Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/20142995/sectool
个人向的工具导航,Ctrl + F
https://github.com/20142995/sectool
Last synced: 21 days ago
JSON representation
个人向的工具导航,Ctrl + F
- Host: GitHub
- URL: https://github.com/20142995/sectool
- Owner: 20142995
- Created: 2022-11-23T09:53:09.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-04-13T03:06:37.000Z (8 months ago)
- Last Synced: 2024-04-14T00:37:09.431Z (8 months ago)
- Language: Python
- Homepage:
- Size: 9.14 MB
- Stars: 153
- Watchers: 7
- Forks: 22
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - 20142995/sectool - 个人向的工具导航,Ctrl + F (Python)
README
## 所有项目
# CTF
## AWD
### 开源平台
- 
[GZCTF v0.24.2](https://github.com/GZTimeWalker/GZCTF) The GZ::CTF project, an open source CTF platform.
- [MarsCTF V1.2.1](https://github.com/b1ackc4t/MarsCTF) Vue+Springboot开发的CTF学习平台,提供动态靶机、学习模块、writeup模块等等CTF平台的核心功能。提供docker版本
- [Cardinal v0.7.3](https://github.com/vidar-team/Cardinal) CTF🚩 AWD (Attack with Defense) 线下赛平台 / AWD platform - 欢迎 Star~ ✨
- [JJUCTF_V2.0](https://github.com/BJLIYANLIANG/JJUCTF_V2.0) JJU网络安全靶场实训平台
- [H1ve 1.1.3](https://github.com/D0g3-Lab/H1ve) An Easy / Quick / Cheap Integrated Platform
- [CTF_AWD_Platform](https://github.com/xuchaoa/CTF_AWD_Platform) CTF 攻防对抗平台
### 脚本
- [Prepare-for-AWD](https://github.com/admintony/Prepare-for-AWD) AWD攻防赛脚本集合
- [AWD-Predator-Framework](https://github.com/Ares-X/AWD-Predator-Framework) AWD攻防赛webshell批量利用框架
- [awd_attack_framework](https://github.com/Wfzsec/awd_attack_framework) awd攻防常用脚本+不死马+crontab+防御方法
### 防护
- [CTF-WAF](https://github.com/sharpleung/CTF-WAF) 针对CTF线下赛的通用WAF,日志审计功能。
- [AoiAWD](https://github.com/DasSecurity-HatLab/AoiAWD) AoiAWD-专为比赛设计,便携性好,低权限运行的EDR系统。
- [k4l0ng_WAF](https://github.com/dr0op/k4l0ng_WAF) A broute detect WAF by PHP using to AWD
### 靶场
- [AWDDocker](https://github.com/Cl0udG0d/AWDDocker) 标准化AWD靶场Docker
- [Liaoning-provincial-competition-target-1](https://github.com/yqw1212/Liaoning-provincial-competition-target-1) 第三届辽宁省ctf线下awd靶机1web
- [AWD_CTF_Platform](https://github.com/mo-xiaoxi/AWD_CTF_Platform) 一个简单的AWD训练平台
- [20190511_awd_docker](https://github.com/glzjin/20190511_awd_docker) 2019 年 5 月 11 日防灾科技学院 “应急挑战杯” 大学生网络安全邀请赛 AWD 靶机题目。
- [wordpress](https://github.com/871339097/wordpress) AWD靶机
- [awd-platform](https://github.com/zhl2008/awd-platform) platform for awd
## Crypto
### 16进制转字符串
- 
[在线16进制字符串转换工具 - 在线工具网](https://tool.hiofd.com/hex-convert-string-online)
- 
[16进制到文本字符串的转换,16进制-BeJSON.com](https://www.bejson.com/convert/ox2str/)
- 
[十六进制到ASCII | 十六进制到文本字符串转换器](https://www.rapidtables.org/zh-CN/convert/number/hex-to-ascii.html)
- 
[16进制转换,16进制转换文本字符串,在线16进制转换 | 在线工具](https://www.sojson.com/hexadecimal.html)
### 3DES加解密
- 
[在线3DES加密解密、3DES在线加密解密、3DES encryption and decryption--查错网](http://tool.chacuo.net/crypt3des)
### A1z26密码
- 
[CTF在线工具-在线A1z26加密|在线A1z26解密|A1z26密码算法|Keyword Cipher](http://www.hiencode.com/a1z26.html)
### AAencode颜文字
- 
[aaencode - Encode any JavaScript program to Japanese style emoticons (^_^)](http://utf-8.jp/public/aaencode.html)
- 
[AAEncode - A.Tools](http://www.atoolbox.net/Tool.php?Id=703)
- [CTF在线工具-在线AAencode编码|AA编码|AAencode解码|AAencode编码原理|AAencode编码算法](http://www.hiencode.com/aaencode.html)
### ADFGX密码加解密
- [ADFGX Cipher - A.Tools](http://www.atoolbox.net/Tool.php?Id=918)
- [CTF在线工具-在线ADFGVX密码加密|在线ADFGVX密码解密|ADFGVX密码算法|ADFGVX Cipher](http://www.hiencode.com/adfgvx.html)
- [CTF在线工具-在线ADFGX密码加密|在线ADFGX密码解密|ADFGX密码算法|ADFGX Cipher](http://www.hiencode.com/adfgx.html)
- 
[Practical Cryptography](http://www.practicalcryptography.com/ciphers/adfgx-cipher/)
- 
[ADFGX密码 - Bugku CTF](https://ctf.bugku.com/tool/adfgx)
### AES加解密
- [在线AES加密解密、AES在线加密解密、AES encryption and decryption--查错网](http://tool.chacuo.net/cryptaes)
- [CTF在线工具-AES在线加解密|AES在线加密|AES在线解密|AES encryption|AES decryption](http://www.hiencode.com/caes.html)
### ASCII编解码
- [CTF在线工具-ASCII编码转换|Unicode编码转换|Native编码转换|UTF-16|UTF-32](http://www.hiencode.com/cencode.html)
### Base100编解码
- [Base100 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=936)
- [BASE100编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base100)
### Base16编解码
- [Base16 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=930)
- [BASE16编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base16)
### Base32编解码
- [Base32 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=931)
- [BASE32编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base32)
### Base58编解码
- [Base58 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=932)
- [CTF在线工具-在线base58编码|在线base58解码|base58编码|base58解码|base58check](http://www.hiencode.com/base58w.html)
- [BASE58编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base58)
### Base62编解码
- [Base62 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=933)
- [CTF在线工具-在线base62编码|在线base62解码|base62编码|base62解码](http://www.hiencode.com/base62.html)
- [BASE62编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base62)
### Base64编解码
- [BASE64编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base64)
### Base85编解码
- [Base85 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=934)
- [CTF在线工具-在线base85编码|在线base85解码|base85编码|base85解码](http://www.hiencode.com/base85.html)
- [BASE85编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base85)
### Base91编解码
- [Base91 Encode & Decode - A.Tools](http://www.atoolbox.net/Tool.php?Id=935)
- [CTF在线工具-在线base91编码|在线base91解码|base91编码|base91解码](http://www.hiencode.com/base91.html)
- [BASE91编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base91)
### Base92编解码
- [CTF在线工具-在线base92编码|在线base92解码|base92编码|base92解码](http://www.hiencode.com/base92.html)
- [BASE92编码解码 - Bugku CTF](https://ctf.bugku.com/tool/base92)
### Base编解码
- [CTF在线工具-在线base编码|在线base解码|base16编码|base32编码|base64编码](http://www.hiencode.com/base64.html)
### Blowfish加解密
- [在线Blowfish加密解密、Blowfish在线加密解密、Blowfish encryption and decryption--查错网](http://tool.chacuo.net/cryptblowfish)
### Brainfuck_Ook!
- [CTF在线工具-在线Brainfuck加密|在线Brainfuck解密|Brainfuck|Brainfuck原理|Brainfuck算法](http://www.hiencode.com/brain.html)
- 
[CTFever Toolkit by uniiem](https://c5r.app/tools/brain-fuck)
- [Brainfuck/OoK加密解密 - Bugku CTF](https://ctf.bugku.com/tool/brainfuck)
- 
[CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/brain-fuck)
- 
[Brainfuck/Text/Ook! obfuscator - deobfuscator. Decode and encode online.](https://tool.bugku.com/brainfuck)
- 
[CacheSleuth - Brainfuck & Ook! Code](https://www.cachesleuth.com/bfook.html)
- 
[Brainfuck/Ook! Obfuscation/Encoding [splitbrain.org]](https://www.splitbrain.org/services/ook)
### BubbleBabble
- [CTF在线工具-在线BubbleBabble编码|Bubble编码|BubbleBabble解码|BubbleBabble编码原理|BubbleBabble编码算法](http://www.hiencode.com/bubble.html)
### Cast加解密
- [在线Cast加密解密、Cast在线加密解密、Cast encryption and decryption--查错网](http://tool.chacuo.net/cryptcast)
### CryptoJS AES加解密
- 
[AES加解密工具,AES加密解密在线工具-在线工具箱](http://www.66zan.cn/aesencrypt/)
- [在线AES加密 | AES解密 - 在线工具](https://www.sojson.com/encrypt_aes.html)
### CryptoJS DES加解密
- [在线DES加密,DES解密工具-在线工具箱](http://www.66zan.cn/desencrypt/)
- [在线DES加密 | DES解密- 在线工具](https://www.sojson.com/encrypt_des.html)
### CryptoJS RC4加解密
- [在线RC4加密,RC4解密工具-在线工具箱](http://www.66zan.cn/rc4encrypt/)
- [在线RC4加密 | RC4解密- 在线工具](https://www.sojson.com/encrypt_rc4.html)
### CryptoJS Rabbit加解密
- [在线Rabbit加密,Rabbit解密工具-在线工具箱](http://www.66zan.cn/rabbitencrypt/)
- [在线Rabbit加密 | Rabbit解密- 在线工具](https://www.sojson.com/encrypt_rabbit.html)
### CryptoJS TripleDes加解密
- [在线TripleDES加密,TripleDES解密工具-在线工具箱](http://www.66zan.cn/tripledes/)
- [Triple DES(3DES)加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/tripledes)
- [在线Triple DES加密 | Triple DES解密- 在线工具](https://www.sojson.com/encrypt_triple_des.html)
### CryptoJS 加解密
- [在线加密/解密,对称加密/非对称加密](https://www.sojson.com/encrypt.html)
### DES加解密
- [CTF在线工具-DES在线加解密|DES在线加密|DES在线解密|DES encryption|DES decryption](http://www.hiencode.com/cdes.html)
### DNA基因序列编码
- 
[DNA to mRNA to Protein Converter](https://skaminsky115.github.io/nac/DNA-mRNA-Protein_Converter.html)
### DSA密钥对
- 
[在线DSA密钥对、DSA公钥私钥对生成、DSA Key pair create、生成DSA密钥对--查错网](http://web.chacuo.net/netdsakeypair)
### Escape编码
- [CTF在线工具-在线Escape编码|在线Escape解码](http://www.hiencode.com/escape.html)
### Gost加解密
- [在线Gost加密解密、Gost在线加密解密、Gost encryption and decryption--查错网](http://tool.chacuo.net/cryptgost)
### Gronsfeld密码
- [CTF在线工具-在线Gronsfeld密码加密|在线Gronsfeld密码解密|Gronsfeld密码算法|Gronsfeld Cipher](http://www.hiencode.com/gronsfeld.html)
### HTML实体编码
- 
[HTML解码 - 在线HTML解码器](https://www.convertstring.com/zh_CN/EncodeDecode/HtmlDecode)
### HTML编码
- [CTF在线工具-在线HTML编码|在线HTML解码](http://www.hiencode.com/html_en.html)
### HTTP(S)响应头查看
- [CTF在线工具-在线查看HTTP/HTTPS响应消息头|HTTP Response](http://www.hiencode.com/http_head.html)
### Handycode
- [CTF在线工具-在线handycode编码|handycode编码|handycode解码|handycode编码原理|handycode编码算法](http://www.hiencode.com/handycode.html)
### Hex编码
- [CTF在线工具-Hex在线编码|Hex在线解码|十六进制编码转换](http://www.hiencode.com/hex.html)
### JJencode
- [CTF在线工具-在线JJencode编码|JJ编码|JJencode解码|JJencode编码原理|JJencode编码算法](http://www.hiencode.com/jjencode.html)
### JSfuck
- 
[CoderTab - JSUnFuck - Decode JSFuck Here](http://codertab.com/JsUnFuck)
- [CTF在线工具-在线JSfuck加密|在线JSfuck解密|JSfuck|JSfuck原理|JSfuck算法](http://www.hiencode.com/jsfuck.html)
- 
[JSFuck解密_javascript在线混淆解密-利民吧](http://www.liminba.com/tool/jsfuckdecode/)
- [CTFever Toolkit by uniiem](https://c5r.app/tools/jsfuck)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/jsfuck)
- 
[JSFuck - 在线加解密](https://www.bugku.com/tools/jsfuck/)
### MD5解密
- 
[Just a moment...](https://cmd5.la/)
- 
[MD5 在線免費解密 MD5、SHA1、MySQL、NTLM、SHA256、SHA512、Wordpress、Bcrypt 的雜湊](https://hashes.com/zh/decrypt/hash)
- 
[md5解密 MD5在线解密 破解md5](https://pmd5.com/)
- 
[运行时错误](https://www.chamd5.org/)
- 
[md5在线解密破解,md5解密加密](https://www.cmd5.com/)
- 
[MD5免费在线解密破解_MD5在线加密-SOMD5](https://www.somd5.com/)
### Mimetypes
- [CTF在线工具-Mimetypes|http消息头应用类型](http://www.hiencode.com/mimetypes.html)
### PKCS#1转PKCS8
- [在线RSA PKCS#1 转 PKCS8格式私钥、convert pkcs8 to pkcs#1 private key--查错网](http://tool.chacuo.net/cryptrsapkcs1pkcs8)
### Porta密码
- [CTF在线工具-在线Porta密码加密|在线Porta密码解密|Porta密码算法|Porta Cipher](http://www.hiencode.com/porta.html)
### Punycode
- [CTF在线工具-在线Punycode编码|Punycode解码|Punycode编码原理|Punycode编码算法](http://www.hiencode.com/punycode.html)
### Quoted-printable
- [Quoted-printable编码|Quoted-printable解码|Quoted-printable编码原理介绍--查错网](http://web.chacuo.net/charsetquotedprintable/)
### Quoted编码
- [CTF在线工具-在线Quoted-printable编码|在线Quoted-printable编码|邮件编码|mail编码](http://www.hiencode.com/quoted.html)
### RC2加解密
- [在线RC2加密解密、RC2在线加密解密、RC2 encryption and decryption--查错网](http://tool.chacuo.net/cryptrc2)
### RC4加解密
- [在线RC4加密解密、RC4在线加密解密、RC4 encryption and decryption--查错网](http://tool.chacuo.net/cryptrc4)
- [CTF在线工具-RC4在线加解密|RC4在线加密|RC4在线解密|RC4 encryption|RC4 decryption](http://www.hiencode.com/rc4.html)
### RC5加解密
- [在线RC5加密解密、RC5在线加密解密、RC5 encryption and decryption--查错网](http://tool.chacuo.net/cryptrc5)
### RC6加解密
- [在线RC6加密解密、RC6在线加密解密、RC6 encryption and decryption--查错网](http://tool.chacuo.net/cryptrc6)
### ROT编解码
- 
[www.qqxiuzi.cn](https://www.qqxiuzi.cn/bianma/rot5-13-18-47.php)
### RSA大数分解
- 
[factordb.com](http://www.factordb.com/index.php)
### RSA密钥对
- [在线生成非对称加密公钥私钥对、在线生成公私钥对、RSA Key pair create、生成RSA密钥对--查错网](http://web.chacuo.net/netrsakeypair)
### RSA私钥密码修改
- [在线RSA私钥密码添加修改、添加修改RSA私钥密码、rsa private key password modify--查错网](http://tool.chacuo.net/cryptrsapassmodify)
### RSA私钥密码清除
- [在线RSA私钥密码清除、删除RSA私钥密码、rsa private key password removal--查错网](http://tool.chacuo.net/cryptrsapassclear)
### RSA私钥解析
- [CTF在线工具-在线私钥解析|在线私钥提取|私钥在线破解|私钥信息提取](http://www.hiencode.com/priv_asys.html)
### RSA综合工具
- [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool) RSA attack tool (mainly for ctf) - retrieve private key from weak public...
- [rsa-wiener-attack](https://github.com/pablocelayes/rsa-wiener-attack) A Python implementation of the Wiener attack on RSA public-key en...
- [RSA](https://github.com/Mr-Aur0ra/RSA)
- [CTF-RSA-tool](https://github.com/6u661e/CTF-RSA-tool) a little tool help CTFer solve RSA problem
### Rijndael加解密
- [在线Rijndael加密解密、Rijndael在线加密解密、Rijndael encryption and decryption--查错网](http://tool.chacuo.net/cryptrijndael)
### Rot13加解密
- [CTF在线工具-在线Rot13密码加密|在线Rot13密码解密|Rot13密码算法|Rot13 Cipher](http://www.hiencode.com/rot13.html)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/rot-series)
### Rsa公私钥解析
- [RSA公私钥分解 Exponent、Modulus,Rsa公私钥指数、系数(模数)分解--查错网](http://tool.chacuo.net/cryptrsakeyparse)
### Serpent(蛇)加解密
- 
[Serpent Encryption – Easily encrypt or decrypt strings or files](http://serpent.online-domain-tools.com/)
- [在线Serpent加密解密、Serpent在线加密解密、Serpent encryption and decryption--查错网](http://tool.chacuo.net/cryptserpent)
### Sojson.v4解密
- [Sojson v4 解密 - Bugku CTF](https://ctf.bugku.com/tool/sojson4)
### Sojson.v5(jsjiami.com.v5)解密
- [Sojson v5 解密 - Bugku CTF](https://ctf.bugku.com/tool/sojson5)
### Terple DES加密
- [CTF在线工具-Triple DES在线加解密|Triple DES在线加密|Triple DES在线解密|Triple DES encryption|Triple ...](http://www.hiencode.com/tdes.html)
### Twofish加解密
- [在线Twofish加密解密、Twofish在线加密解密、Twofish encryption and decryption--查错网](http://tool.chacuo.net/crypttwofish)
### Type7密码加解密
- [Type 7 Cipher - A.Tools](http://www.atoolbox.net/Tool.php?Id=992)
### URL编码
- [CTF在线工具-在线URL编码|URL解码](http://www.hiencode.com/url.html)
### UTF-8与GBK编码转换
- [UTF-8与GBK编码转换 - 一个工具箱 - 好用的在线工具都在这里!](http://www.atoolbox.net/Tool.php?Id=1066)
### UUencode
- [在线UUencode编码|在线UUencode解码|UU编码|UU解码|UUencode编码原理介绍--查错网](http://web.chacuo.net/charsetuuencode)
- [CTF在线工具-在线UUencode编码|UU编码|UUencode解码|UUencode编码原理|UUencode编码算法](http://www.hiencode.com/uu.html)
### UUencode加解密
- [UUencode加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/uuencode)
### WebSocket测试
- [CTF在线工具-在线查看HTTP/HTTPS响应消息头|HTTP Response](http://www.hiencode.com/web_socket.html)
### XXTEA加解密
- [XXTEA Encrypt & Decrypt - A.Tools](http://www.atoolbox.net/Tool.php?Id=1090)
### XXencode
- [在线XXencode编码|在线XXencode解码|XX编码|XX解码|XXencode编码原理介绍--查错网](http://web.chacuo.net/charsetxxencode)
- [CTF在线工具-在线XXencode编码|XX编码|XXencode解码|XXencode编码原理|XXencode编码算法](http://www.hiencode.com/xxencode.html)
- [XXencode加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/xxencode)
### Xtea加解密
- [在线Xtea加密解密、Xtea在线加密解密、Xtea encryption and decryption--查错网](http://tool.chacuo.net/cryptxtea)
- [XTEA Encrypt & Decrypt - A.Tools](http://www.atoolbox.net/Tool.php?Id=1089)
### base36编解码
- [CTF在线工具-在线base36编码|在线base36解码|base36编码|base36解码](http://www.hiencode.com/base36w.html)
### brainfuck颜文字
- 
[( ͡° ͜ʖ ͡°)fuck - Esolang](https://esolangs.org/wiki/(_%CD%A1%C2%B0_%CD%9C%CA%96_%CD%A1%C2%B0)fuck)
### chacha20加解密
- [在线chacha20加密解密、chacha20在线加密解密、chacha20 encryption and decryption--查错网](http://tool.chacuo.net/cryptchacha20)
### cisco 密码解密
- 
[IFM - Cisco Password Cracker](https://www.ifm.net.nz/cookbooks/passwordcracker.html)
### emoji-aes
- [emoji_aes_burst](https://github.com/Mumuzi7179/emoji_aes_burst) 哥们上世纪写emoji-aes脚本
- [emoji-aes](https://github.com/aghorler/emoji-aes) 🔒 Encrypt messages with emojis using AES.
- 
[emoji-aes](https://aghorler.github.io/emoji-aes/)
### hex转字符
- 
[HEX转字符 十六进制转字符 hex gb2312 gbk utf8 汉字内码转换 - The X 在线工具](https://the-x.cn/encodings/Hex.aspx)
### logo编程
- 
[Logo Interpreter](https://www.calormen.com/jslogo/)
### malbolge编程
- 
[Malbolge Tools](https://zb3.me/malbolge-tools/)
### ppencode
- [CTF在线工具-在线PPencode编码|PP编码|PPencode编码原理|PPencode编码算法](http://www.hiencode.com/ppencode.html)
### quipqiup
- 
[quipqiup.com](https://quipqiup.com)
### rsa私钥加解密
- [在线RSA私钥加密解密、RSA private key encryption and decryption--查错网](http://tool.chacuo.net/cryptrsaprikey)
### snow隐写
- 
|
[The SNOW Home Page](https://darkside.com.au/snow)
### tupper
- 
[Tupper's Formula Tools](https://tuppers-formula.ovh/)
### 与佛论禅加解密
- 
[新约佛论禅/佛曰加密 - 萌研社 - PcMoe!](http://hi.pcmoe.net/buddha.html)
- [与佛论禅加密/解密 - 一个工具箱 - 好用的在线工具都在这里!](http://www.atoolbox.net/Tool.php?Id=1027)
- 
[与佛论禅](http://www.keyfc.net/bbs/tools/tudoucode.aspx)
- [与佛论禅密码 - Bugku CTF](https://ctf.bugku.com/tool/todousharp)
### 中文加密
- [文本加密为汉字,可自设密码|文本在线加密解密工具](https://www.qqxiuzi.cn/bianma/wenbenjiami.php)
### 仿射密码
- [CTF在线工具-在线仿射密码加密|在线仿射密码解密|仿射密码算法|Affine Cipher](http://www.hiencode.com/affine.html)
- 
[Affine Cipher (online tool) | Boxentriq](https://www.boxentriq.com/code-breaking/affine-cipher)
- 
[Affine cipher - 许愿星](https://www.wishingstarmoye.com/ctf/affinecipher)
### 公钥解析
- [SSL在线工具-公钥解析](http://www.hiencode.com/pub_asys.html)
### 关键字密码
- [CTF在线工具-在线关键字加密|在线关键字解密|关键字密码算法|Keyword Cipher](http://www.hiencode.com/keyword.html)
### 其他
- | [ctf-knife v1.0](https://github.com/qianxiao996/ctf-knife) 编码解码工具
- 
[CT2 Downloads - CrypTool](https://www.cryptool.org/en/ct2/downloads/)
### 兽音译者
- 
[兽音译者在线编码解码 - 兽音翻译咆哮体加密解密](https://roar.iiilab.com/)
### 凯撒密码(Caesar)
- 
[ת_뷭_ - ѯ](http://moersima.00cha.net/kaisamima.asp)
- [CTF在线工具-在线凯撒密码加密|在线凯撒密码解密|凯撒密码算法|Caesar Cipher](http://www.hiencode.com/caesar.html)
- [凯撒(Caesar)加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/caesar)
### 列移位密码
- [CTF在线工具-在线列移位密码加密|在线列移位密码解密|列移位密码算法|Columnar Transposition Cipher](http://www.hiencode.com/colum.html)
### 博多密码
- [Baudot Code, Baudot-Murray Code (online tool) | Boxentriq](https://www.boxentriq.com/code-breaking/baudot-code)
### 博福特密码
- [CTF在线工具-在线博福特密码加密|在线博福特密码解密|博福特密码算法|Beaufort Cipher](http://www.hiencode.com/beaufort.html)
### 双密码
- [CTF在线工具-在线双密码加密|在线双密码解密|双密码算法|Bifid Cipher](http://www.hiencode.com/bifid.html)
### 同音替代密码
- [Homophonic Substitution Cipher - A.Tools](http://www.atoolbox.net/Tool.php?Id=919)
### 哈希解密
- [Decrypt MD5, SHA1, MySQL, NTLM, SHA256, MD5 Email, SHA256 Email, SHA512, Wordpress,...](https://hashes.com/en/decrypt/hash)
- [md5在线解密破解,md5解密加密](https://www.cmd5.com)
- 
[Professional Cloud Password Testing & Recovery Services](https://www.onlinehashcrack.com/)
### 哈希计算
- [CTF在线工具-哈希计算|MD5、SHA1、SHA256、SHA384、SHA512、RIPEMD、RIPEMD160](http://www.hiencode.com/hash.html)
### 四方密码
- [CTF在线工具-在线四方密码加密|在线四方密码解密|四方密码算法|Foursquare Cipher](http://www.hiencode.com/four.html)
### 国密SM加解密
- | [sm234_decrypt_gui v2.0](https://github.com/milu001/sm234_decrypt_gui) 国密SM系列加解密图形化GUI工具,支持sm2加密,sm2解密,sm3加密,sm4加密,sm4解密,sm4支持多种填充方...
### 图像编码
- 
[图像密码 - FzWjScJの菜鸡记录](http://www.fzwjscj.xyz/index.php/archives/23/)
### 埃特巴什码
- [CTF在线工具-在线埃特巴什码加密|在线埃特巴什码解密|埃特巴什码算法|Atbash Cipher](http://www.hiencode.com/atbash.html)
### 培根密码
- [CTF在线工具-在线培根密码加密|在线培根密码解密|培根密码算法|Baconian Cipher](http://www.hiencode.com/baconian.html)
### 希尔加解密
- [希尔(Hill Cipher)加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/hill)
### 恩尼格玛密码机密码
- [Enigma Cipher - A.Tools](http://www.atoolbox.net/Tool.php?Id=993)
### 摩尔斯电码
- [CTF在线工具-在线莫尔斯电码编码|在线莫尔斯电码解码|莫尔斯电码算法|Morse](http://www.hiencode.com/morse.html)
- 
[摩尔斯电码转换器:在线进行摩尔斯电码和英文字母的相互转换,可以把莫尔斯电码转换为英文字母,也可把英文字母转换为摩尔斯电码](http://www.zhongguosou.com/zonghe/moErSiCodeConverter.aspx)
- [CTFever Toolkit by uniiem](https://c5r.app/tools/morse-code)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/morse-code)
### 敲击码
- 
[CTF在线工具-在线敲击码|敲击码编码|敲击码算法|tap code](http://ctf.ssleye.com/tapcode.html)
- [CTF在线工具-在线敲击码|敲击码编码|敲击码算法|tap code](http://www.hiencode.com/tapcode.html)
### 文件破解
- 
[Catpasswd - Globally renowned encrypt file recovery platform](https://www.catpasswd.com/)
### 文本盲水印
- [text_blind_watermark v0.0.2](https://github.com/guofei9987/text_blind_watermark) 文本盲水印:把信息隐匿到文本中,put invisible blind watermark into a te...
### 普莱菲尔密码
- [CTF在线工具-在线普莱菲尔密码加密|在线普莱菲尔密码解密|普莱菲尔密码算法|Playfair Cipher](http://www.hiencode.com/playfair.html)
### 替换密码
- | [substitution_cipher_solver](https://github.com/alexbers/substitution_cipher_solver) Simple substitution cipher solver.
### 栅栏密码(RailFence)
- [CTF在线工具-在线栅栏密码加密|在线栅栏密码解密|栅栏密码算法|Railfence Cipher](http://www.hiencode.com/railfence.html)
- [栅栏加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/railfence)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/rail-fence-cipher)
- [栅栏密码在线加密解密 - 千千秀字](https://www.qqxiuzi.cn/bianma/zhalanmima.php)
### 校验RSA密钥对
- [在线RSA公私密钥校验、RSA公私密钥检查、Online RSA public-private key verification--查错网](http://tool.chacuo.net/cryptrsakeyvalid)
### 模数生成Rsa公钥
- [由Exponent(指数)、Modulus(模数)生成Rsa 公钥 public key--查错网](http://tool.chacuo.net/cryptrsamodulus2pkey)
### 滚动密钥密码
- [CTF在线工具-在线滚动密钥加密|在线滚动密钥解密|滚动密钥密码算法|Running Key Cipher](http://www.hiencode.com/runkey.html)
### 猪圈密码(共济会密码)
- [CTF在线工具-在线猪圈密码加密|在线猪圈密码解密|猪圈密码算法|Pigpen Cipher](http://ctf.ssleye.com/pigpen.html)
- [CTF在线工具-在线猪圈密码加密|在线猪圈密码解密|猪圈密码算法|Pigpen Cipher](http://www.hiencode.com/pigpen.html)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/pigpen)
### 现代密码
#### GM
- [gmhelper](https://github.com/ZZMarquis/gmhelper) 基于BC库:国密SM2/SM3/SM4算法简单封装;实现SM2 X509v3证书的签发;实现SM2 pfx证书的签发
- [sm-crypto](https://github.com/JuneAndGreen/sm-crypto) 国密算法js版
### 电报码
- [电报码在线翻译(国际摩尔斯电码及中文电码) - 千千秀字](https://www.qqxiuzi.cn/bianma/dianbao.php)
### 百家姓加解密
- [百家姓加密/解密 - 一个工具箱 - 好用的在线工具都在这里!](http://www.atoolbox.net/Tool.php?Id=1050)
- 
[百家姓](https://api.dujin.org/baijiaxing/)
### 社会主义核心价值观编码
- [CTF在线工具-在线核心价值观编码|核心价值观编码算法|Core Values Encoder](http://www.hiencode.com/cvencode.html)
- [CTFever Toolkit by uniiem](https://c5r.app/tools/core-values-cipher)
- [核心价值观编码 - Bugku CTF](https://ctf.bugku.com/tool/cvecode)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/core-values-cipher)
### 私钥中提取公钥
- [RSA非对称加密从私钥中获取公钥、Get the public key from the private key--查错网](http://tool.chacuo.net/cryptgetpubkey)
### 程序代码空白隐藏
- 
[Online Compiler and IDE >> C/C++, Java, PHP, Python, Perl and 70+ other compilers a...](https://ideone.com/)
### 简单换位密码
- [CTF在线工具-在线简单换位密码加密|在线简单换位解密|简单换位密码算法|Simple Substitution Cipher](http://www.hiencode.com/simple.html)
### 维吉尼亚密码(vigenere)
- | [vigenere-solver 1.0](https://github.com/20142995/vigenere-solver) 维吉尼亚密码加密解密程序,包含自动猜测密钥功能
- [CTF在线工具-在线维吉尼亚密码加密|在线维吉尼亚解密|维吉尼亚密码算法|Vigenere Cipher](http://www.hiencode.com/vigenere.html)
- [维吉尼亚加密/解密 - Bugku CTF](https://ctf.bugku.com/tool/vigenere)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/vigenereCipher)
- 
[Vigenere Solver | guballa.de](https://www.guballa.de/vigenere-solver)
- 
[My Geocaching Profile.com - Vigenere Cipher Codebreaker](https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx)
- [维吉尼亚密码在线加密解密 - 千千秀字](https://www.qqxiuzi.cn/bianma/weijiniyamima.php)
### 编解码综合
- | [bo_ctfcode 6.2](https://github.com/20142995/bo_ctfcode)
- | [CaptfEncoder 3.1.2](https://github.com/guyoung/CaptfEncoder) Captfencoder is opensource a rapid cross platform network securi...
- [SRK-Toolbox](https://github.com/Raka-loah/SRK-Toolbox)
### 编解码综合网站
- 
[Multi - Encoder - Decoder by FBCS (fbcs(at)gmx.net)](http://fbcs.bplaced.net/multi_encoder_decoder.html)
- 
[CyberChef](http://tools.sbbbb.cn/CyberChef/)
- [加密解密 - 加密解密工具 第1页 - 一个工具箱 - 好用的在线工具都在这里!](http://www.atoolbox.net/Category.php?Id=27)
- [CTF在线工具-CTF工具|CTF编码|CTF密码学|CTF加解密|程序员工具|在线编解码](http://www.hiencode.com/)
- [在线工具 - Bugku CTF](https://ctf.bugku.com/tools)
- 
[CyberChef](https://ctf.mzy0.com/CyberChef3/)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/)
- 
[CyberChef](https://forum.ywhack.com/tools/CyberChef/)
- 
[在线工具 - 你的工具箱](https://tool.lu/)
- [许愿星](https://www.wishingstarmoye.com/)
### 自动密钥密码(autokey)
- [breakautokey](https://github.com/hotzzzzy/breakautokey) breakautokey
- [Autokey Cipher - A.Tools](http://www.atoolbox.net/Tool.php?Id=920)
- [CTF在线工具-在线自动密钥密码加密|在线自动密钥密码解密|自动密钥密码算法|Autokey Cipher](http://www.hiencode.com/autokey.html)
### 进制转换
- [CTF在线工具-ASCII与进制转换|任意进制转换|ASCII、2进制、8进制、10进制、16进制](http://www.hiencode.com/jinzhi.html)
### 阴阳怪气编解码
- 
[阴阳怪气编码](https://jiji.pro/yygq.js/)
### 随机密码和密钥生成器
- [随机密码和密钥生成器 - 一个工具箱 - 好用的在线工具都在这里!](http://www.atoolbox.net/Tool.php?Id=921)
### 零宽隐写
- [zero-width-lib](https://github.com/yuanfux/zero-width-lib) :zero: A lib for zero width chars
- 
[Unicode Steganography with Zero-Width Characters](http://330k.github.io/misc_tools/unicode_steganography.html)
- [Unicode Steganography with Zero-Width Characters](https://330k.github.io/misc_tools/unicode_steganography.html)
- 
[文本隐水印](https://www.guofei.site/pictures_for_blog/app/text_watermark/v1.html)
- 
[Unicode Steganography with Zero-Width Characters](https://www.mzy0.com/ctftools/zerowidth1/)
- [Offdev.net - Zero-width space steganography javascript demo](https://www.mzy0.com/ctftools/zerowidth2/)
- [文本隐藏加密 - 千千秀字](https://www.qqxiuzi.cn/bianma/yincangjiami.php)
- 
[Zero Width Lib](https://yuanfux.github.io/zero-width-web/)
### 音乐符号加密
- [文本加密为音乐符号,可自设密码|文本在线加密解密工具](https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue)
## Misc
### 16进制编辑
- | [ImHex v1.35.4](https://github.com/WerWolv/ImHex) 🔍 A Hex Editor for Reverse Engineers, Programmers and people who valu...
### 二维码
- | [qrazybox](https://github.com/Merricx/qrazybox) QR Code Analysis and Recovery Toolkit
- 
[QRazyBox - QR Code Analysis and Recovery Toolkit](https://merri.cx/qrazybox/)
### 二维码批量识别
- | [QrScan v2.10.1](https://github.com/zfb132/QrScan) 离线批量检测图片是否包含二维码以及识别二维码
### 情报收集
#### 航线图
- 
[VariFlight Map](https://map.variflight.com)
- 
[History ✈ B-7631 - FlightAware](https://zh.flightaware.com/live/flight/B7631/history/320)
### 文件分析
- [foremost](https://github.com/jin-stuff/foremost)
- |
[字符串 - Sysinternals | Microsoft Learn](https://learn.microsoft.com/zh-cn/sysinternals/downloads/strings)
### 综合
- | [ToolsFx v1.18.0](https://github.com/Leon406/ToolsFx) 基于kotlin+tornadoFx的跨平台密码学工具箱.包含编解码,编码转换,加解密, 哈希,MAC,签名,大数运算,压缩,二维码功...
- | [CTF-NetA CTF-NetA-V1.8.3](https://github.com/Arinue/CTF-NetA) CTF-NetA是一款专门针对CTF比赛的网络流量分析工具,可以对常见的网络流量进行分析,快速自动获取flag。
- | [PuzzleSolver v2.1.6](https://github.com/Byxs20/PuzzleSolver) 一款针对CTF竞赛MISC的工具~
- [qsnctf-python 0.0.8.10](https://github.com/Moxin1044/qsnctf-python) 青少年CTF的Python包,方便大家调用一些CTF常用功能。
- [binwalk v2.3.4](https://github.com/ReFirmLabs/binwalk) Firmware Analysis Tool
- | [CTF-Tools v1.3.7](https://github.com/qianxiao996/CTF-Tools) 一款Python+Pyqt写的CTF编码、解码、加密、解密工具。
- 
[沨](http://www.1o1o.xyz/bo_ctfcode.html)
### 编解码
- | [CyberChef v10.19.2](https://github.com/gchq/CyberChef) The Cyber Swiss Army Knife - a web app for encryption, encoding,...
- | [CTFCrackTools 4.0.7](https://github.com/0Chencc/CTFCrackTools) China's first CTFTools framework.中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关
- [Ciphey 5.14.0](https://github.com/Ciphey/Ciphey) ⚡ Automatically decrypt encryptions without knowing the key or cipher...
- | [TomatoTools v1.0.2](https://github.com/ht0Ruial/TomatoTools) TomatoTools 一款CTF杂项利器,支持36种常见编码和密码算法的加密和解密,31种密文的分析和识别,支持自动提取fla...
### 自动拼图
- | [PuzzleSolver v1.0.1-beta](https://github.com/JamesHoi/PuzzleSolver) 一款专门为CTF比赛设计的拼图工具
### 隐写
- 
[SilentEye - Steganography is yours](https://achorein.github.io/silenteye/)
- |
[MP3Stego](https://www.petitcolas.net/steganography/mp3stego/)
## Reverse
### IDA插件
- [IdaClu v1.1](https://github.com/harlamism/IdaClu) IdaClu is a version agnostic IDA Pro plugin for grouping similar functi...
- [rust-reversing-helper](https://github.com/cha512/rust-reversing-helper)
- [IDAGolangHelper](https://github.com/sibears/IDAGolangHelper)
- [golang_loader_assist](https://github.com/strazzere/golang_loader_assist)
### Java反编译
- | [jar-analyzer 3.1](https://github.com/jar-analyzer/jar-analyzer) Jar Analyzer - 一个JAR包分析工具,SCA漏洞分析,批量分析JAR包,方法调用关系搜索,字符串搜索,Spring组件...
- [cfr 0.152](https://github.com/leibnitz27/cfr) This is the public repository for the CFR Java decompiler
- | [CodeReviewTools v1.31](https://github.com/Ppsoft1991/CodeReviewTools) 通过正则搜索、批量反编译特定Jar包中的class名称
- | [JavaDecompileTool-GUI V1.2](https://github.com/MountCloud/JavaDecompileTool-GUI) Java Decompile Tool GUI-JAVA反编译工具(界面版)
- [bytecode-viewer](https://github.com/Konloch/bytecode-viewer)
### pyc逆向
- | [python-uncompyle6 3.9.2](https://github.com/rocky/python-uncompyle6) A cross-version Python bytecode decompiler
- | [pyinstxtractor 2024.04](https://github.com/extremecoders-re/pyinstxtractor) PyInstaller Extractor
- | [stegosaurus 1.0](https://github.com/AngelKitty/stegosaurus) A steganography tool for embedding payloads within Python bytecode.
- [CTFever Toolkit by uniiem](https://c5r.app/tools/pyc-decompiler)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/pyc-decompiler)
### python逆向
- | [pydumpck 1.20.1](https://github.com/serfend/pydumpck) a multi-threads tool for decompile exe,elf,pyz,pyc packed by python...
- [unpy2exe](https://github.com/matiasb/unpy2exe)
- [pyinstxtractor-ng](https://github.com/pyinstxtractor/pyinstxtractor-ng)
- |
[Just a moment...](https://sourceforge.net/projects/easypythondecompiler)
### 加壳
- [UPX-Patcher Latest](https://github.com/DosX-dev/UPX-Patcher) Make "upx -d" unpacking impossible!
