└── README.md /README.md: -------------------------------------------------------------------------------- 1 | 2 | 漏洞及渗透练习平台: 3 | --- 4 | 5 | WebGoat漏洞练习平台: 6 | 7 | https://github.com/WebGoat/WebGoat 8 | 9 | webgoat-legacy漏洞练习平台: 10 | 11 | https://github.com/WebGoat/WebGoat-Legacy 12 | 13 | zvuldirll漏洞练习平台: 14 | 15 | https://github.com/710leo/ZVulDrill 16 | 17 | vulapps漏洞练习平台: 18 | 19 | https://github.com/Medicean/VulApps 20 | 21 | dvwa漏洞练习平台: 22 | 23 | https://github.com/RandomStorm/DVWA 24 | 25 | 数据库注入练习平台 : 26 | 27 | https://github.com/Audi-1/sqli-labs 28 | 29 | 用node编写的漏洞练习平台,like OWASP Node Goat: 30 | 31 | https://github.com/cr0hn/vulnerable-node 32 | 33 | Ruby编写的一款工具,生成含漏洞的虚拟机: 34 | 35 | https://github.com/cliffe/secgen 36 | 37 | 花式扫描器 : 38 | --- 39 | Nmap端口扫描器: 40 | 41 | https://github.com/nmap/nmap 42 | 43 | 本地网络扫描器: 44 | 45 | https://github.com/SkyLined/LocalNetworkScanner 46 | 47 | 子域名扫描器: 48 | 49 | https://github.com/lijiejie/subDomainsBrute 50 | 51 | https://github.com/aboul3la/Sublist3r 52 | 53 | https://github.com/TheRook/subbrute 54 | 55 | https://github.com/infosec-au/altdns 56 | 57 | linux漏洞扫描: 58 | 59 | https://github.com/future-architect/vuls 60 | 61 | 基于端口扫描以及关联CVE: 62 | 63 | https://github.com/m0nad/HellRaiser 64 | 65 | 漏洞路由扫描器: 66 | 67 | https://github.com/jh00nbr/Routerhunter-2.0 68 | 69 | 迷你批量信息泄漏扫描脚本: 70 | 71 | https://github.com/lijiejie/BBScan 72 | 73 | Waf类型检测工具: 74 | 75 | https://github.com/EnableSecurity/wafw00f 76 | 77 | 服务器端口弱口令扫描器: 78 | 79 | https://github.com/wilson9x1/fenghuangscanner_v3 80 | 81 | Fox-scan扫描器: 82 | 83 | https://github.com/fengxuangit/Fox-scan/ 84 | 85 | 信息搜集工具 : 86 | --- 87 | 社工收集器: 88 | 89 | https://github.com/n0tr00t/Sreg 90 | 91 | Github信息搜集: 92 | 93 | https://github.com/sea-god/gitscan 94 | 95 | github Repo信息搜集工具: 96 | 97 | https://github.com/metac0rtex/GitHarvester 98 | 99 | 信息探测及扫描工具: 100 | 101 | https://github.com/darryllane/Bluto 102 | 103 | 内部网络信息扫描器: 104 | 105 | https://github.com/sowish/LNScan 106 | 107 | 远程桌面登录扫描器: 108 | 109 | https://github.com/linuz/Sticky-Keys-Slayer 110 | 111 | 网络基础设施渗透工具 112 | 113 | https://github.com/SECFORCE/sparta 114 | 115 | SNMAP密码破解: 116 | 117 | https://github.com/SECFORCE/SNMP-Brute 118 | 119 | WEB: 120 | --- 121 | webshell大合集: 122 | 123 | https://github.com/tennc/webshell 124 | 125 | 渗透以及web攻击脚本: 126 | 127 | https://github.com/brianwrf/hackUtils 128 | 129 | web渗透小工具大合集: 130 | 131 | https://github.com/rootphantomer/hacktoolsfor_me 132 | 133 | XSS数据接收平台: 134 | 135 | https://github.com/firesunCN/BlueLotus_XSSReceiver 136 | 137 | XSS与CSRF工具: 138 | 139 | https://github.com/evilcos/xssor 140 | 141 | xss多功能扫描器: 142 | 143 | https://github.com/shawarkhanethicalhacker/BruteXSS 144 | 145 | web漏洞扫描器: 146 | 147 | https://github.com/andresriancho/w3af 148 | 149 | WEB漏洞扫描器: 150 | 151 | https://github.com/sullo/nikto 152 | 153 | 