Skip to content

Latest commit

 

History

History
455 lines (300 loc) · 14.6 KB

PenetrationTest.md

File metadata and controls

455 lines (300 loc) · 14.6 KB

渗透测试

Black Hat Arsenal 官方工具仓库 https://github.com/toolswatch/blackhat-arsenal-tools

windows渗透工具集合 https://github.com/Hack-with-Github/Windows

windows最佳渗透指南 https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References

从内存中提取敏感信息的工具 https://github.com/putterpanda/mimikittenz

fireeye红军渗透工具

https://github.com/Raikia/CredNinja

https://github.com/ChrisTruncer/WMIOps

https://github.com/ChrisTruncer/EyeWitness

https://github.com/ChrisTruncer/Egress-Assess

windows渗透神器 https://github.com/gentilkiwi/mimikatz

在线渗透测试资源、Shellcode开发、开源情报资源、社会工程资源等 https://github.com/enaqx/awesome-pentest

frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。 https://github.com/fatedier/frp

hideNsneak: 临时渗透测试架构明亮行 https://github.com/rmikehodges/hideNsneak

Powershell渗透库合集 https://github.com/PowerShellMafia/PowerSploit

Powershell tools合集 https://github.com/clymb3r/PowerShell

资产狩猎框架-AssetsHunter,信息收集是一项艺术~ https://github.com/rabbitmask/AssetsHunter

Nishang PowerShell下脚本和渗透和POC框架和集合,Nishang在渗透测试的所有阶段都非常有用。 https://github.com/samratashok/nishang

MSF--最强大的渗透平台 https://github.com/rapid7/metasploit-framework

Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 https://github.com/erevus-cn/pocscan

Pocsuite -开源的远程漏洞测试框架 https://github.com/knownsec/Pocsuite

fsociety黑客工具集——渗透测试框架 https://github.com/Manisso/fsociety

YAWAST Web应用安全套件 https://github.com/adamcaudill/yawast

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities https://github.com/JuxhinDB/OOB-Server

Beebeeto是由众多安全研究人员所共同维护的一个规范化POC/EXP平台 https://github.com/n0tr00t/Beebeeto-framework

cloudflare基于nmap打包的一个轻量漏洞扫描系统 https://github.com/cloudflare/flan

一个用Node.js编写的Web安全测试框架 https://github.com/zhuyingda/veneno

Orc is a post-exploitation framework for Linux written in Bash https://github.com/zMarch/Orc

常见的渗透测试/安全Cheatsheet https://github.com/jshaw87/Cheatsheets

渗透脚本集合包括backdoor,exploit,fuzzing,note,misc,powershell https://github.com/Ridter/Pentest

消息队列和中间人注入工具,可以用于攻击 Redis, RabbitMQ和ZeroMQ。 https://github.com/cr0hn/enteletaor

WPA2 KRACK攻击验证脚本集 https://github.com/vanhoefm/krackattacks-scripts

越过(WAF)和 XSS过滤的pyton脚本集 https://github.com/frizb/Bypassing-Web-Application-Firewalls

渗透测试用到的东东 https://github.com/ring04h/pentest

DNS rebinding toolkit https://github.com/makuga01/dnsFookup

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. https://github.com/SolomonSklash/chomp-scan

Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications https://github.com/rapid7/hackazon

MSTG-手机应用安全开发、测试、反向工程详细手册。 https://github.com/OWASP/owasp-mstg

Venom是一款为渗透测试人员设计的使用Go开发的多级代理工具 https://github.com/Dliv3/Venom

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting https://github.com/hahwul/WebHackersWeapons

Fuzz测试:

DotDotPwn - 目录遍历Fuzzer(http://dotdotpwn.blogspot.com/) https://github.com/wireghoul/dotdotpwn