### 安卓逆向
- | [jadx v1.5.0](https://github.com/skylot/jadx) Dex to Java decompiler
- [GameSentry](https://github.com/GrowthEase/GameSentry) 一款提高安全测试效率的工具
### 查壳
- | [DIE-engine 3.09](https://github.com/horsicq/DIE-engine) DIE engine
## Web
### HASH长度扩展攻击
- [HashPump](https://github.com/Phantomn/HashPump)
- | [hash-ext-attack](https://github.com/shellfeel/hash-ext-attack) 哈希长度扩展攻击利用脚本,免去了hashpump需要编译的烦恼
- [Hash_Extender](https://github.com/eid3t1c/Hash_Extender) Automated tool implementing Hash Length Extension Attack in MD4,MD5,...
- [hash_extender](https://github.com/iagox86/hash_extender)
- | [md5-extension-attack](https://github.com/JoyChou93/md5-extension-attack) MD5长度扩展攻击
- [Length_Extension_Attack_for_SM3.py](https://github.com/LJY-21/Length_Extension_Attack_for_SM3.py)
### 命令注入
- | [bashFuck](https://github.com/ProbiusOfficial/bashFuck) exec BashCommand with only ! # $ ' ( ) < \ { } just 10 charset used in Byp...
### 定向目录扫描
- | [ctf-wscan](https://github.com/OrangeWatermelon/ctf-wscan) 在kingkaki的项目上进行了修改,改为单线程,可以在任意目录下执行,对重复的请求进行了过滤
### 笔记
- [Web-CTF-Cheatsheet](https://github.com/w181496/Web-CTF-Cheatsheet)
## 相关资源
- [ctf-archives](https://github.com/sajjadium/ctf-archives) CTF Archives: Collection of CTF Challenges.
- [CTFd 3.7.3](https://github.com/CTFd/CTFd) CTFs as you need them
- [CTF-OS v2.0.0b](https://github.com/ProbiusOfficial/CTF-OS) 【Hello CTF】专为CTF比赛封装的虚拟机,基于工具集封装多个版本和系统,更多选择,开箱即用。比赛愉快!
- [ctf-challenges](https://github.com/ctf-wiki/ctf-challenges)
- | [BerylEnigma 1.15.0](https://github.com/ffffffff0x/BerylEnigma) ffffffff0x team toolset for penetration testing, cryptography re...
- [CTF-QuickStart](https://github.com/ProbiusOfficial/CTF-QuickStart) 源仓库存档
- [CTFd_chinese_CN v1.2.0](https://github.com/Gu-f/CTFd_chinese_CN) 对CTFd平台各版本的汉化记录。key:中文、汉化、翻译、chinese、CN、CTFd
- [SecToolKit](https://github.com/ProbiusOfficial/SecToolKit) Cybersecurity tool repository / Wiki 收录常用 / 前沿 的CTF和渗透工具以及其 官方/使用 文档,致力于...
- [CTFtools-wiki](https://github.com/ProbiusOfficial/CTFtools-wiki) 【Hello CTF】录常用 / 优秀 的CTF工具项目及其文档,一个对各阶段CTFer都很友好的工具仓库,让所有的工具都发挥作用!
- [CTF-Tools](https://github.com/Aabyss-Team/CTF-Tools) 渊龙Sec安全团队CTF&AWD工具箱
- [CTF-Note](https://github.com/kitezzzGrim/CTF-Note) CTF笔记:该项目主要记录CTF知识、刷题记录、工具等。
- [ctf-tools](https://github.com/ctf-wiki/ctf-tools) CTF 工具集合
- [ctf_ics_traffic](https://github.com/NewBee119/ctf_ics_traffic) 工控CTF比赛工具,各种网络数据包处理脚本
- 
[CTF资源库|CTF工具下载|CTF工具包|CTF工具集合](http://www.ctftools.com/)
- 
[Hello CTF](https://hello-ctf.com/)
# 常用软件
## 即时通讯
- [igdm](https://github.com/igdmapps/igdm)
## 图形图像
- [caesium-image-compressor](https://github.com/Lymphatus/caesium-image-compressor)
## 效率办公
- [Maya](https://github.com/25H/Maya)
## 磁盘工具
- |
[傲梅分区助手、轻松备份、数据恢复(恢复之星)、远程控制(AnyViewer)等软件免费下载官网](https://www.disktool.cn)
## 系统优化
- [Dism-Multi-language](https://github.com/Chuyu-Team/Dism-Multi-language)
- |
[软媒魔方](https://mofang.ruanmei.com)
## 编程环境
- |
[fw_error_www](https://www.oracle.com/java/)
## 远程管理
- [RedisStudio](https://github.com/cinience/RedisStudio)
# 开发
## Go
### 其他
- [go-pinyin v0.20.0](https://github.com/mozillazg/go-pinyin) 汉字转拼音
## Python
### GUI框架
- [py-window-styles](https://github.com/Akascape/py-window-styles) Customize your python UI window with awesome pre-built windows 11 ...
- [Forest-ttk-theme](https://github.com/rdbende/Forest-ttk-theme) A beautiful modern theme for ttk, inspired by MS Excel's look 🌲🌳
### 其他
- [Python-100-Days](https://github.com/jackfrued/Python-100-Days) Python - 100天从新手到大师
- [python-pinyin v0.53.0](https://github.com/mozillazg/python-pinyin) 汉字转拼音(pypinyin)
- [FreeSimpleGUI v5.1.1](https://github.com/spyoungtech/FreeSimpleGUI) The free-forever GUI library
- [python-small-examples](https://github.com/jackzhenguo/python-small-examples) 告别枯燥,致力于打造 Python 实用小例子,更多Python良心教程见 https://ai-jupyter.com
- [CustomTkinter](https://github.com/TomSchimansky/CustomTkinter) A modern and customizable python UI-library based on Tkinter
## web
### 接口测试
- | [postman-cn 9.12.2](https://github.com/hlmd/postman-cn) Postman汉化中文版
## 正则
- [common-regex](https://github.com/cdoco/common-regex) :jack_o_lantern: 常用正则表达式 - 收集一些在平时项目开发中经常用到的正则表达式。
# 杂七杂八
## APP合规
- [camille](https://github.com/zhengjim/camille) 基于Frida的Android App隐私合规检测辅助工具
- [AppScan](https://github.com/TongchengOpenSource/AppScan)
## MySQL实时监控工具
- [MySQLMonitor 1.0](https://github.com/TheKingOfDuck/MySQLMonitor) MySQL实时监控工具(代码审计/黑盒/白盒审计辅助工具)
## Windows快捷启动工具
- 
[Dawn Launcher - Windows快捷启动工具](https://dawnlauncher.com/)
## chatgpt
- [ChatGPT-Shortcut v3.2.6](https://github.com/rockbenben/ChatGPT-Shortcut) 🚀💪Maximize your efficiency and productivity, support for En...
- [awesome-chatgpt-zh](https://github.com/yzfly/awesome-chatgpt-zh) ChatGPT 中文指南🔥,ChatGPT 中文调教指南,指令指南,应用开发指南,精选资源清单,更好的使用 chatGPT 让你...
- [Awesome-ChatGPT](https://github.com/dalinvip/Awesome-ChatGPT) ChatGPT资料汇总学习,持续更新......
- [chatgpt-mac v0.0.5](https://github.com/vincelwt/chatgpt-mac) ChatGPT for Mac, living in your menubar.
- [chatgpt](https://github.com/LangLangShanDeNanKe/chatgpt) ChatGPT网址导航,分享免费好用AI网站!
## github加速
- | [FastGithub 2.1.4](https://github.com/dotnetcore/FastGithub) github加速神器,解决github打不开、用户头像无法加载、releases无法上传下载、git-clone、git-pull、...
## pppoe拦截
- [pppoe-intercept v0.3](https://github.com/akkuman/pppoe-intercept) 用来模拟中间人拦截 pppoe 拨号过程的账号密码
## 代理抓包
- [network_proxy_flutter](https://github.com/wanghongenpin/network_proxy_flutter)
## 代理订阅管理
- [clashN 2.22](https://github.com/2dust/clashN) A clash client for Windows, support Mihomo
- [gg v0.2.19](https://github.com/mzz2017/gg) 一个支持节点与订阅链接的 Linux 命令行代理工具 | A command-line tool for one-click proxy in ...
## 修改MAC
- |
[ChMac – Windows Command to Change MAC Addresses of Network Adapters](https://tech.wandersick.com/2019/06/chmac-windows-command-to-change-mac.html)
## 修改文件时间
- |
[NewFileTime 7.31 Corrections and manipulation of timestamp](http://www.softwareok.com/?seite=Microsoft/NewFileTime)
## 做菜指南
- [HowToCook 1.4.0](https://github.com/Anduin2017/HowToCook) 程序员在家做饭方法指南。Programmer's guide about how to cook at home (Simplifie...
## 克隆声音
- [MockingBird v0.0.1](https://github.com/babysor/MockingBird) 🚀AI拟声: 5秒内克隆您的声音并生成任意语音内容 Clone a voice in 5 seconds to generate...
## 内网穿透
- [net-penetrate-http-and-https-simple 2.0.2](https://github.com/LiangXiaoWei1024/net-penetrate-http-and-https-simple) 内网穿透、GUI、一键启动、不限速,内置日志
## 动态口令
- [rotp v6.3.0](https://github.com/mdp/rotp) Ruby One Time Password library
## 区块链
- [zksync2-python v1.2.0](https://github.com/zksync-sdk/zksync2-python) zksync2 is a web3.py library adapted to work with the ZKsync ...
- [all-in-one-v2](https://github.com/zaivanza/all-in-one-v2)
- [zksync](https://github.com/nftscripts/zksync)
- [zksync-auto](https://github.com/bxdoan/zksync-auto) some help for zksync incentive
## 压测工具
- [locust 2.31.6](https://github.com/locustio/locust) Write scalable load tests in plain Python 🚗💨
- [Easy-DDOS](https://github.com/LinWin-Cloud/Easy-DDOS) EasyDDOS高性能DDOS工具-流量杀手。专门设计用于在一段时间内(攻击与结束后) 局域网或者手机电脑热点瘫痪、流量欠费、局域网内所有互联网设...
## 大语言模型
- [ChatGLM3](https://github.com/THUDM/ChatGLM3) ChatGLM3 series: Open Bilingual Chat LLMs | 开源双语对话语言模型
## 安全思维脑图
- [HackerMind](https://github.com/Ascotbe/HackerMind) 各种安全相关思维导图整理收集。渗透步骤,web安全,CTF,业务安全,人工智能,区块链安全,数据安全,安全开发,无线安全,社会工程学,二进制安全...
## 定时任务管理平台
- [qinglong](https://github.com/whyour/qinglong) 支持 Python3、JavaScript、Shell、Typescript 的定时任务管理平台(Timed task management pla...
## 待分类
- | [dev-sidecar v1.8.5](https://github.com/docmirror/dev-sidecar) 开发者边车,github打不开,github加速,git clone加速,git release下载加速,stackoverfl...
- | [gost](https://github.com/go-gost/gost) GO Simple Tunnel - a simple tunnel written in golang
- | [FeiShuRevokeMsgPatcher 2.4.7](https://github.com/flydoos/FeiShuRevokeMsgPatcher) 飞书消息防撤回补丁PC版(别名:飞书电脑版防撤回插件,也叫:飞书防撤回补丁、飞书消息防撤回补丁)由“吾乐吧软...
- | [wapiti 3.2.0](https://github.com/wapiti-scanner/wapiti) Web vulnerability scanner written in Python3
- | [proguard v7.5](https://github.com/Guardsquare/proguard) ProGuard, Java optimizer and obfuscator
- | [HashCalculator 5.27.0](https://github.com/hrpzcf/HashCalculator) 一个哈希值计算工具,批量计算/批量校验/查找重复文件/改变哈希值等,支持集成到系统右键菜单
- | [Chat2DB v3.2.4](https://github.com/chat2db/Chat2DB) 🔥🔥🔥AI-driven database tool and SQL client, The hottest GUI client, s...
- | [AnotherRedisDesktopManager v1.6.7](https://github.com/qishibo/AnotherRedisDesktopManager) 🚀🚀🚀A faster, better and more stable Redis desktop...
- | [openrport 0.9.14](https://github.com/openrport/openrport) Manage remote systems with ease. See more https://oss.openrport.io
- | [siyuan v3.1.7](https://github.com/siyuan-note/siyuan) A privacy-first, self-hosted, fully open source personal knowledge ma...
- | [Frchannel 1](https://github.com/7wkajk/Frchannel) 帆软bi反序列化漏洞利用工具
- | [ddns-go v6.7.0](https://github.com/jeessy2/ddns-go) Simple and easy to use DDNS. Support Aliyun, Tencent Cloud, Dnspod, ...
- | [jattach v2.2](https://github.com/jattach/jattach) JVM Dynamic Attach utility
- | [WinDynamicDesktop v5.6.0](https://github.com/t1m0thyj/WinDynamicDesktop) Port of macOS Mojave Dynamic Desktop feature to Windows
- | [websocat v1.13.0](https://github.com/vi/websocat) Command-line client for WebSockets, like netcat (or curl) for ws:/...
- | [glider v0.16.4](https://github.com/nadoo/glider) glider is a forward proxy with multiple protocols support, and also ...
- | [psudohash v1.0.2](https://github.com/t3l3machus/psudohash) Generates millions of keyword-based password mutations in seconds.
- | [BowPad 2.9.1](https://github.com/stefankueng/BowPad) A simple and fast text editor with a ribbon UI
- | [xJavaFxTool 1.0.0](https://github.com/864381832/xJavaFxTool) 基于JavaFx搭建的实用小工具集合,方便开发过程中的代码编写与调试,想学习javaFx的同学可以参考参考。其中包括文件复制、Cr...
- | [WinASAR 1.4.0](https://github.com/flydoos/WinASAR) WinASAR文件管理工具(也叫:WinASAR文件压缩/解压工具、WinASAR文件打包/解包工具)由“吾乐吧软件站”开发制作,这是一款...
- | [notepad-- notepad-v2.19](https://github.com/cxasm/notepad--) 一个支持windows/linux/mac的文本编辑器,目标是做中国人自己的编辑器,来自中国。
- | [trilium-translation v0.63.7_20240530](https://github.com/Nriver/trilium-translation) Translation for Trilium Notes. Trilium Notes 中...
- | [xray-plugins xlint-0.0.3](https://github.com/chaitin/xray-plugins)
- | [RevokeMsgPatcher 1.8](https://github.com/huiyadanli/RevokeMsgPatcher) :trollface: A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁...
- | [pagodo v2.6.4](https://github.com/opsdisk/pagodo) pagodo (Passive Google Dork) - Automate Google Hacking Database scrap...
- | [dddd v2.0.1](https://github.com/SleepingBag945/dddd) dddd是一款使用简单的批量信息收集,供应链漏洞探测工具,旨在优化红队工作流,减少伤肝的机械性操作。支持从Hunter、Fofa批量拉取目标
- | [cyberapi v0.1.21](https://github.com/vicanso/cyberapi) API tool based on tauri, it is smaller and faster.
- | [pyxis v0.1.5](https://github.com/zan8in/pyxis) pyxis can automatically identify http and https requests, and get resp...
- | [GooFuzz 1.2.5](https://github.com/m3n0sd0n4ld/GooFuzz) GooFuzz is a tool to perform fuzzing with an OSINT approach, managing...
- | [natpass v0.13.0](https://github.com/lwch/natpass) 🔥居家办公,远程开发神器
- | [meterpeter v2.10.14](https://github.com/r00t-3xp10it/meterpeter) C2 Powershell Command & Control Framework with BuiltIn Commands
- | [curl-impersonate-win 20240211](https://github.com/depler/curl-impersonate-win) A special build of curl for Windows that can imperson...
- | [WinMemoryCleaner 2.8](https://github.com/IgorMundstein/WinMemoryCleaner) This free RAM cleaner uses native Windows features to optimize...
- | [godoh 1.6](https://github.com/sensepost/godoh) 🕳 godoh - A DNS-over-HTTPS C2
- | [SimpleDnsCrypt 0.8.2](https://github.com/instantsc/SimpleDnsCrypt) A simple management tool for dnscrypt-proxy
- | [AsyncRAT-C-Sharp v0.5.8](https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp) Open-Source Remote Administration Tool For Windows C# (RAT)
- | [transfer v0.4.17](https://github.com/Mikubill/transfer) 🍭 集合多个API的大文件传输工具.
- | [AirFly 0.2](https://github.com/zgao264/AirFly) 机场订阅一键生成ip代理池,让机场起飞!
- | [dirxk](https://github.com/xk11z/dirxk) 一款集成了多种老牌工具字典的轻量级目录扫描器,包括御剑后台扫描字典,test404网站备份,web破壳扫描器,御剑1.5扫描字典,御剑专业版字典,wwws...
- | [Girsh v0.41](https://github.com/nodauf/Girsh) Automatically spawn a reverse shell fully interactive for Linux or Wind...
- | [C3 v1.4.0](https://github.com/WithSecureLabs/C3) Custom Command and Control (C3). A framework for rapid prototyping of cus...
- | [reqstress v0.1.4](https://github.com/utkusen/reqstress) a benchmarking&stressing tool that can send raw HTTP requests
- | [WindTerm 2.6.0](https://github.com/kingToolbox/WindTerm) A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.
- | [CVE-2021-36260](https://github.com/Cuerz/CVE-2021-36260) 海康威视RCE漏洞 批量检测和利用工具
- | [ExtremeDumper v4.0.0.1](https://github.com/wwh1004/ExtremeDumper) .NET Assembly Dumper
- | [broxy](https://github.com/rhaidiz/broxy) An HTTP/HTTPS intercept proxy written in Go.
- | [NimScan 1.0.8](https://github.com/elddy/NimScan) 🚀 Fast Port Scanner 🚀
- | [BeRoot 1.0.1](https://github.com/AlessandroZ/BeRoot) Privilege Escalation Project - Windows / Linux / Mac
- | [linux-exploit-suggester-2](https://github.com/jondonas/linux-exploit-suggester-2) Next-Generation Linux Kernel Exploit Suggester
- | [MateuszEx 1.0](https://github.com/sairson/MateuszEx) bypass AV生成工具,目前免杀效果不是很好了,但是过个360,火绒啥的没问题
- | [SharpStrike v1.2](https://github.com/iomoath/SharpStrike) A Post exploitation tool written in C# uses either CIM or WMI to q...
- | [Termite](https://github.com/rootkiter/Termite) Tool for tunnel (Version 2)
- | [Govenom pre](https://github.com/arch3rPro/Govenom) Generate MSFVenom shells in command line :)
- | [bantam](https://github.com/gellin/bantam) A PHP backdoor management and generation tool/C2 featuring end to end encryp...
- | [Covenant](https://github.com/cobbr/Covenant) Covenant is a collaborative .NET C2 framework for red teamers.
- | [kerbrute v1.0.3](https://github.com/ropnop/kerbrute) A tool to perform Kerberos pre-auth bruteforcing
- | [Print-My-Shell](https://github.com/sameera-madushan/Print-My-Shell) Python script wrote to automate the process of generating various re...
- | [Venom v1.1.0](https://github.com/Dliv3/Venom) Venom - A Multi-hop Proxy for Penetration Testers
- | [gitrob](https://github.com/michenriksen/gitrob) Reconnaissance tool for GitHub organizations
- | [socat-windows](https://github.com/StudioEtrange/socat-windows) unofficial windows build of socat http://www.dest-unreach.org/socat/
- |
[小米范工具系列之六:小米范 web查找器2.x版本发布 - 范世强 - 博客园](http://www.cnblogs.com/SEC-fsq/p/5610981.html)
- |
[MSU Video Group / Video data filtering and compression](http://www.compression.ru/video)
- |
[zTasker-定时|热键|计划|自动化任务](http://www.everauto.net/cn/)
- |
[Apifox - API 文档、调试、Mock、测试一体化协作平台。拥有接口文档管理、接口调试、Mock、自动化测试等功能,接口开发、测试、联调效率,提升 10 倍。...](https://apifox.com)
- |
[Interactsh | Web Client](https://app.interactsh.com)
- |
[思源笔记 - 隐私优先的个人知识管理系统,支持 Markdown 排版、块级引用和双向链接](https://b3log.org/siyuan)
- |
[Maye 一个简洁小巧的快速启动工具 – N25H's Blog](https://blog.arae.cc/post/25830.html)
- |
[ContextMenuManager | Windows右键菜单管理程序](https://bluepointlilac.github.io/ContextMenuManager)
- |
[Service unavailable](https://dotnet.microsoft.com/)
- |
[git-repo-clean: 对Git仓库大文件进行扫描、清理,并重写提交历史的Git拓展工具。](https://gitee.com/oschina/git-repo-clean)
- [PrintNotifyPotatog](https://github.com/BeichenDream/PrintNotifyPotatog)
- [caesium-image-compressor/](https://github.com/Lymphatus/caesium-image-compressor/)
- [igdm/](https://github.com/igdmapps/igdm/)
- [PidKeyTool](https://github.com/laomms/PidKeyTool)
- [Stowaways](https://github.com/ph4ntonn/Stowaways)
- |
[Goby— 资产绘测及实战化漏洞扫描工具](https://gobysec.net/)
- |
[hetty.xyz](https://hetty.xyz)
- |
[Laragon - portable, isolated, fast & powerful universal development environment for...](https://laragon.org/)
- |
[ConfuserEx 2](https://mkaring.github.io/ConfuserEx/)
- |
[Npcap: Windows Packet Capture Library & Driver](https://npcap.com/)
- |
[PixPin 截图/贴图/长截图/文字识别/标注 | PixPin 截图/贴图/长截图/文字识别/标注](https://pixpinapp.com/)
- |
[Pot | 跨平台划词翻译和OCR](https://pot-app.com)
- |
[Site not found · GitHub Pages](https://rubickcenter.github.io)
- | [CudaText download | SourceForge.net](https://sourceforge.net/projects/cudatext)
- |
[x.com](https://twitter.com/charles_gan1)
- |
[下载](https://verycapture.com/cn/download.html)
- |
[WinSCP :: Official Site :: Free SFTP and FTP client for Windows](https://winscp.net)
- |
[CPU-Z | Softwares | CPUID](https://www.cpuid.com/softwares/cpu-z.html)
- |
[EDX可扩展编辑器](https://www.ed-x.cc/index.html)
- |
[EmEditor (Text Editor) – Best Text Editor, Code Editor, CSV Editor, Large Fil...](https://www.emeditor.com/)
- |
[Google Chrome Web Browser](https://www.google.com/chrome)
- |
[FinalShell SSH工具,服务器管理,远程桌面加速软件,支持Windows,macOS,Linux,版本4.5.6,更新日期2024.8.27 - Final...](https://www.hostbuf.com/t/988.html)
- |
[Invicti (formerly Netsparker) | Web Application and API Security for Enterprise](https://www.invicti.com/)
- |
[www.isc.org](https://www.isc.org/bind/)
- |
[TreeSize - Overview and tidy up your storage | JAM Software](https://www.jam-software.com/treesize)
- |
[Get Firefox browser — Mozilla (US)](https://www.mozilla.org/firefox/)
- |
[www.phpenv.cn](https://www.phpenv.cn/)
- |
[ERROR: The request could not be satisfied](https://www.postcat.com)
- |
[ScreenToGif](https://www.screentogif.com/)
- |
[Shellter | AV Evasion Artware](https://www.shellterproject.com)
- |
[Hide From Uninstall List v1.1](https://www.sordum.org/11081/hide-from-uninstall-list-v1-1/)
- | [Easy Context menu v1.6](https://www.sordum.org/7615/)
- | [BlueLife Hosts Editor v1.5](https://www.sordum.org/8266/bluelifehosts-editor-v1-5/)
- | [Window TopMost Control v1.3](https://www.sordum.org/9182/window-topmost-control-v1-3/)
- | [BlueLife KeyFreeze](https://www.sordum.org/bluelife-keyfreeze)
- | [Download Firewall App Blocker v1.9](https://www.sordum.org/downloads/?firewall-app-blocker)
- | [Download PowerRun v1.7](https://www.sordum.org/downloads/?power-run)
- | [Download Reg Converter v1.2](https://www.sordum.org/downloads/?reg-converter)
- | [Download Sordum Monitor Off v1.1](https://www.sordum.org/downloads/?st-sordum-monitor-off)
- | [Download Windows Update Blocker v1.8](https://www.sordum.org/downloads/?st-windows-update-blocker)
- |
[Xterminal - 更好用的开发工具,但不止于(SSH/控制台/More)](https://www.terminal.icu/)
- |
[HashClash](https://www.win.tue.nl/hashclash/)
## 微信机器人
- [NGCBot V2.1](https://github.com/ngc660sec/NGCBot) 一个基于✨HOOK机制的微信机器人,支持🌱安全新闻定时推送【FreeBuf,先知,安全客,奇安信攻防社区】,👯Kfc文案,⚡备案查询,⚡手机号...
## 恶意网络流量模拟
- [flightsim v2.5.1](https://github.com/alphasoc/flightsim) A utility to safely generate malicious network traffic patterns an...
## 抓包软件
- 
[Reqable](https://reqable.com/zh-CN/)
- 
[Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Rever...](https://www.charlesproxy.com/)
- 
[HTTP Debugger - Debug HTTP API Calls to Back-ends](https://www.httpdebugger.com/)
## 报告模板
- [HackReport](https://github.com/awake1t/HackReport) 渗透测试报告/资料文档/渗透经验文档/安全书籍
## 按键精灵
- [KeymouseGo v5.1.1](https://github.com/taojy123/KeymouseGo) 类似按键精灵的鼠标键盘录制和自动化操作 模拟点击和键入 | automate mouse clicks and keyboard ...
## 数据库管理软件
- [dbeaver 24.2.1](https://github.com/dbeaver/dbeaver) Free universal database tool and SQL client
## 文件监控
- | [WindowsFileMonitor 1.0](https://github.com/shack2/WindowsFileMonitor) Window文件变化监控工具
## 文字识别
- [Umi-OCR v2.1.4](https://github.com/hiroi-sora/Umi-OCR) OCR software, free and offline. 开源、免费的离线OCR软件。支持截屏/批量导入图片,PDF文档识别,排除...
## 本地知识库
- [QAnything v2.0.0](https://github.com/netease-youdao/QAnything) Question and Answer based on Anything.
- [anything-llm v1.2.2](https://github.com/Mintplex-Labs/anything-llm) The all-in-one Desktop & Docker AI application with full RAG an...
- [Langchain-Chatchat v0.3.1](https://github.com/chatchat-space/Langchain-Chatchat) Langchain-Chatchat(原Langchain-ChatGLM)基于 Langchain 与 Chat...
## 机器学习
- [dddd_trainer](https://github.com/sml2h3/dddd_trainer) ddddocr训练工具
- [Augmentor](https://github.com/mdbloice/Augmentor) Image augmentation library in Python for machine learning.
## 歌声转换
- [so-vits-svc](https://github.com/svc-develop-team/so-vits-svc) SoftVC VITS Singing Voice Conversion
## 渗透测试报告辅助
- [APTRS](https://github.com/Anof-cyber/APTRS) Automated Penetration Testing Reporting System
- [pentest_report v1.0.0](https://github.com/dbgee/pentest_report) A pentest reporter generator
- [BugRepoter_0x727](https://github.com/0x727/BugRepoter_0x727) BugRepoter_0x727(自动化编写报告平台)根据安全团队定制化协同管理项目安全,可快速查找历史漏洞,批量导出报告。
- [WaterExp](https://github.com/linshaoSec/WaterExp) WaterExp:面向安服仔的 水报告模板和工具
- [Savior new](https://github.com/Mustard404/Savior) 渗透测试报告自动生成工具!
- [report v1.0.1](https://github.com/CTF-MissFeng/report) 乙方渗透测试漏洞报告管理系统
- [SAReport](https://github.com/1u0Hun/SAReport) 渗透测试自动化报告平台
## 漏洞信息采集与推送
- [watchvuln v2.0.0](https://github.com/zema1/watchvuln) 一个高价值漏洞采集与推送服务 | collect valueable vulnerability and push it
## 激活工具
- [Microsoft-Activation-Scripts](https://github.com/massgravel/Microsoft-Activation-Scripts)
## 生成虚假数据
- [faker v29.0.0](https://github.com/joke2k/faker) Faker is a Python package that generates fake data for you.
## 短信转发器
- [SmsForwarder v3.3.2](https://github.com/pppscn/SmsForwarder) 短信转发器——监控Android手机短信、来电、APP通知,并根据指定规则转发到其他手机:钉钉群自定义机器人、钉钉企业内机器人...
## 短信轰炸
- [SMSBoom main](https://github.com/OpenEthan/SMSBoom) SMSBoom - Deprecate: Due to judicial reasons, the repository has been ...
## 科学上网
- [v2rayfree](https://github.com/aiboboxx/v2rayfree) v2ray节点、免费节点、免费v2ray节点、最新公益免费v2ray节点订阅地址、免费v2ray节点每日更新、免费ss/v2ray/trojan节...
- [v2rayA v2.2.5.8](https://github.com/v2rayA/v2rayA) A web GUI client of Project V which supports VMess, VLESS, SS, SSR,...
- [free](https://github.com/freefq/free) 翻墙、免费翻墙、免费科学上网、免费节点、免费梯子、免费ss/v2ray/trojan节点、蓝灯、谷歌商店、翻墙梯子
- [trojan v2.15.3](https://github.com/Jrohy/trojan) trojan多用户管理部署程序, 支持web页面管理
## 签到脚本
- [faker3](https://github.com/shufflewzc/faker3)
- [dailycheckin 24.5.15](https://github.com/Sitoi/dailycheckin) 基于「Docker」/「青龙面板」/「群晖」的每日签到脚本(支持多账号)签到列表: |爱奇艺|全民K歌|有道云笔记|百度贴吧...
## 网站压测工具
- [dperf v1.7.0](https://github.com/baidu/dperf) dperf is a 100Gbps network load tester.
- [tcpburn 1.0.0](https://github.com/session-replay-tools/tcpburn) The most powerful tool for stress testing of Internet server applicat...
- [WebBench](https://github.com/EZLippi/WebBench) Webbench是Radim Kolar在1997年写的一个在linux下使用的非常简单的网站压测工具。它使用fork()模拟多个客户端同时访问我们...
## 语音合成
- [GPT-SoVITS 20240821v2](https://github.com/RVC-Boss/GPT-SoVITS) 1 min voice data can also be used to train a good TTS model! ...
- [OpenVoice](https://github.com/myshell-ai/OpenVoice) Instant voice cloning by MIT and MyShell.
## 软件及系统国内镜像
- [Thanks-Mirror](https://github.com/eryajf/Thanks-Mirror) 整理记录各个包管理器,系统镜像,以及常用软件的好用镜像,Thanks Mirror。 走过路过,如觉不错,麻烦点个赞👆🌟
## 远程软件
- | [1Remote 1.0.0](https://github.com/1Remote/1Remote) One Remote Access Manager to Rule Them All
- [FreeRDP 3.8.0](https://github.com/FreeRDP/FreeRDP) FreeRDP is a free remote desktop protocol library and clients
- [rustdesk 1.3.1](https://github.com/rustdesk/rustdesk) An open-source remote desktop application designed for self-hosting,...
- | [Quasar v1.4.1](https://github.com/quasar/Quasar) Remote Administration Tool for Windows
- |
[FileZilla - The free FTP solution](https://filezilla-project.org)
## 验证码生成
- [Calculate_Captcha v1.1](https://github.com/fupinglee/Calculate_Captcha) 计算验证码生成器,用于训练使用
## 验证码识别
- [StupidOCR](https://github.com/81NewArk/StupidOCR) 验证码识别
- [cnnyzm](https://github.com/hellokuls/cnnyzm) 用CNN识别验证码| python识别验证码| 训练验证码模型
- [code_identify](https://github.com/qianxiao996/code_identify) 验证码识别工具
# 红队
## Web漏洞利用库
### OA产品漏洞
#### OA综合
- [OA-EXPTOOL 0.83](https://github.com/LittleBear4/OA-EXPTOOL) OA综合利用工具,集合将近20款OA漏洞批量扫描
- | [MYExploit V2.0.4](https://github.com/achuna33/MYExploit) OAExploit一款基于产品的一键扫描工具。
#### 泛微OA
- | [WeaverScan 1.0](https://github.com/TD0U/WeaverScan) 泛微oa漏洞利用工具
- | [CNVD-2021-49104](https://github.com/bigsizeme/CNVD-2021-49104) CNVD-2021-49104——泛微E-Office文件上传漏洞
- [DBconfigReader](https://github.com/jas502n/DBconfigReader) 泛微ecology OA系统接口存在数据库配置信息泄露漏洞
- [Weaver-OA-E-cology-Database-Leak](https://github.com/NS-Sp4ce/Weaver-OA-E-cology-Database-Leak) 泛微OA数据库配置泄漏检测脚本
- [e-cology-OA-SQL](https://github.com/AdministratorGithub/e-cology-OA-SQL) 泛微 e-cology OA 前台SQL注入
- [e-cology](https://github.com/jas502n/e-cology) e-cology OA_Beanshell_RCE
#### 用友OA
- | [YONYOU-TOOL v2.0.9](https://github.com/Chave0v0/YONYOU-TOOL) 用友漏洞综合利用工具
- [fupo_for_yonyou V3](https://github.com/novysodope/fupo_for_yonyou) 用友漏洞检测,持续更新漏洞检测模块
- | [NCTOOls](https://github.com/wafinfo/NCTOOls) 一款针对用友NC综合漏洞利用工具
- | [YongYouNcTool 1.0](https://github.com/wgpsec/YongYouNcTool) 用友NC系列漏洞检测利用工具,支持一键检测、命令执行回显、文件落地、一键打入内存马、文件读取等
- [yonyou_exp_plus](https://github.com/li8u99/yonyou_exp_plus) 用友系列全漏洞检测工具
- [yonyou-nc-decrypter 0.1.0](https://github.com/woodpecker-appstore/yonyou-nc-decrypter) 用友 nc 系列密码解密
- | [SeeyonExploit-GUI](https://github.com/linshaoSec/SeeyonExploit-GUI) 致远OA综合利用工具
#### 致远OA
- | [PassDecode-jar v0.1](https://github.com/Rvn0xsy/PassDecode-jar) 帆软/致远密码解密工具
- [SeeyonExploit-GUI](https://github.com/God-Ok/SeeyonExploit-GUI) 致远OA综合利用工具V1.0
- [seeyon_exp](https://github.com/Summer177/seeyon_exp) 致远OA综合利用工具
- [A8-OA-seeyon-RCE](https://github.com/RayScri/A8-OA-seeyon-RCE) A Zhiyuan OA Collaborative Office Remote Code Execution Vulnerabil...
#### 蓝凌OA
- [Landray-OA-Treexml-Rce](https://github.com/tangxiaofeng7/Landray-OA-Treexml-Rce) 蓝凌OA远程代码执行漏洞批量检查
- [LandrayDES V1](https://github.com/zhutougg/LandrayDES) 蓝凌OA的前后台密码的加解密工具
#### 通达OA
- | [TongdaOATool v1.6](https://github.com/xiaokp7/TongdaOATool) 通达OA漏洞检测工具
- [TongdaScan_go 20230527](https://github.com/Fu5r0dah/TongdaScan_go) 通达OA漏洞检测工具-TongdaScan_go
- [TDOA_RCE v1.0](https://github.com/xinyu2428/TDOA_RCE) 通达OA综合利用工具
- [TongDaOA-Fake-User](https://github.com/NS-Sp4ce/TongDaOA-Fake-User) 通达OA 任意用户登录漏洞
- [TongDa-OA](https://github.com/OA-HUNTER/TongDa-OA) 通达OA一些漏洞点
### 产品or组件or框架漏洞
#### ActiveMQ
- | [ActiveMqRCE](https://github.com/Hutt0n0/ActiveMqRCE) 用java实现构造openwire协议,利用activeMQ < 5.18.3 RCE 回显利用 内存马注入
- | [ActiveMQ_RCE_Pro_Max AMQ](https://github.com/JaneMandy/ActiveMQ_RCE_Pro_Max) CVE-2023-46604
#### Apache Airflow
- [CVE-2022-40127](https://github.com/Mr-xn/CVE-2022-40127) Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC
#### Apache Dubbo
- | [dubbo-exp](https://github.com/threedr3am/dubbo-exp) dubbo快速利用exp,基本上老版本覆盖100%。
- | [Dubbo-Scan v1.0.1](https://github.com/YYHYlh/Dubbo-Scan) 一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
#### Apache Log4j
- [logging-log4j2 rel/2.24.0](https://github.com/apache/logging-log4j2) Apache Log4j 2 is a versatile, feature-rich, efficient lo...
- [log4j-shell-poc](https://github.com/kozmer/log4j-shell-poc) A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
- [log4j-scan v.1.1.0](https://github.com/fullhunt/log4j-scan) A fully automated, accurate, and extensive scanner for finding l...
- [log4jscanner v0.5.0](https://github.com/google/log4jscanner) A log4j vulnerability filesystem scanner and Go package for ana...
- [log4j2-intranet-scan 2-rar](https://github.com/k3rwin/log4j2-intranet-scan) log4j2内网扫描
- [Log4j2-CVE-2021-44228](https://github.com/jas502n/Log4j2-CVE-2021-44228) Remote Code Injection In Log4j
- [CVE-2021-44228-PoC-log4j-bypass-words](https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words) 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit ...
- [log4j2_vul_local_scanner](https://github.com/lijiejie/log4j2_vul_local_scanner) Log4j 漏洞本地检测脚本。 Scan all java processes on your host to ch...
- | [Log4j_RCE_Tool Log4j_RCE_Tool](https://github.com/inbug-team/Log4j_RCE_Tool) Log4j 多线程批量检测利用工具
#### Apache Shiro
- | [shiro_rce_tool](https://github.com/wyzxxz/shiro_rce_tool) shiro 反序列 命令执行辅助检测工具
- | [ShiroAttack2 4.7.0](https://github.com/SummerSec/ShiroAttack2) shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)修复原版中NoCC的问题 https://github.com/...
- | [Pyke-Shiro 0.3](https://github.com/sma11new/Pyke-Shiro) 复杂请求下的Shiro反序列化利用工具
- | [ShiroExp v1.3.1](https://github.com/safe6Sec/ShiroExp) shiro综合利用工具
- [shiro_check v1.5](https://github.com/Ggasdfg321/shiro_check) 批量对存在Shiro框架的目标爆破Key
- | [shiro-550-with-NoCC V1.1](https://github.com/dr0op/shiro-550-with-NoCC) Shiro-550 不依赖CC链利用工具
- [shiro_attack 2.2](https://github.com/j1anFen/shiro_attack) shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
- [shiro-exploit](https://github.com/Ares-X/shiro-exploit) Shiro反序列化利用工具,支持新版本(AES-GCM)Shiro的key爆破,配合ysoserial,生成回显Payload
- [ShiroScan](https://github.com/sv3nbeast/ShiroScan) Shiro<=1.2.4反序列化,一键检测工具
- [shiro-cve-2020-17523](https://github.com/jweny/shiro-cve-2020-17523) shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境
- | [ShiroExploit-Deprecated v2.51](https://github.com/feihong-cs/ShiroExploit-Deprecated) Shiro550/Shiro721 一键化利用工具,支持多种回显方式
- [SHIRO-550](https://github.com/jas502n/SHIRO-550) Shiro RememberMe 1.2.4 反序列化 漏洞
#### Apache Solr
- [Solr-SSRF](https://github.com/Henry4E36/Solr-SSRF) Apache Solr SSRF(CVE-2021-27905)
- [Apache-Solr-RCE](https://github.com/Imanfeng/Apache-Solr-RCE) Apache Solr Exploits 🌟
- [solr_exploit](https://github.com/1135/solr_exploit) Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit
- [solr-injection](https://github.com/veracode-research/solr-injection) Apache Solr Injection Research
- [CVE-2019-12409](https://github.com/jas502n/CVE-2019-12409) Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true")
- [solr_rce](https://github.com/jas502n/solr_rce) Apache Solr RCE via Velocity template
- [CVE-2019-0193](https://github.com/jas502n/CVE-2019-0193) Apache Solr DataImport Handler RCE
- [CVE-2019-0192](https://github.com/mpgn/CVE-2019-0192) RCE on Apache Solr using deserialization of untrusted data via jmx.se...
#### Apache Struts2
- | [Struts2VulsScanTools v19.32](https://github.com/abc123info/Struts2VulsScanTools) 1、点击“检测漏洞”,会自动检测该URL是否存在S2-001、S2-005、S2-009、S2-013、S2-...
- [STS2G 1.0](https://github.com/xfiftyone/STS2G) Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
- [Struts2-Scan](https://github.com/HatBoy/Struts2-Scan) Struts2全漏洞扫描利用工具
- [S2-061](https://github.com/EvilPulsar/S2-061) some struts tag , attributes which out of the range will call SetDynamicAtt...
