漏洞及渗透练习平台
WebGoat漏洞练习平台:https://github.com/WebGoat/WebGoatwebgoat-legacy漏洞练习平台:https://github.com/WebGoat/WebGoat-Legacyzvuldirll漏洞练习平台:https://github.com/710leo/ZVulDrillvulapps漏洞练习平台:https://github.com/Medicean/VulAppsdvwa漏洞练习平台:https://github.com/RandomStorm/DVWA数据库注入练习平台 :https://github.com/Audi-1/sqli-labs用node编写的漏洞练习平台,like OWASP Node Goat: https://github.com/cr0hn/vulnerable-nodeRuby编写的一款工具,生成含漏洞的虚拟机:https://github.com/cliffe/secgen
花式扫描器
Nmap端口扫描器:https://github.com/nmap/nmap本地网络扫描器:https://github.com/SkyLined/LocalNetworkScanner子域名扫描器:https://github.com/lijiejie/subDomainsBrutehttps://github.com/aboul3la/Sublist3rhttps://github.com/TheRook/subbrutehttps://github.com/infosec-au/altdnslinux漏洞扫描:https://github.com/future-architect/vuls基于端口扫描以及关联CVE:https://github.com/m0nad/HellRaiser漏洞路由扫描器:https://github.com/jh00nbr/Routerhunter-2.0迷你批量信息泄漏扫描脚本:https://github.com/lijiejie/BBScanWaf类型检测工具:https://github.com/EnableSecurity/wafw00f服务器端口弱口令扫描器:
https://github.com/wilson9x1/fenghuangscanner_v3Fox-scan扫描器:https://github.com/fengxuangit/Fox-scan/
信息搜集工具
社工收集器:https://github.com/n0tr00t/SregGithub信息搜集:https://github.com/sea-god/gitscangithub Repo信息搜集工具:https://github.com/metac0rtex/GitHarvester信息探测及扫描工具:https://github.com/darryllane/Bluto内部网络信息扫描器:https://github.com/sowish/LNScan远程桌面登录扫描器:https://github.com/linuz/Sticky-Keys-Slayer网络基础设施渗透工具https://github.com/SECFORCE/spartaSNMAP密码破解:https://github.com/SECFORCE/SNMP-Brute
WEB
webshell大合集:https://github.com/tennc/webshell渗透以及web攻击脚本:https://github.com/brianwrf/hackUtilsweb渗透小工具大合集:https://github.com/rootphantomer/hacktoolsfor_meXSS数据接收平台:https://github.com/firesunCN/BlueLotus_XSSReceiverXSS与CSRF工具:https://github.com/evilcos/xssorxss多功能扫描器:https://github.com/shawarkhanethicalhacker/BruteXSSweb漏洞扫描器:https://github.com/andresriancho/w3afWEB漏洞扫描器:https://github.com/sullo/nikto渗透常用小工具包:
https://github.com/leonteale/pentestpackageweb目录扫描器:https://github.com/maurosoria/dirsearchweb向命令注入检测工具:https://github.com/stasinopoulos/commix自动化SQL注入检查工具:https://github.com/epinna/tplmapSSL扫描器:https://github.com/rbsec/sslscan安全工具集合:https://github.com/codejanus/ToolSuiteapache日志分析器:https://github.com/mthbernardes/ARTLASphp代码审计工具:https://github.com/pwnsdx/BadCodeweb指纹识别扫描:https://github.com/urbanadventurer/whatweb检查网站恶意攻击:https://github.com/ciscocsirt/malspiderwordprees漏洞扫描器:https://github.com/wpscanteam/wpscan固件漏洞扫描器:https://github.com/misterch0c/firminator_backend数据库注入工具https://github.com/sqlmapproject/sqlmapWeb代理:https://github.com/zt2/sqli-hunter新版中国菜刀:https://github.com/Chora10/Cknifegit泄露利用EXP:https://github.com/lijiejie/GitHack浏览器攻击框架:https://github.com/beefproject/beef自动化绕过WAF脚本:https://github.com/khalilbijjou/WAFNinjahttps://github.com/owtf/wafbypasser一款开源WAF:https://github.com/SpiderLabs/ModSecurityhttp命令行客户端:https://github.com/jkbrzt/httpie浏览器调试利器:https://github.com/firebug/firebugDISCUZ漏洞扫描器:
https://github.com/code-scan/dzscan自动化代码审计工具https://github.com/wufeifei/cobra浏览器攻击框架:https://github.com/julienbedard/browsersploittomcat自动后门部署:https://github.com/mgeeky/tomcatWarDeployer网络空间指纹扫描器:https://github.com/nanshihui/Scan-Tburpsuit之J2EE扫描插件:https://github.com/ilmila/J2EEScan
