Skip to content

KyonCN/hacker-tools-projects

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 

Repository files navigation

title
黑客工具大搜罗

各种好玩的安全攻防工具。

安全工具(go语言)

序号 名称 项目地址 简介
1 gomitmproxy https://github.com/sheepbao/gomitmproxy GomitmProxy是想用golang语言实现的mitmproxy,主要实现http代理,目前实现了http代理和https抓包功能。
2 Hyperfox http://github.com/xiam/hyperfox Hyperfox 是一个安全的工具用来代理和记录局域网中的 HTTP 和 HTTPS 通讯。
3 Gryffin http://github.com/yahoo/gryffin Gryffin 是雅虎开发的一个大规模 Web 安全扫描平台。它不是另外一个扫描器,其主要目的是为了解决两个特定的问题 —— 覆盖率和伸缩性。
4 ngrok http://github.com/inconshreveable/ngrok ngrok 是一个反向代理,通过在公共的端点和本地运行的 Web 服务器之间建立一个安全的通道。ngrok 可捕获和分析所有通道上的流量,便于后期分析和重放。

安全工具(c语言)

序号 名称 项目地址 简介
1 Cknife https://github.com/Chora10/Cknife 俗称“中国菜刀”, 一个渗透测试软件
2 mimikatz https://github.com/gentilkiwi/mimikatz windows渗透工具, 可用于提权操作, 破解管理员密码等

安全工具(python语言)

序号 名称 项目地址 简介
1 mitmproxy https://github.com/mitmproxy/mitmproxy 中间人攻击工具

安全工具(ruby语言)

序号 名称 项目地址 简介
1 PhishLulz https://github.com/antisnatchor/phishlulz 高级自动化钓鱼框架, 只需要10分钟就能搭建起钓鱼环境,进行精确的钓鱼攻击。

序号 名称 项目地址 简介
1 hacker-scripts https://github.com/NARKOZ/hacker-scripts 一些无厘头的职场自动化脚本,自动处理和回复一些无聊的事情
2 VulApps https://github.com/Medicean/VulApps 快速搭建各种漏洞环境(Various vulnerability environment) https://hub.docker.com/r/medicean/vulapps/ 收集各种漏洞环境,为方便使用,统一采用 Dockerfile 形式。
3 openftp4 https://github.com/massivedynamic/openftp4 可以匿名登陆的ftp清单

作者:天谕 链接:https://zhuanlan.zhihu.com/p/21380662 来源:知乎 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。


漏洞及渗透练习平台:

WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy

Damn Vulnerable Web Application(漏洞练习平台) https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Goat https://github.com/cr0hn/vulnerable-node

花式扫描器 :

端口扫描器Nmap https://github.com/nmap/nmap

本地网络扫描器 https://github.com/SkyLined/LocalNetworkScanner

子域名扫描器 https://github.com/lijiejie/subDomainsBrute

漏洞路由扫描器 https://github.com/jh00nbr/Routerhunter-2.0

迷你批量信息泄漏扫描脚本 https://github.com/lijiejie/BBScan

Waf类型检测工具 https://github.com/EnableSecurity/wafw00f

信息搜集工具 :

社工插件,可查找以email、phone、username的注册的所有网站账号信息 https://github.com/n0tr00t/Sreg Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信息 https://github.com/sea-god/gitscan github Repo信息搜集工具 https://github.com/metac0rtex/GitHarvester

