists(offline): https://github.com/zzzteph/probable_subdomains

Offline:

Kali/Linux: https://sourceforge.net/projects/crunch-wordlist
Windows: https://github.com/shadwork/Windows-Crunch
pydictor: 一个强大实用的黑客暴力破解字典建立工具 https://github.com/LandGrey/pydictor/
crunch:

默认口令查询 Default Credentials

Default Credentials Cheat Sheet: 3468 个默认密码 https://github.com/ihebski/DefaultCreds-cheat-sheet
datarecovery: 在线默认口令查询 https://datarecovery.com/rd/default-passwords/
cirt.net: 在线默认口令查询 https://cirt.net/passwords
在线路由器密码查询:

https://www.routerpasswords.com/
https://portforward.com/router-password/
https://www.cleancss.com/router-default/
https://www.toolmao.com/baiduapp/routerpwd/
https://datarecovery.com/rd/default-passwords/

社会工程学 Social Engineering

凭据泄露 Leaked Credentials

https://have-ibeenpwned.com/
https://breachdirectory.org/

邮箱 Email

Temporary Email:

http://24mail.chacuo.net/
https://www.guerrillamail.com/
https://rootsh.com/

Snov.io: https://app.snov.io
Phonebook: also works on subdomains and urls https://phonebook.cz
Skymem: https://www.skymem.info
Hunter: https://hunter.io
email-format: https://www.email-format.com/i/search/
搜邮箱: https://souyouxiang.com/find-contact/
theHarvester: also works on subdomains https://github.com/laramies/theHarvester
Verify emails: https://tools.emailhippo.com/
Accounts registered by email: https://emailrep.io/

短信 SMS

SMS Online:

https://www.supercloudsms.com/en/
https://getfreesmsnumber.com/
https://www.zusms.com/
https://yunduanxin.net/
https://www.free-sms-receive.com/
https://receive-sms.cc/#google_vignette
https://bestsms.xyz/
https://smscodeonline.com/

钓鱼 Phishing

gophish: 钓鱼邮件 https://github.com/gophish/gophish
SpoofWeb: 一键部署 https 钓鱼网站 https://github.com/5icorgi/SpoofWeb

移动端 Mobile

小蓝本: https://www.xiaolanben.com/
七麦数据: https://www.qimai.cn/

漏洞研究 Vulnerability Research

漏洞环境 Vulnerable Environments

Basic:

Sqli-labs: https://github.com/Audi-1/sqli-labs
Upload-labs: https://github.com/c0ny1/upload-labs
Xss-labs: https://github.com/do0dl3/xss-labs
DVWA: https://github.com/digininja/DVWA
WebGoat: https://github.com/WebGoat/WebGoat

Comprehensive:

Vulhub: https://vulhub.org/
ichunqiu: https://yunjing.ichunqiu.com/
HackTheBox: https://www.hackthebox.com/
OWASP Top10: https://owasp.org/www-project-juice-shop/
Vulstudy: 17 platform based on docker https://github.com/c0ny1/vulstudy
Vulfocus: https://github.com/fofapro/vulfocus

IoT:

IoT-vulhub: https://github.com/firmianay/IoT-vulhub

Others:

FastJsonParty: https://github.com/lemono0/FastJsonParty

PoC Proof of Concept

Be careful Malware，POC 库最新的 CVE 可能存在投毒风险。

PoC 库:

https://github.com/wy876/POC
https://github.com/DawnFlame/POChouse
https://github.com/coffeehb/Some-PoC-oR-ExP
https://github.com/luck-ying/Library-POC
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/helloexp/0day

PoC 编写:

https://poc.xray.cool/ online
https://github.com/zeoxisca/gamma-gui offline

漏洞利用 Exploits

综合工具 Nice Tools

https://github.com/chaitin/xpoc
https://github.com/chaitin/xray
https://github.com/zhzyker/vulmap
https://github.com/zan8in/afrog
https://github.com/ExpLangcn/NucleiTP

反序列化 Deserialization

Java:

https://github.com/frohoff/ysoserial
https://github.com/mbechler/marshalsec
https://github.com/qi4L/JYso
https://github.com/welk1n/JNDI-Injection-Exploit
https://github.com/WhiteHSBG/JNDIExploit
https://github.com/rebeyond/JNDInjector
https://github.com/A-D-Team/attackRmi

php:

https://github.com/ambionics/phpggc

Mysql jdbc:

https://github.com/4ra1n/mysql-fake-server
https://github.com/dushixiang/evil-mysql-server
https://github.com/fnmsd/MySQL_Fake_Server

