本文主要是介绍护网中经常使用的一些工具,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
通用工具
| 工具类型 | 工具地址 |
| 内网扫描 | https://github.com/shadow1ng/fscan |
| 哥斯拉Webshell管理 | https://github.com/BeichenDream/Godzill a |
| ARL 资产侦察灯塔 | https://github.com/TophantTechnology/AR L |
| aliyun-accesskey-Tools | https://github.com/mrknow001/aliyun-acc esskey-Tools |
| PEASS-ng 提权套装 | https://github.com/carlospolop/PEASS-ng |
| nuclei 漏洞扫描器 | https://github.com/projectdiscovery/nuclei |
| railgun 渗透集成化工具 | https://github.com/lz520520/railgun |
| YAKIT 网络安全单兵工具 | https://github.com/yaklang/yakit |
| EHole (棱洞) 3.0 指纹探测工具 | https://github.com/EdgeSecurityTeam/EHo le |
| Traitor 提权工具 | https://github.com/liamg/traitor |
| Stowaway 内网穿透 | https://github.com/ph4ntonn/Stowaway |
| CF 云环境利用框架 | https://github.com/teamssix/cf |
| Naabu 端口扫描 | https://github.com/projectdiscovery/naab u |
| httpx HTTP状态获取 | https://github.com/projectdiscovery/httpx |
| Malleable C2 Profiles | https://github.com/xx0hcd/Malleable-C2-P rofiles |
| shuize(水泽) 信息收集 | https://github.com/0x727/ShuiZe_0x727 |
| 工具类型 | 工具地址 |
| Cloud-Bucket-Leak-Detection- Tools | https://github.com/UzJu/Cloud-Bucket-Lea k-Detection-Tools |
| SharpHostInfo 内网主机探测 | https://github.com/shmilylty/SharpHostInf o |
| pocsuite3 | https://github.com/knownsec/pocsuite3 |
| URLFinder | https://github.com/pingc0y/URLFinder |
| ALLiN 扫描工具 | https://github.com/P1-Team/AlliN |
| ihoneyBakFileScan 备份文件泄露扫 描 | https://github.com/VMsec/ihoneyBakFileSc an_Modify |
| spark(火花) 自动字典生成器 | https://github.com/G0mini/spark |
| Exphub 漏洞利用脚本 | https://github.com/zhzyker/exphub |
| EasyPen 综合利用工具 | https://github.com/lijiejie/EasyPen |
| Dog Tunnel(狗洞)端口映射工具 | https://github.com/vzex/dog-tunnel |
| frp 端口映射工具 | https://github.com/fatedier/frp |
| MYExploit 综合利用工具 | https://github.com/achuna33/MYExploit |
| dirsearch 目录扫描工具 | https://github.com/maurosoria/dirsearch |
| OneForAll 子域收集工具 | https://github.com/shmilylty/OneForAll |
| Cloud-Bucket-Leak-Detection- Tools 云储存利用工具 | https://github.com/UzJu/Cloud-Bucket-Lea k-Detection-Tools |
| ObserverWard 指纹识别工具 | https://github.com/0x727/ObserverWard |
| AtlasC2 C2框架Atlas | https://github.com/Gr1mmie/AtlasC2 |
| Goblin 钓鱼演练工具 | https://github.com/xiecat/goblin |
| 工具类型 | 工具地址 |
| AsamF 资产收集工具 | https://github.com/Kento-Sec/AsamF |
| Httpx IP、 Url批量存活探测 | https://github.com/projectdiscovery/httpx |
| Ghidra 软件逆向工程框架 | https://github.com/NationalSecurityAgenc y/ghidra |
| crack 弱口令爆破工具 | https://github.com/niudaii/crack |
| Empire 后开发框架 | https://github.com/BC-SECURITY/Empire |
| ksubdomain 子域名爆破工具 | https://github.com/knownsec/ksubdomain |
| scan4all 综合扫描 | https://github.com/hktalent/scan4all |
| Kscan 资产测绘工具 | https://github.com/lcvvvv/kscan |