- [CVE-2019-0230](https://github.com/ramoncjs3/CVE-2019-0230) CVE-2019-0230 & s2-059 poc.
- | [Struts2VulsTools 2.3.20190927](https://github.com/shack2/Struts2VulsTools) Struts2系列漏洞检查工具
- [struts-scan](https://github.com/Lucifer1993/struts-scan) Python2编写的struts2漏洞全版本检测和利用工具
- [struts-pwn_CVE-2018-11776](https://github.com/mazen160/struts-pwn_CVE-2018-11776) An exploit for Apache Struts CVE-2018-11776
- [struts-pwn](https://github.com/mazen160/struts-pwn) An exploit for Apache Struts CVE-2017-5638
- [Struts-S2-xxx](https://github.com/sie504/Struts-S2-xxx) 整理收集Struts2漏洞环境
- [struts-pwn_CVE-2017-9805](https://github.com/mazen160/struts-pwn_CVE-2017-9805) An exploit for Apache Struts CVE-2017-9805
- [S2-053-CVE-2017-12611](https://github.com/brianwrf/S2-053-CVE-2017-12611) A simple script for exploit RCE for Struts 2 S2-053(CVE-2017-...
- [Struts2Environment](https://github.com/wh1t3p1g/Struts2Environment) Struts2 历史版本的漏洞环境
- [StrutScan](https://github.com/riusksk/StrutScan) Struts2 Vuls Scanner base perl script
- [s2-016-exp](https://github.com/OneSourceCat/s2-016-exp) S2-016 Exploit && Scanner
#### Apache Superset
- [CVE-2023-27524](https://github.com/horizon3ai/CVE-2023-27524) Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apac...
#### Apache Tomcat
- | [TomcatScanPro TomcatScanPro](https://github.com/lizhianyuguangming/TomcatScanPro) 最新tomcat自动化漏洞扫描利用工具,支持批量弱口令检测、后台部署war包getshell、CVE-2017...
- | [TomcatVuln v1.0.1](https://github.com/errors11/TomcatVuln) Tomcat漏洞利用工具
- | [Tomcat_PUT_GUI_EXP 1.4](https://github.com/xiaokp7/Tomcat_PUT_GUI_EXP) Tomcat PUT方法任意文件写入(CVE-2017-12615)exp
- | [AttackTomcat V1](https://github.com/tpt11fb/AttackTomcat) Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证...
- [CVE-2020-9484](https://github.com/IdealDreamLast/CVE-2020-9484) 用Kali 2.0复现Apache Tomcat Session反序列化代码执行漏洞
- [CVE-2017-12615](https://github.com/breaktoprotect/CVE-2017-12615) POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerabi...
- [CVE-2019-0232](https://github.com/pyn3rd/CVE-2019-0232) Apache Tomcat Remote Code Execution on Windows
- [CVE-2019-0232](https://github.com/jas502n/CVE-2019-0232) Apache Tomcat Remote Code Execution on Windows - CGI-BIN
- [CVE-2017-12617](https://github.com/cyberheartmi9/CVE-2017-12617) Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP U...
#### CAS
- [CAS_EXP 0.0.1](https://github.com/langligelang/CAS_EXP) CAS 硬编码 远程代码执行漏洞
#### Confluence
- | [ConfluenceMemshell V1.1](https://github.com/Lotus6/ConfluenceMemshell) Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入
- [CVE-2022-26134-Godzilla-MEMSHELL V1.0](https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL)
#### Coremail
- | [coremail-address-book 0.0.2](https://github.com/dpu/coremail-address-book) 📧Coremail邮件系统组织通讯录导出脚本
#### Druid
- | [druid_sessions 1.2](https://github.com/yuyan-sec/druid_sessions) 获取 alibaba druid 一些 sessions , sql , urls
#### FastAdmin
- [FastAdmin-exp](https://github.com/3xsh0re/FastAdmin-exp)
#### Fastjson
- | [JsonExp v1.4.1](https://github.com/smallfox233/JsonExp) fastjson漏洞批量检测工具
- [Fastjson](https://github.com/safe6Sec/Fastjson) Fastjson姿势技巧集合
- [fastjson 1.2.83](https://github.com/alibaba/fastjson) FASTJSON 2.0.x has been released, faster and more secure, recommend...
- [FastjsonScan v1.1](https://github.com/a1phaboy/FastjsonScan) Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ...
- [fastjsonVul](https://github.com/Lonely-night/fastjsonVul) fastjson 80 远程代码执行漏洞复现
- [FastjsonVulns](https://github.com/hosch3n/FastjsonVulns) [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote cla...
- [fastjson-check beta](https://github.com/bigsizeme/fastjson-check) fastjson 被动扫描、不出网payload生成
- [FastJsonAttack](https://github.com/W1one/FastJsonAttack) fastjson全版本漏洞利用工具,只支持POST
- [fastjson_rec_exploit](https://github.com/mrknow001/fastjson_rec_exploit) fastjson一键命令执行
- [fastjson-autotype-bypass-demo](https://github.com/iSafeBlue/fastjson-autotype-bypass-demo) fastjson 1.2.68 版本 autotype bypass
- | [FastjsonExploit](https://github.com/c0ny1/FastjsonExploit) Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利...
- [file/releases/download/FastJson_JackSon.zip](https://github.com/20142995/file/releases/download/FastJson_JackSon.zip)
#### Grafana
- | [grafanaExp v1.4](https://github.com/A-D-Team/grafanaExp) A exploit tool for Grafana Unauthorized arbitrary file reading vuln...
#### Hikvision
- | [Hikvision- hikvsiondvz](https://github.com/MInggongK/Hikvision-) Hikvision综合漏洞利用工具
- | [HikvisionDecode](https://github.com/baogod404/HikvisionDecode)
- | [Hikvision](https://github.com/wafinfo/Hikvision) 海康威视综合安防平台后渗透利用工具
- [PostHikvision](https://github.com/Conan924/PostHikvision)
- [hikvision-decrypter](https://github.com/WormChickenWizard/hikvision-decrypter)
#### IIS
- [iis7.5-10.x-ShortNameFuzz iisScanIIS10](https://github.com/abc123info/iis7.5-10.x-ShortNameFuzz) iis高版本短文件名猜解脚本,适用于iis7.5~10.x版本的iis中间件。
- [IIS-ShortName-Scanner](https://github.com/irsdl/IIS-ShortName-Scanner) latest version of scanners for IIS short filename (8.3) discl...
- | [IIS_shortname_Scanner](https://github.com/lijiejie/IIS_shortname_Scanner) an IIS shortname Scanner
#### JBoss
- | [JavaJboss v1.0](https://github.com/20142995/JavaJboss)
- | [jboss-_CVE-2017-12149](https://github.com/yunxu1/jboss-_CVE-2017-12149) CVE-2017-12149 jboss反序列化 可回显
- | [jexboss](https://github.com/joaomatosf/jexboss) JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploi...
#### Jeecg
- | [Jeecg_Tools v1.0](https://github.com/K-7H7l/Jeecg_Tools) 本工具为jeecg框架漏洞利用工具非jeecg-boot!
#### JeecgBoot
- | [jeecg- jeecgdg](https://github.com/MInggongK/jeecg-) jeecg综合漏洞利用工具
#### Jenkins
- | [CVE-2024-43044-jenkins](https://github.com/convisolabs/CVE-2024-43044-jenkins) Exploit for the vulnerability CVE-2024-43044 in Jenkins
- | [JenkinsExploit-GUI v1.3](https://github.com/TheBeastofwar/JenkinsExploit-GUI) 一款Jenkins的综合漏洞利用工具
- [CVE-2024-23897](https://github.com/xaitax/CVE-2024-23897) CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner.
- | [JenkinsExploitGUI v1.0](https://github.com/charonlight/JenkinsExploitGUI) Jenkins CLI 任意文件读取漏洞检查工具
- [Jenkins](https://github.com/blackye/Jenkins) Jenkins漏洞探测、用户抓取爆破
#### JumpServer
- | [blackjump](https://github.com/tarihub/blackjump) JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RC...
#### Nacos
- | [NacosExploit v1.0.1](https://github.com/h0ny/NacosExploit) Nacos 综合利用工具
- | [NacosExploitGUI v7.0](https://github.com/charonlight/NacosExploitGUI) Nacos漏洞综合利用GUI工具,集成了默认口令漏洞、SQL注入漏洞、身份认证绕过漏洞、反序列化漏洞的检测及其利用
- | [NacosExploit v1.1](https://github.com/Conan924/NacosExploit) NacosExploit 命令执行 内存马等利用
- [HKEcho_Nacos](https://github.com/HKEcho5213/HKEcho_Nacos)
- [NacosRce v0.5](https://github.com/c0olw/NacosRce) Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用
#### SmartBI
- | [SmartBIAttackTool v1.0](https://github.com/yggo/SmartBIAttackTool) SmartBI 登录代码逻辑漏洞导致的远程代码执行利用工具
#### Spring Boot
- | [SpringBootVul-GUI v0.0.9](https://github.com/wh1t3zer/SpringBootVul-GUI) 一个半自动化springboot打点工具,内置目前springboot所有漏洞
- | [SpringBoot-Scan 2.56](https://github.com/AabyssZG/SpringBoot-Scan) 针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
- | [SpringExploitGUI v1.5](https://github.com/charonlight/SpringExploitGUI) 一款Spring综合漏洞的利用工具,工具支持多个Spring相关漏洞的检测以及利用
- | [SpringBoot-Scan-GUI v1.2.4](https://github.com/13exp/SpringBoot-Scan-GUI)
- | [Spring_All_Reachable v2.1](https://github.com/savior-only/Spring_All_Reachable) Spring漏洞综合利用工具
- | [SpringBootExploit 1.3](https://github.com/0x727/SpringBootExploit) 项目是根据LandGrey/SpringBootVulExploit清单编写,目的hvv期间快速利用漏洞、降低漏洞利用门槛。
- | [SpringExploit 0.1.9](https://github.com/SummerSec/SpringExploit) 🚀 一款为了学习go而诞生的漏洞利用工具
- [YYBaby-Spring_Scan](https://github.com/CllmsyK/YYBaby-Spring_Scan)
- [springboot_scan](https://github.com/Muhansrc/springboot_scan)
#### ThinkCMF
- | [ThinkCMF_getshell](https://github.com/jas502n/ThinkCMF_getshell) ThinkCMF 框架上的任意内容包含漏洞
#### Thinkphp
- [ThinkAdmin v6.1.67](https://github.com/zoujingli/ThinkAdmin) 基于 ThinkPHP6 的极简后台管理系统,内置注解权限、异步多任务、应用插件生态等,支持类 PaaS 更新公共模块和应用插件...
- | [Tp_Attack_GUI v2.0](https://github.com/XiLitter/Tp_Attack_GUI) 自研的利用JavaFX技术编写的针对于Thinkphp框架的图形化漏洞扫描工具,漏洞包括多版本的命令执行和日志泄露
- [Aazhen-RexHa](https://github.com/zangcc/Aazhen-RexHa) 自研JavaFX图形化漏洞扫描工具,支持扫描的漏洞分别是: ThinkPHP-2.x-RCE, ThinkPHP-5.0.23-RCE, T...
- [VulnerabilityTools](https://github.com/bingtangbanli/VulnerabilityTools) [CVE_2023_28432漏洞 、CVE_2023_32315漏洞、 ThinkPHP 2.x 任意代码执行漏洞 、Thin...
- [fastadmin](https://github.com/karsonzhang/fastadmin) 基于 ThinkPHP5 和 Bootstrap 的极速后台开发框架,一键生成 CRUD,自动生成控制器、模型、视图、JS、语言包、菜单、回收站。
- [TPscan](https://github.com/Lucifer1993/TPscan) 一键ThinkPHP漏洞检测
- | [thinkphp_gui_tools v2.4.2](https://github.com/bewhale/thinkphp_gui_tools) ThinkPHP漏洞综合利用工具, 图形化界面, 命令执行, 一键getshell, 批量检测, 日志遍历, se...
- | [ThinkphpGUI 1.3](https://github.com/Lotus6/ThinkphpGUI) Thinkphp(GUI)漏洞利用工具,支持各版本TP漏洞检测,命令执行,getshell。
- [ThinkphpRCE](https://github.com/sukabuliet/ThinkphpRCE) Thinkphp rce扫描脚本,附带日志扫描
- [ThinkPHP-Vuln](https://github.com/Mochazz/ThinkPHP-Vuln) 关于ThinkPHP框架的历史漏洞分析集合
- [thinkphp-RCE-POC-Collection](https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection) thinkphp v5.x 远程代码执行漏洞-POC集合
- [tp5-getshell](https://github.com/theLSA/tp5-getshell) thinkphp5 rce getshell
- [tphack](https://github.com/whirlwind110/tphack) Thinkphp3/5 Log文件泄漏利用工具
- [ThinkPHPGUI](https://github.com/AgonySec/ThinkPHPGUI)
#### Weblogic
- [CVE-2024-21006 v1.0](https://github.com/dadvlingd/CVE-2024-21006)
- | [WeblogicTool v1.3](https://github.com/KimJun1010/WeblogicTool) WeblogicTool,GUI漏洞利用工具,支持漏洞检测、命令执行、内存马注入、密码解密等(深信服深蓝实验室天威战队强力驱动)
- [CVE-2020-2551](https://github.com/hktalent/CVE-2020-2551) how detect CVE-2020-2551 poc exploit python Weblogic RCE with IIOP
- [CVE-2020-2555](https://github.com/Y4er/CVE-2020-2555) Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE
- [weblogicScanner](https://github.com/0xn0ne/weblogicScanner) weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016...
- [WeblogicExploit-GUI WeblogicExploit-GUI](https://github.com/sp4zcmd/WeblogicExploit-GUI) Weblogic漏洞利用图形化工具 支持注入内存马、一键上传webshell、命令执行
- [weblogic-framework v0.2.3](https://github.com/dream0x01/weblogic-framework) weblogic-framework is the best tool for detecting weblogi...
- [CVE-2020-14756](https://github.com/Y4er/CVE-2020-14756) WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar
- [WebLogicPasswordDecryptorUi v2.0](https://github.com/Ch1ngg/WebLogicPasswordDecryptorUi) 解密weblogic AES或DES加密方法
- [WeblogicScanLot](https://github.com/rabbitmask/WeblogicScanLot) WeblogicScanLot系列,Weblogic漏洞批量检测工具,V2.2
- [CVE-2020-14645](https://github.com/Y4er/CVE-2020-14645) Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabas...
- [CVE-2020-2883](https://github.com/Y4er/CVE-2020-2883) Weblogic coherence.jar RCE
- [WeblogicEnvironment](https://github.com/QAX-A-Team/WeblogicEnvironment) Weblogic环境搭建工具
- [CVE-2020-2551](https://github.com/Y4er/CVE-2020-2551) Weblogic IIOP CVE-2020-2551
- [CVE-2020-2551](https://github.com/jas502n/CVE-2020-2551) Weblogic RCE with IIOP
- [CVE-2019-2890](https://github.com/jas502n/CVE-2019-2890) CVE-2019-2890 WebLogic 反序列化RCE漏洞
- [Decrypt_Weblogic_Password](https://github.com/TideSec/Decrypt_Weblogic_Password) 搜集了市面上绝大部分weblogic解密方式,整理了7种解密weblogic的方法及响应工具。
- | [javaserializetools 1.0.20190828](https://github.com/shack2/javaserializetools) Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具,采用JDK 1.8+N...
- [Weblogic](https://github.com/black-mirror/Weblogic) Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执行
- [WeblogicScan](https://github.com/dr0op/WeblogicScan) 增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持
- [CNVD-C-2019-48814](https://github.com/jas502n/CNVD-C-2019-48814) WebLogic wls9-async反序列化远程命令执行漏洞
- | [WebLogic_CNVD_C2019_48814 1](https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814) WebLogic CNVD-C-2019_48814 CVE-2017-10271 Scan By 7kbstorm
- [cve-2019-2618](https://github.com/jas502n/cve-2019-2618) Weblogic Upload Vuln(Need username password)-CVE-2019-2618
- [CVE-2018-2894](https://github.com/LandGrey/CVE-2018-2894) CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script
- [CVE-2017-10271](https://github.com/1337g/CVE-2017-10271) CVE-2017-10271 WEBLOGIC RCE (TESTED)
#### XXL-JOB
- | [xxl-jobExploitGUI v1.0](https://github.com/charonlight/xxl-jobExploitGUI) xxl-job最新漏洞利用工具
#### YApi
- | [YApiRCE](https://github.com/Tas9er/YApiRCE) Code By:Tas9er / YApi接口管理平台远程命令执行
#### django
- [djangohunter](https://github.com/jimywork/djangohunter) Tool designed to help identify incorrectly configured Django applicati...
#### docker
- [DockerApiRCE](https://github.com/0xchang/DockerApiRCE)
#### joom
- | [joomscan 0.0.7](https://github.com/OWASP/joomscan) OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
#### vmware
- | [VcenterKiller v1.3.7](https://github.com/Schira4396/VcenterKiller) 一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-...
- | [Vm4J](https://github.com/NS-Sp4ce/Vm4J) A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.S...
#### wordpress
- [Wordpresscan](https://github.com/swisskyrepo/Wordpresscan) WPScan rewritten in Python + some WPSeku ideas
- [wphunter](https://github.com/Jamalc0m/wphunter) WPHunter A Wordpress Vulnerability Scanner
#### 大华
- | [dahuaExploitGUI dahuafdsfs](https://github.com/MInggongK/dahuaExploitGUI) dahua综合漏洞利用工具
- | [DahuaConsole](https://github.com/mcw0/DahuaConsole) Dahua Console, access internal debug console and/or other researched f...
#### 帆软
- | [FrchannelPlus FrchannelPlus](https://github.com/BambiZombie/FrchannelPlus) 帆软bi反序列化漏洞利用工具
- [Frchannel 1](https://github.com/yecp181/Frchannel) 帆软bi反序列化漏洞利用工具
#### 禅道
- [ZentaoExploitGUI v1.1](https://github.com/charonlight/ZentaoExploitGUI) 禅道最新身份认证绕过漏洞利用工具
#### 若依
- | [ruoyiVuln v1.0](https://github.com/20142995/ruoyiVuln)
- | [RuoYiExploitGUI v1.0](https://github.com/charonlight/RuoYiExploitGUI) 若依最新定时任务SQL注入可导致RCE漏洞的一键利用工具
- [Ruoyi-All](https://github.com/passer-W/Ruoyi-All)
#### 赛蓝企业管理系统
- [CailsoftVulCheck](https://github.com/Seven1an/CailsoftVulCheck)
### 信息泄露漏洞
#### .DS_Store泄露
- | [ds_store_exp](https://github.com/lijiejie/ds_store_exp) A .DS_Store file disclosure exploit. It parses .DS_Store file and do...
#### .git泄露
- [git-dumper](https://github.com/arthaud/git-dumper) A tool to dump a git repository from a website
- | [GitHacker](https://github.com/WangYihang/GitHacker) 🕷️ A `.git` folder exploiting tool that is able to restore the entire Git...
- | [GitHack](https://github.com/lijiejie/GitHack) A `.git` folder disclosure exploit
- [GitDorker](https://github.com/obheda12/GitDorker) A Python program to scrape secrets from GitHub through usage of a large r...
- [Git_Extract](https://github.com/gakki429/Git_Extract) 提取远程 git 泄露或本地 git 的工具
- | [GitHack](https://github.com/BugScanTeam/GitHack) .git 泄漏利用工具,可还原历史版本
- [scrabble](https://github.com/denny0223/scrabble) Simple tool to recover .git folder from remote server
#### .svn泄露
- | [svnExploit](https://github.com/admintony/svnExploit) SvnExploit支持SVN源代码泄露全版本Dump源码
- [svnhack](https://github.com/shengqi158/svnhack) 用于还原svn仓库,支持1.6,1.7
#### Webpack接口
- | [Packer-Fuzzer v1.4](https://github.com/rtcatc/Packer-Fuzzer) Packer Fuzzer is a fast and efficient scanner for security detec...
- [SourceDetector-dist](https://github.com/Lz1y/SourceDetector-dist) 编译好的SourceDetector,这小b登编译一次真折磨人!!!
#### heapdump泄露
- | [heapdump_tool v1.0](https://github.com/20142995/heapdump_tool)
- [heapdump_tool](https://github.com/wyzxxz/heapdump_tool) heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等
- | [JDumpSpider dev-20240308T053242](https://github.com/whwlsfb/JDumpSpider) HeapDump敏感信息提取工具
#### idea
- | [idea_exploit](https://github.com/lijiejie/idea_exploit) Gather sensitive information from (.idea) folder for pentesters
#### key泄露
- | [cloudSec v1.2.2](https://github.com/libaibaia/cloudSec) 云安全利用工具-云平台AK/SK-WEB利用工具,添加AK/SK自动检测资源,无需手动执行,支持云服务器、存储桶、数据库操作
- | [OSSFileBrowse v1.1](https://github.com/jdr2021/OSSFileBrowse) 存储桶遍历漏洞利用工具
- | [API-Explorer v2.1.0](https://github.com/mrknow001/API-Explorer) API接口管理工具(目前内置微信公众号、微信小程序、企业微信、飞书、钉钉等)
- | [cloudTools main-2024-03-14](https://github.com/dark-kingA/cloudTools) 云资产管理工具 目前工具定位是云安全相关工具,目前是两个模块 云存储工具、云服务工具, 云存储工具主要是针对os...
- [accesskey_tools](https://github.com/kohlersbtuh15/accesskey_tools) 阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具,...
- | [aksk_tool](https://github.com/wyzxxz/aksk_tool) AK资源管理工具,阿里云/腾讯云/华为云/AWS/UCLOUD/京东云/百度云/七牛云存储 AccessKey AccessKeySecret,...
- | [API-T00L v1.3](https://github.com/pykiller/API-T00L) 互联网厂商API利用工具。
- | [Cloud-Bucket-Leak-Detection-Tools v0.4.0](https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools) 六大云存储,泄露利用检测工具
- | [aliyun-accesskey-Tools v1.3](https://github.com/mrknow001/aliyun-accesskey-Tools) 阿里云accesskey利用工具
- | [AliyunAccessKeyTools 1.0](https://github.com/NS-Sp4ce/AliyunAccessKeyTools) 阿里云AccessKey泄漏利用工具
#### swagger接口
- | [swagger-exp](https://github.com/lijiejie/swagger-exp) A Swagger API Exploit
- [swagger-hack](https://github.com/jayus0821/swagger-hack) 自动化爬取并自动测试所有swagger接口
#### 代码泄露综合
- [dumpall v0.4.0](https://github.com/0xHJK/dumpall) 一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出
- | [dvcs-ripper](https://github.com/kost/dvcs-ripper) Rip web accessible (distributed) version control systems: SVN/GIT/HG...
#### 敏感数据泄露
- [SecretFinder](https://github.com/m4ll0k/SecretFinder) SecretFinder - A python script for find sensitive data (apikeys, acces...
- [Mantra v2.0](https://github.com/MrEmpy/Mantra) 「🔑」A tool used to hunt down API key leaks in JS files and pages
- [JSFScan.sh](https://github.com/KathanP19/JSFScan.sh) Automation for javascript recon in bug bounty.
#### 邮件密码泄露
- [Cr3dOv3r](https://github.com/D4Vinci/Cr3dOv3r) Know the dangers of credential reuse attacks.
### 其他
- [muou v0.0.1](https://github.com/gojue/muou) 网络包测试工具
- | [poc2jar 0.68](https://github.com/f0ng/poc2jar) Java编写,Python作为辅助依赖的漏洞验证、利用工具,添加了进程查找模块、编码模块、命令模块、常见漏洞利用GUI模块、shiro re...
### 半自动化漏洞利用
- | [EquationToolsGUI V0.3](https://github.com/abc123info/EquationToolsGUI) 本程序为美国NSA的方程式工具包图形界面版,由ABC_123于2017年开始编写,仅用来扫描和验证MS17-010、MS0...
- | [I-Wanna-Get-All I-Wanna-Get-All-v1.3](https://github.com/R4gd0ll/I-Wanna-Get-All) OA漏洞利用工具
- [Goby Beta2.2.0](https://github.com/gobysec/Goby) Attack surface mapping
- | [zpscan v1.8.39](https://github.com/niudaii/zpscan) 一个有点好用的信息收集工具。A somewhat useful information gathering tool.
- | [railgun v1.5.5](https://github.com/lz520520/railgun)
### 在线辅助
#### DNSLOG平台
- 
[CEYE - Monitor service for security testing](http://ceye.io)
- 
[登录 - DNSlog System](http://dnslog.pw/)
- [登录 - DNSlog System](http://dnslog.pw/login)
- 
[登录](http://eyes.sh)
- 
[DNSLog Platform](http://www.dnslog.cn)
- [Interactsh | Web Client](https://app.interactsh.com/#/)
- 
[Just a moment...](https://dig.pm)
- [Just a moment...](https://dig.pm/)
- [Plumb](https://github.com/0x584A/Plumb)
- 
[CallBack.Red Dns、Http、Rmi、Ldap Log、CmdtoDNSLog](https://www.callback.red)
- 
[T00ls | 低调求发展 - 潜心习安全](https://www.t00ls.com/dnslog.html)
#### 匿名短信
- 
[Just a moment...](https://5sim.net/)
- 
[Just a moment...](https://sms-activate.org/)
- 
[Voice](https://voice.google.com/)
#### 匿名网盘
- 
[MediaFire - File sharing and storage made simple](https://app.mediafire.com/)
- 
[TMPLINK](https://app.tmp.link/)
- 
[Catbox](https://catbox.moe/)
- 
[奶牛快传|免费大文件传输工具,上传下载不限速 CowTransfer | Unlimited Send Large Files](https://cowtransfer.com/)
- 
[Gofile - Your all-in-one storage solution](https://gofile.io/)
- 
[文叔叔 - 传文件,找文叔叔(永不限速)](https://www.wenshushu.cn/)
#### 匿名邮箱
- 
[临时邮箱、十分钟邮箱(10分钟)、临时邮、临时Email、快速注册Email、24Mail--查错网](http://24mail.chacuo.net/)
- 
[Proton Mail](https://mail.protonmail.com/)
- 
[Just a moment...](https://temp-mail.org/)
- 
[Just a moment...](https://tools.emailhippo.com/)
- 
[Snapmail - The fastest way to test email!](https://www.snapmail.cc/)
- 
[短信接收 - 云短信 - 第1页 - 在线短信接收](https://www.storytrain.info/)
#### 反弹shell
- [[~]#棱角 ::Edge.Forum*](https://forum.ywhack.com/shell.php)
#### 文件下载
- [[~]#棱角 ::Edge.Forum*](https://forum.ywhack.com/bountytips.php?download)
#### 杀软进程识别
- [[~]#棱角 ::Edge.Forum*](https://forum.ywhack.com/bountytips.php?process)
### 子域接管
- [SubOver v1.2](https://github.com/Ice3man543/SubOver) A Powerful Subdomain Takeover Tool
### 常规web漏洞
#### CLRF
- | [CRLFsuite v2.5.2](https://github.com/Raghavd3v/CRLFsuite) The most powerful CRLF injection (HTTP Response Splitting) scanner.
#### CORS
- | [CORScanner 1.0.1](https://github.com/chenjj/CORScanner) 🎯 Fast CORS misconfiguration vulnerabilities scanner
#### DOS
- [slowhttptest v1.9.0](https://github.com/shekyan/slowhttptest) Application Layer DoS attack simulator
#### JWT
- [JWT4B 2.7](https://github.com/ozzi-/JWT4B) JWT Support for Burp
- | [jwt_tool v2.2.7](https://github.com/ticarpi/jwt_tool) :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
- | [jwt-hack v1.2.0](https://github.com/hahwul/jwt-hack) 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported...
- | [JWT_GUI replace_brute_error](https://github.com/Aiyflowers/JWT_GUI) 基于pyqt5和pyjwt实现的jwt加解密爆破一体化工具(ps:其实是水的python课设)
- [RS256-2-HS256](https://github.com/3v4Si0N/RS256-2-HS256) JWT Attack to change the algorithm RS256 to HS256
- | [JWTPyCrack](https://github.com/Ch1ngg/JWTPyCrack) JWT 弱口令 Key 爆破以及生成 NONE 加密的无 Key 的 JWTString
- [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) JWT brute force cracker written in C
- [jwt-fuzzer](https://github.com/andresriancho/jwt-fuzzer) JWT fuzzer
#### SQL注入
- [sqlmap 1.8](https://github.com/sqlmapproject/sqlmap) Automatic SQL injection and database takeover tool
- [ghauri 1.3.7](https://github.com/r0oth3x49/ghauri) An advanced cross-platform tool that automates the process of detectin...
- [sqlmap-gui sqlmap-gui-v1.7](https://github.com/honmashironeko/sqlmap-gui) 基于官版本 SQLMAP 进行人工汉化,并提供GUI界面及多个自动化脚本
- [PowerUpSQL](https://github.com/NetSPI/PowerUpSQL) PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
- | [CN_Sqlmap V1.7.1.1](https://github.com/BugFor-Pings/CN_Sqlmap) 汉化版sqlmap,对于英语不好的朋友们很友好。本项目由sqlmap汉化而来,支持Python3及全系统,v2细节也已汉化,全开...
- [jsql-injection](https://github.com/ron190/jsql-injection) jSQL Injection is a Java application for automatic SQL database inje...
- | [NoSQLMap 0.5](https://github.com/codingo/NoSQLMap) Automated NoSQL database enumeration and web application exploitation ...
- [MSSQL_SQL_BYPASS_WIKI](https://github.com/aleenzz/MSSQL_SQL_BYPASS_WIKI) MSSQL注入提权,bypass的一些总结
- [MYSQL_SQL_BYPASS_WIKI](https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI) mysql注入,bypass的一些心得
- | [Advanced-SQL-Injection-Cheatsheet](https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet) A cheat sheet that contains advanced queries for ...
- [injectbot](https://github.com/tariqhawis/injectbot) GUI SQL Injection scannig tool
- | [sql-injection-payload-list](https://github.com/payloadbox/sql-injection-payload-list) 🎯 SQL Injection Payload List
- | [SuperSQLInjectionV1 1.0.2020.12.14](https://github.com/shack2/SuperSQLInjectionV1) 超级SQL注入工具(SSQLInjection)是一款基于HTTP协议自组包的SQL注入工具,采...
- [mongoaudit](https://github.com/stampery/mongoaudit) 🔥 A powerful MongoDB auditing and pentesting tool 🔥
- [NoSQLAttack](https://github.com/youngyangyang04/NoSQLAttack) NoSQLAttack is an open source Python tool to automate exploit MongoDB s...
- [DSSS](https://github.com/stamparm/DSSS) Damn Small SQLi Scanner
- [sqlmate](https://github.com/s0md3v/sqlmate) A friend of SQLmap which will do what you always expected from SQLmap.
- [Blisqy](https://github.com/JohnTroony/Blisqy) Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/...
- [bbqsql](https://github.com/CiscoCXSecurity/bbqsql) SQL Injection Exploitation Tool
- [sqliv](https://github.com/the-robot/sqliv) massive SQL injection vulnerability scanner
- [Nosql-Exploitation-Framework](https://github.com/torque59/Nosql-Exploitation-Framework) A Python Framework For NoSQL Scanning and Exploitation
- [whitewidow](https://github.com/WhitewidowScanner/whitewidow) SQL Vulnerability Scanner
- [SQLiScanner](https://github.com/0xbug/SQLiScanner) Automatic SQL injection with Charles and sqlmap api
- [blindy](https://github.com/agienka/blindy) Simple script to automate brutforcing blind sql injection vulnerabilities
- [Fox-scan](https://github.com/fengxuangit/Fox-scan) Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.
- |
[sqlmap: automatic SQL injection and database takeover tool](https://sqlmap.org/)
#### SSRF
- | [SSRFmap](https://github.com/swisskyrepo/SSRFmap) Automatic SSRF fuzzer and exploitation tool
- [SSRFire](https://github.com/ksharinarayanan/SSRFire) An automated SSRF finder. Just give the domain name and your server and chi...
- [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) A simple SSRF-testing sheriff written in Go
#### SSTI
- | [Fenjing v0.6.9](https://github.com/Marven11/Fenjing) 专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing W...
- | [SSTImap v1.2](https://github.com/vladko312/SSTImap) Automatic SSTI detection tool with interactive interface
- | [tplmap v0.5](https://github.com/epinna/tplmap) Server-Side Template Injection and Code Injection Detection and Exploit...
- [ssti-payload](https://github.com/VikasVarshney/ssti-payload) SSTI Payload Generator
#### XSS
- | [dalfox v2.9.3](https://github.com/hahwul/dalfox) 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused o...
- [Chromium-based-XSS-Taint-Tracking v0.3](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) Cyclops 是一款具有 XSS 检测功能的浏览器
- [beef v0.5.4.0](https://github.com/beefproject/beef) The Browser Exploitation Framework Project
- [domdig v1.1.0](https://github.com/fcavallarin/domdig) DOM XSS scanner for Single Page Applications
- [shuriken v1.2.0](https://github.com/shogunlab/shuriken) Cross-Site Scripting (XSS) command line tool for testing lists of X...
- [xssplatform v1.0](https://github.com/78778443/xssplatform) 一个经典的XSS渗透管理平台
- [xsscrapy](https://github.com/DanMcInerney/xsscrapy) XSS spider - 66/66 wavsep XSS detected
- | [XSStrike 3.1.5](https://github.com/s0md3v/XSStrike) Most advanced XSS scanner.
- [findom-xss](https://github.com/dwisiswant0/findom-xss) A fast DOM based XSS vulnerability scanner with simplicity.
- | [PwnXSS](https://github.com/pwn0sec/PwnXSS) PwnXSS: Vulnerability (XSS) scanner exploit
- [XSSTRON](https://github.com/RenwaX23/XSSTRON) Electron JS Browser To Find XSS Vulnerabilities Automatically
- [DSXS](https://github.com/stamparm/DSXS) Damn Small XSS Scanner
- [NoXss](https://github.com/lwzSoviet/NoXss) Faster xss scanner,support reflected-xss and dom-xss
- | [xssor2](https://github.com/evilcos/xssor2) XSS'OR - Hack with JavaScript.
- [autoFindXssAndCsrf](https://github.com/BlackHole1/autoFindXssAndCsrf) 自动化检测页面是否存在XSS和CSRF漏洞的浏览器插件(A plugin for browser that checks aut...
- [xssor](https://github.com/evilcos/xssor) XSSOR:方便XSS与CSRF的工具,http://evilcos.me/lab/xssor/
- [XSSTracer](https://github.com/1N3/XSSTracer) A small python script to check for Cross-Site Tracing (XST)
- [xss_scan](https://github.com/Q2h1Cg/xss_scan) XSS Scan
#### XXE
- [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) A tool for embedding XXE/XML exploits into different filetypes
- [docem 1.5](https://github.com/whitel1st/docem) A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (ox...
- | [XXEinjector](https://github.com/enjoiz/XXEinjector) Tool for automatic exploitation of XXE vulnerability using direct and d...
#### csrf
- | [owaspcsrftester](https://github.com/ot-jerry-welch/owaspcsrftester) Automatically exported from code.google.com/p/owaspcsrftester
#### lfi
- | [lfimap](https://github.com/hansmach1ne/lfimap) Local File Inclusion discovery and exploitation tool
- | [LFISuite](https://github.com/D35m0nd142/LFISuite) Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- [LFiFreak](https://github.com/OsandaMalith/LFiFreak) A unique automated LFi Exploiter with Bind/Reverse Shells
#### upload
- | [fuxploider v1.0](https://github.com/almandin/fuxploider) File upload vulnerability scanner and exploitation tool.
- [xupload](https://github.com/3xp10it/xupload) A tool for automatically testing whether the upload function can upload web...
#### 命令注入
- | [commix v3.9](https://github.com/commixproject/commix) Automated All-in-One OS Command Injection Exploitation Tool.
#### 文件包含
- [liffy](https://github.com/mzfr/liffy) Local file inclusion exploitation tool
#### 解析漏洞
##### Nginx
- [nginxpwner](https://github.com/stark0de/nginxpwner) Nginxpwner is a simple tool to look for common Nginx misconfigurations a...
### 漏洞利用框架
- | [miscan v1.3.1](https://github.com/mifine666/miscan) 一款简单好用的漏洞管理工具,支持本地和协作两种模式。
- | [woodpecker-framework-release 1.3.5](https://github.com/woodpecker-framework/woodpecker-framework-release) 高危漏洞精准检测与深度利用框架
### 漏洞利用辅助
- [JNDIMap](https://github.com/X1r0z/JNDIMap) JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection e...
- | [JYso v1.3.4](https://github.com/qi4L/JYso) It can be either a JNDIExploit or a ysoserial.
- [DNSlog-GO master](https://github.com/lanyi1998/DNSlog-GO) DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面 / DNSLog-GO is a moni...
- [Xtools](https://github.com/chasingboy/Xtools) Xtools 是一款 Sublime Text 插件,同时是一款简单的资产处理、命令行调用工具。
- [ddddocr](https://github.com/sml2h3/ddddocr) 带带弟弟 通用验证码识别OCR pypi版
- | [JNDI-Injection-Exploit-Plus 2.5](https://github.com/cckuailong/JNDI-Injection-Exploit-Plus) 80+ Gadgets(30 More than ysoserial). JNDI-Injection...
- | [ysomap v0.1.5](https://github.com/wh1t3p1g/ysomap) A helpful Java Deserialization exploit framework.
- | [Exp-Tools v1.2.7](https://github.com/cseroad/Exp-Tools) 一款集成高危漏洞exp的实用性工具
- [jndi_tool](https://github.com/wyzxxz/jndi_tool) JNDI服务利用工具 RMI/LDAP,支持部分场景回显、内存shell,高版本JDK场景下利用等,fastjson rce命令执行,log4j ...
- | [ysoserial v0.0.6](https://github.com/frohoff/ysoserial) A proof-of-concept tool for generating payloads that exploit unsaf...
- | [ysoserial latest](https://github.com/Y4er/ysoserial) ysoserial修改版,着重修改ysoserial.payloads.util.Gadgets.createTemplatesIm...
- [godnslog v0.7.0](https://github.com/chennqqi/godnslog) An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulner...
- [putter](https://github.com/Ar3h/putter) 命令执行写任意文件,主要用于命令执行但不出网情况
- | [R-Knife v1.2](https://github.com/qianxiao996/R-Knife) R-Knife 综合渗透工具箱
- [Antenna v1.3.5](https://github.com/wuba/Antenna) Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST...
- [revsuit v0.7.1](https://github.com/Li4n0/revsuit) RevSuit is a flexible and powerful reverse connection platform desig...
- [ysoserial](https://github.com/su18/ysoserial)
- [BinaryCutting-Tool V1.0](https://github.com/AabyssZG/BinaryCutting-Tool) 二进制文件切割&合并工具
- [JNDIMonitor](https://github.com/r00tSe7en/JNDIMonitor) 一个LDAP请求监听器,摆脱dnslog平台
- [Alphalog 1.0.0.Release](https://github.com/AlphabugX/Alphalog) DNSLOG、httplog、rmilog、ldaplog、jndi 等都支持,完全匿名 产品(fuzz.red),Al...
- [cola_dnslog v1.3.2](https://github.com/AbelChe/cola_dnslog) Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探测辅助平台 完全开源 dnslog httplog...
- | [JNDInjector JNDInjector_v1.1](https://github.com/rebeyond/JNDInjector) 一个高度可定制化的JNDI和Java反序列化利用工具
- [marshalsec](https://github.com/mbechler/marshalsec)
- [ysoserial-for-woodpecker 0.5.2](https://github.com/woodpecker-framework/ysoserial-for-woodpecker) 给woodpecker框架量身定制的ysoserial
- [JNDIExploit 1.1](https://github.com/0x727/JNDIExploit) 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass...
- | [Gopherus](https://github.com/tarunkant/Gopherus) This tool generates gopher link for exploiting SSRF and gaining RCE in var...
- | [JNDI-Inject-Exploit v0.2](https://github.com/exp1orer/JNDI-Inject-Exploit) 解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用...
- [JNDI-Exploit-Kit](https://github.com/pimps/JNDI-Exploit-Kit) JNDI-Exploitation-Kit(A modified version of the great JNDI-Injecti...
- [DNSLog-Platform-Golang v0.3](https://github.com/yumusb/DNSLog-Platform-Golang) DNSLOG平台 golang
- [JNDIExploit-1 v1.2](https://github.com/Mr-xn/JNDIExploit-1) 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见...