代码审计 Code Audit

tabby: https://github.com/wh1t3p1g/tabby

数据库 Database

Redis GUI Client:

https://github.com/cinience/RedisStudio
https://github.com/qishibo/AnotherRedisDesktopManager

Redis RCE:

https://github.com/n0b0dyCN/redis-rogue-server
https://github.com/Ridter/redis-rce
https://github.com/yuyan-sec/RedisEXP
https://github.com/r35tart/RedisWriteFile

MDUT: Multiple Database Utilization Tools https://github.com/SafeGroceryStore/MDUT
odat: Oracle RCE https://github.com/quentinhardy/odat

信息泄露 Information Disclosure

GitHack: .git 泄露利用脚本 https://github.com/lijiejie/GitHack python3 有时无法恢复.git 目录，推荐 python2 版本
GitHack: .git 泄露利用脚本 https://github.com/BugScanTeam/GitHack python2
dvcs-ripper: .svn、.hg、.cvs 泄露利用脚本 https://github.com/kost/dvcs-ripper
ds_store_exp: .DS_Store 文件泄漏利用脚本 https://github.com/lijiejie/ds_store_exp
Hawkeye: GitHub 泄露监控系统 https://github.com/0xbug/Hawkeye

CMS/OA

通达 OA: https://github.com/Fu5r0dah/TongdaScan_go
MYExploit: https://github.com/achuna33/MYExploit
Apt_t00ls: https://github.com/White-hua/Apt_t00ls
OA-EXPTOOL: https://github.com/LittleBear4/OA-EXPTOOL
I-Wanna-Get-All: https://github.com/R4gd0ll/I-Wanna-Get-All

中间件/应用层 Middleware/Application

Confluence:

ConfluenceMemshell: https://github.com/Lotus6/ConfluenceMemshell
CVE-2022-26134 Memshell: https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
CVE-2023-22527 Memshell: https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL

Druid:

DruidCrack: Druid 密文解密工具 https://github.com/rabbitmask/DruidCrack
druid_sessions: Druid sessions 利用工具 https://github.com/yuyan-sec/druid_sessions

Fastjson:

fastjson-exp: https://github.com/amaz1ngday/fastjson-exp

GitLab:

CVE-2021-22205: https://github.com/Al1ex/CVE-2021-22205/

Nacos:

NacosRce: Nacos Hessian 反序列化 https://github.com/c0olw/NacosRce/
nacosleak: 获取 nacos 中配置文件信息 https://github.com/a1phaboy/nacosleak
nacosScan: jwt 硬编码、api 未授权添加用户、配置读取 https://github.com/Whoopsunix/nacosScan
NacosExploitGUI: https://github.com/charonlight/NacosExploitGUI

Nps:

nps-auth-bypass: nps 认证绕过利用工具 https://github.com/carr0t2/nps-auth-bypass

Java:

jdwp-shellifier: python2 https://github.com/IOActive/jdwp-shellifier
jdwp-shellifier: https://github.com/Lz1y/jdwp-shellifier

Shiro:

Shiro rememberMe 在线解密: https://vulsee.com/tools/shiroDe/shiroDecrypt.html
shiro_attack: https://github.com/j1anFen/shiro_attack
shiro_rce_tool: https://github.com/wyzxxz/shiro_rce_tool
ShiroExploit: https://github.com/feihong-cs/ShiroExploit-Deprecated
ShiroExp: https://github.com/safe6Sec/ShiroExp
shiro_key: shiro key 收集目前 1k+ https://github.com/yanm1e/shiro_key

Struts:

Struts2VulsTools: https://github.com/shack2/Struts2VulsTools

Spring:

SpringBoot-Scan: https://github.com/AabyssZG/SpringBoot-Scan
Spring_All_Reachable: CVE-2022-22947/CVE-2022-22963 https://github.com/savior-only/Spring_All_Reachable
SpringBootVulExploit: https://github.com/LandGrey/SpringBootVulExploit
Spring-cloud-function-SpEL-RCE: CVE-2022-22963 https://github.com/mamba-2021/EXP-POC/tree/main/Spring-cloud-function-SpEL-RCE
swagger-exp: Swagger REST API 信息泄露利用工具 https://github.com/lijiejie/swagger-exp
jasypt decrypt: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption

Heapdump:

heapdump_tool: heapdump 敏感信息查询工具 https://github.com/wyzxxz/heapdump_tool
Memory Analyzer: HeapDump 分析工具 https://eclipse.dev/mat/previousReleases.php
JDumpSpider: HeapDump 敏感信息提取工具 https://github.com/whwlsfb/JDumpSpider

