所有项目

CTF

AWD

开源平台

• https://github.com/BJLIYANLIANG/JJUCTF_V2.0
• https://github.com/D0g3-Lab/H1ve
• https://github.com/GZTimeWalker/GZCTF
• https://github.com/b1ackc4t/MarsCTF
• https://github.com/vidar-team/Cardinal
• https://github.com/xuchaoa/CTF_AWD_Platform

脚本

• https://github.com/Ares-X/AWD-Predator-Framework
• https://github.com/Wfzsec/awd_attack_framework
• https://github.com/admintony/Prepare-for-AWD

防护

• https://github.com/DasSecurity-HatLab/AoiAWD
• https://github.com/dr0op/k4l0ng_WAF
• https://github.com/sharpleung/CTF-WAF

靶场

• https://github.com/871339097/wordpress
• https://github.com/Cl0udG0d/AWDDocker
• https://github.com/glzjin/20190511_awd_docker
• https://github.com/mo-xiaoxi/AWD_CTF_Platform
• https://github.com/yqw1212/Liaoning-provincial-competition-target-1
• https://github.com/zhl2008/awd-platform

Crypto

16进制转字符串

• https://tool.hiofd.com/hex-convert-string-online
• https://www.bejson.com/convert/ox2str/
• https://www.rapidtables.org/zh-CN/convert/number/hex-to-ascii.html
• https://www.sojson.com/hexadecimal.html

3DES加解密

• http://tool.chacuo.net/crypt3des

A1z26密码

• http://www.hiencode.com/a1z26.html

AAencode颜文字

• http://utf-8.jp/public/aaencode.html
• http://www.atoolbox.net/Tool.php?Id=703
• http://www.hiencode.com/aaencode.html

ADFGX密码加解密

• http://www.atoolbox.net/Tool.php?Id=918
• http://www.hiencode.com/adfgvx.html
• http://www.hiencode.com/adfgx.html
• http://www.practicalcryptography.com/ciphers/adfgx-cipher/
• https://ctf.bugku.com/tool/adfgx

AES加解密

• http://tool.chacuo.net/cryptaes
• http://www.hiencode.com/caes.html

ASCII编解码

• http://www.hiencode.com/cencode.html

Base100编解码

• http://www.atoolbox.net/Tool.php?Id=936
• https://ctf.bugku.com/tool/base100

Base16编解码

• http://www.atoolbox.net/Tool.php?Id=930
• https://ctf.bugku.com/tool/base16

Base32编解码

• http://www.atoolbox.net/Tool.php?Id=931
• https://ctf.bugku.com/tool/base32

Base58编解码

• http://www.atoolbox.net/Tool.php?Id=932
• http://www.hiencode.com/base58w.html
• https://ctf.bugku.com/tool/base58

Base62编解码

• http://www.atoolbox.net/Tool.php?Id=933
• http://www.hiencode.com/base62.html
• https://ctf.bugku.com/tool/base62

Base64编解码

• https://ctf.bugku.com/tool/base64

Base85编解码

• http://www.atoolbox.net/Tool.php?Id=934
• http://www.hiencode.com/base85.html
• https://ctf.bugku.com/tool/base85

Base91编解码

• http://www.atoolbox.net/Tool.php?Id=935
• http://www.hiencode.com/base91.html
• https://ctf.bugku.com/tool/base91

Base92编解码

• http://www.hiencode.com/base92.html
• https://ctf.bugku.com/tool/base92

Base编解码

• http://www.hiencode.com/base64.html

Blowfish加解密

• http://tool.chacuo.net/cryptblowfish

Brainfuck_Ook!

• http://www.hiencode.com/brain.html
• https://c5r.app/tools/brain-fuck
• https://ctf.bugku.com/tool/brainfuck
• https://ctfever.uniiem.com/tools/brain-fuck
• https://tool.bugku.com/brainfuck
• https://www.cachesleuth.com/bfook.html
• https://www.splitbrain.org/services/ook

BubbleBabble

• http://www.hiencode.com/bubble.html

Cast加解密

• http://tool.chacuo.net/cryptcast

CryptoJS AES加解密

• http://www.66zan.cn/aesencrypt/
• https://www.sojson.com/encrypt_aes.html

CryptoJS DES加解密

• http://www.66zan.cn/desencrypt/
• https://www.sojson.com/encrypt_des.html

CryptoJS RC4加解密

• http://www.66zan.cn/rc4encrypt/
• https://www.sojson.com/encrypt_rc4.html

CryptoJS Rabbit加解密

• http://www.66zan.cn/rabbitencrypt/
• https://www.sojson.com/encrypt_rabbit.html

CryptoJS TripleDes加解密

• http://www.66zan.cn/tripledes/
• https://ctf.bugku.com/tool/tripledes
• https://www.sojson.com/encrypt_triple_des.html

CryptoJS 加解密

• https://www.sojson.com/encrypt.html

DES加解密

• http://www.hiencode.com/cdes.html

DNA基因序列编码

• https://skaminsky115.github.io/nac/DNA-mRNA-Protein_Converter.html

DSA密钥对

• http://web.chacuo.net/netdsakeypair

Escape编码

• http://www.hiencode.com/escape.html

Gost加解密

• http://tool.chacuo.net/cryptgost

Gronsfeld密码

• http://www.hiencode.com/gronsfeld.html

HTML实体编码

• https://www.convertstring.com/zh_CN/EncodeDecode/HtmlDecode

HTML编码

• http://www.hiencode.com/html_en.html

HTTP(S)响应头查看

• http://www.hiencode.com/http_head.html

Handycode

• http://www.hiencode.com/handycode.html

Hex编码

• http://www.hiencode.com/hex.html

JJencode

• http://www.hiencode.com/jjencode.html

JSfuck

• http://codertab.com/JsUnFuck
• http://www.hiencode.com/jsfuck.html
• http://www.liminba.com/tool/jsfuckdecode/
• https://c5r.app/tools/jsfuck
• https://ctfever.uniiem.com/tools/jsfuck
• https://www.bugku.com/tools/jsfuck/

MD5解密

• https://cmd5.la/
• https://hashes.com/zh/decrypt/hash
• https://pmd5.com/
• https://www.chamd5.org/
• https://www.cmd5.com/
• https://www.somd5.com/

Mimetypes

• http://www.hiencode.com/mimetypes.html

PKCS#1转PKCS8

• http://tool.chacuo.net/cryptrsapkcs1pkcs8

Porta密码

• http://www.hiencode.com/porta.html

Punycode

• http://www.hiencode.com/punycode.html

Quoted-printable

• http://web.chacuo.net/charsetquotedprintable/

Quoted编码

• http://www.hiencode.com/quoted.html

RC2加解密

• http://tool.chacuo.net/cryptrc2

RC4加解密

• http://tool.chacuo.net/cryptrc4
• http://www.hiencode.com/rc4.html

RC5加解密

• http://tool.chacuo.net/cryptrc5

RC6加解密

• http://tool.chacuo.net/cryptrc6

ROT编解码

• https://www.qqxiuzi.cn/bianma/rot5-13-18-47.php

RSA大数分解

• http://www.factordb.com/index.php

RSA密钥对

• http://web.chacuo.net/netrsakeypair

RSA私钥密码修改

• http://tool.chacuo.net/cryptrsapassmodify

RSA私钥密码清除

• http://tool.chacuo.net/cryptrsapassclear

RSA私钥解析

• http://www.hiencode.com/priv_asys.html

RSA综合工具

• https://github.com/6u661e/CTF-RSA-tool
• https://github.com/Mr-Aur0ra/RSA
• https://github.com/RsaCtfTool/RsaCtfTool
• https://github.com/pablocelayes/rsa-wiener-attack

Rijndael加解密

• http://tool.chacuo.net/cryptrijndael

Rot13加解密

• http://www.hiencode.com/rot13.html
• https://ctfever.uniiem.com/tools/rot-series

Rsa公私钥解析

• http://tool.chacuo.net/cryptrsakeyparse

Serpent（蛇）加解密

• http://serpent.online-domain-tools.com/
• http://tool.chacuo.net/cryptserpent

Sojson.v4解密

• https://ctf.bugku.com/tool/sojson4

Sojson.v5（jsjiami.com.v5）解密

• https://ctf.bugku.com/tool/sojson5

Terple DES加密

• http://www.hiencode.com/tdes.html

Twofish加解密

• http://tool.chacuo.net/crypttwofish

Type7密码加解密

• http://www.atoolbox.net/Tool.php?Id=992

URL编码

• http://www.hiencode.com/url.html

UTF-8与GBK编码转换

• http://www.atoolbox.net/Tool.php?Id=1066

UUencode

• http://web.chacuo.net/charsetuuencode
• http://www.hiencode.com/uu.html

UUencode加解密

• https://ctf.bugku.com/tool/uuencode

WebSocket测试

• http://www.hiencode.com/web_socket.html

XXTEA加解密

• http://www.atoolbox.net/Tool.php?Id=1090

XXencode

• http://web.chacuo.net/charsetxxencode
• http://www.hiencode.com/xxencode.html
• https://ctf.bugku.com/tool/xxencode

Xtea加解密

• http://tool.chacuo.net/cryptxtea
• http://www.atoolbox.net/Tool.php?Id=1089

base36编解码

• http://www.hiencode.com/base36w.html

brainfuck颜文字

• https://esolangs.org/wiki/(_%CD%A1%C2%B0_%CD%9C%CA%96_%CD%A1%C2%B0)fuck

chacha20加解密

• http://tool.chacuo.net/cryptchacha20

cisco 密码解密

• https://www.ifm.net.nz/cookbooks/passwordcracker.html

emoji-aes

• https://aghorler.github.io/emoji-aes/
• https://github.com/Mumuzi7179/emoji_aes_burst
• https://github.com/aghorler/emoji-aes

hex转字符

• https://the-x.cn/encodings/Hex.aspx

logo编程

• https://www.calormen.com/jslogo/

malbolge编程

• https://zb3.me/malbolge-tools/

ppencode

• http://www.hiencode.com/ppencode.html

quipqiup

• https://quipqiup.com

rsa私钥加解密

• http://tool.chacuo.net/cryptrsaprikey

snow隐写

• https://darkside.com.au/snow

tupper

• https://tuppers-formula.ovh/

与佛论禅加解密

• http://hi.pcmoe.net/buddha.html
• http://www.atoolbox.net/Tool.php?Id=1027
• http://www.keyfc.net/bbs/tools/tudoucode.aspx
• https://ctf.bugku.com/tool/todousharp

中文加密

• https://www.qqxiuzi.cn/bianma/wenbenjiami.php

仿射密码

• http://www.hiencode.com/affine.html
• https://www.boxentriq.com/code-breaking/affine-cipher
• https://www.wishingstarmoye.com/ctf/affinecipher

公钥解析

• http://www.hiencode.com/pub_asys.html

关键字密码

• http://www.hiencode.com/keyword.html

其他

• https://github.com/qianxiao996/ctf-knife
• https://www.cryptool.org/en/ct2/downloads/

兽音译者

• https://roar.iiilab.com/

凯撒密码(Caesar)

• http://moersima.00cha.net/kaisamima.asp
• http://www.hiencode.com/caesar.html
• https://ctf.bugku.com/tool/caesar

列移位密码

• http://www.hiencode.com/colum.html

博多密码

• https://www.boxentriq.com/code-breaking/baudot-code

博福特密码

• http://www.hiencode.com/beaufort.html

双密码

• http://www.hiencode.com/bifid.html

同音替代密码

• http://www.atoolbox.net/Tool.php?Id=919

哈希解密

• https://hashes.com/en/decrypt/hash
• https://www.cmd5.com
• https://www.onlinehashcrack.com/

哈希计算

• http://www.hiencode.com/hash.html

四方密码

• http://www.hiencode.com/four.html

国密SM加解密

• https://github.com/milu001/sm234_decrypt_gui

图像编码

• http://www.fzwjscj.xyz/index.php/archives/23/

埃特巴什码

• http://www.hiencode.com/atbash.html

培根密码

• http://www.hiencode.com/baconian.html

希尔加解密

• https://ctf.bugku.com/tool/hill

恩尼格玛密码机密码

• http://www.atoolbox.net/Tool.php?Id=993

摩尔斯电码

• http://www.hiencode.com/morse.html
• http://www.zhongguosou.com/zonghe/moErSiCodeConverter.aspx
• https://c5r.app/tools/morse-code
• https://ctfever.uniiem.com/tools/morse-code

敲击码

• http://ctf.ssleye.com/tapcode.html
• http://www.hiencode.com/tapcode.html

文件破解

• https://www.catpasswd.com/

文本盲水印

• https://github.com/guofei9987/text_blind_watermark

普莱菲尔密码

• http://www.hiencode.com/playfair.html

替换密码

• https://github.com/alexbers/substitution_cipher_solver

栅栏密码(RailFence)

• http://www.hiencode.com/railfence.html
• https://ctf.bugku.com/tool/railfence
• https://ctfever.uniiem.com/tools/rail-fence-cipher
• https://www.qqxiuzi.cn/bianma/zhalanmima.php

校验RSA密钥对

• http://tool.chacuo.net/cryptrsakeyvalid

模数生成Rsa公钥

• http://tool.chacuo.net/cryptrsamodulus2pkey

滚动密钥密码

• http://www.hiencode.com/runkey.html

猪圈密码(共济会密码)

• http://ctf.ssleye.com/pigpen.html
• http://www.hiencode.com/pigpen.html
• https://ctfever.uniiem.com/tools/pigpen

现代密码

GM

• https://github.com/JuneAndGreen/sm-crypto
• https://github.com/ZZMarquis/gmhelper

电报码

• https://www.qqxiuzi.cn/bianma/dianbao.php

百家姓加解密

• http://www.atoolbox.net/Tool.php?Id=1050
• https://api.dujin.org/baijiaxing/

社会主义核心价值观编码

• http://www.hiencode.com/cvencode.html
• https://c5r.app/tools/core-values-cipher
• https://ctf.bugku.com/tool/cvecode
• https://ctfever.uniiem.com/tools/core-values-cipher

私钥中提取公钥

• http://tool.chacuo.net/cryptgetpubkey

程序代码空白隐藏

• https://ideone.com/

简单换位密码

• http://www.hiencode.com/simple.html

维吉尼亚密码(vigenere)

• http://www.hiencode.com/vigenere.html
• https://ctf.bugku.com/tool/vigenere
• https://ctfever.uniiem.com/tools/vigenereCipher
• https://github.com/20142995/vigenere-solver
• https://www.guballa.de/vigenere-solver
• https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx
• https://www.qqxiuzi.cn/bianma/weijiniyamima.php

编解码综合

• https://github.com/20142995/bo_ctfcode
• https://github.com/Raka-loah/SRK-Toolbox
• https://github.com/guyoung/CaptfEncoder
• https://github.com/zhangqi-ulua/ConvertTools

编解码综合网站

• http://fbcs.bplaced.net/multi_encoder_decoder.html
• http://tools.sbbbb.cn/CyberChef/
• http://www.atoolbox.net/Category.php?Id=27
• http://www.hiencode.com/
• https://ctf.bugku.com/tools
• https://ctf.mzy0.com/CyberChef3/
• https://ctfever.uniiem.com/
• https://forum.ywhack.com/tools/CyberChef/
• https://tool.lu/
• https://www.wishingstarmoye.com/

自动密钥密码(autokey)

• http://www.atoolbox.net/Tool.php?Id=920
• http://www.hiencode.com/autokey.html
• https://github.com/hotzzzzy/breakautokey

进制转换

• http://www.hiencode.com/jinzhi.html

阴阳怪气编解码

• https://jiji.pro/yygq.js/

随机密码和密钥生成器

• http://www.atoolbox.net/Tool.php?Id=921

零宽隐写

• http://330k.github.io/misc_tools/unicode_steganography.html
• https://330k.github.io/misc_tools/unicode_steganography.html
• https://github.com/yuanfux/zero-width-lib
• https://www.guofei.site/pictures_for_blog/app/text_watermark/v1.html
• https://www.mzy0.com/ctftools/zerowidth1/
• https://www.mzy0.com/ctftools/zerowidth2/
• https://www.qqxiuzi.cn/bianma/yincangjiami.php
• https://yuanfux.github.io/zero-width-web/

音乐符号加密

• https://www.qqxiuzi.cn/bianma/wenbenjiami.php?s=yinyue

Misc

16进制编辑

• https://github.com/WerWolv/ImHex

二维码

• https://github.com/Merricx/qrazybox
• https://merri.cx/qrazybox/

二维码批量识别

• https://github.com/zfb132/QrScan

情报收集

航线图

• https://map.variflight.com
• https://zh.flightaware.com/live/flight/B7631/history/320

文件分析

• https://github.com/jaquadro/NBTExplorer
• https://github.com/jin-stuff/foremost
• https://learn.microsoft.com/zh-cn/sysinternals/downloads/strings

条形码识别

• https://xiazai.zol.com.cn/detail/35/345364.shtml

综合

• http://www.1o1o.xyz/bo_ctfcode.html
• https://github.com/Arinue/CTF-NetA
• https://github.com/Byxs20/PuzzleSolver
• https://github.com/Leon406/ToolsFx
• https://github.com/Moxin1044/qsnctf-python
• https://github.com/ReFirmLabs/binwalk
• https://github.com/qianxiao996/CTF-Tools