- | [JNDI-Injection-Exploit v1.0](https://github.com/welk1n/JNDI-Injection-Exploit) JNDI注入测试工具(A tool which generates JNDI links can start ...
- [DNSLog](https://github.com/BugScanTeam/DNSLog) DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具。
- [phpggc](https://github.com/ambionics/phpggc)
- [AuxTools](https://github.com/doimet/AuxTools)
### 漏洞文库
- [wiki](https://github.com/wy876/wiki) 漏洞文库 wiki.wy876.cn
- [POC POC2024914](https://github.com/wy876/POC) 收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1000多个poc/exp,长期更新。
- [PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
- [my-re0-k8s-security](https://github.com/neargle/my-re0-k8s-security) :atom: [WIP] 整理过去的分享,从零开始的Kubernetes攻防 🧐
- [Vulnerability-Wiki v2.0](https://github.com/Threekiii/Vulnerability-Wiki) 基于 docsify 快速部署 Awesome-POC 中的漏洞文档
- [Awesome-POC v1.0](https://github.com/Threekiii/Awesome-POC) 一个漏洞POC知识库 目前数量 1000+
- [FrameVul](https://github.com/Awrrays/FrameVul) POC集合,框架nday漏洞利用
- [Vulhub-Reproduce v1.0](https://github.com/Threekiii/Vulhub-Reproduce) 一个Vulhub漏洞复现知识库
- [PeiQi-WIKI-Book](https://github.com/PeiQi0/PeiQi-WIKI-Book) 面向网络安全从业者的知识文库🍃
- [bylibrary](https://github.com/BaizeSec/bylibrary) 白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
- [PoC-ExP](https://github.com/Cuerz/PoC-ExP) 【漏洞Poc知识库】一个网络安全爱好者对网络上一些漏洞poc的收录。
- [vulnerability-poc](https://github.com/KayCHENvip/vulnerability-poc) A Common Vulnerability PoC Knowledge Base一个普遍漏洞POC知识库
- [SecBooks](https://github.com/SexyBeast233/SecBooks) 安全类各家文库大乱斗
- [vulbase](https://github.com/cckuailong/vulbase) 各大漏洞文库合集
- [BUG-Pocket](https://github.com/light-Life/BUG-Pocket) 小型漏洞库,提供FOFA语法及批量脚本,具体利用法请参考别的漏洞库,共4种类型47项
- [WiKi](https://github.com/ScarecrowSec/WiKi) 稻草人安全团队漏洞库
- [redteam_vul](https://github.com/r0eXpeR/redteam_vul) 红队作战中比较常遇到的一些重点系统漏洞整理。
- [Report_Public](https://github.com/DVPNET/Report_Public) DVPNET 公开漏洞知识库
- [yougar0.github.io](https://github.com/heise5yuetian/yougar0.github.io) 漏洞知识库
- [VulWiki](https://github.com/Ares-X/VulWiki) VulWiki
- 
[乌云网镜像丨乌云知识库丨Wooyun镜像丨乌云漏洞平台](http://wooyun.2xss.cc/index.php)
- 
[操作系统漏洞 | PeiQi文库](https://peiqi.wgpsec.org/wiki/system/)
- 
[关于文库 | T Wiki](https://wiki.teamssix.com/About/)
### 漏洞检测利用仓库
- [VulToolsKit V1.1](https://github.com/onewinner/VulToolsKit) 红队武器库漏洞利用工具合集整理
- [PocOrExp_in_Github](https://github.com/ycdxsb/PocOrExp_in_Github) Auto Collect Poc Or Exp from Github by CVE ID.
- [Penetration_Testing_POC](https://github.com/Mr-xn/Penetration_Testing_POC) 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing pytho...
- [cve-search v5.1.0](https://github.com/cve-search/cve-search) cve-search - a tool to perform local searches for known vulnerabi...
- [vulnerability](https://github.com/lal0ne/vulnerability) 收集、整理、修改互联网上公开的漏洞POC
- [poc_exp](https://github.com/Y1-K1NG/poc_exp) 暂停更新·······正在谋划······
- [Some-PoC-oR-ExP](https://github.com/coffeehb/Some-PoC-oR-ExP) 各种漏洞poc、Exp的收集或编写
- [0day](https://github.com/helloexp/0day) 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新
- [Awesome-Exploit](https://github.com/Threekiii/Awesome-Exploit) 一个漏洞利用工具仓库
- [PocList](https://github.com/1n7erface/PocList) Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-...
- [POChouse](https://github.com/DawnFlame/POChouse) POC&EXP仓库、hvv弹药库、Nday、1day
- [CVE-Master v1.0.1](https://github.com/wjl110/CVE-Master) 收集本人自接触渗透测试用于漏洞验证的所有热门CVE、POC、CNVD攻击有效载荷+测试工具+FUZZ,一个仓库满足许多攻击测试场景...
- [exphub](https://github.com/zhzyker/exphub) Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添...
- [CVE-2016-2107](https://github.com/FiloSottile/CVE-2016-2107) Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)
- [CVE-2015-7547](https://github.com/fjserna/CVE-2015-7547) Proof of concept for CVE-2015-7547
- [hacking-team-windows-kernel-lpe](https://github.com/vlad902/hacking-team-windows-kernel-lpe) Previously-0day exploit from the Hacking Team leak,...
### 综合
- | [Rookie](https://github.com/P1nganD/Rookie) 漏洞扫描
- | [Hyacinth hyacinth-v1.4](https://github.com/pureqh/Hyacinth) 一款java漏洞集合工具
- | [getsploit 1.0.0](https://github.com/vulnersCom/getsploit) Command line utility for searching and downloading exploits
- | [houndsploit](https://github.com/nicolas-carolo/houndsploit) An advanced graphical search engine for Exploit-DB
- | [LiqunKit_](https://github.com/Liqunkit/LiqunKit_) 下架
- | [ExpDemo-JavaFX](https://github.com/yhy0/ExpDemo-JavaFX) 图形化漏洞利用Demo-JavaFX版
- | [JavaTools](https://github.com/fupinglee/JavaTools) 一些Java编写的小工具。
- [MoonLight](https://github.com/MKID1412/MoonLight)
- |
[Exploit-DB / Exploits + Shellcode + GHDB · GitLab](https://gitlab.com/exploit-database/exploitdb)
- |
[ProjectDiscovery - Vulnerability management](https://projectdiscovery.io)
### 编辑器漏洞
#### UEditor
- [UEditorGetShell](https://github.com/Tas9er/UEditorGetShell) UEditor编辑器批量GetShell / Code By:Tas9er
### 辅助
#### 反弹shell
- | [HTTP-revshell v1.1](https://github.com/3v4Si0N/HTTP-revshell) Powershell reverse shell using HTTP/S protocol with AMSI bypass ...
- [reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator)
### 重点CMS利用
- [wpscan v3.8.27](https://github.com/wpscanteam/wpscan) WPScan WordPress security scanner. Written for security professional...
- | [Apt_t00ls v0.7](https://github.com/White-hua/Apt_t00ls) 高危漏洞利用工具
- [QVD-2023-13065](https://github.com/qi4L/QVD-2023-13065) Nacos JRaft Hessian 反序列化 RCE EXP
- [CVE-2023-33246](https://github.com/SuperZero/CVE-2023-33246) Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit
- [wpreconx 2.4.5](https://github.com/blackcrw/wpreconx) WPRecon, is a tool for the recognition of vulnerabilities and blackb...
- [weaver_exp](https://github.com/z1un/weaver_exp) 泛微OA漏洞综合利用脚本
- [2021hvv_vul](https://github.com/YinWC/2021hvv_vul) 2021hvv漏洞汇总
- [EgGateWayGetShell](https://github.com/Tas9er/EgGateWayGetShell) Code By:Tas9er
- [wordpress-exploit-framework v2.0.1](https://github.com/rastating/wordpress-exploit-framework) A Ruby framework designed to aid in the penetrat...
- [CMS-Hunter](https://github.com/SecWiki/CMS-Hunter) CMS漏洞测试用例集合
- [CMSmap](https://github.com/Dionach/CMSmap) CMSmap is a python open source CMS scanner that automates the process of det...
- [cmsPoc](https://github.com/CHYbeta/cmsPoc) CMS渗透测试框架-A CMS Exploit Framework
- [CMS-Exploit-Framework](https://github.com/Q2h1Cg/CMS-Exploit-Framework) CMS Exploit Framework
## Web漏洞利用库(在线)
- 
[Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hacke...](https://www.exploit-db.com)
## Web漏洞发现库
### 中间件&框架漏洞扫描
- [Artillery v1.0_20220519](https://github.com/Weik1/Artillery) JAVA 插件化漏洞扫描器,Gui基于javafx。POC 目前集成 Weblogic、Tomcat、Shiro、Sp...
- [Jiraffe v2.0.6](https://github.com/0x48piraj/Jiraffe) One stop place for exploiting Jira instances in your proximity
- [weblogic-infodetector 0.2.4](https://github.com/woodpecker-appstore/weblogic-infodetector) woodpecker框架weblogic信息探测插件
- [WeblogicScan](https://github.com/rabbitmask/WeblogicScan) Weblogic一键漏洞检测工具,V1.5,更新时间:20200730
- [wprecon](https://github.com/attacker-codeninja/wprecon) Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition t...
### 代码审计
#### go
- [gosec v2.21.3](https://github.com/securego/gosec) Go security checker
- [gokart v0.5.1](https://github.com/praetorian-inc/gokart) A static analysis tool for securing Go code
- [goreporter](https://github.com/qax-os/goreporter) A Golang tool that does static analysis, unit testing, code review and g...
#### java
- [codeql-cli-binaries v2.19.0](https://github.com/github/codeql-cli-binaries) Binaries for the CodeQL CLI
- [find-sec-bugs version-1.13.0](https://github.com/find-sec-bugs/find-sec-bugs) The SpotBugs plugin for security audits of Java web ap...
- [tabby v1.3.2-3](https://github.com/wh1t3p1g/tabby) A CAT called tabby ( Code Analysis Tool )
- [javaweb-sec](https://github.com/javaweb-sec/javaweb-sec)
- [DongTai v1.16.0](https://github.com/HXSecurity/DongTai) Dongtai IAST is an open-source Interactive Application Security Tes...
- [JVWA](https://github.com/ffffffff0x/JVWA) java 代码审计学习靶场
- [jar-analyzer-v1-gui 1.1](https://github.com/jar-analyzer/jar-analyzer-v1-gui) 建议使用新版:https://github.com/jar-analyzer/jar-analyzer
- [CodeQLpy](https://github.com/webraybtl/CodeQLpy) CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具,目前仅支持java语言。实现从源码反编译,数据库生成,脆弱性发现的全过程,可以辅助...
- [code-inspector 0.2-beta](https://github.com/4ra1n/code-inspector) JavaWeb漏洞审计工具,构建方法调用链并模拟栈帧进行分析
- [momo-code-sec-inspector-java](https://github.com/momosecurity/momo-code-sec-inspector-java) IDEA静态代码安全审计及漏洞一键修复插件
- [Hades](https://github.com/zsdlove/Hades) Static code auditing system
- [Tai-e](https://github.com/pascal-lab/Tai-e)
#### nodejs
- [NodeJsScan v4.8](https://github.com/ajinabraham/NodeJsScan) nodejsscan is a static security code scanner for Node.js applications.
#### other
- [murphysec v3.1.1](https://github.com/murphysecurity/murphysec) An open source tool focused on software supply chain security. 墨菲安...
- [Kunlun-M v2.6.5](https://github.com/LoRexxar/Kunlun-M) KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome E...
- [chatGPT-CodeReview v0.1.1](https://github.com/Kento-Sec/chatGPT-CodeReview) 这是一个调用chatGPT进行代码审计的工具
- [Cobra](https://github.com/FeeiCN/Cobra) Source Code Security Audit (源代码安全审计)
- [fortify](https://github.com/liweibin123/fortify) fortify内置规则加密破解
- [VisualCodeGrepper V2.3.2 download | SourceForge.net](https://sourceforge.net/projects/visualcodegrepp/)
- 
[Code Quality, Security & Static Analysis Tool with SonarQube | Sonar](https://www.sonarqube.org)
#### php
- [cnseay](https://github.com/f1tz/cnseay) Seay源代码审计系统
- [phptrace](https://github.com/Qihoo360/phptrace) A tracing and troubleshooting tool for PHP scripts.
- [php-reaper](https://github.com/emanuil/php-reaper) PHP tool to scan ADOdb code for SQL Injections
- [phpvulhunter](https://github.com/OneSourceCat/phpvulhunter) A tool that can scan php vulnerabilities automatically using static an...
- [phortress](https://github.com/lowjoel/phortress) A PHP static code analyser for potential vulnerabilities
- 
[RIPS - free PHP security scanner using static code analysis](http://rips-scanner.sourceforge.net)
- 
[www.cnseay.com](http://www.cnseay.com)
#### python
- [bandit 1.7.10](https://github.com/PyCQA/bandit) Bandit is a tool designed to find common security issues in Python code.
- [python_code_audit](https://github.com/MisakiKata/python_code_audit) python 代码审计项目
- [python_sec](https://github.com/bit4woo/python_sec) python安全和代码审计相关资料收集 resource collection of python security and code review
- [pyt](https://github.com/python-security/pyt) A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web App...
- [pyvulhunter](https://github.com/shengqi158/pyvulhunter) python audit tool 审计 注入 inject
### 信息泄露监控
- | [gshark v1.5.0](https://github.com/madneal/gshark) Scan for sensitive information easily and effectively.
- [code6 1.6.4](https://github.com/4x99/code6) 码小六 - GitHub 代码泄露监控系统
### 半自动漏洞扫描
- [reconftw v2.9](https://github.com/six2dez/reconftw) reconFTW is a tool designed to perform automated recon on a target do...
- | [afrog v3.1.1](https://github.com/zan8in/afrog) A Security Tool for Bug Bounty, Pentest and Red Teaming.
- [tsunami-security-scanner v0.0.24](https://github.com/google/tsunami-security-scanner) Tsunami is a general purpose network security scan...
- [nuclei v3.3.2](https://github.com/projectdiscovery/nuclei) Fast and customizable vulnerability scanner based on simple YAML base...
- [faraday v5.7.0](https://github.com/infobyte/faraday) Open Source Vulnerability Management Platform
- [prismx latest](https://github.com/yqcs/prismx) :: Prism X · Automated Enterprise Network Security Risk Detection and...
- | [xray xpoc-0.1.0](https://github.com/chaitin/xray) 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
- [Sn1per v9.2](https://github.com/1N3/Sn1per) Attack Surface Management Platform
- [Jie v1.2.0](https://github.com/yhy0/Jie) Jie stands out as a comprehensive security assessment and exploitation t...
- [QingScan v1.8.0](https://github.com/78778443/QingScan) 一个漏洞扫描器粘合剂,添加目标后30款工具自动调用;支持 web扫描、系统扫描、子域名收集、目录扫描、主机扫描、主机发现、组件识别、U...
- | [EZ 1.9.0](https://github.com/m-sec-org/EZ) EZ是一款集信息收集、端口扫描、服务暴破、URL爬虫、指纹识别、被动扫描为一体的跨平台漏洞扫描器。
- [Osmedeus v4.6.4](https://github.com/j3ssie/Osmedeus) A Workflow Engine for Offensive Security
- [ApolloScanner](https://github.com/b0bac/ApolloScanner) 自动化巡航扫描框架(可用于红队打点评估)
- [AttackSurfaceMapper](https://github.com/superhedgy/AttackSurfaceMapper) AttackSurfaceMapper is a tool that aims to automate the reconna...
- [jaeles beta-v0.17.1](https://github.com/jaeles-project/jaeles) The Swiss Army knife for automated Web Application Testing
- [DarkAngel](https://github.com/Bywalks/DarkAngel) DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。
- | [Fvuln Fvuln-1.4.9](https://github.com/d3ckx1/Fvuln) F-vuln(全称:Find-Vulnerability)是为了自己工作方便专门编写的一款自动化工具,主要适用于日常安全服务、渗透...
- [POC-bomber POC-bomber-for-Redteam-v3.0.0](https://github.com/tr0uble-mAker/POC-bomber) 利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
- [pentestER-Fully-automatic-scanner](https://github.com/RASSec/pentestER-Fully-automatic-scanner) DNS Subdomain● Brute force ● Web Spider ● Nmap Sc...
- [NextScan v1.2.0](https://github.com/tongcheng-security-team/NextScan) 飞刃是一套完整的企业级黑盒漏洞扫描系统,集成漏洞扫描、漏洞管理、扫描资产、爬虫等服务。 拥有强大的漏洞检测引擎和丰富的插件库,覆盖多种...
- [QingTing v0.3](https://github.com/StarCrossPortal/QingTing) 蜻蜓安全一个安全工具编排平台,可以自由编排你的工具流,集成108款工具,包括xray、nmap、awvs等;你可以将喜欢的工具编排成一个场...
- [gosint gosint_v1.0.3](https://github.com/1in9e/gosint) Gosint is a distributed asset information collection and vulne...
- [onlinetools](https://github.com/iceyhexman/onlinetools) 在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..
- [EasyPen](https://github.com/lijiejie/EasyPen) EasyPen is a GUI program which helps pentesters do target discovery, vulner...
- | [w13scan](https://github.com/w-digital-scanner/w13scan) Passive Security Scanner (被动式安全扫描器)
- [vulnx](https://github.com/anouarbensaad/vulnx) vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help ...
- | [vulmap v0.9](https://github.com/zhzyker/vulmap) Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
- [vajra 1.0.1](https://github.com/r3curs1v3-pr0xy/vajra) Vajra is a highly customizable target and scope based automated web hac...
- [WSSAT](https://github.com/YalcinYolalan/WSSAT) WEB SERVICE SECURITY ASSESSMENT TOOL
- [luna](https://github.com/toyakula/luna) luna webscanner
- [myscan](https://github.com/amcai/myscan) myscan 被动扫描
- [bscan sylas-0.1](https://github.com/broken5/bscan)
- [RED_HAWK](https://github.com/Tuhinshubhra/RED_HAWK) All in one tool for Information Gathering, Vulnerability Scanning and Craw...
- [AnyScan](https://github.com/zhangzhenfeng/AnyScan) AnyScan
- [WDScanner](https://github.com/TideSec/WDScanner) WDScanner平台目前实现了如下功能:分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指...
- [Mars](https://github.com/TideSec/Mars) Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、C...
- [Striker](https://github.com/s0md3v/Striker) Striker is an offensive information and vulnerability scanner.
- [aquatone v1.7.0](https://github.com/michenriksen/aquatone) A Tool for Domain Flyovers
- [jackhammer](https://github.com/olacabs/jackhammer) Jackhammer - One Security vulnerability assessment/management tool to so...
- [GourdScanV2](https://github.com/ysrc/GourdScanV2) 被动式漏洞扫描系统
- [AZScanner](https://github.com/az0ne/AZScanner) 自动漏洞扫描器,自动子域名爆破,自动爬取注入,调用sqlmapapi检测注入,端口扫描,目录爆破,子网段服务探测及其端口扫描,常用框架漏洞检测。...
- [passive_scan](https://github.com/netxfly/passive_scan) 基于http代理的web漏洞扫描器的实现
- [clusterd 0.5](https://github.com/hatRiot/clusterd) application server attack toolkit
- [webvulscan](https://github.com/dermotblair/webvulscan) Web Application Vulnerability Scanner.
- [leakScan](https://github.com/Skycrab/leakScan) 在线漏洞扫描
- |
[Just a moment...](https://scan4all.51pwn.com)
### 口令爆破
- | [week-passwd v1.0.2](https://github.com/BBD-YZZ/week-passwd) FTP,SSH,MYSQL,MSSQL等弱口令爆破工具!
- [john](https://github.com/openwall/john) John the Ripper jumbo - advanced offline password cracker, which supports hund...
- [bruteforce-database](https://github.com/duyet/bruteforce-database) Bruteforce database
- [crackq v0.1.2](https://github.com/f0cker/crackq) CrackQ: A Python Hashcat cracking queue system
- [Boom v0.3.3](https://github.com/Fly-Playgroud/Boom) Boom 是一款基于无头浏览器的智能 Web 弱口令(后台密码)爆破\检测工具
- [blasting](https://github.com/gubeihc/blasting)
- | [thc-hydra v9.5](https://github.com/vanhauser-thc/thc-hydra) hydra
- [GoMapEnum v1.1.0](https://github.com/nodauf/GoMapEnum) User enumeration and password bruteforce on Azure, ADFS, OWA, O365...
- [IMAPLoginTester](https://github.com/rm1984/IMAPLoginTester) A simple Python script that reads a text file with lots of e-mails ...
- [mass-bruter](https://github.com/opabravo/mass-bruter) Mass bruteforce authentication of network protocols
- [WpCrack 1.1.2](https://github.com/22XploiterCrew-Team/WpCrack) WpCrack is an audit and brute force tool used to remotely test WordPr...
- [thc-hydra-windows v9.1](https://github.com/maaaaz/thc-hydra-windows) The great THC-HYDRA tool compiled for Windows
- [ssb v0.1.1](https://github.com/pwnesia/ssb) Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server
- [web-brutator](https://github.com/koutto/web-brutator) Fast Modular Web Interfaces Bruteforcer
- [PortBrute](https://github.com/awake1t/PortBrute) 一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-pl...
- [WebCrack](https://github.com/yzddmr6/WebCrack) WebCrack是一款web后台弱口令/万能密码批量检测工具,在工具中导入后台地址即可进行自动化检测。
- [htpwdScan](https://github.com/lijiejie/htpwdScan) HTTP weak pass scanner
- [zero-crack v0.1](https://github.com/0-sec/zero-crack) webapps crack tools
- [x-crack 1.0.1](https://github.com/netxfly/x-crack) x-crack - Weak password scanner, Support: FTP/SSH/SNMP/MSSQL/MYSQL/Po...
- [cupp](https://github.com/Mebus/cupp) Common User Passwords Profiler (CUPP)
- [web_pwd_common_crack](https://github.com/TideSec/web_pwd_common_crack) 通用web弱口令破解脚本,旨在批量检测那些没有验证码的管理后台,可用于刷分~
- | [WPCracker 2.1](https://github.com/shack2/WPCracker) WPCracker弱口令探测
- | [SNETCracker 1.0.20190715](https://github.com/shack2/SNETCracker) 超级弱口令检查工具是一款Windows平台的弱口令审计工具,支持批量多线程检查,可快速发现弱密码、弱口令账号,密码支...
- | [7kbscan-RDP-Sniper 1](https://github.com/7kbstorm/7kbscan-RDP-Sniper) 一款有图形界面的RDP(3389)口令检测工具
- [crack_ssh](https://github.com/netxfly/crack_ssh) go写的协程版的ssh\redis\mongodb弱口令破解工具
- [weak_password_detect](https://github.com/shengqi158/weak_password_detect) 多线程探测弱密码程序
- [wifi-crack-tool](https://github.com/baihengaead/wifi-crack-tool)
- |
[openwall.info](https://openwall.info/wiki/john/johnny)
- | [Just a moment...](https://sourceforge.net/projects/sevenzcracker/)
- |
[John the Ripper password cracker](https://www.openwall.com/john/)
### 大模型安全
- [garak v0.9.0.0.16](https://github.com/leondz/garak) LLM vulnerability scanner
- [LLMFuzzer](https://github.com/mnns/LLMFuzzer) 🧠 LLMFuzzer - Fuzzing Framework for Large Language Models 🧠 LLMFuzzer is ...
- [rebuff v0.1.1](https://github.com/protectai/rebuff) LLM Prompt Injection Detector
### 安卓抓包辅助
- [r0capture](https://github.com/r0ysue/r0capture) 安卓应用层抓包通杀脚本
### 安卓漏洞扫描
- [appshark v0.1.2](https://github.com/bytedance/appshark) Appshark is a static taint analysis platform to scan vulnerabilitie...
### 容器和集群
- [ThreatMapper threatintel-vuln-v5-2024-09-25_01-29-53](https://github.com/deepfence/ThreatMapper) Open Source Cloud Native Appli...
- [SecretScanner v2.3.1](https://github.com/deepfence/SecretScanner) :unlock: :unlock: Find secrets and passwords in container imag...
- [kubescape v3.0.17](https://github.com/kubescape/kubescape) Kubescape is an open-source Kubernetes security platform for your...
- [vesta v1.0.10](https://github.com/kvesta/vesta) A static analysis of vulnerabilities, Docker and Kubernetes cluster c...
- [KubiScan v1.6](https://github.com/cyberark/KubiScan) A tool to scan Kubernetes cluster for risky permissions
- [dockerscan](https://github.com/cr0hn/dockerscan) Docker security analysis & hacking tools
### 微信小程序辅助
- | [wxapkg v1.5.0](https://github.com/wux1an/wxapkg) 微信小程序反编译工具,.wxapkg 文件扫描 + 解密 + 解包工具
### 智能合约安全
- [mythril v0.24.8](https://github.com/ConsenSys/mythril) Security analysis tool for EVM bytecode. Supports smart contracts b...
- [smartcheck v2.0](https://github.com/smartdec/smartcheck) SmartCheck – a static analysis tool that detects vulnerabilities a...
- [MAIAN](https://github.com/ivicanikolicsg/MAIAN) MAIAN: automatic tool for finding trace vulnerabilities in Ethereum smart con...
- [securify2](https://github.com/eth-sri/securify2) Securify v2.0
- [oyente](https://github.com/enzymefinance/oyente) An Analysis Tool for Smart Contracts
### 漏洞发现
- | [Ingram v2.0.0](https://github.com/jorhelp/Ingram) 网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
- [V3n0M-Scanner Release-425](https://github.com/v3n0m-Scanner/V3n0M-Scanner) Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/...
- [AngelSword](https://github.com/Lucifer1993/AngelSword) Python3编写的CMS漏洞检测框架
- [yasuo](https://github.com/0xsauby/yasuo) A ruby script that scans for vulnerable & exploitable 3rd-party web applicati...
### 漏洞扫描
- [vuls v0.26.0](https://github.com/future-architect/vuls) Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPr...
- | [nikto 2.5.0](https://github.com/sullo/nikto) Nikto web server scanner
- [oss-fuzz](https://github.com/google/oss-fuzz) OSS-Fuzz - continuous fuzzing for open source software.
- [retire.js 5.2.3](https://github.com/retirejs/retire.js) scanner detecting the use of JavaScript libraries with known vulner...
- [cli 3.2.3](https://github.com/httpie/cli) 🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the AP...
- [shcheck v1.6.7](https://github.com/santoru/shcheck) A basic tool to check security headers of a website
- [cloudsploit v3.9.0](https://github.com/aquasecurity/cloudsploit) Cloud Security Posture Management (CSPM)
- [XAttacker](https://github.com/Moham3dRiahi/XAttacker) X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
- | [CMSeeK v.1.1.3](https://github.com/Tuhinshubhra/CMSeeK) CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupa...
- [grunt-retire](https://github.com/RetireJS/grunt-retire) Grunt plugin for retire.
- [BlackWidow v1.3](https://github.com/1N3/BlackWidow) A Python based web application scanner to gather OSINT and fuzz for...
- [tomcatWarDeployer 0.5](https://github.com/mgeeky/tomcatWarDeployer) Apache Tomcat auto WAR deployment & pwning penetration testin...
- [BadMod](https://github.com/M4DM0e/BadMod) CMS auto detect and exploit.
- [HellRaiser](https://github.com/m0nad/HellRaiser) Vulnerability scanner using Nmap for scanning and correlating found CPEs...
- [NodeFuzz](https://github.com/attekett/NodeFuzz)
- [Vulmap](https://github.com/vulmon/Vulmap) Vulmap Online Local Vulnerability Scanners Project
- [a2sv](https://github.com/hahwul/a2sv) Auto Scanning to SSL Vulnerability
- [w3af](https://github.com/andresriancho/w3af) w3af: web application attack and audit framework, the open source web vulnerab...
- [vbscan](https://github.com/OWASP/vbscan) OWASP VBScan is a Black Box vBulletin Vulnerability Scanner
- [SVScanner](https://github.com/radenvodka/SVScanner) SVScanner - Scanner Vulnerability And MaSsive Exploit.
- [winafl](https://github.com/ivanfratric/winafl) A fork of AFL for fuzzing Windows binaries
- [dzscan](https://github.com/code-scan/dzscan) Dzscan
- [WAFNinja](https://github.com/khalilbijjou/WAFNinja) WAFNinja is a tool which contains two functions to attack Web Application ...
- [salt-scanner](https://github.com/0x4D31/salt-scanner) Linux vulnerability scanner based on Salt Open and Vulners audit API, ...
- [FlashScanner](https://github.com/riusksk/FlashScanner) Flash XSS Scanner
- [wafbypasser](https://github.com/owtf/wafbypasser)
- 
[天融信阿尔法实验室](http://blog.topsec.com.cn/ad_lab/alphafuzzer/)
- 
[libFuzzer – a library for coverage-guided fuzz testing. — LLVM 20.0.0git documentat...](http://llvm.org/docs/LibFuzzer.html)
### 漏洞扫描框架
- | [yakit v1.3.6-0920-ce](https://github.com/yaklang/yakit) Cyber Security ALL-IN-ONE Platform
- [zaproxy v2.15.0](https://github.com/zaproxy/zaproxy) The ZAP core project
- [pentestpackage](https://github.com/leonteale/pentestpackage) a package of Pentest scripts I have made or commonly use
- | [DudeSuite v1.0.0.8](https://github.com/x364e3ab6/DudeSuite) Dude Suite Web Security Tools
- [oFx 2.26.5](https://github.com/bigblackhat/oFx) 漏洞批量验证框架
- | [FrameScan-GUI v1.4.4](https://github.com/qianxiao996/FrameScan-GUI) FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架。
- [CVS v1.3.2](https://github.com/Safe3/CVS) CVS is a powerful comprehensive attack surface management platform. 森罗万...
- [POC-T](https://github.com/hi-unc1e/POC-T) [✅Py 3.x]渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework,现已...
- | [xpoc 0.1.0](https://github.com/chaitin/xpoc) 为供应链漏洞扫描设计的快速应急响应工具 [快速应急] [漏洞扫描] [端口扫描] [xray2.0进行时] A fast emergenc...
- [Fiora v0.1](https://github.com/bit4woo/Fiora) Fiora:漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行,也可作为burp插件使用。
- [oday 1.4.2](https://github.com/Janhsu/oday) javafx编写的poc管理工具和漏洞扫描的小工具
- | [pocsuite3 v2.0.8-push](https://github.com/knownsec/pocsuite3) pocsuite3 is an open-sourced remote vulnerability testing fra...
- [daydayEXP v1.0.1](https://github.com/bcvgh/daydayEXP) 支持自定义Poc文件的图形化漏洞利用工具
- [pocassist 1.0.5](https://github.com/jweny/pocassist) 傻瓜式漏洞PoC测试框架
- [nishang v0.7.6](https://github.com/samratashok/nishang) Nishang - Offensive PowerShell for red team, penetration testing and...
- [AssassinGo](https://github.com/AmyangXYZ/AssassinGo) An extensible and concurrency pentest framework in Go, also with WebGUI....
- [exploitdb](https://github.com/offensive-security/exploitdb) The legacy Exploit Database repository - New repo located at https://gitl...
- [fsociety](https://github.com/Manisso/fsociety) fsociety Hacking Tools Pack – A Penetration Testing Framework
- [Godscan Godscan](https://github.com/Guoke324/Godscan) Godscan 是一款python编写的具有图形化界面的漏洞检测框架,可以之定义漏洞检测 poc ,主要是帮助安全测试者,更好的去记录...
- [Gr33k](https://github.com/lijiaxing1997/Gr33k) 图形化漏洞利用集成工具
- [php7-opcache-override](https://github.com/GoSecure/php7-opcache-override) Security-related PHP7 OPcache abuse tools and demo
- [TIDoS-Framework](https://github.com/0xInfection/TIDoS-Framework) The Offensive Manual Web Application Penetration Testing Framework.
- [OWASP-mth3l3m3nt-framework](https://github.com/alienwithin/OWASP-mth3l3m3nt-framework) OWASP Mth3l3m3nt Framework is a penetration testing aidi...
- [kunpeng 20190527](https://github.com/opensec-cn/kunpeng) kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
- [DELTA](https://github.com/seungsoo-lee/DELTA) PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK
- | [POC-T 2.0.5](https://github.com/Xyntax/POC-T) 渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
- [Pocsuite](https://github.com/knownsec/Pocsuite) This project has stopped to maintenance, please to https://github.com/know...
- [w9scan](https://github.com/w-digital-scanner/w9scan) Plug-in type web vulnerability scanner
- [PytheM](https://github.com/m4n3dw0lf/PytheM) pentest framework
- [osprey](https://github.com/TophantTechnology/osprey)
- [Optiva-Framework](https://github.com/joker25000/Optiva-Framework) Optiva-Framework 🔎 Web Application Scanner🕵️
- [malspider](https://github.com/ciscocsirt/malspider) Malspider is a web spidering framework that detects characteristics of we...
- [ToolSuite](https://github.com/codejanus/ToolSuite) Security tools
- [lalascan](https://github.com/blackye/lalascan) 自主开发的分布式web漏洞扫描框架,集合webkit爬虫,Subdomain子域名发现,sqli、反射xss、Domxss等owasp top10漏...
- [hackUtils](https://github.com/brianwrf/hackUtils) It is a hack tool kit for pentest and web security research.
- [pocscan](https://github.com/erevus-cn/pocscan) Will to be a niubility scan-framework
- [Hammer](https://github.com/yangbh/Hammer) A web vulnerability scanner framework
- [JavaUnserializeExploits](https://github.com/foxglovesec/JavaUnserializeExploits)
- [BkScanner](https://github.com/blackye/BkScanner) BkScanner 分布式、插件化web漏洞扫描器
- [XcodeGhost](https://github.com/XcodeGhostSource/XcodeGhost) "XcodeGhost" Source
- [phpcodz](https://github.com/80vul/phpcodz) Php Codz Hacking
- [Beebeeto-framework](https://github.com/n0tr00t/Beebeeto-framework) Beebeeto FrameWork
- |
[介绍 - xray Documentation](https://docs.xray.cool)
- [pocsuite3/](https://github.com/knownsec/pocsuite3/)
- |
[Introduction - ProjectDiscovery Documentation](https://nuclei.projectdiscovery.io)
## 云K8S基线核查
- [kube-bench v0.8.0](https://github.com/aquasecurity/kube-bench) Checks whether Kubernetes is deployed according to security best ...
## 云K8S漏洞扫描
- [kube-hunter v0.6.8](https://github.com/aquasecurity/kube-hunter) Hunt for security weaknesses in Kubernetes clusters
## 云云原生安全平台
- [containerd v1.7.22](https://github.com/containerd/containerd) An open and reliable container runtime
- [neuvector v5.4.0](https://github.com/neuvector/neuvector)
- [ThunderCloud](https://github.com/Rnalter/ThunderCloud) Cloud Exploit Framework
## 云云原生攻防靶场
- [metarget v0.9.1](https://github.com/Metarget/metarget) Metarget is a framework providing automatic constructions of vulner...
## 云容器安全扫描
- [trivy v0.55.2](https://github.com/aquasecurity/trivy) Find vulnerabilities, misconfigurations, secrets, SBOM in containers,...
## 云容器安全检测工具
- [veinmind-tools v2.1.5](https://github.com/chaitin/veinmind-tools) veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
## 云容器漏洞分析工具
- [clair v4.7.4](https://github.com/quay/clair) Vulnerability Static Analysis for Containers
## 云容器漏洞利用工具
- | [CDK v1.5.3](https://github.com/cdk-team/CDK) 📦 Make security testing of K8s, Docker, and Containerd easier.
## 云容器逃逸检测工具
- [container-escape-check v0.3](https://github.com/teamssix/container-escape-check) docker container escape check || Docker 容器逃逸检测
## 云容器镜像扫描
- [syft v1.13.0](https://github.com/anchore/syft) CLI tool and library for generating a Software Bill of Materials from ...
- [grype v0.80.2](https://github.com/anchore/grype) A vulnerability scanner for container images and filesystems
## 云相关资源
- [Awesome-CloudSec-Labs](https://github.com/iknowjason/Awesome-CloudSec-Labs) Awesome free cloud native security learning labs. Includes C...
## 信息收集
### CDN识别
- [cdnChecker v1.0.0](https://github.com/alwaystest18/cdnChecker) A tool to detect CDN for given domains
- [FCDN](https://github.com/ccc-f/FCDN) 通过域名批量查找没有使用 cdn、云waf、dmzweb的站点。
- [w8fuckcdn](https://github.com/boy-hack/w8fuckcdn) Get website IP address by scanning the entire net 通过扫描全网绕过CDN获取网站IP地址
### C段信息收集
- [IPSearch v0.1](https://github.com/SleepingBag945/IPSearch) 离线IP Whois查询工具。可根据IP查询所属IP段信息、根据关键词查询IP段信息
- [BingC](https://github.com/Xyntax/BingC) 基于Bing搜索引擎的C段/旁站查询,多线程,支持API
### IP反查域名
- [reverseip_py](https://github.com/yuyudhn/reverseip_py) Domain Parser for IPAddress.com Reverse IP Lookup
- [iplookup v1.1](https://github.com/Lengso/iplookup) IP反查域名
- 
[网站IP查询_IP反查域名_同IP网站查询 - 站长工具](http://s.tool.chinaz.com/same)
- 
[52.159.137.237属于美国_IP反查域名_同IP站点查询_同ip网站查询_爱站网](https://dns.aizhan.com/)
- 
[Reverse IP - Find websites hosted on the same IP address, server or subnet](https://dnslytics.com/reverse-ip)
- 
[Reverse IP Lookup, Find Hosts Sharing an IP | HackerTarget.com](https://hackertarget.com/reverse-ip-lookup/)
- 
[Subdomain - RapidDNS Rapid DNS Information Collection](https://rapiddns.io/sameip)
- 
[Reverse IP Lookup - All Names Hosted at an IP - DomainTools](https://reverseip.domaintools.com/)
- 
[域名查iP 域名解析 iP查询网站 iP反查域名 iP反查网站 同一iP网站 同iP网站域名iP查询](https://site.ip138.com/)
- 
[专业精准的IP库服务商_IPIP](https://tools.ipip.net/ipdomain.php)
- 
[Just a moment...](https://viewdns.info/reverseip/)
- 
[同IP网站查询,C段查询,IP反查域名,在线C段,旁站工具 - WebScan](https://www.webscan.cc/)
- 
[Reverse IP Lookup - Find Other Web Sites Hosted on a Web Server](https://www.yougetsignal.com/tools/web-sites-on-web-server/)
- 
[微步在线X情报社区-威胁情报查询_威胁分析平台_开放社区](https://x.threatbook.com/)
### IP定位
- 
[IPUU - IP地址查询|我的IP地址](https://www.ipuu.net/Home)
### WAF识别
- [wafw00f v2.2.0](https://github.com/EnableSecurity/wafw00f) WAFW00F allows one to identify and fingerprint Web Application Firew...
- [identYwaf](https://github.com/stamparm/identYwaf) Blind WAF identification tool
- [WhatWaf v1.9](https://github.com/Ekultek/WhatWaf) Detect and bypass web application firewalls and protection systems
### WHOIS查询
- 
[Whois域名注册信息查询](http://whois.alexa.cn/)
- | [Whois - Sysinternals | Microsoft Learn](https://learn.microsoft.com/sysinternals/downloads/whois)
- 
[Access Denied](https://sg.godaddy.com/zh/whois)
- 
[Just a moment...](https://who.cx/)
- 
[站长工具_whois查询工具_爱站网](https://whois.aizhan.com/)
- 
[whois查询_域名查询_域名交易_阿里云企航(原万网)-阿里云](https://whois.aliyun.com/)
- 
[域名Whois查询 - 站长工具](https://whois.chinaz.com/)
- 
[域名信息查询 - 腾讯云](https://whois.cloud.tencent.com/)
- 
[Free Whois Lookup - Whois IP Search & Whois Domain Lookup | Whois.com](https://www.whois.com/whois/)
- 
[微步在线X情报社区-威胁情报查询_威胁分析平台_开放社区](https://x.threatbook.cn/)
### apk
- [AppMessenger v0.5.3](https://github.com/sulab999/AppMessenger) 一款适用于以APP病毒分析、APP漏洞挖掘、APP开发、HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、鸿...
- [Mobile-Security-Framework-MobSF v3.9.7](https://github.com/MobSF/Mobile-Security-Framework-MobSF) Mobile Security Framework (MobSF) is an auto...
- [apkleaks v2.6.2](https://github.com/dwisiswant0/apkleaks) Scanning APK file for URIs, endpoints & secrets.
