【免责声明】本项目所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,不得将其用于非授权渗透测试,否则后果自行承担,与本项目无关。使用本项目前请先阅读 法律法规。
- 目录 Contents
- 项目导航 Project Navigation
- 开源导航 Open-Source Navigation
- 信息收集 Reconnaissance
- 漏洞研究 Vulnerability Research
- 漏洞利用 Exploits
- 渗透测试 Penertation Testing
- 内网渗透 Red Teaming
- 域渗透 Active Directory / Kerberos
- 安全防护 Defensive Security
- 云安全 Cloud Security
- 移动端安全 Mobile Security
- 逆向工程 Reverse engineering
- 提高生产力的辅助工具
- 提高生产力的使用姿势
戳这里 Click Here
DefaultCreds-Cheat-Sheet.csv
Huawei-iBMC-DefaultCreds.csv
Huawei-Product-Cheat-Sheet.csv
WeakPassword-Cheat-Sheet.csv
安全厂商及官网链接速查.txt
戳这里 Click Here
ShellcodeWrapper: Shellcode加密
AntivirusScanner: 杀软进程检测脚本
runtime-exec-payloads.html: java.lang.Runtime.exec() Payloads生成
Ascii2Char: ASCII码和字符互相转换脚本 修改webshell文件名密码
Weakpass_Generator: 在线弱密码生成工具 汉化版
Godzilla_Decryptor: 哥斯拉流量解密
Behinder4_Key_Bruteforce: 冰蝎4密钥爆破
Flask_Session_Decryptor: Flask session注入解密
戳这里 Click Here
信息收集-敏感信息收集
内网渗透-免杀
内网渗透-隐藏
内网渗透-Pentesting AD Mindmap
安全架构-网络攻击与防御图谱
平台搭建-DNS Log
流量分析-CobaltStrike
流量分析-Webshell
社会工程学-钓鱼邮件主题汇总
逆向分析-微信小程序反编译
- Online:
- Offline:
- MD5:
- RSA:
- Encode/Decode:
- GB2312: http://code.mcdvisa.com/
- Unicode: https://www.compart.com/en/unicode/
- UUencode: http://web.chacuo.net/charsetuuencode
- Escape/Unescape: https://tool.chinaz.com/tools/escape.aspx
- HTML实体编码: https://zh.rakko.tools/tools/21/
- Regular Expressions:
- Virustotal: https://www.virustotal.com/
- 腾讯哈勃分析系统: https://habo.qq.com/tool/index
- 微步在线威胁情报: https://x.threatbook.com/
- 奇安信威胁情报: https://ti.qianxin.com/
- 360威胁情报: https://ti.360.net/
- 网络安全威胁信息共享平台: https://share.anva.org.cn/web/publicity/listPhishing
- 安恒威胁情报: https://ti.dbappsecurity.com.cn/
- 火线安全平台: https://www.huoxian.cn
- 知道创宇黑客新闻流: https://hackernews.cc/
- Hacking8安全信息流: https://i.hacking8.com/
- SecWiki安全信息流: https://www.sec-wiki.com/
- Fofa: https://fofa.info/
- Shodan: https://www.shodan.io/
- ZoomEye: https://www.zoomeye.org/
- 鹰图: https://hunter.qianxin.com/
- 谛听: https://www.ditecting.com/
- Quake: https://quake.360.cn/quake/
- Censys: https://search.censys.io/
- Netlas: https://app.netlas.io/domains/
- Wayback Machine: 网页历史缓存 https://web.archive.org/
- VisualPing: 网页变动监测 https://visualping.io/
- Dark Web Exposure: https://www.immuniweb.com/darkweb/
- SG TCP/IP 端口数据库: https://www.speedguide.net/ports.php
- Google Hacking Database:
- Google Hacking Online:
- Google Hacking Cli:
- Github Dork:
- OSINT Resource List: https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list
- OSINT Framework: https://osintframework.com/
- OSINT Handbook: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf
- Public APIs:
- Discover secret API keys: https://serene-agnesi-57a014.netlify.app/
- Source code Search Engine:
- Red Teaming and Offensive Security:
- https://www.ired.team/
- https://www.thehacker.recipes/
- https://ppn.snovvcrash.rocks/
- https://book.hacktricks.xyz/
- https://blog.harmj0y.net/
- https://hausec.com/domain-penetration-testing/
- https://dirkjanm.io/
- https://casvancooten.com/
- https://evasions.checkpoint.com/
- https://redteam.guide/docs/definitions
- https://github.com/HadessCS/Red-team-Interview-Questions
- Blue Teaming and Defensive Security:
- OPSEC:
- 国内信息披露平台:
- 国家信息安全漏洞库: https://www.cnnvd.org.cn/
- 国家互联网应急中心: https://www.cert.org.cn/
- 360网络安全响应中心: https://cert.360.cn/
- 知道创宇漏洞库: https://www.seebug.org/
