https://github.com/hackstoic/hacker-tools-projects
https://github.com/hackstoic/hacker-tools-projects
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/hackstoic/hacker-tools-projects
- Owner: hackstoic
- Created: 2016-10-22T17:32:13.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2017-02-27T06:05:32.000Z (over 9 years ago)
- Last Synced: 2025-09-11T22:45:26.638Z (9 months ago)
- Size: 10.7 KB
- Stars: 74
- Watchers: 4
- Forks: 33
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
---
title: 黑客工具大搜罗
---
各种好玩的安全攻防工具。
# 安全工具(go语言)
|序号|名称|项目地址|简介|
| ----- | ----- | ----- | ----- |
| 1 | gomitmproxy | https://github.com/sheepbao/gomitmproxy | GomitmProxy是想用golang语言实现的mitmproxy,主要实现http代理,目前实现了http代理和https抓包功能。 |
| 2 | Hyperfox | http://github.com/xiam/hyperfox | Hyperfox 是一个安全的工具用来代理和记录局域网中的 HTTP 和 HTTPS 通讯。 |
| 3 | Gryffin | http://github.com/yahoo/gryffin | Gryffin 是雅虎开发的一个大规模 Web 安全扫描平台。它不是另外一个扫描器,其主要目的是为了解决两个特定的问题 —— 覆盖率和伸缩性。 |
| 4 | ngrok | http://github.com/inconshreveable/ngrok | ngrok 是一个反向代理,通过在公共的端点和本地运行的 Web 服务器之间建立一个安全的通道。ngrok 可捕获和分析所有通道上的流量,便于后期分析和重放。|
# 安全工具(c语言)
|序号|名称|项目地址|简介|
| ----- | ----- | ----- | ----- |
| 1 | Cknife | https://github.com/Chora10/Cknife | 俗称“中国菜刀”, 一个渗透测试软件 |
| 2 | mimikatz | https://github.com/gentilkiwi/mimikatz | windows渗透工具, 可用于提权操作, 破解管理员密码等 |
# 安全工具(python语言)
|序号|名称|项目地址|简介|
| ----- | ----- | ----- | ----- |
| 1| mitmproxy | https://github.com/mitmproxy/mitmproxy | 中间人攻击工具 |
# 安全工具(ruby语言)
|序号|名称|项目地址|简介|
| ----- | ----- | ----- | ----- |
| 1| PhishLulz | https://github.com/antisnatchor/phishlulz | 高级自动化钓鱼框架, 只需要10分钟就能搭建起钓鱼环境,进行精确的钓鱼攻击。 |
# 杂
|序号|名称|项目地址|简介|
| ----- | ----- | ----- | ----- |
| 1 | hacker-scripts | https://github.com/NARKOZ/hacker-scripts | 一些无厘头的职场自动化脚本,自动处理和回复一些无聊的事情 |
| 2 | VulApps | https://github.com/Medicean/VulApps | 快速搭建各种漏洞环境(Various vulnerability environment) https://hub.docker.com/r/medicean/vulapps/ 收集各种漏洞环境,为方便使用,统一采用 Dockerfile 形式。 |
| 3 | openftp4 |https://github.com/massivedynamic/openftp4| 可以匿名登陆的ftp清单 |
--------
作者:天谕
链接:https://zhuanlan.zhihu.com/p/21380662
来源:知乎
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
- - - - ---
漏洞及渗透练习平台:
WebGoat漏洞练习环境
https://github.com/WebGoat/WebGoat
https://github.com/WebGoat/WebGoat-Legacy
Damn Vulnerable Web Application(漏洞练习平台)
https://github.com/RandomStorm/DVWA
数据库注入练习平台
https://github.com/Audi-1/sqli-labs
用node编写的漏洞练习平台,like OWASP Node Goat
https://github.com/cr0hn/vulnerable-node
花式扫描器 :
端口扫描器Nmap
https://github.com/nmap/nmap
本地网络扫描器
https://github.com/SkyLined/LocalNetworkScanner
子域名扫描器
https://github.com/lijiejie/subDomainsBrute
漏洞路由扫描器
https://github.com/jh00nbr/Routerhunter-2.0
迷你批量信息泄漏扫描脚本
https://github.com/lijiejie/BBScan
Waf类型检测工具
https://github.com/EnableSecurity/wafw00f
信息搜集工具 :
社工插件,可查找以email、phone、username的注册的所有网站账号信息
https://github.com/n0tr00t/Sreg
Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信息