| RedGuard C2流量前置工具 | https://github.com/wikiZ/RedGuard |
| VScan 漏洞扫描工具 | https://github.com/veo/vscan |
| pydictor 字典建立工具 | https://github.com/LandGrey/pydictor |
| AutoPWN Suite 漏扫利用工具 | https://github.com/GamehunterKaan/Auto PWN-Suite |
| CloudFlair 找CF真实IP工具 | https://github.com/christophetd/CloudFlair |
| feroxbuster 目录扫描工具 | https://github.com/epi052/feroxbuster |
| POC-bomber 漏洞检测/利用工具 | https://github.com/tr0uble-mAker/POC-bo mber |
| iox 端口转发工具 | https://github.com/EddieIvan01/iox |
| f8x 一键环境搭建 | https://github.com/ffffffff0x/f8x |
| URL 搜集工具 | https://github.com/lc/gau |
| 工具类型 | 工具地址 |
| 子域名发现工具 | https://github.com/projectdiscovery/subfin der |
| pocassist POC框架 | https://github.com/jweny/pocassist |
| Gobuster 目录文件、 DNS和VHost 爆破工具 | https://github.com/OJ/gobuster |
| Vulmap web漏洞扫描和验证工具 | https://github.com/zhzyker/vulmap |
| ESP32 Wi-Fi攻击工具 | https://github.com/risinek/esp32-wifi-pene tration-tool |
| 牛屎花C2远控 | https://github.com/YDHCUI/manjusaka |
| Amass 资产发现、子域名扫描工具 | https://github.com/OWASP/Amass |
| GitHack Git泄露利用工具 | https://github.com/lijiejie/GitHack |
| subDomainsBrute 子域名爆破工具 | https://github.com/lijiejie/subDomainsBrut e |
| JNDI-Inject-Exploit 反序列化测试工 具 | https://github.com/exp1orer/JNDI-Inject-Ex ploit |
| LadonGo 内网渗透扫描器框架 | https://github.com/k8gege/LadonGo |
| Dismap 资产发现及指纹识别 | https://github.com/zhzyker/dismap |
| afrog 漏洞扫描工具 | https://github.com/zan8in/afrog |
| TruffleHog 敏感信息搜集工具 | https://github.com/trufflesecurity/truffleh og |
| Komo 综合资产收集和漏洞扫描工具 | https://github.com/komomon/Komo |
| xray 被动扫描安全评估工具 | https://github.com/chaitin/xray |
| AppInfoScanner 移动端信息收集扫 描工具 | https://github.com/kelvinBen/AppInfoScan ner |
| Linux提权exp | https://github.com/Al1ex/LinuxEelvation |
| 工具类型 | 工具地址 |
| Packer Fuzzer Webpack网站扫描工 具 | https://github.com/rtcatc/Packer-Fuzzer |
| Polaris 信息搜集与漏洞利用框架 | https://github.com/doimet/Polaris |
| geacon_pro 免杀工具 | https://github.com/H4de5-7/geacon_pro |
| spp 隧道代理工具 | https://github.com/esrrhs/spp |
| Payer 子域名挖掘机 | https://github.com/Pik-sec/Payer |
| MobSF 移动安全测试框架 | https://github.com/MobSF/Mobile-Security -Framework-MobSF |
| ByPassGodzilla/哥斯拉免杀生成 | https://github.com/Tas9er/ByPassGodzilla |
| katana 下一代爬虫框架 | https://github.com/projectdiscovery/katan a |
| SourceDetector 自动发现.map文件 | https://github.com/SunHuawei/SourceDet ector |
| windows提权漏洞检测 | https://github.com/bitsadmin/wesng |
| API未授权扫描插件 | https://github.com/API-Security/APIKit |
| Dirmap web目录扫描工具 | https://github.com/H4ckForJob/dirmap |
| vshell c2主机群管理工具 | https://github.com/veo/vshell |
| Yasso 内网渗透辅助工具集 | https://github.com/sairson/Yasso |
| JSFinder 信息收集接口 | https://github.com/Threezh1/JSFinder |
| Perun 综合扫描器 | https://github.com/WyAtu/Perun |
| AntSword 加载器 | https://github.com/AntSwordProject/AntS word-Loader |
