└── README.md /README.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: 黑客工具大搜罗 3 | --- 4 | 5 | 各种好玩的安全攻防工具。 6 | 7 | # 安全工具(go语言) 8 | |序号|名称|项目地址|简介| 9 | | ----- | ----- | ----- | ----- | 10 | | 1 | gomitmproxy | https://github.com/sheepbao/gomitmproxy | GomitmProxy是想用golang语言实现的mitmproxy,主要实现http代理,目前实现了http代理和https抓包功能。 | 11 | | 2 | Hyperfox | http://github.com/xiam/hyperfox | Hyperfox 是一个安全的工具用来代理和记录局域网中的 HTTP 和 HTTPS 通讯。 | 12 | | 3 | Gryffin | http://github.com/yahoo/gryffin | Gryffin 是雅虎开发的一个大规模 Web 安全扫描平台。它不是另外一个扫描器,其主要目的是为了解决两个特定的问题 —— 覆盖率和伸缩性。 | 13 | | 4 | ngrok | http://github.com/inconshreveable/ngrok | ngrok 是一个反向代理,通过在公共的端点和本地运行的 Web 服务器之间建立一个安全的通道。ngrok 可捕获和分析所有通道上的流量,便于后期分析和重放。| 14 | 15 | # 安全工具(c语言) 16 | |序号|名称|项目地址|简介| 17 | | ----- | ----- | ----- | ----- | 18 | | 1 | Cknife | https://github.com/Chora10/Cknife | 俗称“中国菜刀”, 一个渗透测试软件 | 19 | | 2 | mimikatz | https://github.com/gentilkiwi/mimikatz | windows渗透工具, 可用于提权操作, 破解管理员密码等 | 20 | 21 | 22 | # 安全工具(python语言) 23 | |序号|名称|项目地址|简介| 24 | | ----- | ----- | ----- | ----- | 25 | | 1| mitmproxy | https://github.com/mitmproxy/mitmproxy | 中间人攻击工具 | 26 | 27 | # 安全工具(ruby语言) 28 | |序号|名称|项目地址|简介| 29 | | ----- | ----- | ----- | ----- | 30 | | 1| PhishLulz | https://github.com/antisnatchor/phishlulz | 高级自动化钓鱼框架, 只需要10分钟就能搭建起钓鱼环境,进行精确的钓鱼攻击。 | 31 | 32 | 33 | # 杂 34 | |序号|名称|项目地址|简介| 35 | | ----- | ----- | ----- | ----- | 36 | | 1 | hacker-scripts | https://github.com/NARKOZ/hacker-scripts | 一些无厘头的职场自动化脚本,自动处理和回复一些无聊的事情 | 37 | | 2 | VulApps | https://github.com/Medicean/VulApps | 快速搭建各种漏洞环境(Various vulnerability environment) https://hub.docker.com/r/medicean/vulapps/ 收集各种漏洞环境,为方便使用,统一采用 Dockerfile 形式。 | 38 | | 3 | openftp4 |https://github.com/massivedynamic/openftp4| 可以匿名登陆的ftp清单 | 39 | -------- 40 | 作者:天谕 41 | 链接:https://zhuanlan.zhihu.com/p/21380662 42 | 来源:知乎 43 | 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。 44 | - - - - --- 45 | 漏洞及渗透练习平台: 46 | 47 | WebGoat漏洞练习环境 48 | https://github.com/WebGoat/WebGoat 49 | https://github.com/WebGoat/WebGoat-Legacy 50 | 51 | Damn Vulnerable Web Application(漏洞练习平台) 52 | https://github.com/RandomStorm/DVWA 53 | 数据库注入练习平台 54 | https://github.com/Audi-1/sqli-labs 55 | 用node编写的漏洞练习平台,like OWASP Node Goat 56 | https://github.com/cr0hn/vulnerable-node 57 | 58 | 花式扫描器 : 59 | 60 | 端口扫描器Nmap 61 | https://github.com/nmap/nmap 62 | 63 | 本地网络扫描器 64 | https://github.com/SkyLined/LocalNetworkScanner 65 | 66 | 子域名扫描器 67 | https://github.com/lijiejie/subDomainsBrute 68 | 69 | 漏洞路由扫描器 70 | https://github.com/jh00nbr/Routerhunter-2.0 71 | 72 | 迷你批量信息泄漏扫描脚本 73 | https://github.com/lijiejie/BBScan 74 | 75 | Waf类型检测工具 76 | https://github.com/EnableSecurity/wafw00f 77 | 78 | 信息搜集工具 : 79 | 80 | 社工插件,可查找以email、phone、username的注册的所有网站账号信息 81 | https://github.com/n0tr00t/Sreg 82 | Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信息 83 | https://github.com/sea-god/gitscan 84 | github Repo信息搜集工具 85 | https://github.com/metac0rtex/GitHarvester 86 | 87 | WEB: 88 | 89 | webshell大合集 90 | https://github.com/tennc/webshell 91 | 渗透以及web攻击脚本 92 | https://github.com/brianwrf/hackUtils 93 | web渗透小工具大合集 94 | https://github.com/rootphantomer/hack_tools_for_me 95 | XSS数据接收平台 96 | https://github.com/firesunCN/BlueLotus_XSSReceiver 97 | XSS与CSRF工具 98 | https://github.com/evilcos/xssor 99 | Short for command injection exploiter,web向命令注入检测工具 100 | https://github.com/stasinopoulos/commix 101 | 数据库注入工具 102 | https://github.com/sqlmapproject/sqlmap 103 | Web代理,通过加载sqlmap api进行sqli实时检测 104 | https://github.com/zt2/sqli-hunter 105 | 新版中国菜刀 106 | https://github.com/Chora10/Cknife 107 | .git泄露利用EXP 108 | https://github.com/lijiejie/GitHack 109 | 浏览器攻击框架 110 | https://github.com/beefproject/beef 111 | 自动化绕过WAF脚本 112 | https://github.com/khalilbijjou/WAFNinja 113 | http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) 114 | https://github.com/jkbrzt/httpie 115 | 浏览器调试利器 116 | https://github.com/firebug/firebug 117 | 一款开源WAF 118 | https://github.com/SpiderLabs/ModSecurity 119 | 120 | windows域渗透工具: 121 | 122 | windows渗透神器 123 | https://github.com/gentilkiwi/mimikatz 124 | Powershell渗透库合集 125 | https://github.com/PowerShellMafia/PowerSploit 126 | Powershell tools合集 127 | https://github.com/clymb3r/PowerShell 128 | 129 | Fuzz: 130 | 131 | Web向Fuzz工具 132 | https://github.com/xmendez/wfuzz 133 | 134 | HTTP暴力破解,撞库攻击脚本 135 | https://github.com/lijiejie/htpwdScan 136 | 137 | 漏洞利用及攻击框架: 138 | 139 | msf 140 | https://github.com/rapid7/metasploit-framework 141 | Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 142 | https://github.com/erevus-cn/pocscan 143 | Pocsuite 144 | https://github.com/knownsec/Pocsuite 145 | Beebeeto 146 | https://github.com/n0tr00t/Beebeeto-framework 147 | 148 | 漏洞POC&EXP: 149 | 150 | ExploitDB官方git版本 151 | https://github.com/offensive-security/exploit-database 152 | php漏洞代码分析 153 | https://github.com/80vul/phpcodz 154 | Simple test for CVE-2016-2107 155 | https://github.com/FiloSottile/CVE-2016-2107 156 | CVE-2015-7547 POC 157 | https://github.com/fjserna/CVE-2015-7547 158 | JAVA反序列化POC生成工具 159 | https://github.com/frohoff/ysoserial 160 | JAVA反序列化EXP 161 | https://github.com/foxglovesec/JavaUnserializeExploits 162 | Jenkins CommonCollections EXP 163 | https://github.com/CaledoniaProject/jenkins-cli-exploit 164 | CVE-2015-2426 EXP (windows内核提权) 165 | https://github.com/vlad902/hacking-team-windows-kernel-lpe 166 | use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) 167 | https://github.com/hxer/vulnapp 168 | php7缓存覆写漏洞Demo及相关工具 169 | https://github.com/GoSecure/php7-opcache-override 170 | XcodeGhost木马样本 171 | https://github.com/XcodeGhostSource/XcodeGhost 172 | 173 | 中间人攻击及钓鱼 174 | 175 | 中间人攻击框架 176 | https://github.com/secretsquirrel/the-backdoor-factory 177 | https://github.com/secretsquirrel/BDFProxy 178 | https://github.com/byt3bl33d3r/MITMf 179 | Inject code, jam wifi, and spy on wifi users 180 | https://github.com/DanMcInerney/LANs.py 181 | 可扩展的中间人代理工具 182 | https://github.com/intrepidusgroup/mallory 183 | wifi钓鱼 184 | https://github.com/sophron/wifiphisher 185 | 186 | 密码破解: 187 | 188 | 密码破解工具 189 | https://github.com/shinnok/johnny 190 | 191 | 本地存储的各类密码提取利器 192 | https://github.com/AlessandroZ/LaZagne 193 | 194 | 二进制及代码分析工具: 195 | 196 | 二进制分析工具 197 | https://github.com/devttys0/binwalk 198 | 系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息 199 | https://github.com/quarkslab/binmap 200 | rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. 201 | https://github.com/0vercl0k/rp 202 | Windows Exploit Development工具 203 | https://github.com/lillypad/badger 204 | 二进制静态分析工具(python) 205 | https://github.com/bdcht/amoco 206 | Python Exploit Development Assistance for GDB 207 | https://github.com/longld/peda 208 | 对BillGates Linux Botnet系木马活动的监控工具 209 | https://github.com/ValdikSS/billgates-botnet-tracker 210 | 木马配置参数提取工具 211 | https://github.com/kevthehermit/RATDecoders 212 | Shellphish编写的二进制分析工具(CTF向) 213 | https://github.com/angr/angr 214 | 针对python的静态代码分析工具 215 | https://github.com/yinwang0/pysonar2 216 | 一个自动化的脚本(shell)分析工具,用来给出警告和建议 217 | https://github.com/koalaman/shellcheck 218 | 基于AST变换的简易Javascript反混淆辅助工具 219 | https://github.com/ChiChou/etacsufbo 220 | 221 | EXP编写框架及工具: 222 | 223 | 二进制EXP编写工具 224 | https://github.com/t00sh/rop-tool 225 | 226 | CTF Pwn 类题目脚本编写框架 227 | https://github.com/Gallopsled/pwntools 228 | 229 | an easy-to-use io library for pwning development 230 | https://github.com/zTrix/zio 231 | 232 | 跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) 233 | https://github.com/frida/frida 234 | 235 | 隐写: 236 | 237 | 隐写检测工具 238 | https://github.com/abeluck/stegdetect 239 | 240 | 各类安全资料: 241 | 242 | 域渗透教程 243 | https://github.com/l3m0n/pentest_study 244 | python security教程(原文链接http://www.primalsecurity.net/tutorials/python-tutorials/) 245 | https://github.com/smartFlash/pySecurity 246 | data_hacking合集 247 | https://github.com/ClickSecurity/data_hacking 248 | https://github.com/ClickSecurity/data_hacking 249 | mobile-security-wiki 250 | https://github.com/exploitprotocol/mobile-security-wiki 251 | 书籍《reverse-engineering-for-beginners》 252 | https://github.com/veficos/reverse-engineering-for-beginners 253 | 一些信息安全标准及设备配置 254 | https://github.com/luyg24/IT_security 255 | APT相关笔记 256 | https://github.com/kbandla/APTnotes 257 | Kcon资料 258 | https://github.com/knownsec/KCon 259 | ctf及黑客资源合集 260 | https://github.com/bt3gl/My-Gray-Hacker-Resources 261 | ctf和安全工具大合集 262 | https://github.com/zardus/ctf-tools 263 | 《DO NOT FUCK WITH A HACKER》 264 | https://github.com/citypw/DNFWAH 265 | 266 | 各类CTF资源 267 | 268 | 近年ctf writeup大全 269 | https://github.com/ctfs/write-ups-2016 