Black Hat Arsenal 官方工具仓库 https://github.com/toolswatch/blackhat-arsenal-tools
windows渗透工具集合 https://github.com/Hack-with-Github/Windows
windows最佳渗透指南 https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
从内存中提取敏感信息的工具 https://github.com/putterpanda/mimikittenz
fireeye红军渗透工具
https://github.com/Raikia/CredNinja
https://github.com/ChrisTruncer/WMIOps
https://github.com/ChrisTruncer/EyeWitness
https://github.com/ChrisTruncer/Egress-Assess
windows渗透神器 https://github.com/gentilkiwi/mimikatz
在线渗透测试资源、Shellcode开发、开源情报资源、社会工程资源等 https://github.com/enaqx/awesome-pentest
frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。 https://github.com/fatedier/frp
hideNsneak: 临时渗透测试架构明亮行 https://github.com/rmikehodges/hideNsneak
Powershell渗透库合集 https://github.com/PowerShellMafia/PowerSploit
Powershell tools合集 https://github.com/clymb3r/PowerShell
资产狩猎框架-AssetsHunter,信息收集是一项艺术~ https://github.com/rabbitmask/AssetsHunter
Nishang PowerShell下脚本和渗透和POC框架和集合,Nishang在渗透测试的所有阶段都非常有用。 https://github.com/samratashok/nishang
MSF--最强大的渗透平台 https://github.com/rapid7/metasploit-framework
Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 https://github.com/erevus-cn/pocscan
Pocsuite -开源的远程漏洞测试框架 https://github.com/knownsec/Pocsuite
fsociety黑客工具集——渗透测试框架 https://github.com/Manisso/fsociety
YAWAST Web应用安全套件 https://github.com/adamcaudill/yawast
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities https://github.com/JuxhinDB/OOB-Server
Beebeeto是由众多安全研究人员所共同维护的一个规范化POC/EXP平台 https://github.com/n0tr00t/Beebeeto-framework
cloudflare基于nmap打包的一个轻量漏洞扫描系统 https://github.com/cloudflare/flan
一个用Node.js编写的Web安全测试框架 https://github.com/zhuyingda/veneno
Orc is a post-exploitation framework for Linux written in Bash https://github.com/zMarch/Orc
常见的渗透测试/安全Cheatsheet https://github.com/jshaw87/Cheatsheets
渗透脚本集合包括backdoor,exploit,fuzzing,note,misc,powershell https://github.com/Ridter/Pentest
消息队列和中间人注入工具,可以用于攻击 Redis, RabbitMQ和ZeroMQ。 https://github.com/cr0hn/enteletaor
WPA2 KRACK攻击验证脚本集 https://github.com/vanhoefm/krackattacks-scripts
越过(WAF)和 XSS过滤的pyton脚本集 https://github.com/frizb/Bypassing-Web-Application-Firewalls
渗透测试用到的东东 https://github.com/ring04h/pentest
DNS rebinding toolkit https://github.com/makuga01/dnsFookup
A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. https://github.com/SolomonSklash/chomp-scan
Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications https://github.com/rapid7/hackazon
MSTG-手机应用安全开发、测试、反向工程详细手册。 https://github.com/OWASP/owasp-mstg
Venom是一款为渗透测试人员设计的使用Go开发的多级代理工具 https://github.com/Dliv3/Venom
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting https://github.com/hahwul/WebHackersWeapons
DotDotPwn - 目录遍历Fuzzer(http://dotdotpwn.blogspot.com/) https://github.com/wireghoul/dotdotpwn