编解码

• https://github.com/0Chencc/CTFCrackTools
• https://github.com/Ciphey/Ciphey
• https://github.com/gchq/CyberChef
• https://github.com/ht0Ruial/TomatoTools

自动拼图

• https://github.com/JamesHoi/PuzzleSolver

隐写

• https://achorein.github.io/silenteye/
• https://www.bertnase.de/npiet
• https://www.petitcolas.net/steganography/mp3stego/

Reverse

IDA插件

• https://github.com/cha512/rust-reversing-helper
• https://github.com/harlamism/IdaClu
• https://github.com/sibears/IDAGolangHelper
• https://github.com/strazzere/golang_loader_assist

Java反编译

• https://github.com/Konloch/bytecode-viewer
• https://github.com/MountCloud/JavaDecompileTool-GUI
• https://github.com/Ppsoft1991/CodeReviewTools
• https://github.com/jar-analyzer/jar-analyzer
• https://github.com/leibnitz27/cfr

pyc逆向

• https://c5r.app/tools/pyc-decompiler
• https://ctfever.uniiem.com/tools/pyc-decompiler
• https://github.com/AngelKitty/stegosaurus
• https://github.com/extremecoders-re/pyinstxtractor
• https://github.com/rocky/python-uncompyle6

python逆向

• https://github.com/matiasb/unpy2exe
• https://github.com/pyinstxtractor/pyinstxtractor-ng
• https://github.com/serfend/pydumpck
• https://sourceforge.net/projects/easypythondecompiler

加壳

• https://github.com/DosX-dev/UPX-Patcher

安卓逆向

• https://github.com/GrowthEase/GameSentry
• https://github.com/skylot/jadx

查壳

• https://github.com/horsicq/DIE-engine

Web

HASH长度扩展攻击

• https://github.com/JoyChou93/md5-extension-attack
• https://github.com/LJY-21/Length_Extension_Attack_for_SM3.py
• https://github.com/Phantomn/HashPump
• https://github.com/eid3t1c/Hash_Extender
• https://github.com/iagox86/hash_extender
• https://github.com/shellfeel/hash-ext-attack

命令注入

• https://github.com/ProbiusOfficial/bashFuck

定向目录扫描

• https://github.com/OrangeWatermelon/ctf-wscan

笔记

• https://github.com/w181496/Web-CTF-Cheatsheet

相关资源

• http://www.ctftools.com/
• https://github.com/Aabyss-Team/CTF-Tools
• https://github.com/CTFd/CTFd
• https://github.com/Gu-f/CTFd_chinese_CN
• https://github.com/NewBee119/ctf_ics_traffic
• https://github.com/ProbiusOfficial/CTF-OS
• https://github.com/ProbiusOfficial/CTF-QuickStart
• https://github.com/ProbiusOfficial/CTFtools-wiki
• https://github.com/ProbiusOfficial/SecToolKit
• https://github.com/ctf-wiki/ctf-challenges
• https://github.com/ctf-wiki/ctf-tools
• https://github.com/ffffffff0x/BerylEnigma
• https://github.com/kitezzzGrim/CTF-Note
• https://github.com/sajjadium/ctf-archives
• https://hello-ctf.com/

其他

• https://issues.apache.org

常用软件

即时通讯

• https://github.com/igdmapps/igdm

图形图像

• https://github.com/Lymphatus/caesium-image-compressor
• https://pixpinapp.com/

效率办公

• https://github.com/20142995/scoop-search
• https://github.com/25H/Maya
• https://www.ghxi.com/beyondcompare.html
• https://www.ghxi.com/filelocator.html
• https://www.yuque.com/lucy/lucy/record

文本编辑

• https://github.com/cxasm/notepad--

浏览器

• https://www.google.com/chrome
• https://www.mozilla.org/firefox/

磁盘工具

• https://www.disktool.cn

系统优化

• https://github.com/Chuyu-Team/Dism-Multi-language
• https://mofang.ruanmei.com

系统工具

• https://www.sordum.org/downloads/?st-windows-update-blocker

编程环境

• https://www.oracle.com/java/

远程管理

• https://github.com/cinience/RedisStudio
• https://github.com/qishibo/AnotherRedisDesktopManager
• https://redis.io
• https://www.ghxi.com/navicat17.html

开发

Go

其他

• https://github.com/mozillazg/go-pinyin

Java

其他

• https://www.java.com/

Python

GUI框架

• https://github.com/Akascape/py-window-styles
• https://github.com/rdbende/Forest-ttk-theme

其他

• https://github.com/TomSchimansky/CustomTkinter
• https://github.com/curlconverter/curlconverter.github.io
• https://github.com/jackfrued/Python-100-Days
• https://github.com/jackzhenguo/python-small-examples
• https://github.com/mozillazg/python-pinyin
• https://github.com/spyoungtech/FreeSimpleGUI

web

接口测试

• https://github.com/hlmd/postman-cn

正则

• https://github.com/cdoco/common-regex

杂七杂八

APP合规

• https://github.com/TongchengOpenSource/AppScan
• https://github.com/zhengjim/camille

MySQL实时监控工具

• https://github.com/TheKingOfDuck/MySQLMonitor

Windows快捷启动工具

• https://dawnlauncher.com/

chatgpt

• https://github.com/LangLangShanDeNanKe/chatgpt
• https://github.com/dalinvip/Awesome-ChatGPT
• https://github.com/rockbenben/ChatGPT-Shortcut
• https://github.com/vincelwt/chatgpt-mac
• https://github.com/yzfly/awesome-chatgpt-zh

github加速

• https://github.com/dotnetcore/FastGithub

pppoe拦截

• https://github.com/akkuman/pppoe-intercept

代理抓包

• https://github.com/wanghongenpin/network_proxy_flutter

代理订阅管理

• https://github.com/2dust/clashN
• https://github.com/mzz2017/gg

修改MAC

• https://tech.wandersick.com/2019/06/chmac-windows-command-to-change-mac.html

修改文件时间

• http://www.softwareok.com/?seite=Microsoft/NewFileTime

做菜指南

• https://github.com/Anduin2017/HowToCook

克隆声音

• https://github.com/babysor/MockingBird

内网穿透

• https://github.com/LiangXiaoWei1024/net-penetrate-http-and-https-simple

动态口令

• https://github.com/mdp/rotp

区块链

• https://github.com/bxdoan/zksync-auto
• https://github.com/nftscripts/zksync
• https://github.com/zaivanza/all-in-one-v2
• https://github.com/zksync-sdk/zksync2-python

压测工具

• https://github.com/LinWin-Cloud/Easy-DDOS
• https://github.com/locustio/locust

大语言模型

• https://github.com/THUDM/ChatGLM3

安全思维脑图

• https://github.com/Ascotbe/HackerMind

定时任务管理平台

• https://github.com/whyour/qinglong

待分类

• http://www.cnblogs.com/SEC-fsq/p/5610981.html
• http://www.compression.ru/video
• http://www.everauto.net/cn/
• https://apifox.com
• https://app.interactsh.com
• https://b3log.org/siyuan
• https://blog.arae.cc/post/25830.html
• https://bluepointlilac.github.io/ContextMenuManager
• https://dotnet.microsoft.com/
• https://gitee.com/oschina/git-repo-clean
• https://github.com/7wkajk/Frchannel
• https://github.com/864381832/xJavaFxTool
• https://github.com/AlessandroZ/BeRoot
• https://github.com/Cuerz/CVE-2021-36260
• https://github.com/Dliv3/Venom
• https://github.com/Guardsquare/proguard
• https://github.com/IgorMundstein/WinMemoryCleaner
• https://github.com/Mikubill/transfer
• https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
• https://github.com/Nriver/trilium-translation
• https://github.com/SleepingBag945/dddd
• https://github.com/StudioEtrange/socat-windows
• https://github.com/WithSecureLabs/C3
• https://github.com/arch3rPro/Govenom
• https://github.com/chat2db/Chat2DB
• https://github.com/cobbr/Covenant
• https://github.com/depler/curl-impersonate-win
• https://github.com/docmirror/dev-sidecar
• https://github.com/elddy/NimScan
• https://github.com/flydoos/FeiShuRevokeMsgPatcher
• https://github.com/flydoos/WinASAR
• https://github.com/gellin/bantam
• https://github.com/go-gost/gost
• https://github.com/hrpzcf/HashCalculator
• https://github.com/huiyadanli/RevokeMsgPatcher
• https://github.com/instantsc/SimpleDnsCrypt
• https://github.com/iomoath/SharpStrike
• https://github.com/jattach/jattach
• https://github.com/jeessy2/ddns-go
• https://github.com/jondonas/linux-exploit-suggester-2
• https://github.com/kingToolbox/WindTerm
• https://github.com/laomms/PidKeyTool
• https://github.com/lwch/natpass
• https://github.com/m3n0sd0n4ld/GooFuzz
• https://github.com/michenriksen/gitrob
• https://github.com/nadoo/glider
• https://github.com/nodauf/Girsh
• https://github.com/openrport/openrport
• https://github.com/opsdisk/pagodo
• https://github.com/r00t-3xp10it/meterpeter
• https://github.com/rhaidiz/broxy
• https://github.com/rootkiter/Termite
• https://github.com/ropnop/kerbrute
• https://github.com/sairson/MateuszEx
• https://github.com/sameera-madushan/Print-My-Shell
• https://github.com/sensepost/godoh
• https://github.com/stefankueng/BowPad
• https://github.com/t1m0thyj/WinDynamicDesktop
• https://github.com/t3l3machus/psudohash
• https://github.com/utkusen/reqstress
• https://github.com/vi/websocat
• https://github.com/vicanso/cyberapi
• https://github.com/wapiti-scanner/wapiti
• https://github.com/wwh1004/ExtremeDumper
• https://github.com/xk11z/dirxk
• https://github.com/zan8in/pyxis
• https://github.com/zgao264/AirFly
• https://gobysec.net/
• https://hetty.xyz
• https://laragon.org/
• https://mkaring.github.io/ConfuserEx/
• https://npcap.com/
• https://pot-app.com
• https://rubickcenter.github.io
• https://sourceforge.net/projects/cudatext
• https://twitter.com/charles_gan1
• https://verycapture.com/cn/download.html
• https://winscp.net
• https://www.cpuid.com/softwares/cpu-z.html
• https://www.ed-x.cc/index.html
• https://www.emeditor.com/
• https://www.hostbuf.com/t/988.html
• https://www.invicti.com/
• https://www.isc.org/bind/
• https://www.jam-software.com/treesize
• https://www.phpenv.cn/
• https://www.postcat.com
• https://www.screentogif.com/
• https://www.shellterproject.com
• https://www.sordum.org/11081/hide-from-uninstall-list-v1-1/
• https://www.sordum.org/7615/
• https://www.sordum.org/8266/bluelifehosts-editor-v1-5/
• https://www.sordum.org/9182/window-topmost-control-v1-3/
• https://www.sordum.org/bluelife-keyfreeze
• https://www.sordum.org/downloads/?firewall-app-blocker
• https://www.sordum.org/downloads/?power-run
• https://www.sordum.org/downloads/?reg-converter
• https://www.sordum.org/downloads/?st-sordum-monitor-off
• https://www.terminal.icu/
• https://www.win.tue.nl/hashclash/

微信机器人

• https://github.com/ngc660sec/NGCBot

恶意网络流量模拟

• https://github.com/alphasoc/flightsim

抓包软件

• https://reqable.com/zh-CN/
• https://www.charlesproxy.com/
• https://www.httpdebugger.com/

报告模板

• https://github.com/awake1t/HackReport

按键精灵

• https://github.com/taojy123/KeymouseGo

数据库管理软件

• https://github.com/dbeaver/dbeaver

文件监控

• https://github.com/shack2/WindowsFileMonitor

文字识别

• https://github.com/hiroi-sora/Umi-OCR

本地知识库

• https://github.com/Mintplex-Labs/anything-llm
• https://github.com/chatchat-space/Langchain-Chatchat
• https://github.com/netease-youdao/QAnything

机器学习

• https://github.com/mdbloice/Augmentor
• https://github.com/sml2h3/dddd_trainer

歌声转换

• https://github.com/svc-develop-team/so-vits-svc

渗透测试报告辅助

• https://github.com/0x727/BugRepoter_0x727
• https://github.com/1u0Hun/SAReport
• https://github.com/Anof-cyber/APTRS
• https://github.com/CTF-MissFeng/report
• https://github.com/Mustard404/Savior
• https://github.com/dbgee/pentest_report
• https://github.com/linshaoSec/WaterExp

漏洞信息采集与推送

• https://github.com/zema1/watchvuln

激活工具

• https://github.com/massgravel/Microsoft-Activation-Scripts

生成虚假数据

• https://github.com/joke2k/faker

短信转发器

• https://github.com/pppscn/SmsForwarder

短信轰炸

• https://github.com/OpenEthan/SMSBoom

科学上网

• https://github.com/Jrohy/trojan
• https://github.com/aiboboxx/v2rayfree
• https://github.com/freefq/free
• https://github.com/v2rayA/v2rayA

签到脚本

• https://github.com/Sitoi/dailycheckin
• https://github.com/shufflewzc/faker3

网站压测工具

• https://github.com/EZLippi/WebBench
• https://github.com/baidu/dperf
• https://github.com/session-replay-tools/tcpburn

语音合成

• https://github.com/RVC-Boss/GPT-SoVITS
• https://github.com/myshell-ai/OpenVoice

软件及系统国内镜像

• https://github.com/eryajf/Thanks-Mirror

远程软件

• https://filezilla-project.org
• https://github.com/1Remote/1Remote
• https://github.com/FreeRDP/FreeRDP
• https://github.com/quasar/Quasar
• https://github.com/rustdesk/rustdesk

验证码生成

• https://github.com/fupinglee/Calculate_Captcha

验证码识别

• https://github.com/81NewArk/StupidOCR
• https://github.com/hellokuls/cnnyzm
• https://github.com/qianxiao996/code_identify

红队

Web漏洞利用库

OA产品漏洞

OA综合

• https://github.com/LittleBear4/OA-EXPTOOL
• https://github.com/achuna33/MYExploit
• https://github.com/wy876/WExploit

泛微OA

• https://github.com/AdministratorGithub/e-cology-OA-SQL
• https://github.com/NS-Sp4ce/Weaver-OA-E-cology-Database-Leak
• https://github.com/TD0U/WeaverScan
• https://github.com/bigsizeme/CNVD-2021-49104
• https://github.com/jas502n/DBconfigReader
• https://github.com/jas502n/e-cology

用友OA

• https://github.com/Chave0v0/YONYOU-TOOL
• https://github.com/li8u99/yonyou_exp_plus
• https://github.com/linshaoSec/SeeyonExploit-GUI
• https://github.com/novysodope/fupo_for_yonyou
• https://github.com/wafinfo/NCTOOls
• https://github.com/wgpsec/YongYouNcTool
• https://github.com/woodpecker-appstore/yonyou-nc-decrypter

致远OA

• https://github.com/God-Ok/SeeyonExploit-GUI
• https://github.com/RayScri/A8-OA-seeyon-RCE
• https://github.com/Rvn0xsy/PassDecode-jar
• https://github.com/Summer177/seeyon_exp

蓝凌OA

• https://github.com/tangxiaofeng7/Landray-OA-Treexml-Rce
• https://github.com/zhutougg/LandrayDES

通达OA

• https://github.com/Fu5r0dah/TongdaScan_go
• https://github.com/NS-Sp4ce/TongDaOA-Fake-User
• https://github.com/OA-HUNTER/TongDa-OA
• https://github.com/superneilcn/GUIEXPTools
• https://github.com/xiaokp7/TongdaOATool
• https://github.com/xinyu2428/TDOA_RCE

产品or组件or框架漏洞

ActiveMQ

• https://github.com/Arlenhiack/ActiveMQ-RCE-Exploit
• https://github.com/Hutt0n0/ActiveMqRCE
• https://github.com/JaneMandy/ActiveMQ_RCE_Pro_Max

Apache Airflow

• https://github.com/Mr-xn/CVE-2022-40127

Apache Dubbo

• https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp
• https://github.com/YYHYlh/Dubbo-Scan
• https://github.com/threedr3am/dubbo-exp

Apache Log4j

• https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
• https://github.com/apache/logging-log4j2
• https://github.com/fullhunt/log4j-scan
• https://github.com/google/log4jscanner
• https://github.com/inbug-team/Log4j_RCE_Tool
• https://github.com/jas502n/Log4j2-CVE-2021-44228
• https://github.com/k3rwin/log4j2-intranet-scan
• https://github.com/kozmer/log4j-shell-poc
• https://github.com/lijiejie/log4j2_vul_local_scanner

Apache OFBiz

• https://github.com/JaneMandy/CVE-2023-51467-Exploit

Apache Shiro

• https://github.com/Ares-X/shiro-exploit
• https://github.com/Ggasdfg321/shiro_check
• https://github.com/SummerSec/ShiroAttack2
• https://github.com/Y5neKO/ShiroEXP
• https://github.com/dr0op/shiro-550-with-NoCC
• https://github.com/feihong-cs/ShiroExploit-Deprecated
• https://github.com/j1anFen/shiro_attack
• https://github.com/jas502n/SHIRO-550
• https://github.com/jweny/shiro-cve-2020-17523
• https://github.com/safe6Sec/ShiroExp
• https://github.com/sma11new/Pyke-Shiro
• https://github.com/sv3nbeast/ShiroScan
• https://github.com/wyzxxz/shiro_rce_tool