WEB:

webshell大合集 https://github.com/tennc/webshell 渗透以及web攻击脚本 https://github.com/brianwrf/hackUtils web渗透小工具大合集 https://github.com/rootphantomer/hack_tools_for_me XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver XSS与CSRF工具 https://github.com/evilcos/xssor Short for command injection exploiter,web向命令注入检测工具 https://github.com/stasinopoulos/commix 数据库注入工具 https://github.com/sqlmapproject/sqlmap Web代理,通过加载sqlmap api进行sqli实时检测 https://github.com/zt2/sqli-hunter 新版中国菜刀 https://github.com/Chora10/Cknife .git泄露利用EXP https://github.com/lijiejie/GitHack 浏览器攻击框架 https://github.com/beefproject/beef 自动化绕过WAF脚本 https://github.com/khalilbijjou/WAFNinja http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) https://github.com/jkbrzt/httpie 浏览器调试利器 https://github.com/firebug/firebug 一款开源WAF https://github.com/SpiderLabs/ModSecurity

windows域渗透工具:

windows渗透神器 https://github.com/gentilkiwi/mimikatz Powershell渗透库合集 https://github.com/PowerShellMafia/PowerSploit Powershell tools合集 https://github.com/clymb3r/PowerShell

Fuzz:

Web向Fuzz工具 https://github.com/xmendez/wfuzz

HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan

漏洞利用及攻击框架:

msf https://github.com/rapid7/metasploit-framework Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 https://github.com/erevus-cn/pocscan Pocsuite https://github.com/knownsec/Pocsuite Beebeeto https://github.com/n0tr00t/Beebeeto-framework

漏洞POC&EXP:

ExploitDB官方git版本 https://github.com/offensive-security/exploit-database php漏洞代码分析 https://github.com/80vul/phpcodz Simple test for CVE-2016-2107 https://github.com/FiloSottile/CVE-2016-2107 CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547 JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits Jenkins CommonCollections EXP https://github.com/CaledoniaProject/jenkins-cli-exploit CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost

中间人攻击及钓鱼

中间人攻击框架 https://github.com/secretsquirrel/the-backdoor-factory https://github.com/secretsquirrel/BDFProxy https://github.com/byt3bl33d3r/MITMf Inject code, jam wifi, and spy on wifi users https://github.com/DanMcInerney/LANs.py 可扩展的中间人代理工具 https://github.com/intrepidusgroup/mallory wifi钓鱼 https://github.com/sophron/wifiphisher

密码破解:

密码破解工具 https://github.com/shinnok/johnny

本地存储的各类密码提取利器 https://github.com/AlessandroZ/LaZagne

二进制及代码分析工具:

二进制分析工具 https://github.com/devttys0/binwalk 系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息 https://github.com/quarkslab/binmap rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. https://github.com/0vercl0k/rp Windows Exploit Development工具 https://github.com/lillypad/badger 二进制静态分析工具(python) https://github.com/bdcht/amoco Python Exploit Development Assistance for GDB https://github.com/longld/peda 对BillGates Linux Botnet系木马活动的监控工具 https://github.com/ValdikSS/billgates-botnet-tracker 木马配置参数提取工具 https://github.com/kevthehermit/RATDecoders Shellphish编写的二进制分析工具(CTF向) https://github.com/angr/angr 针对python的静态代码分析工具 https://github.com/yinwang0/pysonar2 一个自动化的脚本(shell)分析工具,用来给出警告和建议 https://github.com/koalaman/shellcheck 基于AST变换的简易Javascript反混淆辅助工具 https://github.com/ChiChou/etacsufbo

EXP编写框架及工具:

二进制EXP编写工具 https://github.com/t00sh/rop-tool

CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools

an easy-to-use io library for pwning development https://github.com/zTrix/zio

跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida

隐写:

隐写检测工具 https://github.com/abeluck/stegdetect

各类安全资料:

域渗透教程 https://github.com/l3m0n/pentest_study python security教程(原文链接http://www.primalsecurity.net/tutorials/python-tutorials/) https://github.com/smartFlash/pySecurity data_hacking合集 https://github.com/ClickSecurity/data_hacking https://github.com/ClickSecurity/data_hacking mobile-security-wiki https://github.com/exploitprotocol/mobile-security-wiki 书籍《reverse-engineering-for-beginners》 https://github.com/veficos/reverse-engineering-for-beginners 一些信息安全标准及设备配置 https://github.com/luyg24/IT_security APT相关笔记 https://github.com/kbandla/APTnotes Kcon资料 https://github.com/knownsec/KCon ctf及黑客资源合集 https://github.com/bt3gl/My-Gray-Hacker-Resources ctf和安全工具大合集 https://github.com/zardus/ctf-tools 《DO NOT FUCK WITH A HACKER》 https://github.com/citypw/DNFWAH