270 | https://github.com/ctfs/write-ups-2015 271 | https://github.com/ctfs/write-ups-2014 272 | fbctf竞赛平台Demo 273 | https://github.com/facebook/fbctf 274 | ctf Resources 275 | https://github.com/ctfs/resources 276 | 277 | 各类编程资源: 278 | 279 | 大礼包(什么都有) 280 | https://github.com/bayandin/awesome-awesomeness 281 | bash-handbook 282 | https://github.com/denysdovhan/bash-handbook 283 | python资源大全 284 | https://github.com/jobbole/awesome-python-cn 285 | git学习资料 286 | https://github.com/xirong/my-git 287 | 安卓开源代码解析 288 | https://github.com/android-cn/android-open-project-analysis 289 | python框架,库,资源大合集 290 | https://github.com/vinta/awesome-python 291 | JS 正则表达式库(用于简化构造复杂的JS正则表达式) 292 | https://github.com/VerbalExpressions/JSVerbalExpressions 293 | 294 | Python: 295 | 296 | python 正则表达式库(用于简化构造复杂的python正则表达式) 297 | https://github.com/VerbalExpressions/PythonVerbalExpressions 298 | python任务管理以及命令执行库 299 | https://github.com/pyinvoke/invoke 300 | python exe打包库 301 | https://github.com/pyinstaller/pyinstaller 302 | py3 爬虫框架 303 | https://github.com/orf/cyborg 304 | 一个提供底层接口数据包编程和网络协议支持的python库 305 | https://github.com/CoreSecurity/impacket 306 | python requests 库 307 | https://github.com/kennethreitz/requests 308 | python 实用工具合集 309 | https://github.com/mahmoud/boltons 310 | python爬虫系统 311 | https://github.com/binux/pyspider 312 | ctf向 python工具包 313 | https://github.com/P1kachu/v0lt 314 | 315 | 科学上网: 316 | 317 | 科学上网工具 318 | https://github.com/XX-net/XX-Net 319 | 320 | 福利: 321 | 322 | 微信自动抢红包动态库 323 | https://github.com/east520/AutoGetRedEnv 324 | 325 | 微信抢红包插件(安卓版) 326 | https://github.com/geeeeeeeeek/WeChatLuckyMoney 327 | 神器 328 | https://github.com/yangyangwithgnu/hardseed 329 | 330 | - - - - ---- 331 | 作者:天谕 332 | 链接:https://zhuanlan.zhihu.com/p/22110538 333 | 来源:知乎 334 | 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。 335 | - - - - --- 336 | 漏洞及渗透练习平台: 337 | 338 | https://github.com/710leo/ZVulDrill 339 | Web漏洞演练平台 340 | 341 | https://github.com/cliffe/secgen 342 | Ruby编写的一款工具,生成含漏洞的虚拟机 343 | 344 | 345 | 花式扫描器: 346 | 347 | https://github.com/aboul3la/Sublist3r 348 | 子域名爆破扫描器 349 | 350 | https://github.com/TheRook/subbrute 351 | 子域名爆破扫描器 352 | 353 | https://github.com/andresriancho/w3af 354 | Web漏洞扫描器 355 | 356 | https://github.com/maurosoria/dirsearch 357 | Web路径扫描器 358 | 359 | https://github.com/shawarkhanethicalhacker/BruteXSS 360 | XSS多功能扫描器 361 | 362 | https://github.com/rbsec/sslscan 363 | SSL类型扫描器 364 | 365 | https://github.com/urbanadventurer/whatweb 366 | 网站指纹识别工具,用来检测网站CMS类型,所采用的博客系统类型,JS库,web服务器,甚至版本号,email地址,web框架等 367 | 368 | https://github.com/ciscocsirt/malspider 369 | 一款爬虫框架,用来检测网站是否被恶意攻击过 370 | 371 | https://github.com/wpscanteam/wpscan 372 | wordpress漏洞扫描器 373 | 374 | https://github.com/misterch0c/firminator_backend 375 | 固件漏洞扫描器 376 | 377 | https://github.com/wilson9x1/fenghuangscanner_v3 378 | 常见服务端口弱口令扫描器 