[technical] Pentesting resources

栏目: 编程工具 · 发布时间: 7年前

Sites/Blogs/Forums/ReportPlatform

Tools - pentest env

Tools - Encode/Decode

Tools - Crypto

Tools - 域名/ip

Tools - XSS

  • XSStrike
    • XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
  • xsschef
    • a Chrome Extension Exploitation Framework
  • mosquito
    • XSS exploitation tool - access victims through HTTP proxy
  • xssfork
  • XSS 数据接收平台
  • ezXSS
    • ezXSS is an easy way to test (blind) XSS
  • 扫描
  • xss

Tools - 数据库扫描、注入工具 SQLi

  • 注入 工具 之王 sqlmap
  • NoSQLMap
  • SQLiScanner
    • 一款基于 SQLMAP 和 Charles 的被动 SQL 注入漏洞扫描工具
  • DSSS
    • 99 行代码实现的 sql 注入漏洞扫描器
  • Feigong
    • 针对各种情况自由变化的 MySQL 注入脚本
  • NoSQLAttack
    • 一款针对 mongoDB 的攻击工具
  • bbqsql
    • SQL 盲注利用框架
  • PowerUpSQL
    • 攻击 SQLSERVER 的 Powershell 脚本框架
  • whitewidow
    • 又一款数据库扫描器
  • mongoaudit
    • MongoDB审计及渗透工具
  • commix
    • 注入点命令执行利用工具
    • Short for command injection exploiter,web向命令注入检测工具
  • sqli-hunter
    • Web代理,通过加载sqlmap api进行sqli实时检测

Tools - 弱口令或信息泄漏扫描

  • awBruter
    • 千倍速一句话密码爆破工具
  • Cr3dOv3r
    • 根据邮箱自动搜索泄漏的密码信息,也可测试账户密码在各大网站能否登录的工具
  • x-crack
    • Weak password scanner, Support: FTP/SSH/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
  • htpwdScan
    • 一个简单的 HTTP 暴力破解、撞库攻击脚本
  • BBScan
    • 一个迷你的信息泄漏批量扫描脚本
  • GitHack
    • .git 文件夹泄漏利用工具
  • BScanner
    • 基于字典的目录扫描小工具
  • fenghuangscanner_v3
    • 各种端口及弱口令检测,作者 wilson9x1 ,原地址失效
  • F-Scrack
    • 对各类服务进行弱口令检测的脚本
  • cupp
    • 根据用户习惯生成弱口令探测字典脚本
  • genpAss
    • 中国特色的弱口令生成器
  • crack_ssh
    • go写的协程版的 ssh\redis\mongodb 弱口令破解工具
  • Sreg
    • 通过输入 email, phone, username 的返回用户注册的所有互联网护照信息
  • GitPrey
    • GitHub 敏感信息扫描工具
  • gitscan
    • Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信
  • truffleHog
    • GitHub 敏感信息扫描工具,包括检测 commit 等
  • GitHarvester
    • github Repo信息搜集工具
  • gitleaks
    • Searches full repo history for secrets and keys
  • x-patrol
    • github泄露扫描系统
  • pydictor
    • 暴力破解字典建立工具
  • Blasting_dictionary
    • 密码字典
  • xxe-recursive-download
    • xxe 漏洞递归下载工具
  • xlog
    • web日志扫描工具

Tools - 端口扫描、指纹识别以及中间件扫描

  • Nmap - 端口扫描器之王 - https://svn.nmap.org/
  • anoNmap
    • anoNmap is a port scanner which utilizes Facebook’s XSPA vulnerability to perform anonymous port scans
  • wyportmap
    • 目标端口扫描+系统服务指纹识别
  • weakfilescan
    • 动态多线程敏感信息泄露检测工具
  • getcms
    • A cms discover recognize tool in python
  • wafw00f
    • WAF 产品指纹识别
  • wafid
    • Wafid identify and fingerprint Web Application Firewall (WAF) products.
  • sslscan
    • ssl 类型识别
  • whatweb
    • web 指纹识别
  • FingerPrint
    • web 应用指纹识别
  • Scan-T
    • 网络爬虫式指纹识别
  • Nscan
    • a fast Network scanner inspired by Masscan and Zmap
  • F-NAScan
    • 网络资产信息扫描, ICMP 存活探测,端口扫描,端口指纹服务识别
  • F-MiddlewareScan
    • 中间件扫描
  • dirsearch
    • Web path scanner
  • bannerscan
    • C 段 Banner 与路径扫描
  • RASscan
    • 端口服务扫描
  • bypass_waf
    • waf 自动暴破
  • WAFNinja
    • 自动化绕过WAF脚本
  • xcdn
    • 尝试找出 cdn 背后的真实 ip
  • BingC
    • 基于 Bing 搜索引擎的 C 段/旁站查询,多线程,支持 API
  • DirBrute
    • 多线程 WEB 目录爆破工具
  • httpscan
    • 一个爬虫式的网段 Web 主机发现小工具
  • doom
    • thorn 上实现的分布式任务分发的ip端口漏洞扫描器
  • grab.js
    • 类似 zgrab 的快速 TCP 指纹抓取解析工具,支持更多协议
  • whichCDN
    • CDN 识别、检测
  • bcrpscan
    • 基于爬虫的web路径扫描器
  • Breacher
    • An admin panel finder script written in python.
  • DirBrute
    • 多线程WEB目录爆破工具

