| title |
|---|
黑客工具大搜罗 |
各种好玩的安全攻防工具。
| 序号 | 名称 | 项目地址 | 简介 |
|---|---|---|---|
| 1 | gomitmproxy | https://github.com/sheepbao/gomitmproxy | GomitmProxy是想用golang语言实现的mitmproxy,主要实现http代理,目前实现了http代理和https抓包功能。 |
| 2 | Hyperfox | http://github.com/xiam/hyperfox | Hyperfox 是一个安全的工具用来代理和记录局域网中的 HTTP 和 HTTPS 通讯。 |
| 3 | Gryffin | http://github.com/yahoo/gryffin | Gryffin 是雅虎开发的一个大规模 Web 安全扫描平台。它不是另外一个扫描器,其主要目的是为了解决两个特定的问题 —— 覆盖率和伸缩性。 |
| 4 | ngrok | http://github.com/inconshreveable/ngrok | ngrok 是一个反向代理,通过在公共的端点和本地运行的 Web 服务器之间建立一个安全的通道。ngrok 可捕获和分析所有通道上的流量,便于后期分析和重放。 |
| 序号 | 名称 | 项目地址 | 简介 |
|---|---|---|---|
| 1 | Cknife | https://github.com/Chora10/Cknife | 俗称“中国菜刀”, 一个渗透测试软件 |
| 2 | mimikatz | https://github.com/gentilkiwi/mimikatz | windows渗透工具, 可用于提权操作, 破解管理员密码等 |
| 序号 | 名称 | 项目地址 | 简介 |
|---|---|---|---|
| 1 | mitmproxy | https://github.com/mitmproxy/mitmproxy | 中间人攻击工具 |
| 序号 | 名称 | 项目地址 | 简介 |
|---|---|---|---|
| 1 | PhishLulz | https://github.com/antisnatchor/phishlulz | 高级自动化钓鱼框架, 只需要10分钟就能搭建起钓鱼环境,进行精确的钓鱼攻击。 |
| 序号 | 名称 | 项目地址 | 简介 |
|---|---|---|---|
| 1 | hacker-scripts | https://github.com/NARKOZ/hacker-scripts | 一些无厘头的职场自动化脚本,自动处理和回复一些无聊的事情 |
| 2 | VulApps | https://github.com/Medicean/VulApps | 快速搭建各种漏洞环境(Various vulnerability environment) https://hub.docker.com/r/medicean/vulapps/ 收集各种漏洞环境,为方便使用,统一采用 Dockerfile 形式。 |
| 3 | openftp4 | https://github.com/massivedynamic/openftp4 | 可以匿名登陆的ftp清单 |
作者:天谕 链接:https://zhuanlan.zhihu.com/p/21380662 来源:知乎 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
漏洞及渗透练习平台:
WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy
Damn Vulnerable Web Application(漏洞练习平台) https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Goat https://github.com/cr0hn/vulnerable-node
花式扫描器 :
端口扫描器Nmap https://github.com/nmap/nmap
本地网络扫描器 https://github.com/SkyLined/LocalNetworkScanner
子域名扫描器 https://github.com/lijiejie/subDomainsBrute
漏洞路由扫描器 https://github.com/jh00nbr/Routerhunter-2.0
迷你批量信息泄漏扫描脚本 https://github.com/lijiejie/BBScan
Waf类型检测工具 https://github.com/EnableSecurity/wafw00f
信息搜集工具 :
社工插件,可查找以email、phone、username的注册的所有网站账号信息 https://github.com/n0tr00t/Sreg Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信息 https://github.com/sea-god/gitscan github Repo信息搜集工具 https://github.com/metac0rtex/GitHarvester
WEB:
webshell大合集 https://github.com/tennc/webshell 渗透以及web攻击脚本 https://github.com/brianwrf/hackUtils web渗透小工具大合集 https://github.com/rootphantomer/hack_tools_for_me XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver XSS与CSRF工具 https://github.com/evilcos/xssor Short for command injection exploiter,web向命令注入检测工具 https://github.com/stasinopoulos/commix 数据库注入工具 https://github.com/sqlmapproject/sqlmap Web代理,通过加载sqlmap api进行sqli实时检测 https://github.com/zt2/sqli-hunter 新版中国菜刀 https://github.com/Chora10/Cknife .git泄露利用EXP https://github.com/lijiejie/GitHack 浏览器攻击框架 https://github.com/beefproject/beef 自动化绕过WAF脚本 https://github.com/khalilbijjou/WAFNinja http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) https://github.com/jkbrzt/httpie 浏览器调试利器 https://github.com/firebug/firebug 一款开源WAF https://github.com/SpiderLabs/ModSecurity
windows域渗透工具:
windows渗透神器 https://github.com/gentilkiwi/mimikatz Powershell渗透库合集 https://github.com/PowerShellMafia/PowerSploit Powershell tools合集 https://github.com/clymb3r/PowerShell
Fuzz:
Web向Fuzz工具 https://github.com/xmendez/wfuzz
HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan
漏洞利用及攻击框架:
msf https://github.com/rapid7/metasploit-framework Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 https://github.com/erevus-cn/pocscan Pocsuite https://github.com/knownsec/Pocsuite Beebeeto https://github.com/n0tr00t/Beebeeto-framework
漏洞POC&EXP:
ExploitDB官方git版本 https://github.com/offensive-security/exploit-database php漏洞代码分析 https://github.com/80vul/phpcodz Simple test for CVE-2016-2107 https://github.com/FiloSottile/CVE-2016-2107 CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547 JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits Jenkins CommonCollections EXP https://github.com/CaledoniaProject/jenkins-cli-exploit CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost
中间人攻击及钓鱼
中间人攻击框架 https://github.com/secretsquirrel/the-backdoor-factory https://github.com/secretsquirrel/BDFProxy https://github.com/byt3bl33d3r/MITMf Inject code, jam wifi, and spy on wifi users https://github.com/DanMcInerney/LANs.py 可扩展的中间人代理工具 https://github.com/intrepidusgroup/mallory wifi钓鱼 https://github.com/sophron/wifiphisher
密码破解:
密码破解工具 https://github.com/shinnok/johnny
本地存储的各类密码提取利器 https://github.com/AlessandroZ/LaZagne
二进制及代码分析工具:
二进制分析工具 https://github.com/devttys0/binwalk 系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息 https://github.com/quarkslab/binmap rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. https://github.com/0vercl0k/rp Windows Exploit Development工具 https://github.com/lillypad/badger 二进制静态分析工具(python) https://github.com/bdcht/amoco Python Exploit Development Assistance for GDB https://github.com/longld/peda 对BillGates Linux Botnet系木马活动的监控工具 https://github.com/ValdikSS/billgates-botnet-tracker 木马配置参数提取工具 https://github.com/kevthehermit/RATDecoders Shellphish编写的二进制分析工具(CTF向) https://github.com/angr/angr 针对python的静态代码分析工具 https://github.com/yinwang0/pysonar2 一个自动化的脚本(shell)分析工具,用来给出警告和建议 https://github.com/koalaman/shellcheck 基于AST变换的简易Javascript反混淆辅助工具 https://github.com/ChiChou/etacsufbo
EXP编写框架及工具:
二进制EXP编写工具 https://github.com/t00sh/rop-tool
CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools
an easy-to-use io library for pwning development https://github.com/zTrix/zio
跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida
隐写:
隐写检测工具 https://github.com/abeluck/stegdetect
各类安全资料:
域渗透教程 https://github.com/l3m0n/pentest_study python security教程(原文链接http://www.primalsecurity.net/tutorials/python-tutorials/) https://github.com/smartFlash/pySecurity data_hacking合集 https://github.com/ClickSecurity/data_hacking https://github.com/ClickSecurity/data_hacking mobile-security-wiki https://github.com/exploitprotocol/mobile-security-wiki 书籍《reverse-engineering-for-beginners》 https://github.com/veficos/reverse-engineering-for-beginners 一些信息安全标准及设备配置 https://github.com/luyg24/IT_security APT相关笔记 https://github.com/kbandla/APTnotes Kcon资料 https://github.com/knownsec/KCon ctf及黑客资源合集 https://github.com/bt3gl/My-Gray-Hacker-Resources ctf和安全工具大合集 https://github.com/zardus/ctf-tools 《DO NOT FUCK WITH A HACKER》 https://github.com/citypw/DNFWAH
