Hacker_Tools
来源:https://github.com/deliciousYSH/Hacker_Tools
扫描器
Nmap端口扫描器: https://github.com/nmap/nmap 被动式注入检测工具: https://github.com/sea-god/GourdScan 高质量扫描Linux / FreeBSD Server中的任何漏洞: https://github.com/future-architect/vuls 子域名扫描器: Altdns-通过变更和排列发现子域:https://github.com/infosec-au/altdns SubBrute使用开放式解析器作为一种代理来规避DNS速率限制:https://github.com/TheRook/subbrute subDomainsBrute 1.2一个针对渗透测试者的快速子域暴力工具:https://github.com/lijiejie/subDomainsBrute Sublist3r:https://github.com/aboul3la/Sublist3r 本地网络扫描器(打开网页时扫描本地网络的PoC Javascript): https://github.com/SkyLined/LocalNetworkScanner HellRaiser基于端口扫描以及关联CVE: https://github.com/m0nad/HellRaiser Routeh-页面上的漏洞路由器: https://github.com/jh00nbr/Routeh 防火墙检测工具: https://github.com/EnableSecurity/wafw00f 漏洞扫描程序,以最少的规则集在短时间内扫描大量目标: https://github.com/lijiejie/BBScan 基于SQLMAP的主动和被动SQL注入的漏洞扫描工具: https://github.com/fengxuangit/Fox-scan/
信息搜集工具
社工收集工具: https://github.com/n0tr00t/Sreg 信息扫描工具: https://github.com/darryllane/Bluto 本地网络扫描仪: https://github.com/sowish/LNScan 通过RDP扫描可访问性工具后门: https://github.com/linuz/Sticky-Keys-Slayer 网络基础设施渗透测试工具: https://github.com/SECFORCE/sparta GitHub信息收集: https://github.com/metac0rtex/GitHarvester
密码破解
密码破解工具(开膛手Johnny): https://github.com/shinnok/johnny 获取存储在本地计算机上大量的密码: https://github.com/AlessandroZ/LaZagne SNMP暴力破解: https://github.com/SECFORCE/SNMP-Brute
Web渗透(禁止用作违法)
HTTP暴力破解,撞库攻击脚本: https://github.com/lijiejie/htpwdScan webshell: https://github.com/tennc/webshell 免杀webshell无限生成工具: https://github.com/yzddmr6/webshell-venom 渗透工具合集: https://github.com/rootphantomer/hack_tools_for_me XSSOR-方便XSS与CSRF的工具: https://github.com/evilcos/xssor2 w3af-Web应用程序攻击和审核框架: https://github.com/andresriancho/w3af 渗透测试包: https://github.com/leonteale/pentestpackage 网络路径扫描仪: https://github.com/maurosoria/dirsearch 代码注入检测工具: https://github.com/epinna/tplmap hackUtils: https://github.com/brianwrf/hackUtils Nikto Web服务器扫描仪: https://github.com/sullo/nikto 自动化的多合一OS命令注入和利用工具: https://github.com/commixproject/commix sslscan测试: https://github.com/rbsec/sslscan Windows安全工具套件: https://github.com/codejanus/ToolSuite Apache实时日志分析器系统: https://github.com/mthbernardes/ARTLAS 检测网络入侵的特征,恶意蜘蛛(Malspider): https://github.com/ciscocsirt/malspider 下一代网络扫描仪WhatWeb: https://github.com/urbanadventurer/whatweb WPScan,WordPress漏洞扫描程序: https://github.com/wpscanteam/wpscan 【sqlmap】: https://github.com/sqlmapproject/sqlmap SQLi-Hunter(HTTP代理服务器和一个SQLMAP API包装器): https://github.com/zt2/sqli-hunter 中国菜刀: https://github.com/Chora10/Cknife
Fuzz
Web应用程序模糊器: https://github.com/xmendez/wfuzz
漏洞及渗透练习平台
WebGoat漏洞练习平台: https://webgoat.github.io/WebGoat/ dvwa漏洞练习平台: https://github.com/ethicalhack3r/DVWA 数据库注入练习平台 : https://github.com/Audi-1/sqli-labs like OWASP Node Goat: https://github.com/cr0hn/vulnerable-node Ruby编写的一款工具,安全方案生成器(SecGen): https://github.com/cliffe/secgen VulApps漏洞练习平台: https://github.com/Medicean/VulApps ZVuldrill Web突破演练平台: https://github.com/710leo/ZVulDrill WebGoat旧版: https://github.com/WebGoat/WebGoat-Legacy