{"id":21892366,"url":"https://github.com/hackstoic/hacker-tools-projects","last_synced_at":"2026-02-15T04:32:58.503Z","repository":{"id":54673432,"uuid":"71654916","full_name":"hackstoic/hacker-tools-projects","owner":"hackstoic","description":null,"archived":false,"fork":false,"pushed_at":"2017-02-27T06:05:32.000Z","size":11,"stargazers_count":74,"open_issues_count":0,"forks_count":33,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-09-11T22:45:26.638Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hackstoic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-22T17:32:13.000Z","updated_at":"2025-08-12T16:50:32.000Z","dependencies_parsed_at":"2022-08-13T23:31:03.733Z","dependency_job_id":null,"html_url":"https://github.com/hackstoic/hacker-tools-projects","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hackstoic/hacker-tools-projects","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackstoic%2Fhacker-tools-projects","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackstoic%2Fhacker-tools-projects/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackstoic%2Fhacker-tools-projects/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackstoic%2Fhacker-tools-projects/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hackstoic","download_url":"https://codeload.github.com/hackstoic/hacker-tools-projects/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackstoic%2Fhacker-tools-projects/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29469280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T04:31:33.243Z","status":"ssl_error","status_checked_at":"2026-02-15T04:30:38.729Z","response_time":118,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-28T12:57:57.875Z","updated_at":"2026-02-15T04:32:58.487Z","avatar_url":"https://github.com/hackstoic.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"---\ntitle:  黑客工具大搜罗\n---\n\n各种好玩的安全攻防工具。 \n\n# 安全工具（go语言）\n|序号|名称|项目地址|简介|\n| ----- | ----- | -----  | -----  |\n|       1 |      gomitmproxy  |      https://github.com/sheepbao/gomitmproxy    |   GomitmProxy是想用golang语言实现的mitmproxy，主要实现http代理，目前实现了http代理和https抓包功能。      |\n|      2  |    Hyperfox   |    http://github.com/xiam/hyperfox      |        Hyperfox 是一个安全的工具用来代理和记录局域网中的 HTTP 和 HTTPS 通讯。 |\n|    3    |    Gryffin   |   http://github.com/yahoo/gryffin       |       Gryffin 是雅虎开发的一个大规模 Web 安全扫描平台。它不是另外一个扫描器，其主要目的是为了解决两个特定的问题 —— 覆盖率和伸缩性。  |\n|     4   |    ngrok   |      http://github.com/inconshreveable/ngrok    |     ngrok 是一个反向代理，通过在公共的端点和本地运行的 Web 服务器之间建立一个安全的通道。ngrok 可捕获和分析所有通道上的流量，便于后期分析和重放。|\n\n# 安全工具（c语言）\n|序号|名称|项目地址|简介|\n| ----- | ----- | -----  | -----  |\n|     1   |  Cknife  |   https://github.com/Chora10/Cknife     |   俗称“中国菜刀”， 一个渗透测试软件    |\n|     2   | mimikatz   |     https://github.com/gentilkiwi/mimikatz   |     windows渗透工具， 可用于提权操作， 破解管理员密码等   |\n\n\n# 安全工具（python语言）\n|序号|名称|项目地址|简介|\n| ----- | ----- | -----  | -----  |\n|     1|   mitmproxy |     https://github.com/mitmproxy/mitmproxy   |    中间人攻击工具    |\n\n# 安全工具（ruby语言）\n|序号|名称|项目地址|简介|\n| ----- | ----- | -----  | -----  |\n|     1|   PhishLulz |     https://github.com/antisnatchor/phishlulz   |    高级自动化钓鱼框架, 只需要10分钟就能搭建起钓鱼环境，进行精确的钓鱼攻击。    |\n\n\n#  杂\n|序号|名称|项目地址|简介|\n| ----- | ----- | -----  | -----  |\n|     1   |   hacker-scripts |   https://github.com/NARKOZ/hacker-scripts     |  一些无厘头的职场自动化脚本，自动处理和回复一些无聊的事情      |\n|     2  |  VulApps  | https://github.com/Medicean/VulApps  | 快速搭建各种漏洞环境(Various vulnerability environment) https://hub.docker.com/r/medicean/vulapps/  收集各种漏洞环境，为方便使用，统一采用 Dockerfile 形式。   |\n|   3    |  openftp4      |https://github.com/massivedynamic/openftp4|  可以匿名登陆的ftp清单  |\n--------\n作者：天谕\n链接：https://zhuanlan.zhihu.com/p/21380662\n来源：知乎\n著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。\n- - - - ---\n漏洞及渗透练习平台：\n\nWebGoat漏洞练习环境\nhttps://github.com/WebGoat/WebGoat\nhttps://github.com/WebGoat/WebGoat-Legacy\n\nDamn Vulnerable Web Application(漏洞练习平台)\nhttps://github.com/RandomStorm/DVWA\n数据库注入练习平台 \nhttps://github.com/Audi-1/sqli-labs\n用node编写的漏洞练习平台，like OWASP Node Goat\nhttps://github.com/cr0hn/vulnerable-node\n\n花式扫描器 ：\n\n端口扫描器Nmap\nhttps://github.com/nmap/nmap\n\n本地网络扫描器\nhttps://github.com/SkyLined/LocalNetworkScanner\n\n子域名扫描器\nhttps://github.com/lijiejie/subDomainsBrute\n\n漏洞路由扫描器\nhttps://github.com/jh00nbr/Routerhunter-2.0\n\n迷你批量信息泄漏扫描脚本\nhttps://github.com/lijiejie/BBScan\n\nWaf类型检测工具\nhttps://github.com/EnableSecurity/wafw00f\n\n信息搜集工具 :\n\n社工插件，可查找以email、phone、username的注册的所有网站账号信息\nhttps://github.com/n0tr00t/Sreg\nGithub信息搜集，可实时扫描查询git最新上传有关邮箱账号密码信息\nhttps://github.com/sea-god/gitscan\ngithub Repo信息搜集工具\nhttps://github.com/metac0rtex/GitHarvester\n\nWEB：\n\nwebshell大合集\nhttps://github.com/tennc/webshell\n渗透以及web攻击脚本\nhttps://github.com/brianwrf/hackUtils\nweb渗透小工具大合集\nhttps://github.com/rootphantomer/hack_tools_for_me\nXSS数据接收平台\nhttps://github.com/firesunCN/BlueLotus_XSSReceiver\nXSS与CSRF工具\nhttps://github.com/evilcos/xssor\nShort for command injection exploiter，web向命令注入检测工具\nhttps://github.com/stasinopoulos/commix\n数据库注入工具\nhttps://github.com/sqlmapproject/sqlmap\nWeb代理，通过加载sqlmap api进行sqli实时检测\nhttps://github.com/zt2/sqli-hunter\n新版中国菜刀\nhttps://github.com/Chora10/Cknife\n.git泄露利用EXP\nhttps://github.com/lijiejie/GitHack\n浏览器攻击框架\nhttps://github.com/beefproject/beef\n自动化绕过WAF脚本\nhttps://github.com/khalilbijjou/WAFNinja\nhttp命令行客户端，可以从命令行构造发送各种http请求（类似于Curl）\nhttps://github.com/jkbrzt/httpie\n浏览器调试利器\nhttps://github.com/firebug/firebug\n一款开源WAF\nhttps://github.com/SpiderLabs/ModSecurity\n\nwindows域渗透工具：\n\nwindows渗透神器\nhttps://github.com/gentilkiwi/mimikatz\nPowershell渗透库合集\nhttps://github.com/PowerShellMafia/PowerSploit\nPowershell tools合集\nhttps://github.com/clymb3r/PowerShell\n\nFuzz:\n\nWeb向Fuzz工具\nhttps://github.com/xmendez/wfuzz\n\nHTTP暴力破解，撞库攻击脚本\nhttps://github.com/lijiejie/htpwdScan\n\n漏洞利用及攻击框架：\n\nmsf\nhttps://github.com/rapid7/metasploit-framework\nPoc调用框架，可加载Pocsuite,Tangscan，Beebeeto等\nhttps://github.com/erevus-cn/pocscan\nPocsuite\nhttps://github.com/knownsec/Pocsuite\nBeebeeto\nhttps://github.com/n0tr00t/Beebeeto-framework\n\n漏洞POC\u0026EXP:\n\nExploitDB官方git版本\nhttps://github.com/offensive-security/exploit-database\nphp漏洞代码分析\nhttps://github.com/80vul/phpcodz\nSimple