- 长亭漏洞库: https://stack.chaitin.com/vuldb/
- 阿里云漏洞库: https://avd.aliyun.com/high-risk/list
- PeiQi漏洞库: https://peiqi.wgpsec.org/
- 国外信息披露平台:
- Exploits 搜索引擎:
- https://sploitus.com/
- https://www.exploit-db.com/ kali中可以配合命令
searchsploit <keywords>
使用
- 先知社区: https://xz.aliyun.com/
- Infocon: https://infocon.org/
- ffffffff0x 团队安全知识框架: https://github.com/ffffffff0x/1earn
- 狼组公开知识库: https://wiki.wgpsec.org/
- Mitre ATT&CK:
- matrices: https://attack.mitre.org/matrices/enterprise
- techniques: http://attack.mitre.org/techniques/enterprise/
- Hacking articles: https://www.hackingarticles.in/
- PostSwigger blog: https://portswigger.net/blog
- InGuardians Labs blog: https://www.inguardians.com/
- Pentest Workflow: https://pentest.mxhx.org/
- Pentest cheatsheet: https://pentestbook.six2dez.com/
- Programming/Toolkit/Command/OS/Shortcuts Cheatsheets:
- Nice Tools:
- Beautifier:
- Reverse Shell Generator:
- File Download Generator:
- Shorten URLs: https://a.f8x.io/
- AlliN: https://github.com/P1-Team/AlliN
- fscan: https://github.com/shadow1ng/fscan
- TscanPlus: https://github.com/TideSec/TscanPlus
- kscan: https://github.com/lcvvvv/kscan
- Kunyu: https://github.com/knownsec/Kunyu
- OneForAll: https://github.com/shmilylty/OneForAll
- ShuiZe: https://github.com/0x727/ShuiZe_0x727
- FofaX: https://github.com/xiecat/fofax
- Fofa Viewer: https://github.com/wgpsec/fofa_viewer
- Fofa GUI: https://github.com/bewhale/FOFA_GUI
- ENScan_GO: https://github.com/wgpsec/ENScan_GO
- Ladon: https://github.com/k8gege/Ladon
- Amass: https://github.com/owasp-amass/amass
- hping3: 端口扫描 高速 发包量少 结果准确无蜜罐 https://github.com/antirez/hping
- IP信息收集:
- 多个地点Ping服务器:
- IP反查域名:
- Whois信息收集:
- DNS信息收集:
- ASN信息收集:
- TLS证书查询:
- Fingerprint Collection:
- Fingerprint Reconnaissance:
- Waf Checks:
- Subdomain:
- Web:
- Directory:
- Password:
- Json web token (JWT):
- Wordlists for all:
- https://github.com/danielmiessler/SecLists 46.4k star
- https://github.com/SexyBeast233/SecDictionary + ffuf
- https://github.com/insightglacier/Dictionary-Of-Pentesting
- https://github.com/TheKingOfDuck/fuzzDicts
- https://github.com/gh0stkey/Web-Fuzzing-Box
- https://github.com/a3vilc0de/PentesterSpecialDict
- https://github.com/Bo0oM/fuzz.txt
- https://github.com/assetnote/wordlists
- Web fuzz wordlists:
- Others (not frequently used):
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext
- https://github.com/random-robbie/bruteforce-lists
- https://github.com/google/fuzzing/tree/master/dictionaries
- https://github.com/six2dez/OneListForAll
- Online:
- Generate wordlists: https://weakpass.com/generate
- Generate subdomains and wordlists: https://weakpass.com/generate/domains
- 汉字转拼音: https://www.aies.cn/pinyin.htm
- 密码猜解: https://www.hacked.com.cn/pass.html
- Private Deployment:
- Generate wordlists(offline): https://github.com/zzzteph/weakpass
- Generate subdomains and wordlists(offline): https://github.com/zzzteph/probable_subdomains
- Offline:
- pydictor: 一个强大实用的黑客暴力破解字典建立工具 https://github.com/LandGrey/pydictor/
- crunch:
- Default Credentials Cheat Sheet: 3468个默认密码 https://github.com/ihebski/DefaultCreds-cheat-sheet
- datarecovery: 在线默认口令查询 https://datarecovery.com/rd/default-passwords/
- cirt.net: 在线默认口令查询 https://cirt.net/passwords
- 在线路由器密码查询:
- Temporary Email:
- Snov.io: https://app.snov.io
- Phonebook: also works on subdomains and urls https://phonebook.cz
- Skymem: https://www.skymem.info