https://github.com/sea-god/gitscan
github Repo信息搜集工具
https://github.com/metac0rtex/GitHarvester
WEB:
webshell大合集
https://github.com/tennc/webshell
渗透以及web攻击脚本
https://github.com/brianwrf/hackUtils
web渗透小工具大合集
https://github.com/rootphantomer/hack_tools_for_me
XSS数据接收平台
https://github.com/firesunCN/BlueLotus_XSSReceiver
XSS与CSRF工具
https://github.com/evilcos/xssor
Short for command injection exploiter,web向命令注入检测工具
https://github.com/stasinopoulos/commix
数据库注入工具
https://github.com/sqlmapproject/sqlmap
Web代理,通过加载sqlmap api进行sqli实时检测
https://github.com/zt2/sqli-hunter
新版中国菜刀
https://github.com/Chora10/Cknife
.git泄露利用EXP
https://github.com/lijiejie/GitHack
浏览器攻击框架
https://github.com/beefproject/beef
自动化绕过WAF脚本
https://github.com/khalilbijjou/WAFNinja
http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl)
https://github.com/jkbrzt/httpie
浏览器调试利器
https://github.com/firebug/firebug
一款开源WAF
https://github.com/SpiderLabs/ModSecurity
windows域渗透工具:
windows渗透神器
https://github.com/gentilkiwi/mimikatz
Powershell渗透库合集
https://github.com/PowerShellMafia/PowerSploit
Powershell tools合集
https://github.com/clymb3r/PowerShell
Fuzz:
Web向Fuzz工具
https://github.com/xmendez/wfuzz
HTTP暴力破解,撞库攻击脚本
https://github.com/lijiejie/htpwdScan
漏洞利用及攻击框架:
msf
https://github.com/rapid7/metasploit-framework
Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等
https://github.com/erevus-cn/pocscan
Pocsuite
https://github.com/knownsec/Pocsuite
Beebeeto
https://github.com/n0tr00t/Beebeeto-framework
漏洞POC&EXP:
ExploitDB官方git版本
https://github.com/offensive-security/exploit-database
php漏洞代码分析
https://github.com/80vul/phpcodz
Simple test for CVE-2016-2107
https://github.com/FiloSottile/CVE-2016-2107
CVE-2015-7547 POC
https://github.com/fjserna/CVE-2015-7547
JAVA反序列化POC生成工具
https://github.com/frohoff/ysoserial
JAVA反序列化EXP
https://github.com/foxglovesec/JavaUnserializeExploits
Jenkins CommonCollections EXP
https://github.com/CaledoniaProject/jenkins-cli-exploit
CVE-2015-2426 EXP (windows内核提权)
https://github.com/vlad902/hacking-team-windows-kernel-lpe
use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示)
https://github.com/hxer/vulnapp
php7缓存覆写漏洞Demo及相关工具
https://github.com/GoSecure/php7-opcache-override
XcodeGhost木马样本
https://github.com/XcodeGhostSource/XcodeGhost
中间人攻击及钓鱼
中间人攻击框架
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/secretsquirrel/BDFProxy
https://github.com/byt3bl33d3r/MITMf
Inject code, jam wifi, and spy on wifi users
https://github.com/DanMcInerney/LANs.py
可扩展的中间人代理工具
https://github.com/intrepidusgroup/mallory
wifi钓鱼
https://github.com/sophron/wifiphisher
密码破解:
密码破解工具
https://github.com/shinnok/johnny
本地存储的各类密码提取利器
https://github.com/AlessandroZ/LaZagne
二进制及代码分析工具:
二进制分析工具
https://github.com/devttys0/binwalk
系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息
https://github.com/quarkslab/binmap
rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries.