windows域渗透工具
mimikatz明文注入:https://github.com/gentilkiwi/mimikatzPowershell渗透库合集:https://github.com/PowerShellMafia/PowerSploitPowershell tools合集:https://github.com/clymb3r/PowerShellpowershell的mimikittenz:https://github.com/putterpanda/mimikittenz域渗透教程:https://github.com/l3m0n/pentest_studyFuzz:Web向Fuzz工具https://github.com/xmendez/wfuzzHTTP暴力破解,撞库攻击脚本https://github.com/lijiejie/htpwdScan
漏洞利用及攻击框架
msf框架:https://github.com/rapid7/metasploit-frameworkpocsscan攻击框架:https://github.com/erevus-cn/pocscanPocsuite攻击框架:https://github.com/knownsec/PocsuiteBeebeeto攻击框架:https://github.com/n0tr00t/Beebeeto-framework漏洞POC&EXP:ExploitDB官方git版本:
https://github.com/offensive-security/exploit-databasephp漏洞代码分析:https://github.com/80vul/phpcodzCVE-2016-2107:https://github.com/FiloSottile/CVE-2016-2107CVE-2015-7547 POC:https://github.com/fjserna/CVE-2015-7547JAVA反序列化POC生成工具:https://github.com/frohoff/ysoserialJAVA反序列化EXP:https://github.com/foxglovesec/JavaUnserializeExploitsJenkins CommonCollections EXP:https://github.com/CaledoniaProject/jenkins-cli-exploitCVE-2015-2426 EXP (windows内核提权):https://github.com/vlad902/hacking-team-windows-kernel-lpeuse docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示):https://github.com/hxer/vulnappphp7缓存覆写漏洞Demo及相关工具:https://github.com/GoSecure/php7-opcache-overrideXcodeGhost木马样本:https://github.com/XcodeGhostSource/XcodeGhost
中间人攻击及钓鱼
中间人攻击框架:https://github.com/secretsquirrel/the-backdoor-factoryhttps://github.com/secretsquirrel/BDFProxyhttps://github.com/byt3bl33d3r/MITMfInject code, jam wifi, and spy on wifi users:https://github.com/DanMcInerney/LANs.py中间人代理工具:https://github.com/intrepidusgroup/mallorywifi钓鱼:https://github.com/sophron/wifiphisher
密码破解
密码破解工具:https://github.com/shinnok/johnny本地存储的各类密码提取利器:https://github.com/AlessandroZ/LaZagne
二进制及代码分析工具:二进制分析工具https://github.com/devttys0/binwalk系统扫描器https://github.com/quarkslab/binmaprp:https://github.com/0vercl0k/rpWindows Exploit Development工具https://github.com/lillypad/badger二进制静态分析工具(python):https://github.com/bdcht/amocoPython Exploit Development Assistance for GDB:https://github.com/longld/peda对BillGates Linux Botnet系木马活动的监控工具https://github.com/ValdikSS/billgates-botnet-tracker木马配置参数提取工具:https://github.com/kevthehermit/RATDecodersShellphish编写的二进制分析工具(CTF向):https://github.com/angr/angr针对python的静态代码分析工具:https://github.com/yinwang0/pysonar2一个自动化的脚本(shell)分析工具,用来给出警告和建议:https://github.com/koalaman/shellcheck基于AST变换的简易Javascript反混淆辅助工具:https://github.com/ChiChou/etacsufbo
EXP编写框架及工具
二进制EXP编写工具:https://github.com/t00sh/rop-toolCTF Pwn 类题目脚本编写框架:https://github.com/Gallopsled/pwntoolsan easy-to-use io library for pwning development:https://github.com/zTrix/zio跨平台注入工具:https://github.com/frida/frida哈希长度扩展攻击EXP:https://github.com/citronneur/rdpy
隐写