test for CVE-2016-2107\nhttps://github.com/FiloSottile/CVE-2016-2107\nCVE-2015-7547 POC\nhttps://github.com/fjserna/CVE-2015-7547\nJAVA反序列化POC生成工具\nhttps://github.com/frohoff/ysoserial\nJAVA反序列化EXP\nhttps://github.com/foxglovesec/JavaUnserializeExploits\nJenkins CommonCollections EXP\nhttps://github.com/CaledoniaProject/jenkins-cli-exploit\nCVE-2015-2426 EXP (windows内核提权)\nhttps://github.com/vlad902/hacking-team-windows-kernel-lpe\nuse docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示)\nhttps://github.com/hxer/vulnapp\nphp7缓存覆写漏洞Demo及相关工具\nhttps://github.com/GoSecure/php7-opcache-override\nXcodeGhost木马样本\nhttps://github.com/XcodeGhostSource/XcodeGhost\n\n中间人攻击及钓鱼\n\n中间人攻击框架\nhttps://github.com/secretsquirrel/the-backdoor-factory\nhttps://github.com/secretsquirrel/BDFProxy\nhttps://github.com/byt3bl33d3r/MITMf\nInject code, jam wifi, and spy on wifi users\nhttps://github.com/DanMcInerney/LANs.py\n可扩展的中间人代理工具\nhttps://github.com/intrepidusgroup/mallory\nwifi钓鱼\nhttps://github.com/sophron/wifiphisher\n\n密码破解：\n\n密码破解工具\nhttps://github.com/shinnok/johnny\n\n本地存储的各类密码提取利器\nhttps://github.com/AlessandroZ/LaZagne\n\n二进制及代码分析工具：\n\n二进制分析工具\nhttps://github.com/devttys0/binwalk\n系统扫描器，用于寻找程序和库然后收集他们的依赖关系，链接等信息\nhttps://github.com/quarkslab/binmap\nrp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries.\nhttps://github.com/0vercl0k/rp\nWindows Exploit Development工具\nhttps://github.com/lillypad/badger\n二进制静态分析工具（python）\nhttps://github.com/bdcht/amoco\nPython Exploit Development Assistance for GDB\nhttps://github.com/longld/peda\n对BillGates Linux Botnet系木马活动的监控工具\nhttps://github.com/ValdikSS/billgates-botnet-tracker\n木马配置参数提取工具\nhttps://github.com/kevthehermit/RATDecoders\nShellphish编写的二进制分析工具（CTF向）\nhttps://github.com/angr/angr\n针对python的静态代码分析工具\nhttps://github.com/yinwang0/pysonar2\n一个自动化的脚本（shell）分析工具，用来给出警告和建议\nhttps://github.com/koalaman/shellcheck\n基于AST变换的简易Javascript反混淆辅助工具\nhttps://github.com/ChiChou/etacsufbo\n\nEXP编写框架及工具：\n\n二进制EXP编写工具\nhttps://github.com/t00sh/rop-tool\n\nCTF Pwn 类题目脚本编写框架\nhttps://github.com/Gallopsled/pwntools\n\nan easy-to-use io library for pwning development\nhttps://github.com/zTrix/zio\n\n跨平台注入工具（ Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.）\nhttps://github.com/frida/frida\n\n隐写：\n\n隐写检测工具\nhttps://github.com/abeluck/stegdetect\n\n各类安全资料:\n\n域渗透教程\nhttps://github.com/l3m0n/pentest_study\npython security教程（原文链接http://www.primalsecurity.net/tutorials/python-tutorials/）\nhttps://github.com/smartFlash/pySecurity\ndata_hacking合集\nhttps://github.com/ClickSecurity/data_hacking\nhttps://github.com/ClickSecurity/data_hacking\nmobile-security-wiki\nhttps://github.com/exploitprotocol/mobile-security-wiki\n书籍《reverse-engineering-for-beginners》\nhttps://github.com/veficos/reverse-engineering-for-beginners\n一些信息安全标准及设备配置\nhttps://github.com/luyg24/IT_security\nAPT相关笔记\nhttps://github.com/kbandla/APTnotes\nKcon资料\nhttps://github.com/knownsec/KCon\nctf及黑客资源合集\nhttps://github.com/bt3gl/My-Gray-Hacker-Resources\nctf和安全工具大合集\nhttps://github.com/zardus/ctf-tools\n《DO