各类CTF资源

近年ctf writeup大全 https://github.com/ctfs/write-ups-2016 https://github.com/ctfs/write-ups-2015 https://github.com/ctfs/write-ups-2014 fbctf竞赛平台Demo https://github.com/facebook/fbctf ctf Resources https://github.com/ctfs/resources

各类编程资源:

大礼包(什么都有) https://github.com/bayandin/awesome-awesomeness bash-handbook https://github.com/denysdovhan/bash-handbook python资源大全 https://github.com/jobbole/awesome-python-cn git学习资料 https://github.com/xirong/my-git 安卓开源代码解析 https://github.com/android-cn/android-open-project-analysis python框架,库,资源大合集 https://github.com/vinta/awesome-python JS 正则表达式库(用于简化构造复杂的JS正则表达式) https://github.com/VerbalExpressions/JSVerbalExpressions

Python:

python 正则表达式库(用于简化构造复杂的python正则表达式) https://github.com/VerbalExpressions/PythonVerbalExpressions python任务管理以及命令执行库 https://github.com/pyinvoke/invoke python exe打包库 https://github.com/pyinstaller/pyinstaller py3 爬虫框架 https://github.com/orf/cyborg 一个提供底层接口数据包编程和网络协议支持的python库 https://github.com/CoreSecurity/impacket python requests 库 https://github.com/kennethreitz/requests python 实用工具合集 https://github.com/mahmoud/boltons python爬虫系统 https://github.com/binux/pyspider ctf向 python工具包 https://github.com/P1kachu/v0lt

科学上网:

科学上网工具 https://github.com/XX-net/XX-Net

福利:

微信自动抢红包动态库 https://github.com/east520/AutoGetRedEnv

微信抢红包插件(安卓版) https://github.com/geeeeeeeeek/WeChatLuckyMoney 神器 https://github.com/yangyangwithgnu/hardseed


作者:天谕 链接:https://zhuanlan.zhihu.com/p/22110538 来源:知乎 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。


漏洞及渗透练习平台:

https://github.com/710leo/ZVulDrill Web漏洞演练平台

https://github.com/cliffe/secgen Ruby编写的一款工具,生成含漏洞的虚拟机

花式扫描器:

https://github.com/aboul3la/Sublist3r 子域名爆破扫描器

https://github.com/TheRook/subbrute 子域名爆破扫描器

https://github.com/andresriancho/w3af Web漏洞扫描器

https://github.com/maurosoria/dirsearch Web路径扫描器

https://github.com/shawarkhanethicalhacker/BruteXSS XSS多功能扫描器

https://github.com/rbsec/sslscan SSL类型扫描器

https://github.com/urbanadventurer/whatweb 网站指纹识别工具,用来检测网站CMS类型,所采用的博客系统类型,JS库,web服务器,甚至版本号,email地址,web框架等

https://github.com/ciscocsirt/malspider 一款爬虫框架,用来检测网站是否被恶意攻击过

https://github.com/wpscanteam/wpscan wordpress漏洞扫描器

https://github.com/misterch0c/firminator_backend 固件漏洞扫描器

https://github.com/wilson9x1/fenghuangscanner_v3 常见服务端口弱口令扫描器

https://github.com/darryllane/Bluto 信息探测及扫描工具(DNS及邮件枚举等)

https://github.com/sowish/LNScan 内部网络扫描器

https://github.com/linuz/Sticky-Keys-Slayer 远程桌面登录扫描器

https://github.com/infosec-au/altdns 子域名字典组合生成及暴力破解器

https://github.com/SECFORCE/sparta 网络基础设施渗透工具(集成nmap和hydra等)

