Awesome-Redteam

【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读法律法规。

👍 means recommand 推荐使用

to be continued...

Roadmap

目录 Contents

Roadmap
目录 Contents
项目导航 Project Navigation
开源导航 Open-Source Navigation
信息收集 Reconnaissance
漏洞研究 Vulnerability Research
- 漏洞环境 Vulnerable Environments
- PoC Proof of Concept
  - PoC/ExP
  - PoC Templates
漏洞利用 Vulnerability Exploits
渗透测试 Penetration Testing
内网渗透 Red Teaming and Offensive Security
域渗透 Active Directory Penetration
防御性安全 Blue Teaming and Defensive Security
云安全 Cloud Security
AI 安全 AI Security
- AI 安全矩阵 AI Threat Matrix
提高生产力的辅助工具
- LLM
提高生产力的使用姿势

项目导航 Project Navigation

速查文档 CheatSheets

戳这里 Click Here

DefaultCreds-Cheat-Sheet.csv
Huawei-iBMC-DefaultCreds.csv
Huawei-Product-Cheat-Sheet.csv
WeakPassword-Cheat-Sheet.csv
安全厂商及官网链接速查.txt

一些代码 Scripts

戳这里 Click Here

ShellcodeWrapper: Shellcode加密
AntivirusScanner: 杀软进程检测脚本
runtime-exec-payloads.html: java.lang.Runtime.exec() Payloads生成 
Ascii2Char: ASCII码和字符互相转换脚本 修改webshell文件名密码 
Weakpass_Generator: 在线弱密码生成工具 汉化版
Godzilla_Decryptor: 哥斯拉流量解密
Behinder4_Key_Bruteforce: 冰蝎4密钥爆破
Flask_Session_Decryptor: Flask session注入解密

攻防知识 Tips

戳这里 Click Here

信息收集-敏感信息收集
内网渗透-免杀
内网渗透-隐藏
内网渗透-Pentesting AD Mindmap
安全架构-网络攻击与防御图谱
平台搭建-DNS Log
流量分析-CobaltStrike
流量分析-Webshell
社会工程学-钓鱼邮件主题汇总
逆向分析-微信小程序反编译

开源导航 Open-Source Navigation

编解码/加解密 Cryptography

在线工具 Online Tools

离线工具 Offline Tools

编码/解码 Encode/Decode

http://code.mcdvisa.com/ Chinese Commercial Code 标准中文电码
https://www.compart.com/en/unicode/ Unicode
http://web.chacuo.net/charsetuuencode UUencode
https://tool.chinaz.com/tools/escape.aspx Escape/Unescape
https://zh.rakko.tools/tools/21/ HTML Entity Encode

正则表达式 Regular Expressions

哈希算法 Hash Crack

公钥密码算法 RSA

https://www.ssleye.com/ssltool/
https://www.lddgo.net/en/encrypt/rsa works with .pem

国密算法 SM

hutool-crypto: https://github.com/dromara/hutool hutool-crypto 模块，提供对称、非对称和摘要算法封装
GmSSL: https://github.com/guanzhi/GmSSL SM2/SM3/SM4/SM9/SSL
gmssl-python: https://github.com/gongxian-ding/gmssl-python SM2/SM3/SM4/SM9

网络空间测绘 Cyberspace Search Engine

综合工具 Nice Tools

网页/端口 Web/Ports

Wayback Machine: https://web.archive.org/ web pages saved over time
VisualPing: https://visualping.io/ website changes monitor
Dark Web Exposure: https://www.immuniweb.com/darkweb/
SG TCP/IP: https://www.speedguide.net/ports.php ports database

谷歌搜索 Google Hacking

https://www.exploit-db.com/google-hacking-database Google Hacking Database
https://github.com/cipher387/Dorks-collections-list Google Hacking Database
https://cxsecurity.com/dorks/ Google Hacking Database
https://dorks.faisalahmed.me/ Google Hacking Online
https://pentest-tools.com/information-gathering/google-hacking Google Hacking Online
http://advangle.com/ Google Hacking Online
https://0iq.me/gip/ Google Hacking Online
https://github.com/obheda12/GitDorker Google Hacking Cli
https://github.com/six2dez/dorks_hunter Google Hacking Cli

Github 搜索 Github Dork

https://github.com/search/advanced Github Dork
https://github.com/obheda12/GitDorker Github Dork
https://github.com/damit5/gitdorks_go Github Dork