https://github.com/0vercl0k/rp
Windows Exploit Development工具
https://github.com/lillypad/badger
二进制静态分析工具(python)
https://github.com/bdcht/amoco
Python Exploit Development Assistance for GDB
https://github.com/longld/peda
对BillGates Linux Botnet系木马活动的监控工具
https://github.com/ValdikSS/billgates-botnet-tracker
木马配置参数提取工具
https://github.com/kevthehermit/RATDecoders
Shellphish编写的二进制分析工具(CTF向)
https://github.com/angr/angr
针对python的静态代码分析工具
https://github.com/yinwang0/pysonar2
一个自动化的脚本(shell)分析工具,用来给出警告和建议
https://github.com/koalaman/shellcheck
基于AST变换的简易Javascript反混淆辅助工具
https://github.com/ChiChou/etacsufbo
EXP编写框架及工具:
二进制EXP编写工具
https://github.com/t00sh/rop-tool
CTF Pwn 类题目脚本编写框架
https://github.com/Gallopsled/pwntools
an easy-to-use io library for pwning development
https://github.com/zTrix/zio
跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.)
https://github.com/frida/frida
隐写:
隐写检测工具
https://github.com/abeluck/stegdetect
各类安全资料:
域渗透教程
https://github.com/l3m0n/pentest_study
python security教程(原文链接http://www.primalsecurity.net/tutorials/python-tutorials/)
https://github.com/smartFlash/pySecurity
data_hacking合集
https://github.com/ClickSecurity/data_hacking
https://github.com/ClickSecurity/data_hacking
mobile-security-wiki
https://github.com/exploitprotocol/mobile-security-wiki
书籍《reverse-engineering-for-beginners》
https://github.com/veficos/reverse-engineering-for-beginners
一些信息安全标准及设备配置
https://github.com/luyg24/IT_security
APT相关笔记
https://github.com/kbandla/APTnotes
Kcon资料
https://github.com/knownsec/KCon
ctf及黑客资源合集
https://github.com/bt3gl/My-Gray-Hacker-Resources
ctf和安全工具大合集
https://github.com/zardus/ctf-tools
《DO NOT FUCK WITH A HACKER》
https://github.com/citypw/DNFWAH
各类CTF资源
近年ctf writeup大全
https://github.com/ctfs/write-ups-2016
https://github.com/ctfs/write-ups-2015
https://github.com/ctfs/write-ups-2014
fbctf竞赛平台Demo
https://github.com/facebook/fbctf
ctf Resources
https://github.com/ctfs/resources
各类编程资源:
大礼包(什么都有)
https://github.com/bayandin/awesome-awesomeness
bash-handbook
https://github.com/denysdovhan/bash-handbook
python资源大全
https://github.com/jobbole/awesome-python-cn
git学习资料
https://github.com/xirong/my-git
安卓开源代码解析
https://github.com/android-cn/android-open-project-analysis
python框架,库,资源大合集
https://github.com/vinta/awesome-python
JS 正则表达式库(用于简化构造复杂的JS正则表达式)
https://github.com/VerbalExpressions/JSVerbalExpressions
Python:
python 正则表达式库(用于简化构造复杂的python正则表达式)
https://github.com/VerbalExpressions/PythonVerbalExpressions
python任务管理以及命令执行库
https://github.com/pyinvoke/invoke
python exe打包库
https://github.com/pyinstaller/pyinstaller
py3 爬虫框架
https://github.com/orf/cyborg
一个提供底层接口数据包编程和网络协议支持的python库
https://github.com/CoreSecurity/impacket
python requests 库
https://github.com/kennethreitz/requests
python 实用工具合集
https://github.com/mahmoud/boltons
python爬虫系统
https://github.com/binux/pyspider
ctf向 python工具包
https://github.com/P1kachu/v0lt
科学上网:
科学上网工具
https://github.com/XX-net/XX-Net
福利:
微信自动抢红包动态库
https://github.com/east520/AutoGetRedEnv
微信抢红包插件(安卓版)
https://github.com/geeeeeeeeek/WeChatLuckyMoney
神器
https://github.com/yangyangwithgnu/hardseed
- - - - ----
作者:天谕
链接:https://zhuanlan.zhihu.com/p/22110538
来源:知乎
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
- - - - ---
漏洞及渗透练习平台:
https://github.com/710leo/ZVulDrill