- [apkleaks](https://github.com/Anof-cyber/apkleaks) An python script that use apkleaks to scan the android application over web
- [ApkAnalyser](https://github.com/TheKingOfDuck/ApkAnalyser) 一键提取安卓应用中可能存在的敏感信息。
### 企业信息收集
- | [ENScan_GO v1.0.2](https://github.com/wgpsec/ENScan_GO) 一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等...
- [IEyes v0.1.3](https://github.com/SiJiDo/IEyes) icp备案查询
### 信息提取
- [MoreFind v1.5.7](https://github.com/mstxq17/MoreFind) 一款用于快速导出URL、Domain和IP的小工具
### 反查域名
- [ipInfoSearch](https://github.com/Potato-py/ipInfoSearch) ip域名反查、权重查询以及ICP备案查询。便于提交SRC时资产过滤。
### 域名信息查询
- [QueryTools](https://github.com/z-bool/QueryTools) IP/域名资产验证神器(补天|权重、CNVD|注册资金)-功能(IP反查域名、域名备案、ICP资产、公司注册资金、权重、IP定位)快速验证是否为...
### 子域名收集
- [subfinder v2.6.6](https://github.com/projectdiscovery/subfinder) Fast passive subdomain enumeration tool.
- | [ksubdomain v1.9.9](https://github.com/boy-hack/ksubdomain) Subdomain enumeration tool, asynchronous dns packets, use pcap to...
- | [OneForAll v0.4.5](https://github.com/shmilylty/OneForAll) OneForAll是一款功能强大的子域收集工具
- [theHarvester 4.6.0](https://github.com/laramies/theHarvester) E-mails, subdomains and names Harvester - OSINT
- [knock 7.0.1](https://github.com/guelfoweb/knock) Knock Subdomain Scan
- [OTE v1.0.0](https://github.com/3nock/OTE) OSINT Template Engine
- [github-subdomains v1.2.2](https://github.com/gwen001/github-subdomains) Find subdomains on GitHub.
- | [subDomainsBrute v1.4](https://github.com/lijiejie/subDomainsBrute) A fast sub domain brute tool for pentesters
- | [ct v1.0.9](https://github.com/knownsec/ct) 简单易用的域名爆破工具
- [ksubdomain v0.7](https://github.com/knownsec/ksubdomain) 无状态子域名爆破工具
- [Anubis](https://github.com/jonluca/Anubis) Subdomain enumeration and information gathering tool
- [ESD](https://github.com/FeeiCN/ESD) Enumeration sub domains(枚举子域名)
- [Teemo](https://github.com/bit4woo/Teemo) A Domain Name & Email Address Collection Tool
- [domained](https://github.com/TypeError/domained) Multi Tool Subdomain Enumeration
- [dnsub v2.1](https://github.com/yunxu1/dnsub) dnsub一款好用且强大的子域名扫描工具
- [GRecon V1.0](https://github.com/TebbaaX/GRecon) Another version of katana, more automated but less stable. the purpose ...
- [LangSrcCurise](https://github.com/LangziFun/LangSrcCurise) SRC子域名资产监控
- [Sublist3r](https://github.com/aboul3la/Sublist3r) Fast subdomains enumeration tool for penetration testers
- [subdomain3](https://github.com/yanxiu0614/subdomain3) A new generation of tool for discovering subdomains( ip , cdn and so on)
- | [LayerDomainFinder 3](https://github.com/euphrat1ca/LayerDomainFinder) Layer子域名挖掘机
- [N4xD0rk](https://github.com/n4xh4ck5/N4xD0rk) Listing subdomains about a main domain
- [dnsbrute](https://github.com/Q2h1Cg/dnsbrute) a fast domain brute tool
- [GSDF](https://github.com/We5ter/GSDF) A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具
- [Inventus](https://github.com/nmalcolm/Inventus) Inventus is a spider designed to find subdomains of a specific domain by c...
- [dnssearch](https://github.com/evilsocket/dnssearch) A subdomain enumeration tool.
- [wydomain](https://github.com/ring04h/wydomain) to discover subdomains of your target domain
- [subbrute](https://github.com/TheRook/subbrute) A DNS meta-query spider that enumerates DNS records, and subdomains.
- [cloudflare_enum](https://github.com/mandatoryprogrammer/cloudflare_enum) Cloudflare DNS Enumeration Tool for Pentesters
- [BroDomain](https://github.com/code-scan/BroDomain) 兄弟域名查询
- [dnsmaper](https://github.com/le4f/dnsmaper) 子域名枚举与地图标记
- [Subdomain - RapidDNS Rapid DNS Information Collection](https://rapiddns.io/subdomain)
### 小程序信息收集
- [wechat_appinfo_wxapkg](https://github.com/moyuwa/wechat_appinfo_wxapkg) 渗透测试:微信小程序信息在线收集,wxapkg源码包内提取信息
- [wxapkgUnpack 1.0](https://github.com/jdr2021/wxapkgUnpack) wxapkg解密解包工具,提供C#和wxappUnpacker两个版本的解包,并提取JS中的URL和IP。
- [wxapkg-convertor 1.0.1](https://github.com/ezshine/wxapkg-convertor) 一个反编译微信小程序的工具,仓库也收集各种微信小程序/小游戏.wxapkg文件
- [pc_wxapkg_decrypt 0.1](https://github.com/BlackTrace/pc_wxapkg_decrypt) windows pc端wxpkg文件解密(非解包)
### 指纹识别
- | [hfinger v1.0.6](https://github.com/HackAllSec/hfinger) 一个用于web框架、CDN和CMS指纹识别的高性能命令行工具。A high-performance command-line tool ...
- [FingerprintHub defaultv4](https://github.com/0x727/FingerprintHub) 侦查守卫(ObserverWard)的指纹库
- | [P1finger P1finger_0.0.3](https://github.com/P001water/P1finger) P1finger - 红队行动下的重点资产指纹识别工具
- [wappalyzergo v0.1.20](https://github.com/projectdiscovery/wappalyzergo) A high performance go implementation of Wappalyzer Technology ...
- [fingerprintjs v4.5.0](https://github.com/fingerprintjs/fingerprintjs) Browser fingerprinting library. Accuracy of this version is 40...
- [chunsou v1.6_version](https://github.com/Funsiooo/chunsou) Chunsou(春蒐),Python3编写的多线程Web指纹识别工具,适用于安全测试人员前期的资产识别、风险收敛以及企业互联...
- [ObserverWard v2024.9.20](https://github.com/0x727/ObserverWard) 侦查守卫(ObserverWard)指纹识别工具Community web fingerprint identific...
- | [xapp xapp-0.0.2](https://github.com/chaitin/xapp)
- | [AlliN v2.4.2](https://github.com/P1-Team/AlliN) A flexible scanner
- | [whatweb-plus v0.5.5.20](https://github.com/winezer0/whatweb-plus) whatweb 增强版 8000+插件(提供windows可执行文件)
- [Finger](https://github.com/EASY233/Finger) 一款红队在大量的资产中存活探测与重点攻击系统指纹探测工具
- | [EHole v3.1](https://github.com/EdgeSecurityTeam/EHole) EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
- [Find-SomeThing](https://github.com/LittleBear4/Find-SomeThing) 红队批量脆弱点搜集工具
- [LazyDog 1.1](https://github.com/L10nK1n6/LazyDog) LazyDog是一款通过网络空间测绘引擎读取资产并进行指纹识别的工具
- [Heimdallr v1.1.3](https://github.com/Ghr07h/Heimdallr) 一款完全被动监听的谷歌插件,用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗
- [rules](https://github.com/webanalyzer/rules) 通用的指纹识别规则
- [14Finger V1.1](https://github.com/b1ackc4t/14Finger) 功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构,并集成了长亭出品的rad爬虫的功能,内置了一万多条互...
- [WhatWeb v0.5.5](https://github.com/urbanadventurer/WhatWeb) Next generation web scanner
- [Glass](https://github.com/s7ckTeam/Glass) Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也...
- [jarm](https://github.com/salesforce/jarm)
- | [TideFinger](https://github.com/TideSec/TideFinger) TideFinger——指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确。
- [CMSsc4n](https://github.com/n4xh4ck5/CMSsc4n) Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Dr...
- [w11scan](https://github.com/w-digital-scanner/w11scan) 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
- 
[TideFinger 潮汐指纹 TideFinger 潮汐指纹](http://finger.tidesec.net/)
- |
[Site not found · GitHub Pages](https://0x727.github.io/ObserverWard/)
- 
[指纹收录平台](https://fp.shuziguanxing.com/#/)
- 
[Detect which CMS a site is using - What CMS?](https://whatcms.org/)
- 
[Find out what websites are built with - Wappalyzer](https://www.wappalyzer.com/)
- 
[yunsee.cn-2.0](https://www.yunsee.cn/)
### 目录扫描
- [spray v1.1.3](https://github.com/chainreactors/spray) Next Generation HTTP Dir/File Fuzz Tool
- | [gowitness 3.0.3](https://github.com/sensepost/gowitness) 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
- | [dirsearch v0.4.3](https://github.com/maurosoria/dirsearch) Web path scanner
- [RouteCheck-Alpha alpha](https://github.com/ax1sX/RouteCheck-Alpha) A Java Route Collection Tool
- [feroxbuster v2.11.0](https://github.com/epi052/feroxbuster) A fast, simple, recursive content discovery tool written in Rust.
- [cansina 0.9](https://github.com/deibit/cansina) Web Content Discovery Tool
- [Arjun 2.2.6](https://github.com/s0md3v/Arjun) HTTP parameter discovery suite.
- [BBScan v3.0](https://github.com/lijiejie/BBScan) A fast vulnerability scanner helps pentesters pinpoint possibly vulnera...
- [gau v2.2.3](https://github.com/lc/gau) Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Mac...
- | [katana v1.1.0](https://github.com/projectdiscovery/katana) A next-generation crawling and spidering framework.
- [gospider v1.1.6](https://github.com/jaeles-project/gospider) Gospider - Fast web spider written in Go
- [jsluice](https://github.com/BishopFox/jsluice) Extract URLs, paths, secrets, and other interesting bits from JavaScript
- | [DirDar v1.0.0](https://github.com/M4DM0e/DirDar) DirDar is a tool that searches for (403-Forbidden) directories to bre...
- [gobuster v3.6.0](https://github.com/OJ/gobuster) Directory/File, DNS and VHost busting tool written in Go
- | [Dirscan v.1.5.2](https://github.com/corunb/Dirscan) Dirscan是一款由go编写的高性能、高并发的目录扫描器,现在已经支持GET、HEAD、递归扫描、代理、爬虫等功能功能,后续努力实现...
- [ihoneyBakFileScan_Modify](https://github.com/VMsec/ihoneyBakFileScan_Modify) 批量网站备份文件扫描器,增加文件规则,优化内存占用
- [dontgo403 1.0.1](https://github.com/devploit/dontgo403) Tool to bypass 40X response codes.
- | [ffuf v2.1.0](https://github.com/ffuf/ffuf) Fast web fuzzer written in Go
- [URLFinder 2023.9.9](https://github.com/pingc0y/URLFinder) 一款快速、全面、易用的页面信息提取工具,可快速发现和提取页面中的JS、URL和敏感信息。
- [dirsearch_bypass403 v0.2](https://github.com/lemonlove7/dirsearch_bypass403) 目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
- [dirhunt v0.9.0](https://github.com/Nekmo/dirhunt) Find web directories without bruteforce
- | [crawlergo v0.4.4](https://github.com/Qianlitp/crawlergo) A powerful browser crawler for web vulnerability scanners
- [urlfounder v0.0.1](https://github.com/chainreactors/urlfounder) Fast passive URL enumeration tool.
- | [dirmap](https://github.com/H4ckForJob/dirmap) An advanced web directory & file scanning tool that will be more powerful th...
- [yuhScan v1.0](https://github.com/hunyaio/yuhScan) web目录快速扫描工具
- | [rad 1.0](https://github.com/chaitin/rad)
- [JSFinder](https://github.com/Threezh1/JSFinder) JSFinder is a tool for quickly extracting URLs and subdomains from JS file...
- [urlbrute v1.0.2](https://github.com/ReddyyZ/urlbrute) Directory/Subdomain scanner developed in GoLang.
- | [yjdirscan yjdirscan](https://github.com/foryujian/yjdirscan) 御剑目录扫描专业版,简单实用的命令行网站目录扫描工具,支持爬虫、fuzz、自定义字典、字典变量、UA修改、假404自动过滤、扫...
- | [7kbscan-WebPathBrute 1.62](https://github.com/7kbstorm/7kbscan-WebPathBrute) 7kbscan-WebPathBrute Web路径暴力探测工具
- | [SWebScan 5.0.2018.08.21](https://github.com/shack2/SWebScan) SWebScan是一款基于C#的Web目录扫描器。
- [cangibrina](https://github.com/fnk0c/cangibrina) A fast and powerfull dashboard (admin) finder
- [sensitivefilescan](https://github.com/aipengjie/sensitivefilescan)
- [goWAPT](https://github.com/dzonerzy/goWAPT) Go Web Application Penetration Test
- [webdirdig](https://github.com/blackye/webdirdig) web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。
- [DirBrute](https://github.com/Xyntax/DirBrute) 多线程WEB目录爆破工具 [Multi-thread WEB directory blasting tool(with dics inside) ]
- [httpscan](https://github.com/zer0h/httpscan) 一个爬虫式的网段Web主机发现小工具 # A HTTP Service detector with a crawler from IP/CIDR
- 
[release_免费高速下载|百度网盘-分享无限制](http://pan.baidu.com/s/1pLjaQKF)
- [ParamWizard](https://github.com/iamunixtz/ParamWizard)
- | [DirBuster download | SourceForge.net](https://sourceforge.net/projects/dirbuster/)
- 
[Just a moment...](https://www.fujieace.com/hacker/tools/yujian.html)
### 端口扫描
- [Maryam v.2.5.3](https://github.com/saeeddhqan/Maryam) Maryam: Open-source Intelligence(OSINT) Framework
- [jfscan 1.6.2](https://github.com/nullt3r/jfscan) JF⚡can - Super fast port scanning & service discovery using Masscan an...
- [AutoRecon](https://github.com/Tib3rius/AutoRecon) AutoRecon is a multi-threaded network reconnaissance tool which performs ...
- | [naabu v2.3.1](https://github.com/projectdiscovery/naabu) A fast port scanner written in go with a focus on reliability and simp...
- [portscan](https://github.com/20142995/portscan) 用于进行端口扫描的工具。它能够根据输入的目标和端口范围,对目标主机的指定端口进行扫描,并输出扫描结果。同时,它还支持多线程扫描,以提高扫描效率。扫描...
- | [masscan 1.3.2](https://github.com/robertdavidgraham/masscan) TCP port scanner, spews SYN packets asynchronously, scanning entire I...
- [gonmap v1.3.4](https://github.com/lcvvvv/gonmap) gonmap是一个go语言的nmap端口扫描库,使用纯go实现nmap的扫描逻辑,而非调用nmap来进行扫描。
- [masnmapscan-V1.0](https://github.com/hellogoldsnakeman/masnmapscan-V1.0) 一款用于资产探测的端口扫描工具。整合了masscan和nmap两款扫描器,masscan扫描端口,nmap扫描端口对应服务,二者结合...
- [sx](https://github.com/v-byte-cpu/sx) :vulcan_salute: Fast, modern, easy-to-use network scanner
- | [webfinder-next](https://github.com/Liqunkit/webfinder-next) 对小米范webfinder http://www.cnblogs.com/SEC-fsq/p/5610981.html 进行了小修改
- | [scaninfo v1.1.0](https://github.com/redtoolskobe/scaninfo) fast scan for redtools
- | [TXPortMap v1.1.2](https://github.com/4dogs-cn/TXPortMap) Port Scanner & Banner Identify From TianXiang
- | [yujianportscan](https://github.com/foryujian/yujianportscan) 一个基于VB.NET + IOCP模型开发的高效端口扫描工具,支持IP区间合并,端口区间合并,端口指纹深度探测
- [nili](https://github.com/niloofarkheirkhah/nili) Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineeri...
- [LNScan](https://github.com/sowish/LNScan) 详细的内部网络信息扫描器
- [network_backdoor_scanner](https://github.com/lcatro/network_backdoor_scanner) This is a backdoor about discover network device ,and it c...
- 
[在线端口检测,端口扫描,端口开放检查-在线工具-postjson](http://coolaf.com/tool/port)
- 
[在线端口扫描,IP/服务器端口在线扫描 - TooL.cc](http://tool.cc/port/)
### 综合
- | [Slack Slack1.6.4](https://github.com/qiwentaidi/Slack) 安服集成化工具平台,帮助测试人员减少测试脚本多,使用繁琐问题
- | [mitan 1.15](https://github.com/kkbo8005/mitan) 密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集...
- | [gitGraber](https://github.com/hisxo/gitGraber) gitGraber: monitor GitHub to search and find sensitive data in real time ...
- | [pppscan v1.1.2](https://github.com/zhensuibianwan/pppscan)
- | [google-dorks](https://github.com/Proviesec/google-dorks) Useful Google Dorks for WebSecurity and Bug Bounty
- | [0x7eTeamTools 1.2](https://github.com/0x7eTeam/0x7eTeamTools) javafx练习,JS接口提取,漏洞检测
- | [dismap v0.4](https://github.com/zhzyker/dismap) Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目...
- | [SiteScan v.1.5](https://github.com/kracer127/SiteScan) 专注一站化解决渗透测试的信息收集任务,功能包括域名ip历史解析、nmap常见端口爆破、子域名信息收集、旁站信息收集、whois信息收集、...
- | [vscan v2.1.0](https://github.com/veo/vscan) 开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerpri...
- [AssetsHunter](https://github.com/rabbitmask/AssetsHunter) 资产狩猎框架-AssetsHunter,信息收集是一项艺术~
- | [GitMiner 2.0](https://github.com/UnkL4b/GitMiner) Tool for advanced mining for content on Github
- [TScan](https://github.com/dyboy2017/TScan) TScan 提供了CMS指纹识别、端口扫描、旁站信息、信息泄漏等功能,期许在最短的时间辅助安全人员在渗透前做好充分的信息搜集
### 网盘搜索
- [hunhepan v1.0.0](https://github.com/misiai/hunhepan) 混合盘APP - 网盘搜索、磁力搜索 - 搜索20个百度网盘、阿里网盘、夸克网盘以及磁力资源
- 
[网盘搜索引擎 - 搜盘网](http://www.soupan.info/)
- 
[虫部落快搜 - 搜索快人一步](https://search.chongbuluo.com/)
- 
[大力盘 - 网盘搜索引擎](https://www.dalipan.com/#/)
- 
[十大网盘搜索引擎 - 凌风云](https://www.lingfengyun.com/)
- 
[百度云搜索,百度网盘云盘资源搜索引擎 - 盘131](https://www.pan131.com/)
### 网站信息
- [Web-SurvivalScan V1.11](https://github.com/AabyssZG/Web-SurvivalScan) 对Web渗透项目资产进行快速存活验证
- [waybackurls v0.1.0](https://github.com/tomnomnom/waybackurls) Fetch all the URLs that the Wayback Machine knows about for a do...
### 自动化信息收集
- [testnet](https://github.com/testnet0/testnet)
- [nemo_go v2.13.1](https://github.com/hanc00l/nemo_go) Nemo是用来进行自动化信息收集的一个简单平台,通过集成常用的信息收集工具和技术,实现对内网及互联网资产信息的自动收集,提高隐患排查和...
- [rengine v2.2.0](https://github.com/yogeshojha/rengine) reNgine is an automated reconnaissance framework for web application...
- [ARL 2.6.2-5](https://github.com/Aabyss-Team/ARL) ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网...
- [ShuiZe_0x727 v1.0](https://github.com/0x727/ShuiZe_0x727) 信息收集自动化工具
- [linbing v3.0](https://github.com/taomujian/linbing) 本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择PO...
- [X-Marshal 1.0](https://github.com/XTeam-Wing/X-Marshal) Marshal-EASM 攻击面管理系统-社区版
- [Sec-Tools](https://github.com/jwt1399/Sec-Tools) 🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。
- [Autoscanner v1.2.1](https://github.com/zongdeiqianxing/Autoscanner) 输入域名>爆破子域名>扫描子域名端口>发现扫描web服务>集成报告的全流程全自动扫描器。集成oneforall、masscan、...
- | [heartsk_community LOWBUG@Latest](https://github.com/yqcs/heartsk_community) Hearts K-企业资产发现与脆弱性检查工具,自动化资产信息收集与漏洞扫描
- [vulcat v2.0.0](https://github.com/CLincat/vulcat) vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持...
- [Komo](https://github.com/komomon/Komo) 🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo ...
- [GOSINT](https://github.com/ciscocsirt/GOSINT) The GOSINT framework is a project used for collecting, processing, and expor...
- [MagiCude v2.1](https://github.com/er10yi/MagiCude) 分布式端口(漏洞)扫描、资产安全管理、实时威胁监控与通知、高效漏洞闭环、漏洞wiki、邮件报告通知、poc框架
- [H](https://github.com/SiJiDo/H) H是一款强大的资产收集管理平台
- [AppInfoScanner V1.0.9_Releases](https://github.com/kelvinBen/AppInfoScanner) 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)...
- [SZhe_Scan v1.1](https://github.com/Cl0udG0d/SZhe_Scan) 碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC
- [slime](https://github.com/ccreater222/slime) Slime是一个组合众多优秀安全工具的漏扫软件,它将目光集中在安全工具的组合上,而不是自己实现漏扫的某一流程。
- [mscan](https://github.com/mscandev/mscan) 方便快捷是这款扫描器的优点,能随意修改增加模块。目前的版本功能如下:支持子域名收集、POC批量验证、目录扫描、检测CDN、域名转IP、主机扫描、过滤重复、...
- [AnScan](https://github.com/Arbor01/AnScan) AnScan是一款集合信息收集、分布式漏洞扫描、漏洞POC管理等为一体的红队扫描工具
- [DBJ](https://github.com/wgpsec/DBJ) 大宝剑-边界资产梳理工具(红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配)
- [linglong](https://github.com/awake1t/linglong) 一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、...
- [Vulcan](https://github.com/XTeam-Wing/Vulcan) VulCan资产管理系统|漏洞扫描|资产探测|定时扫描
- [GoScan](https://github.com/CTF-MissFeng/GoScan) GoScan是采用Golang语言编写的一款分布式综合资产管理系统,适合红队、SRC等使用
- [xunfeng v0.1.1](https://github.com/ysrc/xunfeng) 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
- [sec-admin](https://github.com/smallcham/sec-admin) 分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
- [Tide](https://github.com/TideSec/Tide) 目前实现了网络空间资产探测、指纹检索、漏洞检测、漏洞全生命周期管理、poc定向检测、暗链检测、挂马监测、敏感字检测、DNS监测、网站可用性监测、漏洞库管理、...
- [Watchdog](https://github.com/CTF-MissFeng/Watchdog) Watchdog是bayonet修改版,重新优化了数据库及web及扫描程序,加入多节点
- [bayonet v1.1](https://github.com/CTF-MissFeng/bayonet) bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统
- [fuxi](https://github.com/jeffzh3ng/fuxi) Penetration Testing Platform
- [Voyager](https://github.com/xundididi/Voyager) 一个安全工具集合平台,用来提高乙方安全人员的工作效率,请勿用于非法项目
- [WebScan](https://github.com/xuchaoa/WebScan) 正在写的一个资产管理和扫描相结合的分布式扫描器
### 资产测绘平台
- 
[鹰图平台](http://hunter.qianxin.com/)
- 
[Attack Surface Management and Threat Hunting Solutions | Censys](https://censys.io/)
- 
[www.dnsdb.io | 522: Connection timed out](https://dnsdb.io/)
- 
[网络空间测绘,网络空间安全搜索引擎,网络空间搜索引擎,安全态势感知 - FOFA网络空间测绘系统](https://fofa.info/)
- [鹰图平台](https://hunter.qianxin.com/)
- |
[360网络空间测绘 — 因为看见,所以安全](https://quake.360.cn)
- [360网络空间测绘 — 因为看见,所以安全](https://quake.360.cn/quake/)
- 
[360网络空间测绘 — 因为看见,所以安全](https://quake.360.net/quake/#/index)
- 
[Just a moment...](https://search.censys.io/)
- 
[Cyber Defense Search Engine | ONYPHE](https://www.onyphe.io/)
- 
[Shodan Search Engine](https://www.shodan.io/)
- 
[ZoomEye - Cyberspace Search Engine](https://www.zoomeye.org/)
### 资产测绘采集
- | [FlashSearch 2.0](https://github.com/testzboy/FlashSearch) 闪电搜索是一个用户友好的多平台资产测绘客户端,支持Fofa、hunter、360quake、Zoomeye、零零信安等多平台界面化搜索
- [Search_Viewer v4.1](https://github.com/G3et/Search_Viewer) 集Fofa、Hunter鹰图、Shodan、360 quake、Zoomeye 钟馗之眼、censys 为一体的空间测绘gui图...
- [0_zone v1.1](https://github.com/lemonlove7/0_zone) 0_zone_zpi脚本
- [ThunderSearch v2.5.1](https://github.com/xzajyjs/ThunderSearch) 小而美【支持Fofa、Shodan、Hunter、Zoomeye、Quake网络空间搜索引擎】闪电搜索器;GUI图形化(Ma...
- [NoMoney](https://github.com/H-Limbus/NoMoney) NoMoney 是一款集成了fofa,zoomeye(钟馗之眼),censys,奇安信的鹰图平台,360quake,且完全免费的信息收集工具。fofa...
- [InfoSearchAll V1.2](https://github.com/ExpLangcn/InfoSearchAll) 为了方便安全从业人员在使用网络测绘平台进行信息搜集时的效率,本程序集合了多个网络测绘平台,可以快速在多个网络测绘平台搜索信息并且...
- [0_zone_tool](https://github.com/wkend/0_zone_tool) 零零信安api信息系统查询脚本
- [ones v1.0.4](https://github.com/ffffffff0x/ones) 可用于多个网络资产测绘引擎 API 的命令行查询工具
- [AsamF v0.2.5](https://github.com/Kento-Sec/AsamF) AsamF是集成Fofa、Quake、Hunter、Shodan、Zoomeye、Chinaz、0.zone及爱企查的一站式企业信息资产收集...
- [koko-moni v0.0.1](https://github.com/burpheart/koko-moni) 一个基于网络空间搜索引擎的攻击面管理平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake...
- [TKHunter TKHunter-v1.8](https://github.com/HHa1ey/TKHunter) 一个基于JavaFX写的一个Hunter资产测绘平台的图形化工具
### 邮箱信息收集
- [EmailAll](https://github.com/Taonn/EmailAll) EmailAll is a powerful Email Collect tool — 一款强大的邮箱收集工具
- [EmailFinder](https://github.com/Josue87/EmailFinder) Search emails from a domain through search engines
- 
[Find email addresses of companies and people - Skymem](http://www.skymem.info/)
- 
[Snov.io](https://app.snov.io/)
- 
[Find any email address with Clearbit Connect](https://connect.clearbit.com/)
- 
[FindThatLead - B2B Lead Generation Done in seconds](https://findthatlead.com/en)
- 
[Find email addresses and send cold emails • Hunter](https://hunter.io/)
- 
[Phonebook.cz - Intelligence X](https://phonebook.cz/)
- 
[搜邮箱 | 搜邮箱](https://souyouxiang.com/)
## 后渗透
### 代理转发
- [Dlam reboundShell](https://github.com/thinkoaa/Dlam) 反连助手:发现可以映射本地端口的互联网IP,本工具可从hunter、quake、fofa等网络空间测绘平台,收集、探测互联网IP,...
- | [Neo-reGeorg v5.2.0](https://github.com/L-codes/Neo-reGeorg) Neo-reGeorg is a project that seeks to aggressively refactor reG...
- [frp v0.60.0](https://github.com/fatedier/frp) A fast reverse proxy to help you expose a local server behind a NAT or ...
- [nps v0.26.19](https://github.com/yisier/nps) 基于NPS 0.29.10 版本二开而来,NPS接力项目。公益云NPS:https://natnps.com
- [goproxy v14.6](https://github.com/snail007/goproxy) 🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOC...
- [proxychains-ng v4.17](https://github.com/rofl0r/proxychains-ng) proxychains ng (new generation) - a preloader which hooks call...
- | [Stowaway v2.2](https://github.com/ph4ntonn/Stowaway) 👻Stowaway -- Multi-hop Proxy Tool for pentesters
- | [suo5 v1.3.0](https://github.com/zema1/suo5) 一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool
- | [tls_proxy v1.0](https://github.com/phith0n/tls_proxy) A lightweight reverse proxy server that converts TLS traffic to TCP,...
- [pingtunnel 2.8](https://github.com/esrrhs/pingtunnel) Pingtunnel is a tool that send TCP/UDP traffic over ICMP
- | [rustcat v3.0.0](https://github.com/robiot/rustcat) Rustcat(rcat) - The modern Port listener and Reverse shell
- [SeaMoon 2.0.1](https://github.com/DVKunion/SeaMoon) 月海 (Sea Moon) 是一款 FaaS/BaaS 实现的 Serverless 网络工具
- [ngrok](https://github.com/inconshreveable/ngrok) Unified ingress for developers
- [port_reuse](https://github.com/p1d3er/port_reuse) golang 实现的windows and linux 端口复用工具。
- [slcx v1.0.2](https://github.com/sechelper/slcx) 端口转发工具,绕过流量安全检测。
- | [rakshasa v0.2.3](https://github.com/Mob2003/rakshasa) 基于go编写的跨平台、稳定、隐秘的多级代理内网穿透工具
- [Erfrp v0.1](https://github.com/Goqi/Erfrp) Erfrp-frp二开-免杀与隐藏
- | [wsl2-auto-portproxy v1.1.0](https://github.com/HobaiRiku/wsl2-auto-portproxy) A TCP workaround tool for proxy port from wsl2 linux to ...
- [dnscat2](https://github.com/iagox86/dnscat2)
- [frp_cmd v0.38.0_modify](https://github.com/OrangeWatermelon/frp_cmd) frp修改版,增加socks、pf命令,便捷启用socks5代理、端口转发,且去除流量特征,增加loadini命令,支持...
- | [nps v0.26.10](https://github.com/ehang-io/nps) 一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付...
- [pystinger v1.6](https://github.com/FunnyWolf/pystinger) Bypass firewall for traffic forwarding using webshell 一款使用webshell进行...
- | [PortForward 0.5.0](https://github.com/knownsec/PortForward) The port forwarding tool developed by Golang solves the problem t...
- [multiplexing_port_socks5](https://github.com/TryGOTry/multiplexing_port_socks5) 一款golang写的支持http与socks5的端口复用小工具,并且可以开启socks5代理。
- [dns2tcp v0.5.2](https://github.com/alex-sector/dns2tcp)
- | [reGeorg](https://github.com/sensepost/reGeorg) The successor to reDuh, pwn a bastion webserver and create SOCKS proxies th...
- 
[Termite](http://rootkiter.com/Termite/)
- [neutrino-proxy: NeutrinoProxy(中微子代理) 一款基于solon、netty的内网穿透神器!](https://gitee.com/dromara/neutrino-proxy)
- 
[Proxifier - The Most Advanced Proxy Client](https://www.proxifier.com/)
### 内网信息收集
- [Three-EyedRaven version1.0](https://github.com/zha0gongz1/Three-EyedRaven) 内网探测工具(Internal network detection tool that not contain ...
- [TakeMyRDP](https://github.com/TheD1rkMtr/TakeMyRDP) A keystroke logger targeting the Remote Desktop Protocol (RDP) related pr...
- [HostInfoScan](https://github.com/Y0-kan/HostInfoScan) 红队小工具 | 利用DCERPC协议,无需认证获取Windows机器主机信息和多网卡信息
- [ClipboardHistoryThief](https://github.com/netero1010/ClipboardHistoryThief) POC tool to extract all persistent clipboard history data fro...
- [SharpHostInfo v0.0.1](https://github.com/shmilylty/SharpHostInfo) SharpHostInfo是一款快速探测内网主机信息工具(深信服深蓝实验室天威战队强力驱动)
- [netdiscover](https://github.com/alexxy/netdiscover) netdiscover
- [Adinfo v0.3](https://github.com/lzzbb/Adinfo) 域信息收集工具
- | [netspy v0.0.5](https://github.com/shmilylty/netspy) netspy是一款快速探测内网可达网段工具(深信服深蓝实验室天威战队强力驱动)
- [ATAttack](https://github.com/c1y2m3/ATAttack) 敌后侦察
- [SharpCheckInfo](https://github.com/uknowsec/SharpCheckInfo) 收集目标主机信息,包括最近打开文件,系统环境变量和回收站文件等等
- [teamviewer-dumper](https://github.com/attackercan/teamviewer-dumper) Dump TeamViewer ID and password from memory. Works much better th...
- [inlinux](https://github.com/nitscan/inlinux) 内网渗透信息收集脚本
### 内网横向工具
- [PentesterTools](https://github.com/XiaoTouMingyo/PentesterTools) 渗透测试工具集
- [impacket impacket_0_12_0](https://github.com/fortra/impacket) Impacket is a collection of Python classes for working wit...
- [wmiexec-Pro v0.2.7](https://github.com/XiaoliChan/wmiexec-Pro) New generation of wmiexec.py
- [linuxhacker 1.1.0](https://github.com/TheBeastofwar/linuxhacker) 一款linux 内网渗透辅助工具
- [Impacket_For_Web 20230906](https://github.com/XiaoLi996/Impacket_For_Web) Impacket GUI 让Impacket部分横向模块可视化操作,减少复杂指令
- [Intranet-tools](https://github.com/private-null/Intranet-tools)
- [java-impacket-gui](https://github.com/Suq3rm4n/java-impacket-gui) java-impacket-gui
- [impacket-gui](https://github.com/yutianqaq/impacket-gui) impacket-gui
- [Intranet-Movement-Kit V1.0](https://github.com/AduraK2/Intranet-Movement-Kit) 内网横向移动工具箱
- [go-impacket](https://github.com/Amzza0x00/go-impacket) 基于golang实现的impacket
- [WMIHACKER](https://github.com/rootclay/WMIHACKER) A Bypass Anti-virus Software Lateral Movement Command Execution Tool
- [OLa OLa__20220724](https://github.com/d3ckx1/OLa)
- [sharpwmi v2](https://github.com/QAX-A-Team/sharpwmi) sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。
- [mimikittenz](https://github.com/orlyjamie/mimikittenz) A post-exploitation powershell tool for extracting juicy info from memory.
- [PowerSploit v3.0.0](https://github.com/PowerShellMafia/PowerSploit) PowerSploit - A PowerShell Post-Exploitation Framework
- [PowerShell](https://github.com/clymb3r/PowerShell) Useful PowerShell scripts
- [VMInjector](https://github.com/hzphreak/VMInjector) DLL Injection tool to unlock guest VMs
- 
[xz.aliyun.com](https://xz.aliyun.com/t/9382)
### 内网漏洞发现
- [P1soda v0.0.1](https://github.com/P001water/P1soda) 一款更高、更快、更强的全方位内网扫描工具
- | [fscan 1.8.4](https://github.com/shadow1ng/fscan) 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
- [goon v3.5](https://github.com/i11us0ry/goon) goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含:ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描...
- | [LadonGo v5.2](https://github.com/k8gege/LadonGo) Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透,使用它可轻松一键批量探测C段、B...
- [Template v1.2.5](https://github.com/1n7erface/Template) Next generation RedTeam heuristic intranet scanning | 下一代RedTeam启发式...
- | [kscan v1.85](https://github.com/lcvvvv/kscan) Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹...
- [ADCSKiller](https://github.com/grimlockx/ADCSKiller) An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
- | [Yasso v0.06-main](https://github.com/sairson/Yasso) 强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp,ssh,redis,postgres,mongodb,mssql,mys...
- [SweetBabyScan v0.1.0](https://github.com/inbug-team/SweetBabyScan) Red Tools 渗透测试
- [InScan](https://github.com/inbug-team/InScan) 边界打点后的自动化渗透工具
- [Smbtouch-Scanner](https://github.com/3gstudent/Smbtouch-Scanner) Automatically scan the inner network to detect whether they are vu...
- | [ServerScan v1.0.2](https://github.com/Adminisme/ServerScan) ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
- [Gscan v1.0](https://github.com/hack2fun/Gscan) Gscan is a high concurrency scanner based on golang
### 后渗透框架
- [Villain v2.2.0](https://github.com/t3l3machus/Villain) Villain is a high level stage 0/1 C2 framework that can handle multi...
- [metasploit-framework](https://github.com/rapid7/metasploit-framework) Metasploit Framework
- [CobaltStrike_Cat_4.5 fix_PsExec](https://github.com/TryGOTry/CobaltStrike_Cat_4.5) 猫猫Cs:基于Cobalt Strike[4.5]二开 (原dogcs二开移植)
- | [merlin v2.1.3](https://github.com/Ne0nd0g/merlin) Merlin is a cross-platform post-exploitation HTTP/2 Command & Control...
- [telegram-c2 v1.0](https://github.com/Tomiwa-Ot/telegram-c2) Control a system remotely via telegram
- | [DeimosC2 1.1.0](https://github.com/DeimosC2/DeimosC2) DeimosC2 is a Golang command and control framework for post-exploita...
- [pupy](https://github.com/n1nj4sec/pupy) Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and po...
- |
[Cobalt Strike | Adversary Simulation and Red Team Operations](https://www.cobaltstrike.com/)
### 域渗透工具
- [BloodHound v4.3.1](https://github.com/BloodHoundAD/BloodHound) Six Degrees of Domain Admin
- [ShuiYing_0x727 V1.0](https://github.com/0x727/ShuiYing_0x727) 检测域环境内,域机器的本地管理组成员是否存在弱口令和通用口令,对域用户的权限分配以及域内委派查询
### 权限提升
#### linux提权
- | [PEASS-ng 20240924-c0ef888d](https://github.com/carlospolop/PEASS-ng) PEASS - Privilege Escalation Awesome Scripts SUITE (with...
- | [GTFOBLookup v3](https://github.com/nccgroup/GTFOBLookup) Offline command line lookup utility for GTFOBins (https://github.com...
- [CVE-2023-0386](https://github.com/xkaneiki/CVE-2023-0386) CVE-2023-0386在ubuntu22.04上的提权
- [traitor v0.0.14](https://github.com/liamg/traitor) :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc vi...
- [dirtycow](https://github.com/firefart/dirtycow) Dirty Cow exploit - CVE-2016-5195
- | [linux-kernel-exploits](https://github.com/SecWiki/linux-kernel-exploits) linux-kernel-exploits Linux平台提权漏洞集合
- [LinEnum](https://github.com/rebootuser/LinEnum) Scripted Local Linux Enumeration & Privilege Escalation Checks
- 
[GTFOBins](https://gtfobins.github.io/)
#### macos提权
- [macos-kernel-exploits](https://github.com/SecWiki/macos-kernel-exploits) macos-kernel-exploits MacOS平台提权漏洞集合 https://www.sec-wiki.com
#### windows提权
- [CoercedPotato](https://github.com/Prepouce/CoercedPotato) A Windows potato to privesc
- [wesng](https://github.com/bitsadmin/wesng) Windows Exploit Suggester - Next Generation
- [PrivescCheck](https://github.com/itm4n/PrivescCheck) Privilege Escalation Enumeration Script for Windows
- [CoercedPotato](https://github.com/hackvens/CoercedPotato)
- [AutoZerologon](https://github.com/StarfireLab/AutoZerologon) Zerologon自动化脚本
- | [windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits) windows-kernel-exploits Windows平台提权漏洞集合
- [BadPotato](https://github.com/BeichenDream/BadPotato) Windows 权限提升 BadPotato
- [getshell](https://github.com/klsfct/getshell) 各大平台提权工具
- [Windows 提权辅助](http://tools.sbbbb.cn/tiquan/)
- [PrintNotifyPotato](https://github.com/BeichenDream/PrintNotifyPotato)
- 
[404 Not Found](https://i.hacking8.com/tiquan)
- 
[Find Missing Patches](https://patchchecker.com/)
#### 综合
- [Kernelhub v1.1](https://github.com/Ascotbe/Kernelhub) :palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerabi...
### 权限维持
#### Shell管理
- | [Platypus v1.5.0](https://github.com/WangYihang/Platypus) :hammer: A modern multiple reverse shell sessions manager written i...
- [java-memshell-generator-release v1.0.6](https://github.com/pen4uin/java-memshell-generator-release) 一款支持高度自定义的 Java 内存马生成工具
- | [Webshell_Generate v1.2.4](https://github.com/cseroad/Webshell_Generate) 用于生成各类免杀webshell
- [As-Exploits](https://github.com/yzddmr6/As-Exploits) 中国蚁剑后渗透框架
- | [Behinder Behinder_v4.1【t00ls专版】](https://github.com/rebeyond/Behinder) “冰蝎”动态二进制加密网站管理客户端
- [antSword 2.1.15](https://github.com/AntSwordProject/antSword) 中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management...