Tomcat:

CVE-2020-1938: https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi
ClassHound: https://github.com/LandGrey/ClassHound

Thinkphp:

ThinkphpGUI: https://github.com/Lotus6/ThinkphpGUI
thinkphp_gui_tools: https://github.com/bewhale/thinkphp_gui_tools

Weblogic:

WeblogicTool: https://github.com/KimJun1010/WeblogicTool
WeblogicScan: https://github.com/dr0op/WeblogicScan
WeblogicScan: https://github.com/rabbitmask/WeblogicScan
weblogicScanner: https://github.com/0xn0ne/weblogicScanner
weblogic-framework: https://github.com/sv3nbeast/weblogic-framework
CVE-2020-14882: https://github.com/zhzyker/exphub/blob/master/weblogic/cve-2020-14882_rce.py

WebSocket:

wscat: https://github.com/websockets/wscat

vCenter:

VcenterKiller: 针对 Vcenter 的综合利用工具 https://github.com/Schira4396/VcenterKiller
VcenterKit: Vcenter 综合渗透利用工具包 https://github.com/W01fh4cker/VcenterKit

Zookeeper:

ZooInspector: ZooKeeper 客户端监控软件 https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
apache-zookeeper: zkCli.sh 客户端命令连接 https://archive.apache.org/dist/zookeeper/zookeeper-3.5.6/

渗透测试 Penertation Testing

综合工具 Nice Tools

Yakit: https://github.com/yaklang/yakit
Burpsuite: https://portswigger.net/burp
Burpsuite Extensions:

HaE: 高亮标记与信息提取辅助型插件 https://github.com/gh0stkey/HaE
Log4j2Scan: Log4j 主动扫描插件 https://github.com/whwlsfb/Log4j2Scan
RouteVulScan: 检测脆弱路径插件 https://github.com/F6JO/RouteVulScan
BurpCrypto: 硬编码快乐渗透插件 https://github.com/whwlsfb/BurpCrypto

Web

XSS:

XSS Chop: https://xsschop.chaitin.cn/demo/
XSS/CSRF 编码转换: https://evilcos.me/lab/xssor/
HTML5 Security Cheatsheet: XSS 攻击向量学习/参考 https://html5sec.org/

Local File Inclusion:

https://github.com/hansmach1ne/lfimap
https://github.com/mzfr/liffy

DNSLog

Online:

http://ceye.io/
http://dnslog.cn/
https://dig.pm/

Alphalog: dns/http/rmi/ldap https://github.com/AlphabugX/Alphalog
DNS rebinding: https://lock.cmpxchg8b.com/rebinder.html
DNSLog-GO: 自建私有平台 https://github.com/lanyi1998/DNSlog-GO

Payload and Bypass

Bypass HTTP 40X errors:

https://github.com/yunemse48/403bypasser
https://github.com/lobuhi/byp4xx
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/devploit/nomore403

PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
java.lang.Runtime.exec() Payload: https://payloads.net/Runtime.exec/
PHP Generic Gadget Chains: PHP 反序列化 Payload https://github.com/ambionics/phpggc
PHPFuck: https://github.com/splitline/PHPFuck
JSFuck: http://www.jsfuck.com/
JavaScript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/
Gopherus: SSRF 生成 gopher 链接 https://github.com/tarunkant/Gopherus python2
CVE-2021-44228-PoC-log4j-bypass-words: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

内网渗透 Red Teaming

凭证获取 Credential Access

Credential Dumping:

LaZagne: https://github.com/AlessandroZ/LaZagne
WirelessKeyView: https://www.nirsoft.net/utils/wireless_key.html
Windows credential manager: https://www.nirsoft.net/utils/credentials_file_view.html
Pillager: https://github.com/qwqdanchun/Pillager/
searchall: https://github.com/Naturehi666/searchall

Local Enumeration:

https://github.com/HyperSine/how-does-Xmanager-encrypt-password version<7.0
https://github.com/RowTeam/SharpDecryptPwd decrypt locally
https://github.com/JDArmy/SharpXDecrypt
HackBrowserData: https://github.com/moonD4rk/HackBrowserData
BrowserGhost: https://github.com/QAX-A-Team/BrowserGhost
chrome: http://www.nirsoft.net/utils/chromepass.html
firefox: https://github.com/unode/firefox_decrypt
foxmail: https://securityxploded.com/foxmail-password-decryptor.php
mobaxterm: https://github.com/HyperSine/how-does-MobaXterm-encrypt-password
navicat: https://github.com/Zhuoyuan1/navicat_password_decrypt
navicat: https://github.com/HyperSine/how-does-navicat-encrypt-password
sunflower: https://github.com/wafinfo/Sunflower_get_Password
securreCRT: https://github.com/depau/shcrt
xshell:

Cracking:

NetNTLMv1: https://ntlmv1.com/ online

后渗透 Post Exploitation

NICE TOOLS:

https://github.com/rapid7/metasploit-framework
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/fortra/impacket
https://github.com/XiaoliChan/wmiexec-Pro
https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
https://github.com/GhostPack/Rubeus
https://github.com/Kevin-Robertson/Powermad
https://github.com/PowerShellMafia/PowerSploit
https://github.com/k8gege/Ladon

netspy: 快速探测内网可达网段 https://github.com/shmilylty/netspy
LOLBAS: Windows 二进制文件库 https://github.com/LOLBAS-Project/LOLBAS
GTFOBins: Unix 二进制文件库 https://gtfobins.github.io/
Responder:

https://github.com/lgandx/Responder
https://github.com/lgandx/Responder-Windows

权限提升 Privilege Escalation

Linux Local Enumeration:

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
https://github.com/mostaphabahadou/postenum
https://github.com/rebootuser/LinEnum
https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh
https://github.com/DominicBreuker/pspy

Windows Local Enumeration:

https://github.com/S3cur3Th1sSh1t/WinPwn
https://github.com/carlospolop/PEASS-ng/blob/master/winPEAS/winPEASbat/winPEAS.bat
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
https://github.com/Flangvik/SharpCollection
https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
https://github.com/dafthack/DomainPasswordSpray
https://github.com/dafthack/MailSniper

Windows Exploits:

https://github.com/AonCyberLabs/Windows-Exploit-Suggester
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/Al1ex/WindowsElevation
https://i.hacking8.com/tiquan/ online
https://github.com/BeichenDream/BadPotato/
https://github.com/giuliano108/SeBackupPrivilege
https://github.com/gtworek/PSBits/blob/master/Misc/EnableSeBackupPrivilege.ps1

Linux Exploits:

https://github.com/The-Z-Labs/linux-exploit-suggester
https://github.com/InteliSecureLabs/Linux_Exploit_Suggester

Database Exploits:

https://github.com/Hel10-Web/Databasetools

权限维持 Persistence

Webshell Collection:

https://github.com/tennc/webshell
https://github.com/novysodope/RMI_Inj_MemShell
https://github.com/ce-automne/TomcatMemShell
https://github.com/veo/wsMemShell

Webshell Management:

https://github.com/rebeyond/Behinder
https://github.com/BeichenDream/Godzilla
https://github.com/shack2/skyscorpion

Webshell Bypass:

https://github.com/AabyssZG/WebShell-Bypass-Guide
http://bypass.tidesec.com/web/
https://github.com/cseroad/Webshell_Generate

Reverse Shell Management:

https://github.com/WangYihang/Platypus
https://github.com/calebstewart/pwncat python 3.9+

免杀项目 Defense Evasion

bypassAV: 免杀 shellcode 加载器过火绒不过 360 https://github.com/pureqh/bypassAV
GolangBypassAV: https://github.com/safe6Sec/GolangBypassAV
BypassAntiVirus: 远控免杀系列文章及配套工具 https://github.com/TideSec/BypassAntiVirus
AV_Evasion_Tool: 掩日 - 适用于红队的综合免杀工具 https://github.com/1y0n/AV_Evasion_Tool
shellcodeloader: Windows 平台的 shellcode 免杀加载器 https://github.com/knownsec/shellcodeloader
杀软比对 1: tasklist/systeminfo https://www.shentoushi.top/av/av.php
杀软比对 2: tasklist /svc && ps -aux https://tasklist.ffffffff0x.com/

内网穿透 Proxy

frp: https://github.com/fatedier/frp
frpModify: https://github.com/uknowsec/frpModify
Stowaway: https://github.com/ph4ntonn/Stowaway
Neo-reGeorg: https://github.com/L-codes/Neo-reGeorg
nps: https://github.com/ehang-io/nps
reGeorg: https://github.com/sensepost/reGeorg
rakshasa: https://github.com/Mob2003/rakshasa
Viper: platform with webui https://github.com/FunnyWolf/Viper
Proxifier: tools for windows https://www.proxifier.com/
Proxychains: tools for kali https://github.com/haad/proxychains
iodine: dns tunnel https://github.com/yarrick/iodine
dnscat2: dns tunnel https://github.com/iagox86/dnscat2
DNS-Shell: dns tunnel https://github.com/sensepost/DNS-Shell
icmpsh: icmp tunnel https://github.com/bdamele/icmpsh