各类CTF资源
近年ctf writeup大全 https://github.com/ctfs/write-ups-2016 https://github.com/ctfs/write-ups-2015 https://github.com/ctfs/write-ups-2014 fbctf竞赛平台Demo https://github.com/facebook/fbctf ctf Resources https://github.com/ctfs/resources
各类编程资源:
大礼包(什么都有) https://github.com/bayandin/awesome-awesomeness bash-handbook https://github.com/denysdovhan/bash-handbook python资源大全 https://github.com/jobbole/awesome-python-cn git学习资料 https://github.com/xirong/my-git 安卓开源代码解析 https://github.com/android-cn/android-open-project-analysis python框架,库,资源大合集 https://github.com/vinta/awesome-python JS 正则表达式库(用于简化构造复杂的JS正则表达式) https://github.com/VerbalExpressions/JSVerbalExpressions
Python:
python 正则表达式库(用于简化构造复杂的python正则表达式) https://github.com/VerbalExpressions/PythonVerbalExpressions python任务管理以及命令执行库 https://github.com/pyinvoke/invoke python exe打包库 https://github.com/pyinstaller/pyinstaller py3 爬虫框架 https://github.com/orf/cyborg 一个提供底层接口数据包编程和网络协议支持的python库 https://github.com/CoreSecurity/impacket python requests 库 https://github.com/kennethreitz/requests python 实用工具合集 https://github.com/mahmoud/boltons python爬虫系统 https://github.com/binux/pyspider ctf向 python工具包 https://github.com/P1kachu/v0lt
科学上网:
科学上网工具 https://github.com/XX-net/XX-Net
福利:
微信自动抢红包动态库 https://github.com/east520/AutoGetRedEnv
微信抢红包插件(安卓版) https://github.com/geeeeeeeeek/WeChatLuckyMoney 神器 https://github.com/yangyangwithgnu/hardseed
作者:天谕 链接:https://zhuanlan.zhihu.com/p/22110538 来源:知乎 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
漏洞及渗透练习平台:
https://github.com/710leo/ZVulDrill Web漏洞演练平台
https://github.com/cliffe/secgen Ruby编写的一款工具,生成含漏洞的虚拟机
花式扫描器:
https://github.com/aboul3la/Sublist3r 子域名爆破扫描器
https://github.com/TheRook/subbrute 子域名爆破扫描器
https://github.com/andresriancho/w3af Web漏洞扫描器
https://github.com/maurosoria/dirsearch Web路径扫描器
https://github.com/shawarkhanethicalhacker/BruteXSS XSS多功能扫描器
https://github.com/rbsec/sslscan SSL类型扫描器
https://github.com/urbanadventurer/whatweb 网站指纹识别工具,用来检测网站CMS类型,所采用的博客系统类型,JS库,web服务器,甚至版本号,email地址,web框架等
https://github.com/ciscocsirt/malspider 一款爬虫框架,用来检测网站是否被恶意攻击过
https://github.com/wpscanteam/wpscan wordpress漏洞扫描器
https://github.com/misterch0c/firminator_backend 固件漏洞扫描器
https://github.com/wilson9x1/fenghuangscanner_v3 常见服务端口弱口令扫描器
https://github.com/darryllane/Bluto 信息探测及扫描工具(DNS及邮件枚举等)
https://github.com/sowish/LNScan 内部网络扫描器
https://github.com/linuz/Sticky-Keys-Slayer 远程桌面登录扫描器
https://github.com/infosec-au/altdns 子域名字典组合生成及暴力破解器
https://github.com/SECFORCE/sparta 网络基础设施渗透工具(集成nmap和hydra等)
https://github.com/SECFORCE/SNMP-Brute Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script
https://github.com/sullo/nikto web server scanner
https://github.com/code-scan/dzscan discuz论坛漏洞扫描器
https://github.com/nanshihui/Scan-T 网络空间指纹扫描器
https://github.com/ilmila/J2EEScan J2EE漏洞扫描器burp插件
甲方安全工程师生存指南:
https://github.com/thomaspatzke/WASE web索引及日志搜索工具
https://github.com/Kozea/wdb 一款CS结构的web debuger
https://github.com/aramosf/recoversqlite/ recover information from deleted registers in sqlite databases.