https://github.com/SECFORCE/SNMP-Brute Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script

https://github.com/sullo/nikto web server scanner

https://github.com/code-scan/dzscan discuz论坛漏洞扫描器

https://github.com/nanshihui/Scan-T 网络空间指纹扫描器

https://github.com/ilmila/J2EEScan J2EE漏洞扫描器burp插件

甲方安全工程师生存指南:

https://github.com/thomaspatzke/WASE web索引及日志搜索工具

https://github.com/Kozea/wdb 一款CS结构的web debuger

https://github.com/aramosf/recoversqlite/ recover information from deleted registers in sqlite databases.

https://github.com/epinna/tplmap 自动化的模板注入攻击检测工具

https://github.com/client9/libinjection sqli词法解析分析器

https://github.com/zxsecurity/gpsnitch gps欺骗检测工具

https://github.com/biggiesmallsAG/nightHawkResponse 应急处置响应框架

https://github.com/FallibleInc/security-guide-for-developers web安全开发指南

https://github.com/4ido10n/wooyun-drops-all-articles-package 乌云知识库全部文章

https://github.com/paralax/awesome-honeypots 蜜罐资源合集

https://github.com/wufeifei/cobra 自动化代码审计工具

https://github.com/HatBoy/Pcap-Analyzer python编写的离线网络数据包分析器

https://github.com/leonteale/pentestpackage 渗透测试常见小工具打包

WEB:

https://github.com/owtf/wafbypasser WAF绕过检测工具

https://github.com/julienbedard/browsersploit 浏览器攻击框架

https://github.com/guillotines/WebShell web端webshell管理器

https://github.com/mgeeky/tomcatWarDeployer tomcat自动后门部署

Windows域渗透工具:

https://github.com/enddo/awesome-windows-exploitation windows漏洞利用相关整理

https://github.com/putterpanda/mimikittenz 从内存中提取敏感信息的工具

https://github.com/chango77747/AdEnumerator https://github.com/Raikia/CredNinja https://github.com/ChrisTruncer/WMIOps https://github.com/ChrisTruncer/EyeWitness https://github.com/ChrisTruncer/Egress-Assess fireeye红军渗透工具

各类安全资料:

https://github.com/phith0n/Mind-Map 安全脑图合集 https://github.com/SecWiki/sec-chart/tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428 有关信息安全的一些流程图收集

漏洞POC&EXP:

https://github.com/citronneur/rdp 哈希长度扩展攻击EXP

蜜罐:

https://github.com/desaster/kippo SSH Honeypot

https://github.com/micheloosterhof/cowrie kippo进阶版

https://github.com/awhitehatter/mailoney SMTP honeypot

https://github.com/mushorg/glastopf Web Application honeypot

https://github.com/jordan-wright/elastichoney 数据库蜜罐

https://github.com/atiger77/Dionaea Web蜜罐

作者:天谕 链接:https://zhuanlan.zhihu.com/p/22684414 来源:知乎 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

==========================华丽丽的分割线==========================

漏洞及渗透练习平台:

https://github.com/Medicean/VulApps

多种漏洞练习环境

花式扫描器:

GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications Ruby on Rails应用静态分析工具

GitHub - future-architect/vuls: Vulnerability scanner for Linux/FreeBSD, agentless, written in Go linux漏洞扫描器

GitHub - m0nad/HellRaiser: Vulnerability Scanner 基于端口的漏扫及CVE关联

甲方安全工程师生存指南:

GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups 各知名厂商渗透测试报告模板

GitHub - codejanus/ToolSuite: Security tools 安全工具合集

GitHub - mthbernardes/ARTLAS: Apache Real Time Logs Analyzer System apache实时日志分析器(on Telegram, Zabbix and Syslog/SIEM)