- | [Godzilla v4.0.1-godzilla](https://github.com/BeichenDream/Godzilla) 哥斯拉
- [DogCs4.4 dogcs_v2.4](https://github.com/TryGOTry/DogCs4.4) cs4.4修改去特征狗狗版(美化ui,去除特征,自带bypass核晶截图等..)
- [WebshellManager](https://github.com/boy-hack/WebshellManager) w8ay 一句话WEB端管理工具
- | [Cknife](https://github.com/Chora10/Cknife) Cknife
#### webshell
- | [java-memshell-generator v1.0.6](https://github.com/pen4uin/java-memshell-generator) 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory ...
- | [Z-Godzilla_ekp V1.1-Godzilla_ekp](https://github.com/kong030813/Z-Godzilla_ekp) 哥斯拉webshell管理工具二次开发规避流量检测设备
- [WebShell-Bypass-Guide V1.5.0](https://github.com/AabyssZG/WebShell-Bypass-Guide) 从零学习Webshell免杀手册
- | [PyShell](https://github.com/JoelGMSec/PyShell) Multiplatform Python WebShell
- | [java-echo-generator-release v1.0.0](https://github.com/pen4uin/java-echo-generator-release) 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo ...
- [LearnJavaMemshellFromZero](https://github.com/W01fh4cker/LearnJavaMemshellFromZero) 【三万字原创】完全零基础从0到1掌握Java内存马,公众号:追梦信安
- | [weevely3 v4.0.2](https://github.com/epinna/weevely3) Weaponized web shell
- [ASPJinjaObfuscator](https://github.com/fin3ss3g0d/ASPJinjaObfuscator) Heavily obfuscated ASP web shell generation tool.
- | [webshell v-2021-01-05](https://github.com/tennc/webshell) This is a webshell open source project
- | [shellfire v0.13](https://github.com/unix-ninja/shellfire) An exploitation shell focusing on exploiting command injection vuln...
- [vagent v1.0.0](https://github.com/veo/vagent) 多功能 java agent 内存马
- [JavaAgentTools v0.6](https://github.com/ethushiroha/JavaAgentTools) 用Java agent实现内存马等功能
- [RMI_Inj_MemShell 0.1.2](https://github.com/novysodope/RMI_Inj_MemShell) rmi打内存马工具,适用于目标用不了ldap的情况
- [msmap](https://github.com/hosch3n/msmap) Msmap is a Memory WebShell Generator.
- [JundeadShell 1.1](https://github.com/0x00007c00/JundeadShell) Java内存马注入工具
- [JundeadShell](https://github.com/WisteriaTiger/JundeadShell) Java内存马注入工具
- [TomcatMemShell](https://github.com/ce-automne/TomcatMemShell) 拿来即用的Tomcat7/8/9/10版本Listener/Filter/Servlet内存马,支持注入CMD内存马和冰蝎内存马
- [AwesomeScript](https://github.com/AntSwordProject/AwesomeScript) AntSword Shell 脚本分享/示例
- [AwesomeEncoder](https://github.com/AntSwordProject/AwesomeEncoder) AntSword 自定义编(解)码器分享
- | [skyscorpion 1.0.release.20210322](https://github.com/shack2/skyscorpion) 新版将不再对外公开发布。天蝎权限管理工具采用Java平台的JavaFX技术开发的桌面客户端,支持跨平...
- [webshell-detect-bypass](https://github.com/LandGrey/webshell-detect-bypass) 绕过专业工具检测的Webshell研究文章和免杀的Webshell
- | [Awsome-shells](https://github.com/abhinavprasad47/Awsome-shells) Collection of reverse shells
- [memshell mxd_rebehinder_v3_0_5](https://github.com/ydnzol/memshell) Tomcat 冰蝎内存马。
- | [AntSword-Loader 4.0.3](https://github.com/AntSwordProject/AntSword-Loader) AntSword 加载器
- [NetDLLSpy](https://github.com/Ivan1ee/NetDLLSpy) .NET后渗透下的权限维持,附下载DLL
- [webshell](https://github.com/backlion/webshell) 这是一些常用的webshell
- [EtherGhost](https://github.com/Marven11/EtherGhost)
- [MemShellGene](https://github.com/suizhibo/MemShellGene)
#### 免杀
- [RingQ](https://github.com/T4y1oR/RingQ) 一款后渗透免杀工具,助力每一位像我这样的脚本小子快速实现免杀,支持bypass AV/EDR 360 火绒 Windows Defender Shellc...
- [RedGuard 24.06.18](https://github.com/wikiZ/RedGuard) RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs...
- [JoJoLoader JoJoLoader](https://github.com/Pizz33/JoJoLoader) 助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasi...
- [AVEvasionCraftOnline v1.2](https://github.com/yutianqaq/AVEvasionCraftOnline) An online AV evasion platform written in Springboot (Gola...
- [AVByPass](https://github.com/yhy0/AVByPass) 一款Web在线自动免杀工具
- [Qianji Qianji_BypassAV-sandbox-20231115](https://github.com/Pizz33/Qianji) 千机-红队免杀木马自动生成器 Bypass defender、火绒、360等国内主流...
- | [BypassAntiVirus](https://github.com/TideSec/BypassAntiVirus) 远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效...
- | [AV_Evasion_Tool 20231208](https://github.com/1y0n/AV_Evasion_Tool) 掩日 - 免杀执行器生成工具
- [noterce 1.3](https://github.com/xiao-zhu-zhu/noterce) 一种另辟蹊径的免杀执行系统命令的木马
- [0xUBypass 1.0.0](https://github.com/Yeuoly/0xUBypass) AntiAV shellcode loader
- [SharpShellcodeLoader_Rc4Aes](https://github.com/xf555er/SharpShellcodeLoader_Rc4Aes) 用于解密并加载shellcode,支持RC4和AES两种解密方法,并使用DInvoke来动态调用WinAPI函...
- [GobypassAV-shellcode](https://github.com/Pizz33/GobypassAV-shellcode) shellcode免杀加载器,使用go实现,免杀bypass火绒、360、核晶、def等主流杀软
- [killEscaper](https://github.com/Anyyy111/killEscaper) Shellcode 免杀生成器 绕过火绒、360(Windows版本)
- [ZheTian v3](https://github.com/yqcs/ZheTian) ::ZheTian / 强大的免杀生成工具,Bypass All.
- [ShellCode_Loader v0.0.1](https://github.com/Axx8/ShellCode_Loader) ShellCode_Loader - Msf&CobaltStrike免杀ShellCode加载器、Shellcode...
- [SysWhispers2](https://github.com/jthuraisamy/SysWhispers2) AV/EDR evasion via direct system calls.
- [GoBypassAV](https://github.com/TideSec/GoBypassAV) 整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一些资料和工具。
- [BypassAnti-Virus](https://github.com/midisec/BypassAnti-Virus) 免杀姿势学习、记录、复现。
- [FourEye 1.8](https://github.com/lengjibo/FourEye) AV Evasion Tool For Red Team Ops
- [BadAssMacros v1.0](https://github.com/Inf0secRabbit/BadAssMacros) BadAssMacros - C# based automated Malicous Macro Generator.
- [go-shellcode](https://github.com/brimstone/go-shellcode) Load shellcode into a new process
- [bypassAV](https://github.com/pureqh/bypassAV) 免杀shellcode加载器
- [BypassAv-web](https://github.com/M-Kings/BypassAv-web) nim一键免杀
- | [shellcodeloader v1.1](https://github.com/knownsec/shellcodeloader) shellcodeloader
- [anti-av](https://github.com/alphaSeclab/anti-av) Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 13...
- [encdecshellcode](https://github.com/blacknbunny/encdecshellcode) Shellcode Encrypter & Decrypter via XOR Cipher
#### 免杀相关
##### 图标提取
- [SharpThief SharpThief](https://github.com/INotGreen/SharpThief) 一键提取exe的图标、嵌入图标、资源信息、版本信息、修改时间、数字签名,降低程序熵值
- [BeCyIconGrabberPortable](https://github.com/JarlPenguin/BeCyIconGrabberPortable) BeCyIconGrabber allows you to extract icons from almost any...
- [SetIcon v1.0](https://github.com/guitarfreak/SetIcon) Creates a windows icon file (.ico) from an image and sets it on an exe.
##### 文件时间修改
- [ChangeTimestamp](https://github.com/sorabug/ChangeTimestamp) 一键修改exe、dll的编译时间、创建时间、修改时间和访问时间
- [ChTimeStamp](https://github.com/MsF-NTDLL/ChTimeStamp) Changing the Creation time and the Last Written time of a dropped file ...
##### 痕迹隐藏
- [go-strip v3.0](https://github.com/boy-hack/go-strip) 清除Go编译时自带的信息
##### 签名伪造
- [Sign-Sacker 代码微调,项目停更](https://github.com/langsasec/Sign-Sacker) Sign-Sacker(签名掠夺者):一款数字签名复制器,可将其他官方exe中数字签名,图标,详细信息复制到没有签名的ex...
- [SigThief](https://github.com/secretsquirrel/SigThief) Stealing Signatures and Making One Invalid Signature at a Time
#### 后门
- [Pkeep](https://github.com/S-ixpence/Pkeep) linux权限维持脚本
- [HackerPermKeeper 7.0](https://github.com/RuoJi6/HackerPermKeeper) Linux权限维持
- | [reverse_ssh v2.5.5](https://github.com/NHAS/reverse_ssh) SSH based reverse shell
- [ScareCrow v5.1](https://github.com/optiv/ScareCrow) ScareCrow - Payload creation framework designed around EDR bypass.
- [hoaxshell](https://github.com/t3l3machus/hoaxshell) A Windows reverse shell payload generator and handler that abuses the htt...
- [C2ReverseProxy v1.0](https://github.com/Daybr4ak/C2ReverseProxy) 一款可以在不出网的环境下进行反向代理及cs上线的工具
- [CreateHiddenAccount 0.2](https://github.com/wgpsec/CreateHiddenAccount) A tool for creating hidden accounts using the registry || 一...
- [ShadowUser](https://github.com/An0nySec/ShadowUser) 影子用户 克隆
- [ridhijack 0.02](https://github.com/yanghaoi/ridhijack) 通过C/C++实现的 Windows RID Hijacking persistence technique (RID劫持 影子账户 账...
- [CloneX_0x727 1.0](https://github.com/0x727/CloneX_0x727) 进行克隆用户、添加用户等账户防护安全检测的轻巧工具
- [SchTask_0x727 v1.0](https://github.com/0x727/SchTask_0x727) 创建隐藏计划任务,权限维持,Bypass AV
- [Schtasks-Backdoor](https://github.com/AV1080p/Schtasks-Backdoor) Powershell 权限维持后门
- [icmpsh](https://github.com/bdamele/icmpsh) Simple reverse ICMP shell
#### 在线免杀平台
- 
[潮影在线免杀平台](http://bypass.tidesec.com/)
- [潮影在线免杀平台](http://bypass.tidesec.com/web/)
#### 远控
- | [sliver v1.5.42](https://github.com/BishopFox/sliver) Adversary Emulation Framework
- [PingRAT v1](https://github.com/umutcamliyurt/PingRAT) PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.
- [Supershell v2.0.0](https://github.com/tdragon6/Supershell) Supershell C2 远控平台,基于反向SSH隧道获取完全交互式Shell
- [trojan_simple_demo](https://github.com/Ciyfly/trojan_simple_demo) 简单的用python写的远控demo 执行命令 只一个心跳完成所有操作
- [SimpleRemoter v1.0.0.5](https://github.com/yuanyuanxiang/SimpleRemoter) 基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表...
- [gcat](https://github.com/byt3bl33d3r/gcat) A PoC backdoor that uses Gmail as a C&C server
- [BlackHole](https://github.com/hussein-aitlahcen/BlackHole) C# RAT (Remote Administration Tool)
### 综合
- [Viper v2.3.4-2024-09-04-16-59-30](https://github.com/FunnyWolf/Viper) Attack Surface Management & Red Team Simulation Pl...
- [Ladon v12.2](https://github.com/k8gege/Ladon) Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、...
## 客户端漏洞
### 向日葵
- [sunlogin_rce new](https://github.com/Mr-xn/sunlogin_rce) 向日葵 RCE
## 相关资源
### 代理池
- [ProxyCat ProxyCat-V1.7](https://github.com/honmashironeko/ProxyCat) 一款部署于云端或本地的代理池中间件,可将静态代理IP灵活运用成隧道IP,提供固定请求地址,一次部署终身使用
- | [SocksHunter v0.1](https://github.com/Seven1an/SocksHunter) 一款高效的 Socks5 代理采集与使用工具
- [proxy_pool 2.4.1](https://github.com/jhao104/proxy_pool) Python ProxyPool for web spider
- [Deadpool proxypool1.5](https://github.com/thinkoaa/Deadpool) deadpool代理池工具,可从hunter、quake、fofa等网络空间测绘平台取socks5代理,或本地导入sock...
- [znpool znpool](https://github.com/twowb/znpool) 一个又快又好的全球免费代理轮询工具
- [rotateproxy v0.8.1](https://github.com/akkuman/rotateproxy) 利用fofa搜索socks5开放代理进行代理池轮切的工具
- [mubeng v0.18.0](https://github.com/kitabisa/mubeng) An incredibly fast proxy checker & IP rotator with ease.
- [ProxyPoolxSocks v1.3](https://github.com/Anyyy111/ProxyPoolxSocks) ☁️Socks代理池服务端自动化搭建工具☁️
- [Venom-Transponder](https://github.com/z-bool/Venom-Transponder) 毒液流量转发器:自动化捡洞/打点/跳板必备神器,支持联动URL爬虫、各种被动扫描器。
- [Gofreeproxy v0.1](https://github.com/ja9er/Gofreeproxy) 自用的动态代理小工具
- [go_proxy_pool 2022.11.22](https://github.com/pingc0y/go_proxy_pool) 无环境依赖开箱即用的代理IP池
- [Auto_proxy](https://github.com/Mustard404/Auto_proxy) 利用IP地址池进行自动切换Http代理,防止IP封禁。
- [proxyServer v1.0](https://github.com/safe6Sec/proxyServer) 本项目其实就是个简单的代理服务器,把代理池集成进来来了。
### 优秀项目集合
- | [scoop-bucket](https://github.com/ViCrack/scoop-bucket) The free bucket for Scoop
- [exp-hub](https://github.com/ybdt/exp-hub) 漏洞复现及武器化
- [404StarLink](https://github.com/knownsec/404StarLink) 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
- [SecurityTools](https://github.com/birdhan/SecurityTools) 渗透测试工具包 | 开源安全测试工具 | 网络安全工具
- [All-Defense-Tool](https://github.com/guchangan1/All-Defense-Tool) 本项目集成了全网优秀的攻防武器工具项目,包含自动化利用,子域名、目录扫描、端口扫描等信息收集工具,各大中间件、cms、OA漏洞利用工...
- [Scanners-Box](https://github.com/We5ter/Scanners-Box) A powerful and open-source toolkit for hackers and security automation...
- [Tool_Summary](https://github.com/djytmdj/Tool_Summary) 网络安全测试工具汇总,包含漏洞库、漏洞利用工具、漏洞扫描工具、密码读取工具、中间件利用工具、内网渗透工具。cs、burp、浏览器插件工具、字典等
- [About-Attack](https://github.com/lintstar/About-Attack) 一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
- [RedTeamTools](https://github.com/FiveAourThe/RedTeamTools) 分享红队常用的工具
### 在线默认口令字典
- [[~]#棱角 ::Edge.Forum*](https://forum.ywhack.com/bountytips.php?huawei)
- [[~]#棱角 ::Edge.Forum*](https://forum.ywhack.com/bountytips.php?password)
### 域环境靶场
- [dragon-lab](https://github.com/0range-x/dragon-lab)
### 字典
- | [SecLists 2024.3](https://github.com/danielmiessler/SecLists) SecLists is the security tester's companion. It's a collection of m...
- [SecDictionary](https://github.com/SexyBeast233/SecDictionary) 实战沉淀字典
- [wordlists](https://github.com/drtychai/wordlists) Aggregated wordlist pulled from commonly used tools for discovery, enumer...
- [Web-Fuzzing-Box](https://github.com/gh0stkey/Web-Fuzzing-Box) Web Fuzzing Box - Web 模糊测试字典与一些Payloads
- [top25-parameter v1.0.7](https://github.com/lutfumertceylan/top25-parameter) For basic researches, top 25 vulnerability parameters that c...
- [fuzz4bounty](https://github.com/0xPugazh/fuzz4bounty) 1337 Wordlists for Bug Bounty Hunting
- [JavaFileDict](https://github.com/f0ng/JavaFileDict) Java应用的一些配置文件字典,来源于公开的字典与平时收集
- | [fuzzDicts](https://github.com/TheKingOfDuck/fuzzDicts) Web Pentesting Fuzz 字典,一个就够了。
- [gendict v1.0.5](https://github.com/ffffffff0x/gendict) 字典生成工具
- [yichen_Password_dictionary yichen](https://github.com/yichensec/yichen_Password_dictionary) 逸尘的字典 渗透测试个人专用的字典,搜索网上,及自己平常收集的一些路径,其中信息包括HVV中常见...
- [Payloads](https://github.com/sh377c0d3/Payloads) Payload Arsenal for Pentration Tester and Bug Bounty Hunters
- [AboutSecurity v2](https://github.com/ffffffff0x/AboutSecurity) Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
- [Fdict](https://github.com/ccc-f/Fdict) 一款面向企业的渗透测试字典生成工具。
- [Dictionary-Of-Pentesting](https://github.com/insightglacier/Dictionary-Of-Pentesting) Dictionary collection project such as Pentesing, Fuzzing, ...
- [name-fuzz](https://github.com/ffffffff0x/name-fuzz) 针对目标已知信息的字典生成工具
- [bottleneckOsmosis](https://github.com/7dog7/bottleneckOsmosis) 瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf
- [Blasting_dictionary](https://github.com/rootphantomer/Blasting_dictionary) 爆破字典
- [SaiDict](https://github.com/Stardustsky/SaiDict) 弱口令,敏感目录,敏感文件等渗透测试常用攻击字典
- [wpa-dictionary](https://github.com/conwnet/wpa-dictionary) WPA/WPA2 密码字典,用于 wifi 密码暴力破解
- [PasswordDic](https://github.com/k8gege/PasswordDic) 2011-2019年Top100弱口令密码字典 Top1000密码字典 服务器SSH/VPS密码字典 后台管理密码字典 数据库密码字典 子域名字典
- [Pwdb-Public](https://github.com/ignis-sec/Pwdb-Public) A collection of all the data i could extract from 1 billion leaked cred...
- [RW_Password](https://github.com/r35tart/RW_Password) 此项目用来提取收集以往泄露的密码中符合条件的强弱密码
- [BurpCollector](https://github.com/TEag1e/BurpCollector) 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。
- [Dirpath_List](https://github.com/DictionaryHouse/Dirpath_List) Dirpath_List 目录扫描字典
- [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
- | [Kali Linux / Packages / wordlists · GitLab](https://gitlab.com/kalilinux/packages/wordlists)
### 工具周边
#### Burpsuite
##### 信息收集
- | [domain_hunter_pro v2.0](https://github.com/bit4woo/domain_hunter_pro) domain_hunter的高级版本,SRC挖洞、HW打点之必备!自动化资产收集;快速Title获取;外部工具联动;等等
- | [BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder) Burp Extension for a passive scanning JS files for endpoint links.
- [god_param](https://github.com/goddemondemongod/god_param) god_param
- [Sylas 1.1.1](https://github.com/Acmesec/Sylas) 新一代子域名主/被动收集工具 - Subdomain automatic/passive collection tool
- [BurpExtractor v1.3.4](https://github.com/NetSPI/BurpExtractor) A Burp extension for generic extraction and reuse of data with...
- [domain_hunter v1.5](https://github.com/bit4woo/domain_hunter) A Burp Suite Extension that try to find all sub-domain, similar-...
- [BurpFingerPrint](https://github.com/shuanx/BurpFingerPrint)
##### 其他
- [burp-api-drops](https://github.com/bit4woo/burp-api-drops) burp插件开发指南
- [jython](https://github.com/jython/jython)
- |
[Web Application Security, Testing, & Scanning - PortSwigger](https://portswigger.net/)
##### 功能拓展
- | [Galaxy 3.2.0](https://github.com/outlaws-bai/Galaxy) Burp插件,通过自定义hook脚本自动解密报文,让你像测试明文一样简单。A Burp plugin that automatically ...
- | [BurpAPIFinder v2.0](https://github.com/shuanx/BurpAPIFinder) 攻防演练过程中,我们通常会用浏览器访问一些资产,但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等,该插件能让我...
- | [HaE 3.3.3](https://github.com/gh0stkey/HaE) HaE - Highlighter and Extractor, Empower ethical hacker for efficient ope...
- | [burp-requests v0.2.6](https://github.com/silentsignal/burp-requests) Copy as requests plugin for Burp Suite
- [NEW_xp_CAPTCHA 4.3](https://github.com/smxiazi/NEW_xp_CAPTCHA) xp_CAPTCHA(瞎跑 白嫖版) burp 验证码 识别 burp插件
- | [knife v2.3](https://github.com/bit4woo/knife) A burp extension that add some useful function to Context Menu 添加一些右键菜单...
- | [captcha-killer-modified 0.24.6](https://github.com/f0ng/captcha-killer-modified) captcha-killer的修改版,支持关键词识别base64编码的图片,添加免费ocr库,用于验证码...
- [GAP-Burp-Extension v5.4](https://github.com/xnl-h4ck3r/GAP-Burp-Extension) Burp Extension to find potential endpoints, parameters, and...
- | [xia_Liao 1.7](https://github.com/smxiazi/xia_Liao) xia Liao(瞎料)burp插件 用于Windows在线进程/杀软识别 与 web渗透注册时,快速生成需要的资料用来填写,资料包含:姓名...
- | [autoDecoder 0.50](https://github.com/f0ng/autoDecoder) Burp插件,根据自定义来达到对数据包的处理(适用于加解密、爆破等),类似mitmproxy,不同点在于经过了burp中转,在自动加...
- [LoggerPlusPlus v3.20.1](https://github.com/nccgroup/LoggerPlusPlus) Advanced Burp Suite Logging Extension
- [reCAPTCHA v1.0](https://github.com/bit4woo/reCAPTCHA) reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize ...
- [http-request-smuggler](https://github.com/portswigger/http-request-smuggler)
- [AutoRepeater V1.1](https://github.com/Lotus6/AutoRepeater) Burp插件,自动化挖掘SSRF,Redirect,Sqli漏洞,自定义匹配参数
- | [passive-scan-client 0.3.1](https://github.com/c0ny1/passive-scan-client) Burp被动扫描流量转发插件
- [BurpHttpHelper 1.3.1](https://github.com/MaskCyberSecurityTeam/BurpHttpHelper) BurpHttpHelper是一款Burpsuite插件,主要用于简化和解决Burpsuite对Http的一些操作.
- [chunked-coding-converter 0.4.0](https://github.com/c0ny1/chunked-coding-converter) Burp suite 分块传输辅助插件
- [BurpSuite_403Bypasser](https://github.com/sting8k/BurpSuite_403Bypasser) Burpsuite Extension to bypass 403 restricted directory
- [base64encode 1.0](https://github.com/handbye/base64encode) burpsuite POST数据包base64编码插件
- | [HackBar 2.0](https://github.com/d3vilbug/HackBar) HackBar plugin for Burpsuite
- [JC-AntiToken](https://github.com/chroblert/JC-AntiToken) burp插件:python版,token防重放绕过
- [AutoRepeater](https://github.com/nccgroup/AutoRepeater) Automated HTTP Request Repeating With Burp Suite
- [captcha-killer 0.1.2](https://github.com/c0ny1/captcha-killer) burp验证码识别接口调用插件
- [Burp_AES_Plugin](https://github.com/jas502n/Burp_AES_Plugin) Burpsuite Plugin For AES Crack
- [sqlmap4burp-plus-plus 0.2](https://github.com/c0ny1/sqlmap4burp-plus-plus) sqlmap4burp++是一款兼容Windows,mac,linux多个系统平台的Burp与sqlmap联动插件
- [burp-cph 3.0](https://github.com/elespike/burp-cph) Custom Parameter Handler extension for Burp Suite.
- [BurpSuiteHTTPSmuggler v0.1](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) A Burp Suite extension to help pentesters to bypass WAFs...
- [autoDecoder-usages](https://github.com/f0ng/autoDecoder-usages)
##### 插件仓库
- [BurpSuite-collections](https://github.com/Mr-xn/BurpSuite-collections) 有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客m...
##### 未分类
- [OneScan v1.6.11](https://github.com/vaycore/OneScan) OneScan是递归目录扫描的BurpSuite插件
- [blackboxprotobuf](https://github.com/nccgroup/blackboxprotobuf) Blackbox Protobuf is a set of tools for working with encoded Proto...
- [CaA 1.0.1](https://github.com/gh0stkey/CaA) CaA - Collector and Analyzer, Insight into information, exploring with in...
- | [passive-scan-client-plus v0.4.22](https://github.com/winezer0/passive-scan-client-plus) burpsuite passive-scan-client 插件持续维护分支 v2024
- [awesome-burp-extensions](https://github.com/snoopysecurity/awesome-burp-extensions) A curated list of amazingly awesome Burp Extensions
- [Brida v0.6pre](https://github.com/federicodotta/Brida) The new bridge between Burp Suite and Frida!
- [turbo-intruder 1.0.19](https://github.com/portswigger/turbo-intruder) Turbo Intruder is a Burp Suite extension for sending large nu...
- [Burp-Non-HTTP-Extension v1.8.2](https://github.com/summitt/Burp-Non-HTTP-Extension) TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp S...
- | [TsojanScan v1.4.6](https://github.com/Tsojan/TsojanScan) An integrated BurpSuite vulnerability detection plug-in.
- | [Log4j2Scan dev-20230804T025448](https://github.com/whwlsfb/Log4j2Scan) Log4j2 RCE Passive Scanner plugin for BurpSuite
- | [BurpCrypto](https://github.com/whwlsfb/BurpCrypto) BurpCrypto is a collection of burpsuite encryption plug-ins, support AES...
- [inql v5.0.2](https://github.com/doyensec/inql) InQL is a robust, open-source Burp Suite extension for advanced GraphQL...
- [HackTools 1.5](https://github.com/Vicl1fe/HackTools) 提高渗透测试效率。#Burp插件##渗透测试##小工具#
- [xia_sql 3.3](https://github.com/smxiazi/xia_sql) xia SQL (瞎注) burp 插件 ,在每个参数后面填加一个单引号,两个单引号,一个简单的判断注入小插件。
- [sweetPotato version1.6](https://github.com/z2p/sweetPotato) 基于burpsuite的资产分析工具
- | [HostHeaderAttack 0.1.1](https://github.com/weujieytt/HostHeaderAttack) 检测host头攻击的Burpsuite被动扫描插件,Burpsuite passive scanning plugin ...
- [Burp2Malleable](https://github.com/CodeXTF2/Burp2Malleable) Quick python utility I wrote to turn HTTP requests from burp suite i...
- [BurpBounty BurpBounty_v4.0](https://github.com/wagiro/BurpBounty) Burp Bounty (Scan Check Builder in BApp Store) is a exte...
- [npscrack npscrack-1.0](https://github.com/weishen250/npscrack) 蓝队利器、溯源反制、NPS 漏洞利用、NPS exp、NPS poc、Burp插件、一键利用
- [SpringVulScan SpringVulScan-1.1](https://github.com/tpt11fb/SpringVulScan) burpsuite 的Spring漏洞扫描插件。SpringVulScan:支持检测:路由泄露|CVE...
- [collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere) A Burp Suite Pro extension which augments your proxy traffi...
- [taborator](https://github.com/hackvertor/taborator) A Burp extension to show the Collaborator client in a tab
- | [burpFakeIP 1.1](https://github.com/TheKingOfDuck/burpFakeIP) 服务端配置错误情况下用于伪造ip地址进行测试的Burp Suite插件
- [upload-scanner](https://github.com/PortSwigger/upload-scanner) HTTP file upload scanner for Burp Proxy
- [JustC2file v1.0.2](https://github.com/Peithon/JustC2file) Burp插件,Malleable C2 Profiles生成器;可以通过Burp代理选中请求,生成Cobalt Strike的pr...
- [burp-bounty](https://github.com/Sy3Omda/burp-bounty) Burp Bounty profiles
- [CORSScanner](https://github.com/zzzskd/CORSScanner) CORS 跨域漏洞 burp 插件
- [burp-UnicodeAutoDecode](https://github.com/KagamigawaMeguri/burp-UnicodeAutoDecode) Burpsuite插件,Unicode自动转码为中文,提高测试效率。
- [J2EEScan v2.0.0](https://github.com/ilmila/J2EEScan) J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin ...
- [checkburp](https://github.com/TomAPU/checkburp) Detect burp
- [fastjsonScan](https://github.com/zilong3033/fastjsonScan) fastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog,fastjson<=1.2.24和1.2.33<=fa...
- [HopLa 1.2](https://github.com/synacktiv/HopLa) HopLa Burp Suite Extender plugin - Adds autocompletion support and usef...
- [AES-Killer v4.0](https://github.com/Ebryx/AES-Killer) Burp Plugin to decrypt AES encrypted traffic on the fly
- [ssrf-king v1.12](https://github.com/ethicalhackingplayground/ssrf-king) SSRF plugin for burp Automates SSRF Detection in all of the Request
- [burp-wildcard 1.08](https://github.com/hvqzao/burp-wildcard) Burp extension intended to compact Burp extension tabs by hijack...
- [Jsdir](https://github.com/Lopseg/Jsdir) Jsdir is a Burp Suite extension that extracts hidden paths from js files and ...
- [wooyun-payload 1.0](https://github.com/boy-hack/wooyun-payload) 从wooyun中提取的payload,以及burp插件
- [generator-burp-extension](https://github.com/rsrdesarrollo/generator-burp-extension) Everything you need about Burp Extension Generation
- [BurpSuite-Asset_Discover](https://github.com/redhuntlabs/BurpSuite-Asset_Discover) Burp Suite extension to discover assets from HTTP response.
- [BurpSuite-Xkeys](https://github.com/vsec7/BurpSuite-Xkeys) A Burp Suite Extension to extract interesting strings (key, secret,...
- [burpJsEncrypter 0.1](https://github.com/TheKingOfDuck/burpJsEncrypter) More Easier Burp Extension To Solve Javascript Front End Encryp...
- [JSONP-Hunter](https://github.com/p1g3/JSONP-Hunter) JSONP Hunter in burpsuite.
- [Fastjson-Scanner](https://github.com/p1g3/Fastjson-Scanner) a burp extension to find where use fastjson
- [BurpSuite-Extender-fastjson](https://github.com/uknowsec/BurpSuite-Extender-fastjson) Reference:https://www.w2n1ck.com/article/44/
- [jsEncrypter 0.3.2](https://github.com/c0ny1/jsEncrypter) 一个用于前端加密Fuzz的Burp Suite插件
- [awesome-burp-suite](https://github.com/alphaSeclab/awesome-burp-suite) Awesome Burp Suite Resources. 400+ open source Burp plugins, 400...
- [SQL-Injection-Payloads](https://github.com/trietptm/SQL-Injection-Payloads) SQL Injection Payloads for Burp Suite, OWASP Zed Attack Prox...
- [BurpCollaboratorDNSTunnel](https://github.com/NetSPI/BurpCollaboratorDNSTunnel) A DNS tunnel utilizing the Burp Collaborator
- [BurpCollect](https://github.com/orleven/BurpCollect) 基于BurpCollector的二次开发, 记录Burpsuite Site Map记录的里的数据包中的目录路径参数名信息,并存入Sqlite...
- [Caidao-AES-Version](https://github.com/ekgg/Caidao-AES-Version) 一个Burp插件,实现用AES算法透明加密原版菜刀Caidao.exe与服务器端交互的http数据流
- | [HTTPHeadModifer v0.1](https://github.com/c0ny1/HTTPHeadModifer) 一款快速修改HTTP数据包头的Burp Suite插件
- [Wsdler 2.0.12](https://github.com/NetSPI/Wsdler) WSDL Parser extension for Burp
##### 漏洞利用
- [ExchangeOWA v2.1](https://github.com/KrystianLi/ExchangeOWA) 一款OutLook信息收集工具
- [fastjson-exp v1.0.0](https://github.com/amaz1ngday/fastjson-exp) fastjson利用,支持tomcat、spring回显,哥斯拉内存马;回显利用链为dhcp、ibatis、c3p0。
- [shiro-check shirochek3.0](https://github.com/bigsizeme/shiro-check) Shiro反序列化回显利用、内存shell、检查 Burp插件
##### 漏洞扫描
- [BypassPro v3.0](https://github.com/0x727/BypassPro) 对权限绕过自动化bypass的burpsuite插件
- | [RouteVulScan RouteVulScan1.5.4](https://github.com/F6JO/RouteVulScan) Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的bu...
- [HostScan](https://github.com/hy0jer/HostScan) 一款支持检测host头攻击的burp suite插件
- | [SpringScan V1.8.2](https://github.com/metaStor/SpringScan) SpringScan 漏洞检测 Burp插件
- [burp-log4shell v0.2.4](https://github.com/silentsignal/burp-log4shell) Log4Shell scanner for Burp Suite
- [semgrepper v1.3](https://github.com/gand3lf/semgrepper) An extension to use Semgrep inside Burp Suite.
- [log4j2burpscanner 0.25.0](https://github.com/f0ng/log4j2burpscanner) CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io ...
- [BurpCRLFScan 1.4](https://github.com/A0WaQ4/BurpCRLFScan) 使用java编写的CRLF-Injection-burp被动扫描插件
- [BpScan 1.0.0](https://github.com/EASY233/BpScan) 一款用于辅助渗透测试工程师日常渗透测试的Burp被动漏扫插件
- [burp-text4shell v0.1](https://github.com/silentsignal/burp-text4shell) Text4Shell scanner for Burp Suite
- | [JsonDetect v1.0](https://github.com/a1phaboy/JsonDetect) A burp Extender to detect json, include fastjson,jackson,gson
- | [BurpShiroPassiveScan BurpShiroPassiveScan-2.0.0](https://github.com/pmiaowu/BurpShiroPassiveScan) 一款基于BurpSuite的被动式shiro检测插件
- | [BurpFastJsonScan BurpFastJsonScan-2.2.2](https://github.com/pmiaowu/BurpFastJsonScan) 一款基于BurpSuite的被动式FastJson检测插件
- [BurpBountyPlus 3](https://github.com/ggg4566/BurpBountyPlus) BurpBounty 魔改版本
- [PowerScanner 1.1.3](https://github.com/NeoTheCapt/PowerScanner) 面向HW的红队半自动扫描器
- [Log4j-check](https://github.com/bigsizeme/Log4j-check) log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和burp内置DNS、可配合JNDIExploit生成pay...
- [FastjsonScan 1.0](https://github.com/Maskhe/FastjsonScan) 一个简单的Fastjson反序列化检测burp插件
- [GadgetProbe v1.0](https://github.com/BishopFox/GadgetProbe) Probe endpoints consuming Java serialized objects to identify clas...
- [APIKit](https://github.com/API-Security/APIKit)
- [gatherBurp](https://github.com/kN6jq/gatherBurp)
##### 绕过指纹检测
- | [burp-awesome-tls v1.2.2](https://github.com/sleeyax/burp-awesome-tls) Burp extension to evade TLS fingerprinting. Bypass WAF, spo...
#### IDA
- [AlphaGolang](https://github.com/SentineLabs/AlphaGolang) IDApython Scripts for Analyzing Golang Binaries
- [IDA-Pro-tips](https://github.com/VulnTotal-Team/IDA-Pro-tips) IDA Pro每周小技巧
- [mipsAudit](https://github.com/t3ls/mipsAudit) IDA MIPS静态扫描脚本,汇编审计辅助脚本
- [ida_python_extractCode](https://github.com/hackflame/ida_python_extractCode) ida提取特征码脚本
#### IDEA
##### 代码审计辅助
- [SecurityInspector](https://github.com/SpringKill-team/SecurityInspector)
#### ZoomEye
- [ZoomEye-python v2.2.0](https://github.com/knownsec/ZoomEye-python) ZoomEye-python: The official Python library and CLI by Knowns...
- [Kunyu v1.7.2](https://github.com/knownsec/Kunyu) Kunyu, more efficient corporate asset collection
- [ZoomEye-go v1.5](https://github.com/gyyyy/ZoomEye-go) The Golang SDK and CLI of ZoomEye@Knownsec by gyyyy.
#### arl
- [ARL-plus-docker v3.0.0](https://github.com/ki9mu/ARL-plus-docker) 基于ARL-V2.6.2修改后的版本
- [ARL-Finger-ADD](https://github.com/loecho-sec/ARL-Finger-ADD) 灯塔(最新版)指纹添加脚本!
#### cobaltstrike
- [Cobalt_Strike_wiki](https://github.com/aleenzz/Cobalt_Strike_wiki) Cobalt Strike系列
- [malleable-c2](https://github.com/threatexpress/malleable-c2) Cobalt Strike Malleable C2 Design and Reference Guide
- [taowu-cobalt_strike](https://github.com/pandasec888/taowu-cobalt_strike)
- [CobaltStrike](https://github.com/Getshell/CobaltStrike) CobaltStrike资源大全
- [CVE-2022-39197](https://github.com/its-arun/CVE-2022-39197) CobaltStrike <= 4.7.1 RCE
- [RedWarden](https://github.com/mgeeky/RedWarden) Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scan...
- [SharkExec](https://github.com/F3eev/SharkExec) 内网渗透|红队工具|C#内存加载|cobaltstrike
- [taowu-cobalt-strike](https://github.com/pandasec888/taowu-cobalt-strike)
- [Registry-Recon](https://github.com/optiv/Registry-Recon) Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
- [LSTAR v2.1](https://github.com/lintstar/LSTAR) LSTAR - CobaltStrike 综合后渗透插件
- [CobaltStrike_CNA](https://github.com/yanghaoi/CobaltStrike_CNA) 使用多种WinAPI进行权限维持的CobaltStrike脚本,包含API设置系统服务,设置计划任务,管理用户等。
- [Erebus V1.3.6](https://github.com/DeEpinGh0st/Erebus) CobaltStrike后渗透测试插件
- [CS-Loader](https://github.com/Gality369/CS-Loader) CS免杀
- [Z1-AggressorScripts](https://github.com/z1un/Z1-AggressorScripts) 适用于Cobalt Strike的插件
- [Aggressor_dingding](https://github.com/kingz40o/Aggressor_dingding) cobaltstrike 上线提醒
- [EventLogMaster](https://github.com/QAX-A-Team/EventLogMaster) Cobalt Strike插件 - RDP日志取证&清除
- [csbruter](https://github.com/ryanohoro/csbruter) Cobalt Strike team server password brute force tool
#### fofa
- [fofaEX 3.3.1](https://github.com/10cks/fofaEX) FOFA EX 是一款基于fofa api(也可导入鹰图、夸克文件)实现的红队综合利用工具,可基于模板把工具作为插件进行集成,自动化进行资产...
- [fofax v0.1.47](https://github.com/xiecat/fofax) FOFAX是一个基于fofa.info的API命令行查询工具
- [fofa_viewer 1.1.15](https://github.com/wgpsec/fofa_viewer) A simple FOFA client written in JavaFX. Made by WgpSec, Maintai...
- | [fofa_GUI v2.0.0](https://github.com/20142995/fofa_GUI)
#### frida
- [frida-skeleton v2.0.0](https://github.com/Margular/frida-skeleton) 基于frida的安卓hook框架,提供了很多frida自身不支持的功能,将hook安卓变成简单便捷,人人都会的事情
#### frp
- [frps-onekey v0.60.0](https://github.com/MvsCode/frps-onekey) Frp server one-click configuration script. The script obtains t...
- [frpCracker v0.1](https://github.com/SleepingBag945/frpCracker) 一款golang编写的,批量检测frp server未授权访问、弱token的工具
- [frpModify](https://github.com/uknowsec/frpModify) 修改frp支持域前置与配置文件自删除
#### goby
- [Library-POC](https://github.com/luck-ying/Library-POC) 基于Pocsuite3、goby编写的漏洞poc&exp存档
#### nessus
- [NessusToReport v1.2](https://github.com/Hypdncy/NessusToReport) Nessus扫描报告自动化生成工具
- [CN_Nessus_Plugins_Interface 1](https://github.com/nszy007/CN_Nessus_Plugins_Interface) nessus插件中文查询接口
- [nessus_api](https://github.com/starnightcyber/nessus_api) Nessus REST API 封装
- [docker_nessus_unlimited](https://github.com/xxcdd/docker_nessus_unlimited) docker build nessus with unlimited ip
- [NessusReportInChinese](https://github.com/FunnyKun/NessusReportInChinese) 半自动化将 Nessus 英文报告(csv格式)生成中文 excel ,中文漏洞库已有700多条常见漏洞,后续再进一步加上...
