通用工具
工具类型 工具地址 更新时间
内网扫描 https://github.com/shadow1ng/fscan 2022-07-06
哥斯拉Webshell管理 https://github.com/BeichenDream/Godzilla 2021-11-01
ARL 资产侦察灯塔 https://github.com/TophantTechnology/ARL 2022-08-25
aliyun-accesskey-Tools https://github.com/mrknow001/aliyun-accesskey-Tools 2021-09-28
PEASS-ng 提权套装 https://github.com/carlospolop/PEASS-ng 2022-09-11
nuclei 漏洞扫描器 https://github.com/projectdiscovery/nuclei 2022-08-26
railgun 渗透集成化工具 https://github.com/lz520520/railgun 2022-08-22
YAKIT 网络安全单兵工具 https://github.com/yaklang/yakit 2022-09-16
EHole(棱洞)3.0 指纹探测工具 https://github.com/EdgeSecurityTeam/EHole 2021-06-23
EHole 魔改版 https://github.com/lemonlove7/EHole_magic 2023-06-12
Traitor 提权工具 https://github.com/liamg/traitor 2022-03-09
Stowaway 内网穿透 https://github.com/ph4ntonn/Stowaway 2022-04-08
CF 云环境利用框架 https://github.com/teamssix/cf 2022-09-07
Naabu 端口扫描 https://github.com/projectdiscovery/naabu 2022-07-31
HackBrowserData https://github.com/moonD4rk/HackBrowserData 2022-08-16
Malleable C2 Profiles https://github.com/xx0hcd/Malleable-C2-Profiles 2022-09-10
shuize(水泽) 信息收集 https://github.com/0x727/ShuiZe_0x727 2021-08-03
Cloud-Bucket-Leak-Detection-Tools https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools 2022-07-16
SharpHostInfo 内网主机探测 https://github.com/shmilylty/SharpHostInfo 2022-09-09
pocsuite3 https://github.com/knownsec/pocsuite3 2022-09-08
URLFinder https://github.com/pingc0y/URLFinder 2022-09-16
ALLiN 扫描工具 https://github.com/P1-Team/AlliN 2022-07-26
ihoneyBakFileScan 备份文件泄露扫描 https://github.com/VMsec/ihoneyBakFileScan_Modify 2022-09-15
spark(火花) 自动字典生成器 https://github.com/G0mini/spark 2022-09-13
Exphub 漏洞利用脚本 https://github.com/zhzyker/exphub 2021-04-04
EasyPen 综合利用工具 https://github.com/lijiejie/EasyPen 2022-09-16
Dog Tunnel(狗洞)端口映射工具 https://github.com/vzex/dog-tunnel 2020-05-22
frp 端口映射工具 https://github.com/fatedier/frp 2022-07-11
MYExploit 综合利用工具 https://github.com/achuna33/MYExploit 2022-09-20
dirsearch 目录扫描工具 https://github.com/maurosoria/dirsearch 2022-10-05
dirsearch 魔改版 https://github.com/lemonlove7/dirsearch_bypass403 2023-06-25
OneForAll 子域收集工具 https://github.com/shmilylty/OneForAll 2022-07-10
Cloud-Bucket-Leak-Detection-Tools 云储存利用工具 https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools 2022-07-16
ObserverWard 指纹识别工具 https://github.com/0x727/ObserverWard 2022-09-27
AtlasC2 C2框架Atlas https://github.com/Gr1mmie/AtlasC2 2022-04-05
Goblin 钓鱼演练工具 https://github.com/xiecat/goblin 2022-07-13
AsamF 资产收集工具 https://github.com/Kento-Sec/AsamF 2022-09-22
Httpx IP、Url批量存活探测 https://github.com/projectdiscovery/httpx 2022-08-01
Ghidra 软件逆向工程框架 https://github.com/NationalSecurityAgency/ghidra 2022-07-27
crack 弱口令爆破工具 https://github.com/niudaii/crack 2022-09-06
Empire 后开发框架 https://github.com/BC-SECURITY/Empire 2022-08-31
ksubdomain 子域名爆破工具 https://github.com/knownsec/ksubdomain 2021-01-12
scan4all 综合扫描 https://github.com/hktalent/scan4all 2022-10-15
Kscan 资产测绘工具 https://github.com/lcvvvv/kscan 2022-05-19