渗透常用小工具包: 154 | 155 | https://github.com/leonteale/pentestpackage 156 | 157 | web目录扫描器: 158 | 159 | https://github.com/maurosoria/dirsearch 160 | 161 | web向命令注入检测工具: 162 | 163 | https://github.com/stasinopoulos/commix 164 | 165 | 自动化SQL注入检查工具: 166 | 167 | https://github.com/epinna/tplmap 168 | 169 | SSL扫描器: 170 | 171 | https://github.com/rbsec/sslscan 172 | 173 | 安全工具集合: 174 | --- 175 | 176 | https://github.com/codejanus/ToolSuite 177 | 178 | apache日志分析器: 179 | 180 | https://github.com/mthbernardes/ARTLAS 181 | 182 | php代码审计工具: 183 | 184 | https://github.com/pwnsdx/BadCode 185 | 186 | web指纹识别扫描: 187 | 188 | https://github.com/urbanadventurer/whatweb 189 | 190 | 检查网站恶意攻击: 191 | 192 | https://github.com/ciscocsirt/malspider 193 | 194 | wordprees漏洞扫描器: 195 | 196 | https://github.com/wpscanteam/wpscan 197 | 198 | 固件漏洞扫描器: 199 | 200 | https://github.com/misterch0c/firminator_backend 201 | 202 | 数据库注入工具 203 | 204 | https://github.com/sqlmapproject/sqlmap 205 | 206 | Web代理: 207 | 208 | https://github.com/zt2/sqli-hunter 209 | 210 | 新版中国菜刀: 211 | 212 | https://github.com/Chora10/Cknife 213 | 214 | git泄露利用EXP: 215 | 216 | https://github.com/lijiejie/GitHack 217 | 218 | 浏览器攻击框架: 219 | 220 | https://github.com/beefproject/beef 221 | 222 | 自动化绕过WAF脚本: 223 | 224 | https://github.com/khalilbijjou/WAFNinja 225 | 226 | https://github.com/owtf/wafbypasser 227 | 228 | 一款开源WAF: 229 | 230 | https://github.com/SpiderLabs/ModSecurity 231 | 232 | http命令行客户端: 233 | 234 | https://github.com/jkbrzt/httpie 235 | 236 | 浏览器调试利器: 237 | 238 | https://github.com/firebug/firebug 239 | 240 | DISCUZ漏洞扫描器: 241 | 242 | https://github.com/code-scan/dzscan 243 | 244 | 自动化代码审计工具 245 | 246 | https://github.com/wufeifei/cobra 247 | 248 | 浏览器攻击框架: 249 | 250 | https://github.com/julienbedard/browsersploit 251 | 252 | tomcat自动后门部署: 253 | 254 | https://github.com/mgeeky/tomcatWarDeployer 255 | 256 | 网络空间指纹扫描器: 257 | 258 | https://github.com/nanshihui/Scan-T 259 | 260 | burpsuit之J2EE扫描插件: 261 | 262 | https://github.com/ilmila/J2EEScan 263 | 264 | windows域渗透工具: 265 | --- 266 | mimikatz明文注入: 267 | 268 | https://github.com/gentilkiwi/mimikatz 269 | 270 | Powershell渗透库合集: 271 | 272 | https://github.com/PowerShellMafia/PowerSploit 273 | 274 | Powershell tools合集: 275 | 276 | https://github.com/clymb3r/PowerShell 277 | 278 | powershell的mimikittenz: 279 | 280 | https://github.com/putterpanda/mimikittenz 281 | 282 | 域渗透教程: 283 | 284 | https://github.com/l3m0n/pentest_study 285 | 286 | Fuzz: 287 | --- 288 | Web向Fuzz工具 289 | 290 | https://github.com/xmendez/wfuzz 291 | 292 | HTTP暴力破解,撞库攻击脚本 293 | 294 | https://github.com/lijiejie/htpwdScan 295 | 296 | 漏洞利用及攻击框架: 297 | --- 298 | msf框架: 299 | 300 | https://github.com/rapid7/metasploit-framework 301 | 302 | pocsscan攻击框架: 303 | 304 | https://github.com/erevus-cn/pocscan 305 | 306 | Pocsuite攻击框架: 307 | 308 | https://github.com/knownsec/Pocsuite 309 | 310 | Beebeeto攻击框架: 311 | 312 | https://github.com/n0tr00t/Beebeeto-framework 313 | 314 | 漏洞POC&EXP: 315 | --- 316 | ExploitDB官方git版本: 317 | 318 | https://github.com/offensive-security/exploit-database 319 | 320 | php漏洞代码分析: 321 | 322 | https://github.com/80vul/phpcodz 323 | 324 | CVE-2016-2107: 325 | 326 | https://github.com/FiloSottile/CVE-2016-2107 327 | 328 | CVE-2015-7547 POC: 329 | 330 | https://github.com/fjserna/CVE-2015-7547 331 | 332 | JAVA反序列化POC生成工具: 333 | 334 | https://github.com/frohoff/ysoserial 335 | 336 | JAVA反序列化EXP: 337 | 338 | https://github.com/foxglovesec/JavaUnserializeExploits 339 | 340 | Jenkins CommonCollections EXP: 341 | 342 | https://github.com/CaledoniaProject/jenkins-cli-exploit 343 | 344 | CVE-2015-2426 EXP (windows内核提权): 345 | 346 | https://github.com/vlad902/hacking-team-windows-kernel-lpe 347 | 348 | use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示): 349 | 350 | https://github.com/hxer/vulnapp 351 | 352 | php7缓存覆写漏洞Demo及相关工具: 353 | 354 | https://github.com/GoSecure/php7-opcache-override 355 | 356 | XcodeGhost木马样本: 357 | 358 | https://github.com/XcodeGhostSource/XcodeGhost 359 | 360 | 中间人攻击及钓鱼 361 | --- 362 | 中间人攻击框架: 363 | 364 | https://github.com/secretsquirrel/the-backdoor-factory 365 | 366 | https://github.com/secretsquirrel/BDFProxy 367 | 368 | https://github.com/byt3bl33d3r/MITMf 369 | 370 | Inject code, jam wifi, and spy on wifi users: 371 | 372 | https://github.com/DanMcInerney/LANs.py 373 | 374 | 中间人代理工具: 375 | 376 | https://github.com/intrepidusgroup/mallory 377 | 378 | wifi钓鱼: 379 | 380 | https://github.com/sophron/wifiphisher 381 | 382 | 密码破解: 383 | --- 384 | 密码破解工具: 385 | 386 | https://github.com/shinnok/johnny 387 | 388 | 本地存储的各类密码提取利器: 389 | 390 | https://github.com/AlessandroZ/LaZagne 391 | 392 | 二进制及代码分析工具: 393 | --- 394 | 二进制分析工具 395 | 396 | https://github.com/devttys0/binwalk 397 | 398 | 系统扫描器 399 | 400 | https://github.com/quarkslab/binmap 401 | 402 | rp: 403 | 404 | https://github.com/0vercl0k/rp 405 | 406 | Windows Exploit Development工具 407 | 408 | https://github.com/lillypad/badger 409 | 410 | 二进制静态分析工具(python): 411 | https://github.com/bdcht/amoco 412 | 413 | Python Exploit Development Assistance for GDB: 414 | 415 | https://github.com/longld/peda 416 | 417 | 对BillGates Linux Botnet系木马活动的监控工具 418 | 419 | https://github.com/ValdikSS/billgates-botnet-tracker 420 | 421 | 木马配置参数提取工具: 422 | 423 | https://github.com/kevthehermit/RATDecoders 424 | 425 | Shellphish编写的二进制分析工具(CTF向): 426 | 427 | https://github.com/angr/angr 428 | 429 | 针对python的静态代码分析工具: 430 | 431 | https://github.com/yinwang0/pysonar2 432 | 433 | 一个自动化的脚本(shell)分析工具,用来给出警告和建议: 434 | 435 | https://github.com/koalaman/shellcheck 436 | 437 | 基于AST变换的简易Javascript反混淆辅助工具: 438 | 439 | https://github.com/ChiChou/etacsufbo 440 | 441 | EXP编写框架及工具: 442 | --- 443 | 