Apache Solr

• https://github.com/1135/solr_exploit
• https://github.com/Henry4E36/Solr-SSRF
• https://github.com/Imanfeng/Apache-Solr-RCE
• https://github.com/jas502n/CVE-2019-0193
• https://github.com/jas502n/CVE-2019-12409
• https://github.com/jas502n/solr_rce
• https://github.com/mpgn/CVE-2019-0192
• https://github.com/veracode-research/solr-injection

Apache Struts2

• https://github.com/EvilPulsar/S2-061
• https://github.com/HatBoy/Struts2-Scan
• https://github.com/Lucifer1993/struts-scan
• https://github.com/OneSourceCat/s2-016-exp
• https://github.com/abc123info/Struts2VulsScanTools
• https://github.com/brianwrf/S2-053-CVE-2017-12611
• https://github.com/mazen160/struts-pwn
• https://github.com/mazen160/struts-pwn_CVE-2017-9805
• https://github.com/mazen160/struts-pwn_CVE-2018-11776
• https://github.com/ramoncjs3/CVE-2019-0230
• https://github.com/riusksk/StrutScan
• https://github.com/shack2/Struts2VulsTools
• https://github.com/sie504/Struts-S2-xxx
• https://github.com/wh1t3p1g/Struts2Environment
• https://github.com/xfiftyone/STS2G

Apache Superset

• https://github.com/horizon3ai/CVE-2023-27524

Apache Tomcat

• https://github.com/IdealDreamLast/CVE-2020-9484
• https://github.com/breaktoprotect/CVE-2017-12615
• https://github.com/cyberheartmi9/CVE-2017-12617
• https://github.com/errors11/TomcatVuln
• https://github.com/guguyu1/tomcat_password
• https://github.com/jas502n/CVE-2019-0232
• https://github.com/lizhianyuguangming/TomcatScanPro
• https://github.com/pyn3rd/CVE-2019-0232
• https://github.com/tpt11fb/AttackTomcat
• https://github.com/xiaokp7/Tomcat_PUT_GUI_EXP

CAS

• https://github.com/langligelang/CAS_EXP

Confluence

• https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
• https://github.com/Lotus6/ConfluenceMemshell

Coremail

• https://github.com/dpu/coremail-address-book

Druid

• https://github.com/yuyan-sec/druid_sessions

FastAdmin

• https://github.com/3xsh0re/FastAdmin-exp

Fastjson

• https://github.com/Lonely-night/fastjsonVul
• https://github.com/W1one/FastJsonAttack
• https://github.com/a1phaboy/FastjsonScan
• https://github.com/alibaba/fastjson
• https://github.com/bigsizeme/fastjson-check
• https://github.com/c0ny1/FastjsonExploit
• https://github.com/hosch3n/FastjsonVulns
• https://github.com/iSafeBlue/fastjson-autotype-bypass-demo
• https://github.com/mrknow001/fastjson_rec_exploit
• https://github.com/safe6Sec/Fastjson
• https://github.com/smallfox233/JsonExp

Frchannel

• https://github.com/yuxianzi/FrchannelPlus

GeoServer

• https://github.com/netuseradministrator/CVE-2024-36401
• https://github.com/whitebear-ch/GeoServerExploit

Grafana

• https://github.com/A-D-Team/grafanaExp

Hikvision

• https://github.com/Conan924/PostHikvision
• https://github.com/MInggongK/Hikvision-
• https://github.com/WormChickenWizard/hikvision-decrypter
• https://github.com/baogod404/HikvisionDecode
• https://github.com/wafinfo/Hikvision

IIS

• https://github.com/abc123info/iis7.5-10.x-ShortNameFuzz
• https://github.com/irsdl/IIS-ShortName-Scanner
• https://github.com/lijiejie/IIS_shortname_Scanner

JBoss

• https://github.com/20142995/JavaJboss
• https://github.com/joaomatosf/jexboss
• https://github.com/yunxu1/jboss-_CVE-2017-12149

Jeecg

• https://github.com/K-7H7l/Jeecg_Tools

JeecgBoot

• https://github.com/7wkajk/jeecgBootAttack
• https://github.com/MInggongK/jeecg-
• https://github.com/ssrsec/JeecgBoot-offline-brute

Jenkins

• https://github.com/TheBeastofwar/JenkinsExploit-GUI
• https://github.com/blackye/Jenkins
• https://github.com/charonlight/JenkinsExploitGUI
• https://github.com/convisolabs/CVE-2024-43044-jenkins
• https://github.com/xaitax/CVE-2024-23897

JumpServer

• https://github.com/tarihub/blackjump

Nacos

• https://github.com/Conan924/NacosExploit
• https://github.com/HKEcho5213/HKEcho_Nacos
• https://github.com/c0olw/NacosRce
• https://github.com/charonlight/NacosExploitGUI
• https://github.com/h0ny/NacosExploit

SmartBI

• https://github.com/yggo/SmartBIAttackTool

Spring Boot

• https://github.com/0x727/SpringBootExploit
• https://github.com/1150037361/SpringScan
• https://github.com/13exp/SpringBoot-Scan-GUI
• https://github.com/AabyssZG/SpringBoot-Scan
• https://github.com/CllmsyK/YYBaby-Spring_Scan
• https://github.com/Muhansrc/springboot_scan
• https://github.com/SummerSec/SpringExploit
• https://github.com/charonlight/SpringExploitGUI
• https://github.com/light-Life/CVE-2022-22965-GUItools
• https://github.com/savior-only/Spring_All_Reachable
• https://github.com/wh1t3zer/SpringBootVul-GUI
• https://github.com/whwlsfb/SpringSpider

ThinkCMF

• https://github.com/jas502n/ThinkCMF_getshell

Thinkphp

• https://github.com/AgonySec/ThinkPHPGUI
• https://github.com/Lotus6/ThinkphpGUI
• https://github.com/Lucifer1993/TPscan
• https://github.com/Mochazz/ThinkPHP-Vuln
• https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection
• https://github.com/XiLitter/Tp_Attack_GUI
• https://github.com/bewhale/thinkphp_gui_tools
• https://github.com/bingtangbanli/VulnerabilityTools
• https://github.com/guguyu1/thinkphp-rce-gui
• https://github.com/karsonzhang/fastadmin
• https://github.com/sukabuliet/ThinkphpRCE
• https://github.com/theLSA/tp5-getshell
• https://github.com/whirlwind110/tphack
• https://github.com/zangcc/Aazhen-RexHa
• https://github.com/zoujingli/ThinkAdmin

Weblogic

• https://github.com/0xn0ne/weblogicScanner
• https://github.com/1337g/CVE-2017-10271
• https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814
• https://github.com/Ch1ngg/WebLogicPasswordDecryptorUi
• https://github.com/KimJun1010/WeblogicTool
• https://github.com/LandGrey/CVE-2018-2894
• https://github.com/QAX-A-Team/WeblogicEnvironment
• https://github.com/TideSec/Decrypt_Weblogic_Password
• https://github.com/Y4er/CVE-2020-14645
• https://github.com/Y4er/CVE-2020-14756
• https://github.com/Y4er/CVE-2020-2551
• https://github.com/Y4er/CVE-2020-2555
• https://github.com/Y4er/CVE-2020-2883
• https://github.com/black-mirror/Weblogic
• https://github.com/dadvlingd/CVE-2024-21006
• https://github.com/dr0op/WeblogicScan
• https://github.com/dream0x01/weblogic-framework
• https://github.com/hktalent/CVE-2020-2551
• https://github.com/jas502n/CNVD-C-2019-48814
• https://github.com/jas502n/CVE-2019-2890
• https://github.com/jas502n/CVE-2020-2551
• https://github.com/jas502n/cve-2019-2618
• https://github.com/rabbitmask/WeblogicScanLot
• https://github.com/shack2/javaserializetools
• https://github.com/sp4zcmd/WeblogicExploit-GUI

XXL-JOB

• https://github.com/Anthony558238/xxl-job-exp
• https://github.com/charonlight/xxl-jobExploitGUI
• https://github.com/pureqh/xxl-job-attack

YApi

• https://github.com/Tas9er/YApiRCE

django

• https://github.com/jimywork/djangohunter

docker

• https://github.com/0xchang/DockerApiRCE
• https://github.com/Janhsu/DockerAPITool

joom

• https://github.com/OWASP/joomscan

vmware

• https://github.com/NS-Sp4ce/Vm4J
• https://github.com/Schira4396/VcenterKiller

wordpress

• https://github.com/Jamalc0m/wphunter
• https://github.com/swisskyrepo/Wordpresscan

亿赛通

• https://github.com/CRlife/YisaiExploitGUI

大华

• https://github.com/MInggongK/dahuaExploitGUI
• https://github.com/mcw0/DahuaConsole

帆软

• https://github.com/BambiZombie/FrchannelPlus
• https://github.com/yecp181/Frchannel

禅道

• https://github.com/charonlight/ZentaoExploitGUI

若依

• https://github.com/20142995/ruoyiVuln
• https://github.com/charonlight/RuoYiExploitGUI

赛蓝企业管理系统

• https://github.com/Seven1an/CailsoftVulCheck

飞企互联平台

• https://github.com/M0untainShley/FEExploit

信息泄露漏洞

.DS_Store泄露

• https://github.com/lijiejie/ds_store_exp

.git泄露

• https://github.com/BugScanTeam/GitHack
• https://github.com/WangYihang/GitHacker
• https://github.com/arthaud/git-dumper
• https://github.com/denny0223/scrabble
• https://github.com/gakki429/Git_Extract
• https://github.com/lijiejie/GitHack
• https://github.com/obheda12/GitDorker

.svn泄露

• https://github.com/admintony/svnExploit
• https://github.com/shengqi158/svnhack

ViewState

• https://github.com/raise-isayan/ViewStateDecoder

Webpack接口

• https://github.com/Lz1y/SourceDetector-dist
• https://github.com/rtcatc/Packer-Fuzzer

heapdump泄露

• https://github.com/20142995/heapdump_tool
• https://github.com/whwlsfb/JDumpSpider
• https://github.com/wyzxxz/heapdump_tool

idea

• https://github.com/lijiejie/idea_exploit

key泄露

• https://github.com/NS-Sp4ce/AliyunAccessKeyTools
• https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools
• https://github.com/dark-kingA/cloudTools
• https://github.com/jdr2021/OSSFileBrowse
• https://github.com/kohlersbtuh15/accesskey_tools
• https://github.com/libaibaia/cloudSec
• https://github.com/mrknow001/API-Explorer
• https://github.com/mrknow001/aliyun-accesskey-Tools
• https://github.com/pykiller/API-T00L
• https://github.com/wyzxxz/aksk_tool

swagger接口

• https://github.com/jayus0821/swagger-hack
• https://github.com/lijiejie/swagger-exp

代码泄露综合

• https://github.com/0xHJK/dumpall
• https://github.com/kost/dvcs-ripper

敏感数据泄露

• https://github.com/KathanP19/JSFScan.sh
• https://github.com/MrEmpy/Mantra
• https://github.com/m4ll0k/SecretFinder

邮件密码泄露

• https://github.com/D4Vinci/Cr3dOv3r

其他

• https://github.com/f0ng/poc2jar
• https://github.com/gojue/muou

半自动化漏洞利用

• https://github.com/R4gd0ll/I-Wanna-Get-All
• https://github.com/abc123info/EquationToolsGUI
• https://github.com/gobysec/Goby
• https://github.com/lz520520/railgun
• https://github.com/niudaii/zpscan

在线辅助

DNSLOG平台

• http://ceye.io
• http://dnslog.pw/
• http://dnslog.pw/login
• http://eyes.sh
• http://www.dnslog.cn
• https://app.interactsh.com/#/
• https://dig.pm
• https://dig.pm/
• https://github.com/0x584A/Plumb
• https://www.callback.red
• https://www.t00ls.com/dnslog.html

匿名短信

• https://5sim.net/
• https://sms-activate.org/
• https://voice.google.com/

匿名网盘

• https://app.mediafire.com/
• https://app.tmp.link/
• https://catbox.moe/
• https://cowtransfer.com/
• https://gofile.io/
• https://www.wenshushu.cn/

匿名邮箱

• http://24mail.chacuo.net/
• https://mail.protonmail.com/
• https://temp-mail.org/
• https://tools.emailhippo.com/
• https://www.snapmail.cc/
• https://www.storytrain.info/

反弹shell

• https://forum.ywhack.com/shell.php

文件下载

• https://forum.ywhack.com/bountytips.php?download

杀软进程识别

• https://forum.ywhack.com/bountytips.php?process

子域接管

• https://github.com/Ice3man543/SubOver

常规web漏洞

CLRF

• https://github.com/Raghavd3v/CRLFsuite

CORS

• https://github.com/chenjj/CORScanner

DOS

• https://github.com/shekyan/slowhttptest

JWT

• https://github.com/3v4Si0N/RS256-2-HS256
• https://github.com/Aiyflowers/JWT_GUI
• https://github.com/Ch1ngg/JWTPyCrack
• https://github.com/andresriancho/jwt-fuzzer
• https://github.com/brendan-rius/c-jwt-cracker
• https://github.com/hahwul/jwt-hack
• https://github.com/ozzi-/JWT4B
• https://github.com/ticarpi/jwt_tool

SQL注入

• https://github.com/0xbug/SQLiScanner
• https://github.com/BugFor-Pings/CN_Sqlmap
• https://github.com/CiscoCXSecurity/bbqsql
• https://github.com/JohnTroony/Blisqy
• https://github.com/NetSPI/PowerUpSQL
• https://github.com/WhitewidowScanner/whitewidow
• https://github.com/agienka/blindy
• https://github.com/aleenzz/MSSQL_SQL_BYPASS_WIKI
• https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI
• https://github.com/co01cat/SqlmapXPlus
• https://github.com/codingo/NoSQLMap
• https://github.com/fengxuangit/Fox-scan
• https://github.com/honmashironeko/sqlmap-gui
• https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
• https://github.com/payloadbox/sql-injection-payload-list
• https://github.com/r0oth3x49/ghauri
• https://github.com/ron190/jsql-injection
• https://github.com/s0md3v/sqlmate
• https://github.com/shack2/SuperSQLInjectionV1
• https://github.com/sqlmapproject/sqlmap
• https://github.com/stamparm/DSSS
• https://github.com/stampery/mongoaudit
• https://github.com/tariqhawis/injectbot
• https://github.com/the-robot/sqliv
• https://github.com/torque59/Nosql-Exploitation-Framework
• https://github.com/youngyangyang04/NoSQLAttack
• https://sqlmap.org/

SSRF

• https://github.com/ksharinarayanan/SSRFire
• https://github.com/swisskyrepo/SSRFmap
• https://github.com/teknogeek/ssrf-sheriff

SSTI

• https://github.com/Marven11/Fenjing
• https://github.com/VikasVarshney/ssti-payload
• https://github.com/epinna/tplmap
• https://github.com/vladko312/SSTImap

XSS

• https://github.com/1N3/XSSTracer
• https://github.com/78778443/xssplatform
• https://github.com/BlackHole1/autoFindXssAndCsrf
• https://github.com/DanMcInerney/xsscrapy
• https://github.com/Q2h1Cg/xss_scan
• https://github.com/RenwaX23/XSSTRON
• https://github.com/beefproject/beef
• https://github.com/dwisiswant0/findom-xss
• https://github.com/evilcos/xssor
• https://github.com/evilcos/xssor2
• https://github.com/fcavallarin/domdig
• https://github.com/hahwul/dalfox
• https://github.com/lwzSoviet/NoXss
• https://github.com/pwn0sec/PwnXSS
• https://github.com/s0md3v/XSStrike
• https://github.com/shogunlab/shuriken
• https://github.com/stamparm/DSXS
• https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking

XXE

• https://github.com/BuffaloWill/oxml_xxe
• https://github.com/enjoiz/XXEinjector
• https://github.com/whitel1st/docem

csrf

• https://github.com/ot-jerry-welch/owaspcsrftester

lfi

• https://github.com/D35m0nd142/LFISuite
• https://github.com/OsandaMalith/LFiFreak
• https://github.com/hansmach1ne/lfimap

rce

• https://github.com/W0r1d-Pr1nt/RCEmap

upload

• https://github.com/3xp10it/xupload
• https://github.com/almandin/fuxploider

命令注入

• https://github.com/commixproject/commix

文件包含

• https://github.com/mzfr/liffy

解析漏洞

Nginx

• https://github.com/stark0de/nginxpwner

漏洞利用框架

• https://github.com/mifine666/miscan
• https://github.com/woodpecker-framework/woodpecker-framework-release