RedGuard C2流量前置工具 https://github.com/wikiZ/RedGuard 2022-08-04
VScan 漏洞扫描工具 https://github.com/veo/vscan 2022-06-23
pydictor 字典建立工具 https://github.com/LandGrey/pydictor 2017-12-20
AutoPWN Suite 漏扫利用工具 https://github.com/GamehunterKaan/AutoPWN-Suite 2022-09-09
CloudFlair 找CF真实IP工具 https://github.com/christophetd/CloudFlair 2021-12-08
feroxbuster 目录扫描工具 https://github.com/epi052/feroxbuster 2022-05-22
POC-bomber 漏洞检测/利用工具 https://github.com/tr0uble-mAker/POC-bomber 2022-09-13
iox 端口转发工具 https://github.com/EddieIvan01/iox 2020-09-22
f8x 一键环境搭建 https://github.com/ffffffff0x/f8x 2020-09-04
URL 搜集工具 https://github.com/lc/gau 2022-07-24
子域名发现工具 https://github.com/projectdiscovery/subfinder 2022-10-17
pocassist POC框架 https://github.com/jweny/pocassist 2021-08-11
Gobuster 目录文件、DNS和VHost爆破工具 https://github.com/OJ/gobuster 2022-10-29
Vulmap web漏洞扫描和验证工具 https://github.com/zhzyker/vulmap 2021-09-01
ESP32 Wi-Fi攻击工具 https://github.com/risinek/esp32-wifi-penetration-tool 2021-05-05
牛屎花 C2远控 https://github.com/YDHCUI/manjusaka 2022-10-10
Amass 资产发现、子域名扫描工具 https://github.com/OWASP/Amass 2022-09-23
GitHack Git泄露利用工具 https://github.com/lijiejie/GitHack 2022-05-09
subDomainsBrute 子域名爆破工具 https://github.com/lijiejie/subDomainsBrute 2022-06-05
JNDI-Inject-Exploit 反序列化测试工具 https://github.com/exp1orer/JNDI-Inject-Exploit 2021-12-29
LadonGo 内网渗透扫描器框架 https://github.com/k8gege/LadonGo 2022-07-28
Dismap 资产发现及指纹识别 https://github.com/zhzyker/dismap 2022-06-16
afrog 漏洞扫描工具 https://github.com/zan8in/afrog 2022-10-18
TruffleHog 敏感信息搜集工具 https://github.com/trufflesecurity/trufflehog 2022-11-09
Komo 综合资产收集和漏洞扫描工具 https://github.com/komomon/Komo 2022-10-24
xray 被动扫描安全评估工具 https://github.com/chaitin/xray 2022-10-14
AppInfoScanner 移动端信息收集扫描工具 https://github.com/kelvinBen/AppInfoScanner 2022-10-23
Linux提权exp https://github.com/Al1ex/LinuxEelvation 2022-07-29
Packer Fuzzer Webpack网站扫描工具 https://github.com/rtcatc/Packer-Fuzzer 2022-06-19
Polaris 信息搜集与漏洞利用框架 https://github.com/doimet/Polaris 2022-10-07
geacon_pro 免杀工具 https://github.com/H4de5-7/geacon_pro 2022-11-10
spp 隧道代理工具 https://github.com/esrrhs/spp 2021-09-28
Payer 子域名挖掘机 https://github.com/Pik-sec/Payer 2022-10-15
MobSF 移动安全测试框架 https://github.com/MobSF/Mobile-Security-Framework-MobSF 2022-10-04
ByPassGodzilla/哥斯拉免杀生成 https://github.com/Tas9er/ByPassGodzilla 2022-11-01
katana 下一代爬虫框架 https://github.com/projectdiscovery/katana 2023-01-13
SourceDetector 自动发现.map文件 https://github.com/SunHuawei/SourceDetector 2021-07-02
windows提权漏洞检测 https://github.com/bitsadmin/wesng 2023-01-11
API未授权扫描插件 https://github.com/API-Security/APIKit 2023-01-16
Dirmap web目录扫描工具 https://github.com/H4ckForJob/dirmap 2022-06-01
vshell c2主机群管理工具 https://github.com/veo/vshell 2022-12-24
Yasso 内网渗透辅助工具集 https://github.com/sairson/Yasso 2022-06-29
JSFinder 信息收集接口 https://github.com/Threezh1/JSFinder 2022-12-11
Perun 综合扫描器 https://github.com/WyAtu/Perun 2019-04-25
AntSword 加载器 https://github.com/AntSwordProject/AntSword-Loader 2019-04-24
AntSword https://github.com/AntSwordProject/antSword 2022-07-17