Tools - 内网安全渗透测试

  • VulScritp
    • 企业内网渗透脚本,包括 banner 扫描、端口扫描;各种通用漏洞利用等
  • VulScritp
    • 内网渗透脚本
  • network_backdoor_scanner
    • 基于网络流量的内网探测框架
  • WebRtcXSS
    • 自动化利用 XSS 入侵内网
  • mimikatz
    • windows渗透神器
  • PowerSploit
    • Powershell渗透库合集
  • PowerShell
    • Powershell tools合集
  • p0wnedShell
    • PowerShell Runspace Post Exploitation Toolkit
  • hunter
    • 调用 Windows API 枚举用户登录信息
  • LaZagne
    • 本机密码查看提取工具
  • mimipenguin
    • linux 密码抓取神器
  • johnny
    • 密码破解工具
  • LaZagne
    • 本地存储的各类密码提取利器
  • icebreaker
    • 在内网环境下自动化攻击活动目录的工具
  • Powershell-RAT
    • Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

Tools - 针对性漏洞测试工具

  • weblogic_unserialize_exploit
    • java反序列化漏洞的weblogic exploit命令回显exp
  • cmsPoc
    • phpcmsv9.6.0 wap模块 sql注入 获取passwd
    • icmsv7.0.1 admincp.php sql注入 后台任意登陆
  • hackUtils
    • 渗透以及 web 攻击脚本
    • java 反序列化利用工具集
  • ysoserial
    • java 反序列化利用工具
  • Jenkins
    • Jenkins 漏洞探测、用户抓取爆破
  • dzscan
    • discuz 漏洞扫描
  • CMS-Exploit-Framework
    • CMS 攻击框架
  • IIS_shortname_Scanner
    • IIS 短文件名漏洞扫描
  • FlashScanner
    • flashxss 扫描
  • SSTIF
    • 服务器端模板注入漏洞的半自动化工具
  • tplmap
    • 服务器端模板注入漏洞检测与利用工具
  • dockerscan
    • docker 扫描工具
  • break-fast-serial
    • 借助 DNS 解析来检测 Java 反序列化漏洞工具
  • dirtycow.github.io
    • 脏牛提权漏洞 exp
  • a2sv
    • Auto Scanning to SSL Vulnerability
  • msdat
    • MSDAT: Microsoft SQL Database Attacking Tool
  • xxegen
    • xxe 在线生成利用工具
  • DSXS
    • Damn Small XSS Scanner (DSXS)
    • a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

Tools - 代码静态扫描、代码运行栈跟踪

Tools - fuzz

Tools - 漏洞利用及攻击框架

Tools - 模块化扫描、综合扫描器

  • nmap-vulners
    • NSE script using some well-known service to provide info on vulnerabilities
    • 为Nmap添砖加瓦
  • vulners-scanner
    • Vulnerability scanner based on vulners.com audit API https://vulners.com
  • V3n0M-Scanner
    • Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • BlackWidow
    • 基于 Python 实现的 Web 爬虫, 用于收集目标网站的情报信息并对 OWASP 漏洞进行模糊测试
  • w8scan
    • 一款模仿bugscan的漏洞扫描器
  • whitewidow
    • SQL Vulnerability Scanner
  • CMSmap
  • AngelSword
    • Python3编写的CMS漏洞检测框架
  • Luna
    • 一款开源的自动化web漏洞扫描工具
  • Zeus-Scanner
  • passive_scan
  • S7scan
  • Striker
  • xunfeng
    • 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
  • ZeroExploit
    • 前后端结合检测
  • ark
    • 分布式扫描框架
  • ReconDog
  • http://www.arachni-scanner.com
  • AZScanner
    • 自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测
  • lalascan
    • 分布式web漏洞扫描框架,集合 owasp top10 漏洞扫描和边界资产发现能力
  • BkScanner
    • BkScanner 分布式、插件化 web 漏洞扫描器
  • GourdScanV2
    • 被动式漏洞扫描
  • pentestdb
    • WEB 渗透测试数据库
  • passive_scan
    • 基于 http 代理的 web 漏洞扫描器
  • Sn1per
    • 自动化扫描器,包括中间件扫描以及设备指纹识别
  • pentestEr_Fully-automatic-scanner
    • 定向全自动化渗透测试工具
  • 3xp10it
    • 自动化渗透测试框架
  • lcyscan
    • 扫描效果未验证
  • POC-T
    • 渗透测试插件化并发框架
  • V3n0M-Scanner
    • Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns
  • leakScan
    • web端的在线漏洞扫描
  • AnyScan
    • 开发中…
  • Hscan-Win-Gui
  • DorkNet
    • Selenium powered Python script to automate searching for vulnerable web apps.
  • AutoSploit
    • Automated Mass Exploiter
  • w9scan
    • 一款全能型的网站漏洞扫描器,借鉴了各位前辈的优秀代码。内置1200+插件可对网站进行一次规模的检测,功能包括但不限于web指纹检测、端口指纹检测、网站结构分析、各种流行的漏洞检测、爬虫以及SQL注入检测、XSS检测等等,w9scan会自动生成精美HTML格式结果报告。
  • Scanners-Box
    • The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑
  • HUNT
    • Identify common parameters vulnerable to certain vulnerability classes