漏洞利用辅助

• https://github.com/0x727/JNDIExploit
• https://github.com/AabyssZG/BinaryCutting-Tool
• https://github.com/AbelChe/cola_dnslog
• https://github.com/AlphabugX/Alphalog
• https://github.com/Ar3h/putter
• https://github.com/B0T1eR/ysoSimple
• https://github.com/BugScanTeam/DNSLog
• https://github.com/Li4n0/revsuit
• https://github.com/Lotus6/ysoserial
• https://github.com/Mr-xn/JNDIExploit-1
• https://github.com/X1r0z/JNDIMap
• https://github.com/Y4er/ysoserial
• https://github.com/ambionics/phpggc
• https://github.com/cckuailong/JNDI-Injection-Exploit-Plus
• https://github.com/chasingboy/Xtools
• https://github.com/chennqqi/godnslog
• https://github.com/cseroad/Exp-Tools
• https://github.com/doimet/AuxTools
• https://github.com/exp1orer/JNDI-Inject-Exploit
• https://github.com/frohoff/ysoserial
• https://github.com/lanyi1998/DNSlog-GO
• https://github.com/mbechler/marshalsec
• https://github.com/pap1rman/JNDIExploit-modify
• https://github.com/pimps/JNDI-Exploit-Kit
• https://github.com/pwntester/ysoserial.net
• https://github.com/qi4L/JYso
• https://github.com/qianxiao996/R-Knife
• https://github.com/r00tSe7en/JNDIMonitor
• https://github.com/rebeyond/JNDInjector
• https://github.com/sml2h3/ddddocr
• https://github.com/su18/ysoserial
• https://github.com/tarunkant/Gopherus
• https://github.com/welk1n/JNDI-Injection-Exploit
• https://github.com/wh1t3p1g/ysomap
• https://github.com/woodpecker-framework/ysoserial-for-woodpecker
• https://github.com/wuba/Antenna
• https://github.com/wyzxxz/jndi_tool
• https://github.com/yumusb/DNSLog-Platform-Golang

漏洞文库

• http://wooyun.2xss.cc/index.php
• https://github.com/Ares-X/VulWiki
• https://github.com/Awrrays/FrameVul
• https://github.com/BaizeSec/bylibrary
• https://github.com/Cuerz/PoC-ExP
• https://github.com/DVPNET/Report_Public
• https://github.com/KayCHENvip/vulnerability-poc
• https://github.com/PeiQi0/PeiQi-WIKI-Book
• https://github.com/ScarecrowSec/WiKi
• https://github.com/SexyBeast233/SecBooks
• https://github.com/Threekiii/Awesome-POC
• https://github.com/Threekiii/Vulhub-Reproduce
• https://github.com/Threekiii/Vulnerability-Wiki
• https://github.com/cckuailong/vulbase
• https://github.com/heise5yuetian/yougar0.github.io
• https://github.com/light-Life/BUG-Pocket
• https://github.com/neargle/my-re0-k8s-security
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/r0eXpeR/redteam_vul
• https://github.com/wy876/POC
• https://github.com/wy876/wiki
• https://peiqi.wgpsec.org/wiki/system/
• https://wiki.teamssix.com/About/

漏洞检测利用仓库

• https://github.com/1n7erface/PocList
• https://github.com/DawnFlame/POChouse
• https://github.com/FiloSottile/CVE-2016-2107
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/Y1-K1NG/poc_exp
• https://github.com/coffeehb/Some-PoC-oR-ExP
• https://github.com/cve-search/cve-search
• https://github.com/fjserna/CVE-2015-7547
• https://github.com/helloexp/0day
• https://github.com/lal0ne/vulnerability
• https://github.com/onewinner/VulToolsKit
• https://github.com/vlad902/hacking-team-windows-kernel-lpe
• https://github.com/wjl110/CVE-Master
• https://github.com/ycdxsb/PocOrExp_in_Github
• https://github.com/zhzyker/exphub

综合

• https://github.com/Liqunkit/LiqunKit_
• https://github.com/MKID1412/MoonLight
• https://github.com/P1nganD/Rookie
• https://github.com/doki-byte/EasyTools
• https://github.com/fupinglee/JavaTools
• https://github.com/nicolas-carolo/houndsploit
• https://github.com/pureqh/Hyacinth
• https://github.com/vulnersCom/getsploit
• https://github.com/yhy0/ExpDemo-JavaFX
• https://gitlab.com/exploit-database/exploitdb
• https://projectdiscovery.io

编辑器漏洞

UEditor

• https://github.com/Tas9er/UEditorGetShell

辅助

反弹shell

• https://github.com/0dayCTF/reverse-shell-generator
• https://github.com/3v4Si0N/HTTP-revshell

重点CMS利用

• https://github.com/CHYbeta/cmsPoc
• https://github.com/Dionach/CMSmap
• https://github.com/Q2h1Cg/CMS-Exploit-Framework
• https://github.com/SecWiki/CMS-Hunter
• https://github.com/SuperZero/CVE-2023-33246
• https://github.com/Tas9er/EgGateWayGetShell
• https://github.com/White-hua/Apt_t00ls
• https://github.com/YinWC/2021hvv_vul
• https://github.com/blackcrw/wpreconx
• https://github.com/qi4L/QVD-2023-13065
• https://github.com/rastating/wordpress-exploit-framework
• https://github.com/wpscanteam/wpscan
• https://github.com/z1un/weaver_exp

Web漏洞利用库（在线）

• https://www.exploit-db.com

Web漏洞发现库

中间件&框架漏洞扫描

• https://github.com/0x48piraj/Jiraffe
• https://github.com/Weik1/Artillery
• https://github.com/attacker-codeninja/wprecon
• https://github.com/rabbitmask/WeblogicScan
• https://github.com/woodpecker-appstore/weblogic-infodetector

代码审计

go

• https://github.com/praetorian-inc/gokart
• https://github.com/qax-os/goreporter
• https://github.com/securego/gosec

java

• https://github.com/4ra1n/code-inspector
• https://github.com/HXSecurity/DongTai
• https://github.com/ffffffff0x/JVWA
• https://github.com/find-sec-bugs/find-sec-bugs
• https://github.com/github/codeql-cli-binaries
• https://github.com/jar-analyzer/jar-analyzer-v1-gui
• https://github.com/javaweb-sec/javaweb-sec
• https://github.com/momosecurity/momo-code-sec-inspector-java
• https://github.com/pascal-lab/Tai-e
• https://github.com/webraybtl/CodeQLpy
• https://github.com/wh1t3p1g/tabby
• https://github.com/zsdlove/Hades

nodejs

• https://github.com/ajinabraham/NodeJsScan

other

• https://github.com/FeeiCN/Cobra
• https://github.com/Kento-Sec/chatGPT-CodeReview
• https://github.com/LoRexxar/Kunlun-M
• https://github.com/liweibin123/fortify
• https://github.com/murphysecurity/murphysec
• https://github.com/vsdwef/StarCodeSecurity
• https://sourceforge.net/projects/visualcodegrepp/
• https://www.sonarqube.org

php

• http://rips-scanner.sourceforge.net
• https://github.com/OneSourceCat/phpvulhunter
• https://github.com/Qihoo360/phptrace
• https://github.com/emanuil/php-reaper
• https://github.com/f1tz/cnseay
• https://github.com/lowjoel/phortress

python

• https://github.com/MisakiKata/python_code_audit
• https://github.com/PyCQA/bandit
• https://github.com/bit4woo/python_sec
• https://github.com/python-security/pyt
• https://github.com/shengqi158/pyvulhunter

信息泄露监控

• https://github.com/4x99/code6
• https://github.com/madneal/gshark

半自动漏洞扫描

• https://github.com/1N3/Sn1per
• https://github.com/1in9e/gosint
• https://github.com/78778443/QingScan
• https://github.com/Bywalks/DarkAngel
• https://github.com/RASSec/pentestER-Fully-automatic-scanner
• https://github.com/Skycrab/leakScan
• https://github.com/StarCrossPortal/QingTing
• https://github.com/TideSec/Mars
• https://github.com/TideSec/WDScanner
• https://github.com/Tuhinshubhra/RED_HAWK
• https://github.com/YalcinYolalan/WSSAT
• https://github.com/amcai/myscan
• https://github.com/anouarbensaad/vulnx
• https://github.com/az0ne/AZScanner
• https://github.com/b0bac/ApolloScanner
• https://github.com/broken5/bscan
• https://github.com/chaitin/xray
• https://github.com/d3ckx1/Fvuln
• https://github.com/dermotblair/webvulscan
• https://github.com/google/tsunami-security-scanner
• https://github.com/hatRiot/clusterd
• https://github.com/iceyhexman/onlinetools
• https://github.com/infobyte/faraday
• https://github.com/j3ssie/Osmedeus
• https://github.com/jaeles-project/jaeles
• https://github.com/lijiejie/EasyPen
• https://github.com/m-sec-org/EZ
• https://github.com/michenriksen/aquatone
• https://github.com/netxfly/passive_scan
• https://github.com/olacabs/jackhammer
• https://github.com/projectdiscovery/nuclei
• https://github.com/qiuluo-oss/Tiger
• https://github.com/r3curs1v3-pr0xy/vajra
• https://github.com/s0md3v/Striker
• https://github.com/six2dez/reconftw
• https://github.com/superhedgy/AttackSurfaceMapper
• https://github.com/tongcheng-security-team/NextScan
• https://github.com/toyakula/luna
• https://github.com/tr0uble-mAker/POC-bomber
• https://github.com/w-digital-scanner/w13scan
• https://github.com/yhy0/Jie
• https://github.com/yqcs/prismx
• https://github.com/ysrc/GourdScanV2
• https://github.com/zan8in/afrog
• https://github.com/zhangzhenfeng/AnyScan
• https://github.com/zhzyker/vulmap
• https://scan4all.51pwn.com

口令爆破

• https://github.com/0-sec/zero-crack
• https://github.com/20142995/dpdd
• https://github.com/22XploiterCrew-Team/WpCrack
• https://github.com/7kbstorm/7kbscan-RDP-Sniper
• https://github.com/BBD-YZZ/week-passwd
• https://github.com/Fly-Playgroud/Boom
• https://github.com/Mebus/cupp
• https://github.com/TideSec/web_pwd_common_crack
• https://github.com/awake1t/PortBrute
• https://github.com/baihengaead/wifi-crack-tool
• https://github.com/duyet/bruteforce-database
• https://github.com/f0cker/crackq
• https://github.com/gubeihc/blasting
• https://github.com/koutto/web-brutator
• https://github.com/lijiejie/htpwdScan
• https://github.com/maaaaz/thc-hydra-windows
• https://github.com/netxfly/crack_ssh
• https://github.com/netxfly/x-crack
• https://github.com/nodauf/GoMapEnum
• https://github.com/opabravo/mass-bruter
• https://github.com/openwall/john
• https://github.com/openwall/johnny
• https://github.com/pwnesia/ssb
• https://github.com/rm1984/IMAPLoginTester
• https://github.com/shack2/SNETCracker
• https://github.com/shack2/WPCracker
• https://github.com/shengqi158/weak_password_detect
• https://github.com/vanhauser-thc/thc-hydra
• https://github.com/yzddmr6/WebCrack
• https://openwall.info/wiki/john/johnny
• https://sourceforge.net/projects/sevenzcracker/
• https://www.openwall.com/john/

大模型安全

• https://github.com/leondz/garak
• https://github.com/mnns/LLMFuzzer
• https://github.com/protectai/rebuff

安卓抓包辅助

• https://github.com/r0ysue/r0capture

安卓漏洞扫描

• https://github.com/bytedance/appshark

容器和集群

• https://github.com/cr0hn/dockerscan
• https://github.com/cyberark/KubiScan
• https://github.com/deepfence/SecretScanner
• https://github.com/deepfence/ThreatMapper
• https://github.com/kubescape/kubescape
• https://github.com/kvesta/vesta

微信小程序辅助

• https://github.com/wux1an/wxapkg

智能合约安全

• https://github.com/ConsenSys/mythril
• https://github.com/enzymefinance/oyente
• https://github.com/eth-sri/securify2
• https://github.com/ivicanikolicsg/MAIAN
• https://github.com/smartdec/smartcheck

漏洞发现

• https://github.com/0xsauby/yasuo
• https://github.com/Lucifer1993/AngelSword
• https://github.com/jorhelp/Ingram
• https://github.com/v3n0m-Scanner/V3n0M-Scanner

漏洞扫描

• http://blog.topsec.com.cn/ad_lab/alphafuzzer/
• http://llvm.org/docs/LibFuzzer.html
• https://github.com/0x4D31/salt-scanner
• https://github.com/1N3/BlackWidow
• https://github.com/M4DM0e/BadMod
• https://github.com/Moham3dRiahi/XAttacker
• https://github.com/OWASP/vbscan
• https://github.com/RetireJS/grunt-retire
• https://github.com/Tuhinshubhra/CMSeeK
• https://github.com/andresriancho/w3af
• https://github.com/aquasecurity/cloudsploit
• https://github.com/attekett/NodeFuzz
• https://github.com/code-scan/dzscan
• https://github.com/future-architect/vuls
• https://github.com/google/oss-fuzz
• https://github.com/hahwul/a2sv
• https://github.com/httpie/cli
• https://github.com/ivanfratric/winafl
• https://github.com/khalilbijjou/WAFNinja
• https://github.com/m0nad/HellRaiser
• https://github.com/mgeeky/tomcatWarDeployer
• https://github.com/owtf/wafbypasser
• https://github.com/radenvodka/SVScanner
• https://github.com/retirejs/retire.js
• https://github.com/riusksk/FlashScanner
• https://github.com/santoru/shcheck
• https://github.com/sullo/nikto
• https://github.com/vulmon/Vulmap

漏洞扫描框架

• https://docs.xray.cool
• https://github.com/0xInfection/TIDoS-Framework
• https://github.com/80vul/phpcodz
• https://github.com/AmyangXYZ/AssassinGo
• https://github.com/GoSecure/php7-opcache-override
• https://github.com/Guoke324/Godscan
• https://github.com/Janhsu/oday
• https://github.com/Manisso/fsociety
• https://github.com/Safe3/CVS
• https://github.com/TophantTechnology/osprey
• https://github.com/XcodeGhostSource/XcodeGhost
• https://github.com/Xyntax/POC-T
• https://github.com/alienwithin/OWASP-mth3l3m3nt-framework
• https://github.com/bcvgh/daydayEXP
• https://github.com/bigblackhat/oFx
• https://github.com/bit4woo/Fiora
• https://github.com/blackye/BkScanner
• https://github.com/blackye/lalascan
• https://github.com/brianwrf/hackUtils
• https://github.com/chaitin/xpoc
• https://github.com/ciscocsirt/malspider
• https://github.com/codejanus/ToolSuite
• https://github.com/erevus-cn/pocscan
• https://github.com/foxglovesec/JavaUnserializeExploits
• https://github.com/hi-unc1e/POC-T
• https://github.com/joker25000/Optiva-Framework
• https://github.com/jweny/pocassist
• https://github.com/knownsec/Pocsuite
• https://github.com/knownsec/pocsuite3
• https://github.com/leonteale/pentestpackage
• https://github.com/lijiaxing1997/Gr33k
• https://github.com/m4n3dw0lf/PytheM
• https://github.com/n0tr00t/Beebeeto-framework
• https://github.com/offensive-security/exploitdb
• https://github.com/opensec-cn/kunpeng
• https://github.com/qianxiao996/FrameScan-GUI
• https://github.com/samratashok/nishang
• https://github.com/seungsoo-lee/DELTA
• https://github.com/w-digital-scanner/w9scan
• https://github.com/x364e3ab6/DudeSuite
• https://github.com/yaklang/yakit
• https://github.com/yangbh/Hammer
• https://github.com/zaproxy/zaproxy
• https://nuclei.projectdiscovery.io

云K8S基线核查

• https://github.com/aquasecurity/kube-bench

云K8S漏洞扫描

• https://github.com/aquasecurity/kube-hunter

云云原生安全平台

• https://github.com/Rnalter/ThunderCloud
• https://github.com/containerd/containerd
• https://github.com/neuvector/neuvector

云云原生攻防靶场

• https://github.com/Metarget/metarget

云容器安全扫描

• https://github.com/aquasecurity/trivy

云容器安全检测工具

• https://github.com/chaitin/veinmind-tools

云容器漏洞分析工具

• https://github.com/quay/clair

云容器漏洞利用工具

• https://github.com/cdk-team/CDK

云容器逃逸检测工具

• https://github.com/teamssix/container-escape-check

云容器镜像扫描

• https://github.com/anchore/grype
• https://github.com/anchore/syft

云相关资源

• https://github.com/iknowjason/Awesome-CloudSec-Labs

信息收集

CDN识别

• https://github.com/alwaystest18/cdnChecker
• https://github.com/boy-hack/w8fuckcdn
• https://github.com/ccc-f/FCDN

C段信息收集

• https://github.com/SleepingBag945/IPSearch
• https://github.com/Xyntax/BingC

IP反查域名

• http://s.tool.chinaz.com/same
• https://dns.aizhan.com/
• https://dnslytics.com/reverse-ip
• https://github.com/Lengso/iplookup
• https://github.com/yuyudhn/reverseip_py
• https://hackertarget.com/reverse-ip-lookup/
• https://rapiddns.io/sameip
• https://reverseip.domaintools.com/
• https://site.ip138.com/
• https://tools.ipip.net/ipdomain.php
• https://viewdns.info/reverseip/
• https://www.webscan.cc/
• https://www.yougetsignal.com/tools/web-sites-on-web-server/
• https://x.threatbook.com/