379 | 380 | https://github.com/darryllane/Bluto 381 | 信息探测及扫描工具(DNS及邮件枚举等) 382 | 383 | https://github.com/sowish/LNScan 384 | 内部网络扫描器 385 | 386 | https://github.com/linuz/Sticky-Keys-Slayer 387 | 远程桌面登录扫描器 388 | 389 | https://github.com/infosec-au/altdns 390 | 子域名字典组合生成及暴力破解器 391 | 392 | https://github.com/SECFORCE/sparta 393 | 网络基础设施渗透工具(集成nmap和hydra等) 394 | 395 | https://github.com/SECFORCE/SNMP-Brute 396 | Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script 397 | 398 | https://github.com/sullo/nikto 399 | web server scanner 400 | 401 | https://github.com/code-scan/dzscan 402 | discuz论坛漏洞扫描器 403 | 404 | https://github.com/nanshihui/Scan-T 405 | 网络空间指纹扫描器 406 | 407 | https://github.com/ilmila/J2EEScan 408 | J2EE漏洞扫描器burp插件 409 | 410 | 411 | 甲方安全工程师生存指南: 412 | 413 | https://github.com/thomaspatzke/WASE 414 | web索引及日志搜索工具 415 | 416 | https://github.com/Kozea/wdb 417 | 一款CS结构的web debuger 418 | 419 | https://github.com/aramosf/recoversqlite/ 420 | recover information from deleted registers in sqlite databases. 421 | 422 | https://github.com/epinna/tplmap 423 | 自动化的模板注入攻击检测工具 424 | 425 | https://github.com/client9/libinjection 426 | sqli词法解析分析器 427 | 428 | https://github.com/zxsecurity/gpsnitch 429 | gps欺骗检测工具 430 | 431 | https://github.com/biggiesmallsAG/nightHawkResponse 432 | 应急处置响应框架 433 | 434 | https://github.com/FallibleInc/security-guide-for-developers 435 | web安全开发指南 436 | 437 | https://github.com/4ido10n/wooyun-drops-all-articles-package 438 | 乌云知识库全部文章 439 | 440 | https://github.com/paralax/awesome-honeypots 441 | 蜜罐资源合集 442 | 443 | https://github.com/wufeifei/cobra 444 | 自动化代码审计工具 445 | 446 | https://github.com/HatBoy/Pcap-Analyzer 447 | python编写的离线网络数据包分析器 448 | 449 | https://github.com/leonteale/pentestpackage 450 | 渗透测试常见小工具打包 451 | 452 | 453 | WEB: 454 | 455 | https://github.com/owtf/wafbypasser 456 | WAF绕过检测工具 457 | 458 | https://github.com/julienbedard/browsersploit 459 | 浏览器攻击框架 460 | 461 | https://github.com/guillotines/WebShell 462 | web端webshell管理器 463 | 464 | https://github.com/mgeeky/tomcatWarDeployer 465 | tomcat自动后门部署 466 | 467 | 468 | Windows域渗透工具: 469 | 470 | https://github.com/enddo/awesome-windows-exploitation 471 | windows漏洞利用相关整理 472 | 473 | https://github.com/putterpanda/mimikittenz 474 | 从内存中提取敏感信息的工具 475 | 476 | https://github.com/chango77747/AdEnumerator 477 | https://github.com/Raikia/CredNinja 478 | https://github.com/ChrisTruncer/WMIOps 479 | https://github.com/ChrisTruncer/EyeWitness 480 | https://github.com/ChrisTruncer/Egress-Assess 481 | fireeye红军渗透工具 482 | 483 | 484 | 各类安全资料: 485 | 486 | https://github.com/phith0n/Mind-Map 487 | 安全脑图合集 488 | https://github.com/SecWiki/sec-chart/tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428 489 | 有关信息安全的一些流程图收集 490 | 491 | 492 | 493 | 漏洞POC&EXP: 494 | 495 | https://github.com/citronneur/rdp 496 | 哈希长度扩展攻击EXP 497 | 498 | 蜜罐: 499 | 500 | https://github.com/desaster/kippo 501 | SSH Honeypot 502 | 503 | https://github.com/micheloosterhof/cowrie 504 | kippo进阶版 505 | 506 | https://github.com/awhitehatter/mailoney 507 | SMTP honeypot 508 | 509 | https://github.com/mushorg/glastopf 510 | Web Application honeypot 511 | 512 | https://github.com/jordan-wright/elastichoney 513 | 数据库蜜罐 514 | 515 | https://github.com/atiger77/Dionaea 516 | Web蜜罐 517 | 518 | 作者:天谕 519 | 链接:https://zhuanlan.zhihu.com/p/22684414 520 | 来源:知乎 521 | 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。 522 | 523 | ==========================华丽丽的分割线========================== 524 | 525 | 漏洞及渗透练习平台: 526 | 527 | https://github.com/Medicean/VulApps 528 | 529 | 多种漏洞练习环境 530 | 531 | 花式扫描器: 532 | 533 | GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications 534 | Ruby on Rails应用静态分析工具 535 | 536 | GitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go 537 | linux漏洞扫描器 538 | 539 | GitHub - m0nad/HellRaiser: Vulnerability Scanner 540 | 基于端口的漏扫及CVE关联 541 | 542 | 甲方安全工程师生存指南: 543 | 544 | GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups 545 | 各知名厂商渗透测试报告模板 546 | 547 | GitHub - codejanus/ToolSuite: Security tools 548 | 安全工具合集 549 | 550 | GitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System 551 | apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM) 552 | 553 | GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool 554 | Destroy-Windows-10-Spying 555 | 556 | https://github.com/pwnsdx/BadCode 557 | PHP代码审计扫描器 558 | 559 | GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD) 560 | linux下恶意代码检测包 561 | 562 | GitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics. 563 | 操作系统运行指标可视化框架 564 | 565 | https://github.com/jipegit/OSXAuditor 566 | Mac OS下取证工具 567 | 568 | GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system 569 | 恶意代码分析系统 570 | 571 | GitHub - Netflix/Scumblr 572 | 定期搜索及存储web应用,可搜漏洞讨论等等 573 | 574 | GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response 575 | 事件响应框架(focus on 远程取证) 576 | 577 | GitHub - mozilla/MozDef: MozDef: The Mozilla Defense Platform 578 | The Mozilla Defense Platform 579 | 580 | GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. 581 | 综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等) 582 | 583 | GitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X 584 | OS X远程取证与分析工具包 585 | 586 | GitHub - mozilla/mig: Distributed & real time digital forensics at the speed of the cloud 587 | 分布式实时数字取证系统 588 | 589 | GitHub - sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. 