二进制EXP编写工具: 444 | 445 | https://github.com/t00sh/rop-tool 446 | 447 | CTF Pwn 类题目脚本编写框架: 448 | 449 | https://github.com/Gallopsled/pwntools 450 | 451 | an easy-to-use io library for pwning development: 452 | 453 | https://github.com/zTrix/zio 454 | 455 | 跨平台注入工具: 456 | 457 | https://github.com/frida/frida 458 | 459 | 哈希长度扩展攻击EXP: 460 | 461 | https://github.com/citronneur/rdpy 462 | 463 | 隐写: 464 | --- 465 | 隐写检测工具 466 | 467 | https://github.com/abeluck/stegdetect 468 | 469 | 各类安全资料: 470 | --- 471 | data_hacking合集: 472 | 473 | https://github.com/ClickSecurity/data_hacking 474 | 475 | mobile-security-wiki: 476 | 477 | https://github.com/exploitprotocol/mobile-security-wiki 478 | 479 | 书籍《reverse-engineering-for-beginners》: 480 | 481 | https://github.com/veficos/reverse-engineering-for-beginners 482 | 483 | 一些信息安全标准及设备配置: 484 | 485 | https://github.com/luyg24/IT_security 486 | 487 | APT相关笔记: 488 | 489 | https://github.com/kbandla/APTnotes 490 | 491 | Kcon资料: 492 | 493 | https://github.com/knownsec/KCon 494 | 495 | 《DO NOT FUCK WITH A HACKER》: 496 | 497 | https://github.com/citypw/DNFWAH 498 | 499 | 各类安全脑洞图: 500 | 501 | https://github.com/phith0n/Mind-Map 502 | 503 | 信息安全流程图: 504 | 505 | https://github.com/SecWiki/sec-chart/ tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428 506 | 507 | 各类CTF资源 508 | --- 509 | 近年ctf writeup大全: 510 | 511 | https://github.com/ctfs/write-ups-2016 512 | 513 | https://github.com/ctfs/write-ups-2015 514 | 515 | https://github.com/ctfs/write-ups-2014 516 | 517 | fbctf竞赛平台Demo: 518 | 519 | https://github.com/facebook/fbctf 520 | 521 | ctf Resources: 522 | 523 | https://github.com/ctfs/resources 524 | 525 | ctf及黑客资源合集: 526 | 527 | https://github.com/bt3gl/My-Gray-Hacker-Resources 528 | 529 | ctf和安全工具大合集: 530 | 531 | https://github.com/zardus/ctf-tools 532 | 533 | ctf向 python工具包 534 | 535 | https://github.com/P1kachu/v0lt 536 | 537 | 各类编程资源: 538 | --- 539 | 大礼包(什么都有): 540 | 541 | https://github.com/bayandin/awesome-awesomeness 542 | 543 | bash-handbook: 544 | 545 | https://github.com/denysdovhan/bash-handbook 546 | 547 | python资源大全: 548 | 549 | https://github.com/jobbole/awesome-python-cn 550 | 551 | git学习资料: 552 | 553 | https://github.com/xirong/my-git 554 | 555 | 安卓开源代码解析 556 | 557 | https://github.com/android-cn/android-open-project 558 | 559 | python框架,库,资源大合集: 560 | 561 | https://github.com/vinta/awesome-python 562 | 563 | JS 正则表达式库(用于简化构造复杂的JS正则表达式): 564 | 565 | https://github.com/VerbalExpressions/JSVerbalExpressions 566 | 567 | Python: 568 | --- 569 | python 正则表达式库(用于简化构造复杂的python正则表达式): 570 | 571 | https://github.com/VerbalExpressions/ 572 | 573 | python任务管理以及命令执行库: 574 | 575 | https://github.com/pyinvoke/invoke 576 | 577 | python exe打包库: 578 | 579 | https://github.com/pyinstaller/pyinstaller 580 | 581 | Veil-Evasion免杀项目: 582 | 583 | https://github.com/Veil-Framework/Veil-Evasion 