FuzzLabs Fuzzing框架 https://dcnws.com https://github.com/keymandll/FuzzLabs
谷歌出品强大分析配置项目fuzzing组件 https://github.com/google/honggfuzz
谷歌fuzzing引擎测试集 https://github.com/google/fuzzer-test-suite
可扩展地Fuzzing框架 https://github.com/IOActive/XDiFF
Fuzzinator随机测试框架 https://github.com/renatahodovan/fuzzinator
各种fuzzing图书、课程、工具、教程和易受攻击应用集合 https://github.com/secfigo/Awesome-Fuzzing
Linux内核fuzzing和缺陷相关的资源 https://github.com/xairy/linux-kernel-exploitation
fuzzing框架 https://github.com/MozillaSecurity/peach
fuddly: fuzzing和数据处理框架 https://github.com/k0retux/fuddly
基础fuzzer工具 https://github.com/RootUp/BFuzz
Kitty fuzzing框架扩展库 https://github.com/cisco-sas/katnip
Fuzzer API接口,通过可以用通用的渗透技术和漏洞列表进行fuzz请求 https://github.com/lalithr95/API-fuzzer
Java的fuzz测试覆盖率指导 https://github.com/fuzzitdev/javafuzz
找出文件系统存存储的加密文件 https://github.com/antagon/TCHunt-ng
安卓媒体Fuzzing框架 https://github.com/fuzzing/MFFA
安卓fuzz工具 https://github.com/MindMac/IntentFuzzer
Fuzzing数据集 https://github.com/MozillaSecurity/fuzzdata
WebFuzz工具 https://github.com/xmendez/wfuzz
coverage guided fuzz testing for javascript https://github.com/fuzzitdev/jsfuzz
web fuzz https://github.com/henshin/filebuster
AFL的Android移植版本 https://github.com/ele7enxxh/android-afl
Fuzzing results for various interpreters. https://github.com/dyjakan/interpreter-bugs
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem https://github.com/lalithr95/fuzzapi
Test Blue Team detections without running any attack. https://github.com/n0dec/MalwLess
bring your .bashrc, .vimrc, etc. with you when you ssh https://github.com/Russell91/sshrc
Chat over SSH https://github.com/shazow/ssh-chat
AFL—支持源码插桩的代码覆盖引导的Fuzzer,绝对是fuzzer领域的一大里程碑,虽然它也支持基于QEMU的闭源程序,但效果不好,且容易出错,由它衍生出来非常多afl分支版本,借助它已经被挖出非常多的漏洞,但它的变异策略其实有待提高。 http://lcamtuf.coredump.cx/afl/
WinAFL—windows版本的afl,使用DynamoRIO去插桩闭源程序以获取代码覆盖率信息,同时支持硬件PT获取覆盖率信息,但PT获取覆盖率其实并没有插桩获取得全,但速度可能会快一些。 https://github.com/googleprojectzero/winafl
AFLFast—加速版的AFL,Fuzzing速度确实会比原版快一些。 https://github.com/mboehme/aflfast
Vuzzer—支持闭源程序的覆盖引导Fuzzer,使用LibDFT的pin工具实现数据流追踪,结合动静态分析,以获取更多的代码路径,比如比较语句中的比较值,它会先作记录,再未来变异时使用。 https://github.com/vusec/vuzzer
PTfuzzer—Linux平台下的采用 Interl PT硬件支持的覆盖引导Fuzzer,所以它支持闭源程序。 https://github.com/hunter-ht-2018/ptfuzzer
afl-unicorn—采用Unicorn模拟指令的AFL,支持Linux闭源程序 https://github.com/tigerpuma/Afl_unicorn
pe-afl—通过静态插桩实现针对Windows闭源程序的覆盖引导的AFL Fuzzer,支持用户层应用和内核驱动 https://github.com/wmliang/pe-afl
kAFL—支持QEMU虚拟机下的系统内核Fuzzing的AFL,适用于Linux、macOS与Windows https://github.com/RUB-SysSec/kAFL/
TriforceAFL—基于QEMU全系统模拟的AFL,借助系统仿真器实现分支信息跟踪,支持Linux内核Fuzzing https://github.com/nccgroup/TriforceAFL
ClusterFuzzer—Google开源的可扩展的Fuzzing基础设施 https://github.com/google/clusterfuzz