端口转发 Port Forwarding

tcptunnel: https://github.com/vakuum/tcptunnel intranet → dmz → attacker

辅助工具 Auxiliary Tools

Cobaltstrike Extensions:

Awesome CobaltStrike: CobaltStrike 知识库 https://github.com/zer0yu/Awesome-CobaltStrike
Erebus: 后渗透测试插件 https://github.com/DeEpinGh0st/Erebus
LSTAR: 综合后渗透插件 https://github.com/lintstar/LSTAR
ElevateKit: 提权插件 https://github.com/rsmudge/ElevateKit
C2ReverseProxy: 不出网上线 https://github.com/Daybr4ak/C2ReverseProxy
pystinger: 不出网上线 https://github.com/FunnyWolf/pystinger

OPSEC Tools:

Privacy.sexy: Scripts for Windows/macOS/Linux 痕迹清理 https://privacy.sexy/

域渗透 Active Directory / Kerberos

开源资源 Resources

AD attack&defense mindmaps: https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg
Game of active directory: https://github.com/Orange-Cyberdefense/GOAD
Windows/AD cheatsheet: https://wadcoms.github.io/

域内信息收集 Collection and Discovery

BloodHound:

https://github.com/SpecterOps/BloodHound
https://github.com/dirkjanm/BloodHound.py
https://github.com/BloodHoundAD/SharpHound
https://github.com/CompassSecurity/BloodHoundQueries

https://github.com/lzzbb/Adinfo
https://github.com/wh0amitz/SharpADWS via Active Directory Web Services (ADWS) protocol
https://github.com/FalconForceTeam/SOAPHound via Active Directory Web Services (ADWS) protocol
https://github.com/shmilylty/SharpHostInfo

域内已知漏洞 Known Vulnerabilities

noPac: CVE-2021-42278 / CVE-2021-42287 https://github.com/Ridter/noPac
Zerologon CVE-2020-1472:

https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py
https://github.com/XiaoliChan/zerologon-Shot
https://github.com/dirkjanm/CVE-2020-1472
https://github.com/Potato-py/Potato/tree/03c3551e4770db440b27b0a48fc02b0a38a1cf04/exp/cve/CVE-2020-1472 reset password
https://github.com/risksense/zerologon reset password

Exchange ProxyLogon & ProxyShell:

https://github.com/dirkjanm/privexchange/
https://github.com/Jumbo-WJB/PTH_Exchange
https://github.com/hausec/ProxyLogon

Printnightmare CVE-2021-34527 / CVE-2021-1675:

https://github.com/cube0x0/CVE-2021-1675
https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527
https://github.com/calebstewart/CVE-2021-1675

域内渗透方式 Methodology

kerbrute: https://github.com/ropnop/kerbrute
DCSync: https://github.com/n00py/DCSync
Coerce & NTLM relay:

PetitPotam: https://github.com/topotam/PetitPotam
PrinterBug: https://github.com/leechristensen/SpoolSample
DFSCoerce: https://github.com/Wh04m1001/DFSCoerce
ShadowCoerce: https://github.com/ShutdownRepo/ShadowCoerce
PrivExchange: https://github.com/dirkjanm/privexchange/
Coercer: https://github.com/p0dalirius/Coercer

ADCS Active Directory Certificate Services

Active Directory Certificate Services(AD CS) enumeration and abuse:

Certify: https://github.com/GhostPack/Certify
Certipy: https://github.com/ly4k/Certipy
certi: https://github.com/zer1t0/certi
PKINITtools: https://github.com/dirkjanm/PKINITtools
ADCSPwn: https://github.com/bats3c/ADCSPwn

PassTheCert: https://github.com/AlmondOffSec/PassTheCert

安全防护 Defensive Security

内存马查杀 Memshell Dectect

Java 内存马查杀:

https://github.com/LandGrey/copagent
https://github.com/c0ny1/java-memshell-scanner

Aspx 内存马查杀: https://github.com/yzddmr6/ASP.NET-Memshell-Scanner

Webshell 查杀 Webshell Dectect

Webshell Chop: https://webshellchop.chaitin.cn/demo/
WebShell 查杀:

https://n.shellpub.com/
http://www.shellpub.com

攻击研判 Blue Teaming

CobaltStrike 流量解密脚本: https://github.com/5ime/CS_Decrypt
BlueTeamTools: 综合工具 https://github.com/abc123info/BlueTeamTools
IP Logger: 使用生成的短网址获取访问者 IP 地址 https://iplogger.org/