IP定位

• https://www.ipuu.net/Home

WAF识别

• https://github.com/Ekultek/WhatWaf
• https://github.com/EnableSecurity/wafw00f
• https://github.com/stamparm/identYwaf

WHOIS查询

• http://whois.alexa.cn/
• https://learn.microsoft.com/sysinternals/downloads/whois
• https://sg.godaddy.com/zh/whois
• https://who.cx/
• https://whois.aizhan.com/
• https://whois.aliyun.com/
• https://whois.chinaz.com/
• https://whois.cloud.tencent.com/
• https://www.whois.com/whois/
• https://x.threatbook.cn/

apk

• https://github.com/Anof-cyber/apkleaks
• https://github.com/MobSF/Mobile-Security-Framework-MobSF
• https://github.com/TheKingOfDuck/ApkAnalyser
• https://github.com/dwisiswant0/apkleaks
• https://github.com/sulab999/AppMessenger
• https://www.ghxi.com/apkinfo.html

企业信息收集

• https://github.com/SiJiDo/IEyes
• https://github.com/wgpsec/ENScan_GO

信息提取

• https://github.com/mstxq17/MoreFind

反查域名

• https://github.com/Potato-py/ipInfoSearch

域名信息查询

• https://github.com/z-bool/QueryTools

子域名收集

• https://github.com/3nock/OTE
• https://github.com/Chora10/FuzzDomain
• https://github.com/FeeiCN/ESD
• https://github.com/LangziFun/LangSrcCurise
• https://github.com/Q2h1Cg/dnsbrute
• https://github.com/TebbaaX/GRecon
• https://github.com/TheRook/subbrute
• https://github.com/TypeError/domained
• https://github.com/We5ter/GSDF
• https://github.com/aboul3la/Sublist3r
• https://github.com/bit4woo/Teemo
• https://github.com/boy-hack/ksubdomain
• https://github.com/code-scan/BroDomain
• https://github.com/euphrat1ca/LayerDomainFinder
• https://github.com/evilsocket/dnssearch
• https://github.com/guelfoweb/knock
• https://github.com/gwen001/github-subdomains
• https://github.com/jonluca/Anubis
• https://github.com/knownsec/ct
• https://github.com/knownsec/ksubdomain
• https://github.com/laramies/theHarvester
• https://github.com/le4f/dnsmaper
• https://github.com/lijiejie/subDomainsBrute
• https://github.com/mandatoryprogrammer/cloudflare_enum
• https://github.com/n4xh4ck5/N4xD0rk
• https://github.com/nmalcolm/Inventus
• https://github.com/projectdiscovery/subfinder
• https://github.com/ring04h/wydomain
• https://github.com/shmilylty/OneForAll
• https://github.com/yanxiu0614/subdomain3
• https://github.com/yunxu1/dnsub
• https://rapiddns.io/subdomain

小程序信息收集

• https://github.com/BlackTrace/pc_wxapkg_decrypt
• https://github.com/ezshine/wxapkg-convertor
• https://github.com/jdr2021/wxapkgUnpack
• https://github.com/kristyzhy/wxapkg_infosearch
• https://github.com/moyuwa/wechat_appinfo_wxapkg

指纹识别

• http://finger.tidesec.net/
• https://0x727.github.io/ObserverWard/
• https://fp.shuziguanxing.com/#/
• https://github.com/0x727/FingerprintHub
• https://github.com/0x727/ObserverWard
• https://github.com/EASY233/Finger
• https://github.com/EdgeSecurityTeam/EHole
• https://github.com/Funsiooo/chunsou
• https://github.com/Ghr07h/Heimdallr
• https://github.com/HackAllSec/hfinger
• https://github.com/L10nK1n6/LazyDog
• https://github.com/LittleBear4/Find-SomeThing
• https://github.com/P001water/P1finger
• https://github.com/P1-Team/AlliN
• https://github.com/ScriptKid-Beta/WebBatchRequest
• https://github.com/TideSec/TideFinger
• https://github.com/b1ackc4t/14Finger
• https://github.com/chaitin/xapp
• https://github.com/fingerprintjs/fingerprintjs
• https://github.com/n4xh4ck5/CMSsc4n
• https://github.com/projectdiscovery/wappalyzergo
• https://github.com/s7ckTeam/Glass
• https://github.com/salesforce/jarm
• https://github.com/urbanadventurer/WhatWeb
• https://github.com/w-digital-scanner/w11scan
• https://github.com/webanalyzer/rules
• https://github.com/winezer0/whatweb-plus
• https://whatcms.org/
• https://www.wappalyzer.com/
• https://www.yunsee.cn/

目录扫描

• http://pan.baidu.com/s/1pLjaQKF
• https://github.com/7kbstorm/7kbscan-WebPathBrute
• https://github.com/BishopFox/jsluice
• https://github.com/H4ckForJob/dirmap
• https://github.com/M4DM0e/DirDar
• https://github.com/N-Next/URLFinder-x
• https://github.com/Nekmo/dirhunt
• https://github.com/OJ/gobuster
• https://github.com/Qianlitp/crawlergo
• https://github.com/ReddyyZ/urlbrute
• https://github.com/Threezh1/JSFinder
• https://github.com/VMsec/ihoneyBakFileScan_Modify
• https://github.com/Xyntax/DirBrute
• https://github.com/aipengjie/sensitivefilescan
• https://github.com/ax1sX/RouteCheck-Alpha
• https://github.com/blackye/webdirdig
• https://github.com/chainreactors/spray
• https://github.com/chainreactors/urlfounder
• https://github.com/chaitin/rad
• https://github.com/corunb/Dirscan
• https://github.com/deibit/cansina
• https://github.com/devploit/dontgo403
• https://github.com/dzonerzy/goWAPT
• https://github.com/epi052/feroxbuster
• https://github.com/ffuf/ffuf
• https://github.com/fnk0c/cangibrina
• https://github.com/foryujian/yjdirscan
• https://github.com/hunyaio/yuhScan
• https://github.com/iamunixtz/ParamWizard
• https://github.com/jaeles-project/gospider
• https://github.com/lc/gau
• https://github.com/lemonlove7/dirsearch_bypass403
• https://github.com/lijiejie/BBScan
• https://github.com/maurosoria/dirsearch
• https://github.com/pingc0y/URLFinder
• https://github.com/projectdiscovery/katana
• https://github.com/s0md3v/Arjun
• https://github.com/sensepost/gowitness
• https://github.com/shack2/SWebScan
• https://github.com/ttstormxx/jjjjjjjjjjjjjs
• https://github.com/zer0h/httpscan
• https://sourceforge.net/projects/dirbuster/
• https://www.fujieace.com/hacker/tools/yujian.html

端口扫描

• http://coolaf.com/tool/port
• http://tool.cc/port/
• https://github.com/20142995/portscan
• https://github.com/4dogs-cn/TXPortMap
• https://github.com/Liqunkit/webfinder-next
• https://github.com/Tib3rius/AutoRecon
• https://github.com/foryujian/yujianportscan
• https://github.com/hellogoldsnakeman/masnmapscan-V1.0
• https://github.com/lcatro/network_backdoor_scanner
• https://github.com/lcvvvv/gonmap
• https://github.com/niloofarkheirkhah/nili
• https://github.com/nullt3r/jfscan
• https://github.com/projectdiscovery/naabu
• https://github.com/redtoolskobe/scaninfo
• https://github.com/robertdavidgraham/masscan
• https://github.com/saeeddhqan/Maryam
• https://github.com/sowish/LNScan
• https://github.com/v-byte-cpu/sx

综合

• https://github.com/0x7eTeam/0x7eTeamTools
• https://github.com/Proviesec/google-dorks
• https://github.com/UnkL4b/GitMiner
• https://github.com/dyboy2017/TScan
• https://github.com/hisxo/gitGraber
• https://github.com/kkbo8005/mitan
• https://github.com/kracer127/SiteScan
• https://github.com/qiwentaidi/Slack
• https://github.com/rabbitmask/AssetsHunter
• https://github.com/veo/vscan
• https://github.com/vsdwef/James_synthesis_tooL
• https://github.com/zhensuibianwan/pppscan
• https://github.com/zhzyker/dismap

网盘搜索

• http://www.soupan.info/
• https://github.com/misiai/hunhepan
• https://search.chongbuluo.com/
• https://www.dalipan.com/#/
• https://www.lingfengyun.com/
• https://www.pan131.com/

网站信息

• https://github.com/AabyssZG/Web-SurvivalScan
• https://github.com/tomnomnom/waybackurls

自动化信息收集

• https://github.com/0x727/ShuiZe_0x727
• https://github.com/Aabyss-Team/ARL
• https://github.com/Arbor01/AnScan
• https://github.com/CLincat/vulcat
• https://github.com/CTF-MissFeng/GoScan
• https://github.com/CTF-MissFeng/Watchdog
• https://github.com/CTF-MissFeng/bayonet
• https://github.com/Cl0udG0d/SZhe_Scan
• https://github.com/SiJiDo/H
• https://github.com/TideSec/Tide
• https://github.com/XTeam-Wing/Vulcan
• https://github.com/XTeam-Wing/X-Marshal
• https://github.com/awake1t/linglong
• https://github.com/ccreater222/slime
• https://github.com/ciscocsirt/GOSINT
• https://github.com/er10yi/MagiCude
• https://github.com/hanc00l/nemo_go
• https://github.com/jeffzh3ng/fuxi
• https://github.com/jwt1399/Sec-Tools
• https://github.com/kelvinBen/AppInfoScanner
• https://github.com/komomon/Komo
• https://github.com/mscandev/mscan
• https://github.com/smallcham/sec-admin
• https://github.com/taomujian/linbing
• https://github.com/testnet0/testnet
• https://github.com/wgpsec/DBJ
• https://github.com/xuchaoa/WebScan
• https://github.com/xundididi/Voyager
• https://github.com/yogeshojha/rengine
• https://github.com/yqcs/heartsk_community
• https://github.com/ysrc/xunfeng
• https://github.com/zongdeiqianxing/Autoscanner

资产测绘平台

• http://hunter.qianxin.com/
• https://censys.io/
• https://dnsdb.io/
• https://fofa.info/
• https://hunter.qianxin.com/
• https://quake.360.cn
• https://quake.360.cn/quake/
• https://quake.360.net/quake/#/index
• https://search.censys.io/
• https://www.onyphe.io/
• https://www.shodan.io/
• https://www.zoomeye.org/

资产测绘采集

• https://github.com/ExpLangcn/InfoSearchAll
• https://github.com/G3et/Search_Viewer
• https://github.com/H-Limbus/NoMoney
• https://github.com/HHa1ey/TKHunter
• https://github.com/Kento-Sec/AsamF
• https://github.com/burpheart/koko-moni
• https://github.com/ffffffff0x/ones
• https://github.com/lemonlove7/0_zone
• https://github.com/testzboy/FlashSearch
• https://github.com/wkend/0_zone_tool
• https://github.com/xzajyjs/ThunderSearch

邮箱信息收集

• http://www.skymem.info/
• https://app.snov.io/
• https://connect.clearbit.com/
• https://findthatlead.com/en
• https://github.com/Josue87/EmailFinder
• https://github.com/Taonn/EmailAll
• https://hunter.io/
• https://phonebook.cz/
• https://souyouxiang.com/

后渗透

代理转发

• http://rootkiter.com/Termite/
• https://gitee.com/dromara/neutrino-proxy
• https://github.com/DVKunion/SeaMoon
• https://github.com/FunnyWolf/pystinger
• https://github.com/Goqi/Erfrp
• https://github.com/HobaiRiku/wsl2-auto-portproxy
• https://github.com/L-codes/Neo-reGeorg
• https://github.com/Mob2003/rakshasa
• https://github.com/OrangeWatermelon/frp_cmd
• https://github.com/TryGOTry/multiplexing_port_socks5
• https://github.com/alex-sector/dns2tcp
• https://github.com/ehang-io/nps
• https://github.com/esrrhs/pingtunnel
• https://github.com/fatedier/frp
• https://github.com/iagox86/dnscat2
• https://github.com/inconshreveable/ngrok
• https://github.com/knownsec/PortForward
• https://github.com/p1d3er/port_reuse
• https://github.com/phith0n/tls_proxy
• https://github.com/robiot/rustcat
• https://github.com/rofl0r/proxychains-ng
• https://github.com/sechelper/slcx
• https://github.com/sensepost/reGeorg
• https://github.com/snail007/goproxy
• https://github.com/thinkoaa/Dlam
• https://github.com/yisier/nps
• https://github.com/zema1/suo5
• https://www.proxifier.com/

内网信息收集

• https://github.com/Offensive-Panda/ShadowDumper
• https://github.com/TheD1rkMtr/TakeMyRDP
• https://github.com/Y0-kan/HostInfoScan
• https://github.com/alexxy/netdiscover
• https://github.com/attackercan/teamviewer-dumper
• https://github.com/c1y2m3/ATAttack
• https://github.com/lzzbb/Adinfo
• https://github.com/netero1010/ClipboardHistoryThief
• https://github.com/nitscan/inlinux
• https://github.com/shmilylty/SharpHostInfo
• https://github.com/shmilylty/netspy
• https://github.com/uknowsec/SharpCheckInfo
• https://github.com/zha0gongz1/Three-EyedRaven

内网横向工具

• https://github.com/AduraK2/Intranet-Movement-Kit
• https://github.com/Amzza0x00/go-impacket
• https://github.com/PowerShellMafia/PowerSploit
• https://github.com/QAX-A-Team/sharpwmi
• https://github.com/Suq3rm4n/java-impacket-gui
• https://github.com/TheBeastofwar/linuxhacker
• https://github.com/TheRealAdamBurford/Create-KeyTab
• https://github.com/XiaoLi996/Impacket_For_Web
• https://github.com/XiaoTouMingyo/PentesterTools
• https://github.com/XiaoliChan/wmiexec-Pro
• https://github.com/clymb3r/PowerShell
• https://github.com/d3ckx1/OLa
• https://github.com/fortra/impacket
• https://github.com/hzphreak/VMInjector
• https://github.com/orlyjamie/mimikittenz
• https://github.com/private-null/Intranet-tools
• https://github.com/rootclay/WMIHACKER
• https://github.com/yutianqaq/impacket-gui
• https://xz.aliyun.com/t/9382

内网漏洞发现

• https://github.com/1n7erface/Template
• https://github.com/3gstudent/Smbtouch-Scanner
• https://github.com/Adminisme/ServerScan
• https://github.com/P001water/P1soda
• https://github.com/grimlockx/ADCSKiller
• https://github.com/hack2fun/Gscan
• https://github.com/i11us0ry/goon
• https://github.com/inbug-team/InScan
• https://github.com/inbug-team/SweetBabyScan
• https://github.com/k8gege/LadonGo
• https://github.com/lcvvvv/kscan
• https://github.com/sairson/Yasso
• https://github.com/shadow1ng/fscan

后渗透框架

• https://github.com/DeimosC2/DeimosC2
• https://github.com/Ne0nd0g/merlin
• https://github.com/Tomiwa-Ot/telegram-c2
• https://github.com/TryGOTry/CobaltStrike_Cat_4.5
• https://github.com/n1nj4sec/pupy
• https://github.com/rapid7/metasploit-framework
• https://github.com/t3l3machus/Villain
• https://www.cobaltstrike.com/

域渗透工具

• https://github.com/0x727/ShuiYing_0x727
• https://github.com/BloodHoundAD/BloodHound

权限提升

linux提权

• https://github.com/GTFOBins/GTFOBins.github.io
• https://github.com/SecWiki/linux-kernel-exploits
• https://github.com/carlospolop/PEASS-ng
• https://github.com/firefart/dirtycow
• https://github.com/liamg/traitor
• https://github.com/nccgroup/GTFOBLookup
• https://github.com/rebootuser/LinEnum
• https://github.com/xkaneiki/CVE-2023-0386
• https://gtfobins.github.io/

macos提权

• https://github.com/SecWiki/macos-kernel-exploits

windows提权

• http://tools.sbbbb.cn/tiquan/
• https://github.com/BC-SECURITY/Moriarty
• https://github.com/BeichenDream/BadPotato
• https://github.com/BeichenDream/PrintNotifyPotato
• https://github.com/LOLBAS-Project/LOLBAS
• https://github.com/Prepouce/CoercedPotato
• https://github.com/SecWiki/windows-kernel-exploits
• https://github.com/StarfireLab/AutoZerologon
• https://github.com/bitsadmin/wesng
• https://github.com/hackvens/CoercedPotato
• https://github.com/itm4n/PrivescCheck
• https://github.com/klsfct/getshell
• https://i.hacking8.com/tiquan
• https://patchchecker.com/

