扫描器
Nmap端口扫描器:
https://github.com/nmap/nmap
被动式注入检测工具: https://github.com/sea-god/GourdScan
高质量扫描Linux / FreeBSD Server中的任何漏洞:
https://github.com/future-architect/vuls
子域名扫描器:
Altdns-通过变更和排列发现子域:https://github.com/infosec-au/altdns
SubBrute使用开放式解析器作为一种代理来规避DNS速率限制:https://github.com/TheRook/subbrute
subDomainsBrute 1.2一个针对渗透测试者的快速子域暴力工具:https://github.com/lijiejie/subDomainsBrute
Sublist3r:https://github.com/aboul3la/Sublist3r
本地网络扫描器(打开网页时扫描本地网络的PoC Javascript):
https://github.com/SkyLined/LocalNetworkScanner
HellRaiser基于端口扫描以及关联CVE:
https://github.com/m0nad/HellRaiser
Routeh-页面上的漏洞路由器:
https://github.com/jh00nbr/Routeh
防火墙检测工具:
https://github.com/EnableSecurity/wafw00f
漏洞扫描程序,以最少的规则集在短时间内扫描大量目标:
https://github.com/lijiejie/BBScan
基于SQLMAP的主动和被动SQL注入的漏洞扫描工具: https://github.com/fengxuangit/Fox-scan/
信息搜集工具
社工收集工具:
https://github.com/n0tr00t/Sreg
信息扫描工具:
https://github.com/darryllane/Bluto
本地网络扫描仪:
https://github.com/sowish/LNScan
通过RDP扫描可访问性工具后门:
https://github.com/linuz/Sticky-Keys-Slayer
网络基础设施渗透测试工具:
https://github.com/SECFORCE/sparta
GitHub信息收集:
https://github.com/metac0rtex/GitHarvester
密码破解
密码破解工具(开膛手Johnny):
https://github.com/shinnok/johnny
获取存储在本地计算机上大量的密码:
https://github.com/AlessandroZ/LaZagne
SNMP暴力破解:
https://github.com/SECFORCE/SNMP-Brute
Web渗透(禁止用作违法)
HTTP暴力破解,撞库攻击脚本:
https://github.com/lijiejie/htpwdScan
webshell:
https://github.com/tennc/webshell
免杀webshell无限生成工具:
https://github.com/yzddmr6/webshell-venom
渗透工具合集:
https://github.com/rootphantomer/hack_tools_for_me
XSSOR-方便XSS与CSRF的工具:
https://github.com/evilcos/xssor2
w3af-Web应用程序攻击和审核框架:
https://github.com/andresriancho/w3af
渗透测试包:
https://github.com/leonteale/pentestpackage
网络路径扫描仪:
https://github.com/maurosoria/dirsearch
代码注入检测工具: https://github.com/epinna/tplmaphackUtils:
https://github.com/brianwrf/hackUtils
Nikto Web服务器扫描仪:
https://github.com/sullo/nikto
自动化的多合一OS命令注入和利用工具:
https://github.com/commixproject/commix
sslscan测试:
https://github.com/rbsec/sslscan
Windows安全工具套件:
https://github.com/codejanus/ToolSuite
Apache实时日志分析器系统:
https://github.com/mthbernardes/ARTLAS
检测网络入侵的特征,恶意蜘蛛(Malspider):
https://github.com/ciscocsirt/malspider
下一代网络扫描仪WhatWeb:
https://github.com/urbanadventurer/whatweb
WPScan,WordPress漏洞扫描程序:
https://github.com/wpscanteam/wpscan
【sqlmap】:
https://github.com/sqlmapproject/sqlmap
SQLi-Hunter(HTTP代理服务器和一个SQLMAP API包装器):
https://github.com/zt2/sqli-hunter
中国菜刀:
https://github.com/Chora10/Cknife
Fuzz
Web应用程序模糊器:
https://github.com/xmendez/wfuzz
漏洞及渗透练习平台
WebGoat漏洞练习平台:
https://webgoat.github.io/WebGoat/
dvwa漏洞练习平台:
https://github.com/ethicalhack3r/DVWA
数据库注入练习平台 :
https://github.com/Audi-1/sqli-labs
like OWASP Node Goat:
https://github.com/cr0hn/vulnerable-node
Ruby编写的一款工具,安全方案生成器(SecGen):
https://github.com/cliffe/secgen
VulApps漏洞练习平台:
https://github.com/Medicean/VulApps
ZVuldrill Web突破演练平台:
https://github.com/710leo/ZVulDrill
WebGoat旧版:
https://github.com/WebGoat/WebGoat-Legacy
来源:freebuf.com 2020-12-06 11:10:00 by: 安全达人S1
请登录后发表评论
注册