- Hunter: https://hunter.io
- email-format: https://www.email-format.com/i/search/
- 搜邮箱: https://souyouxiang.com/find-contact/
- theHarvester: also works on subdomains https://github.com/laramies/theHarvester
- Verify emails: https://tools.emailhippo.com/
- Accounts registered by email: https://emailrep.io/
- SMS Online:
- gophish: 钓鱼邮件 https://github.com/gophish/gophish
- SpoofWeb: 一键部署 https 钓鱼网站 https://github.com/5icorgi/SpoofWeb
- 小蓝本: https://www.xiaolanben.com/
- 七麦数据: https://www.qimai.cn/
- Web:
- Sqli-labs: https://github.com/Audi-1/sqli-labs
- Upload-labs: https://github.com/c0ny1/upload-labs
- Xss-labs: https://github.com/do0dl3/xss-labs
- DVWA: https://github.com/digininja/DVWA
- WebGoat: https://github.com/WebGoat/WebGoat
- Comprehensive:
- Vulhub: https://vulhub.org/
- ichunqiu: https://yunjing.ichunqiu.com/
- HackTheBox: https://www.hackthebox.com/
- OWASP Top10: https://owasp.org/www-project-juice-shop/
- Vulstudy: 17 platform based on docker https://github.com/c0ny1/vulstudy
- Vulfocus: https://github.com/fofapro/vulfocus
- IoT:
- IoT-vulhub: https://github.com/firmianay/IoT-vulhub
- Cloud:
- Metarget: https://github.com/Metarget/metarget
- Attack Defense: https://attackdefense.pentesteracademy.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-s3
- AWSGoat: https://github.com/ine-labs/AWSGoat
- TerraformGoat: https://github.com/HXSecurity/TerraformGoat
- Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat
- CloudGoat: https://github.com/RhinoSecurityLabs/cloudgoat
Be careful Malware,POC 库最新的 CVE 可能存在投毒风险。
- PoC 库:
- POChouse: https://github.com/DawnFlame/POChouse
- Some-PoC-oR-ExP: 各种漏洞PoC、ExP的收集或编写 https://github.com/coffeehb/Some-PoC-oR-ExP
- Library-POC: 基于Pocsuite3、goby编写的漏洞poc&exp存档 https://github.com/luck-ying/Library-POC
- Penetration_Testing_POC: https://github.com/Mr-xn/Penetration_Testing_POC
- PoC-in-GitHub: https://github.com/nomi-sec/PoC-in-GitHub
- 0day: https://github.com/helloexp/0day
- PoC 编写:
- POC 辅助生成: 在线 https://poc.xray.cool/
- POC 辅助生成: 本地 https://github.com/zeoxisca/gamma-gui
- xpoc: 供应链漏洞扫描 https://github.com/chaitin/xpoc
- Xray: 安全评估工具 https://github.com/chaitin/xray
- Super Xray: Xray GUI启动器 https://github.com/4ra1n/super-xray
- Vulmap: 漏洞扫描和验证工具 https://github.com/zhzyker/vulmap
- Artillery: 插件化 JAVA 漏洞扫描器 https://github.com/Weik1/Artillery
- Aazhen-v3.1: JavaFX图形化漏洞扫描工具 https://github.com/zangcc/Aazhen-RexHa
- Java:
- php:
- Mysql jdbc:
- Redis GUI Client:
- Redis RCE:
- MDUT: Multiple Database Utilization Tools https://github.com/SafeGroceryStore/MDUT
- odat: Oracle RCE https://github.com/quentinhardy/odat
- GitHack: .git泄露利用脚本 https://github.com/lijiejie/GitHack python3 有时无法恢复.git目录,推荐python2版本
- GitHack: .git泄露利用脚本 https://github.com/BugScanTeam/GitHack python2
- dvcs-ripper: .svn、.hg、.cvs泄露利用脚本 https://github.com/kost/dvcs-ripper
- ds_store_exp: .DS_Store 文件泄漏利用脚本 https://github.com/lijiejie/ds_store_exp
- Hawkeye: GitHub 泄露监控系统 https://github.com/0xbug/Hawkeye
- 通达OA: https://github.com/Fu5r0dah/TongdaScan_go
- MYExploit: https://github.com/achuna33/MYExploit
- Apt_t00ls: https://github.com/White-hua/Apt_t00ls
- OA-EXPTOOL: https://github.com/LittleBear4/OA-EXPTOOL
- I-Wanna-Get-All: https://github.com/R4gd0ll/I-Wanna-Get-All
- Druid:
- DruidCrack: Druid密文解密工具 https://github.com/rabbitmask/DruidCrack
- druid_sessions: Druid sessions利用工具 https://github.com/yuyan-sec/druid_sessions