综合

• https://github.com/Ascotbe/Kernelhub

权限维持

Shell管理

• https://github.com/AntSwordProject/antSword
• https://github.com/BeichenDream/Godzilla
• https://github.com/Chora10/Cknife
• https://github.com/TryGOTry/DogCs4.4
• https://github.com/WangYihang/Platypus
• https://github.com/boy-hack/WebshellManager
• https://github.com/cseroad/Webshell_Generate
• https://github.com/pen4uin/java-memshell-generator-release
• https://github.com/rebeyond/Behinder
• https://github.com/yzddmr6/As-Exploits

webshell

• https://github.com/0x00007c00/JundeadShell
• https://github.com/AabyssZG/WebShell-Bypass-Guide
• https://github.com/AntSwordProject/AntSword-Loader
• https://github.com/AntSwordProject/AwesomeEncoder
• https://github.com/AntSwordProject/AwesomeScript
• https://github.com/Ivan1ee/NetDLLSpy
• https://github.com/JoelGMSec/PyShell
• https://github.com/LandGrey/webshell-detect-bypass
• https://github.com/Marven11/EtherGhost
• https://github.com/W01fh4cker/LearnJavaMemshellFromZero
• https://github.com/WisteriaTiger/JundeadShell
• https://github.com/abhinavprasad47/Awsome-shells
• https://github.com/backlion/webshell
• https://github.com/ce-automne/TomcatMemShell
• https://github.com/epinna/weevely3
• https://github.com/ethushiroha/JavaAgentTools
• https://github.com/fin3ss3g0d/ASPJinjaObfuscator
• https://github.com/hosch3n/msmap
• https://github.com/kong030813/Z-Godzilla_ekp
• https://github.com/novysodope/RMI_Inj_MemShell
• https://github.com/pen4uin/java-echo-generator-release
• https://github.com/pen4uin/java-memshell-generator
• https://github.com/shack2/skyscorpion
• https://github.com/suizhibo/MemShellGene
• https://github.com/tennc/webshell
• https://github.com/unix-ninja/shellfire
• https://github.com/veo/vagent
• https://github.com/ydnzol/memshell

免杀

• https://github.com/1y0n/AV_Evasion_Tool
• https://github.com/Anyyy111/killEscaper
• https://github.com/Axx8/ShellCode_Loader
• https://github.com/Inf0secRabbit/BadAssMacros
• https://github.com/M-Kings/BypassAv-web
• https://github.com/Pizz33/GobypassAV-shellcode
• https://github.com/Pizz33/JoJoLoader
• https://github.com/Pizz33/Qianji
• https://github.com/T4y1oR/RingQ
• https://github.com/TideSec/BypassAntiVirus
• https://github.com/TideSec/GoBypassAV
• https://github.com/Yeuoly/0xUBypass
• https://github.com/alphaSeclab/anti-av
• https://github.com/blacknbunny/encdecshellcode
• https://github.com/brimstone/go-shellcode
• https://github.com/jthuraisamy/SysWhispers2
• https://github.com/knownsec/shellcodeloader
• https://github.com/lengjibo/FourEye
• https://github.com/lv183037/MaLoader
• https://github.com/midisec/BypassAnti-Virus
• https://github.com/pureqh/bypassAV
• https://github.com/wikiZ/RedGuard
• https://github.com/xf555er/SharpShellcodeLoader_Rc4Aes
• https://github.com/xiao-zhu-zhu/noterce
• https://github.com/yhy0/AVByPass
• https://github.com/yqcs/ZheTian
• https://github.com/yutianqaq/AVEvasionCraftOnline

免杀相关

图标提取

• https://github.com/INotGreen/SharpThief
• https://github.com/JarlPenguin/BeCyIconGrabberPortable
• https://github.com/guitarfreak/SetIcon

文件时间修改

• https://github.com/MsF-NTDLL/ChTimeStamp
• https://github.com/sorabug/ChangeTimestamp

痕迹隐藏

• https://github.com/boy-hack/go-strip

签名伪造

• https://github.com/langsasec/Sign-Sacker
• https://github.com/secretsquirrel/SigThief

后门

• https://github.com/0x727/CloneX_0x727
• https://github.com/0x727/SchTask_0x727
• https://github.com/AV1080p/Schtasks-Backdoor
• https://github.com/An0nySec/ShadowUser
• https://github.com/Daybr4ak/C2ReverseProxy
• https://github.com/NHAS/reverse_ssh
• https://github.com/RuoJi6/HackerPermKeeper
• https://github.com/S-ixpence/Pkeep
• https://github.com/bdamele/icmpsh
• https://github.com/optiv/ScareCrow
• https://github.com/t3l3machus/hoaxshell
• https://github.com/wgpsec/CreateHiddenAccount
• https://github.com/yanghaoi/ridhijack

在线免杀平台

• http://bypass.tidesec.com/
• http://bypass.tidesec.com/web/

远控

• https://github.com/BishopFox/sliver
• https://github.com/Ciyfly/trojan_simple_demo
• https://github.com/byt3bl33d3r/gcat
• https://github.com/hussein-aitlahcen/BlackHole
• https://github.com/tdragon6/Supershell
• https://github.com/umutcamliyurt/PingRAT
• https://github.com/yuanyuanxiang/SimpleRemoter

综合

• https://github.com/FunnyWolf/Viper
• https://github.com/k8gege/Ladon

客户端漏洞

向日葵

• https://github.com/Mr-xn/sunlogin_rce
• https://github.com/savior-only/Sunlogin_RCE-GUI-
• https://github.com/theLSA/sunlogin-exp-gui

相关资源

代理池

• https://github.com/Anyyy111/ProxyPoolxSocks
• https://github.com/Mustard404/Auto_proxy
• https://github.com/Seven1an/SocksHunter
• https://github.com/akkuman/rotateproxy
• https://github.com/honmashironeko/ProxyCat
• https://github.com/ja9er/Gofreeproxy
• https://github.com/jhao104/proxy_pool
• https://github.com/kitabisa/mubeng
• https://github.com/pingc0y/go_proxy_pool
• https://github.com/safe6Sec/proxyServer
• https://github.com/thinkoaa/Deadpool
• https://github.com/twowb/znpool
• https://github.com/z-bool/Venom-Transponder

优秀项目集合

• https://github.com/FiveAourThe/RedTeamTools
• https://github.com/ViCrack/scoop-bucket
• https://github.com/We5ter/Scanners-Box
• https://github.com/birdhan/SecurityTools
• https://github.com/djytmdj/Tool_Summary
• https://github.com/guchangan1/All-Defense-Tool
• https://github.com/knownsec/404StarLink
• https://github.com/lintstar/About-Attack
• https://github.com/ybdt/exp-hub

在线默认口令字典

• https://forum.ywhack.com/bountytips.php?huawei
• https://forum.ywhack.com/bountytips.php?password

域环境靶场

• https://github.com/0range-x/dragon-lab

字典

• https://github.com/0xPugazh/fuzz4bounty
• https://github.com/7dog7/bottleneckOsmosis
• https://github.com/DictionaryHouse/Dirpath_List
• https://github.com/SexyBeast233/SecDictionary
• https://github.com/Stardustsky/SaiDict
• https://github.com/TEag1e/BurpCollector
• https://github.com/TheKingOfDuck/fuzzDicts
• https://github.com/ccc-f/Fdict
• https://github.com/conwnet/wpa-dictionary
• https://github.com/danielmiessler/SecLists
• https://github.com/drtychai/wordlists
• https://github.com/f0ng/JavaFileDict
• https://github.com/ffffffff0x/AboutSecurity
• https://github.com/ffffffff0x/gendict
• https://github.com/ffffffff0x/name-fuzz
• https://github.com/gh0stkey/Web-Fuzzing-Box
• https://github.com/ignis-sec/Pwdb-Public
• https://github.com/insightglacier/Dictionary-Of-Pentesting
• https://github.com/k8gege/PasswordDic
• https://github.com/lutfumertceylan/top25-parameter
• https://github.com/r35tart/RW_Password
• https://github.com/rootphantomer/Blasting_dictionary
• https://github.com/sh377c0d3/Payloads
• https://github.com/swisskyrepo/PayloadsAllTheThings
• https://github.com/yichensec/yichen_Password_dictionary
• https://gitlab.com/kalilinux/packages/wordlists

工具周边

Burpsuite

信息收集

• https://github.com/Acmesec/Sylas
• https://github.com/F6JO/JsRouteScan
• https://github.com/InitRoot/BurpJSLinkFinder
• https://github.com/NetSPI/BurpExtractor
• https://github.com/ScriptKid-Beta/Unexpected_information
• https://github.com/XF-FS/APIKit
• https://github.com/bit4woo/domain_hunter
• https://github.com/bit4woo/domain_hunter_pro
• https://github.com/goddemondemongod/god_param
• https://github.com/shuanx/BurpFingerPrint

其他

• https://github.com/bit4woo/burp-api-drops
• https://github.com/jython/jython
• https://portswigger.net/

功能拓展

• https://github.com/Lotus6/AutoRepeater
• https://github.com/MaskCyberSecurityTeam/BurpHttpHelper
• https://github.com/bit4woo/knife
• https://github.com/bit4woo/reCAPTCHA
• https://github.com/c0ny1/captcha-killer
• https://github.com/c0ny1/chunked-coding-converter
• https://github.com/c0ny1/passive-scan-client
• https://github.com/c0ny1/sqlmap4burp-plus-plus
• https://github.com/chroblert/JC-AntiToken
• https://github.com/d3vilbug/HackBar
• https://github.com/elespike/burp-cph
• https://github.com/f0ng/autoDecoder
• https://github.com/f0ng/autoDecoder-usages
• https://github.com/f0ng/captcha-killer-modified
• https://github.com/gh0stkey/HaE
• https://github.com/handbye/base64encode
• https://github.com/jas502n/Burp_AES_Plugin
• https://github.com/nccgroup/AutoRepeater
• https://github.com/nccgroup/BurpSuiteHTTPSmuggler
• https://github.com/nccgroup/LoggerPlusPlus
• https://github.com/outlaws-bai/Galaxy
• https://github.com/outlaws-bai/GalaxyHttpHooker
• https://github.com/portswigger/http-request-smuggler
• https://github.com/shuanx/BurpAPIFinder
• https://github.com/silentsignal/burp-requests
• https://github.com/smxiazi/NEW_xp_CAPTCHA
• https://github.com/smxiazi/xia_Jie
• https://github.com/smxiazi/xia_Liao
• https://github.com/sting8k/BurpSuite_403Bypasser
• https://github.com/xnl-h4ck3r/GAP-Burp-Extension

插件仓库

• https://github.com/Mr-xn/BurpSuite-collections

未分类

• https://github.com/CodeXTF2/Burp2Malleable
• https://github.com/Ebryx/AES-Killer
• https://github.com/KagamigawaMeguri/burp-UnicodeAutoDecode
• https://github.com/Lopseg/Jsdir
• https://github.com/NetSPI/BurpCollaboratorDNSTunnel
• https://github.com/NetSPI/Wsdler
• https://github.com/Peithon/JustC2file
• https://github.com/PortSwigger/collaborator-everywhere
• https://github.com/PortSwigger/upload-scanner
• https://github.com/Sy3Omda/burp-bounty
• https://github.com/TheKingOfDuck/burpFakeIP
• https://github.com/TheKingOfDuck/burpJsEncrypter
• https://github.com/TomAPU/checkburp
• https://github.com/Tsojan/TsojanScan
• https://github.com/Vicl1fe/HackTools
• https://github.com/alphaSeclab/awesome-burp-suite
• https://github.com/boy-hack/wooyun-payload
• https://github.com/c0ny1/HTTPHeadModifer
• https://github.com/c0ny1/jsEncrypter
• https://github.com/doyensec/inql
• https://github.com/ekgg/Caidao-AES-Version
• https://github.com/ethicalhackingplayground/ssrf-king
• https://github.com/federicodotta/Brida
• https://github.com/gh0stkey/CaA
• https://github.com/hackvertor/taborator
• https://github.com/hvqzao/burp-wildcard
• https://github.com/ilmila/J2EEScan
• https://github.com/nccgroup/blackboxprotobuf
• https://github.com/orleven/BurpCollect
• https://github.com/p1g3/Fastjson-Scanner
• https://github.com/p1g3/JSONP-Hunter
• https://github.com/portswigger/turbo-intruder
• https://github.com/redhuntlabs/BurpSuite-Asset_Discover
• https://github.com/rsrdesarrollo/generator-burp-extension
• https://github.com/smxiazi/xia_sql
• https://github.com/snoopysecurity/awesome-burp-extensions
• https://github.com/summitt/Burp-Non-HTTP-Extension
• https://github.com/synacktiv/HopLa
• https://github.com/tpt11fb/SpringVulScan
• https://github.com/trietptm/SQL-Injection-Payloads
• https://github.com/uknowsec/BurpSuite-Extender-fastjson
• https://github.com/vaycore/OneScan
• https://github.com/vsec7/BurpSuite-Xkeys
• https://github.com/wagiro/BurpBounty
• https://github.com/weishen250/npscrack
• https://github.com/weujieytt/HostHeaderAttack
• https://github.com/whwlsfb/BurpCrypto
• https://github.com/whwlsfb/Log4j2Scan
• https://github.com/winezer0/passive-scan-client-plus
• https://github.com/z2p/sweetPotato
• https://github.com/zilong3033/fastjsonScan
• https://github.com/zzzskd/CORSScanner

漏洞利用

• https://github.com/KrystianLi/ExchangeOWA
• https://github.com/amaz1ngday/fastjson-exp
• https://github.com/bigsizeme/shiro-check

漏洞扫描

• https://github.com/0x727/BypassPro
• https://github.com/A0WaQ4/BurpCRLFScan
• https://github.com/API-Security/APIKit
• https://github.com/BishopFox/GadgetProbe
• https://github.com/Conan924/Bypass-Suite
• https://github.com/EASY233/BpScan
• https://github.com/F6JO/RouteVulScan
• https://github.com/Maskhe/FastjsonScan
• https://github.com/NeoTheCapt/PowerScanner
• https://github.com/a1phaboy/JsonDetect
• https://github.com/bigsizeme/Log4j-check
• https://github.com/f0ng/log4j2burpscanner
• https://github.com/gand3lf/semgrepper
• https://github.com/ggg4566/BurpBountyPlus
• https://github.com/hy0jer/HostScan
• https://github.com/kN6jq/gatherBurp
• https://github.com/metaStor/SpringScan
• https://github.com/pmiaowu/BurpFastJsonScan
• https://github.com/pmiaowu/BurpShiroPassiveScan
• https://github.com/silentsignal/burp-log4shell
• https://github.com/silentsignal/burp-text4shell
• https://github.com/smxiazi/xia_Yue

绕过指纹检测

• https://github.com/sleeyax/burp-awesome-tls

IDA

• https://github.com/SentineLabs/AlphaGolang
• https://github.com/VulnTotal-Team/IDA-Pro-tips
• https://github.com/hackflame/ida_python_extractCode
• https://github.com/t3ls/mipsAudit

IDEA

代码审计辅助

• https://github.com/SpringKill-team/SecurityInspector

ZoomEye

• https://github.com/gyyyy/ZoomEye-go
• https://github.com/knownsec/Kunyu
• https://github.com/knownsec/ZoomEye-python

arl

• https://github.com/ki9mu/ARL-plus-docker
• https://github.com/loecho-sec/ARL-Finger-ADD

cobaltstrike

• https://github.com/DeEpinGh0st/Erebus
• https://github.com/F3eev/SharkExec
• https://github.com/Gality369/CS-Loader
• https://github.com/Getshell/CobaltStrike
• https://github.com/QAX-A-Team/EventLogMaster
• https://github.com/aleenzz/Cobalt_Strike_wiki
• https://github.com/its-arun/CVE-2022-39197
• https://github.com/kingz40o/Aggressor_dingding
• https://github.com/lintstar/LSTAR
• https://github.com/mgeeky/RedWarden
• https://github.com/optiv/Registry-Recon
• https://github.com/pandasec888/taowu-cobalt-strike
• https://github.com/pandasec888/taowu-cobalt_strike
• https://github.com/ryanohoro/csbruter
• https://github.com/threatexpress/malleable-c2
• https://github.com/yanghaoi/CobaltStrike_CNA
• https://github.com/z1un/Z1-AggressorScripts

fofa

• https://github.com/10cks/fofaEX
• https://github.com/20142995/fofa_GUI
• https://github.com/wgpsec/fofa_viewer
• https://github.com/xiecat/fofax

frida

• https://github.com/Margular/frida-skeleton

frp

• https://github.com/MvsCode/frps-onekey
• https://github.com/SleepingBag945/frpCracker
• https://github.com/uknowsec/frpModify

goby

• https://github.com/luck-ying/Library-POC

nessus

• https://github.com/FunnyKun/NessusReportInChinese
• https://github.com/Hypdncy/NessusToReport
• https://github.com/nszy007/CN_Nessus_Plugins_Interface
• https://github.com/starnightcyber/nessus_api
• https://github.com/xxcdd/docker_nessus_unlimited

nuclei

• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/AYcg/poc
• https://github.com/ExpLangcn/NucleiTP
• https://github.com/UltimateSec/ultimaste-nuclei-templates
• https://github.com/Yong-An-Dang/nuclei-plus
• https://github.com/mlq574/nucleix
• https://github.com/projectdiscovery/nuclei-templates

pocassist

• https://github.com/jweny/pocassistdb

pocsuite3

• https://github.com/S2eTo/Pocsuite3Gui
• https://github.com/hanc00l/some_pocsuite
• https://github.com/smallfox233/ExpToPocsuite3

rsas

• https://github.com/biggerwing/nsfocus-rsas-knowledge-base

volatility

• https://github.com/ruokeqx/tool-for-CTF

xray

• https://github.com/4ra1n/super-xray
• https://github.com/NHPT/Xray_Cracked
• https://github.com/chaitin/xray-plugins
• https://github.com/phith0n/xray-poc-generation
• https://github.com/zema1/yarx