Goby 漏洞扫描 https://github.com/gobysec/Goby 2023-01-17
goby exp库 https://github.com/k3vi-07/goby-exp 2021-08-26
reNgine 自动侦察框架 https://github.com/yogeshojha/rengine 2022-12-30
SatanSword 红队综合渗透框架 https://github.com/Lucifer1993/SatanSword 2022-04-02
Dirscan 目录扫描 https://github.com/corunb/Dirscan 2022-11-14
LSTAR CobaltStrike综合后渗透插件 https://github.com/lintstar/LSTAR 2022-06-15
Platypus 交互式反向 Shell 管理器 https://github.com/WangYihang/Platypus 2021-07-17
Phoenix 新一代目录扫描神器 https://github.com/Pik-sec/Phoenix 2022-10-15
RouteVulScan 递归式被动检测脆弱路径的bp插件 https://github.com/F6JO/RouteVulScan 2023-01-08
MDUT 数据库跨平台利用工具 https://github.com/SafeGroceryStore/MDUT 2022-06-22
LaZagne 密码凭证收集工具 https://github.com/AlessandroZ/LaZagne 2019-09-16
Erfrp frp二开-免杀与隐藏 https://github.com/Goqi/Erfrp 2022-11-18
EventCleaner 日志清理 https://github.com/QAX-A-Team/EventCleaner 2018-09-07
UACMe Windows bypassUAC https://github.com/hfiref0x/UACME 2022-07-17
SCAMagicScan POC漏洞扫描工具 https://github.com/SCAMagic/SCAMagicScan 2023-01-18
ENScan Go 企业信息搜集工具 https://github.com/wgpsec/ENScan_GO 2022-12-02
ThunderSearch 闪电搜索器 https://github.com/xzajyjs/ThunderSearch 2022-11-08
EmailAll 邮箱收集工具 https://github.com/Taonn/EmailAll 2022-02-24
finger 资产识别工具 https://github.com/EASY233/Finger 2022-09-19
apk扫描器 https://github.com/dwisiswant0/apkleaks 2021-08-11
Neo-reGeorg 代理工具 https://github.com/L-codes/Neo-reGeorg 2022-12-25
blasting 图形化后台爆破工具 https://github.com/gubeihc/blasting 2023-01-02
HaE 敏感信息收集 burp插件 https://github.com/gh0stkey/HaE 2022-12-18
powershell免杀混淆 https://github.com/H4de5-7/powershell-obfuscation 2023-01-17
Bundler-bypass 免杀捆绑器 https://github.com/H4de5-7/Bundler-bypass 2022-11-08
java图形化漏洞利用工具集 https://github.com/savior-only/javafx_tools 2022-08-05
Passive Scan Client - Burp被动扫描流量转发插件 https://github.com/c0ny1/passive-scan-client 2023-02-03
ffuf - Fuzz Faster U Fool https://github.com/ffuf/ffuf 2023-02-06
JDumpSpider - HeapDump敏感信息提取工具 https://github.com/whwlsfb/JDumpSpider 2023-04-06
rapiddns https://github.com/able403/rapiddns 2023-02-24
CDK - Zero Dependency Docker/K8s Penetration Toolkit https://github.com/cdk-team/CDK 2023-03-13
Mythic https://github.com/its-a-feature/Mythic 2023-05-10
windows-kernel-exploits -Windows提权 https://github.com/SecWiki/windows-kernel-exploits 2021-06-12
IPSearch - 离线IP Whois查询工具 https://github.com/SleepingBag945/IPSearch 2022-12-29
LOLBAS - Living Off The Land Binaries and Scripts https://github.com/LOLBAS-Project/LOLBAS 2023-07-18
GTFOBins - 提权命令辅助 https://github.com/GTFOBins/GTFOBins.github.io 2023-04-20
jsleak https://github.com/channyein1337/jsleak 2023-04-10
veinmind-tools - 容器安全工具集 https://github.com/chaitin/veinmind-tools 2023-07-04
BypassAntiVirus https://github.com/TideSec/BypassAntiVirus 2022-04-23
adduserbysamr-bof CS插件 https://github.com/AgeloVito/adduserbysamr-bof 2022-11-30
Supershell - C2远控平台 https://github.com/tdragon6/Supershell 2023-03-29
ExchangeOWA - OutLook信息收集工具 https://github.com/KrystianLi/ExchangeOWA 2023-05-23
