01
介绍
项目内包含工具涉及类别:漏洞利用工具、代审辅助、漏洞利用、靶场环境项目地址列表、漏洞扫描/序列化、密码/隧道项目地址链接、免杀项目地址列表、内网项目地址链接、应急响应项目地址列表、木马查杀、中间件工具项目链接、字典/钓鱼/社工/爆破项目目地址链接、自动化/资产项目链接、子域名/目录/指纹地址。
02
各种工具
漏洞利用工具
https://github.com/SafeGroceryStore/MDUT
https://github.com/ktaranov/sqlserver-kit
https://github.com/blackarrowsec/mssqlproxy
https://github.com/yuyan-sec/RedisEXP
代审辅助
https://github.com/HXSecurity/DongTai
https://github.com/webraybtl/CodeQLpy
https://github.com/github/codeql
https://github.com/code-star/sbt-findsecbugs
https://github.com/Eugeny/tabby
https://github.com/ripsscanner/rips
https://github.com/nccgroup/VCG
https://github.com/PyCQA/bandit
https://github.com/zsdlove/Hades
漏洞利用
https://github.com/linshaoSec/SeeyonExploit-GUI
https://github.com/Summer177/seeyon_exp
https://github.com/xinyu2428/TDOA_RCE
https://github.com/dionach/CMSmap
https://github.com/attacker-codeninja/wprecon
https://github.com/wpscanteam/wpscan
https://github.com/n00py/WPForce
https://github.com/zangcc/Aazhen-RexHa
https://github.com/Lotus6/ThinkphpGUI
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools
https://github.com/lijiejie/swagger-exp
https://github.com/jayus0821/swagger-hack
https://github.com/wyzxxz/heapdump_tool
https://github.com/rtcatc/Packer-Fuzzer
https://github.com/0xHJK/dumpall
https://github.com/arthaud/git-dumper
https://github.com/obheda12/GitDorker
https://github.com/m4ll0k/SecretFinder.git
https://github.com/KathanP19/JSFScan.sh
https://github.com/Ice3man543/SubOver
靶场环境项目地址列表
https://vulfocus.cn/#/login
https://github.com/fofapro/vulfocus
https://hub.docker.com/u/vulfocus
https://github.com/vulhub/vulhub
https://github.com/VulnTotal-Team/IoT-vulhub
https://github.com/tangxiaofeng7/SecExample
https://github.com/cn-panda/logbackRceDemo
https://github.com/digininja/DVWA
https://github.com/shadforth/pentesterlab-bootcamp
https://pentesterlab.com/
https://github.com/ffffffff0x/f8x
https://github.com/MvsCode/frps-onekey
https://github.com/kitabisa/mubeng
https://github.com/akkuman/rotateproxy.git
云安全靶场:
github.com/HXSecurity/TerraformGoat/blob/main/README_CN.md
Web安全靶场:
dvwa:sourceforge.net/projects/dvwa.mirror/
bwapp:sourceforge.net/projects/bwapp/files/bee-box/
portswiger:portswigger.net/web-security/dashboard
vulhub:github.com/vulhub/vulhub
vulnhub:www.vulnhub.com
htb:www.hackthebox.com
漏洞扫描/序列化
https://github.com/hahwul/dalfox
https://github.com/Raghavd3v/CRLFsuite
https://github.com/chenjj/CORScanner
https://github.com/klsfct/getshell
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/vladko312/SSTImap
https://github.com/ksharinarayanan/SSRFire
https://github.com/mzfr/liffy
https://github.com/frohoff/ysoserial
https://github.com/k8gege/LadonGo
序列化
https://github.com/welk1n/JNDI-Injection-Exploit
https://github.com/WhiteHSBG/JNDIExploit
https://github.com/wyzxxz/jndi_tool
https://github.com/exp1orer/JNDI-Inject-Exploit
密码/隧道项目地址链接
密码
https://github.com/gentilkiwi/mimikatz
https://github.com/AlessandroZ/LaZagne
https://github.com/dzxs/Xdecrypt
https://github.com/hayasec/360SafeBrowsergetpass
https://github.com/attackercan/teamviewer-dumper
https://github.com/Jamesits/proxifier-profiles
https://github.com/fatedier/frp.git
隧道
https://github.com/fatedier/frp
https://github.com/ehang-io/nps
https://github.com/LeonardoNve/dns2proxy
https://github.com/qiuzi/dns2socks
https://github.com/rootkiter/Termite
https://github.com/bdamele/icmpsh
https://github.com/inconshreveable/ngrok
https://github.com/FunnyWolf/pystinger
https://github.com/snail007/goproxy
https://github.com/testxxxzzz/geacon_pro
https://github.com/darkr4y/geacon
https://github.com/t3l3machus/Villain
https://github.com/akkuman/rotateproxy
免杀项目地址列表
https://github.com/WangYihang/Platypus
https://github.com/sveinbjornt/Platypus
https://github.com/t3l3machus/Villain
https://github.com/BeichenDream/Godzilla
https://github.com/rebeyond/Behinder
https://github.com/AntSwordProject/antSword
https://github.com/AntSwordProject/AntSword-Loader
https://github.com/tennc/webshell