Web漏洞演练平台
https://github.com/cliffe/secgen
Ruby编写的一款工具,生成含漏洞的虚拟机
花式扫描器:
https://github.com/aboul3la/Sublist3r
子域名爆破扫描器
https://github.com/TheRook/subbrute
子域名爆破扫描器
https://github.com/andresriancho/w3af
Web漏洞扫描器
https://github.com/maurosoria/dirsearch
Web路径扫描器
https://github.com/shawarkhanethicalhacker/BruteXSS
XSS多功能扫描器
https://github.com/rbsec/sslscan
SSL类型扫描器
https://github.com/urbanadventurer/whatweb
网站指纹识别工具,用来检测网站CMS类型,所采用的博客系统类型,JS库,web服务器,甚至版本号,email地址,web框架等
https://github.com/ciscocsirt/malspider
一款爬虫框架,用来检测网站是否被恶意攻击过
https://github.com/wpscanteam/wpscan
wordpress漏洞扫描器
https://github.com/misterch0c/firminator_backend
固件漏洞扫描器
https://github.com/wilson9x1/fenghuangscanner_v3
常见服务端口弱口令扫描器
https://github.com/darryllane/Bluto
信息探测及扫描工具(DNS及邮件枚举等)
https://github.com/sowish/LNScan
内部网络扫描器
https://github.com/linuz/Sticky-Keys-Slayer
远程桌面登录扫描器
https://github.com/infosec-au/altdns
子域名字典组合生成及暴力破解器
https://github.com/SECFORCE/sparta
网络基础设施渗透工具(集成nmap和hydra等)
https://github.com/SECFORCE/SNMP-Brute
Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script
https://github.com/sullo/nikto
web server scanner
https://github.com/code-scan/dzscan
discuz论坛漏洞扫描器
https://github.com/nanshihui/Scan-T
网络空间指纹扫描器
https://github.com/ilmila/J2EEScan
J2EE漏洞扫描器burp插件
甲方安全工程师生存指南:
https://github.com/thomaspatzke/WASE
web索引及日志搜索工具
https://github.com/Kozea/wdb
一款CS结构的web debuger
https://github.com/aramosf/recoversqlite/
recover information from deleted registers in sqlite databases.
https://github.com/epinna/tplmap
自动化的模板注入攻击检测工具
https://github.com/client9/libinjection
sqli词法解析分析器
https://github.com/zxsecurity/gpsnitch
gps欺骗检测工具
https://github.com/biggiesmallsAG/nightHawkResponse
应急处置响应框架
https://github.com/FallibleInc/security-guide-for-developers
web安全开发指南
https://github.com/4ido10n/wooyun-drops-all-articles-package
乌云知识库全部文章
https://github.com/paralax/awesome-honeypots
蜜罐资源合集
https://github.com/wufeifei/cobra
自动化代码审计工具
https://github.com/HatBoy/Pcap-Analyzer
python编写的离线网络数据包分析器
https://github.com/leonteale/pentestpackage
渗透测试常见小工具打包
WEB:
https://github.com/owtf/wafbypasser
WAF绕过检测工具
https://github.com/julienbedard/browsersploit
浏览器攻击框架
https://github.com/guillotines/WebShell
web端webshell管理器
https://github.com/mgeeky/tomcatWarDeployer
tomcat自动后门部署
Windows域渗透工具:
https://github.com/enddo/awesome-windows-exploitation
windows漏洞利用相关整理
https://github.com/putterpanda/mimikittenz
从内存中提取敏感信息的工具
https://github.com/chango77747/AdEnumerator
https://github.com/Raikia/CredNinja
https://github.com/ChrisTruncer/WMIOps
https://github.com/ChrisTruncer/EyeWitness
https://github.com/ChrisTruncer/Egress-Assess
fireeye红军渗透工具
各类安全资料:
https://github.com/phith0n/Mind-Map
安全脑图合集
https://github.com/SecWiki/sec-chart/tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428
有关信息安全的一些流程图收集
漏洞POC&EXP:
https://github.com/citronneur/rdp
哈希长度扩展攻击EXP
蜜罐:
https://github.com/desaster/kippo
SSH Honeypot
https://github.com/micheloosterhof/cowrie
kippo进阶版
https://github.com/awhitehatter/mailoney
SMTP honeypot
https://github.com/mushorg/glastopf
Web Application honeypot
https://github.com/jordan-wright/elastichoney
数据库蜜罐
https://github.com/atiger77/Dionaea
Web蜜罐
作者:天谕
链接:https://zhuanlan.zhihu.com/p/22684414
来源:知乎
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