浏览器扩展

• https://github.com/FelisCatus/SwitchyOmega
• https://github.com/LasCC/Hack-Tools
• https://github.com/LasCC/HackTools
• https://github.com/Monyer/antiHoneypot
• https://github.com/cnrstar/anti-honeypot
• https://github.com/dark-kingA/superSearchPlus
• https://github.com/filedescriptor/untrusted-types
• https://github.com/fofapro/fofa_view
• https://github.com/knownsec/Zoomeye-Tools
• https://github.com/momosecurity/FindSomething
• https://github.com/ninoseki/mitaka
• https://github.com/swisskyrepo/DamnWebScanner

工具集

• https://github.com/H4ckBu7eer-EX/h4tools
• https://github.com/Lucifer1993/PLtools
• https://github.com/hahwul/WebHackersWeapons
• https://github.com/k8gege/K8tools
• https://www.sqlsec.com/tools.html

工具集成环境

• https://github.com/ApocalypseSec/ApoalypseSecTools
• https://github.com/CuriousLearnerDev/Online_tools
• https://github.com/arch3rPro/PST-Bucket
• https://github.com/arch3rPro/Pentest-Windows
• https://github.com/ccc-f/PenKitGui
• https://github.com/ffffffff0x/f8x
• https://github.com/ghealer/GUI_Tools
• https://github.com/mandiant/commando-vm
• https://github.com/mrl64/okfafu-pentestVM-public
• https://github.com/pry0cc/axiom
• https://github.com/taielab/Taie-RedTeam-OS
• https://github.com/tyB-or/FreeGui

渗透工具集合(虚拟机)

• https://github.com/TianWen-Lab/TranSec
• https://github.com/makoto56/penetration-suite-toolkit

知识库

• https://github.com/0x783kb/Security-operation-book
• https://github.com/CYJoe-Cyclone/PenetrationTesttips
• https://github.com/FeeiCN/SecurityInterviewGuide
• https://github.com/ProbiusOfficial/Pentools-wiki
• https://github.com/Ridter/Intranet_Penetration_Tips
• https://github.com/Threekiii/Awesome-Redteam
• https://github.com/djytmdj/Network-security-study-notes
• https://github.com/ffffffff0x/1earn
• https://github.com/theLSA/CS-checklist
• https://github.com/wwl012345/Vuln-List

社工

信息收集

• https://github.com/Ridter/Mailget
• https://github.com/famavott/osint-scraper
• https://github.com/n0tr00t/Sreg
• https://github.com/soxoj/maigret

字典生成

• https://github.com/abc123info/UserNameDictTools
• https://github.com/digininja/CeWL
• https://github.com/tomnomnom/anew
• https://github.com/zgjx6/SocialEngineeringDictionaryGenerator

钓鱼辅助

• https://github.com/A10ha/EmailSender
• https://github.com/Push3AX/USBAirborne
• https://github.com/gophish/gophish
• https://github.com/gyxuehu/EwoMail
• https://github.com/taielab/Taie-AutoPhishing
• https://github.com/tib36/PhishingBook
• https://github.com/xiecat/goblin

端口服务服务漏洞

JDWP

• https://github.com/IOActive/jdwp-shellifier
• https://github.com/Lz1y/jdwp-shellifier
• https://github.com/l3yx/jdwp-codeifier

RMI

• https://github.com/A-D-Team/attackRmi
• https://github.com/BishopFox/rmiscout
• https://github.com/NickstaDB/BaRMIe
• https://github.com/waderwu/attackRmi

rdp

• https://github.com/k8gege/CVE-2019-0708
• https://github.com/worawit/CVE-2019-0708

smtp

• https://github.com/jetmore/swaks

ssl

• https://github.com/rbsec/sslscan

数据库利用

Oracle

• https://github.com/jas502n/oracleShell
• https://github.com/quentinhardy/odat

mssql

• https://github.com/0x727/SqlKnife_0x727
• https://github.com/Ridter/PySQLTools
• https://github.com/blackarrowsec/mssqlproxy
• https://github.com/uknowsec/SharpSQLTools

postgresql

• https://github.com/20142995/postgreUtil
• https://github.com/No-Github/postgresql_udf_help

redis

• https://github.com/0671/RabR
• https://github.com/0671/RedisModules-ExecuteCommand-for-Windows
• https://github.com/Dliv3/redis-rogue-server
• https://github.com/Ridter/redis-rce
• https://github.com/n0b0dyCN/redis-rogue-server
• https://github.com/yuyan-sec/RedisEXP
• https://github.com/zyylhn/redis_rce

综合

• https://github.com/DeEpinGh0st/MDUT-Extend-Release
• https://github.com/Hel10-Web/Databasetools
• https://github.com/Ryze-T/Sylas
• https://github.com/SafeGroceryStore/MDUT
• https://github.com/safe6Sec/PentestDB

综合

环境

http代理

• https://xip.ipzan.com/

pdf转换

• https://smallpdf.com/cn
• https://www.cleverpdf.com/cn/pdf-to-excel

redis_for_windows

• https://github.com/microsoftarchive/redis
• https://github.com/tporadowski/redis

蓝队

信安

敏感词

• https://github.com/adlered/DangerousSpamWords
• https://github.com/privacy-protection-tools/anti-AD
• https://github.com/qloog/sensitive_words

取证

USB取证

键盘流量

• https://github.com/Mumuzi7179/UsbKeyboard_Mouse_Hacker_Gui
• https://github.com/P001water/UsbKbCracker
• https://github.com/WangYihang/UsbKeyboardDataHacker
• https://github.com/y1shiny1shin/USBFlow_Soer

鼠标流量

• https://github.com/WangYihang/USB-Mouse-Pcap-Visualizer
• https://github.com/WangYihang/UsbMiceDataHacker
• https://github.com/laziok/UsbMiceDataHacker2021

内存取证

• https://github.com/KDPryor/LinuxVolProfiles
• https://github.com/Tokeii0/LovelyMem
• https://github.com/Tokeii0/VolatilityPro
• https://github.com/ufrisk/MemProcFS
• https://github.com/volatilityfoundation/community
• https://github.com/volatilityfoundation/community3
• https://github.com/volatilityfoundation/profiles
• https://github.com/volatilityfoundation/volatility
• https://github.com/volatilityfoundation/volatility3

应用程序取证

Linux面板

• https://github.com/WXjzcccc/PanelForensics

QQ取证

• https://github.com/saucer-man/qq_msg_decode

Wifi

• https://github.com/lijiejie/WIFIpass

jenkins

• https://github.com/hoto/jenkins-credentials-decryptor

mysql

• https://github.com/m8sec/enumdb
• https://github.com/twindb/undrop-for-innodb

vmware vcenter

• https://github.com/W01fh4cker/VcenterKit
• https://github.com/shmilylty/vhost_password_decrypt
• https://github.com/zidanfanshao/vcenter_tools

vmx加密破解

• https://github.com/axcheron/pyvmx-cracker

主机账号

• https://github.com/AlessandroZ/LaZagne
• https://github.com/DarkCoderSc/win-brute-logon
• https://github.com/ParrotSec/mimikatz
• https://github.com/bitsadmin/fakelogonscreen
• https://github.com/dwagon/Hostinfo
• https://github.com/gentilkiwi/mimikatz
• https://github.com/hmoytx/RdpThief_tools
• https://github.com/huntergregal/mimipenguin
• https://github.com/kalivim/Powershell_fisher
• https://github.com/kerbyj/goLazagne
• https://github.com/keydet89/RegRipper3.0

向日葵取证

• https://github.com/0xShe/SunloginClient-Password
• https://github.com/milu001/sundeskQ
• https://github.com/wafinfo/Sunflower_get_Password

微信取证

• https://github.com/0xlane/wechat-dump-rs
• https://github.com/AdminTest0/SharpWxDump
• https://github.com/LC044/WeChatMsg
• https://github.com/Ormicron/Sharp-dumpkey
• https://github.com/Ormicron/chatViewTool
• https://github.com/SpenserCai/GoWxDump
• https://github.com/SuxueCode/WechatBakTool
• https://github.com/greycodee/wechat-backup
• https://github.com/x1hy9/WeChatUserDB
• https://github.com/xaoyaoo/PyWxDump

浏览器取证

• https://github.com/DeEpinGh0st/Browser-cookie-steal
• https://github.com/Naturehi666/searchall
• https://github.com/QAX-A-Team/BrowserGhost
• https://github.com/SD-XD/Catch-Browser
• https://github.com/StarfireLab/SharpWeb
• https://github.com/Z3ratu1/HackBrowserDataManual
• https://github.com/djhohnstein/SharpChromium
• https://github.com/djhohnstein/SharpWeb
• https://github.com/hayasec/360SafeBrowsergetpass
• https://github.com/moonD4rk/HackBrowserData
• https://github.com/obsidianforensics/hindsight
• https://github.com/priyankchheda/chrome_password_grabber
• https://github.com/qwqdanchun/Pillager
• https://github.com/riskydissonance/SharpCookieMonster
• https://github.com/wekillpeople/browser-dumpwd

综合

• https://github.com/efchatz/pandora
• https://github.com/wafinfo/DecryptTools

远程软件

• https://github.com/Arvanaghi/SessionGopher
• https://github.com/GhostPack/SharpDPAPI
• https://github.com/HyperSine/how-does-MobaXterm-encrypt-password
• https://github.com/HyperSine/how-does-SecureCRT-encrypt-password
• https://github.com/HyperSine/how-does-Xmanager-encrypt-password
• https://github.com/HyperSine/how-does-navicat-encrypt-password
• https://github.com/Hzllaga/RDODecrypt
• https://github.com/JDArmy/SharpXDecrypt
• https://github.com/Potato-py/getIntrInfo
• https://github.com/RowTeam/SharpDecryptPwd
• https://github.com/Zhuoyuan1/navicat_password_decrypt
• https://github.com/anoopengineer/winscppasswd
• https://github.com/dzxs/Xdecrypt
• https://github.com/h0ny/MobaXtermDecryptor
• https://github.com/ianxtianxt/SharpDecryptPwd
• https://github.com/jas502n/FinalShellDecodePass
• https://github.com/lele8/SharpDBeaver
• https://github.com/passer-W/FinalShell-Decoder
• https://github.com/uknowsec/SharpDecryptPwd
• https://github.com/wafinfo/TeamViewer
• https://github.com/xillwillx/MobaXterm-Decryptor
• https://github.com/ybdt/mRemoteNG-Decryptor

邮件取证

• https://github.com/b0bac/GetMail

操作系统取证

华为手机备份解密

• https://github.com/RealityNet/kobackupdec

安卓取证

• https://github.com/nelenkov/android-backup-extractor

文件取证

压缩包

CRC32碰撞

• https://github.com/AabyssZG/CRC32-Tools

ZIP伪加密

• https://c5r.app/tools/pseudo-encrypted-zip-check
• https://ctfever.uniiem.com/tools/pseudo-encrypted-zip-check
• https://github.com/442048209as/ZipCenOp
• https://github.com/asaotomo/ZipCracker
• https://github.com/wwxiaoqi/ZipCenOp

ZIP明文攻击

• https://github.com/keyunluo/pkcrack
• https://github.com/kimci86/bkcrack

ZIP爆破

• https://github.com/agourlay/zip-password-finder

图片

png_LSB隐写

• https://github.com/7thSamurai/steganography
• https://github.com/Grazee/cloacked-pixel-python3
• https://github.com/dhsdshdhk/stegpy
• https://github.com/izcoser/stegpy
• https://github.com/livz/cloacked-pixel

png_图片分析

• http://www.libpng.org/pub/png/apps/pngcheck.html
• https://entropymine.com/jason/tweakpng/

png_宽高修复

• https://github.com/AabyssZG/Deformed-Image-Restorer

png_截图漏洞

• https://github.com/frankthetank-music/Acropalypse-Multi-Tool

二维码扫描

• https://github.com/Tokeii0/LoveLy-QRCode-Scanner

光栅图

• https://github.com/AabyssZG/Raster-Terminator

其他

• https://darkside.com.au/gifshuffle
• https://github.com/ImageMagick/ImageMagick
• https://github.com/x011/SecretPixel

图片分析

• https://github.com/souno-io/Stegsolve

图片隐写

• http://www.uzzf.com/soft/68820.html
• https://github.com/Cliffordwr/cloacked-pixel-python3
• https://github.com/RobinDavid/LSB-Steganography
• https://github.com/abeluck/stegdetect
• https://github.com/h3xx/jphs
• https://github.com/jackfengji/f5-steganography
• https://github.com/lukechampine/jsteg
• https://github.com/oakes/PixelJihad
• https://github.com/resurrecting-open-source-projects/outguess
• https://pilotfiber.dl.sourceforge.net/project/steghideui

盲水印

• https://github.com/chishaxie/BlindWaterMark
• https://github.com/fire-keeper/BlindWatermark
• https://github.com/guofei9987/blind_watermark
• https://github.com/linyacool/blind-watermark
• https://github.com/ww23/BlindWatermark
• https://www.52pojie.cn/thread-709668-1-1.html

综合

• https://c5r.app/tools/bin-extractor
• https://github.com/Giotino/stegsolve
• https://github.com/zR00t1/ImageStrike

视频

截断视频恢复

• https://github.com/anthwlock/untrunc

音频

• https://github.com/Jpinsoft/DeepSound
• https://github.com/MIUIEI/MP3Steno
• https://github.com/Moxin1044/DTMF2NUM
• https://github.com/ON4QZ/QSSTV
• https://github.com/TajangSec/silenteye
• https://github.com/audacity/audacity
• https://github.com/ribt/dtmf-decoder
• https://mkvtoolnix.download/
• https://www.bailer.at/wbstego
• https://www.qsl.net/on6mu/rxsstv.htm

相关资源

• https://github.com/XDforensics-wiki/XDforensics-wiki

磁盘分析

文件转换

• https://cloudbase.it/qemu-img-windows/

磁盘加解密

• https://github.com/veracrypt/VeraCrypt

网络取证

NTML

• https://github.com/mlgualtieri/NTLMRawUnHide

Shiro流量取证

• https://github.com/Ormicron/ShiroDecrypter
• https://github.com/r00tuser111/SerializationDumper-Shiro

WiFi流量

• https://github.com/peass-ng/PEASS-ng

cs

• https://github.com/5ime/CS_Decrypt

tshark辅助

• https://github.com/20142995/tshark_extraction

冰蝎(Behinder)流量取证

• https://github.com/minhangxiaohui/DecodeSomeJSPWebshell
• https://github.com/webraybtl/webshell_detect

哥斯拉(Godzilla)流量取证

• https://github.com/webraybtl/webshell_detect
• https://github.com/nocultrue/Deco_Godzilla

包流量修复

• https://github.com/Rup0rt/pcapfix

威胁情报中心

• https://ti.360.cn/
• https://ti.sangfor.com.cn/analysis-platform
• https://wsrc.weibo.com/

安全建设

APT攻击检测

• https://github.com/Neo23x0/Fenrir
• https://github.com/Neo23x0/Loki

DevSecOps

• https://github.com/HXSecurity/DongTai/
• https://github.com/chaitin/veinmind-tools/
• https://github.com/murphysecurity/murphysec/
• https://lgtm.com
• https://rasp.baidu.com/doc/install/iast.html

GitHub监控

• https://github.com/0xbug/Hawkeye
• https://github.com/4x99/code6
• https://github.com/FeeiCN/GSIL
• https://github.com/MiSecurity/x-patrol
• https://github.com/VKSRC/Github-Monitor
• https://github.com/neal1991/gshark
• https://www.gitguardian.com/

HIDS

• https://github.com/0xrawsec/whids
• https://github.com/DianrongSecurity/AgentSmith-HIDS
• https://github.com/mozilla/MozDef
• https://github.com/ysrc/yulong-hids
• https://osquery.io/
• https://securityonion.net/
• https://suricata-ids.org
• https://www.dictionary.com/browse/moloch
• https://www.la-samhna.de/
• https://www.ossec.net
• https://www.snort.org

SIEM_SOC

• https://github.com/apache/metron
• https://github.com/jeffbryner/MozDef
• https://github.com/smarttang/w3a_SOC
• https://siemonster.com/
• https://www.alienvault.com/products/ossim
• https://www.prelude-siem.org/

WAF

• https://github.com/C4o/Juggler
• https://github.com/chaitin/blazehttp
• https://github.com/httpwaf/httpwaf2.0
• https://github.com/loveshell/ngx_lua_waf
• https://github.com/xsec-lab/x-waf
• https://rasp.baidu.com

Web应用防火墙

• https://github.com/chaitin/safeline
• https://github.com/starjun/openstar

web靶场

• https://github.com/2740908911/Pilot-Web
• https://github.com/API-Security/APISandbox
• https://github.com/HXSecurity/TerraformGoat
• https://github.com/ProbiusOfficial/RCE-labs
• https://github.com/SpiderLabs/MCIR
• https://github.com/ax1sX/MemShell
• https://github.com/en0th/ElectricRat
• https://github.com/lemono0/FastJsonParty
• https://github.com/liqzz/vultrap
• https://github.com/psiinon/bodgeit
• https://github.com/tangxiaofeng7/SecExample
• https://github.com/wangai3176/webug4.0
• https://hackmyvm.eu/anon/
• https://www.pentesterlab.com/exercises/web_for_pentester/course