基线加固 Enforcement

https://github.com/AV1080p/Benchmarks
https://github.com/xiaoyunjie/Shell_Script
https://github.com/grayddq/GScan
https://github.com/ppabc/security_check
https://github.com/T0xst/linux

勒索病毒 Ransomware

搜索引擎:

360: http://lesuobingdu.360.cn
腾讯: https://guanjia.qq.com/pr/ls
启明星辰: https://lesuo.venuseye.com.cn
奇安信: https://lesuobingdu.qianxin.com
深信服: https://edr.sangfor.com.cn/#/information/ransom_search

解密工具:

腾讯: https://habo.qq.com/tool
金山毒霸: http://www.duba.net/dbt/wannacry.html
瑞星: http://it.rising.com.cn/fanglesuo/index.html
卡巴斯基: https://noransom.kaspersky.com/
https://www.nomoreransom.org/zh/index.html
https://id-ransomware.malwarehunterteam.com
https://www.avast.com/ransomware-decryption-tools
https://www.emsisoft.com/en/ransomware-decryption/
Decryption-Tools: 勒索病毒解密工具收集项目 https://github.com/jiansiting/Decryption-Tools

开源蜜罐 Open-Source Honeypot

awesome-honeypots: 开源蜜罐列表 https://github.com/paralax/awesome-honeypots
HFish: 一款安全、简单可信赖的跨平台蜜罐软件，允许商业和个人用户免费使用 https://github.com/hacklcx/HFish
conpot: ICS（工业控制系统）蜜罐 https://github.com/mushorg/conpot
MysqlHoneypot: MySQL 蜜罐获取 wechat ID https://github.com/qigpig/MysqlHoneypot
Ehoney: https://github.com/seccome/Ehoney

云安全 Cloud Security

开源资源 Resources

TeamsSix 云安全资源: https://github.com/teamssix/awesome-cloud-security
云安全知识文库: https://wiki.teamssix.com/
HackTricks Cloud: https://cloud.hacktricks.xyz/
lzCloudSecurity: 云安全攻防入门

Github: https://github.com/EvilAnne/lzCloudSecurity
Gitbook: https://lzcloudsecurity.gitbook.io/yun-an-quan-gong-fang-ru-men/

Awesome-CloudSec-Labs: 云原生安全 https://github.com/iknowjason/Awesome-CloudSec-Labs
阿里云 OpenAPI: https://next.api.aliyun.com/api/
云原生全景图: https://landscape.cncf.io/
云服务漏洞库: https://www.cloudvulndb.org/

云安全矩阵 Cloud Matrices

ATT&CK Cloud Matrix: https://attack.mitre.org/matrices/enterprise/cloud/
火线安全 - 云服务攻防矩阵: https://cloudsec.huoxian.cn/
腾讯云鼎实验室 - 云安全攻防矩阵: https://cloudsec.tencent.com/home/

云漏洞环境 Vulnerable Cloud Environments

Metarget: https://github.com/Metarget/metarget
TerraformGoat: https://github.com/HXSecurity/TerraformGoat
Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat
Attack Defense: https://attackdefense.pentesteracademy.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-s3
AWSGoat: https://github.com/ine-labs/AWSGoat
CloudGoat: https://github.com/RhinoSecurityLabs/cloudgoat

云服务 Cloud Services

辅助工具 :

行云管家: 云存储图形化管理平台 https://yun.cloudbility.com/
阿里云官方 OSS 管理工具: https://github.com/aliyun/aliyun-cli
阿里云官方 CLI 工具: https://github.com/aliyun/oss-browser
腾讯云官方 COS 管理工具: https://github.com/TencentCloud/cosbrowser
腾讯云官方 CLI 工具: https://github.com/TencentCloud/tencentcloud-cli
华为云 OBS 官方管理工具: https://support.huaweicloud.com/browsertg-obs/obs_03_1003.html
天翼云对象存储 OBS 管理工具: https://www.ctyun.cn/document/10000101/10006768
天翼云媒体存储 XstorBrowser 管理工具: https://www.ctyun.cn/document/10306929/10132519
青云官方 CLI 工具: https://docsv4.qingcloud.com/user_guide/development_docs/cli/install/install/
七牛云对象存储 Kodo 管理工具: https://github.com/qiniu/kodo-browser