gogo - 自动化扫描器 https://github.com/chainreactors/gogo 2023-07-08
HTTPServer - 内网工具 https://github.com/Axx8/HTTPServer 2023-03-19
Kunyu(坤舆) - 更高效的企业资产收集 https://github.com/knownsec/Kunyu 2022-04-21
Behinder - 冰蝎网站管理客户端 https://github.com/rebeyond/Behinder 2022-11-29
Gitleaks https://github.com/gitleaks/gitleaks 2023-06-15
Mischief-DLL-Stager https://github.com/MitchHS/Mischief-DLL-Stager 2023-04-19
GC2 - 谷歌sheet充当C2 https://github.com/looCiprian/GC2-sheet 2023-07-07
noterce https://github.com/xiao-zhu-zhu/noterce 2023-05-10
Super Xray - XRAY的GUI启动器 https://github.com/4ra1n/super-xray 2023-05-19
Firefly - Web黑盒测试工具 https://github.com/Brum3ns/firefly 2023-02-20
Fuso扶桑 - 端口转发工具 https://github.com/editso/fuso 2022-08-20
Fofa Viewer - FOFA 客户端 https://github.com/wgpsec/fofa_viewer 2023-08-27
AScan - 爱企查 https://github.com/i11us0ry/AScan 2023-04-02
ENScan Go - 企业信息查询 https://github.com/wgpsec/ENScan_GO 2023-07-09
Suo5 - HTTP代理隧道工具 https://github.com/zema1/suo5 2023-06-29
Hikvision - 海康威视后渗透利用工具 https://github.com/wafinfo/Hikvision 2023-06-29
RedTeam-Tools https://github.com/A-poc/RedTeam-Tools 2023-07-06
API越权漏洞检测工具 https://github.com/y1nglamore/IDOR_detect_tool 2023-06-27
cdnChecker - cdn检测工具 https://github.com/alwaystest18/cdnChecker 2023-07-03
hostCollision - host碰撞工具 https://github.com/alwaystest18/hostCollision 2023-06-04
漏洞利用
漏洞产品 工具地址 更新时间
SpringBootExploit https://github.com/0x727/SpringBootExploit 2022-04-17
Springboot漏洞全家桶 https://github.com/woodpecker-appstore/springboot-vuldb 2021-05-24
SpringBoot-Scan-GUI https://github.com/13exp/SpringBoot-Scan-GUI 2023-02-15
Log4j2Scan https://github.com/whwlsfb/Log4j2Scan 2022-09-02
ShiroExploit https://github.com/feihong-cs/ShiroExploit-Deprecated 2020-10-04
ShiroAttack2 https://github.com/SummerSec/ShiroAttack2 2022-08-31
thinkphp_gui_tools https://github.com/bewhale/thinkphp_gui_tools 2022-08-18
Fastjson-Patrol https://github.com/ce-automne/FastjsonPatrol 2022-04-01
Vmware虚拟化漏洞利用(HCX/vCenter/NSX/Horizon/vRealize) https://github.com/NS-Sp4ce/Vm4J 2022-01-07
Struts2-Scan 漏洞检测 https://github.com/HatBoy/Struts2-Scan 2020-12-23
Fastjson 扫描器 https://github.com/a1phaboy/FastjsonScan 2022-09-20
致远OA综合利用工具 https://github.com/Summer177/seeyon_exp 2021-01-03
泛微OA综合利用脚本 https://github.com/z1un/weaver_exp 2021-06-29
Spring Core RCE https://github.com/mcdulltii/SpringShell_0-day 2022-03-30
OA - EXPTOOL 漏洞利用框架 https://github.com/LittleBear4/OA-EXPTOOL 2023-04-23
用友畅捷通17.0CNVD-2022-60632 https://github.com/LittleBear4/-17.0CNVD-2022-60632 2022-09-28
WeblogicTool https://github.com/KimJun1010/WeblogicTool 2023-07-06
Penetration_Testing_POC https://github.com/Mr-xn/Penetration_Testing_POC 2023-07-15
0day - EXP、POC https://github.com/helloexp/0day 2023-07-18
通达OA综合利用工具 https://github.com/xinyu2428/TDOA_RCE 2021-03-17
shiro反序列化漏洞综合利用 v2.2 https://github.com/j1anFen/shiro_attack 2021-06-22
TPscan https://github.com/Lucifer1993/TPscan 2022-09-28
推荐阅读:
版权声明:未标注转载均为本站原创,转载时请以链接形式注明文章出处。如有侵权、不妥之处,请联系站长删除。敬请谅解!