#### nuclei
- [nuclei-plus v7.4.8](https://github.com/Yong-An-Dang/nuclei-plus) Functional enhancement based on nuclei
- [nuclei-templates v10.0.0](https://github.com/projectdiscovery/nuclei-templates) Community curated list of templates for the nuclei engine ...
- [poc](https://github.com/AYcg/poc)
- [NucleiTP](https://github.com/ExpLangcn/NucleiTP) 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC!
- [ultimaste-nuclei-templates](https://github.com/UltimateSec/ultimaste-nuclei-templates) 极致攻防实验室 nuclei 检测 POC
- [kenzer-templates](https://github.com/ARPSyndicate/kenzer-templates) essential templates for kenzer [DEPRECATED]
- [nucleix](https://github.com/mlq574/nucleix) 整合nuclei与xray(社区版、自带高级版),实现被动扫描+poc扫描自动化渗透流程
#### pocassist
- [pocassistdb 1.0.2](https://github.com/jweny/pocassistdb) database of pocassist(漏洞库)
#### pocsuite3
- [ExpToPocsuite3 v1.0](https://github.com/smallfox233/ExpToPocsuite3) goby exp批量转换为pocsuite3 exp脚本
- [Pocsuite3Gui](https://github.com/S2eTo/Pocsuite3Gui) Flask+Vue Gui for Pocsuite3
- [some_pocsuite](https://github.com/hanc00l/some_pocsuite) 用于漏洞排查的pocsuite3验证POC代码
#### rsas
- [nsfocus-rsas-knowledge-base](https://github.com/biggerwing/nsfocus-rsas-knowledge-base) 绿盟科技漏洞扫描器(RSAS)漏洞库
#### volatility
- [tool-for-CTF](https://github.com/ruokeqx/tool-for-CTF) Virtual machine configuration for CTF
#### xray
- | [super-xray 1.7](https://github.com/4ra1n/super-xray) Web漏洞扫描工具XRAY的GUI启动器
- | [Xray_Cracked v1.9.11](https://github.com/NHPT/Xray_Cracked) Update Xray1.9.11 Cracked for Windows,Linux and Mac OS.
- [yarx v0.2.0](https://github.com/zema1/yarx) An awesome reverse engine for xray poc. | 一个自动化根据 xray poc 生成对应靶站的工具
- [xray-poc-generation](https://github.com/phith0n/xray-poc-generation) 🧬 辅助生成 XRay YAML POC
#### 浏览器扩展
- [mitaka v2.2.0](https://github.com/ninoseki/mitaka) A browser extension for OSINT search
- [anti-honeypot](https://github.com/cnrstar/anti-honeypot) 一款可以检测WEB蜜罐并阻断请求的Chrome插件
- [SwitchyOmega v2.5.20](https://github.com/FelisCatus/SwitchyOmega) Manage and switch between multiple proxies quickly & easily.
- [HackTools 0.5.0](https://github.com/LasCC/HackTools) The all-in-one browser extension for offensive security professiona...
- [FindSomething](https://github.com/momosecurity/FindSomething) 基于chrome、firefox插件的被动式信息泄漏检测工具
- [superSearchPlus](https://github.com/dark-kingA/superSearchPlus) superSearchPlus是聚合型信息收集插件,支持综合查询,资产测绘查询,信息收集 敏感信息提取 js资源扫描 目录扫描 vue...
- [Hack-Tools 0.5.0](https://github.com/LasCC/Hack-Tools) The all-in-one Red Team extension for Web Pentester 🛠
- [antiHoneypot 0.7.2](https://github.com/Monyer/antiHoneypot) 一个拦截 XSSI & 识别Web蜜罐的Chrome扩展
- [fofa_view v0.0.5](https://github.com/fofapro/fofa_view) FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera。
- [Zoomeye-Tools](https://github.com/knownsec/Zoomeye-Tools) Zoomeye Tools是配合Zoomeye使用的Chrome插件
- [untrusted-types 1.1.1](https://github.com/filedescriptor/untrusted-types)
- [DamnWebScanner](https://github.com/swisskyrepo/DamnWebScanner) Another web vulnerabilities scanner, this extension works on Chrome ...
### 工具集
- [WebHackersWeapons](https://github.com/hahwul/WebHackersWeapons) ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web ...
- [K8tools](https://github.com/k8gege/K8tools) K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payloa...
- [PLtools](https://github.com/Lucifer1993/PLtools) 整理一些内网常用渗透小工具
- [h4tools H4V3](https://github.com/H4ckBu7eer-EX/h4tools) 一个安卓渗透工具盒子
- 
[Just a moment...](https://www.sqlsec.com/tools.html)
### 工具集成环境
- [commando-vm](https://github.com/mandiant/commando-vm) Complete Mandiant Offensive VM (Commando VM), a fully customizable Wind...
- [f8x 1.6.2](https://github.com/ffffffff0x/f8x) 红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
- [PST-Bucket](https://github.com/arch3rPro/PST-Bucket) Scoop-Buket for Penetration Suite Toolkit - Windows渗透测试工具仓库For Scoop
- [Online_tools 0.7.7](https://github.com/CuriousLearnerDev/Online_tools) 该工具是一个集成了非常多渗透测试工具,类似软件商城的工具可以进行工具下载,工具的更新,工具编写了自动化的安装脚本,不用担心工具跑...
- [Pentest-Windows v2.2](https://github.com/arch3rPro/Pentest-Windows) Windows11 Penetration Suite Toolkit 一个开箱即用的windows渗透测试环境
- [axiom 0.34](https://github.com/pry0cc/axiom) The dynamic infrastructure framework for everybody! Distribute the workl...
- [okfafu-pentestVM-public](https://github.com/mrl64/okfafu-pentestVM-public) okfafu渗透虚拟机公开版
- [ApoalypseSecTools](https://github.com/ApocalypseSec/ApoalypseSecTools) ApoalypseSecTool更新地址
- [GUI_Tools V1.1](https://github.com/ghealer/GUI_Tools) 一个由各种图形化渗透工具组成的工具集
- [FreeGui v2.5](https://github.com/tyB-or/FreeGui) freeGui:基于ttkbootstrap开发的一款用来管理自己的渗透测试工具的一个小工具,并提供一些实用小功能,例如打开目录,运行工具,...
- [PenKitGui](https://github.com/ccc-f/PenKitGui) 渗透测试武器库
- [Taie-RedTeam-OS](https://github.com/taielab/Taie-RedTeam-OS) 泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统
### 渗透工具集合(虚拟机)
- [penetration-suite-toolkit v5.0](https://github.com/makoto56/penetration-suite-toolkit) 本项目制作的初衷是帮助渗透新手快速搭建工作环境,工欲善其事,必先利其器。
- [TranSec transecos1.0](https://github.com/TianWen-Lab/TranSec) Internet of Vehicles Penetration testing OS.车联网渗透测试系统,开箱即用的测试环...
### 知识库
- [Network-security-study-notes](https://github.com/djytmdj/Network-security-study-notes) 主要记录网络安全学习笔记,包含WEB安全、提权、APP渗透、内网渗透、横向移动、红队、工具学习等
- [Awesome-Redteam v1.0](https://github.com/Threekiii/Awesome-Redteam) 一个攻防知识仓库 Red Teaming and Offensive Security
- [Security-operation-book](https://github.com/0x783kb/Security-operation-book) 常见的攻击行为监测特征及方法,涵盖端点和流量,未包含PowerShell和Sysmon。预祝运营生活愉快!
- [1earn](https://github.com/ffffffff0x/1earn) ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
- [Vuln-List](https://github.com/wwl012345/Vuln-List) (持续更新)对网上出现的各种OA、中间件、CMS等漏洞进行整理,主要包括漏洞介绍、漏洞影响版本以及漏洞POC/EXP等,并且会持续更新。
- [SecurityInterviewGuide](https://github.com/FeeiCN/SecurityInterviewGuide) 网络信息安全从业者面试指南
- [Pentools-wiki](https://github.com/ProbiusOfficial/Pentools-wiki) 先是渗透工具合集,其次是wiki,做点不一样的x
- [Intranet_Penetration_Tips](https://github.com/Ridter/Intranet_Penetration_Tips) 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
- [PenetrationTesttips](https://github.com/CYJoe-Cyclone/PenetrationTesttips) 渗透测试Tips - Version1.3
- [CS-checklist v1.0](https://github.com/theLSA/CS-checklist) PC客户端(C-S架构)渗透测试checklist / Client side(C-S) penetration checklist
## 社工
### 信息收集
- [maigret v0.4.4](https://github.com/soxoj/maigret) 🕵️♂️ Collect a dossier on a person by username from thousands of sites
- [osint-scraper](https://github.com/famavott/osint-scraper) Social Recon
- [Mailget](https://github.com/Ridter/Mailget) 通过脉脉用户猜测企业邮箱
- [Sreg](https://github.com/n0tr00t/Sreg) Sreg可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
### 字典生成
- | [CeWL 6.2.1](https://github.com/digininja/CeWL) CeWL is a Custom Word List Generator
- | [UserNameDictTools 用户名密码字典生成工具V0.36](https://github.com/abc123info/UserNameDictTools) 用户名密码字典生成工具(将中文汉字姓名转成14种格式的拼音、IP地址处理、网络设备密码生成)
- [SocialEngineeringDictionaryGenerator](https://github.com/zgjx6/SocialEngineeringDictionaryGenerator) 社会工程学密码生成器,是一个利用个人信息生成密码的工具
- | [anew v0.1.1](https://github.com/tomnomnom/anew) A tool for adding new lines to files, skipping duplicates
### 钓鱼辅助
- [PhishingBook](https://github.com/tib36/PhishingBook) 红蓝对抗:钓鱼演练资源汇总&备忘录
- [USBAirborne v2.1](https://github.com/Push3AX/USBAirborne) An Advanced BadUSB
- [gophish v0.12.1](https://github.com/gophish/gophish) Open-Source Phishing Toolkit
- [EmailSender](https://github.com/A10ha/EmailSender) 钓鱼邮件便捷发送工具(GUI)
- [goblin v0.4.6](https://github.com/xiecat/goblin) 一款适用于红蓝对抗中的仿真钓鱼系统
- [EwoMail v1.15](https://github.com/gyxuehu/EwoMail) EwoMail是基于Linux的企业邮箱服务器,集成了众多优秀稳定的组件,是一个快速部署、简单高效、多语言、安全稳定的邮件解决方案
- [Taie-AutoPhishing](https://github.com/taielab/Taie-AutoPhishing) 剑指钓鱼基建快速部署自动化
## 端口服务服务漏洞
### JDWP
- | [jdwp-codeifier](https://github.com/l3yx/jdwp-codeifier) 基于 jdwp-shellifier 的进阶JDWP漏洞利用脚本(动态执行Java/Js代码并获得回显)
- [jdwp-shellifier](https://github.com/Lz1y/jdwp-shellifier) 修改利用方式为通过对Sleeping的线程发送单步执行事件,达成断点,从而可以直接获取上下文、执行命令,而不用等待断点被击中。
- [jdwp-shellifier](https://github.com/IOActive/jdwp-shellifier)
### RMI
- | [attackRmi v2.0](https://github.com/A-D-Team/attackRmi)
- [rmiscout v1.4](https://github.com/BishopFox/rmiscout) RMIScout uses wordlist and bruteforce strategies to enumerate Java RM...
- [attackRmi v0.1](https://github.com/waderwu/attackRmi) attackRmi
- [BaRMIe v1.01](https://github.com/NickstaDB/BaRMIe) Java RMI enumeration and attack tool.
### rdp
- [CVE-2019-0708](https://github.com/worawit/CVE-2019-0708) CVE-2019-0708 (BlueKeep)
- [CVE-2019-0708](https://github.com/k8gege/CVE-2019-0708) 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
### smtp
- [swaks v20240103.0](https://github.com/jetmore/swaks) Swaks - Swiss Army Knife for SMTP
### ssl
- [sslscan](https://github.com/rbsec/sslscan)
### 数据库利用
#### Oracle
- | [odat 5.1.1](https://github.com/quentinhardy/odat) ODAT: Oracle Database Attacking Tool
- | [oracleShell](https://github.com/jas502n/oracleShell) oracle 数据库命令执行
#### mssql
- | [PySQLTools](https://github.com/Ridter/PySQLTools) Mssql利用工具
- | [SqlKnife_0x727 1.2](https://github.com/0x727/SqlKnife_0x727) 适合在命令行中使用的轻巧的SQL Server数据库安全检测工具
- | [SharpSQLTools 41](https://github.com/uknowsec/SharpSQLTools) SharpSQLTools 和@Rcoil一起写的小工具,可上传下载文件,xp_cmdshell与sp_oacreate执行命令回显...
- [mssqlproxy 0.1](https://github.com/blackarrowsec/mssqlproxy) mssqlproxy is a toolkit aimed to perform lateral movement in restric...
#### postgresql
- | [postgreUtil v1.0](https://github.com/20142995/postgreUtil)
- [postgresql_udf_help](https://github.com/No-Github/postgresql_udf_help) PostgreSQL 提权辅助脚本
#### redis
- | [RedisEXP 0.0.9](https://github.com/yuyan-sec/RedisEXP) Redis 漏洞利用工具
- [RedisModules-ExecuteCommand-for-Windows](https://github.com/0671/RedisModules-ExecuteCommand-for-Windows) 可在Windows下执行系统命令的Redis模块,可用于Redis主从复制攻击。
- [RabR 0.6.2](https://github.com/0671/RabR) Redis-Attack By Replication (通过主从复制攻击Redis)
- | [redis-rogue-server](https://github.com/n0b0dyCN/redis-rogue-server) Redis(<=5.0.5) RCE
- [redis_rce v0.1.0](https://github.com/zyylhn/redis_rce) Redis primary/secondary replication RCE
- [redis-rce](https://github.com/Ridter/redis-rce) Redis 4.x/5.x RCE
- [redis-rogue-server](https://github.com/Dliv3/redis-rogue-server) Redis 4.x/5.x RCE
#### 综合
- | [MDUT-Extend-Release v1.1.0](https://github.com/DeEpinGh0st/MDUT-Extend-Release) MDUT-Extend(扩展版本)
- | [MDUT v2.1.1](https://github.com/SafeGroceryStore/MDUT) MDUT - Multiple Database Utilization Tools
- | [Databasetools 1.2](https://github.com/Hel10-Web/Databasetools) 一款用Go语言编写的数据库自动化提权工具,支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命...
- [PentestDB](https://github.com/safe6Sec/PentestDB) 各种数据库的利用姿势
- | [Sylas beta](https://github.com/Ryze-T/Sylas) 数据库综合利用工具
# 综合
## 环境
### http代理
- 
[品赞HTTP代理-优质代理IP服务,爬虫,数据采集,稳定,高匿,定制IP池,支持http、https、socks5协议,API一键提取](https://xip.ipzan.com/)
### pdf转换
- 
[Smallpdf.com – 您所有PDF问题的免费解决方案](https://smallpdf.com/cn)
- 
[将PDF转换成Excel在线工具 - 免费 - CleverPDF](https://www.cleverpdf.com/cn/pdf-to-excel)
### redis_for_windows
- [redis](https://github.com/tporadowski/redis) Native port of Redis for Windows. Redis is an in-memory database that persist...
- [redis](https://github.com/microsoftarchive/redis) Redis is an in-memory database that persists on disk. The data model is key-v...
# 蓝队
## 信安
### 敏感词
- [anti-AD v4.3](https://github.com/privacy-protection-tools/anti-AD) 致力于成为中文区命中率最高的广告过滤列表,实现精确的广告屏蔽和隐私保护。anti-AD现已支持AdGuardHome,dnsmasq, Su...
- [DangerousSpamWords](https://github.com/adlered/DangerousSpamWords) :notes:超轻量的中文敏感字、敏感词库,字典词典,超低误识别率,另提供API调用
- [sensitive_words](https://github.com/qloog/sensitive_words) 敏感词库整理
## 取证
### USB取证
#### 键盘流量
- | [UsbKbCracker](https://github.com/P001water/UsbKbCracker) CTF中常见键盘流量解密脚本
- | [USBFlow_Soer](https://github.com/y1shiny1shin/USBFlow_Soer)
- | [UsbKeyboardDataHacker](https://github.com/WangYihang/UsbKeyboardDataHacker) USB键盘流量包取证工具 , 用于恢复用户的击键信息
- | [UsbKeyboard_Mouse_Hacker_Gui](https://github.com/Mumuzi7179/UsbKeyboard_Mouse_Hacker_Gui) 自带GUI的一键解鼠标流量/键盘流量小工具
#### 鼠标流量
- | [USB-Mouse-Pcap-Visualizer](https://github.com/WangYihang/USB-Mouse-Pcap-Visualizer) USB mouse traffic packet forensic tool, mainly used to dr...
- | [UsbMiceDataHacker2021](https://github.com/laziok/UsbMiceDataHacker2021) 在WangYiHang代码的基础上,修复不能显示鼠标轨迹的问题。
- [UsbMiceDataHacker](https://github.com/WangYihang/UsbMiceDataHacker) USB鼠标流量包取证工具 , 主要用于绘制鼠标移动以及拖动轨迹
### 内存取证
- | [MemProcFS v5.11](https://github.com/ufrisk/MemProcFS) MemProcFS
- | [volatility3 v2.7.0](https://github.com/volatilityfoundation/volatility3) Volatility 3.0 development
- | [LovelyMem v0.7](https://github.com/Tokeii0/LovelyMem) 基于Memprocfs和Volatility的可视化内存取证工具
- [VolatilityPro](https://github.com/Tokeii0/VolatilityPro) 一款用于自动化处理内存取证的Python脚本,并提供GUI界面
- [community3](https://github.com/volatilityfoundation/community3) Volatility3 plugins developed and maintained by the community
- | [volatility 2.6.1](https://github.com/volatilityfoundation/volatility) An advanced memory forensics framework
- [community](https://github.com/volatilityfoundation/community) Volatility plugins developed and maintained by the community
- [profiles](https://github.com/volatilityfoundation/profiles) Volatility profiles for Linux and Mac OS X
- [LinuxVolProfiles 2.0](https://github.com/KDPryor/LinuxVolProfiles) Volatility Linux Profiles
### 应用程序取证
#### QQ取证
- [qq_msg_decode](https://github.com/saucer-man/qq_msg_decode) 解码qq聊天数据库
#### Wifi
- [WIFIpass](https://github.com/lijiejie/WIFIpass) decrypt all saved WIFI passwords on your PC
#### jenkins
- [jenkins-credentials-decryptor 1.2.2](https://github.com/hoto/jenkins-credentials-decryptor) Command line tool for dumping Jenkins credentials.
#### mysql
- [enumdb 2.1.0](https://github.com/m8sec/enumdb) Relational database brute force and post exploitation tool for MySQL a...
- [undrop-for-innodb](https://github.com/twindb/undrop-for-innodb) TwinDB data recovery toolkit for MySQL/InnoDB
#### vmware vcenter
- | [VcenterKit v0.0.3](https://github.com/W01fh4cker/VcenterKit) Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploita...
- [vhost_password_decrypt](https://github.com/shmilylty/vhost_password_decrypt) vhost password decrypt
#### vmx加密破解
- | [pyvmx-cracker](https://github.com/axcheron/pyvmx-cracker) Simple tool to crack VMware VMX encryption passwords
#### 主机账号
- | [LaZagne v2.4.6](https://github.com/AlessandroZ/LaZagne) Credentials recovery project
- | [mimikatz 2.2.0-20220919](https://github.com/gentilkiwi/mimikatz) A little tool to play with Windows security
- [RegRipper3.0](https://github.com/keydet89/RegRipper3.0) RegRipper3.0
- [Hostinfo 3.0.0](https://github.com/dwagon/Hostinfo) Host Information Database for Unix Sysadmins
- [win-brute-logon](https://github.com/DarkCoderSc/win-brute-logon) Crack any Microsoft Windows users password without any privilege (G...
- [mimipenguin 2.0-release](https://github.com/huntergregal/mimipenguin) A tool to dump the login password from the current linux user
- [goLazagne](https://github.com/kerbyj/goLazagne) Go library for credentials recovery
- [RdpThief_tools](https://github.com/hmoytx/RdpThief_tools) 窃取mstsc中的用户明文凭据
- [mimikatz](https://github.com/ParrotSec/mimikatz)
- [fakelogonscreen 1.1](https://github.com/bitsadmin/fakelogonscreen) Fake Windows logon screen to steal passwords
- [Powershell_fisher](https://github.com/kalivim/Powershell_fisher) 利用powershell收集用户浏览器中保存的密码,桌面办公文件,电脑硬件软件信息。发送到指定邮件
#### 向日葵取证
- | [sundeskQ v1.0](https://github.com/milu001/sundeskQ) 向日葵密码提取、todesk密码提取,ID、临时密码,安全密码读取工具
- [SunloginClient-Password 1.0](https://github.com/0xShe/SunloginClient-Password) 向日葵 密码提取工具
- [Sunflower_get_Password](https://github.com/wafinfo/Sunflower_get_Password) 一款针对向日葵的识别码和验证码提取工具
#### 微信取证
- | [PyWxDump v3.1.33](https://github.com/xaoyaoo/PyWxDump) 获取微信信息;读取数据库,本地查看聊天记录并导出为csv、html等格式用于AI训练,自动回复等。支持多账户信息获取,支持所有微信版本。
- [wechat-backup v1.0.0](https://github.com/greycodee/wechat-backup) 微信聊天记录持久化备份本地硬盘,释放手机存储空间。
- [WeChatMsg v2.0.13](https://github.com/LC044/WeChatMsg) 提取微信聊天记录,将其导出成HTML、Word、Excel文档永久保存,对聊天记录进行分析生成年度聊天报告,用聊天数据训练专属于个...
- | [WechatBakTool v0.9.7.6](https://github.com/SuxueCode/WechatBakTool) 基于C#的微信PC版聊天记录备份工具,提供图形界面,解密微信数据库并导出聊天记录。
- | [chatViewTool BEAT](https://github.com/Ormicron/chatViewTool) 基于Java实现的图形化微信聊天记录解密查看器
- | [Sharp-dumpkey 1](https://github.com/Ormicron/Sharp-dumpkey) 基于C#实现的获取微信数据库密钥的小工具
- [WeChatUserDB](https://github.com/x1hy9/WeChatUserDB) GetWeChat DBPassword&&UserInfo(获取PC数据库密码以及相关微信用户信息支持多系统数据库解密)
- [SharpWxDump](https://github.com/AdminTest0/SharpWxDump) 微信客户端取证,可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录));支持获取多用户信息,不定期更新新版本偏移,目前支...
- | [GoWxDump v1.0.12](https://github.com/SpenserCai/GoWxDump) SharpWxDump的Go语言版。微信客户端取证,获取信息(微信号、手机号、昵称),微信聊天记录分析(Top N聊天的人、统计聊天...
#### 浏览器取证
- | [Pillager AutoBuild](https://github.com/qwqdanchun/Pillager) Pillager是一个适用于后渗透期间的信息收集工具
- | [searchall search3.5.10](https://github.com/Naturehi666/searchall) 强大的敏感信息搜索工具
- | [HackBrowserData v0.4.6](https://github.com/moonD4rk/HackBrowserData) Extract and decrypt browser data, supporting multiple data t...
- [SharpWeb](https://github.com/StarfireLab/SharpWeb) 一个浏览器数据(密码|历史记录|Cookie|书签|下载记录)的导出工具,支持主流浏览器。
- | [hindsight v2023.03](https://github.com/obsidianforensics/hindsight) Web browser forensics for Google Chrome/Chromium
- [HackBrowserDataManual](https://github.com/Z3ratu1/HackBrowserDataManual) Get password/cookie/history from browser and use devtools pro...
- [SharpCookieMonster](https://github.com/riskydissonance/SharpCookieMonster) Extracts cookies from Chrome.
- | [Catch-Browser](https://github.com/SD-XD/Catch-Browser) This is a crawler password tool
- | [360SafeBrowsergetpass v0.1](https://github.com/hayasec/360SafeBrowsergetpass) 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下...
- [chrome_password_grabber](https://github.com/priyankchheda/chrome_password_grabber) Get unencrypted 'Saved Password' from Google Chrome
- [SharpChromium](https://github.com/djhohnstein/SharpChromium) .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, hist...
- | [BrowserGhost 1](https://github.com/QAX-A-Team/BrowserGhost) 这是一个抓取浏览器密码的工具,后续会添加更多功能
- [Browser-cookie-steal](https://github.com/DeEpinGh0st/Browser-cookie-steal) Python script for steal browser cookies
- [SharpWeb v1.2](https://github.com/djhohnstein/SharpWeb) .NET 2.0 CLR project to retrieve saved browser credentials from Googl...
- [browser-dumpwd](https://github.com/wekillpeople/browser-dumpwd) Dump browser passwords(chrome, firefox) with sqlite3 lib.
#### 综合
- | [DecryptTools DecryptToolsV2.4](https://github.com/wafinfo/DecryptTools) DecryptTools-综合解密
- [pandora v1.2.0](https://github.com/efchatz/pandora) A red team tool that assists into extracting/dumping master credenti...
#### 远程软件
- [SharpDPAPI](https://github.com/GhostPack/SharpDPAPI) SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
- | [mRemoteNG-Decryptor](https://github.com/ybdt/mRemoteNG-Decryptor) mRemoteNG自动化解密工具
- [SharpDBeaver](https://github.com/lele8/SharpDBeaver) DBeaver数据库密码解密工具
- [how-does-SecureCRT-encrypt-password](https://github.com/HyperSine/how-does-SecureCRT-encrypt-password) Transferred from https://github.com/DoubleLabyr...
- | [SharpXDecrypt v0.1.4](https://github.com/JDArmy/SharpXDecrypt) Xshell全版本密码恢复工具
- | [navicat_password_decrypt v2.0](https://github.com/Zhuoyuan1/navicat_password_decrypt) 忘记navicat密码时,此工具可以帮您查看密码
- [how-does-navicat-encrypt-password](https://github.com/HyperSine/how-does-navicat-encrypt-password) Transferred from https://github.com/DoubleLabyrin...
- [getIntrInfo](https://github.com/Potato-py/getIntrInfo) 收集内部网信息。包括:浏览器书签、密码和浏览历史记录、cookie。Wifi信息和密码。主机信息。
- | [Xdecrypt](https://github.com/dzxs/Xdecrypt) Xshell Xftp password decrypt
- | [FinalShell-Decoder V1.0](https://github.com/passer-W/FinalShell-Decoder) FinallShell 密码解密GUI工具
- | [SharpDecryptPwd](https://github.com/uknowsec/SharpDecryptPwd) 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP...
- [SharpDecryptPwd](https://github.com/RowTeam/SharpDecryptPwd) SharpDecryptPwd source, To Decrypt Navicat,Xmanager,Filezilla,Foxma...
- [FinalShellDecodePass](https://github.com/jas502n/FinalShellDecodePass) FinalShellDecodePass 加密解密
- | [TeamViewer](https://github.com/wafinfo/TeamViewer) TeamView Get PassWord
- | [MobaXterm-Decryptor](https://github.com/xillwillx/MobaXterm-Decryptor) MobaXterm Decryptor
- [RDODecrypt](https://github.com/Hzllaga/RDODecrypt) Remote Desktop Organizer 密码破解
- [how-does-MobaXterm-encrypt-password](https://github.com/HyperSine/how-does-MobaXterm-encrypt-password) This repo offers a tool to reveal password encr...
- [how-does-Xmanager-encrypt-password](https://github.com/HyperSine/how-does-Xmanager-encrypt-password) This is a repo to tell you how Xmanager (XFtp, X...
- [SharpDecryptPwd](https://github.com/ianxtianxt/SharpDecryptPwd) Windows常用程序密码读取工具:SharpDecryptPwd
- [SessionGopher](https://github.com/Arvanaghi/SessionGopher) SessionGopher is a PowerShell tool that uses WMI to extract saved ses...
- | [winscppasswd 1.0](https://github.com/anoopengineer/winscppasswd) WinSCP Password Extractor/Decrypter/Revealer written in go language
#### 邮件取证
- | [GetMail](https://github.com/b0bac/GetMail) 利用NTLM Hash读取Exchange邮件
### 操作系统取证
#### 华为手机备份解密
- | [kobackupdec](https://github.com/RealityNet/kobackupdec) Huawei backup decryptor
#### 安卓取证
- | [android-backup-extractor latest](https://github.com/nelenkov/android-backup-extractor) Android backup extractor
### 文件取证
#### 压缩包
##### CRC32碰撞
- | [CRC32-Tools 2.3](https://github.com/AabyssZG/CRC32-Tools) Easy CRC32 Tools,so easy!!!
##### ZIP伪加密
- | [ZipCracker](https://github.com/asaotomo/ZipCracker) ZipCracker是一款由Hx0战队开发的高性能多并发破解工具,专为破解密码保护的Zip文件而设计。它采用CRC32碰撞和字典攻击方式猜测Zi...
- | [ZipCenOp v1.0.0](https://github.com/wwxiaoqi/ZipCenOp)
- [ZipCenOp](https://github.com/442048209as/ZipCenOp) ZipCenOp is a Java tool to play with Zip pseudo-encryption.
- [CTFever Toolkit by uniiem](https://c5r.app/tools/pseudo-encrypted-zip-check)
- [CTFever Toolkit by uniiem](https://ctfever.uniiem.com/tools/pseudo-encrypted-zip-check)
##### ZIP明文攻击
- | [bkcrack v1.7.0](https://github.com/kimci86/bkcrack) Crack legacy zip encryption with Biham and Kocher's known plaintext ...
- | [pkcrack](https://github.com/keyunluo/pkcrack) pkcrack with modern building tools
##### ZIP爆破
- | [zip-password-finder v0.9.1](https://github.com/agourlay/zip-password-finder) Find the password of protected ZIP files.
#### 图片
##### png_LSB隐写
- [steganography](https://github.com/7thSamurai/steganography) Simple C++ Image Steganography tool to encrypt and hide files insde i...
- [cloacked-pixel-python3](https://github.com/Grazee/cloacked-pixel-python3) python3 version of cloacked-pixel.
- [stegpy](https://github.com/dhsdshdhk/stegpy) Simple steganography program based on the LSB method.
- [stegpy](https://github.com/izcoser/stegpy) Simple steganography program based on the LSB method.
- | [cloacked-pixel](https://github.com/livz/cloacked-pixel) LSB steganography and detection
##### png_图片分析
- |
[pngcheck Home Page](http://www.libpng.org/pub/png/apps/pngcheck.html)
- |
[TweakPNG](https://entropymine.com/jason/tweakpng/)
##### png_宽高修复
- | [Deformed-Image-Restorer V1.02](https://github.com/AabyssZG/Deformed-Image-Restorer) 自动爆破PNG图片宽高并一键修复工具
##### png_截图漏洞
- | [Acropalypse-Multi-Tool v1.0.0](https://github.com/frankthetank-music/Acropalypse-Multi-Tool) Easily detect and restore Acropalypse vulnerable PNG ...
##### 二维码扫描
- [LoveLy-QRCode-Scanner](https://github.com/Tokeii0/LoveLy-QRCode-Scanner)
##### 光栅图
- [Raster-Terminator](https://github.com/AabyssZG/Raster-Terminator)
##### 其他
- [ImageMagick 7.1.1-38](https://github.com/ImageMagick/ImageMagick) 🧙♂️ ImageMagick 7
- [SecretPixel](https://github.com/x011/SecretPixel) SecretPixel is a cutting-edge steganography tool designed to securely c...
- | [The Gifshuffle Home Page](https://darkside.com.au/gifshuffle)
##### 图片分析
- | [Stegsolve v1.5](https://github.com/souno-io/Stegsolve) Stegsolve 从1.4修复版
##### 图片隐写
- | [cloacked-pixel-python3](https://github.com/Cliffordwr/cloacked-pixel-python3) cloacked-pixel-python3优化版本,带有是否有隐写判断,密码错误判断等
- | [LSB-Steganography](https://github.com/RobinDavid/LSB-Steganography) Python program to steganography files into images using the Least...
- |
[ļ-ĵܹ(Our Secret)v2.5.5.0 ɫ-](http://www.uzzf.com/soft/68820.html)
- 
[www.zasi.org](http://www.zasi.org/DeEgger-Embedder.php)
- [stegdetect](https://github.com/abeluck/stegdetect)
- [jphs](https://github.com/h3xx/jphs)
- [f5-steganography](https://github.com/jackfengji/f5-steganography)
- [jsteg](https://github.com/lukechampine/jsteg)
- |
[Just a moment...](https://pilotfiber.dl.sourceforge.net/project/steghideui)
##### 盲水印
- | [blind_watermark 0.2.1](https://github.com/guofei9987/blind_watermark) Blind&Invisible Watermark ,图片盲水印,提取水印无须原图!
- | [BlindWaterMark](https://github.com/chishaxie/BlindWaterMark) 盲水印 by python
- | [BlindWatermark 1.2](https://github.com/fire-keeper/BlindWatermark) 使用盲水印保护创作者的知识产权using invisible watermark to protect creator's in...
- | [BlindWatermark v0.0.3](https://github.com/ww23/BlindWatermark) Java 盲水印
- | [blind-watermark](https://github.com/linyacool/blind-watermark) Watermark added to the frequency domain by Fourier transform
##### 综合
- | [ImageStrike V0.2](https://github.com/zR00t1/ImageStrike) ImageStrike是一款用于CTF中图片隐写的综合利用工具
- [stegsolve v1.4](https://github.com/Giotino/stegsolve)
- [CTFever Toolkit by uniiem](https://c5r.app/tools/bin-extractor)
#### 视频
##### 截断视频恢复
- [untrunc](https://github.com/anthwlock/untrunc)
#### 音频
- [audacity Audacity-3.6.4](https://github.com/audacity/audacity) Audio Editor
- | [silenteye 0.4.1](https://github.com/TajangSec/silenteye) silenteye-便携版,silenteye-0.4.1-Portable
- | [DeepSound v2.2.2404.04](https://github.com/Jpinsoft/DeepSound) Official DeepSound repository migrated from jpinsoft.net. De...
- [QSSTV](https://github.com/ON4QZ/QSSTV) Receive and transmit images over radio using analog SSTV or digital DRM
- | [DTMF2NUM new](https://github.com/Moxin1044/DTMF2NUM) DTMF2NUM
- | [MP3Steno](https://github.com/MIUIEI/MP3Steno)
- | [dtmf-decoder](https://github.com/ribt/dtmf-decoder) Extract phone numbers from an audio recording of the dial tones.
- |
[MKVToolNix news – Matroska tools for Linux/Unix and Windows](https://mkvtoolnix.download/)
- |
[wbStego Steganography Tool](https://www.bailer.at/wbstego)
- |
[RX-SSTV: Freeware SSTV Software and SSTV Decoder](https://www.qsl.net/on6mu/rxsstv.htm)
### 相关资源
- [XDforensics-wiki](https://github.com/XDforensics-wiki/XDforensics-wiki) XDU forensics wiki
### 磁盘分析
#### 磁盘加解密
- [VeraCrypt](https://github.com/veracrypt/VeraCrypt)
### 网络取证
#### Shiro流量取证
- | [SerializationDumper-Shiro](https://github.com/r00tuser111/SerializationDumper-Shiro) 基于SerializationDumper的Shiro Cookie序列化数据解密小工具
#### cs
- [CS_Decrypt](https://github.com/5ime/CS_Decrypt)
#### tshark辅助
- [tshark_extraction](https://github.com/20142995/tshark_extraction)
#### 冰蝎(Behinder)流量取证
- [webshell_detect](https://github.com/webraybtl/webshell_detect) webshell_detect
- | [DecodeSomeJSPWebshell v1.2](https://github.com/minhangxiaohui/DecodeSomeJSPWebshell) 冰蝎、哥斯拉 jsp webshell通信流量解密器
- [file/releases/download/DecodertoWebshell_1.2.jar](https://github.com/20142995/file/releases/download/DecodertoWebshell_1.2.jar)
#### 哥斯拉(Godzilla)流量取证
- | [Deco_Godzilla v1.0](https://github.com/nocultrue/Deco_Godzilla) 解密哥斯拉所有类型流量
- [webshell_detect](https://github.com/webraybtl/webshell_detect) webshell_detect
## 威胁情报中心
- 
[360安全大脑](https://ti.360.cn/)
- 
[ti.sangfor.com.cn](https://ti.sangfor.com.cn/analysis-platform)
- 
[微博安全应急响应中心](https://wsrc.weibo.com/)
## 安全建设
### APT攻击检测
- [Loki v0.51.0](https://github.com/Neo23x0/Loki) Loki - Simple IOC and YARA Scanner
- [Fenrir](https://github.com/Neo23x0/Fenrir) Simple Bash IOC Scanner
### DevSecOps
- [DongTai/](https://github.com/HXSecurity/DongTai/)
- [veinmind-tools/](https://github.com/chaitin/veinmind-tools/)
- [murphysec/](https://github.com/murphysecurity/murphysec/)
- 
[The next step for LGTM.com: GitHub code scanning! - The GitHub Blog](https://lgtm.com)
- 
[安装灰盒扫描工具 - OpenRASP 官方文档 - 开源自适应安全产品](https://rasp.baidu.com/doc/install/iast.html)
### GitHub监控
- [GSIL](https://github.com/FeeiCN/GSIL) GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
- [code6 1.6.4](https://github.com/4x99/code6) 码小六 - GitHub 代码泄露监控系统
- [Github-Monitor](https://github.com/VKSRC/Github-Monitor) Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
- [Hawkeye](https://github.com/0xbug/Hawkeye) GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
- [x-patrol](https://github.com/MiSecurity/x-patrol) github泄露扫描系统
- [gshark v1.5.0](https://github.com/neal1991/gshark) Scan for sensitive information easily and effectively.
- 
[GitGuardian: Git Security Scanning & Secrets Detection](https://www.gitguardian.com/)
### HIDS
- [whids v1.7.0](https://github.com/0xrawsec/whids) Open Source EDR for Windows
- [MozDef](https://github.com/mozilla/MozDef) DEPRECATED - MozDef: Mozilla Enterprise Defense Platform
- [yulong-hids](https://github.com/ysrc/yulong-hids) [archived] 一款实验性质的主机入侵检测系统
- [AgentSmith-HIDS](https://github.com/DianrongSecurity/AgentSmith-HIDS) By Kprobe technology Open Source Host-based Intrusion Detection Sys...
- 
[Osquery](https://osquery.io/)
- 
[Security Onion Solutions](https://securityonion.net/)
- 
[suricata-ids.org](https://suricata-ids.org)
- 
[MOLOCH Definition & Meaning | Dictionary.com](https://www.dictionary.com/browse/moloch)
- 
[Samhain Labs](https://www.la-samhna.de/)
- 
[OSSEC - World's Most Widely Used Host Intrusion Detection System - HIDS](https://www.ossec.net)
- 
[Snort - Network Intrusion Detection & Prevention System](https://www.snort.org)
### SIEM_SOC
- [w3a_SOC v1.0.15](https://github.com/smarttang/w3a_SOC) 元豚科技 - 基于日志安全分析做切入,做最好用的「云原生安全运维工作台」
- [metron](https://github.com/apache/metron) Apache Metron
- [MozDef](https://github.com/jeffbryner/MozDef) MozDef: The Mozilla Defense Platform
- 
[Home - SIEMonster](https://siemonster.com/)
- 
[Access Denied](https://www.alienvault.com/products/ossim)
- 
[Overview - PRELUDE SIEM - UNITY 360](https://www.prelude-siem.org/)
### WAF
- | [blazehttp v0.3.0](https://github.com/chaitin/blazehttp) BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendl...
- [httpwaf2.0](https://github.com/httpwaf/httpwaf2.0) httpwaf是一款永久免费的web应用防火墙,是最好用的waf。
- [Juggler](https://github.com/C4o/Juggler) A system that may trick hackers. 针对黑客的拟态欺骗系统。
- [x-waf](https://github.com/xsec-lab/x-waf) 适用于中小企业的云waf
- [ngx_lua_waf](https://github.com/loveshell/ngx_lua_waf) ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
- [开源应用运行时自我保护解决方案 - OpenRASP - 百度安全](https://rasp.baidu.com)
### Web应用防火墙
- [safeline v6.9.0](https://github.com/chaitin/safeline) serve as a reverse proxy to protect your web services from attacks ...