开源情报 Open-Source Intelligence

综合工具 Nice Tools

OSINT Resource List: https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list
OSINT Framework: https://osintframework.com/
OSINT Handbook: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf

威胁情报 Threat Intelligence

Virustotal: https://www.virustotal.com/
腾讯哈勃分析系统: https://habo.qq.com/tool/index
微步在线威胁情报: https://x.threatbook.com/
奇安信威胁情报: https://ti.qianxin.com/
360 威胁情报: https://ti.360.net/
网络安全威胁信息共享平台: https://share.anva.org.cn/web/publicity/listPhishing
安恒威胁情报: https://ti.dbappsecurity.com.cn/
火线安全平台: https://www.huoxian.cn
知道创宇黑客新闻流: https://hackernews.cc/
SecWiki 安全信息流: https://www.sec-wiki.com/

漏洞披露 Disclosed Vulnerabilities

国家信息安全漏洞库: https://www.cnnvd.org.cn/
国家互联网应急中心: https://www.cert.org.cn/
360 网络安全响应中心: https://cert.360.cn/
知道创宇漏洞库: https://www.seebug.org/
长亭漏洞库: https://stack.chaitin.com/vuldb/
阿里云漏洞库: https://avd.aliyun.com/high-risk/list
PeiQi 漏洞库: https://peiqi.wgpsec.org/
Hackerone: https://www.hackerone.com/
CVE: https://cve.mitre.org/
National Vulnerability Database: https://nvd.nist.gov/
Vulnerability & Exploit Database: https://www.rapid7.com/db/
Packet Storm's file archive: https://packetstormsecurity.com/files/tags/exploit
Shodan: https://cvedb.shodan.io/cves stay updated with CVEs curl https://cvedb.shodan.io/cves | jq '[.cves[] | select(.cvss > 8)]'
CVEShield: https://www.cveshield.com/ latest trending vulnerabilities

接口检索 API Search

https://www.postman.com/explore/ public API
https://rapidapi.com/ public API
https://serene-agnesi-57a014.netlify.app/ discover secret API keys:

源代码检索 Source Code Search

开源资源 Open-Source Resources

社区/知识库 Communities/Knowledge Base

先知社区: https://xz.aliyun.com/
Infocon: https://infocon.org/
ffffffff0x 安全知识框架: https://github.com/ffffffff0x/1earn
狼组公开知识库: https://wiki.wgpsec.org/
Mitre ATT&CK matrices: https://attack.mitre.org/matrices/enterprise
Mitre ATT&CK techniques: http://attack.mitre.org/techniques/enterprise/
Hacking Articles: https://www.hackingarticles.in/
PostSwigger Blog: https://portswigger.net/blog
InGuardians Labs Blog: https://www.inguardians.com/
Pentest Workflow: https://pentest.mxhx.org/
Pentest Cheatsheet: https://pentestbook.six2dez.com/

思维导图/备忘录 Mindmap/Cheat Sheets

https://cheatsheets.zip/ Cheat Sheets for Developers
https://learnxinyminutes.com/ Programming/Toolkit/Command/OS/Shortcuts cheat sheet
https://github.com/Ignitetechnologies/Mindmap/ Cyber Security Mindmap
https://html5sec.org/ HTML5 Security Cheatsheet
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg AD attack&defense mindmaps
https://wadcoms.github.io/ Windows/AD cheat sheet

进攻性安全 Red Teaming and Offensive Security

防御性安全 Blue Teaming and Defensive Security

https://github.com/Purp1eW0lf/Blue-Team-Notes

操作安全 Operation Security

https://github.com/WesleyWong420/OPSEC-Tradecraft

信息收集 Reconnaissance

综合工具 Nice Tools

AlliN: https://github.com/P1-Team/AlliN
fscan: https://github.com/shadow1ng/fscan
TscanPlus: https://github.com/TideSec/TscanPlus
kscan: https://github.com/lcvvvv/kscan
Kunyu: https://github.com/knownsec/Kunyu
OneForAll: https://github.com/shmilylty/OneForAll
ShuiZe: https://github.com/0x727/ShuiZe_0x727
FofaX: https://github.com/xiecat/fofax
Fofa Viewer: https://github.com/wgpsec/fofa_viewer
ENScan_GO: https://github.com/wgpsec/ENScan_GO
Amass: https://github.com/owasp-amass/amass