- Etcd:
- etcd: etcdctl https://github.com/etcd-io/etcd
- Fastjson:
- fastjson-exp: https://github.com/amaz1ngday/fastjson-exp
- Nacos:
- NacosRce: Nacos Hessian 反序列化 https://github.com/c0olw/NacosRce/
- nacosleak: 获取nacos中配置文件信息 https://github.com/a1phaboy/nacosleak
- nacosScan: jwt硬编码、api未授权添加用户、配置读取 https://github.com/Whoopsunix/nacosScan
- NacosExploitGUI: https://github.com/charonlight/NacosExploitGUI
- Nps:
- nps-auth-bypass: nps认证绕过利用工具 https://github.com/carr0t2/nps-auth-bypass
- Java:
- jdwp-shellifier: python2 https://github.com/IOActive/jdwp-shellifier
- jdwp-shellifier: https://github.com/Lz1y/jdwp-shellifier
- Shiro:
- Shiro rememberMe 在线解密: https://vulsee.com/tools/shiroDe/shiroDecrypt.html
- shiro_attack: https://github.com/j1anFen/shiro_attack
- shiro_rce_tool: https://github.com/wyzxxz/shiro_rce_tool
- ShiroExploit: https://github.com/feihong-cs/ShiroExploit-Deprecated
- ShiroExp: https://github.com/safe6Sec/ShiroExp
- shiro_key: shiro key 收集 目前 1k+ https://github.com/yanm1e/shiro_key
- Struts:
- Struts2VulsTools: https://github.com/shack2/Struts2VulsTools
- Spring:
- SpringBoot-Scan: https://github.com/AabyssZG/SpringBoot-Scan
- Spring_All_Reachable: CVE-2022-22947/CVE-2022-22963 https://github.com/savior-only/Spring_All_Reachable
- SpringBootVulExploit: https://github.com/LandGrey/SpringBootVulExploit
- Spring-cloud-function-SpEL-RCE: CVE-2022-22963 https://github.com/mamba-2021/EXP-POC/tree/main/Spring-cloud-function-SpEL-RCE
- swagger-exp: Swagger REST API 信息泄露利用工具 https://github.com/lijiejie/swagger-exp
- jasypt decrypt: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption
- Heapdump:
- heapdump_tool: heapdump敏感信息查询工具 https://github.com/wyzxxz/heapdump_tool
- Memory Analyzer: HeapDump分析工具 https://eclipse.dev/mat/previousReleases.php
- JDumpSpider: HeapDump敏感信息提取工具 https://github.com/whwlsfb/JDumpSpider
- Tomcat:
- CVE-2020-1938: https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi
- ClassHound: https://github.com/LandGrey/ClassHound
- Thinkphp:
- ThinkphpGUI: https://github.com/Lotus6/ThinkphpGUI
- thinkphp_gui_tools: https://github.com/bewhale/thinkphp_gui_tools
- Weblogic:
- WeblogicTool: https://github.com/KimJun1010/WeblogicTool
- WeblogicScan: https://github.com/dr0op/WeblogicScan
- WeblogicScan: https://github.com/rabbitmask/WeblogicScan
- weblogicScanner: https://github.com/0xn0ne/weblogicScanner
- weblogic-framework: https://github.com/sv3nbeast/weblogic-framework
- WebSocket:
- vSphere:
- VcenterKiller: 针对Vcenter的综合利用工具 https://github.com/Schira4396/VcenterKiller
- VcenterKit: Vcenter综合渗透利用工具包 https://github.com/W01fh4cker/VcenterKit
- Zookeeper:
- ZooInspector: ZooKeeper 客户端监控软件 https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
- apache-zookeeper: zkCli.sh 客户端命令连接 https://archive.apache.org/dist/zookeeper/zookeeper-3.5.6/
- Yakit: https://github.com/yaklang/yakit
- Burpsuite: https://portswigger.net/burp
- Burpsuite Extensions:
- HaE: 高亮标记与信息提取辅助型插件 https://github.com/gh0stkey/HaE
- Log4j2Scan: Log4j主动扫描插件 https://github.com/whwlsfb/Log4j2Scan
- RouteVulScan: 检测脆弱路径插件 https://github.com/F6JO/RouteVulScan
- BurpCrypto: 硬编码快乐渗透插件 https://github.com/whwlsfb/BurpCrypto
- XSS:
- XSS Chop: https://xsschop.chaitin.cn/demo/
- XSS/CSRF编码转换: https://evilcos.me/lab/xssor/
- HTML5 Security Cheatsheet: XSS攻击向量学习/参考 https://html5sec.org/