GitHub - Nummer/Destroy-Windows-10-Spying: Destroy Windows Spying tool Destroy-Windows-10-Spying

https://github.com/pwnsdx/BadCode PHP代码审计扫描器

GitHub - rfxn/linux-malware-detect: Linux Malware Detection (LMD) linux下恶意代码检测包

GitHub - facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics. 操作系统运行指标可视化框架

https://github.com/jipegit/OSXAuditor Mac OS下取证工具

GitHub - cuckoosandbox/cuckoo: Cuckoo Sandbox is an automated dynamic malware analysis system 恶意代码分析系统

GitHub - Netflix/Scumblr 定期搜索及存储web应用,可搜漏洞讨论等等

GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response 事件响应框架(focus on 远程取证)

GitHub - mozilla/MozDef: MozDef: The Mozilla Defense Platform The Mozilla Defense Platform

GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. 综合主机监控检测平台(包含主机防火墙,日志监控,SIEM等)

GitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X OS X远程取证与分析工具包

GitHub - mozilla/mig: Distributed & real time digital forensics at the speed of the cloud 分布式实时数字取证系统

GitHub - sleuthkit/sleuthkit: The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. Microsoft & Unix 文件系统及硬盘取证工具

https://github.com/OpenSCAP/openscap Open Source Security Compliance Solution

https://github.com/wgliang/logcool 开源准实时日志采集器

https://github.com/goldshtn/etrace windows实时ETW事件处理工具

GitHub - Microsoft/perfview: PerfView is a performance-analysis tool that helps isolate CPU- and memory-related performance issues.

CPU及内存相关性能分析工具

WEB:

GitHub - fengxuangit/Fox-scan: Fox-scan is a initiative and passive SQL Injection vulnerable Test tools. 通过调用sqlmap api,自动检测sqli的代理

GitHub - Veil-Framework/Veil-Evasion: Veil-Evasion is a tool used to generate payloads that bypass antivirus solutions 免杀payload生成器

GitHub - byt3bl33d3r/gcat: A fully featured backdoor that uses Gmail as a C&C server 用gmail充当C&C服务器的后门

远控:

GitHub - UbbeLoL/uRAT: Opensource modular Remote Administration Tool 开源模块化远控工具

GitHub - hussein-aitlahcen/BlackHole: C# RAT (Remote Administration Tool) C#远控工具

漏洞POC&EXP:

GitHub - GrrrDog/Java-Deserialization-Cheat-Sheet: The cheat sheet about Java Deserialization vulnerabilities JAVA反序列化漏洞相关资源列表

二进制及代码分析工具:

GitHub - suraj-root/smap: Shellcode mapper shellcode分析工具

GitHub - zscproject/OWASP-ZSC: OWASP ZSCGitHub - zscproject/OWASP-ZSC: OWASP ZSC Shellcode/Obfuscate Code Generator

GitHub - korcankaraokcu/PINCE: A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux linux下逆向工具

GitHub - panagiks/RSPET: RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Reverse Shell and Post Exploitation Tool

GitHub - programa-stic/barf-project: BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework 跨平台二进制分析及逆向工具

Python:

GitHub - gstarnberger/uncompyle: Python decompiler

pyc反编译脚本

https://github.com/jameslyons/pycipher

pycipher python加解密库

https://github.com/nvdv/vprof

可视化python性能分析工具

FUZZ:

https://github.com/MozillaSecurity/peach

fuzzing framework

GitHub - google/honggfuzz: A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage A general-purpose, easy-to-use fuzzer with interesting analysis options.