IP/域名/子域名 IP/Domain/Subdomain

IP:
Multi Ping:
IP to Domain:
Whois:
DNS:
ASN:
TLS/SSL Certificat :
- https://censys.io
- https://crt.sh

指纹 Fingerprint

指纹库 Fingerprint Collection

指纹识别 Fingerprint Reconnaissance

WAF 识别 Waf Checks

扫描/爆破 Brute Force

扫描/爆破工具 Brute Force Tools

扫描/爆破字典 Brute Force Dictionaries

字典生成 Generate a Custom Dictionary

Online:
- Generate wordlists: https://weakpass.com/generate
- Generate subdomains and wordlists: https://weakpass.com/generate/domains
- 汉字转拼音: https://www.aies.cn/pinyin.htm
- 密码猜解: https://www.hacked.com.cn/pass.html
Private Deployment:
- Generate wordlists(offline): https://github.com/zzzteph/weakpass
- Generate subdomains and wordlists(offline): https://github.com/zzzteph/probable_subdomains
Offline:
- pydictor: https://github.com/LandGrey/pydictor/
- crunch:
  - Kali/Linux: https://sourceforge.net/projects/crunch-wordlist
  - Windows: https://github.com/shadwork/Windows-Crunch

默认口令查询 Default Credentials

Default Credentials Cheat Sheet: https://github.com/ihebski/DefaultCreds-cheat-sheet 3468 default creds
datarecovery: https://datarecovery.com/rd/default-passwords/ online
cirt.net: https://cirt.net/passwords online
Online Router Passwords:

社会工程学 Social Engineering

凭据泄露 Leaked Credentials

移动端 Mobile

漏洞研究 Vulnerability Research

漏洞环境 Vulnerable Environments

基础漏洞 Basic Vulnerabilities

Sqli-labs: https://github.com/Audi-1/sqli-labs
Upload-labs: https://github.com/c0ny1/upload-labs
Xss-labs: https://github.com/do0dl3/xss-labs
DVWA: https://github.com/digininja/DVWA
WebGoat: https://github.com/WebGoat/WebGoat
encrypt-labs: https://github.com/SwagXz/encrypt-labs AES/DES/RSA

综合漏洞 Comprehensive Vulnerabilities

Vulhub: https://vulhub.org/
ichunqiu: https://yunjing.ichunqiu.com/
HackTheBox: https://www.hackthebox.com/
OWASP Top10: https://owasp.org/www-project-juice-shop/
Vulstudy: https://github.com/c0ny1/vulstudy 17 platform based on docker
Vulfocus: https://github.com/fofapro/vulfocus
FastJsonParty: https://github.com/lemono0/FastJsonParty

工控环境 Vulnerable IoT Environment

IoT-vulhub: https://github.com/firmianay/IoT-vulhub

域环境 Vulnerable Active Directory Environment

Game of active directory: https://github.com/Orange-Cyberdefense/GOAD

PoC Proof of Concept

Be careful Malware，POC 库最新的 CVE 可能存在投毒风险。

PoC/ExP

PoC Templates

漏洞利用 Vulnerability Exploits

综合工具 Nice Tools

代码审计 Code Audit

tabby: https://github.com/wh1t3p1g/tabby

反序列化 Deserialization

Java

PHP

https://github.com/ambionics/phpggc PHP unserialize() payloads

数据库 Database

Redis

MySQL

https://github.com/SafeGroceryStore/MDUT multiple database utilization tools
https://github.com/4ra1n/mysql-fake-server
https://github.com/dushixiang/evil-mysql-server
https://github.com/fnmsd/MySQL_Fake_Server

Oracle

odat: https://github.com/quentinhardy/odat RCE
sqlplus: https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html xxx as sysdba

MSSQL

信息泄露 Information Disclosure

GitHack(py3): https://github.com/lijiejie/GitHack .git folder disclosure exploit
GitHack(py2 or upgrade the code): https://github.com/BugScanTeam/GitHack .git folder disclosure exploit(recommand)
dvcs-ripper: https://github.com/kost/dvcs-ripper .svn、.hg、.cvs disclosure
ds_store_exp: https://github.com/lijiejie/ds_store_exp .DS_Store disclosure
Hawkeye: https://github.com/0xbug/Hawkeye gitHub sensitive information leakage monitor Spider

