红日攻防实验室

红日攻防实验室



渗透测试工具实战

post-bg-nextgen-web-pwa1.jpg

渗透测试专用扫描器

https://github.com/blackye/Jenkins (Jenkins漏洞探测、用户抓取爆破)

https://github.com/code-scan/dzscan (discuz扫描)

https://github.com/chuhades/CMS-Exploit-Framework (CMS攻击框架)

https://github.com/lijiejie/IISshortnameScanner (an IIS shortname Scanner)

https://github.com/riusksk/FlashScanner (flashxss扫描)

https://github.com/coffeehb/SSTIF (一个Fuzzing服务器端模板注入漏洞的半自动化工具)

https://github.com/epinna/tplmap (服务器端模板注入漏洞检测与利用工具)

https://github.com/cr0hn/dockerscan (docker扫描工具)

https://github.com/m4ll0k/WPSeku (一款精简的wordpress扫描工具)

无线网络扫描器 https://github.com/savio-code/fern-wifi-cracker/ (无线安全审计工具)

https://github.com/m4n3dw0lf/PytheM (Python网络/渗透测试工具)

https://github.com/P0cL4bs/WiFi-Pumpkin (无线安全渗透测试套件)

代码扫描器 https://github.com/wufeifei/cobra (白盒代码安全审计系统)

https://github.com/OneSourceCat/phpvulhunter (静态php代码审计)

https://github.com/Qihoo360/phptrace (跟踪、分析PHP运行情况的工具)

https://github.com/ajinabraham/NodeJsScan (NodeJS应用代码审计)

集成扫描器 https://github.com/az0ne/AZScanner (自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测)

https://github.com/blackye/lalascan (集合owasp top10漏洞扫描和边界资产发现能力的分布式web漏洞扫描框架)

https://github.com/blackye/BkScanner (BkScanner 分布式、插件化web漏洞扫描器)

https://github.com/ysrc/GourdScanV2 (被动式漏洞扫描)

https://github.com/alpha1e0/pentestdb (WEB渗透测试数据库)

https://github.com/netxfly/passive_scan (基于http代理的web漏洞扫描器)

https://github.com/1N3/Sn1per (自动化扫描器,包括中间件扫描以及设备指纹识别)

https://github.com/RASSec/pentestEr_Fully-automatic-scanner (定向全自动化渗透测试工具)

https://github.com/3xp10it/3xp10it (自动化渗透测试框架)

https://github.com/Lcys/lcyscan (扫描效果未验证)

https://github.com/Xyntax/POC-T (渗透测试插件化并发框架)

https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns) https://github.com/Skycrab/leakScan (web端的在线漏洞扫描)

https://github.com/zhangzhenfeng/AnyScan (又一款自动化渗透测试框架)

https://github.com/brianwrf/NagaScan (又一款自动化渗透测试框架)

高级持续性威胁(APT)

https://github.com/Neo23x0/Loki (一款APT入侵痕迹扫描器) 工控安全 https://github.com/w3h/icsmaster/tree/master/nse (ICS设备nmap扫描脚本)

Blackhat 2017 安全工具集:

Android, iOS and Mobile Hacking Android Tamer https://github.com/AndroidTamer

DiffDroid https://github.com/antojoseph/diff-droid

Kwetza https://github.com/sensepost/kwetza

Needle https://github.com/mwrlabs/needle

NoPE Proxy (Non-HTTP Proxy Extension) https://github.com/summitt/Burp-Non-HTTP-Extension

Code Assessment Puma Scan https://github.com/pumasecurity/puma-scan

Tintorera: Source Code Intelligence (Code not yet uploaded) https://github.com/vulnex/Tintorera

Cryptography Hashview https://github.com/hashview/hashview

Gibber Sense https://github.com/smxlabs/gibbersense

Data Forensics and Incident Response PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrieval https://github.com/dirtbags/pcapdb

SCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System https://github.com/sandialabs/scot

Security Monkey https://github.com/Netflix/security_monkey

ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWS https://github.com/ThreatResponse

Yalda — Automated Bulk Intelligence Collection (Code not yet uploaded) https://github.com/gitaziabari/Yalda

Exploitation and Ethical Hacking AVET — AntiVirus Evasion Tool https://github.com/govolution/avet

GDB Enhanced Features (GEF) https://github.com/hugsy/gef

Leviathan Framework https://github.com/leviathan-framework/leviathan

MailSniper https://github.com/dafthack/MailSniper

Seth https://github.com/SySS-Research/Seth

Hardware/Embedded ChipWhisperer https://github.com/newaetech/chipwhisperer

DYODE, a DIY, Low-Cost Data Diode for ICS https://github.com/arnaudsoullie/dyode

FTW: Framework for Testing WAFs https://github.com/fastly/ftw

The Bicho: An Advanced Car Backdoor Maker https://github.com/UnaPibaGeek/CBM

Internet of Things Hacker Mode https://github.com/xssninja/Alexa-Hacker-Mode

Universal Radio Hacker: Investigate Wireless Protocols Like a Boss https://github.com/jopohl/urh

Malware Defense Aktaion v2 — Open Source Machine Learning and Active Defense Tool https://github.com/jzadeh/Aktaion

Cuckoo Sandbox https://github.com/cuckoosandbox/cuckoo

LimaCharlie https://github.com/refractionPOINT/limacharlie

Malboxes https://github.com/GoSecure/malboxes

Network Attacks BloodHound 1.3 https://github.com/BloodHoundAD/BloodHound

CrackMapExec v4 https://github.com/byt3bl33d3r/CrackMapExec

DELTA: SDN Security Evaluation Framework https://github.com/OpenNetworkingFoundation/DELTA

eaphammer https://github.com/s0lst1c3/eaphammer

gr-lora: An Open-Source SDR Implementation of the LoRa PHY https://github.com/BastilleResearch/gr-lora

Yasuo https://github.com/0xsauby/yasuo

Network Defense Assimilator https://github.com/videlanicolas/assimilator

Noddos https://github.com/noddos/noddos

SITCH: Distributed, Coordinated GSM Counter-Surveillance https://github.com/sitch-io/sensor

Sweet Security https://github.com/TravisFSmith/SweetSecurity

OSINT — Open Source Intelligence Datasploit — Automated Open Source Intelligence (OSINT) Tool https://github.com/DataSploit/datasploit

Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting https://github.com/dradis/dradis-ce

OSRFramework: Open Sources Research Framework https://github.com/i3visio/osrframework

Reverse Engineering BinGrep https://github.com/m4b/bingrep

Vulnerability Assessment Aardvark and Repokid https://github.com/square/Aardvark SERPI

 标签: none

作者  :  redBu11



关于我

about me

redBu11

联系我