隐写检测工具https://github.com/abeluck/stegdetect各类安全资料:data_hacking合集:https://github.com/ClickSecurity/data_hackingmobile-security-wiki:https://github.com/exploitprotocol/mobile-security-wiki书籍《reverse-engineering-for-beginners》:https://github.com/veficos/reverse-engineering-for-beginners一些信息安全标准及设备配置:https://github.com/luyg24/IT_securityAPT相关笔记:https://github.com/kbandla/APTnotesKcon资料:https://github.com/knownsec/KCon《DO NOT FUCK WITH A HACKER》:https://github.com/citypw/DNFWAH各类安全脑洞图:https://github.com/phith0n/Mind-Map信息安全流程图:https://github.com/SecWiki/sec-chart/ tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428
各类CTF资源
近年ctf writeup大全:https://github.com/ctfs/write-ups-2016https://github.com/ctfs/write-ups-2015https://github.com/ctfs/write-ups-2014fbctf竞赛平台Demo:https://github.com/facebook/fbctfctf Resources:https://github.com/ctfs/resourcesctf及黑客资源合集:https://github.com/bt3gl/My-Gray-Hacker-Resourcesctf和安全工具大合集:https://github.com/zardus/ctf-toolsctf向 python工具包https://github.com/P1kachu/v0lt
各类编程资源
大礼包(什么都有):https://github.com/bayandin/awesome-awesomenessbash-handbook:https://github.com/denysdovhan/bash-handbookpython资源大全:https://github.com/jobbole/awesome-python-cngit学习资料:https://github.com/xirong/my-git安卓开源代码解析https://github.com/android-cn/android-open-projectpython框架,库,资源大合集:https://github.com/vinta/awesome-pythonJS 正则表达式库(用于简化构造复杂的JS正则表达式):https://github.com/VerbalExpressions/JSVerbalExpressionsPython:python 正则表达式库(用于简化构造复杂的python正则表达式):https://github.com/VerbalExpressions/python任务管理以及命令执行库:https://github.com/pyinvoke/invokepython exe打包库:https://github.com/pyinstaller/pyinstallerVeil-Evasion免杀项目:https://github.com/Veil-Framework/Veil-Evasionpy3 爬虫框架:https://github.com/orf/cyborg一个提供底层接口数据包编程和网络协议支持的python库:https://github.com/CoreSecurity/impacketpython requests 库:https://github.com/kennethreitz/requestspython 实用工具合集:https://github.com/mahmoud/boltonspython爬虫系统:https://github.com/binux/pyspider
科学上网
科学上网工具https://github.com/XX-net/XX-Net
福利
微信自动抢红包动态库https://github.com/east520/AutoGetRedEnv微信抢红包插件(安卓版)https://github.com/geeeeeeeeek/WeChatLuckyMoneyhardsed神器:https://github.com/yangyangwithgnu/hardseed甲方安全工程师生存指南web索引及日志搜索工具:https://github.com/thomaspatzke/WASE开源日志采集器:https://github.com/wgliang/logcool扫描CS结构的web debugerhttps://github.com/Kozea/wdb恢复sqlite数据库删除注册信息:https://github.com/aramosf/recoversqlite/gps欺骗检测工具:https://github.com/zxsecurity/gpsnitch应急处置响应框架:https://github.com/biggiesmallsAG/nightHawkResponseweb安全开发指南:https://github.com/FallibleInc/security-guide-for-developers各个知名厂商漏洞测试报告模板:https://github.com/juliocesarfort/public-pentesting-reportslinux下恶意代码检测包:https://github.com/rfxn/linux-malware-detect操作系统运行指标可视化框架:https://github.com/facebook/osquery恶意代码分析系统:https://github.com/cuckoosandbox/cuckoo定期搜索及存储web应用:https://github.com/Netflix/Scumblr事件响应框架:https://github.com/google/grr综合主机监控检测平台:https://github.com/ossec/ossec-hids分布式实时数字取证系统:https://github.com/mozilla/migMicrosoft & Unix 文件系统及硬盘取证工具:https://github.com/sleuthkit/sleuthkit
蜜罐
SSH蜜罐:
https://github.com/desaster/kippo蜜罐集合资源:https://github.com/paralax/awesome-honeypotskippo进阶版蜜罐:https://github.com/micheloosterhof/cowrieSMTP 蜜罐:https://github.com/awhitehatter/mailoneyweb应用程序蜜罐:https://github.com/mushorg/glastopf数据库蜜罐:https://github.com/jordan-wright/elastichoneyweb蜜罐:https://github.com/atiger77/Dionaea
远控
用gmail充当C&C服务器的后门https:开源的远控:https:c#远控:https:
内容来源:t00ls公开文章
原文链接:https://www.t00ls.net/pytools.html