LibFuzzer—进程内覆盖率引导的开源的fuzz引擎库,属于llvm的一部分,在各大主流开源库中,以及Google内部最经常用的安全测试工具 https://llvm.org/docs/LibFuzzer.html
OSS-Fuzz—基于LibFuzzer的开源软件Fuzzer集合,实现docker下自动下载、编译安装及运行 https://github.com/google/oss-fuzz
honggfuzz—Google开发的基于软硬件的覆盖驱动型Fuzzer,单纯暴力Fuzz的效果也挺好的,支持多平台,包括Linux\macOS\Windows\Android https://github.com/google/honggfuzz
KernelFuzzer—跨平台内核Fuzzer框架,不开源策略,只在其paper中提及变异策略,需要自己实现,支持Windows、OSX和QNX系统,但只提供Windows编译脚本 https://github.com/mwrlabs/KernelFuzzer
OSXFuzzer—基于Kernel Fuzzer的macOS内核Fuzzer https://github.com/mwrlabs/OSXFuzz.git
PassiveFuzzFrameworkOSX—通过Hook实现被动式的OSX内核Fuzzer https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX
Bochspwn—基于Boch插桩API实现Double Fetches内核漏洞的检测 https://github.com/googleprojectzero/bochspwn
Bochspwn-reloaded—基于Boch插桩API实现内核信息泄露的检测 https://github.com/googleprojectzero/bochspwn-reloaded
syzkaller—基于覆盖率引导的Linux内核Fuzzer,需要基于其模板语法实现API调用模板,提供给syzkaller进行数据变异,也曾被移植到其它平台 https://github.com/google/syzkaller
dharma—基于语法模板生成的Fuzzer,由Mozilla开源的用于Fuzz Firefox JS引擎 https://github.com/MozillaSecurity/dharma
domator—Project Zero团队开源的DOM Fuzzer,用python实现基于模板生成的Fuzzer https://github.com/googleprojectzero/domato
Fuzzilli—基于语法变异的JavaScript引擎Fuzzer,先通过语法模板生成测试用例,再生成中间语法进行变异,结合覆盖率引导以触发更多代码路径 https://github.com/googleprojectzero/fuzzilli
Razzer—内核竞争条件漏洞Fuzzer https://github.com/compsec-snu/razzer
ViridianFuzzer—用于Fuzzing Hyper-V hypercalls的内核驱动,由MWRLabs公司出品 https://github.com/mwrlabs/ViridianFuzzer
ChromeFuzzer—基于grinder语法生成器改装的Chrome浏览器Fuzzer https://github.com/demi6od/ChromeFuzzer
funfuzz—Mozilla开源的JS fuzzer工具集合,主要用于Fuzz SpiderMonkey https://github.com/MozillaSecurity/funfuzz
webshell大合集 https://github.com/tennc/webshell
渗透以及web攻击脚本 https://github.com/brianwrf/hackUtils
web渗透小工具大合集 https://github.com/rootphantomer/hack_tools_for_me
web敏感目录、信息泄漏批量扫描脚本,结合爬虫、目录深度遍历。 https://github.com/blackye/webdirdig
detectem - detect software and its version on websites. https://github.com/spectresearch/detectem
Hydra is a penetration testing tool exclusively focused on dictionary-attacking web-based login forms. https://github.com/opennota/hydra
数据库注入工具 https://github.com/sqlmapproject/sqlmap
通过控制台管理网站 https://github.com/WangYihang/Webshell-Sniper
SQLiScanner -- Automatic SQL injection with Charles and sqlmap api https://github.com/0xbug/SQLiScanner
Web代理,通过加载sqlmap api进行sqli实时检测 https://github.com/zt2/sqli-hunter
新版中国菜刀 https://github.com/Chora10/Cknife
.git泄露利用EXP https://github.com/lijiejie/GitHack
浏览器攻击框架 https://github.com/beefproject/beef
自动化绕过WAF脚本 https://github.com/khalilbijjou/WAFNinja
http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) https://github.com/jkbrzt/httpie
浏览器调试利器 https://github.com/firebug/firebug
WAF绕过检测工具 https://github.com/owtf/wafbypasser