https://github.com/epinna/tplmap 自动化的模板注入攻击检测工具
https://github.com/client9/libinjection sqli词法解析分析器
https://github.com/zxsecurity/gpsnitch gps欺骗检测工具
https://github.com/biggiesmallsAG/nightHawkResponse 应急处置响应框架
https://github.com/FallibleInc/security-guide-for-developers web安全开发指南
https://github.com/4ido10n/wooyun-drops-all-articles-package 乌云知识库全部文章
https://github.com/paralax/awesome-honeypots 蜜罐资源合集
https://github.com/wufeifei/cobra 自动化代码审计工具
https://github.com/HatBoy/Pcap-Analyzer python编写的离线网络数据包分析器
https://github.com/leonteale/pentestpackage 渗透测试常见小工具打包
WEB:
https://github.com/owtf/wafbypasser WAF绕过检测工具
https://github.com/julienbedard/browsersploit 浏览器攻击框架
https://github.com/guillotines/WebShell web端webshell管理器
https://github.com/mgeeky/tomcatWarDeployer tomcat自动后门部署
Windows域渗透工具:
https://github.com/enddo/awesome-windows-exploitation windows漏洞利用相关整理
https://github.com/putterpanda/mimikittenz 从内存中提取敏感信息的工具
https://github.com/chango77747/AdEnumerator https://github.com/Raikia/CredNinja https://github.com/ChrisTruncer/WMIOps https://github.com/ChrisTruncer/EyeWitness https://github.com/ChrisTruncer/Egress-Assess fireeye红军渗透工具
各类安全资料:
https://github.com/phith0n/Mind-Map 安全脑图合集 https://github.com/SecWiki/sec-chart/tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428 有关信息安全的一些流程图收集
漏洞POC&EXP:
https://github.com/citronneur/rdp 哈希长度扩展攻击EXP
蜜罐:
https://github.com/desaster/kippo SSH Honeypot
https://github.com/micheloosterhof/cowrie kippo进阶版
https://github.com/awhitehatter/mailoney SMTP honeypot
https://github.com/mushorg/glastopf Web Application honeypot
https://github.com/jordan-wright/elastichoney 数据库蜜罐
https://github.com/atiger77/Dionaea Web蜜罐
作者:天谕 链接:https://zhuanlan.zhihu.com/p/22684414 来源:知乎 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
==========================华丽丽的分割线==========================
漏洞及渗透练习平台:
https://github.com/Medicean/VulApps
多种漏洞练习环境
花式扫描器:
GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications Ruby on Rails应用静态分析工具
GitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go linux漏洞扫描器
GitHub - m0nad/HellRaiser: Vulnerability Scanner 基于端口的漏扫及CVE关联
甲方安全工程师生存指南:
GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups 各知名厂商渗透测试报告模板
GitHub - codejanus/ToolSuite: Security tools 安全工具合集
GitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM)
GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool Destroy-Windows-10-Spying
https://github.com/pwnsdx/BadCode PHP代码审计扫描器
GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD) linux下恶意代码检测包
GitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics. 操作系统运行指标可视化框架
https://github.com/jipegit/OSXAuditor Mac OS下取证工具
GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system 恶意代码分析系统
GitHub - Netflix/Scumblr 定期搜索及存储web应用,可搜漏洞讨论等等
GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response 事件响应框架(focus on 远程取证)
GitHub - mozilla/MozDef: MozDef: The Mozilla Defense Platform The Mozilla Defense Platform
GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. 综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等)
GitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X OS X远程取证与分析工具包
GitHub - mozilla/mig: Distributed & real time digital forensics at the speed of the cloud 分布式实时数字取证系统
GitHub - sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. Microsoft & Unix 文件系统及硬盘取证工具
https://github.com/OpenSCAP/openscap Open Source Security Compliance Solution
https://github.com/wgliang/logcool 开源准实时日志采集器
https://github.com/goldshtn/etrace windows实时ETW事件处理工具
GitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.
CPU及内存相关性能分析工具
WEB:
GitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools. 通过调用sqlmap api,自动检测sqli的代理
GitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions 免杀payload生成器
GitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server 用gmail充当C&C服务器的后门
远控:
GitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool 开源模块化远控工具
GitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool) C#远控工具
漏洞POC&EXP:
GitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities JAVA反序列化漏洞相关资源列表
二进制及代码分析工具:
GitHub - suraj-root/smap: Shellcode mapper shellcode分析工具
GitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSC Shellcode/Obfuscate Code Generator
GitHub - korcankaraokcu/PINCE: A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux linux下逆向工具
GitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Reverse Shell and Post Exploitation Tool
GitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework 跨平台二进制分析及逆向工具
Python:
GitHub - gstarnberger/uncompyle: Python decompiler
pyc反编译脚本
https://github.com/jameslyons/pycipher
pycipher python加解密库
可视化python性能分析工具
FUZZ:
https://github.com/MozillaSecurity/peach
fuzzing framework
GitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage A general-purpose, easy-to-use fuzzer with interesting analysis options.