- Local File Inclusion:
- Online:
- Alphalog: dns/http/rmi/ldap https://github.com/AlphabugX/Alphalog
- DNS rebinding: https://lock.cmpxchg8b.com/rebinder.html
- DNSLog-GO: 自建私有平台 https://github.com/lanyi1998/DNSlog-GO
- Bypass HTTP 40X errors:
- PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
- java.lang.Runtime.exec() Payload: https://payloads.net/Runtime.exec/
- PHP Generic Gadget Chains: PHP反序列化Payload https://github.com/ambionics/phpggc
- PHPFuck: https://github.com/splitline/PHPFuck
- JSFuck: http://www.jsfuck.com/
- JavaScript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/
- Gopherus: SSRF 生成gopher链接 https://github.com/tarunkant/Gopherus python2
- CVE-2021-44228-PoC-log4j-bypass-words: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- Credential Dumping:
- LaZagne: https://github.com/AlessandroZ/LaZagne
- WirelessKeyView: https://www.nirsoft.net/utils/wireless_key.html
- Windows credential manager: https://www.nirsoft.net/utils/credentials_file_view.html
- Pillager: https://github.com/qwqdanchun/Pillager/
- searchall: https://github.com/Naturehi666/searchall
- Local Enumeration:
- HackBrowserData: https://github.com/moonD4rk/HackBrowserData
- BrowserGhost: https://github.com/QAX-A-Team/BrowserGhost
- chrome: http://www.nirsoft.net/utils/chromepass.html
- firefox: https://github.com/unode/firefox_decrypt
- foxmail: https://securityxploded.com/foxmail-password-decryptor.php
- mobaxterm: https://github.com/HyperSine/how-does-MobaXterm-encrypt-password
- navicat: https://github.com/Zhuoyuan1/navicat_password_decrypt
- navicat: https://github.com/HyperSine/how-does-navicat-encrypt-password
- sunflower: https://github.com/wafinfo/Sunflower_get_Password
- securreCRT: https://github.com/depau/shcrt
- xshell:
- NICE TOOLS:
- https://github.com/rapid7/metasploit-framework
- https://github.com/byt3bl33d3r/CrackMapExec
- https://github.com/fortra/impacket
- https://github.com/XiaoliChan/wmiexec-Pro
- https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
- https://github.com/GhostPack/Rubeus
- https://github.com/Kevin-Robertson/Powermad
- https://github.com/PowerShellMafia/PowerSploit
- netspy: 快速探测内网可达网段 https://github.com/shmilylty/netspy
- LOLBAS: Windows二进制文件库 https://github.com/LOLBAS-Project/LOLBAS
- GTFOBins: Unix二进制文件库 https://gtfobins.github.io/
- Responder:
- Linux Local Enumeration:
- Windows Local Enumeration:
- https://github.com/S3cur3Th1sSh1t/WinPwn
- https://github.com/carlospolop/PEASS-ng/blob/master/winPEAS/winPEASbat/winPEAS.bat
- https://github.com/S3cur3Th1sSh1t/PowerSharpPack
- https://github.com/Flangvik/SharpCollection
- https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
- https://github.com/dafthack/DomainPasswordSpray
- https://github.com/dafthack/MailSniper
- Windows Exploits:
- https://github.com/AonCyberLabs/Windows-Exploit-Suggester
- https://github.com/SecWiki/windows-kernel-exploits
- https://github.com/Al1ex/WindowsElevation
- https://i.hacking8.com/tiquan/ online
- https://github.com/BeichenDream/BadPotato/
- https://github.com/giuliano108/SeBackupPrivilege
- https://github.com/gtworek/PSBits/blob/master/Misc/EnableSeBackupPrivilege.ps1
- Linux Exploits:
- Database Exploits:
- Webshell Collection:
- Webshell Management:
- Webshell Bypass:
- Reverse Shell Management:
- bypassAV: 免杀shellcode加载器 过火绒不过360 https://github.com/pureqh/bypassAV
- GolangBypassAV: https://github.com/safe6Sec/GolangBypassAV