FuzzLabs Fuzzing框架 https://dcnws.com https://github.com/keymandll/FuzzLabs

谷歌出品强大分析配置项目fuzzing组件 https://github.com/google/honggfuzz

谷歌fuzzing引擎测试集 https://github.com/google/fuzzer-test-suite

可扩展地Fuzzing框架 https://github.com/IOActive/XDiFF

Fuzzinator随机测试框架 https://github.com/renatahodovan/fuzzinator

各种fuzzing图书、课程、工具、教程和易受攻击应用集合 https://github.com/secfigo/Awesome-Fuzzing

Linux内核fuzzing和缺陷相关的资源 https://github.com/xairy/linux-kernel-exploitation

fuzzing框架 https://github.com/MozillaSecurity/peach

fuddly: fuzzing和数据处理框架 https://github.com/k0retux/fuddly

基础fuzzer工具 https://github.com/RootUp/BFuzz

Kitty fuzzing框架扩展库 https://github.com/cisco-sas/katnip

Fuzzer API接口,通过可以用通用的渗透技术和漏洞列表进行fuzz请求 https://github.com/lalithr95/API-fuzzer

Java的fuzz测试覆盖率指导 https://github.com/fuzzitdev/javafuzz

找出文件系统存存储的加密文件 https://github.com/antagon/TCHunt-ng

安卓媒体Fuzzing框架 https://github.com/fuzzing/MFFA

安卓fuzz工具 https://github.com/MindMac/IntentFuzzer

Fuzzing数据集 https://github.com/MozillaSecurity/fuzzdata

WebFuzz工具 https://github.com/xmendez/wfuzz

coverage guided fuzz testing for javascript https://github.com/fuzzitdev/jsfuzz

web fuzz https://github.com/henshin/filebuster

AFL的Android移植版本 https://github.com/ele7enxxh/android-afl

Fuzzing results for various interpreters. https://github.com/dyjakan/interpreter-bugs

Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem https://github.com/lalithr95/fuzzapi

Test Blue Team detections without running any attack. https://github.com/n0dec/MalwLess

bring your .bashrc, .vimrc, etc. with you when you ssh https://github.com/Russell91/sshrc

Chat over SSH https://github.com/shazow/ssh-chat

AFL—支持源码插桩的代码覆盖引导的Fuzzer,绝对是fuzzer领域的一大里程碑,虽然它也支持基于QEMU的闭源程序,但效果不好,且容易出错,由它衍生出来非常多afl分支版本,借助它已经被挖出非常多的漏洞,但它的变异策略其实有待提高。 http://lcamtuf.coredump.cx/afl/

WinAFL—windows版本的afl,使用DynamoRIO去插桩闭源程序以获取代码覆盖率信息,同时支持硬件PT获取覆盖率信息,但PT获取覆盖率其实并没有插桩获取得全,但速度可能会快一些。 https://github.com/googleprojectzero/winafl

AFLFast—加速版的AFL,Fuzzing速度确实会比原版快一些。 https://github.com/mboehme/aflfast

Vuzzer—支持闭源程序的覆盖引导Fuzzer,使用LibDFT的pin工具实现数据流追踪,结合动静态分析,以获取更多的代码路径,比如比较语句中的比较值,它会先作记录,再未来变异时使用。 https://github.com/vusec/vuzzer

PTfuzzer—Linux平台下的采用 Interl PT硬件支持的覆盖引导Fuzzer,所以它支持闭源程序。 https://github.com/hunter-ht-2018/ptfuzzer

afl-unicorn—采用Unicorn模拟指令的AFL,支持Linux闭源程序 https://github.com/tigerpuma/Afl_unicorn

pe-afl—通过静态插桩实现针对Windows闭源程序的覆盖引导的AFL Fuzzer,支持用户层应用和内核驱动 https://github.com/wmliang/pe-afl

kAFL—支持QEMU虚拟机下的系统内核Fuzzing的AFL,适用于Linux、macOS与Windows https://github.com/RUB-SysSec/kAFL/

TriforceAFL—基于QEMU全系统模拟的AFL,借助系统仿真器实现分支信息跟踪,支持Linux内核Fuzzing https://github.com/nccgroup/TriforceAFL

