本文整理了渗透测试中常用的在线工具,可以说非常全了,建议大家收藏,以后随时拿出来使用。
编码/加密
CyberChef:(编解码及加密,可本地部署)
https://github.com/gchq/CyberChef
OK Tools在线工具:
https://github.com/wangyiwy/oktools
CTF在线工具:
http://www.hiencode.com/
Unicode字符表:
https://www.52unicode.com/enclosed-alphanumerics-zifu
在线MD5 Hash破解:
https://www.somd5.com/
https://www.sojson.com/encrypt_md5.html
实用工具:
Explain Shell:Shell命令解析:
https://explainshell.com/
在线正则表达式:
https://c.runoob.com/front-end/854/Ceye
DNS:DNS 平台:
http://ceye.io/
http://dnslog.cn/
Webshell Chop:
https://webshellchop.chaitin.cn/demo/
XSS Chop:
https://xsschop.chaitin.cn/demo/
WebShell查杀:
https://n.shellpub.com/
Google Hacking Database:
https://www.exploit-db.com/google-hacking-database
Wayback Machine:网页缓存查询:
https://archive.org/web
在线代码格式标准化:
http://web.chacuo.net/formatsh
Windows 提权辅助工具:
https://i.hacking8.com/tiquan
CMD5 在线解密:
https://www.cmd5.com
CTF在线工具:
http://ctf.ssleye.com
天眼查:
https://tianyancha.com
IP/域名收集
确认真实IP地址
IP精准定位:
https://www.ipuu.net/#/home
IP 138:
https://site.ip138.com/
Security Trails:
https://securitytrails.com/
多个地点Ping服务器
Chinaz:
https://ping.chinaz.com/
Host Tracker:
https://www.host-tracker.com/
Webpage Test:
https://www.webpagetest.org/
DNS Check:
https://dnscheck.pingdom.com/
Whois注册信息反查:
站长之家 Whois:
https://whois.chinaz.com/
中国万网 Whois:
https://whois.aliyun.com/
国际 Whois:
https://who.is/
https://www.whois365.com/cn/
https://www.robtex.com/
https://whois.aizhan.com/
查询网:
https://site.ip138.com/
IPIP.NET:
https://tools.ipip.net/cdn.php
http://whois.bugscaner.com/
http://whois.xinnet.com/
http://toolbar.netcraft.com/site_report?url=
https://whois.cloud.tencent.com/domain?domain=
https://www.benmi.com/whois/
https://www.whois.com/whois
https://whois.domain.cn/
https://whois.west.cn/
https://www.cndns.com/whois/index.aspx
http://whois.xz.com/
https://tools.ijkxs.com/tools/whois
http://www.wetools.com/whois
https://www.cha127.com/whois/
https://www.zzy.cn/domain/whois.html
网站备案查询
http://beian.miit.gov.cn/publish/query/indexFirst.action
https://www.tianyancha.com
https://icp.chinaz.com
https://m.aichaicp.com
https://icplishi.com
http://www.gsxt.gov.cn/index.html
DNS数据聚合查询
Hacker Target:
https://hackertarget.com/find-dns-host-records
DNS Dumpster:
https://dnsdumpster.comDNS DB
https://dnsdb.io/zh-cn/Netcraft
https://sitereport.netcraft.com
https://www.cdnplanet.com/tools/cdnfinder/
查询网:
https://site.ip138.com/
17CE:
https://www.17ce.com/
http://ping.chinaz.com/
http://ping.aizhan.com/
https://www.webscan.cc/
https://viewdns.info/
https://sitereport.netcraft.com/
https://tools.ipip.net/cdn.php
网站旁站查询:
https://www.webscan.cc
http://stool.chinaz.com/same
https://tools.ipip.net/ipdomain.php
https://chapangzhan.com
https://phpinfo.me/domain?