==========================华丽丽的分割线==========================
漏洞及渗透练习平台:
https://github.com/Medicean/VulApps
多种漏洞练习环境
花式扫描器:
GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
Ruby on Rails应用静态分析工具
GitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
linux漏洞扫描器
GitHub - m0nad/HellRaiser: Vulnerability Scanner
基于端口的漏扫及CVE关联
甲方安全工程师生存指南:
GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
各知名厂商渗透测试报告模板
GitHub - codejanus/ToolSuite: Security tools
安全工具合集
GitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System
apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM)
GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool
Destroy-Windows-10-Spying
https://github.com/pwnsdx/BadCode
PHP代码审计扫描器
GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD)
linux下恶意代码检测包
GitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics.
操作系统运行指标可视化框架
https://github.com/jipegit/OSXAuditor
Mac OS下取证工具
GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system
恶意代码分析系统
GitHub - Netflix/Scumblr
定期搜索及存储web应用,可搜漏洞讨论等等
GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response
事件响应框架(focus on 远程取证)
GitHub - mozilla/MozDef: MozDef: The Mozilla Defense Platform
The Mozilla Defense Platform
GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等)
GitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X
OS X远程取证与分析工具包
GitHub - mozilla/mig: Distributed & real time digital forensics at the speed of the cloud
分布式实时数字取证系统
GitHub - sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Microsoft & Unix 文件系统及硬盘取证工具
https://github.com/OpenSCAP/openscap
Open Source Security Compliance Solution
https://github.com/wgliang/logcool
开源准实时日志采集器
https://github.com/goldshtn/etrace
windows实时ETW事件处理工具
GitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.
CPU及内存相关性能分析工具
WEB:
GitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.
通过调用sqlmap api,自动检测sqli的代理
GitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions
免杀payload生成器
GitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server
用gmail充当C&C服务器的后门
远控:
GitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool
开源模块化远控工具
GitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool)
C#远控工具
漏洞POC&EXP:
GitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities
JAVA反序列化漏洞相关资源列表
二进制及代码分析工具:
GitHub - suraj-root/smap: Shellcode mapper
shellcode分析工具
GitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSC
Shellcode/Obfuscate Code Generator
GitHub - korcankaraokcu/PINCE: A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux
linux下逆向工具
GitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Reverse Shell and Post Exploitation Tool
GitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework
跨平台二进制分析及逆向工具
Python:
GitHub - gstarnberger/uncompyle: Python decompiler
pyc反编译脚本
https://github.com/jameslyons/pycipher
pycipher python加解密库
https://github.com/nvdv/vprof
可视化python性能分析工具
FUZZ:
https://github.com/MozillaSecurity/peach
fuzzing framework
GitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage
A general-purpose, easy-to-use fuzzer with interesting analysis options.
GitHub - fuzzing/MFFA: Media Fuzzing Framework for Android
Media Fuzzing Framework for Android
GitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on Android
A tool to fuzz Intent Android
GitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input.