GitHub - fuzzing/MFFA: Media Fuzzing Framework for Android Media Fuzzing Framework for Android
GitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on Android A tool to fuzz Intent Android
GitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input. Fuzzing资源
GitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)
AFL的Android移植版本
Github 安全军火库(四) 希望今年能够更加努力一点,早日在菜的抠脚的队伍中稳健成长。
==========================华丽丽的分割线==========================
先安利一个网站,我平时经常看,觉得内容都挺不错的。
安全行业从业人员自研开源扫描器合集(2017/01/11更新)-MottoIN
这篇文章主要是针对扫描器这一块的开源项目做了收集和规整,理的很清楚,里面的项目我就不拿出来罗列了。
==========================华丽丽的分割线==========================
漏洞及渗透练习平台:
rapid7/metasploitable3 metasploitable3
stamparm/DSVW 轻量web漏洞演示平台
MyKings/docker-vulnerability-environment docker搭建的漏洞练习环境
joe-shenouda/awesome-cyber-skills 黑客技术训练环境
OWASP/SecurityShepherd web及app渗透训练平台
花式扫描器:
ysrc/GourdScanV2 被动式漏洞扫描系统
ring04h/wydomain 子域名扫描器
ysrc/F-Scrack 服务弱口令检测脚本
thesp0nge/dawnscanner ruby源码扫描工具
zer0h/httpscan web主机发现小工具
maxlabelle/WebMalwareScanner A simple malware scanner
youngyangyang04/NoSQLAttack MongoDB漏洞扫描器
az0ne/AZScanner 自动漏扫
Screetsec/Dracnmap 集成Nmap的一款端口扫描器
maK-/parameth Get Post参数扫描器
delvelabs/vane A GPL fork of the popular wordpress vulnerability scanner WPScan
stanislav-web/OpenDoor 路径扫描器
golismero/golismero web扫描器
We5ter/Scanners-Box 安全行业从业人员自研开源扫描器合集
Graph-X/davscan Fingerprints servers, finds exploits, scans WebDAV.
lietdai/doom 分布式任务分发端口扫描器
angryziber/ipscan fast and friendly network scanner
甲方安全工程师生存指南:
hslatman/awesome-threat-intelligence 威胁情报资源
arthepsy/ssh-audit tool for ssh server auditing
keithjjones/visualize_logs A Python library and command line tools to provide interactive log visualization
m4rco-/dorothy2 一个僵尸网络分析框架
lightbulb-framework/lightbulb-framework WAFS审计工具
Xyntax/1000php 1000个php代码审计案例
aker-gateway/Aker 基于 python 的 Linux ssh 跳板机/堡垒机设置工具
andrewjkerr/security-cheatsheets Linux常见命令及部分安全软件使用命令列表
JacobReynolds/ssrfDetector ssrfDetector
yassineaddi/BackdoorMan PHP后门检测工具
CISOfy/lynis Security auditing and hardening tool, for UNIX-based systems
SpamScope/spamscope 垃圾邮件分析工具
yassineaddi/BackdoorMan 恶意代码,php shell检测工具
OWASP/django-DefectDojo 安全程序和漏洞管理工具
Neohapsis/NeoPI 混淆代码检测工具
emposha/Shell-Detector webshell检测工具
Web:
1N3/IntruderPayloads burp instruder payloads collection
Neohapsis/bbqsql A Blind SQL Injection Exploitation Tool
antoor/antSword antSword
xl7dev/BurpSuite burp插件收集项目
rastating/wordpress-exploit-framework 一个用来攻击wp的框架
lijiejie/ds_store_exp .DS_store文件泄露利用脚本
漏洞POC&EXP:
joaomatosf/jexboss JBOSS verify & exp tool
jiayy/android_vuln_poc-exp 安卓十月漏洞POC
ganliuzhuo/Sebug 在sebug提交的漏洞详情及poc
Fuzz:
google/fuzzer-test-suite Set of tests for fuzzing engines
renatahodovan/fuzzinator Fuzzinator Random Testing Framework
henshin/filebuster web fuzz
如果当中有描述不正确的地方,请老司机们多多指教,鞠躬!