社区所有版块导航
Python
python开源   Django   Python   DjangoApp   pycharm  
DATA
docker   Elasticsearch  
aigc
aigc   chatgpt  
WEB开发
linux   MongoDB   Redis   DATABASE   NGINX   其他Web框架   web工具   zookeeper   tornado   NoSql   Bootstrap   js   peewee   Git   bottle   IE   MQ   Jquery  
机器学习
机器学习算法  
Python88.com
反馈   公告   社区推广  
产品
短视频  
印度
印度  
Py学习  »  Git

干货|Github优秀安全工具汇总

乌雲安全 • 1 月前 • 37 次点击  

通用工具

工具类型

工具地址

内网扫描

https://github.com/shadow1ng/fscan

哥斯拉Webshell管理

https://github.com/BeichenDream/Godzilla

aliyun-accesskey-Tools

https://github.com/mrknow001/aliyun-accesskey-Tools

PEASS-ng 提权套装

https://github.com/carlospolop/PEASS-ng

nuclei 漏洞扫描器

https://github.com/projectdiscovery/nuclei

railgun 渗透集成化工具

https://github.com/lz520520/railgun

YAKIT 网络安全单兵工具

https://github.com/yaklang/yakit

EHole (棱洞) 3.0 指纹探测工具

https://github.com/EdgeSecurityTeam/EHole

Traitor 提权工具

https://github.com/liamg/traitor

Stowaway 内网穿透

https://github.com/ph4ntonn/Stowaway

CF 云环境利用框架

https://github.com/teamssix/cf

Naabu 端口扫描

https://github.com/projectdiscovery/naabu

httpx HTTP状态获取

https://github.com/projectdiscovery/httpx

Malleable C2 Profiles

https://github.com/xx0hcd/Malleable-C2-Profiles

shuize(水泽)  信息收集

https://github.com/0x727/ShuiZe_0x727

工具类型

工具地址

Cloud-Bucket-Leak-Detection-

Tools

https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools

SharpHostInfo 内网主机探测

https://github.com/shmilylty/SharpHostInfo

pocsuite3

https://github.com/knownsec/pocsuite3

URLFinder

https://github.com/pingc0y/URLFinder

ALLiN 扫描工具

https://github.com/P1-Team/AlliN

ihoneyBakFileScan 备份文件泄露扫 描

https://github.com/VMsec/ihoneyBakFileScan_Modify

spark(火花)   自动字典生成器

https://github.com/G0mini/spark

Exphub 漏洞利用脚本

https://github.com/zhzyker/exphub

EasyPen 综合利用工具

https://github.com/lijiejie/EasyPen

Dog Tunnel(狗洞)端口映射工具

https://github.com/vzex/dog-tunnel

frp 端口映射工具

https://github.com/fatedier/frp

MYExploit 综合利用工具

https://github.com/achuna33/MYExploit

dirsearch 目录扫描工具

https://github.com/maurosoria/dirsearch

OneForAll 子域收集工具

https://github.com/shmilylty/OneForAll

Cloud-Bucket-Leak-Detection- Tools 云储存利用工具

https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools

ObserverWard 指纹识别工具

https://github.com/0x727/ObserverWard

AtlasC2 C2框架Atlas

https://github.com/Gr1mmie/AtlasC2

Goblin 钓鱼演练工具

https://github.com/xiecat/goblin

工具类型

工具地址

AsamF 资产收集工具

https://github.com/Kento-Sec/AsamF

Httpx IP、 Url批量存活探测

https://github.com/projectdiscovery/httpx

Ghidra 软件逆向工程框架

https://github.com/NationalSecurityAgency/ghidra

crack 弱口令爆破工具

https://github.com/niudaii/crack

Empire 后开发框架

https://github.com/BC-SECURITY/Empire

ksubdomain 子域名爆破工具

https://github.com/knownsec/ksubdomain

scan4all 综合扫描

https://github.com/hktalent/scan4all

Kscan 资产测绘工具

https://github.com/lcvvvv/kscan

RedGuard C2流量前置工具

https://github.com/wikiZ/RedGuard

VScan 漏洞扫描工具

https://github.com/veo/vscan

pydictor 字典建立工具

https://github.com/LandGrey/pydictor

AutoPWN Suite 漏扫利用工具

https://github.com/GamehunterKaan/AutoPWN-Suite

CloudFlair 找CF真实IP工具

https://github.com/christophetd/CloudFlair

feroxbuster 目录扫描工具

https://github.com/epi052/feroxbuster

POC-bomber 漏洞检测/利用工具

https://github.com/tr0uble-mAker/POC-bomber

iox 端口转发工具

https://github.com/EddieIvan01/iox

f8x 一键环境搭建

https://github.com/ffffffff0x/f8x

URL 搜集工具

https://github.com/lc/gau

工具类型

工具地址

子域名发现工具

https://github.com/projectdiscovery/subfinder

pocassist POC框架

https://github.com/jweny/pocassist

Gobuster 目录文件、  DNS和VHost 爆破工具

https://github.com/OJ/gobuster

Vulmap web漏洞扫描和验证工具

https://github.com/zhzyker/vulmap

ESP32 Wi-Fi攻击工具

https://github.com/risinek/esp32-wifi-penetration-tool

牛屎花C2远控

https://github.com/YDHCUI/manjusaka

Amass 资产发现、子域名扫描工具

https://github.com/OWASP/Amass

GitHack Git泄露利用工具

https://github.com/lijiejie/GitHack

subDomainsBrute 子域名爆破工具

https://github.com/lijiejie/subDomainsBrute

JNDI-Inject-Exploit 反序列化测试工 具

https://github.com/exp1orer/JNDI-Inject-Exploit