Fuzzing资源
GitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)
AFL的Android移植版本
Github 安全军火库(四)
希望今年能够更加努力一点,早日在菜的抠脚的队伍中稳健成长。
==========================华丽丽的分割线==========================
先安利一个网站,我平时经常看,觉得内容都挺不错的。
安全行业从业人员自研开源扫描器合集(2017/01/11更新)-MottoIN
这篇文章主要是针对扫描器这一块的开源项目做了收集和规整,理的很清楚,里面的项目我就不拿出来罗列了。
==========================华丽丽的分割线==========================
漏洞及渗透练习平台:
rapid7/metasploitable3
metasploitable3
stamparm/DSVW
轻量web漏洞演示平台
MyKings/docker-vulnerability-environment
docker搭建的漏洞练习环境
joe-shenouda/awesome-cyber-skills
黑客技术训练环境
OWASP/SecurityShepherd
web及app渗透训练平台
花式扫描器:
ysrc/GourdScanV2
被动式漏洞扫描系统
ring04h/wydomain
子域名扫描器
ysrc/F-Scrack
服务弱口令检测脚本
thesp0nge/dawnscanner
ruby源码扫描工具
zer0h/httpscan
web主机发现小工具
maxlabelle/WebMalwareScanner
A simple malware scanner
youngyangyang04/NoSQLAttack
MongoDB漏洞扫描器
az0ne/AZScanner
自动漏扫
Screetsec/Dracnmap
集成Nmap的一款端口扫描器
maK-/parameth
Get Post参数扫描器
delvelabs/vane
A GPL fork of the popular wordpress vulnerability scanner WPScan
stanislav-web/OpenDoor
路径扫描器
golismero/golismero
web扫描器
We5ter/Scanners-Box
安全行业从业人员自研开源扫描器合集
Graph-X/davscan
Fingerprints servers, finds exploits, scans WebDAV.
lietdai/doom
分布式任务分发端口扫描器
angryziber/ipscan
fast and friendly network scanner
甲方安全工程师生存指南:
hslatman/awesome-threat-intelligence
威胁情报资源
arthepsy/ssh-audit
tool for ssh server auditing
keithjjones/visualize_logs
A Python library and command line tools to provide interactive log visualization
m4rco-/dorothy2
一个僵尸网络分析框架
lightbulb-framework/lightbulb-framework
WAFS审计工具
Xyntax/1000php
1000个php代码审计案例
aker-gateway/Aker
基于 python 的 Linux ssh 跳板机/堡垒机设置工具
andrewjkerr/security-cheatsheets
Linux常见命令及部分安全软件使用命令列表
JacobReynolds/ssrfDetector
ssrfDetector
yassineaddi/BackdoorMan
PHP后门检测工具
CISOfy/lynis
Security auditing and hardening tool, for UNIX-based systems
SpamScope/spamscope
垃圾邮件分析工具
yassineaddi/BackdoorMan
恶意代码,php shell检测工具
OWASP/django-DefectDojo
安全程序和漏洞管理工具
Neohapsis/NeoPI
混淆代码检测工具
emposha/Shell-Detector
webshell检测工具
Web:
1N3/IntruderPayloads
burp instruder payloads collection
Neohapsis/bbqsql
A Blind SQL Injection Exploitation Tool
antoor/antSword
antSword
xl7dev/BurpSuite
burp插件收集项目
rastating/wordpress-exploit-framework
一个用来攻击wp的框架
lijiejie/ds_store_exp
.DS_store文件泄露利用脚本
漏洞POC&EXP:
joaomatosf/jexboss
JBOSS verify & exp tool
jiayy/android_vuln_poc-exp
安卓十月漏洞POC
ganliuzhuo/Sebug
在sebug提交的漏洞详情及poc
Fuzz:
google/fuzzer-test-suite
Set of tests for fuzzing engines
renatahodovan/fuzzinator
Fuzzinator Random Testing Framework
henshin/filebuster
web fuzz
如果当中有描述不正确的地方,请老司机们多多指教,鞠躬!