NOT FUCK WITH A HACKER》\nhttps://github.com/citypw/DNFWAH\n\n各类CTF资源\n\n近年ctf writeup大全\nhttps://github.com/ctfs/write-ups-2016\nhttps://github.com/ctfs/write-ups-2015\nhttps://github.com/ctfs/write-ups-2014\nfbctf竞赛平台Demo\nhttps://github.com/facebook/fbctf\nctf Resources\nhttps://github.com/ctfs/resources\n\n各类编程资源:\n\n大礼包（什么都有）\nhttps://github.com/bayandin/awesome-awesomeness\nbash-handbook\nhttps://github.com/denysdovhan/bash-handbook\npython资源大全\nhttps://github.com/jobbole/awesome-python-cn\ngit学习资料\nhttps://github.com/xirong/my-git\n安卓开源代码解析\nhttps://github.com/android-cn/android-open-project-analysis\npython框架，库，资源大合集\nhttps://github.com/vinta/awesome-python\nJS 正则表达式库（用于简化构造复杂的JS正则表达式）\nhttps://github.com/VerbalExpressions/JSVerbalExpressions\n\nPython：\n\npython 正则表达式库（用于简化构造复杂的python正则表达式）\nhttps://github.com/VerbalExpressions/PythonVerbalExpressions\npython任务管理以及命令执行库\nhttps://github.com/pyinvoke/invoke\npython exe打包库\nhttps://github.com/pyinstaller/pyinstaller\npy3 爬虫框架\nhttps://github.com/orf/cyborg\n一个提供底层接口数据包编程和网络协议支持的python库\nhttps://github.com/CoreSecurity/impacket\npython requests 库\nhttps://github.com/kennethreitz/requests\npython 实用工具合集\nhttps://github.com/mahmoud/boltons\npython爬虫系统\nhttps://github.com/binux/pyspider\nctf向 python工具包\nhttps://github.com/P1kachu/v0lt\n\n科学上网：\n\n科学上网工具\nhttps://github.com/XX-net/XX-Net\n\n福利：\n\n微信自动抢红包动态库\nhttps://github.com/east520/AutoGetRedEnv\n\n微信抢红包插件（安卓版）\nhttps://github.com/geeeeeeeeek/WeChatLuckyMoney\n神器\nhttps://github.com/yangyangwithgnu/hardseed\n\n- - - - ----\n作者：天谕\n链接：https://zhuanlan.zhihu.com/p/22110538\n来源：知乎\n著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。\n- - - - ---\n漏洞及渗透练习平台：\n\nhttps://github.com/710leo/ZVulDrill\nWeb漏洞演练平台\n\nhttps://github.com/cliffe/secgen\nRuby编写的一款工具，生成含漏洞的虚拟机\n\n\n花式扫描器：\n\nhttps://github.com/aboul3la/Sublist3r\n子域名爆破扫描器\n\nhttps://github.com/TheRook/subbrute\n子域名爆破扫描器\n\nhttps://github.com/andresriancho/w3af\nWeb漏洞扫描器\n\nhttps://github.com/maurosoria/dirsearch\nWeb路径扫描器\n\nhttps://github.com/shawarkhanethicalhacker/BruteXSS\nXSS多功能扫描器\n\nhttps://github.com/rbsec/sslscan\nSSL类型扫描器\n\nhttps://github.com/urbanadventurer/whatweb\n网站指纹识别工具，用来检测网站CMS类型，所采用的博客系统类型，JS库，web服务器，甚至版本号，email地址，web框架等\n\nhttps://github.com/ciscocsirt/malspider\n一款爬虫框架，用来检测网站是否被恶意攻击过\n\nhttps://github.com/wpscanteam/wpscan\nwordpress漏洞扫描器\n\nhttps://github.com/misterch0c/firminator_backend\n固件漏洞扫描器\n\nhttps://github.com/wilson9x1/fenghuangscanner_v3\n常见服务端口弱口令扫描器\n\nhttps://github.com/darryllane/Bluto\n信息探测及扫描工具（DNS及邮件枚举等）\n\nhttps://github.com/sowish/LNScan\n内部网络扫描器\n\nhttps://github.com/linuz/Sticky-Keys-Slayer\n远程桌面登录扫描器\n\nhttps://github.com/infosec-au/altdns\n子域名字典组合生成及暴力破解器\n\nhttps://github.com/SECFORCE/sparta\n网络基础设施渗透工具（集成nmap和hydra等）\n\nhttps://github.com/SECFORCE/SNMP-Brute\nFast SNMP brute force, enumeration, CISCO config downloader and