https://github.com/Chora10/Cknife
https://github.com/0x00007c00/JundeadShell
https://github.com/rebeyond/memShell
https://github.com/hosch3n/msmap
https://githhttps://github.com/1y0n/AV_Evasion_Tool
https://github.com/optiv/ScareCrowub.com/t3l3machus/hoaxshell
https://github.com/TryGOTry/CobaltStrike_Cat_4.5
https://github.com/TryGOTry/DogCs4.4
https://github.com/midisec/BypassAnti-Virus
https://github.com/PSPDFKit-labs/bypass
https://github.com/Uncodin/bypass
https://github.com/TideSec/BypassAntiVirus
https://github.com/alphaSeclab/anti-av
https://github.com/lengjibo/FourEye
https://github.com/1y0n/AV_Evasion_Tool
https://github.com/optiv/ScareCrow
https://github.com/CMEPW/BypassAV
https://github.com/mgeeky/ShellcodeFluctuation
https://github.com/Hzllaga/JsLoader
https://github.com/tokyoneon/Chimera
https://github.com/LandGrey/webshell-detect-bypass
https://github.com/AabyssZG/WebShell-Bypass-Guide
https://github.com/Tylous/Limelighter
https://github.com/TheWover/CertStealer
https://github.com/CCob/SharpBlock
内网项目
内网收集
https://github.com/shadow1ng/fscan
https://github.com/dwagon/Hostinfo
https://github.com/shmilylty/netspy
https://github.com/c1y2m3/ATAttack
域渗透
https://github.com/0x727/UserRegEnum_0x727
https://github.com/mscandev/mscan
https://github.com/BloodHoundAD/BloodHound
横向
https://github.com/shadow1ng/fscan
https://github.com/k8gege/Ladon
https://github.com/lcvvvv/kscan
https://github.com/QAX-A-Team/sharpwmi
https://github.com/pandasec888/taowu-cobalt-strike
https://github.com/d3ckx1/OLa
https://github.com/hzphreak/VMInjector
https://github.com/rootclay/WMIHACKER
权限维持
https://github.com/360-Linton-Lab/Telemetry
https://github.com/AV1080p/Schtasks-Backdoor
https://github.com/0x727/SchTask_0x727
https://github.com/Ivan1ee/NetDLLSpy
https://github.com/yanghaoi/CobaltStrike_CNA
提权
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/xkaneiki/CVE-2023-0386
https://github.com/aleenzz/MSSQL_SQL_BYPASS_WIKI
https://github.com/Ascotbe/Kernelhub
https://github.com/lyshark/Windows-exploits
https://github.com/SecWiki/macos-kernel-exploits
https://github.com/klsfct/getshell
应急响应项目
https://github.com/microsoft/WindowsProtocolTestSuites
https://github.com/hahwul/WebHackersWeapons
https://github.com/MountCloud/FireKylin
https://github.com/grayddq/GScan
https://github.com/evilsocket/uroboros
https://github.com/wgpsec/whohk
https://github.com/vxunderground/MalwareSourceCode
https://github.com/mtkirby/rootkitrecon
木马查杀
http://webshell.cdxy.me/
http://tools.bugscaner.com/killwebshell/
http://www.shelldetector.com/
https://github.com/chaitin/cloudwalker
https://n.shellpub.com/
windows版:
http://dl.shellpub.com/hm-ui/latest/HmSetup.zip?version=1.8.2
linux-amd64版:
http://dl.shellpub.com/hm/latest/hm-linux-amd64.tgz?version=1.8.2
linux-386版:
http://dl.shellpub.com/hm/latest/hm-linux-386.tgz?version=1.8.2
https://edr.sangfor.com.cn/api/download/WebShellKillerForLinux.tar.gz
http://www.d99net.net/
中间件工具项目
https://github.com/LittleBear4/OA-EXPTOOL
https://github.com/ExpLangcn/HVVExploitApply
https://github.com/SummerSec/SpringExploit
https://github.com/wyzxxz/shiro_rce_tool
https://github.com/SummerSec/ShiroAttack2
https://github.com/Maskhe/FastjsonScan
https://github.com/a1phaboy/FastjsonScan
https://github.com/MagicZer0/fastjson-rce-exploit
https://github.com/mrknow001/fastjson_rec_exploit
https://github.com/sp4zcmd/WeblogicExploit-GUI
https://github.com/0xn0ne/weblogicScanner
https://github.com/sv3nbeast/weblogic-framework
https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp
https://github.com/lp008/dubbo-exp
https://github.com/Accenture/jenkins-attack-framework
https://github.com/0x48piraj/jiraffe
https://github.com/xfiftyone/STS2G
https://github.com/HatBoy/Struts2-Scan
https://github.com/inbug-team/Log4j_RCE_Tool
https://github.com/fullhunt/log4j-scan
https://github.com/f0ng/log4j2burpscanner
https://github.com/jbaines-r7/through_the_wire
https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