Tools - Shell

  • webshell
  • Cknife
  • 中国蚁剑
  • PyShell
    • python 后门程序
  • PyCmd
    • python+php+jsp WebShell(一句话木马)
    • 详细参考: thief.one
  • hackUtils
    • 渗透以及 web 攻击脚本
  • phpsploit
    • PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
  • hack_tools_for_me
    • web渗透小工具大合集
  • p0wnedShell
    • 不依赖 powershell.exe 执行 PowerShell 脚本代码的环境

Tools - 无线 wifi /IoT

Tools - 企业网络自检

  • LNScan
    • 详细的内部网络信息扫描器
  • LocalNetworkScanner
    • javascript实现的本地网络扫描器
  • xunfeng
    • 网络资产识别引擎,漏洞检测引擎
  • theHarvester
    • 企业被搜索引擎收录敏感资产信息监控脚本:员工邮箱、子域名、Hosts
  • Multisearch-v2
    • 搜索引擎聚合搜索,可用于发现企业被搜索引擎收录的敏感资产信息

Tools - EXP编写框架及工具

  • rop-tool
    • 二进制EXP编写工具
  • pwntools
    • CTF Pwn 类题目脚本编写框架
  • zio
    • an easy-to-use io library for pwning development
  • frida
    • 跨平台注入工具
    • Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
  • Sickle
    • Shellcode development tool
  • radare2
    • unix-like reverse engineering framework and commandline tools
  • CHAOS
    • CHAOS allow generate payloads and control remote Windows systems.

Tools - MIM & phishing

  • MIM 中间人攻击框架
    • https://github.com/secretsquirrel/the-backdoor-factory
    • https://github.com/secretsquirrel/BDFProxy
    • https://github.com/byt3bl33d3r/MITMf
  • mallory
    • 可扩展的中间人代理工具
  • LANs.py
    • Inject code, jam wifi, and spy on wifi users
  • wifiphisher
    • wifi钓鱼
  • PhishLulz
    • a Ruby toolset aimed at automating Phishing activities
  • mitmproxy
    • An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Tools - Defense

  • Malware analysts and reverse-engineering env
  • webshell 检测以及病毒分析工具
  • 二进制及代码分析工具
    • binwalk
    • binmap
      • 系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息
    • rp
      • rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn’t support the FAT binaries) x86/x64 binaries.
    • badger
      • Windows Exploit Development工具
    • amoco
      • 二进制静态分析工具(python)
    • peda
      • Python Exploit Development Assistance for GDB
    • billgates-botnet-tracker
      • 对BillGates Linux Botnet系木马活动的监控工具
    • RATDecoders
      • 木马配置参数提取工具
    • angr
      • Shellphish编写的二进制分析工具(CTF向)
    • pysonar2
      • 针对python的静态代码分析工具
    • shellcheck
      • 一个自动化的脚本(shell)分析工具,用来给出警告和建议
    • etacsufbo
      • 基于AST变换的简易Javascript反混淆辅助工具
  • waf 开源及规则
  • DDOS 防护
  • Database firewall
  • yulong-hids
    • 驭龙 HIDS - 一款由 YSRC 开发的主机入侵检测系统