浏览器攻击框架 https://github.com/julienbedard/browsersploit
web端webshell管理器 https://github.com/guillotines/WebShell
tomcat自动后门部署 https://github.com/mgeeky/tomcatWarDeployer
TomcatBrute tool https://github.com/WallbreakerTeam/TomcatBrute
通过调用sqlmap api,自动检测sqli的代理 https://github.com/fengxuangit/Fox-scan/
CMS探测和利用套件,能探测20多种cms,同时对wp,Joomla, Drupadl进行深度渗透 https://github.com/Tuhinshubhra/CMSeeK
免杀payload生成器 https://github.com/Veil-Framework/Veil-Evasion
用gmail充当C&C服务器的后门 https://github.com/byt3bl33d3r/gcat
burp教学payloads集合 https://github.com/1N3/IntruderPayloads
SQL盲注利用工具 https://github.com/Neohapsis/bbqsql
Script for doing evil stuff to Redis servers (for education purposes only). https://github.com/matiasinsaurralde/evilredis
dnscat2的Powershell客户端,加密的DNS命令和控制工具 https://github.com/lukebaggett/dnscat2-powershell
burp插件收集项目 https://github.com/xl7dev/BurpSuite/tree/master/Extender
Burp-Suite-collections:BurpSuite相关收集项目,插件主要是非BApp Store(商店) https://github.com/Mr-xn/BurpSuite-collections
一个用来辅助WP渗透测试的ruby框架 https://github.com/rastating/wordpress-exploit-framework/
.DS_store文件泄露利用脚本 https://github.com/lijiejie/ds_store_exp
Short for command injection exploiter,web向命令注入检测工具 https://github.com/stasinopoulos/commix
XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver
一个快速的TLS扫描器( non-blocking, event-driven ) https://prbinu.github.io/tls-scan https://github.com/prbinu/tls-scan
一个Python RESTful接口框架,用于提供在线恶意软件和URL分析服务 https://github.com/diogo-fernan/malsub
XSS与CSRF工具 https://github.com/evilcos/xssor
暴力攻击字典生成工具 https://github.com/LandGrey/pydictor
利用深度神经网络tensorflow 对14亿文本密码分析 https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis
ModSecurity—Web应用程序防火墙(支持nginx、iis、apache) https://github.com/SpiderLabs/ModSecurity
Astra:REST API的自动安全测试 https://github.com/flipkart-incubator/Astra
Burp Replicator:自动化复杂漏洞的复制 https://github.com/PortSwigger/replicator
OWASP进攻性Web测试框架 https://github.com/owtf/owtf
OWASP JoomScan项目 https://github.com/rezasp/joomscan
WSSAT Web服务安全评估工具 https://github.com/YalcinYolalan/WSSAT
中间人攻击框架 https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/secretsquirrel/BDFProxy
https://github.com/byt3bl33d3r/MITMf
代码注入,wifi jam以及wifi用户探测 https://github.com/DanMcInerney/LANs.py
可扩展的中间人代理工具 https://github.com/intrepidusgroup/mallory
wifi钓鱼 https://github.com/sophron/wifiphisher
XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver
XSS与CSRF工具 https://github.com/evilcos/xssor
Vegile - Ghost In The Shell 进程隐藏和防止被杀的工具 https://github.com/Screetsec/Vegile
密码破解工具 https://github.com/shinnok/johnny
本地存储的各类密码提取利器 https://github.com/AlessandroZ/LaZagne
HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan
超过80GB密码库总结出的字典项目 https://github.com/berzerk0/Probable-Wordlists