- BypassAntiVirus: 远控免杀系列文章及配套工具 https://github.com/TideSec/BypassAntiVirus
- AV_Evasion_Tool: 掩日 - 适用于红队的综合免杀工具 https://github.com/1y0n/AV_Evasion_Tool
- shellcodeloader: Windows平台的shellcode免杀加载器 https://github.com/knownsec/shellcodeloader
- 杀软比对1: tasklist/systeminfo https://www.shentoushi.top/av/av.php
- 杀软比对2: tasklist /svc && ps -aux https://tasklist.ffffffff0x.com/
- nps: proxy server with a web management terminal https://github.com/ehang-io/nps
- frp: 55k star https://github.com/fatedier/frp
- reGeorg: https://github.com/sensepost/reGeorg
- Neo-reGeorg: https://github.com/L-codes/Neo-reGeorg
- rakshasa: multi-hop proxy 多级代理 https://github.com/Mob2003/rakshasa
- Stowaway: multi-hop proxy 多级代理 https://github.com/ph4ntonn/Stowaway
- Viper: platform with webui https://github.com/FunnyWolf/Viper
- Proxifier: tools for windows https://www.proxifier.com/
- Proxychains: tools for kali https://github.com/haad/proxychains
- iodine: dns tunnel https://github.com/yarrick/iodine
- dnscat2: dns tunnel https://github.com/iagox86/dnscat2
- DNS-Shell: dns tunnel https://github.com/sensepost/DNS-Shell
- icmpsh: icmp tunnel https://github.com/bdamele/icmpsh
- Cobaltstrike Extensions:
- Awesome CobaltStrike: CobaltStrike知识库 https://github.com/zer0yu/Awesome-CobaltStrike
- Erebus: 后渗透测试插件 https://github.com/DeEpinGh0st/Erebus
- LSTAR: 综合后渗透插件 https://github.com/lintstar/LSTAR
- ElevateKit: 提权插件 https://github.com/rsmudge/ElevateKit
- C2ReverseProxy: 不出网上线 https://github.com/Daybr4ak/C2ReverseProxy
- pystinger: 不出网上线 https://github.com/FunnyWolf/pystinger
- OPSEC Tools:
- Privacy.sexy: Scripts for Windows/macOS/Linux 痕迹清理 https://privacy.sexy/
- AD attack&defense mindmaps: https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg
- Game of active directory: https://github.com/Orange-Cyberdefense/GOAD
- Windows/AD cheatsheet: https://wadcoms.github.io/
- BloodHound:
- https://github.com/lzzbb/Adinfo
- https://github.com/wh0amitz/SharpADWS via Active Directory Web Services (ADWS) protocol
- https://github.com/FalconForceTeam/SOAPHound via Active Directory Web Services (ADWS) protocol
- https://github.com/shmilylty/SharpHostInfo
- noPac: CVE-2021-42278 / CVE-2021-42287 https://github.com/Ridter/noPac
- Zerologon CVE-2020-1472:
- https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py
- https://github.com/XiaoliChan/zerologon-Shot
- https://github.com/dirkjanm/CVE-2020-1472
- https://github.com/Potato-py/Potato/tree/03c3551e4770db440b27b0a48fc02b0a38a1cf04/exp/cve/CVE-2020-1472 reset password
- https://github.com/risksense/zerologon reset password
- Exchange ProxyLogon & ProxyShell:
- Printnightmare CVE-2021-34527 / CVE-2021-1675:
- kerbrute: https://github.com/ropnop/kerbrute
- DCSync: https://github.com/n00py/DCSync
- Coerce & NTLM relay:
- PetitPotam: https://github.com/topotam/PetitPotam
- PrinterBug: https://github.com/leechristensen/SpoolSample
- DFSCoerce: https://github.com/Wh04m1001/DFSCoerce
- ShadowCoerce: https://github.com/ShutdownRepo/ShadowCoerce
- PrivExchange: https://github.com/dirkjanm/privexchange/
- Coercer: https://github.com/p0dalirius/Coercer
- Active Directory Certificate Services(AD CS) enumeration and abuse:
- Certify: https://github.com/GhostPack/Certify
- Certipy: https://github.com/ly4k/Certipy
- certi: https://github.com/zer1t0/certi
- PKINITtools: https://github.com/dirkjanm/PKINITtools