- [openstar](https://github.com/starjun/openstar) lua waf,nginx+lua,openresty,luajit,waf+,cdn,nginx
### web靶场
- [ElectricRat v1.3.1](https://github.com/en0th/ElectricRat) 电气鼠靶场系统是一种带有漏洞的Web应用程序,旨在为Web安全渗透测试学习者提供学习和实践的机会。The Electrical ...
- [FastJsonParty](https://github.com/lemono0/FastJsonParty) FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf...
- [Pilot-Web v1.0.1](https://github.com/2740908911/Pilot-Web) Pilot-Web:一款基于PythonFlask框架开发的前后端分离式渗透测试&漏洞挖掘Web靶场,内置WP与知识库的集成式教学靶场。
- [vultrap](https://github.com/liqzz/vultrap) Easy to build a vulnerability trap server . 🦊
- [MemShell](https://github.com/ax1sX/MemShell) MemShell List
- [TerraformGoat 0.0.7](https://github.com/HXSecurity/TerraformGoat) TerraformGoat is HXSecurity research lab's "Vulnerable by Desig...
- [APISandbox](https://github.com/API-Security/APISandbox) Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker...
- [webug4.0](https://github.com/wangai3176/webug4.0) webug4.0
- [SecExample](https://github.com/tangxiaofeng7/SecExample) JAVA 漏洞靶场 (Vulnerability Environment For Java)
- [MCIR](https://github.com/SpiderLabs/MCIR) The Magical Code Injection Rainbow! MCIR is a framework for building configura...
- [bodgeit 1.4.0](https://github.com/psiinon/bodgeit) The BodgeIt Store is a vulnerable web application which is currently ...
- 
[HackMyVM | Anonymous](https://hackmyvm.eu/anon/)
- 
[PentesterLab: Free Web for Pentester Exercise !](https://www.pentesterlab.com/exercises/web_for_pentester/course)
### 主机入侵检测
- [Elkeid rasp-v2.2.4.7-test](https://github.com/bytedance/Elkeid) Elkeid is an open source solution that can meet the secur...
- [Hades](https://github.com/theSecHunter/Hades) Hades is an cross-platform HIDS with kernel-space data collection.
- [cobaltstrike-suricata-rules](https://github.com/ainrm/cobaltstrike-suricata-rules) 17条检测cobaltstrike的suricata-ids规则
### 主机入侵防御
- [wazuh v4.9.0](https://github.com/wazuh/wazuh) Wazuh - The Open Source Security Platform. Unified XDR and SIEM protec...
- [iDefender 4.2.0](https://github.com/wecooperate/iDefender) iDefender(冰盾 - 终端主动防御系统)
### 企业云盘
- [kiftd v1.2.2-release](https://github.com/KOHGYLW/kiftd) sky driver & cloud driver open source server application : kif...
- 
[FileRun - Selfhosted File Sync and Share](https://filerun.com/)
- [filebrowser/releases/latest](https://github.com/filebrowser/filebrowser/releases/latest)
- 
[可道云-私有云存储&协同办公平台_企业网盘_企业云盘_网盘_云盘](https://kodcloud.com/)
- 
[Nextcloud - Open source content collaboration platform](https://nextcloud.com/)
- 
[Product overview: ownCloud file sync and share](https://owncloud.com/products/)
- 
[Seafile - 开源的企业私有网盘 私有云存储软件 企业维基 知识管理](https://www.seafile.com/home/)
### 堡垒机
- [jumpserver v4.2.0](https://github.com/jumpserver/jumpserver) An open-source PAM tool alternative to CyberArk. 广受欢迎的开源堡垒机。
- [jumpserver v4.2.0](https://github.com/jumpserver/jumpserver) An open-source PAM tool alternative to CyberArk. 广受欢迎的开源堡垒机。
- [jxotp](https://github.com/jx-sec/jxotp) 企业SSH登陆双因素认证系统
- [GateOne](https://github.com/liftoff/GateOne) Gate One is an HTML5-powered terminal emulator and SSH client
- [CrazyEye](https://github.com/triaquae/CrazyEye) OpenSource IT Automation Software
- 
[走向成功 - Teleport,高效易用的堡垒机](https://tp4a.com/)
- 
[中远麒麟堡垒机_堡垒机_一键安装支持多云及动态口令数据库审计的堡垒机_官网](https://www.tosec.com.cn/)
### 威胁检测
- [RmEye v0.0.4](https://github.com/RoomaSec/RmEye) 戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
### 安全开发
- [secguide](https://github.com/Tencent/secguide) 面向开发人员梳理的代码安全指南
- [rhizobia_J](https://github.com/momosecurity/rhizobia_J) JAVA安全SDK及编码规范
- [rhizobia_P](https://github.com/momosecurity/rhizobia_P) PHP安全SDK及编码规范
- [bandit/releases/](https://github.com/openstack/bandit/releases/)
### 安全运维
- [theZoo v0.60](https://github.com/ytisf/theZoo) A repository of LIVE malwares for your own joy and pleasure. theZoo is...
- [cuckoo 2.0.6](https://github.com/cuckoosandbox/cuckoo) Cuckoo Sandbox is an automated dynamic malware analysis system
- [open_dnsdb](https://github.com/qunarcorp/open_dnsdb) OpenDnsdb 是去哪儿网OPS团队开源的基于Python语言的DNS管理系统
- [Scout](https://github.com/HandsomeOne/Scout) 可能是东半球最灵活的 URL 监控系统
- 
[Google Code Archive - Long-term storage for Google Code Project Hosting.](https://code.google.com/archive/p/opendlp/)
### 欺骗防御
- [HFish](https://github.com/hacklcx/HFish) 安全、可靠、简单、免费的企业级蜜罐
- [DecoyMini v3.0.9086](https://github.com/decoymini/DecoyMini) 🐝 A highly scalable, safe, free enterprise honeypots 一款高可扩展、安全、...
- [potmanager](https://github.com/handbye/potmanager) 简单蜜罐管理平台
- [conpot Release_0.6.0](https://github.com/mushorg/conpot) ICS/SCADA honeypot
- [Ehoney v3.0.0](https://github.com/seccome/Ehoney) 安全、快捷、高交互、企业级的蜜罐管理系统,护网;支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly intera...
- | [mysql-fake-server 0.0.4](https://github.com/4ra1n/mysql-fake-server) MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见J...
- [CS_fakesubmit](https://github.com/LiAoRJ/CS_fakesubmit) 一个可以伪装上线Cobaltstrike的脚本
- [ide-honeypot](https://github.com/wendell1224/ide-honeypot) 一款针对于IDE的反制蜜罐 IDE-honeypot
- [MysqlT v1.0](https://github.com/BeichenDream/MysqlT) 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
- | [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server) MySQL Fake Server use to help MySQL Client File Reading and JDBC ...
- [MoAn_Honey_Pot_Urls](https://github.com/NS-Sp4ce/MoAn_Honey_Pot_Urls) X安蜜罐用的一些存在JSonp劫持的API
- [WhetherMysqlSham v1.0](https://github.com/BeichenDream/WhetherMysqlSham) 检测目标Mysql数据库是不是蜜罐
- [Juggler](https://github.com/C4o/Juggler) A system that may trick hackers. 针对黑客的拟态欺骗系统。
- [evil-mysql-server](https://github.com/dushixiang/evil-mysql-server)
### 漏洞情报管理平台
- [bug_search v2.1.0](https://github.com/menglike/bug_search) 一款免费开源的漏洞情报系统
### 漏洞管理
- [django-DefectDojo 2.38.3](https://github.com/DefectDojo/django-DefectDojo) DevSecOps, ASPM, Vulnerability Management. All on one pla...
- [xunfeng v0.1.1](https://github.com/ysrc/xunfeng) 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
- [insight](https://github.com/creditease-sec/insight) 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
- [SRCMS](https://github.com/martinzhou2015/SRCMS) SRCMS企业应急响应与缺陷管理系统
- [laravel-src](https://github.com/233sec/laravel-src) 基于 LARAVEL 打造的安全应急响应中心平台
- [SecurityManageFramwork: 企业内网安全管理平台,可用于企业内部的安全管理。 本平台旨在帮助安全人员少,业务线繁杂,周期巡检困难,自动化程度低的甲...](https://gitee.com/gy071089/SecurityManageFramwork)
- [Fuxi-Scanner](https://github.com/jeffzh3ng/Fuxi-Scanner) Penetration Testing Platform
### 演练
#### 勒索
- [CryptSky](https://github.com/deadPix3l/CryptSky) A simple, fully python ransomware PoC
### 相关资源
- [SecurityProduct](https://github.com/birdhan/SecurityProduct) 开源安全产品源码,IDS、IPS、WAF、蜜罐等
- [Security-PPT](https://github.com/FeeiCN/Security-PPT) Security-related Slide Presentation & Security Research Report(大安全各领域各...
- [Safety-Project-Collection](https://github.com/Bypass007/Safety-Project-Collection) 收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。
- [Enterprise-Security-Skill](https://github.com/AnyeDuke/Enterprise-Security-Skill) 用于记录企业安全规划,建设,运营,攻防的相关资源
### 网站监测
- [website-monitor](https://github.com/mangenotwork/website-monitor) 网站监测平台。支持分布式监控与测试web项目,拥有接口测试,压力测试,渗透测试,请求调试功能,内置dns查询,证书查询,Whois查询...
- [tianji](https://github.com/msgbyte/tianji)
### 网络安全大模型
- [secgpt](https://github.com/Clouditera/secgpt) SecGPT网络安全大模型
### 网络流量分析
- [maltrail 0.73](https://github.com/stamparm/maltrail) Malicious traffic detection system
- | [traffic_extraction](https://github.com/20142995/traffic_extraction) 基于tshark的流量提取,支持http流提取、tcp可见字符串提取
- 
[Kismet - Wi-Fi, Bluetooth, RF, and more](https://www.kismetwireless.net/)
- 
[The Zeek Network Security Monitor](https://www.zeek.org)
### 自动化代码审计
- [banruo](https://github.com/yingshang/banruo)
- [Hades](https://github.com/zsdlove/Hades) Static code auditing system
- 
[Find Security Bugs](https://find-sec-bugs.github.io/)
- [cobra v2.0.0-alpha.6](https://github.com/WhaleShark-Team/cobra) Source Code Security Audit (源代码安全审计)
- [VisualCodeGrepper V2.3.2 download | SourceForge.net](https://sourceforge.net/projects/visualcodegrepp/)
### 蜜罐技术
- [cowrie v2.5.0](https://github.com/cowrie/cowrie) Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
- [HFish](https://github.com/hacklcx/HFish) 安全、可靠、简单、免费的企业级蜜罐
- [conpot Release_0.6.0](https://github.com/mushorg/conpot) ICS/SCADA honeypot
- [glastopf 3.1.2](https://github.com/mushorg/glastopf) Web Application Honeypot
- [kippo v0.9](https://github.com/desaster/kippo) Kippo - SSH Honeypot
- | [rogue_mysql_server v1.0.1](https://github.com/rmb122/rogue_mysql_server) A rouge mysql server supports reading files from most mys...
- [opencanary_web](https://github.com/p1r06u3/opencanary_web) The web management platform of honeypot
- [dionaea](https://github.com/DinoTools/dionaea) Home of the dionaea honeypot
- [beeswarm](https://github.com/honeynet/beeswarm) Honeypot deployment made easy
- [wordpot](https://github.com/gbrindisi/wordpot) A Wordpress Honeypot
- [elastichoney](https://github.com/jordan-wright/elastichoney) A Simple Elasticsearch Honeypot
- [tpotce 24.04.0](https://github.com/dtag-dev-sec/tpotce) 🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
- [shockpot](https://github.com/threatstream/shockpot)
### 资产管理
- [OpsManage](https://github.com/bongmu/OpsManage) 自动化运维平台: 代码及应用部署CI/CD、资产管理CMDB、计划任务管理平台、SQL审核|回滚、任务调度
- 
[docs.saltstack.com](https://docs.saltstack.com/en/latest/)
- [AssetsView](https://github.com/Cryin/AssetsView)
- [bk-cmdb release-v3.13.10](https://github.com/Tencent/bk-cmdb) 蓝鲸智云配置平台(BlueKing CMDB)
- 
[Homepage | Ansible Collaborative](https://www.ansible.com/)
### 钓鱼网站系统
- [HFish](https://github.com/hacklcx/HFish) 安全、可靠、简单、免费的企业级蜜罐
- [gophish v0.12.1](https://github.com/gophish/gophish) Open-Source Phishing Toolkit
- [king-phisher v1.15.0](https://github.com/rsmusllp/king-phisher) Phishing Campaign Toolkit
- [mail_fishing](https://github.com/SecurityPaper/mail_fishing) 甲方安全工程师必备,内部钓鱼系统
- [phishing](https://github.com/p1r06u3/phishing) The Security Practices of Party A Phishing
- [blackeye](https://github.com/thelinuxchoice/blackeye)
- 
[www.phishingfrenzy.com](https://www.phishingfrenzy.com/)
### 靶场
#### IOT漏洞
- [IoT-vulhub](https://github.com/firmianay/IoT-vulhub)
#### web基础
- [WebGoat v2023.8](https://github.com/WebGoat/WebGoat) WebGoat is a deliberately insecure application
- [DVWA 2.3](https://github.com/digininja/DVWA) Damn Vulnerable Web Application (DVWA)
- [vulnerable-node](https://github.com/cr0hn/vulnerable-node) A very vulnerable web site written in NodeJS with the purpose of ha...
- [SSRF_Vulnerable_Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab) This Lab contain the sample codes which are vulnerable to Serve...
- [DSVW](https://github.com/stamparm/DSVW) Damn Small Vulnerable Web
- [pikachu](https://github.com/zhuifengshaonianhanlu/pikachu) 一个好玩的Web安全-漏洞测试平台
- [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) Legacy WebGoat 6.0 - Deliberately insecure JavaEE application
#### web基础+部分业务
- [pyhackme](https://github.com/f4cknet/pyhackme)
#### web基础漏洞
- [DoraBox](https://github.com/0verSp4ce/DoraBox) DoraBox - Basic Web Vulnerability Training
- [xxe-lab](https://github.com/c0ny1/xxe-lab) 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
- [WackoPicko](https://github.com/adamdoupe/WackoPicko) WackoPicko is a vulnerable web application used to test web application ...
- [vulstudy](https://github.com/c0ny1/vulstudy) 使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
- [upload-labs 0.1](https://github.com/c0ny1/upload-labs) 一个想帮你总结所有类型的上传漏洞的靶场
- [BWVS](https://github.com/bugku/BWVS) Web漏洞渗透测试靶场
- [ZVulDrill](https://github.com/710leo/ZVulDrill) Web漏洞演练平台
- [sqli-labs](https://github.com/Audi-1/sqli-labs) SQLI labs to test error based, Blind boolean based, Time based.
- [xssed](https://github.com/aj00200/xssed) A set of XSS vulnerable PHP scripts for testing
- 
[dvwa.co.uk](https://dvwa.co.uk/)
#### 应用漏洞
- [vulhub](https://github.com/vulhub/vulhub) Pre-Built Vulnerable Environments Based on Docker-Compose
- [secgen](https://github.com/cliffe/secgen) Create randomly insecure VMs
- [cicd-goat 1.2.7](https://github.com/cider-security-research/cicd-goat) A deliberately vulnerable CI/CD environment. Learn CI/CD security t...
- [vulfocus v0.3.2.11](https://github.com/fofapro/vulfocus) 🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
- [Hello-Java-Sec v1.11](https://github.com/j3ers3/Hello-Java-Sec) ☕️ Java Security,安全编码和代码审计
- [VulApps](https://github.com/Medicean/VulApps) 快速搭建各种漏洞环境(Various vulnerability environment)
- [hackademic](https://github.com/Hackademic/hackademic) the main hackademic code repository
### 风控系统
- [nebula 1.1.2](https://github.com/threathunterX/nebula) "星云"业务风控系统,主工程
- [aswan](https://github.com/momosecurity/aswan) 陌陌风控系统静态规则引擎,零基础简易便捷的配置多种复杂规则,实时高效管控用户异常行为。
- [urule](https://github.com/youseries/urule) URULE是一款基于RETE算法的纯Java规则引擎,提供规则集、决策表、决策树、评分卡,规则流等各种规则表现工具及基于网页的可视化设计器,可快速开发出各...
- [riskcontrol](https://github.com/sunpeak/riskcontrol) 轻量级JAVA实时业务风控系统框架
- [Liudao](https://github.com/ysrc/Liudao) “六道”实时业务风控系统
- [radar: 实时风控引擎(Risk Engine),自定义规则引擎(Rule Script),完美支持中文,适用于反欺诈(Anti-fraud)应用场景,开箱即用!...](https://gitee.com/freshday/radar)
- 
[Drools - Drools - Business Rules Management System (Java™, Open Source)](https://www.drools.org)
## 安全检查
### 基线
- [DependencyCheck v10.0.4](https://github.com/jeremylong/DependencyCheck) OWASP dependency-check is a software composition analysis u...
- [WindowsBaselineAssistant v1.2.3](https://github.com/DeEpinGh0st/WindowsBaselineAssistant) Windows安全基线核查加固助手
- [CAudit](https://github.com/Amulab/CAudit) 集权设施扫描器
- [Shell_Script v0.1](https://github.com/xiaoyunjie/Shell_Script) Linux系统的安全,通过脚本对Linux系统进行一键检测和一键加固
- [daudit](https://github.com/shouc/daudit) 🌲 Configuration flaws detector for Hadoop, MongoDB, MySQL, and more!
## 应急
### Web层面
#### webshell后门
- | [kunwu 0.1.0](https://github.com/kunwu2023/kunwu) kunwu是新一代webshell检测引擎,使用了内置了模糊规则、污点分析模拟执行、机器学习三种高效的检测策略
- | [BlueHound](https://github.com/10000Tigers/BlueHound) BlueHound is a GUI based scanner program for hunting threats on host.It s...
- [java-memshell-scanner](https://github.com/c0ny1/java-memshell-scanner) 通过jsp脚本扫描java web Filter/Servlet型内存马
- [as_scanwebshell](https://github.com/virink/as_scanwebshell) An AntSword's plugin to scan webshell
- [findWebshell](https://github.com/he1m4n6a/findWebshell) findWebshell是一款基于python开发的webshell检测工具。
- [BackdoorMan](https://github.com/cys3c/BackdoorMan) BackdoorMan is a toolkit that helps you find malicious, hidden and susp...
- [Webshell_finder](https://github.com/chiruom/Webshell_finder) 网站木马检测
- [webshell-find-tools](https://github.com/mornone/webshell-find-tools) 分析web访问日志以及web目录文件属性,用于根据查找可疑后门文件的相关脚本。
- 
[Web Shell Detector](http://www.shelldetector.com/)
- |
[www.d99net.net](https://www.d99net.net)
- 
[SHELLPUB.COM](https://www.shellpub.com/)
#### 内存马查杀
- | [arthas arthas-all-4.0.1](https://github.com/alibaba/arthas) Alibaba Java Diagnostic Tool Arthas/Alibaba Java诊断利器Arthas
- [aLIEz](https://github.com/r00t4dm/aLIEz) 杀内存马的工具,欢迎code review,提出更好的意见
- [shell-analyzer 0.1](https://github.com/4ra1n/shell-analyzer) 已集成到 jar-analyzer 中 https://github.com/jar-analyzer/jar-analyzer
- [tomcat_memshell_scanner0.2](https://github.com/zzhorc/tomcat_memshell_scanner0.2) tomcat的servlet、filter、listener内存马查杀工具
- [ASP.NET-Memshell-Scanner](https://github.com/yzddmr6/ASP.NET-Memshell-Scanner) asp.net内存马检测工具
- [DuckMemoryScan](https://github.com/huoji120/DuckMemoryScan) 检测绝大部分所谓的内存免杀马
- | [BlueHound](https://github.com/10000Tigers/BlueHound) BlueHound is a GUI based scanner program for hunting threats on host.It s...
- [copagent](https://github.com/LandGrey/copagent) java memory web shell extracting tool
#### 在线webshell查杀
- 
[在线webshell查杀 - 在线工具](http://tools.bugscaner.com/killwebshell/)
- 
[SHELLPUB.COM在线查杀](https://n.shellpub.com/)
- [Dܷǽ](https://www.d99net.net/)
### 威胁情报
#### IP分析
- [tig v0.5.4](https://github.com/wgpsec/tig) Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
- [ARTIF 1.0](https://github.com/CRED-CLUB/ARTIF) An advanced real time threat intelligence framework to identify threats a...
#### 暗网监测
- [DarkNet_ChineseTrading](https://github.com/s045pd/DarkNet_ChineseTrading) 🚇暗网中文网监控爬虫(DEEPMIX)
#### 钓鱼监测
- [phishing_catcher](https://github.com/x0rz/phishing_catcher) Phishing catcher using Certstream
### 应用日志分析
- [OSTE-Web-Log-Analyzer](https://github.com/OSTEsayed/OSTE-Web-Log-Analyzer) OSTE WLA automate the process of analyzing web server logs wi...
- [ARTLAS](https://github.com/mthbernardes/ARTLAS) Apache Real Time Logs Analyzer System
### 样本
- [MalwareSourceCode](https://github.com/vxunderground/MalwareSourceCode) Collection of malware source code for a variety of platforms in a...
### 相关资源
- [Windows-INCIDENT-RESPONSE-COOKBOOK v1.2](https://github.com/Just-Hack-For-Fun/Windows-INCIDENT-RESPONSE-COOKBOOK) Windows 应急响应手册
- [Emergency-response-toolset](https://github.com/Xuno1/Emergency-response-toolset) 猫鼠信安应急响应工具包
- [Emergency-response-notes](https://github.com/wpsec/Emergency-response-notes) Linux/Windows/应急响应个人笔记
- | [Emergency-Response-Notes](https://github.com/Bypass007/Emergency-Response-Notes) 应急响应实战笔记,一个安全工程师的自我修养。
- [emergency-response-checklist 1.0](https://github.com/theLSA/emergency-response-checklist) 应急响应指南 / emergency response checklist
### 系统层面
#### DLL劫持
- [DLLSpy V1](https://github.com/cyberark/DLLSpy) DLL Hijacking Detection Tool
#### Linux应急工具
- [yingji](https://github.com/tide-emergency/yingji) 应急相关内容积累
- [Whoamifuck v6.3.0](https://github.com/enomothem/Whoamifuck) 用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。
- [malwoverview v6.0.0](https://github.com/alexandreborges/malwoverview) Malwoverview is a first response tool used for threat hunting a...
- [Ashro_linux](https://github.com/Ashro-one/Ashro_linux) Linux通用应急响应脚本,适用大多数情况
- [LinuxCheck V3.0](https://github.com/al0ne/LinuxCheck) Linux应急处置/信息搜集/漏洞检测工具,支持基础配置/网络流量/任务计划/环境变量/用户信息/Services/bash/恶意文件...
- [whohk v1.1](https://github.com/wgpsec/whohk) whohk,linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况,有的时候还需要做一些格式处...
- [uroboros](https://github.com/evilsocket/uroboros) A GNU/Linux monitoring and profiling tool focused on single processes.
- [GScan](https://github.com/grayddq/GScan) 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
- [Emergency](https://github.com/P4ck/Emergency) 应急响应脚本
- 
[The Rootkit Hunter project](http://rkhunter.sourceforge.net/)
- [whohk v1.1](https://github.com/heikanet/whohk) whohk,linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况,有的时候还需要做一些格式处...
- [The Rootkit Hunter project](https://rkhunter.sourceforge.net/)
#### Windows应急工具
##### windows日志分析
- [APT-Hunter V3.3](https://github.com/ahmedkhlief/APT-Hunter) APT-Hunter is Threat Hunting tool for windows event logs which made...
- | [Windows_Log WinLog_Check_V3.2](https://github.com/Fheidt12/Windows_Log) 基于Go编写的windows日志分析工具
- [WatchAD2.0](https://github.com/Qihoo360/WatchAD2.0) WatchAD2.0是一款针对域威胁的日志分析与监控系统
- [WELA v1.0.0](https://github.com/Yamato-Security/WELA) WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Eve...
- | [windodws-logs-analysis](https://github.com/dogadmin/windodws-logs-analysis) windows日志一键分析小工具
- 
[Download Log Parser 2.2 from Official Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=24659)
- 
[FullEventLogView - Event Log Viewer for Windows 11 / 10 / 8 / 7 / Vista](https://www.nirsoft.net/utils/full_event_log_view.html)
##### 信息采集
- | [Windows_Memory_Search V1.1](https://github.com/Fheidt12/Windows_Memory_Search) 基于Go开发检索windows进程字符串工具
- [dfirtriage 6.0](https://github.com/travisfoley/dfirtriage) Digital forensic acquisition tool for Windows based incident response.
- [winlog](https://github.com/i11us0ry/winlog) 一款基于go的windows信息收集工具,主要收集目标机器rdp端口、mstsc远程连接记录、mstsc密码和安全事件中4624、4625登录事件记录
- [FireKylin v1.4.0](https://github.com/MountCloud/FireKylin) 🔥火麒麟-网络安全应急响应工具(系统痕迹采集)Cybersecurity emergency response tool.👍👍👍
- [sysmon-config](https://github.com/SwiftOnSecurity/sysmon-config) Sysmon configuration file template with default high-quality event tr...
##### 其他
- 
[Sysinternals 实用工具 - Sysinternals | Microsoft Learn](https://docs.microsoft.com/zh-cn/sysinternals/downloads/)
##### 内核小工具
- [YDArk](https://github.com/ClownQq/YDArk) X64内核小工具
##### 异常检测
- [RmTools](https://github.com/RoomaSec/RmTools) 蓝队应急工具
##### 综合
- | [d-eyes v1.3.0](https://github.com/m-sec-org/d-eyes) D-Eyes为M-SEC社区一款检测与响应工具
- | [FindAll v1.4.0](https://github.com/FindAllTeam/FindAll) Automated analysis of network security emergency response tools.(自动化...
- [YingJiXiangYing](https://github.com/reto18052015/YingJiXiangYing) 应急响应
##### 进程监控
- 
[Overview - Process Hacker](https://processhacker.sourceforge.io/)
#### 勒索病毒在线分析
- 
[深信服EDR](https://edr.sangfor.com.cn/#/information/ransom_search)
- 
[勒索病毒拦截|文件恢复_文档守护者保护文档安全 - 腾讯电脑管家](https://guanjia.qq.com/pr/ls/)
- 
[VenusEye勒索病毒搜索引擎](https://lesuo.venuseye.com.cn/)
- 
[安全卫士勒索病毒专题:文件恢复_安全卫士离线救灾版_文档卫士](https://lesuobingdu.360.cn/)
- 
[勒索病毒搜索](https://lesuobingdu.qianxin.com/)
#### 勒索软件
##### 解密工具
- [Decryption-Tools](https://github.com/jiansiting/Decryption-Tools) Decryption-Tools
#### 在线病毒分析
- 
[ScanVir - 云鉴定网 - 威胁情报|云扫描|多引擎在线杀毒|可疑文件分析](http://www.scanvir.com/)
- 
[360沙箱云](https://ata.360.net/)
#### 病毒在线分析
- 
[腾讯哈勃分析系统](https://habo.qq.com/)
### 综合
#### 分析辅助
- | [BlueTeamTools v1.21](https://github.com/abc123info/BlueTeamTools) 蓝队分析研判工具箱,功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密S...
- | [PotatoTool ReleaseV1.3](https://github.com/HotBoy-java/PotatoTool) 这款工具是一款功能强大的网络安全综合工具,旨在为安全从业者、红蓝对抗人员和网络安全爱好者提供全面的网络安全解决方案。它集...
- 
[Webshell 流量在线解密](https://potato.gold/navbar/tool/webshellDecrypt/index.php)
### 网络层面
#### IP信息
- [china-operator-ip](https://github.com/gaoyifan/china-operator-ip) 中国运营商IPv4/IPv6地址库-每日更新
- [SelfIPAdressQuery 0.3](https://github.com/outmansec/SelfIPAdressQuery) 一款基于javafx的自有IP地址查询工具(适用于重保、蓝队、攻防演习等场景)
- [GeoIP2-CN](https://github.com/Hackl0us/GeoIP2-CN) 小巧精悍、准确、实用 GeoIP2 数据库
## 应急响应中心
- 
[DHSRC 安全应急响应中心](http://dhsrc.dhgate.com/)
- 
[滴滴出行安全应急响应中心](http://sec.didichuxing.com/)
- 
[途牛安全应急响应中心](http://sec.tuniu.com/)
- 
[东方财富安全应急响应中心](http://security.eastmoney.com/)
- 
[千米安全应急响应中心](http://security.qianmi.com/)
- 
[安全狗漏洞响应中心_首页](http://security.safedog.cn/index.html)
- 
[首页](http://security.wanmei.com/)
- 
[网易安全中心](https://aq.163.com/)
- 
[ASRC](https://asrc.alibaba.com/#/)
- 
[补天-漏洞_安全|系统漏洞_IoT|APP漏洞_移动|工控漏洞](https://beisen.butian.net/)
- 
[百度安全应急响应中心](https://bsrc.baidu.com/views/main/index.html#home)
- 
[华为安全奖励计划](https://bugbounty.huawei.com/#/home)
- 
[补天 - 企业和白帽子共赢的漏洞响应平台,帮助企业建立SRC](https://dida.butian.net/)
- 
[漏洞盒子 | 丁香园安全应急响应中心(DXYSRC)](https://dxysrc.vulbox.com/)
- 
[404 Not Found](https://fsrc.fuiou.com/home/index.html)
- 
[平安安全应急响应中心](https://isrc.pingan.com/homePage/index)
- 
[火线](https://keep.huoxian.cn/)
- 
[漏洞盒子 | 金山云安全应急响应中心(KYSRC)](https://kysrc.vulbox.com/)
- 
[货拉拉安全应急响应中心](https://llsrc.huolala.cn/#/home)
- 
[漏洞盒子 | 联想集团安全应急响应中心](https://lsrc.vulbox.com/)
- 
[漏洞盒子 | 乐信集团安全应急响应中心](https://lxsrc.vulbox.com/)
- 
[火线](https://megvii.huoxian.cn/)
- 
[安全应急响应中心](https://niosrc.bugbank.cn/)
- 
[补天-漏洞_安全|系统漏洞_IoT|APP漏洞_移动|工控漏洞](https://pep.butian.net/)
- 
[补天-漏洞_安全|系统漏洞_IoT|APP漏洞_移动|工控漏洞](https://qianxin.butian.net/)
- 
[漏洞盒子 | 轻松筹安全应急响应中心(QSSRC)](https://qssrc.vulbox.com/)
- 
[菜鸟安全应急响应中心](https://sec.cainiao.com/)
- 
[携程安全应急响应中心](https://sec.ctrip.com/)
- 
[法大大安全应急响应中心](https://sec.fadada.com)
- 
[华住安全响应中心 | Huazhu Security Response Center](https://sec.huazhu.com/)
- 
[首页 | 同程旅行安全应急响应中心](https://sec.ly.com/)
- 
[魅族安全中心](https://sec.meizu.com/)
- 
[访问被拦截!](https://sec.vip.com/)
- 
[挖财安全应急响应中心](https://sec.wacai.com/)
- 
[WiFi万能钥匙安全应急响应中心](https://sec.wifi.com/)
- 
[小米安全中心](https://sec.xiaomi.com/)
- 
[猪八戒网安全响应中心](https://sec.zbj.com/)
- 
[中通安全应急响应中心(ZSRC)](https://sec.zto.com/home)
- 
[403 Forbidden](https://security.17zuoye.com/)
- 
[360安全应急响应中心](https://security.360.cn/)
- 
[58安全应急响应中心](https://security.58.com/)
- 
[security.alibaba.com](https://security.alibaba.com/)
- 
[ϼŰȫӦӦĹ - AntSRC - ϼŰȫӦ,֧ȫӦ,Ͱ©,֧©,ϼ©,©,֥©,ڱ©,©,ϲƸ©,֧鱨,Ͱ鱨,©,֥©,ڱ©,©,ϲƸ©,Ͱ©,֧©,ϼ©,֧鱨,Ͱ鱨](https://security.alipay.com/)
- 
[Bounty - Apple Security Research](https://security.apple.com/bounty/)
- 
[哔哩哔哩安全应急响应中心](https://security.bilibili.com/)
- 
[字节跳动安全中心](https://security.bytedance.com/)
- 
[宜信安全应急响应中心](https://security.creditease.cn/)
- 
[安全众测平台](https://security.dbappsecurity.com.cn/)
- 
[DJI Security Response Center](https://security.dji.com/)
- 
[斗鱼安全应急响应中心 - DYSRC](https://security.douyu.com/)
- 
[Vue App](https://security.duxiaoman.com/index.html#/main)
- 
[焦点安全应急响应中心](https://security.focuschina.com/)
- 
[security.guazi.com](https://security.guazi.com/)
- 
[荣耀安全应急响应中心-荣耀安全奖励计划](https://security.hihonor.com/src/#/)
- 
[讯飞安全响应中心](https://security.iflytek.com/)
- 
[陌陌安全应急响应中心](https://security.immomo.com/)
- 
[合合安全应急响应中心 ISRC](https://security.intsig.com/)
- 
[爱奇艺安全应急响应中心](https://security.iqiyi.com/)
- 
[京东安全应急响应中心](https://security.jd.com/#/)
- 
[ȫӦӦ](https://security.jj.cn/)
- 
[首页 | 看云安全应急响应中心](https://security.kanyun.com/)
- 
[贝壳安全应急响应中心](https://security.ke.com/)
- 
[首页 | 快看安全应急响应中心](https://security.kuaikanmanhua.com/)
- 
[快手安全应急响应中心](https://security.kuaishou.com/)
- 
[首页 | 酷狗安全应急响应中心](https://security.kugou.com/)
- 
[猎聘安全应急响应中心](https://security.liepin.com/)
- 
[理想安全应急响应中心](https://security.lixiang.com/index)
- 
[马蜂窝安全应急响应中心](https://security.mafengwo.cn/)
- 
[首页 | 麦当劳中国安全应急响应中心](https://security.mcd.cn/)
- 
[美团安全应急响应中心](https://security.meituan.com/#/home)
- 
[美丽联合集团安全应急响应中心](https://security.mogu.com)
- 
[OPPO 安全中心](https://security.oppo.com/cn/)
- 
[首页 | 贝锐安全应急响应中心](https://security.oray.com/)
- 
[平安安全应急响应中心](https://security.pingan.com/)
- 
[融360安全应急响应中心](https://security.rong360.com/#/)
- 
[深信服](https://security.sangfor.com.cn/)
- 
[水滴安全应急响应中心](https://security.shuidihuzhu.com/)
- 
[首页 | Soul安全应急响应中心](https://security.soulapp.cn/)
- 
[安全应急响应中心](https://security.suning.com/ssrc-web/index.jsp)
- 
[访问被拦截!](https://security.t3go.cn/#/home)
- 
[腾讯安全应急响应中心](https://security.tencent.com/)
- 
[首页 | 途虎安全应急响应中心](https://security.tuhu.cn/)
- 
[银联安全应急响应中心(USRC)](https://security.unionpay.com/)
- 
[502 Bad Gateway](https://security.vipkid.com.cn/)
- 
[vivo 安全应急响应平台](https://security.vivo.com.cn/)
- 
[微众银行安全响应中心](https://security.webank.com/)
- 
[金山办公安全应急响应中心](https://security.wps.cn/)
- 
[首页 | 小赢安全应急响应中心](https://security.xiaoying.com/)
- 
[喜马拉雅安全应急响应中心](https://security.ximalaya.com/)
- 
[迅雷安全应急响应中心](https://security.xunlei.com/)
- 
[掌门教育安全应急响应中心](https://security.zhangmen.com/)
- 
[众安安全应急响应中心](https://security.zhongan.com/#/)
- 
[知识星球安全应急响应中心](https://security.zsxq.com/)
- 
[403 Forbidden](https://securitytcjf.com/)
- 
[顺丰安全应急响应中心](https://sfsrc.sf-express.com/)
- 
[好未来安全应急响应中心](https://src.100tal.com/)
- 
[上上签 - 安全应急响应中心](https://src.bestsign.cn/)
- 
[东航网络安全应急响应中心(MUSRC)](https://src.ceair.com/)
- 
[首页 | 多点安全应急响应中心](https://src.dmall.com/)
- 
[首页 | 哈啰出行安全应急响应中心](https://src.hellobike.com/index.php)
- 
[TCL SRC Beta V1.30](https://src.tcl.com/zh/index)
- 
[天融信安全漏洞响应中心](https://src.topsec.com.cn/)
- 
[首页 | UCloud安全应急响应中心](https://src.ucloud.cn/)
- 
[USRC](https://src.uniontech.com/)
- 
[首页 | 有赞安全应急响应中心](https://src.youzan.com/)
- 
[首页 | 智联招聘安全应急响应中心](https://src.zhaopin.com/)
- 
[BOSS直聘安全应急响应中心](https://src.zhipin.com/)
- 
[漏洞盒子 | 同盾安全应急响应中心](https://tdsrc.vulbox.com/)
- 
[漏洞盒子 | 泛微安全应急响应中心(WEAVERSRC)](https://weaversrc.vulbox.com/)
- 
[安全应急响应中心 - 服务支持 - 海康威视 Hikvision](https://www.hikvision.com/cn/support/CybersecurityCenter/)
- 
[首页](https://www.niwodai.com/sec/index.do)
- 
[知道创宇 Seebug 漏洞平台 - 洞悉漏洞,让你掌握前沿漏洞情报!](https://www.seebug.org/)
- 
[ysrc.ys7.com](https://ysrc.ys7.com/#/home)
- 
[首页 | 自如安全应急响应中心](https://zrsecurity.ziroom.com/)
## 相关资源
- [RedTeam_BlueTeam_HW](https://github.com/Mr-xn/RedTeam_BlueTeam_HW) 红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
- [BountyHunterInChina](https://github.com/J0o1ey/BountyHunterInChina) 重生之我在安全行业讨口子系列,分享在安全行业讨口子过程中,SRC、项目实战的有趣案例
- [Sec-Interview-4-2023](https://github.com/vvmdx/Sec-Interview-4-2023) 一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
- [Blue-Team-Notes](https://github.com/Purp1eW0lf/Blue-Team-Notes) You didn't think I'd go and leave the blue team out, right?
# 逆向
## cookie加密
### 瑞数
- [Botgate_bypass](https://github.com/R0A1NG/Botgate_bypass) 绕过瑞数waf的动态验证机制,实现请求包重放,理论支持不同网站环境使用,如网页、小程序、APP等。
- [riverPass](https://github.com/wjlin0/riverPass)
## js逆向
### OB解混淆
- 
[解混淆测试版](https://tool.yuanrenxue.cn/decode_obfuscator)
### RPC
- [JsRpc v1.071](https://github.com/jxhczhl/JsRpc) 远程调用(rpc)浏览器方法,免去抠代码补环境
- [sekiro-open v3.20240311](https://github.com/yint-tech/sekiro-open) SEKIRO is a multi-language, distributed, network topology-i...
### cookie hook
- [js-cookie-monitor-debugger-hook v0.11](https://github.com/JSREI/js-cookie-monitor-debugger-hook) js cookie逆向利器:js cookie变动监控可视化工具 & js cookie ...
### webpack
- 
[渔滒 / webpack_ast · GitCode](https://gitcode.net/zjq592767809/webpack_ast)
### 验证码
#### 极验
- [Geetest-AST-](https://github.com/daisixuan/Geetest-AST-) 一键反混淆所有版本的极验混淆JS
- [JiYanSlide4](https://github.com/nmsdss/JiYanSlide4) 四代极验滑块
- [JiYan-Geetest](https://github.com/nmsdss/JiYan-Geetest) 极验一键通过模式与滑动模式-float JS逆向破解
## win逆向
### 文件分析
- | [OpenArk v1.3.6](https://github.com/BlackINT3/OpenArk) The Next Generation of Anti-Rookit(ARK) tool for Windows.
## 安卓逆向
### 综合分析
- | [ApkToolPlus](https://github.com/CYRUS-STUDIO/ApkToolPlus) ApkToolPlus 是一个 apk 逆向分析工具(a apk analysis tools)。
- |
[爱盘 - 最新的在线破解工具包](https://down.52pojie.cn/Tools/Android_Tools)
## 微信小程序逆向
### 反编译
- | [CrackMinApp](https://github.com/Cherrison/CrackMinApp) (反编译微信小程序)一键获取微信小程序源码(傻瓜式操作), 使用了C#加nodejs制作