590 | Microsoft & Unix 文件系统及硬盘取证工具 591 | 592 | https://github.com/OpenSCAP/openscap 593 | Open Source Security Compliance Solution 594 | 595 | https://github.com/wgliang/logcool 596 | 开源准实时日志采集器 597 | 598 | https://github.com/goldshtn/etrace 599 | windows实时ETW事件处理工具 600 | 601 | GitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues. 602 | 603 | CPU及内存相关性能分析工具 604 | 605 | WEB: 606 | 607 | GitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools. 608 | 通过调用sqlmap api,自动检测sqli的代理 609 | 610 | GitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions 611 | 免杀payload生成器 612 | 613 | GitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server 614 | 用gmail充当C&C服务器的后门 615 | 616 | 617 | 远控: 618 | 619 | GitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool 620 | 开源模块化远控工具 621 | 622 | GitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool) 623 | C#远控工具 624 | 625 | 626 | 漏洞POC&EXP: 627 | 628 | GitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities 629 | JAVA反序列化漏洞相关资源列表 630 | 631 | 632 | 二进制及代码分析工具: 633 | 634 | GitHub - suraj-root/smap: Shellcode mapper 635 | shellcode分析工具 636 | 637 | GitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSC 638 | Shellcode/Obfuscate Code Generator 639 | 640 | GitHub - korcankaraokcu/PINCE: A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux 641 | linux下逆向工具 642 | 643 | GitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. 644 | Reverse Shell and Post Exploitation Tool 645 | 646 | GitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework 647 | 跨平台二进制分析及逆向工具 648 | 649 | Python: 650 | 651 | GitHub - gstarnberger/uncompyle: Python decompiler 652 | 653 | pyc反编译脚本 654 | 655 | https://github.com/jameslyons/pycipher 656 | 657 | pycipher python加解密库 658 | 659 | https://github.com/nvdv/vprof 660 | 661 | 可视化python性能分析工具 662 | 663 | 664 | FUZZ: 665 | 666 | https://github.com/MozillaSecurity/peach 667 | 668 | fuzzing framework 669 | 670 | GitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage 671 | A general-purpose, easy-to-use fuzzer with interesting analysis options. 672 | 673 | GitHub - fuzzing/MFFA: Media Fuzzing Framework for Android 674 | Media Fuzzing Framework for Android 675 | 676 | GitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on Android 677 | A tool to fuzz Intent Android 678 | 679 | GitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input. 680 | Fuzzing资源 681 | 682 | GitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL) 683 | 684 | AFL的Android移植版本 685 | 686 | Github 安全军火库(四) 687 | 希望今年能够更加努力一点,早日在菜的抠脚的队伍中稳健成长。 688 | 689 | ==========================华丽丽的分割线========================== 690 | 691 | 先安利一个网站,我平时经常看,觉得内容都挺不错的。 692 | 693 | 安全行业从业人员自研开源扫描器合集(2017/01/11更新)-MottoIN 694 | 695 | 这篇文章主要是针对扫描器这一块的开源项目做了收集和规整,理的很清楚,里面的项目我就不拿出来罗列了。 696 | 697 | ==========================华丽丽的分割线========================== 698 | 699 | 漏洞及渗透练习平台: 700 | 701 | 702 | rapid7/metasploitable3 703 | metasploitable3 704 | 705 | stamparm/DSVW 706 | 轻量web漏洞演示平台 707 | 708 | MyKings/docker-vulnerability-environment 709 | docker搭建的漏洞练习环境 710 | 711 | joe-shenouda/awesome-cyber-skills 712 | 黑客技术训练环境 713 | 714 | OWASP/SecurityShepherd 715 | web及app渗透训练平台 716 | 717 | 花式扫描器: 718 | 719 | 720 | ysrc/GourdScanV2 721 | 被动式漏洞扫描系统 