- ADCSPwn: https://github.com/bats3c/ADCSPwn
- PassTheCert: https://github.com/AlmondOffSec/PassTheCert
- Java 内存马查杀:
- Aspx 内存马查杀: https://github.com/yzddmr6/ASP.NET-Memshell-Scanner
- Webshell Chop: https://webshellchop.chaitin.cn/demo/
- WebShell 查杀:
- CobaltStrike流量解密脚本: https://github.com/5ime/CS_Decrypt
- BlueTeamTools: 综合工具 https://github.com/abc123info/BlueTeamTools
- IP Logger: 使用生成的短网址获取访问者IP地址 https://iplogger.org/
- https://github.com/AV1080p/Benchmarks
- https://github.com/xiaoyunjie/Shell_Script
- https://github.com/grayddq/GScan
- https://github.com/ppabc/security_check
- https://github.com/T0xst/linux
- 搜索引擎:
- 解密工具:
- 腾讯: https://habo.qq.com/tool
- 金山毒霸: http://www.duba.net/dbt/wannacry.html
- 瑞星: http://it.rising.com.cn/fanglesuo/index.html
- 卡巴斯基: https://noransom.kaspersky.com/
- https://www.nomoreransom.org/zh/index.html
- https://id-ransomware.malwarehunterteam.com
- https://www.avast.com/ransomware-decryption-tools
- https://www.emsisoft.com/en/ransomware-decryption/
- Decryption-Tools: 勒索病毒解密工具收集项目 https://github.com/jiansiting/Decryption-Tools
- awesome-honeypots: 开源蜜罐列表 https://github.com/paralax/awesome-honeypots
- HFish: 一款安全、简单可信赖的跨平台蜜罐软件,允许商业和个人用户免费使用 https://github.com/hacklcx/HFish
- conpot: ICS(工业控制系统)蜜罐 https://github.com/mushorg/conpot
- MysqlHoneypot: MySQL蜜罐 获取wechat ID https://github.com/qigpig/MysqlHoneypot
- TeamsSix 云安全资源: https://github.com/teamssix/awesome-cloud-security
- 云安全知识文库: https://wiki.teamssix.com/
- lzCloudSecurity: 云安全攻防入门
- Awesome-CloudSec-Labs: 云原生安全 https://github.com/iknowjason/Awesome-CloudSec-Labs
- 阿里云OpenAPI: https://next.api.aliyun.com/api/
- 云原生全景图: https://landscape.cncf.io/
- 云服务漏洞库: https://www.cloudvulndb.org/
- ATT&CK Cloud Matrix: https://attack.mitre.org/matrices/enterprise/cloud/
- 火线安全-云服务攻防矩阵: https://cloudsec.huoxian.cn/
- 腾讯云鼎实验室-云安全攻防矩阵: https://cloudsec.tencent.com/home/
- CF: 云环境利用框架 https://wiki.teamssix.com/cf/
- aksk_tool: 三大云厂商+ucloud、AWS、京东云、七牛云 https://github.com/wyzxxz/aksk_tool
- cloudTools: 云资产管理工具,三大云厂商+ucloud https://github.com/dark-kingA/cloudTools
- kodo-browser: 七牛云对象存储官方客户端 https://github.com/qiniu/kodo-browser
- XstorBrowser: 天翼云对象存储官方客户端 https://www.ctyun.cn/document/10306929/10132519
- oss-browser: 阿里云OSS官方客户端 https://github.com/aliyun/oss-browser
- cosbrowser: 腾讯云COS官方客户端 https://github.com/TencentCloud/cosbrowser
- cloudSec: 云平台AK/SK-WEB利用工具,三大云厂商(阿里云接管k8s)、AWS、七牛云 https://github.com/libaibaia/cloudSec
- aliyun-accesskey-Tools: 阿里云 GUI https://github.com/mrknow001/aliyun-accesskey-Tools
- alicloud-tools: 阿里云 命令行 https://github.com/iiiusky/alicloud-tools
- 行云管家: 云存储图形化管理平台 https://yun.cloudbility.com/
- CDK: 容器渗透 https://github.com/cdk-team/CDK
- veinmind-tools: 容器安全工具集 https://github.com/chaitin/veinmind-tools
- Awesome Container Escape: 容器逃逸 https://github.com/brant-ruan/awesome-container-escape
- KubeHound: 识别 Kubernetes 集群攻击路径 https://github.com/DataDog/KubeHound
[wxappUnpacker: 小程序解包 https://github.com/xuedingmiaojun/wxappUnpacker]- CrackMinApp: 反编译微信小程序 https://github.com/Cherrison/CrackMinApp
- API-Explorer: 公众号/小程序/企业微信 ak/sk https://github.com/mrknow001/API-Explorer
- AppInfoScanner: 移动端信息收集 https://github.com/kelvinBen/AppInfoScanner
- Apktool: Android apk逆向 https://github.com/iBotPeaches/Apktool
- wx_sessionkey_decrypt: wechat SessionKey加解密 https://github.com/mrknow001/wx_sessionkey_decrypt