LadonGo 内网渗透扫描器框架

https://github.com/k8gege/LadonGo

Dismap 资产发现及指纹识别

https://github.com/zhzyker/dismap

afrog 漏洞扫描工具

https://github.com/zan8in/afrog

TruffleHog 敏感信息搜集工具

https://github.com/trufflesecurity/trufflehog

Komo 综合资产收集和漏洞扫描工具

https://github.com/komomon/Komo

xray 被动扫描安全评估工具

https://github.com/chaitin/xray

AppInfoScanner 移动端信息收集扫 描工具

https://github.com/kelvinBen/AppInfoScanner

Linux提权exp

https://github.com/Al1ex/LinuxEelvation

工具类型

工具地址

Packer Fuzzer Webpack网站扫描工 具

https://github.com/rtcatc/Packer-Fuzzer

Polaris 信息搜集与漏洞利用框架

https://github.com/doimet/Polaris

geacon_pro 免杀工具

https://github.com/H4de5-7/geacon_pro

spp 隧道代理工具

https://github.com/esrrhs/spp

Payer 子域名挖掘机

https://github.com/Pik-sec/Payer

MobSF 移动安全测试框架

https://github.com/MobSF/Mobile-Security-Framework-MobSF

ByPassGodzilla/哥斯拉免杀生成

https://github.com/Tas9er/ByPassGodzilla

katana 下一代爬虫框架

https://github.com/projectdiscovery/katana

SourceDetector 自动发现.map文件

https://github.com/SunHuawei/SourceDetector

windows提权漏洞检测

https://github.com/bitsadmin/wesng

API未授权扫描插件

https://github.com/API-Security/APIKit

Dirmap web目录扫描工具

https://github.com/H4ckForJob/dirmap

vshell c2主机群管理工具

https://github.com/veo/vshell

Yasso 内网渗透辅助工具集

https://github.com/sairson/Yasso

JSFinder 信息收集接口

https://github.com/Threezh1/JSFinder

Perun 综合扫描器

https://github.com/WyAtu/Perun

AntSword 加载器

https://github.com/AntSwordProject/AntSword-Loader

AntSword

https://github.com/AntSwordProject/antSword

工具类型

工具地址

Goby 漏洞扫描

https://github.com/gobysec/Goby

goby exp库

https://github.com/k3vi-07/goby-exp

reNgine 自动侦察框架

https://github.com/yogeshojha/rengine

SatanSword 红队综合渗透框架

https://github.com/Lucifer1993/SatanSword

Dirscan 目录扫描

https://github.com/corunb/Dirscan

LSTAR CobaltStrike综合后渗透插件

https://github.com/lintstar/LSTAR

Platypus 交互式反向Shell 管理器

https://github.com/WangYihang/Platypus

Phoenix 新一代目录扫描神器

https://github.com/Pik-sec/Phoenix

RouteVulScan 递归式被动检测脆弱 路径的bp插件

https://github.com/F6JO/RouteVulScan

MDUT 数据库跨平台利用工具

https://github.com/SafeGroceryStore/MDUT

LaZagne 密码凭证收集工具

https://github.com/AlessandroZ/LaZagne

Erfrp frp二开-免杀与隐藏

https://github.com/Goqi/Erfrp

EventCleaner 日志清理

https://github.com/QAX-A-Team/EventCleaner

UACMe Windows bypassUAC

https://github.com/hfiref0x/UACME

SCAMagicScan POC漏洞扫描工具

https://github.com/SCAMagic/SCAMagicScan

ENScan Go 企业信息搜集工具

https://github.com/wgpsec/ENScan_GO

ThunderSearch 闪电搜索器

https://github.com/xzajyjs/ThunderSearch

EmailAll 邮箱收集工具

https://github.com/Taonn/EmailAll

工具类型

工具地址

finger 资产识别工具

https://github.com/EASY233/Finger

apk扫描器

https://github.com/dwisiswant0/apkleaks

Neo-reGeorg 代理工具

https://github.com/L-codes/Neo-reGeorg

blasting 图形化后台爆破工具

https://github.com/gubeihc/blasting

HaE 敏感信息收集burp插件

https://github.com/gh0stkey/HaE

powershell免杀混淆

https://github.com/H4de5-7/powershell-obfuscation

Bundler-bypass 免杀捆绑器

https://github.com/H4de5-7/Bundler-bypass

java图形化漏洞利用工具集

https://github.com/savior-only/javafx_tools

漏洞利用                                                                          

漏洞产品

工具地址

SpringBootExploit

https://github.com/0x727/SpringBootExploit

Springboot漏洞全家桶

https://github.com/woodpecker-appstore/springboot-vuldb

Log4j2Scan

https://github.com/whwlsfb/Log4j2Scan

ShiroExploit

https://github.com/feihong-cs/ShiroExploit-Deprecated

ShiroAttack2

https://github.com/SummerSec/ShiroAttack2

thinkphp_gui_tools

https://github.com/bewhale/thinkphp_gui_tools

Fastjson-Patrol

https://github.com/ce-automne/FastjsonPatrol


漏洞产品

工具地址

Vmware虚拟化漏洞利用

(HCX/vCenter/NSX/Horizon/vRealize)

https://github.com/NS-Sp4ce/Vm4J

Struts2-Scan 漏洞检测

https://github.com/HatBoy/Struts2-Scan

Fastjson 扫描器

https://github.com/a1phaboy/FastjsonScan

致远OA综合利用工具

https://github.com/Summer177/seeyon_exp

泛微OA综合利用脚本

https://github.com/z1un/weaver_exp

微信扫码加入免费知识星球

Python社区是高质量的Python/Django开发社区
本文地址:http://www.python88.com/topic/170168
 
37 次点击