AK/SK 利用:

trufflehog: AK/SK 敏感信息收集 https://github.com/trufflesecurity/trufflehog
CF: 云环境利用框架 https://wiki.teamssix.com/cf/
CloudExplorer-Lite: 轻量级云管平台 https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
aliyun-accesskey-Tools: 阿里云 accesskey 利用工具 https://github.com/mrknow001/aliyun-accesskey-Tools
alicloud-tools: 阿里云 ECS、策略组辅助小工具 https://github.com/iiiusky/alicloud-tools
AliyunAccessKeyTools: 阿里云 AccessKey 泄漏利用工具 https://github.com/NS-Sp4ce/AliyunAccessKeyTools
Tencent_Yun_tools: 腾讯云 AccessKey 利用工具 https://github.com/freeFV/Tencent_Yun_tools
cloudSec: 云平台 AK/SK-WEB 利用工具，三大云厂商（阿里云接管 k8s）、AWS、七牛云 https://github.com/libaibaia/cloudSec
aksk_tool: 阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/百度云/七牛云 https://github.com/wyzxxz/aksk_tool
Cloud-Bucket-Leak-Detection-Tools: 六大云存储泄露利用检测工具 https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools
cloudTools: 云资产管理工具，三大云厂商 +ucloud https://github.com/dark-kingA/cloudTools

云原生 Cloud Native

综合工具:

HummerRisk: 云原生安全平台 https://github.com/HummerRisk/HummerRisk

Docker:

dive: Exploring each layer in a docker image https://github.com/wagoodman/dive
Docker Bench for Security: Docker 容器安全检查 https://github.com/docker/docker-bench-security
dagda: Docker 静态分析 https://github.com/eliasgranderubio/dagda/
Container Escape Check: 容器逃逸检测 https://github.com/teamssix/container-escape-check
Awesome Container Escape: 容器逃逸 https://github.com/brant-ruan/awesome-container-escape
CDK: 容器渗透工具集 https://github.com/cdk-team/CDK
veinmind-tools: 容器安全工具集 https://github.com/chaitin/veinmind-tools

Kubernetes:

kubectl: https://kubernetes.io/docs/tasks/tools/
etcdctl: https://github.com/etcd-io/etcd
k9s: Kubernetes CLI https://github.com/derailed/k9s
Red Team K8S Adversary Emulation Based on kubectl: https://github.com/lightspin-tech/red-kube
KubeHound: 识别 Kubernetes 集群攻击路径 https://github.com/DataDog/KubeHound
peirates: Kubernetes 渗透工具集 https://github.com/inguardians/peirates

移动端安全 Mobile Security

小程序 Mini Program

[wxappUnpacker: 小程序解包 https://github.com/xuedingmiaojun/wxappUnpacker]
CrackMinApp: 反编译微信小程序 https://github.com/Cherrison/CrackMinApp
API-Explorer: 公众号/小程序/企业微信 ak/sk https://github.com/mrknow001/API-Explorer

APK

AppInfoScanner: 移动端信息收集 https://github.com/kelvinBen/AppInfoScanner
Apktool: Android apk 逆向 https://github.com/iBotPeaches/Apktool

SessionKey

wx_sessionkey_decrypt: wechat SessionKey 加解密 https://github.com/mrknow001/wx_sessionkey_decrypt
BurpAppletPentester: SessionKey 解密插件 https://github.com/mrknow001/BurpAppletPentester

逆向工程 Reverse engineering

NICE TOOLS:

OpenArk: Anti-Rootkit 工具集 https://github.com/BlackINT3/OpenArk
逆向分析工具集: https://pythonarsenal.com/

ELF/EXE:

IDA: https://hex-rays.com/ida-pro/
x64DBG: https://x64dbg.com/
Ollydbg: https://www.ollydbg.de/
ExeinfoPE: https://github.com/ExeinfoASL/ASL
PEiD: https://www.aldeid.com/wiki/PEiD
UPX: https://github.com/upx/upx

Java:

jadx: https://github.com/skylot/jadx
JEB: https://www.pnfsoftware.com/
GDA: https://github.com/charles2gan/GDA-android-reversing-Tool

Python:

Py2exe: Python 打包工具 https://www.py2exe.org/
PyInstaller: Python 打包工具 https://github.com/pyinstaller/pyinstaller
unpy2exe: py2exe 打包程序中提取 .pyc https://github.com/matiasb/unpy2exe
pyinstxtractor: pyInstaller 打包程序中提取 .pyc https://github.com/extremecoders-re/pyinstxtractor
uncompyle6: 字节码文件（.pyc）反编译为源代码（.py） https://github.com/rocky/python-uncompyle6/