password cracking script\n\nhttps://github.com/sullo/nikto\nweb server scanner\n\nhttps://github.com/code-scan/dzscan\ndiscuz论坛漏洞扫描器\n\nhttps://github.com/nanshihui/Scan-T\n网络空间指纹扫描器\n\nhttps://github.com/ilmila/J2EEScan\nJ2EE漏洞扫描器burp插件\n\n\n甲方安全工程师生存指南：\n\nhttps://github.com/thomaspatzke/WASE\nweb索引及日志搜索工具\n\nhttps://github.com/Kozea/wdb\n一款CS结构的web debuger\n\nhttps://github.com/aramosf/recoversqlite/\nrecover information from deleted registers in sqlite databases.\n\nhttps://github.com/epinna/tplmap\n自动化的模板注入攻击检测工具\n\nhttps://github.com/client9/libinjection\nsqli词法解析分析器\n\nhttps://github.com/zxsecurity/gpsnitch\ngps欺骗检测工具\n\nhttps://github.com/biggiesmallsAG/nightHawkResponse\n应急处置响应框架\n\nhttps://github.com/FallibleInc/security-guide-for-developers\nweb安全开发指南\n\nhttps://github.com/4ido10n/wooyun-drops-all-articles-package\n乌云知识库全部文章\n\nhttps://github.com/paralax/awesome-honeypots\n蜜罐资源合集\n\nhttps://github.com/wufeifei/cobra\n自动化代码审计工具\n\nhttps://github.com/HatBoy/Pcap-Analyzer\npython编写的离线网络数据包分析器\n\nhttps://github.com/leonteale/pentestpackage\n渗透测试常见小工具打包\n\n\nWEB：\n\nhttps://github.com/owtf/wafbypasser\nWAF绕过检测工具\n\nhttps://github.com/julienbedard/browsersploit\n浏览器攻击框架\n\nhttps://github.com/guillotines/WebShell\nweb端webshell管理器\n\nhttps://github.com/mgeeky/tomcatWarDeployer\ntomcat自动后门部署\n\n\nWindows域渗透工具：\n\nhttps://github.com/enddo/awesome-windows-exploitation\nwindows漏洞利用相关整理\n\nhttps://github.com/putterpanda/mimikittenz\n从内存中提取敏感信息的工具\n\nhttps://github.com/chango77747/AdEnumerator\nhttps://github.com/Raikia/CredNinja\nhttps://github.com/ChrisTruncer/WMIOps\nhttps://github.com/ChrisTruncer/EyeWitness\nhttps://github.com/ChrisTruncer/Egress-Assess\nfireeye红军渗透工具\n\n\n各类安全资料：\n\nhttps://github.com/phith0n/Mind-Map\n安全脑图合集\nhttps://github.com/SecWiki/sec-chart/tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428\n有关信息安全的一些流程图收集\n\n\n\n漏洞POC\u0026EXP：\n\nhttps://github.com/citronneur/rdp\n哈希长度扩展攻击EXP\n\n蜜罐：\n\nhttps://github.com/desaster/kippo\nSSH Honeypot\n\nhttps://github.com/micheloosterhof/cowrie\nkippo进阶版\n\nhttps://github.com/awhitehatter/mailoney\nSMTP honeypot\n\nhttps://github.com/mushorg/glastopf\nWeb Application honeypot\n\nhttps://github.com/jordan-wright/elastichoney\n数据库蜜罐\n\nhttps://github.com/atiger77/Dionaea\nWeb蜜罐\n\n作者：天谕\n链接：https://zhuanlan.zhihu.com/p/22684414\n来源：知乎\n著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。\n\n==========================华丽丽的分割线==========================\n\n漏洞及渗透练习平台：\n\nhttps://github.com/Medicean/VulApps\n\n多种漏洞练习环境\n\n花式扫描器：\n\nGitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications\nRuby on Rails应用静态分析工具\n\nGitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go\nlinux漏洞扫描器\n\nGitHub - m0nad/HellRaiser: Vulnerability Scanner\n基于端口的漏扫及CVE关联\n\n甲方安全工程师生存指南：\n\nGitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups\n各知名厂商渗透测试报告模板\n\nGitHub - codejanus/ToolSuite: Security tools\n安全工具合集\n\nGitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System\napache实时日志分析器（on Telegram, Zabbix and Syslog/SIEM）\n\nGitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool\nDestroy-Windows-10-Spying\n\nhttps://github.com/pwnsdx/BadCode\nPHP代码审计扫描器\n\nGitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD)\nlinux下恶意代码检测包\n\nGitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics.\n操作系统运行指标可视化框架\n\nhttps://github.com/jipegit/OSXAuditor\nMac OS下取证工具\n\nGitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system\n恶意代码分析系统\n\nGitHub - Netflix/Scumblr\n定期搜索及存储web应用，可搜漏洞讨论等等\n\nGitHub - google/grr: GRR Rapid Response: remote live forensics for incident response\n事件响应框架（focus on 远程取证）\n\nGitHub - mozilla/MozDef: MozDef: The Mozilla Defense Platform\nThe Mozilla Defense Platform\n\nGitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.\n综合主机监控检测平台（包含主机防火墙，日志监控，SIEM等）\n\nGitHub - Yelp/osxcollector: A forensic evidence collection \u0026 analysis toolkit for OS X\nOS X远程取证与分析工具包\n\nGitHub - mozilla/mig: Distributed \u0026 real time digital forensics at the speed of the cloud\n分布式实时数字取证系统\n\nGitHub - sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.\nMicrosoft \u0026 Unix 文件系统及硬盘取证工具\n\nhttps://github.com/OpenSCAP/openscap\nOpen Source Security Compliance Solution\n\nhttps://github.com/wgliang/logcool\n开源准实时日志采集器\n\nhttps://github.com/goldshtn/etrace\nwindows实时ETW事件处理工具\n\nGitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.\n\nCPU及内存相关性能分析工具\n\nWEB：\n\nGitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.\n通过调用sqlmap api，自动检测sqli的代理\n\nGitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions\n免杀payload生成器\n\nGitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C\u0026C server\n用gmail充当C\u0026C服务器的后门\n\n\n远控：\n\nGitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool\n开源模块化远控工具\n\nGitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool)\nC#远控工具\n\n\n漏洞POC\u0026EXP：\n\nGitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities\nJAVA反序列化漏洞相关资源列表\n\n\n二进制及代码分析工具：\n\nGitHub - suraj-root/smap: Shellcode mapper\nshellcode分析工具\n\nGitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSC\nShellcode/Obfuscate Code Generator\n\nGitHub - korcankaraokcu/PINCE: A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux\nlinux下逆向工具\n\nGitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.\nReverse Shell and Post Exploitation Tool\n\nGitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework\n跨平台二进制分析及逆向工具\n\nPython：\n\nGitHub - gstarnberger/uncompyle: Python decompiler\n\npyc反编译脚本\n\nhttps://github.com/jameslyons/pycipher\n\npycipher python加解密库\n\nhttps://github.com/nvdv/vprof\n\n可视化python性能分析工具\n\n\nFUZZ:\n\nhttps://github.com/MozillaSecurity/peach\n\nfuzzing framework\n\nGitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage\nA general-purpose, easy-to-use fuzzer with interesting analysis options.\n\nGitHub - fuzzing/MFFA: Media Fuzzing Framework for Android\nMedia Fuzzing Framework for Android\n\nGitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on Android\nA tool to fuzz Intent Android\n\nGitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input.