ClusterFuzzer—Google开源的可扩展的Fuzzing基础设施 https://github.com/google/clusterfuzz

LibFuzzer—进程内覆盖率引导的开源的fuzz引擎库,属于llvm的一部分,在各大主流开源库中,以及Google内部最经常用的安全测试工具 https://llvm.org/docs/LibFuzzer.html

OSS-Fuzz—基于LibFuzzer的开源软件Fuzzer集合,实现docker下自动下载、编译安装及运行 https://github.com/google/oss-fuzz

honggfuzz—Google开发的基于软硬件的覆盖驱动型Fuzzer,单纯暴力Fuzz的效果也挺好的,支持多平台,包括Linux\macOS\Windows\Android https://github.com/google/honggfuzz

KernelFuzzer—跨平台内核Fuzzer框架,不开源策略,只在其paper中提及变异策略,需要自己实现,支持Windows、OSX和QNX系统,但只提供Windows编译脚本 https://github.com/mwrlabs/KernelFuzzer

OSXFuzzer—基于Kernel Fuzzer的macOS内核Fuzzer https://github.com/mwrlabs/OSXFuzz.git

PassiveFuzzFrameworkOSX—通过Hook实现被动式的OSX内核Fuzzer https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX

Bochspwn—基于Boch插桩API实现Double Fetches内核漏洞的检测 https://github.com/googleprojectzero/bochspwn

Bochspwn-reloaded—基于Boch插桩API实现内核信息泄露的检测 https://github.com/googleprojectzero/bochspwn-reloaded

syzkaller—基于覆盖率引导的Linux内核Fuzzer,需要基于其模板语法实现API调用模板,提供给syzkaller进行数据变异,也曾被移植到其它平台 https://github.com/google/syzkaller

dharma—基于语法模板生成的Fuzzer,由Mozilla开源的用于Fuzz Firefox JS引擎 https://github.com/MozillaSecurity/dharma

domator—Project Zero团队开源的DOM Fuzzer,用python实现基于模板生成的Fuzzer https://github.com/googleprojectzero/domato

Fuzzilli—基于语法变异的JavaScript引擎Fuzzer,先通过语法模板生成测试用例,再生成中间语法进行变异,结合覆盖率引导以触发更多代码路径 https://github.com/googleprojectzero/fuzzilli

Razzer—内核竞争条件漏洞Fuzzer https://github.com/compsec-snu/razzer

ViridianFuzzer—用于Fuzzing Hyper-V hypercalls的内核驱动,由MWRLabs公司出品 https://github.com/mwrlabs/ViridianFuzzer

ChromeFuzzer—基于grinder语法生成器改装的Chrome浏览器Fuzzer https://github.com/demi6od/ChromeFuzzer

funfuzz—Mozilla开源的JS fuzzer工具集合,主要用于Fuzz SpiderMonkey https://github.com/MozillaSecurity/funfuzz

WEB渗透:

webshell大合集 https://github.com/tennc/webshell

渗透以及web攻击脚本 https://github.com/brianwrf/hackUtils

web渗透小工具大合集 https://github.com/rootphantomer/hack_tools_for_me

web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。 https://github.com/blackye/webdirdig

detectem - detect software and its version on websites. https://github.com/spectresearch/detectem

Hydra is a penetration testing tool exclusively focused on dictionary-attacking web-based login forms. https://github.com/opennota/hydra

数据库注入工具 https://github.com/sqlmapproject/sqlmap

通过控制台管理网站 https://github.com/WangYihang/Webshell-Sniper

SQLiScanner -- Automatic SQL injection with Charles and sqlmap api https://github.com/0xbug/SQLiScanner

Web代理,通过加载sqlmap api进行sqli实时检测 https://github.com/zt2/sqli-hunter

新版中国菜刀 https://github.com/Chora10/Cknife

.git泄露利用EXP https://github.com/lijiejie/GitHack

浏览器攻击框架 https://github.com/beefproject/beef

自动化绕过WAF脚本 https://github.com/khalilbijjou/WAFNinja

http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) https://github.com/jkbrzt/httpie