Tools - Mining

Tools - Miscellaneous

Tools - CTF tools

  • Miscellaneous
  • Attacks
    • Bettercap - Framework to perform MITM (Man in the Middle) attacks.
    • Layer 2 attacks - Attack various protocols on layer 2
  • Crypto
    • FeatherDuster - An automated, modular cryptanalysis tool
    • PkCrack - A tool for Breaking PkZip-encryption
    • RSATool - Generate private key with knowledge of p and q
    • XORTool - A tool to analyze multi-byte xor cipher
  • Bruteforcers
    • Hashcat - Password Cracker
    • John The Jumbo - Community enhanced version of John the Ripper
    • John The Ripper - Password Cracker
    • Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
    • Ophcrack - Windows password cracker based on rainbow tables.
    • Patator - Patator is a multi-purpose brute-forcer, with a modular design.
  • Exploits
    • DLLInjector - Inject dlls in processes
    • libformatstr - Simplify format string exploitation.
    • Metasploit - Penetration testing software
    • one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call
      • gem install one_gadget
    • Pwntools - CTF Framework for writing exploits
    • Qira - QEMU Interactive Runtime Analyser
    • ROP Gadget - Framework for ROP exploitation
    • V0lt - Security CTF Toolkit
  • Forensics
  • Networking
    • Masscan - Mass IP port scanner, TCP port scanner
    • Nipe - Nipe is a script to make Tor Network your default gateway.
    • Nmap - open source utility for network discovery and security auditing
    • Wireshark - Analyze the network dumps
      • apt-get install wireshark
    • Zmap - an open-source network scanner
  • Reversing
    • Androguard - Reverse engineer Android applications
    • Angr - platform-agnostic binary analysis framework
    • Apk2Gold - Yet another Android decompiler
    • ApkTool - Android Decompiler
    • Barf - Binary Analysis and Reverse engineering Framework
    • Binary Ninja - Binary analysis framework
    • BinUtils - Collection of binary tools
    • BinWalk - Analyze, reverse engineer, and extract firmware images.
    • Boomerang - Decompile x86 binaries to C
    • ctf_import – run basic functions from stripped binaries cross platform
    • GDB - The GNU project debugger
    • GEF - GDB plugin
    • Hopper - Reverse engineering tool (disassembler) for OSX and Linux
    • IDA Pro - Most used Reversing software
    • Jadx - Decompile Android files
    • Java Decompilers - An online decompiler for Java and Android APKs
    • Krakatau - Java decompiler and disassembler
    • PEDA - GDB plugin (only python2.7)
    • Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
    • Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
    • radare2 - A portable reversing framework
    • Uncompyle - Decompile Python 2.7 binaries (.pyc)
    • WinDbg - Windows debugger distributed by Microsoft
    • Z3 - a theorem prover from Microsoft Research
    • Detox - A Javascript malware analysis tool
    • Revelo - Analyze obfuscated Javascript code
    • RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
    • Swftools - Collection of utilities to work with SWF files
    • Xxxswf - A Python script for analyzing Flash files.
  • Services
    • CSWSH - Cross-Site WebSocket Hijacking Tester
    • Request Bin - Lets you inspect http requests to a particular url
  • Steganography
    • Convert - Convert images b/w formats and apply filters
    • Exif - Shows EXIF information in JPEG files
    • Exiftool - Read and write meta information in files
    • Exiv2 - Image metadata manipulation tool
    • ImageMagick - Tool for manipulating images
    • Outguess - Universal steganographic tool
    • Pngtools - For various analysis related to PNGs
      • apt-get install pngtools
    • SmartDeblur - Used to deblur and fix defocused images
    • Steganabara - Tool for stegano analysis written in Java
    • Stegbreak - Launches brute-force dictionary attacks on JPG image
    • Steghide - Hide data in various kind of images
    • Stegsolve - Apply various steganography techniques to images
  • Web
    • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
    • Hackbar - Firefox addon for easy web exploitation
    • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
    • Postman - Add on for chrome for debugging network requests
    • SQLMap - Automatic SQL injection and database takeover tooli
    • W3af - Web Application Attack and Audit Framework.
    • XSSer - Automated XSS testor
    • WhatWaf

Learning - Web application pentesting

Learning - Binary and memory exploitation

Learning - Windows and Linux Privilege Escalation


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

码农书籍
Learn Python the Hard Way

Learn Python the Hard Way

Zed A. Shaw / Addison-Wesley Professional / 2013-10-11 / USD 39.99

Master Python and become a programmer-even if you never thought you could! This breakthrough book and CD can help practically anyone get started in programming. It's called "The Hard Way," but it's re......一起来看看 《Learn Python the Hard Way》 这本书的介绍吧!

码农工具
JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

MD5 加密
MD5 加密

MD5 加密工具

Markdown 在线编辑器
Markdown 在线编辑器

Markdown 在线编辑器

  • New
  • 文章
  • 话题
  • 教程
    • 关注 码农网 公众号
    版权所有,保留一切权利!© 2018-2026 码农网 粤ICP备17054400号-3