主机入侵检测

• https://github.com/ainrm/cobaltstrike-suricata-rules
• https://github.com/bytedance/Elkeid
• https://github.com/theSecHunter/Hades

主机入侵防御

• https://github.com/wazuh/wazuh
• https://github.com/wecooperate/iDefender

企业云盘

• https://filerun.com/
• https://github.com/KOHGYLW/kiftd
• https://github.com/filebrowser/filebrowser/releases/latest
• https://kodcloud.com/
• https://nextcloud.com/
• https://owncloud.com/products/
• https://www.seafile.com/home/

堡垒机

• https://github.com/jumpserver/jumpserver
• https://github.com/jumpserver/jumpserver
• https://github.com/jx-sec/jxotp
• https://github.com/liftoff/GateOne
• https://github.com/triaquae/CrazyEye
• https://tp4a.com/
• https://www.tosec.com.cn/

威胁检测

• https://github.com/RoomaSec/RmEye

安全开发

• https://github.com/Tencent/secguide
• https://github.com/momosecurity/rhizobia_J
• https://github.com/momosecurity/rhizobia_P
• https://github.com/openstack/bandit/releases/

安全运维

• https://code.google.com/archive/p/opendlp/
• https://github.com/HandsomeOne/Scout
• https://github.com/cuckoosandbox/cuckoo
• https://github.com/qunarcorp/open_dnsdb
• https://github.com/ytisf/theZoo

欺骗防御

• https://github.com/4ra1n/mysql-fake-server
• https://github.com/BeichenDream/MysqlT
• https://github.com/BeichenDream/WhetherMysqlSham
• https://github.com/C4o/Juggler
• https://github.com/LiAoRJ/CS_fakesubmit
• https://github.com/NS-Sp4ce/MoAn_Honey_Pot_Urls
• https://github.com/decoymini/DecoyMini
• https://github.com/dushixiang/evil-mysql-server
• https://github.com/fnmsd/MySQL_Fake_Server
• https://github.com/hacklcx/HFish
• https://github.com/handbye/potmanager
• https://github.com/mushorg/conpot
• https://github.com/seccome/Ehoney
• https://github.com/wendell1224/ide-honeypot

漏洞情报管理平台

• https://github.com/menglike/bug_search

漏洞管理

• https://gitee.com/gy071089/SecurityManageFramwork
• https://github.com/233sec/laravel-src
• https://github.com/DefectDojo/django-DefectDojo
• https://github.com/creditease-sec/insight
• https://github.com/jeffzh3ng/Fuxi-Scanner
• https://github.com/martinzhou2015/SRCMS
• https://github.com/ysrc/xunfeng

演练

勒索

• https://github.com/deadPix3l/CryptSky

相关资源

• https://github.com/AnyeDuke/Enterprise-Security-Skill
• https://github.com/Bypass007/Safety-Project-Collection
• https://github.com/FeeiCN/Security-PPT
• https://github.com/birdhan/SecurityProduct

网站监测

• https://github.com/mangenotwork/website-monitor
• https://github.com/msgbyte/tianji

网络安全大模型

• https://github.com/Clouditera/secgpt

网络流量分析

• https://github.com/20142995/traffic_extraction
• https://github.com/stamparm/maltrail
• https://www.kismetwireless.net/
• https://www.zeek.org

自动化代码审计

• https://find-sec-bugs.github.io/
• https://github.com/WhaleShark-Team/cobra
• https://github.com/yingshang/banruo
• https://github.com/zsdlove/Hades
• https://sourceforge.net/projects/visualcodegrepp/

蜜罐技术

• https://github.com/DinoTools/dionaea
• https://github.com/cowrie/cowrie
• https://github.com/desaster/kippo
• https://github.com/dtag-dev-sec/tpotce
• https://github.com/gbrindisi/wordpot
• https://github.com/hacklcx/HFish
• https://github.com/honeynet/beeswarm
• https://github.com/jordan-wright/elastichoney
• https://github.com/mushorg/conpot
• https://github.com/mushorg/glastopf
• https://github.com/p1r06u3/opencanary_web
• https://github.com/rmb122/rogue_mysql_server
• https://github.com/threatstream/shockpot

资产管理

• https://docs.saltstack.com/en/latest/
• https://github.com/Cryin/AssetsView
• https://github.com/Tencent/bk-cmdb
• https://github.com/bongmu/OpsManage
• https://www.ansible.com/

钓鱼网站系统

• https://github.com/SecurityPaper/mail_fishing
• https://github.com/gophish/gophish
• https://github.com/hacklcx/HFish
• https://github.com/p1r06u3/phishing
• https://github.com/pow1e/pfish
• https://github.com/rsmusllp/king-phisher
• https://github.com/thelinuxchoice/blackeye
• https://www.phishingfrenzy.com/

靶场

IOT漏洞

• https://github.com/firmianay/IoT-vulhub

web基础

• https://github.com/WebGoat/WebGoat
• https://github.com/WebGoat/WebGoat-Legacy
• https://github.com/cr0hn/vulnerable-node
• https://github.com/digininja/DVWA
• https://github.com/incredibleindishell/SSRF_Vulnerable_Lab
• https://github.com/stamparm/DSVW
• https://github.com/zhuifengshaonianhanlu/pikachu

web基础+部分业务

• https://github.com/f4cknet/pyhackme

web基础漏洞

• https://dvwa.co.uk/
• https://github.com/0verSp4ce/DoraBox
• https://github.com/710leo/ZVulDrill
• https://github.com/Audi-1/sqli-labs
• https://github.com/adamdoupe/WackoPicko
• https://github.com/aj00200/xssed
• https://github.com/bugku/BWVS
• https://github.com/c0ny1/upload-labs
• https://github.com/c0ny1/vulstudy
• https://github.com/c0ny1/xxe-lab

应用漏洞

• https://github.com/Hackademic/hackademic
• https://github.com/Medicean/VulApps
• https://github.com/cider-security-research/cicd-goat
• https://github.com/cliffe/secgen
• https://github.com/fofapro/vulfocus
• https://github.com/j3ers3/Hello-Java-Sec
• https://github.com/lokerxx/JavaVul
• https://github.com/vulhub/vulhub

风控系统

• https://gitee.com/freshday/radar
• https://github.com/momosecurity/aswan
• https://github.com/sunpeak/riskcontrol
• https://github.com/threathunterX/nebula
• https://github.com/youseries/urule
• https://github.com/ysrc/Liudao
• https://www.drools.org

安全服务

渗透测试报告辅助

• https://github.com/20142995/PentestReport

安全检查

基线

• https://github.com/Amulab/CAudit
• https://github.com/DeEpinGh0st/WindowsBaselineAssistant
• https://github.com/jeremylong/DependencyCheck
• https://github.com/shouc/daudit
• https://github.com/xiaoyunjie/Shell_Script

应急

Web层面

webshell后门

• http://www.shelldetector.com/
• https://github.com/c0ny1/java-memshell-scanner
• https://github.com/chiruom/Webshell_finder
• https://github.com/cys3c/BackdoorMan
• https://github.com/he1m4n6a/findWebshell
• https://github.com/intbjw/webshell-decryptor
• https://github.com/kunwu2023/kunwu
• https://github.com/mornone/webshell-find-tools
• https://github.com/virink/as_scanwebshell
• https://www.d99net.net
• https://www.shellpub.com/
• https://github.com/10000Tigers/BlueHound

内存马查杀

• https://github.com/10000Tigers/BlueHound
• https://github.com/4ra1n/shell-analyzer
• https://github.com/LandGrey/copagent
• https://github.com/alibaba/arthas
• https://github.com/huoji120/DuckMemoryScan
• https://github.com/r00t4dm/aLIEz
• https://github.com/yzddmr6/ASP.NET-Memshell-Scanner
• https://github.com/zzhorc/tomcat_memshell_scanner0.2

在线webshell查杀

• http://tools.bugscaner.com/killwebshell/
• https://n.shellpub.com/
• https://www.d99net.net/

威胁情报

IP分析

• https://github.com/CRED-CLUB/ARTIF
• https://github.com/wgpsec/tig

暗网监测

• https://github.com/s045pd/DarkNet_ChineseTrading

钓鱼监测

• https://github.com/x0rz/phishing_catcher

应用日志分析

• https://github.com/OSTEsayed/OSTE-Web-Log-Analyzer
• https://github.com/mthbernardes/ARTLAS

样本

• https://github.com/vxunderground/MalwareSourceCode

相关资源

• https://github.com/Bypass007/Emergency-Response-Notes
• https://github.com/Just-Hack-For-Fun/Windows-INCIDENT-RESPONSE-COOKBOOK
• https://github.com/Xuno1/Emergency-response-toolset
• https://github.com/theLSA/emergency-response-checklist
• https://github.com/wpsec/Emergency-response-notes

系统层面

DLL劫持

• https://github.com/cyberark/DLLSpy

Linux应急工具

• http://rkhunter.sourceforge.net/
• https://github.com/Ashro-one/Ashro_linux
• https://github.com/P4ck/Emergency
• https://github.com/al0ne/LinuxCheck
• https://github.com/alexandreborges/malwoverview
• https://github.com/enomothem/Whoamifuck
• https://github.com/evilsocket/uroboros
• https://github.com/grayddq/GScan
• https://github.com/heikanet/whohk
• https://github.com/tide-emergency/yingji
• https://github.com/wgpsec/whohk
• https://rkhunter.sourceforge.net/

Windows应急工具

windows日志分析

• https://github.com/BoyChai/FuckEventvwr
• https://github.com/Fheidt12/Windows_Log
• https://github.com/Qihoo360/WatchAD2.0
• https://github.com/Yamato-Security/WELA
• https://github.com/ahmedkhlief/APT-Hunter
• https://github.com/dogadmin/windodws-logs-analysis
• https://www.microsoft.com/en-us/download/details.aspx?id=24659
• https://www.nirsoft.net/utils/full_event_log_view.html

信息采集

• https://github.com/Fheidt12/Windows_Memory_Search
• https://github.com/MountCloud/FireKylin
• https://github.com/SwiftOnSecurity/sysmon-config
• https://github.com/i11us0ry/winlog
• https://github.com/travisfoley/dfirtriage

其他

• https://docs.microsoft.com/zh-cn/sysinternals/downloads/

内核小工具

• https://github.com/ClownQq/YDArk

异常检测

• https://github.com/RoomaSec/RmTools

综合

• https://github.com/FindAllTeam/FindAll
• https://github.com/m-sec-org/d-eyes
• https://github.com/reto18052015/YingJiXiangYing

进程监控

• https://processhacker.sourceforge.io/

勒索病毒在线分析

• https://edr.sangfor.com.cn/#/information/ransom_search
• https://guanjia.qq.com/pr/ls/
• https://lesuo.venuseye.com.cn/
• https://lesuobingdu.360.cn/
• https://lesuobingdu.qianxin.com/

勒索软件

解密工具

• https://github.com/jiansiting/Decryption-Tools

在线病毒分析

• http://www.scanvir.com/
• https://ata.360.net/

病毒在线分析

• https://habo.qq.com/

综合

分析辅助

• https://github.com/HotBoy-java/PotatoTool
• https://github.com/abc123info/BlueTeamTools
• https://potato.gold/navbar/tool/webshellDecrypt/index.php

网络层面

IP信息

• https://github.com/Hackl0us/GeoIP2-CN
• https://github.com/gaoyifan/china-operator-ip
• https://github.com/outmansec/SelfIPAdressQuery

应急响应中心

• http://dhsrc.dhgate.com/
• http://sec.didichuxing.com/
• http://sec.tuniu.com/
• http://security.eastmoney.com/
• http://security.qianmi.com/
• http://security.safedog.cn/index.html
• http://security.wanmei.com/
• https://aq.163.com/
• https://asrc.alibaba.com/#/
• https://beisen.butian.net/
• https://bsrc.baidu.com/views/main/index.html#home
• https://bugbounty.huawei.com/#/home
• https://dida.butian.net/
• https://dxysrc.vulbox.com/
• https://fsrc.fuiou.com/home/index.html
• https://isrc.pingan.com/homePage/index
• https://keep.huoxian.cn/
• https://kysrc.vulbox.com/
• https://llsrc.huolala.cn/#/home
• https://lsrc.vulbox.com/
• https://lxsrc.vulbox.com/
• https://megvii.huoxian.cn/
• https://niosrc.bugbank.cn/
• https://pep.butian.net/
• https://qianxin.butian.net/
• https://qssrc.vulbox.com/
• https://sec.cainiao.com/
• https://sec.ctrip.com/
• https://sec.fadada.com
• https://sec.huazhu.com/
• https://sec.ly.com/
• https://sec.meizu.com/
• https://sec.vip.com/
• https://sec.wacai.com/
• https://sec.wifi.com/
• https://sec.xiaomi.com/
• https://sec.zbj.com/
• https://sec.zto.com/home
• https://security.17zuoye.com/
• https://security.360.cn/
• https://security.58.com/
• https://security.alibaba.com/
• https://security.alipay.com/
• https://security.apple.com/bounty/
• https://security.bilibili.com/
• https://security.bytedance.com/
• https://security.creditease.cn/
• https://security.dbappsecurity.com.cn/
• https://security.dji.com/
• https://security.douyu.com/
• https://security.duxiaoman.com/index.html#/main
• https://security.focuschina.com/
• https://security.guazi.com/
• https://security.hihonor.com/src/#/
• https://security.iflytek.com/
• https://security.immomo.com/
• https://security.intsig.com/
• https://security.iqiyi.com/
• https://security.jd.com/#/
• https://security.jj.cn/
• https://security.kanyun.com/
• https://security.ke.com/
• https://security.kuaikanmanhua.com/
• https://security.kuaishou.com/
• https://security.kugou.com/
• https://security.liepin.com/
• https://security.lixiang.com/index
• https://security.mafengwo.cn/
• https://security.mcd.cn/
• https://security.meituan.com/#/home
• https://security.mogu.com
• https://security.oppo.com/cn/
• https://security.oray.com/
• https://security.pingan.com/
• https://security.rong360.com/#/
• https://security.sangfor.com.cn/
• https://security.shuidihuzhu.com/
• https://security.soulapp.cn/
• https://security.suning.com/ssrc-web/index.jsp
• https://security.t3go.cn/#/home
• https://security.tencent.com/
• https://security.tuhu.cn/
• https://security.unionpay.com/
• https://security.vipkid.com.cn/
• https://security.vivo.com.cn/
• https://security.webank.com/
• https://security.wps.cn/
• https://security.xiaoying.com/
• https://security.ximalaya.com/
• https://security.xunlei.com/
• https://security.zhangmen.com/
• https://security.zhongan.com/#/
• https://security.zsxq.com/
• https://securitytcjf.com/
• https://sfsrc.sf-express.com/
• https://src.100tal.com/
• https://src.bestsign.cn/
• https://src.ceair.com/
• https://src.dmall.com/
• https://src.hellobike.com/index.php
• https://src.tcl.com/zh/index
• https://src.topsec.com.cn/
• https://src.ucloud.cn/
• https://src.uniontech.com/
• https://src.youzan.com/
• https://src.zhaopin.com/
• https://src.zhipin.com/
• https://tdsrc.vulbox.com/
• https://weaversrc.vulbox.com/
• https://www.hikvision.com/cn/support/CybersecurityCenter/
• https://www.niwodai.com/sec/index.do
• https://www.seebug.org/
• https://ysrc.ys7.com/#/home
• https://zrsecurity.ziroom.com/

相关资源

• https://github.com/J0o1ey/BountyHunterInChina
• https://github.com/Mr-xn/RedTeam_BlueTeam_HW
• https://github.com/Purp1eW0lf/Blue-Team-Notes
• https://github.com/vvmdx/Sec-Interview-4-2023

综合

• https://github.com/achiove/BlueTeamTool

逆向

cookie加密

瑞数

• https://github.com/R0A1NG/Botgate_bypass
• https://github.com/wjlin0/riverPass

js逆向

OB解混淆

• https://tool.yuanrenxue.cn/decode_obfuscator

RPC

• https://github.com/jxhczhl/JsRpc
• https://github.com/yint-tech/sekiro-open

cookie hook

• https://github.com/JSREI/js-cookie-monitor-debugger-hook

webpack

• https://gitcode.net/zjq592767809/webpack_ast

靶场

• https://github.com/0ctDay/encrypt-decrypt-vuls
• https://github.com/SwagXz/encrypt-labs

验证码

极验

• https://github.com/daisixuan/Geetest-AST-
• https://github.com/nmsdss/JiYan-Geetest
• https://github.com/nmsdss/JiYanSlide4

win逆向

文件分析

• https://github.com/BlackINT3/OpenArk

安卓逆向

综合分析

• https://down.52pojie.cn/Tools/Android_Tools
• https://github.com/CYRUS-STUDIO/ApkToolPlus

微信小程序逆向

反编译

• https://github.com/Ackites/KillWxapkg
• https://github.com/Cherrison/CrackMinApp
• https://github.com/threecha/wxappUnpacker