722 | 723 | ring04h/wydomain 724 | 子域名扫描器 725 | 726 | ysrc/F-Scrack 727 | 服务弱口令检测脚本 728 | 729 | thesp0nge/dawnscanner 730 | ruby源码扫描工具 731 | 732 | zer0h/httpscan 733 | web主机发现小工具 734 | 735 | maxlabelle/WebMalwareScanner 736 | A simple malware scanner 737 | 738 | youngyangyang04/NoSQLAttack 739 | MongoDB漏洞扫描器 740 | 741 | az0ne/AZScanner 742 | 自动漏扫 743 | 744 | Screetsec/Dracnmap 745 | 集成Nmap的一款端口扫描器 746 | 747 | maK-/parameth 748 | Get Post参数扫描器 749 | 750 | delvelabs/vane 751 | A GPL fork of the popular wordpress vulnerability scanner WPScan 752 | 753 | stanislav-web/OpenDoor 754 | 路径扫描器 755 | 756 | golismero/golismero 757 | web扫描器 758 | 759 | We5ter/Scanners-Box 760 | 安全行业从业人员自研开源扫描器合集 761 | 762 | Graph-X/davscan 763 | Fingerprints servers, finds exploits, scans WebDAV. 764 | 765 | lietdai/doom 766 | 分布式任务分发端口扫描器 767 | 768 | angryziber/ipscan 769 | fast and friendly network scanner 770 | 771 | 甲方安全工程师生存指南: 772 | 773 | 774 | hslatman/awesome-threat-intelligence 775 | 威胁情报资源 776 | 777 | arthepsy/ssh-audit 778 | tool for ssh server auditing 779 | 780 | keithjjones/visualize_logs 781 | A Python library and command line tools to provide interactive log visualization 782 | 783 | m4rco-/dorothy2 784 | 一个僵尸网络分析框架 785 | 786 | lightbulb-framework/lightbulb-framework 787 | WAFS审计工具 788 | 789 | Xyntax/1000php 790 | 1000个php代码审计案例 791 | 792 | aker-gateway/Aker 793 | 基于 python 的 Linux ssh 跳板机/堡垒机设置工具 794 | 795 | andrewjkerr/security-cheatsheets 796 | Linux常见命令及部分安全软件使用命令列表 797 | 798 | JacobReynolds/ssrfDetector 799 | ssrfDetector 800 | 801 | yassineaddi/BackdoorMan 802 | PHP后门检测工具 803 | 804 | CISOfy/lynis 805 | Security auditing and hardening tool, for UNIX-based systems 806 | 807 | SpamScope/spamscope 808 | 垃圾邮件分析工具 809 | 810 | yassineaddi/BackdoorMan 811 | 恶意代码,php shell检测工具 812 | 813 | OWASP/django-DefectDojo 814 | 安全程序和漏洞管理工具 815 | 816 | Neohapsis/NeoPI 817 | 混淆代码检测工具 818 | 819 | emposha/Shell-Detector 820 | webshell检测工具 821 | 822 | Web: 823 | 824 | 825 | 1N3/IntruderPayloads 826 | burp instruder payloads collection 827 | 828 | Neohapsis/bbqsql 829 | A Blind SQL Injection Exploitation Tool 830 | 831 | antoor/antSword 832 | antSword 833 | 834 | xl7dev/BurpSuite 835 | burp插件收集项目 836 | 837 | rastating/wordpress-exploit-framework 838 | 一个用来攻击wp的框架 839 | 840 | lijiejie/ds_store_exp 841 | .DS_store文件泄露利用脚本 842 | 843 | 漏洞POC&EXP: 844 | 845 | 846 | joaomatosf/jexboss 847 | JBOSS verify & exp tool 848 | 849 | jiayy/android_vuln_poc-exp 850 | 安卓十月漏洞POC 851 | 852 | ganliuzhuo/Sebug 853 | 在sebug提交的漏洞详情及poc 854 | 855 | Fuzz: 856 | 857 | 858 | google/fuzzer-test-suite 859 | Set of tests for fuzzing engines 860 | 861 | renatahodovan/fuzzinator 862 | Fuzzinator Random Testing Framework 863 | 864 | henshin/filebuster 865 | web fuzz 866 | 867 | 如果当中有描述不正确的地方,请老司机们多多指教,鞠躬! 868 | --------------------------------------------------------------------------------