584 | 585 | py3 爬虫框架: 586 | 587 | https://github.com/orf/cyborg 588 | 589 | 一个提供底层接口数据包编程和网络协议支持的python库: 590 | 591 | https://github.com/CoreSecurity/impacket 592 | 593 | python requests 库: 594 | 595 | https://github.com/kennethreitz/requests 596 | 597 | python 实用工具合集: 598 | 599 | https://github.com/mahmoud/boltons 600 | 601 | python爬虫系统: 602 | 603 | https://github.com/binux/pyspider 604 | 605 | 科学上网: 606 | --- 607 | 科学上网工具 608 | 609 | https://github.com/XX-net/XX-Net 610 | 611 | 福利: 612 | --- 613 | 微信自动抢红包动态库 614 | 615 | https://github.com/east520/AutoGetRedEnv 616 | 617 | 微信抢红包插件(安卓版) 618 | 619 | https://github.com/geeeeeeeeek/WeChatLuckyMoney 620 | 621 | hardsed神器: 622 | 623 | https://github.com/yangyangwithgnu/hardseed 624 | 625 | 甲方安全工程师生存指南 626 | --- 627 | web索引及日志搜索工具: 628 | 629 | https://github.com/thomaspatzke/WASE 630 | 631 | 开源日志采集器: 632 | 633 | https://github.com/wgliang/logcool 634 | 635 | 扫描CS结构的web debuger 636 | 637 | https://github.com/Kozea/wdb 638 | 639 | 恢复sqlite数据库删除注册信息: 640 | 641 | https://github.com/aramosf/recoversqlite/ 642 | 643 | gps欺骗检测工具: 644 | 645 | https://github.com/zxsecurity/gpsnitch 646 | 647 | 应急处置响应框架: 648 | 649 | https://github.com/biggiesmallsAG/nightHawkResponse 650 | 651 | web安全开发指南: 652 | 653 | https://github.com/FallibleInc/security-guide-for-developers 654 | 655 | 各个知名厂商漏洞测试报告模板: 656 | 657 | https://github.com/juliocesarfort/public-pentesting-reports linux下恶意代码检测包: 658 | 659 | https://github.com/rfxn/linux-malware-detect 660 | 661 | 操作系统运行指标可视化框架: 662 | 663 | https://github.com/facebook/osquery 664 | 665 | 恶意代码分析系统: 666 | 667 | https://github.com/cuckoosandbox/cuckoo 668 | 669 | 定期搜索及存储web应用: 670 | 671 | https://github.com/Netflix/Scumblr 672 | 673 | 事件响应框架: 674 | 675 | https://github.com/google/grr 676 | 677 | 综合主机监控检测平台: 678 | 679 | https://github.com/ossec/ossec-hids 680 | 681 | 分布式实时数字取证系统: 682 | 683 | https://github.com/mozilla/mig 684 | 685 | Microsoft & Unix 文件系统及硬盘取证工具: 686 | 687 | https://github.com/sleuthkit/sleuthkit 688 | 689 | 蜜罐: 690 | --- 691 | SSH蜜罐: 692 | 693 | https://github.com/desaster/kippo 694 | 695 | 蜜罐集合资源: 696 | 697 | https://github.com/paralax/awesome-honeypots 698 | 699 | kippo进阶版蜜罐: 700 | 701 | https://github.com/micheloosterhof/cowrie 702 | 703 | SMTP 蜜罐: 704 | 705 | https://github.com/awhitehatter/mailoney 706 | 707 | web应用程序蜜罐: 708 | 709 | https://github.com/mushorg/glastopf 710 | 711 | 数据库蜜罐: 712 | 713 | https://github.com/jordan-wright/elastichoney 714 | 715 | web蜜罐: 716 | 717 | https://github.com/atiger77/Dionaea 718 | 719 | 远控: 720 | --- 721 | 用gmail充当C&C服务器的后门 722 | 723 | https://github.com/byt3bl33d3r/gcat 724 | 725 | 开源的远控: 726 | 727 | https://github.com/UbbeLoL/uRAT 728 | 729 | c#远控: 730 | 731 | https://github.com/hussein-aitlahcen/BlackHole 732 | --------------------------------------------------------------------------------