GitHub - fuzzing/MFFA: Media Fuzzing Framework for Android Media Fuzzing Framework for Android

GitHub - MindMac/IntentFuzzer: A Tool to fuzz Intent on Android A tool to fuzz Intent Android

GitHub - MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with input. Fuzzing资源

GitHub - ele7enxxh/android-afl: Fuzzing Android program with american fuzzy lop (AFL)

AFL的Android移植版本

Github 安全军火库(四) 希望今年能够更加努力一点,早日在菜的抠脚的队伍中稳健成长。

==========================华丽丽的分割线==========================

先安利一个网站,我平时经常看,觉得内容都挺不错的。

安全行业从业人员自研开源扫描器合集(2017/01/11更新)-MottoIN

这篇文章主要是针对扫描器这一块的开源项目做了收集和规整,理的很清楚,里面的项目我就不拿出来罗列了。

==========================华丽丽的分割线==========================

漏洞及渗透练习平台:

rapid7/metasploitable3 metasploitable3

stamparm/DSVW 轻量web漏洞演示平台

MyKings/docker-vulnerability-environment docker搭建的漏洞练习环境

joe-shenouda/awesome-cyber-skills 黑客技术训练环境

OWASP/SecurityShepherd web及app渗透训练平台

花式扫描器:

ysrc/GourdScanV2 被动式漏洞扫描系统

ring04h/wydomain 子域名扫描器

ysrc/F-Scrack 服务弱口令检测脚本

thesp0nge/dawnscanner ruby源码扫描工具

zer0h/httpscan web主机发现小工具

maxlabelle/WebMalwareScanner A simple malware scanner

youngyangyang04/NoSQLAttack MongoDB漏洞扫描器

az0ne/AZScanner 自动漏扫

Screetsec/Dracnmap 集成Nmap的一款端口扫描器

maK-/parameth Get Post参数扫描器

delvelabs/vane A GPL fork of the popular wordpress vulnerability scanner WPScan

stanislav-web/OpenDoor 路径扫描器

golismero/golismero web扫描器

We5ter/Scanners-Box 安全行业从业人员自研开源扫描器合集

Graph-X/davscan Fingerprints servers, finds exploits, scans WebDAV.

lietdai/doom 分布式任务分发端口扫描器

angryziber/ipscan fast and friendly network scanner

甲方安全工程师生存指南:

hslatman/awesome-threat-intelligence 威胁情报资源

arthepsy/ssh-audit tool for ssh server auditing

keithjjones/visualize_logs A Python library and command line tools to provide interactive log visualization

m4rco-/dorothy2 一个僵尸网络分析框架

lightbulb-framework/lightbulb-framework WAFS审计工具

Xyntax/1000php 1000个php代码审计案例

aker-gateway/Aker 基于 python 的 Linux ssh 跳板机/堡垒机设置工具

andrewjkerr/security-cheatsheets Linux常见命令及部分安全软件使用命令列表

JacobReynolds/ssrfDetector ssrfDetector

yassineaddi/BackdoorMan PHP后门检测工具

CISOfy/lynis Security auditing and hardening tool, for UNIX-based systems

SpamScope/spamscope 垃圾邮件分析工具

yassineaddi/BackdoorMan 恶意代码,php shell检测工具

OWASP/django-DefectDojo 安全程序和漏洞管理工具

Neohapsis/NeoPI 混淆代码检测工具

emposha/Shell-Detector webshell检测工具

Web:

1N3/IntruderPayloads burp instruder payloads collection

Neohapsis/bbqsql A Blind SQL Injection Exploitation Tool

antoor/antSword antSword

xl7dev/BurpSuite burp插件收集项目

rastating/wordpress-exploit-framework 一个用来攻击wp的框架

lijiejie/ds_store_exp .DS_store文件泄露利用脚本

漏洞POC&EXP:

joaomatosf/jexboss JBOSS verify & exp tool

jiayy/android_vuln_poc-exp 安卓十月漏洞POC

ganliuzhuo/Sebug 在sebug提交的漏洞详情及poc

Fuzz:

google/fuzzer-test-suite Set of tests for fuzzing engines

renatahodovan/fuzzinator Fuzzinator Random Testing Framework

henshin/filebuster web fuzz

如果当中有描述不正确的地方,请老司机们多多指教,鞠躬!

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published