http://www.ab173.com/gongju/ip/ip_pangzhan.php
TLS证书信息查询
Censys:
https://censys.ioCertificate Search
https://crt.sh
证书透明度监控:
https://developers.facebook.com/tools/ct
IP地址段收集
CNNIC中国互联网信息中心:
http://ipwhois.cnnic.net.cn
网络空间搜索
Fofa:
https://fofa.info/
Shodan:
https://www.shodan.io/
ZoomEye:
https://www.zoomeye.org/
谛听:
https://www.ditecting.com/
360网络空间测绘:
https://quake.360.cn/quake/#/index
威胁情报平台
Virustotal:
https://www.virustotal.com/gui/home/upload
腾讯哈勃分析系统:
https://habo.qq.com/tool/index
微步在线威胁情报:
https://x.threatbook.cn/
https://s.threatbook.com/
Virscan在线威胁情报:
https://www.virscan.org/
奇安信威胁情报:
https://ti.qianxin.com/
360威胁情报:
https://ti.360.net/#/homepage
安恒威胁情报:
https://ti.dbappsecurity.com.cn/
火线安全平台:
https://www.huoxian.cn
Hacking8安全信息流:
https://i.hacking8.com/
CTF平台
CTF Wiki:
https://ctf-wiki.org/
CTF Time:
https://ctftime.org/
CTF Tools:
https://github.com/zardus/ctf-tools
攻防世界:
https://adworld.xctf.org.cn/
Hacker 101:
https://www.hacker101.com/
漏洞平台
Exploit Database:
https://www.exploit-db.com/
HackerOne:
https://www.hackerone.com/
Vulhub:
https://vulhub.org/
乌云镜像:
http://wooyun.2xss.cc/
知道创宇漏洞平台:
https://www.seebug.org/
靶机平台
封神台:
https://hack.zkaq.cn/index
HackTheBox:
https://www.hackthebox.com/
OWASP Top10:
https://owasp.org/www-project-juice-shop/
WebGoat:
https://github.com/WebGoat/WebGoat
公开知识库
狼组公开知识库:
https://wiki.wgpsec.org/
404星链计划:知道创宇 404 实验室:
https://github.com/knownsec/404StarLink
信息收集
指纹识别:
Wapplyzer:Chrome插件 跨平台网站分析工具
https://github.com/AliasIO/Wappalyzer
TideFinger:提取了多个开源指纹识别工具的规则库并进行了规则重组
https://github.com/TideSec/TideFinger
御剑web指纹识别程序
https://www.webshell.cc/4697.html
云悉指纹识别
http://www.yunsee.cn/
https://www.exploit-db.com/
http://finger.tidesec.net/
http://whatweb.bugscaner.com/look/
扫描/爆破
dirsearch:目录扫描/爆破
https://github.com/maurosoria/dirsearch
dirmap:目录扫描/爆破
https://github.com/H4ckForJob/dirmap
Arjun:HTTP参数扫描器
https://github.com/s0md3v/Arjun
ksubdomain:子域名爆破
https://github.com/knownsec/ksubdomain
Gobuster:URI/DNS/WEB爆破
https://github.com/OJ/gobuster
ServerScan攻防探测工具
https://github.com/Adminisme/ServerScan
在线端口扫描
http://coolaf.com/tool/port
http://tool.chinaz.com/port/
https://port.hwcha.com/
http://tool.pfan.cn/scanport
爆破字典
Dictionary-Of-Pentesting:渗透测试、SRC漏洞挖掘、爆破、Fuzzing等常用字典
https://github.com/insightglacier/Dictionary-Of-Pentesting
fuzzDicts:Web渗透Fuzz字典
https://github.com/TheKingOfDuck/fuzzDicts
PentesterSpecialDict:渗透测试工程师精简化字典
https://github.com/ppbibo/PentesterSpecialDict
Weakpass:
https://weakpass.com/download
综合信息收集
AlliN:
https://github.com/P1-Team/AlliN
Kunyu:
https://github.com/knownsec/Kunyu
OneForAll:
https://github.com/shmilylty/OneForAll
ShuiZe:
https://github.com/0x727/ShuiZe_0x727
Fofa Viewer:
https://github.com/wgpsec/fofa_viewer
内网信息收集
fscan:内网综合扫描工具
https://github.com/shadow1ng/fscan
EHole:红队重点攻击系统指纹探测工具
https://github.com/EdgeSecurityTeam/EHole
Ladon:用于大型网络渗透的多线程插件化综合扫描工具
https://github.com/k8gege/Ladon
漏洞研究
漏洞综述
未授权访问漏洞总结
http://luckyzmj.cn/posts/15dff4d3.html#toc-heading-3
漏洞挖掘
Windows-Exploit-Suggester:
https://github.com/AonCyberLabs/Windows-Exploit-Suggester
Linux_Exploit_Suggester:
https://github.com/InteliSecureLabs/Linux_Exploit_Suggester
开源漏洞库
Vulhub:
https://vulhub.org/
PeiQi文库:
http://wiki.peiqi.tech/
PoCBox:
https://github.com/0verSp4ce/PoCBox
Vulnerability:
https://github.com/EdgeSecurityTeam/Vulnerability
POChouse:
https://github.com/DawnFlame/POChouse
POC/EXP:
ysoserial:Java反序列化
https://github.com/frohoff/ysoserial
Vulmap:漏洞扫描和验证工具
https://github.com/zhzyker/vulmap
Some-PoC-oR-ExP:各种漏洞PoC、ExP的收集或编写
https://github.com/coffeehb/Some-PoC-oR-ExP
CMS-Hunter:CMS漏洞测试用例集合
https://github.com/SecWiki/CMS-Hunter
Penetration_Testing_POC
https://github.com/Mr-xn/Penetration_Testing_POC
Goby漏洞扫描工具
https://github.com/gobysec/Goby
Xray漏洞扫描工具
https://github.com/chaitin/xray
Pocscan漏洞扫描工具
https://github.com/DSO-Lab/pocscan
Myscan被动扫描工具:
https://github.com/amcai/myscan
W9scan网站漏洞扫描工具:
https://github.com/w-digital-scanner/w9scan
Fscan内网扫描工具:
https://github.com/shadow1ng/fscan
Pocsuite3开源的远程漏洞测试框架:
https://github.com/knownsec/pocsuite3
Vulmap网站漏洞扫描和验证工具:
https://github.com/zhzyker/vulmap
内网渗透
Bypass
PHPFuck:
https://github.com/splitline/PHPFuck
JSFuck:
http://www.jsfuck.com/Payloads
Payloads
AllTheThings:渗透测试、SRC漏洞挖掘、爆破、Fuzzing等常用字典
https://github.com/swisskyrepo/PayloadsAllTheThings
java.lang.Runtime.exec() Payload:java Payload在线生成
https://www.bugku.net/runtime-exec-payloads/
PHP Generic Gadget Chains:PHP反序列化Payload
https://github.com/ambionics/phpgg
Web-Fuzzing-Box字典与Payloads
https://github.com/gh0stkey/Web-Fuzzing-BoxWebShell
Webshell收集项目
https://github.com/tennc/webshell
反弹shell命令速查
https://github.com/Threekiii/Awesome-Redteam
Behinder 冰蝎:
https://github.com/rebeyond/Behinder
Godzilla 哥斯拉:
https://github.com/BeichenDream/Godzilla
Webshell Chop下载:
https://webshellchop.chaitin.cn/demo/
XSS Chop下载:
https://xsschop.chaitin.cn/demo/
WebShell查杀下载:
https://n.shellpub.com/
内网穿透
NPS:通过web端管理,无需配置文件
https://github.com/ehang-io/nps
FRP:55k star项目
https://github.com/fatedier/frp
Neo-reGeorg:tunnel快速部署
https://github.com/L-codes/Neo-reGeorg
Proxifier:windows代理工具
https://www.proxifier.com/
Proxychains:kali代理工具
https://github.com/haad/proxychains
移动端安全
CrackMinApp:反编译微信小程序
https://github.com/Cherrison/CrackMinApp
AppInfoScanner:移动端信息收集
https://github.com/kelvinBen/AppInfoScanner
整理不易,点个关注~~
原文始发于微信公众号(Z0安全):渗透测试中常用的在线工具和网站(强烈建议收藏)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论