https://github.com/Tas9er/YApiRCE.git
https://github.com/Schira4396/VcenterKiller
https://github.com/0x727/SpringBootExploit
字典/钓鱼/社工/爆破项目
https://github.com/Taonn/EmailAll
https://github.com/Josue87/EmailFinder
https://github.com/rm1984/IMAPLoginTester
https://github.com/gophish/gophish
https://github.com/gyxuehu/EwoMail
社工
https://github.com/D4Vinci/Cr3dOv3r
https://github.com/soxoj/maigret
https://github.com/n0tr00t/Sreg
https://github.com/famavott/osint-scraper
https://github.com/Ridter/Mailget
https://github.com/Mebus/cupp
字典
https://github.com/danielmiessler/SecLists
https://github.com/duyet/bruteforce-database
https://github.com/drtychai/wordlists
https://github.com/lutfumertceylan/top25-parameter
https://github.com/r35tart/RW_Password
https://github.com/ignis-sec/Pwdb-Public.git
爆破
https://github.com/i11us0ry/goon
自动化/资产项目地址
https://github.com/0x727/ShuiZe_0x727
https://github.com/yaklang/yakit
https://github.com/b0bac/ApolloScanner
https://github.com/lcvvvv/kscan
https://github.com/broken5/bscan
https://github.com/78778443/QingScan
https://github.com/ciscocsirt/GOSINT
https://github.com/P1-Team/AlliN
https://github.com/hanc00l/nemo_go
https://github.com/CTF-MissFeng/bayonet
https://github.com/r3curs1v3-pr0xy/vajra
https://github.com/six2dez/reconftw
https://github.com/yogeshojha/rengine
https://github.com/lz520520/railgun
https://github.com/Bywalks/DarkAngel
资产发现
https://hunter.qianxin.com/
https://ti.360.cn/
https://www.shodan.io/
https://en.fofa.info/
https://www.zoomeye.org/
https://github.com/knownsec/Kunyu
https://quake.360.net/quake/#/index
https://www.exploit-db.com/google-hacking-database
https://search.censys.io/
https://www.dnsdb.io/zh-cn/
https://github.com/six2dez/reconftw
https://github.com/TophantTechnology/ARL
https://github.com/wgpsec/ENScan
https://github.com/wgpsec/ENScan_GO
https://github.com/SiJiDo/IEyes
https://github.com/fengyuanchen/jquery-viewer
https://github.com/Kento-Sec/AsamF
https://github.com/reduxjs/redux-thunk
https://github.com/lc/gau
https://github.com/tomnomnom/waybackurls
https://github.com/TebbaaX/GRecon
https://github.com/awake1t/linglong
https://github.com/Laravel-Lang/lang
子域名/目录/指纹
子域名
https://github.com/knownsec/ksubdomain
https://github.com/boy-hack/ksubdomain
https://github.com/shmilylty/OneForAll
https://github.com/CTF-MissFeng/bayonet
https://github.com/projectdiscovery/subfinder
https://github.com/LangziFun/LangSrcCurise
https://github.com/aboul3la/Sublist3r
https://github.com/projectdiscovery/subfinder
https://github.com/yunxu1/dnsub
目录
https://github.com/maurosoria/dirsearch
https://github.com/epi052/feroxbuster
https://github.com/H4ckForJob/dirmap
https://github.com/deibit/cansina
https://github.com/H4ckForJob/dirmap
https://github.com/ReddyyZ/urlbrute
https://github.com/ReddyyZ/URLBrute-Py
https://github.com/foryujian/yjdirscan
https://github.com/hunyaio/yuhScan
https://github.com/pingc0y/URLFinder
https://github.com/jaeles-project/gospider
https://github.com/projectdiscovery/katana
https://github.com/devploit/dontgo403
指纹
https://github.com/EdgeSecurityTeam/EHole
https://github.com/ShiHuang-ESec/EHole
https://github.com/wappalyzer/wappalyzer
https://github.com/b1ackc4t/14Finger
urbanadventurer/WhatWeb 城市冒险家/WhatWeb
https://github.com/fingerprintjs/fingerprintjs
https://github.com/EASY233/Finger
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
APP/小程序/端口扫描
https://github.com/ezshine/wxapkg-convertor
https://github.com/kelvinBen/AppInfoScanner
https://github.com/sulab999/AppMessenger
https://github.com/dwisiswant0/apkleaks
https://github.com/Anof-cyber/apkleaks
端口
https://github.com/projectdiscovery/naabu
https://github.com/4dogs-cn/TXPortMap
https://github.com/Adminisme/ServerScan
https://github.com/lcvvvv/gonmap
文章作者:x3t2con(如有侵权请联系删除)
文章来源:https://github.com/x3t2con/Rttools-2
我为大家整理了一份从入门到进阶的网络安全学习资料包,包含网安书籍、网安导图、网安工具等等,扫描下方二维码,备注【安全】免费领取
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...