Rust:

https://github.com/cha5126568/rust-reversing-helper

golang_loader_assist: https://github.com/strazzere/golang_loader_assist
IDAGolangHelper: https://github.com/sibears/IDAGolangHelper

.NET:

dotPeek: https://www.jetbrains.com/zh-cn/decompiler/
dnSpy: https://github.com/dnSpy/dnSpy

提高生产力的辅助工具

Shell

oh my zsh: 命令行工具集 https://github.com/ohmyzsh/ohmyzsh
clink: cmd.exe 加强版补全、历史记录和行编辑 https://github.com/chrisant996/clink
tabby: 高度可配置终端 https://github.com/Eugeny/tabby
anew: 命令行工具文件合并去重 https://github.com/tomnomnom/anew
The art of command line: 快速掌握命令行 https://github.com/jlevy/the-art-of-command-line
Linux 命令行提示工具:

https://github.com/jaywcjlove/linux-command online 版
https://github.com/chenjiandongx/pls golang 版
https://github.com/chenjiandongx/how python 版

Explain Shell: Shell 命令解析 https://explainshell.com/
ripgrep: 大文本快速检索 https://github.com/BurntSushi/ripgrep

Chrome Extensions

Proxy SwitchyOmega: 快速切换代理 https://github.com/FelisCatus/SwitchyOmega
serp-analyzer: 识别域名/IP 信息 https://leadscloud.github.io/serp-analyzer/
FindSomething: 在网页的源代码或 js 中寻找有用信息 https://github.com/ResidualLaugh/FindSomething
Hack Bar: 渗透神器 No.1 https://github.com/0140454/hackbar
Wappalyzer: 识别网站技术/框架/语言 https://www.wappalyzer.com/
EditThisCookie: 修改 Cookie https://www.editthiscookie.com/
Disable JavaScript: 禁用 JavaScript 绕过弹窗 https://github.com/dpacassi/disable-javascript
Heimdallr: 被动监听的谷歌插件，用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗 https://github.com/Ghr07h/Heimdallr
anti-honeypot: 蜜罐识别 https://github.com/cnrstar/anti-honeypot
immersive-translate: 翻译插件 https://github.com/immersive-translate/immersive-translate/
relingo: 翻译插件 https://cn.relingo.net/en/
json-formatter: Json 格式化插件 https://github.com/callumlocke/json-formatter
markdown-viewer: 在浏览器查看 markdown 文档 https://github.com/simov/markdown-viewer

Infrastructure

f8x: 红/蓝队环境自动化部署工具 https://github.com/ffffffff0x/f8x
cloudreve: 私有云盘部署 https://github.com/cloudreve/Cloudreve
updog: uploading and downloading via HTTP/S 文件传输 https://github.com/sc0tfree/updog

提高生产力的使用姿势

如何通过.bat 使用 alias

创建 alias.bat，实现查看 md 文档、运行 exe 程序、激活 conda 环境等功能。文件内容示例:

@echo off
: : Tips
@DOSKEY httpcode=type "D: HackToolsTipshttp_status_code.md"

: : Software
@DOSKEY ida64=activate base$t"D: SoftwareCTFToolsCrackingIDA_7.7ida64.exe"

: : Tools
@DOSKEY fscan=cd /d D: SoftwareHackToolsfscan$tactivate security$tdir

注册表打开 计算机HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor。
创建字符串值 autorun，赋值为 alias.bat 所在位置，例如 D: Softwarealias.bat。
双击 alias.bat 运行，重启 cmd。

如何通过.bat 激活 conda 并运行 py

run.bat

call D: YOUR_PATHAnacondaScriptsactivate.bat D: YOUR_PATHAnaconda
call conda activate YOUR_ENV
cd D: YOUR_WORKDIR
python YOUR_PYTHON_FILE.py
pause

如何配合 tabby 实现高效操作

安装 tabby: https://github.com/Eugeny/tabby
可以通过 tabby 实现自定义 shell 配置，包括但不限于:

vps ssh/ftp/sftp
自动补全命令（clink）
快速打开工作区
存储输出日志
...

如何解决 cmd 中文乱码

注册表打开 计算机HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor。
创建字符串值 autorun，赋值为 chcp 65001。

github链接：https://github.com/Threekiii/Awesome-Redteam

原文始发于微信公众号（云梦安全）：红队知识仓库|Awesome-Redteam

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