| AntSword | https://github.com/AntSwordProject/antS word |
| 工具类型 | 工具地址 |
| Goby 漏洞扫描 | https://github.com/gobysec/Goby |
| goby exp库 | https://github.com/k3vi-07/goby-exp |
| reNgine 自动侦察框架 | https://github.com/yogeshojha/rengine |
| SatanSword 红队综合渗透框架 | https://github.com/Lucifer1993/SatanSwor d |
| Dirscan 目录扫描 | https://github.com/corunb/Dirscan |
| LSTAR CobaltStrike综合后渗透插件 | https://github.com/lintstar/LSTAR |
| Platypus 交互式反向Shell 管理器 | https://github.com/WangYihang/Platypus |
| Phoenix 新一代目录扫描神器 | https://github.com/Pik-sec/Phoenix |
| RouteVulScan 递归式被动检测脆弱 路径的bp插件 | https://github.com/F6JO/RouteVulScan |
| MDUT 数据库跨平台利用工具 | https://github.com/SafeGroceryStore/MDU T |
| LaZagne 密码凭证收集工具 | https://github.com/AlessandroZ/LaZagne |
| Erfrp frp二开-免杀与隐藏 | https://github.com/Goqi/Erfrp |
| EventCleaner 日志清理 | https://github.com/QAX-A-Team/EventClea ner |
| UACMe Windows bypassUAC | https://github.com/hfiref0x/UACME |
| SCAMagicScan POC漏洞扫描工具 | https://github.com/SCAMagic/SCAMagicSc an |
| ENScan Go 企业信息搜集工具 | https://github.com/wgpsec/ENScan_GO |
| ThunderSearch 闪电搜索器 | https://github.com/xzajyjs/ThunderSearch |
| EmailAll 邮箱收集工具 | https://github.com/Taonn/EmailAll |
| 工具类型 | 工具地址 |
| finger 资产识别工具 | https://github.com/EASY233/Finger |
| apk扫描器 | https://github.com/dwisiswant0/apkleaks |
| Neo-reGeorg 代理工具 | https://github.com/L-codes/Neo-reGeorg |
| blasting 图形化后台爆破工具 | https://github.com/gubeihc/blasting |
| HaE 敏感信息收集burp插件 | https://github.com/gh0stkey/HaE |
| powershell免杀混淆 | https://github.com/H4de5-7/powershell-o bfuscation |
| Bundler-bypass 免杀捆绑器 | https://github.com/H4de5-7/Bundler-bypa ss |
| java图形化漏洞利用工具集 | https://github.com/savior-only/javafx_tools |
漏洞利用
| 漏洞产品 | 工具地址 |
| SpringBootExploit | https://github.com/0x727/SpringBoot Exploit |
| Springboot漏洞全家桶 | https://github.com/woodpecker-apps tore/springboot-vuldb |
| Log4j2Scan | https://github.com/whwlsfb/Log4j2Sc an |
| ShiroExploit | https://github.com/feihong-cs/ShiroE xploit-Deprecated |
| ShiroAttack2 | https://github.com/SummerSec/Shiro Attack2 |
| thinkphp_gui_tools | https://github.com/bewhale/thinkphp _gui_tools |
| Fastjson-Patrol | https://github.com/ce-automne/Fastjs onPatrol |
| 漏洞产品 | 工具地址 |
| Vmware虚拟化漏洞利用 (HCX/vCenter/NSX/Horizon/vRealize) | https://github.com/NS-Sp4ce/Vm4J |
| Struts2-Scan 漏洞检测 | https://github.com/HatBoy/Struts2-Sc an |
| Fastjson 扫描器 | https://github.com/a1phaboy/Fastjso nScan |
| 致远OA综合利用工具 | https://github.com/Summer177/seey on_exp |
| 泛微OA综合利用脚本 | https://github.com/z1un/weaver_exp |
微信公众号
扫一扫关注CatalyzeSec公众号
加入我们的星球,我们能提供:
1对1就业指导、面试模拟、Golang工具开发学习、Fofo高级会员、各公众号历史文章合集、各种网络安全电子书、面试题合集、最新poc、exp、最常用工具推荐、开放交流环境,解决成员问题。
这篇关于护网中经常使用的一些工具的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