\nFuzzing资源\n\nGitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)\n\nAFL的Android移植版本\n\nGithub 安全军火库（四）\n希望今年能够更加努力一点，早日在菜的抠脚的队伍中稳健成长。\n\n==========================华丽丽的分割线==========================\n\n先安利一个网站，我平时经常看，觉得内容都挺不错的。\n\n安全行业从业人员自研开源扫描器合集（2017/01/11更新）-MottoIN\n\n这篇文章主要是针对扫描器这一块的开源项目做了收集和规整，理的很清楚，里面的项目我就不拿出来罗列了。\n\n==========================华丽丽的分割线==========================\n\n漏洞及渗透练习平台：\n\n\nrapid7/metasploitable3\nmetasploitable3\n\nstamparm/DSVW\n轻量web漏洞演示平台\n\nMyKings/docker-vulnerability-environment\ndocker搭建的漏洞练习环境\n\njoe-shenouda/awesome-cyber-skills\n黑客技术训练环境\n\nOWASP/SecurityShepherd\nweb及app渗透训练平台\n\n花式扫描器：\n\n\nysrc/GourdScanV2\n被动式漏洞扫描系统\n\nring04h/wydomain\n子域名扫描器\n\nysrc/F-Scrack\n服务弱口令检测脚本\n\nthesp0nge/dawnscanner\nruby源码扫描工具\n\nzer0h/httpscan\nweb主机发现小工具\n\nmaxlabelle/WebMalwareScanner\nA simple malware scanner\n\nyoungyangyang04/NoSQLAttack\nMongoDB漏洞扫描器\n\naz0ne/AZScanner\n自动漏扫\n\nScreetsec/Dracnmap\n集成Nmap的一款端口扫描器\n\nmaK-/parameth\nGet Post参数扫描器\n\ndelvelabs/vane\nA GPL fork of the popular wordpress vulnerability scanner WPScan\n\nstanislav-web/OpenDoor\n路径扫描器\n\ngolismero/golismero\nweb扫描器\n\nWe5ter/Scanners-Box\n安全行业从业人员自研开源扫描器合集\n\nGraph-X/davscan\nFingerprints servers, finds exploits, scans WebDAV.\n\nlietdai/doom\n分布式任务分发端口扫描器\n\nangryziber/ipscan\nfast and friendly network scanner\n\n甲方安全工程师生存指南：\n\n\nhslatman/awesome-threat-intelligence\n威胁情报资源\n\narthepsy/ssh-audit\ntool for ssh server auditing\n\nkeithjjones/visualize_logs\nA Python library and command line tools to provide interactive log visualization\n\nm4rco-/dorothy2\n一个僵尸网络分析框架\n\nlightbulb-framework/lightbulb-framework\nWAFS审计工具\n\nXyntax/1000php\n1000个php代码审计案例\n\naker-gateway/Aker\n基于 python 的 Linux ssh 跳板机/堡垒机设置工具\n\nandrewjkerr/security-cheatsheets\nLinux常见命令及部分安全软件使用命令列表\n\nJacobReynolds/ssrfDetector\nssrfDetector\n\nyassineaddi/BackdoorMan\nPHP后门检测工具\n\nCISOfy/lynis\nSecurity auditing and hardening tool, for UNIX-based systems\n\nSpamScope/spamscope\n垃圾邮件分析工具\n\nyassineaddi/BackdoorMan\n恶意代码，php shell检测工具\n\nOWASP/django-DefectDojo\n安全程序和漏洞管理工具\n\nNeohapsis/NeoPI\n混淆代码检测工具\n\nemposha/Shell-Detector\nwebshell检测工具\n\nWeb:\n\n\n1N3/IntruderPayloads\nburp instruder payloads collection\n\nNeohapsis/bbqsql\nA Blind SQL Injection Exploitation Tool\n\nantoor/antSword\nantSword\n\nxl7dev/BurpSuite\nburp插件收集项目\n\nrastating/wordpress-exploit-framework\n一个用来攻击wp的框架\n\nlijiejie/ds_store_exp\n.DS_store文件泄露利用脚本\n\n漏洞POC\u0026EXP：\n\n\njoaomatosf/jexboss\nJBOSS verify \u0026 exp tool\n\njiayy/android_vuln_poc-exp\n安卓十月漏洞POC\n\nganliuzhuo/Sebug\n在sebug提交的漏洞详情及poc\n\nFuzz:\n\n\ngoogle/fuzzer-test-suite\nSet of tests for fuzzing engines\n\nrenatahodovan/fuzzinator\nFuzzinator Random Testing Framework\n\nhenshin/filebuster\nweb fuzz \n\n如果当中有描述不正确的地方，请老司机们多多指教，鞠躬！\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackstoic%2Fhacker-tools-projects","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackstoic%2Fhacker-tools-projects","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackstoic%2Fhacker-tools-projects/lists"}