- BurpAppletPentester: SessionKey解密插件 https://github.com/mrknow001/BurpAppletPentester
- NICE TOOLS:
- OpenArk: Anti-Rootkit 工具集 https://github.com/BlackINT3/OpenArk
- 逆向分析工具集: https://pythonarsenal.com/
- ELF/EXE:
- IDA: https://hex-rays.com/ida-pro/
- x64DBG: https://x64dbg.com/
- Ollydbg: https://www.ollydbg.de/
- ExeinfoPE: https://github.com/ExeinfoASL/ASL
- PEiD: https://www.aldeid.com/wiki/PEiD
- UPX: https://github.com/upx/upx
- Java:
- Python:
- Py2exe: Python打包工具 https://www.py2exe.org/
- PyInstaller: Python打包工具 https://github.com/pyinstaller/pyinstaller
- unpy2exe: py2exe 打包程序中提取 .pyc https://github.com/matiasb/unpy2exe
- pyinstxtractor: pyInstaller 打包程序中提取 .pyc https://github.com/extremecoders-re/pyinstxtractor
- uncompyle6: 字节码文件(.pyc)反编译为源代码(.py) https://github.com/rocky/python-uncompyle6/
- Rust:
- Go:
- golang_loader_assist: https://github.com/strazzere/golang_loader_assist
- IDAGolangHelper: https://github.com/sibears/IDAGolangHelper
- .NET:
- oh my zsh: 命令行工具集 https://github.com/ohmyzsh/ohmyzsh
- clink: cmd.exe 加强版补全、历史记录和行编辑 https://github.com/chrisant996/clink
- tabby: 高度可配置终端 https://github.com/Eugeny/tabby
- anew: 命令行工具 文件合并去重 https://github.com/tomnomnom/anew
- The art of command line: 快速掌握命令行 https://github.com/jlevy/the-art-of-command-line
- Linux命令行提示工具:
- Explain Shell: Shell命令解析 https://explainshell.com/
- ripgrep: 大文本快速检索 https://github.com/BurntSushi/ripgrep
- Proxy SwitchyOmega: 快速切换代理 https://github.com/FelisCatus/SwitchyOmega
- serp-analyzer: 识别域名/IP信息 https://leadscloud.github.io/serp-analyzer/
- FindSomething: 在网页的源代码或js中寻找有用信息 https://github.com/ResidualLaugh/FindSomething
- Hack Bar: 渗透神器No.1 https://github.com/0140454/hackbar
- Wappalyzer: 识别网站技术/框架/语言 https://www.wappalyzer.com/
- EditThisCookie: 修改Cookie https://www.editthiscookie.com/
- Disable JavaScript: 禁用JavaScript绕过弹窗 https://github.com/dpacassi/disable-javascript
- Heimdallr: 被动监听的谷歌插件,用于高危指纹识别、蜜罐特征告警和拦截、机器特征对抗 https://github.com/Ghr07h/Heimdallr
- anti-honeypot: 蜜罐识别 https://github.com/cnrstar/anti-honeypot
- immersive-translate: 翻译插件 https://github.com/immersive-translate/immersive-translate/
- relingo: 翻译插件 https://cn.relingo.net/en/
- json-formatter: Json格式化插件 https://github.com/callumlocke/json-formatter
- markdown-viewer: 在浏览器查看markdown文档 https://github.com/simov/markdown-viewer
- f8x: 红/蓝队环境自动化部署工具 https://github.com/ffffffff0x/f8x
- cloudreve: 私有云盘部署 https://github.com/cloudreve/Cloudreve
- updog: uploading and downloading via HTTP/S 文件传输 https://github.com/sc0tfree/updog
- 创建alias.bat,实现查看md文档、运行exe程序、激活conda环境等功能。文件内容示例:
@echo off
: : Tips
@DOSKEY httpcode=type "D: \HackTools\Tips\http_status_code.md"
: : Software
@DOSKEY ida64=activate base$t"D: \Software\CTFTools\Cracking\IDA_7.7\ida64.exe"
: : Tools
@DOSKEY fscan=cd /d D: \Software\HackTools\fscan$tactivate security$tdir
- 注册表打开
计算机\HKEY_CURRENT_USER\Software\Microsoft\Command Processor
。 - 创建字符串值
autorun
,赋值为alias.bat所在位置,例如D: \Software\alias.bat
。 - 双击alias.bat运行,重启cmd。
- run.bat
call D: \YOUR_PATH\Anaconda\Scripts\activate.bat D: \YOUR_PATH\Anaconda\
call conda activate YOUR_ENV
cd D: \YOUR_WORKDIR
python YOUR_PYTHON_FILE.py
pause
- 安装tabby: https://github.com/Eugeny/tabby
- 可以通过tabby实现自定义shell配置,包括但不限于:
- vps ssh/ftp/sftp
- 自动补全命令(clink)
- 快速打开工作区
- 存储输出日志
- ...
- 注册表打开
计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor
。 - 创建字符串值
autorun
,赋值为chcp 65001
。