浏览器调试利器 https://github.com/firebug/firebug

WAF绕过检测工具 https://github.com/owtf/wafbypasser

浏览器攻击框架 https://github.com/julienbedard/browsersploit

web端webshell管理器 https://github.com/guillotines/WebShell

tomcat自动后门部署 https://github.com/mgeeky/tomcatWarDeployer

TomcatBrute tool https://github.com/WallbreakerTeam/TomcatBrute

通过调用sqlmap api,自动检测sqli的代理 https://github.com/fengxuangit/Fox-scan/

CMS探测和利用套件,能探测20多种cms,同时对wp,Joomla, Drupadl进行深度渗透 https://github.com/Tuhinshubhra/CMSeeK

免杀payload生成器 https://github.com/Veil-Framework/Veil-Evasion

用gmail充当C&C服务器的后门 https://github.com/byt3bl33d3r/gcat

burp教学payloads集合 https://github.com/1N3/IntruderPayloads

SQL盲注利用工具 https://github.com/Neohapsis/bbqsql

Script for doing evil stuff to Redis servers (for education purposes only). https://github.com/matiasinsaurralde/evilredis

dnscat2的Powershell客户端,加密的DNS命令和控制工具 https://github.com/lukebaggett/dnscat2-powershell

burp插件收集项目 https://github.com/xl7dev/BurpSuite/tree/master/Extender

Burp-Suite-collections:BurpSuite相关收集项目,插件主要是非BApp Store(商店) https://github.com/Mr-xn/BurpSuite-collections

一个用来辅助WP渗透测试的ruby框架 https://github.com/rastating/wordpress-exploit-framework/

.DS_store文件泄露利用脚本 https://github.com/lijiejie/ds_store_exp

Short for command injection exploiter,web向命令注入检测工具 https://github.com/stasinopoulos/commix

XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver

一个快速的TLS扫描器( non-blocking, event-driven ) https://prbinu.github.io/tls-scan https://github.com/prbinu/tls-scan

一个Python RESTful接口框架,用于提供在线恶意软件和URL分析服务 https://github.com/diogo-fernan/malsub

XSS与CSRF工具 https://github.com/evilcos/xssor

暴力攻击字典生成工具 https://github.com/LandGrey/pydictor

利用深度神经网络tensorflow 对14亿文本密码分析 https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis

ModSecurity—Web应用程序防火墙(支持nginx、iis、apache) https://github.com/SpiderLabs/ModSecurity

Astra:REST API的自动安全测试 https://github.com/flipkart-incubator/Astra

Burp Replicator:自动化复杂漏洞的复制 https://github.com/PortSwigger/replicator

OWASP进攻性Web测试框架 https://github.com/owtf/owtf

OWASP JoomScan项目 https://github.com/rezasp/joomscan

WSSAT Web服务安全评估工具 https://github.com/YalcinYolalan/WSSAT

中间人攻击

中间人攻击框架 https://github.com/secretsquirrel/the-backdoor-factory

https://github.com/secretsquirrel/BDFProxy

https://github.com/byt3bl33d3r/MITMf

代码注入,wifi jam以及wifi用户探测 https://github.com/DanMcInerney/LANs.py

可扩展的中间人代理工具 https://github.com/intrepidusgroup/mallory

wifi钓鱼 https://github.com/sophron/wifiphisher

XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver

XSS与CSRF工具 https://github.com/evilcos/xssor

Vegile - Ghost In The Shell 进程隐藏和防止被杀的工具 https://github.com/Screetsec/Vegile

暴力破解

密码破解工具 https://github.com/shinnok/johnny

本地存储的各类密码提取利器 https://github.com/AlessandroZ/LaZagne

HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan

超过80GB密码库总结出的字典项目 https://github.com/berzerk0/Probable-Wordlists