CMS/OA

TongdaScan_go https://github.com/Fu5r0dah/TongdaScan_go
Apt_t00ls: https://github.com/White-hua/Apt_t00ls
OA-EXPTOOL: https://github.com/LittleBear4/OA-EXPTOOL
DecryptTools: https://github.com/wafinfo/DecryptTools 22 种加解密
ncDecode: https://github.com/1amfine2333/ncDecode 用友 NC 解密
PassDecode-jar: https://github.com/Rvn0xsy/PassDecode-jar 帆软/致远解密
ezOFFICE_Decrypt: https://github.com/wafinfo/ezOFFICE_Decrypt 万户解密
LandrayDES: https://github.com/zhutougg/LandrayDES 蓝凌 OA 解密

中间件/应用层 Middleware/Application

Confluence

ConfluenceMemshell: https://github.com/Lotus6/ConfluenceMemshell
CVE-2022-26134 Memshell: https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
CVE-2023-22527 Memshell: https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL

Druid

DruidCrack: https://github.com/rabbitmask/DruidCrack
druid_sessions: https://github.com/yuyan-sec/druid_sessions

Fastjson

fastjson-exp: https://github.com/amaz1ngday/fastjson-exp

GitLab

CVE-2021-22205: https://github.com/Al1ex/CVE-2021-22205/

Nacos

NacosRce: https://github.com/c0olw/NacosRce/
nacosleak: https://github.com/a1phaboy/nacosleak
nacosScan:https://github.com/Whoopsunix/nacosScan
NacosExploitGUI: https://github.com/charonlight/NacosExploitGUI

Nps

nps-auth-bypass: https://github.com/carr0t2/nps-auth-bypass

Java

jdwp-shellifier: python2 https://github.com/IOActive/jdwp-shellifier
jdwp-shellifier: https://github.com/Lz1y/jdwp-shellifier

Shiro

Shiro rememberMe Decrypt: https://vulsee.com/tools/shiroDe/shiroDecrypt.html
shiro_attack: https://github.com/j1anFen/shiro_attack
shiro_rce_tool: https://github.com/wyzxxz/shiro_rce_tool
ShiroExploit: https://github.com/feihong-cs/ShiroExploit-Deprecated
ShiroExp: https://github.com/safe6Sec/ShiroExp
shiro_key: https://github.com/yanm1e/shiro_key 1k+

Struts

Struts2VulsTools: https://github.com/shack2/Struts2VulsTools

Spring Boot

SpringBoot-Scan: https://github.com/AabyssZG/SpringBoot-Scan
SpringBootVulExploit: https://github.com/LandGrey/SpringBootVulExploit
CVE-2022-22963 https://github.com/mamba-2021/EXP-POC/tree/main/Spring-cloud-function-SpEL-RCE
CVE-2022-22947/CVE-2022-22963: https://github.com/savior-only/Spring_All_Reachable
swagger-exp: https://github.com/lijiejie/swagger-exp
jasypt decrypt: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption
heapdump_tool: https://github.com/wyzxxz/heapdump_tool
Memory Analyzer: https://eclipse.dev/mat/download/
JDumpSpider:https://github.com/whwlsfb/JDumpSpider

Tomcat

CVE-2020-1938: https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi
ClassHound: https://github.com/LandGrey/ClassHound

Thinkphp

ThinkphpGUI: https://github.com/Lotus6/ThinkphpGUI
thinkphp_gui_tools: https://github.com/bewhale/thinkphp_gui_tools

Weblogic

WeblogicTool: https://github.com/KimJun1010/WeblogicTool
WeblogicScan: https://github.com/dr0op/WeblogicScan
WeblogicScan: https://github.com/rabbitmask/WeblogicScan
weblogicScanner: https://github.com/0xn0ne/weblogicScanner
weblogic-framework: https://github.com/sv3nbeast/weblogic-framework
CVE-2020-14882: https://github.com/zhzyker/exphub/blob/master/weblogic/cve-2020-14882_rce.py

WebSocket

wscat: https://github.com/websockets/wscat

vCenter

VcenterKiller: https://github.com/Schira4396/VcenterKiller
VcenterKit:https://github.com/W01fh4cker/VcenterKit

Zookeeper

ZooInspector: https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
apache-zookeeper: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.6/ zkCli.sh

渗透测试 Penetration Testing

综合工具 Nice Tools

Yakit: https://github.com/yaklang/yakit
Burpsuite: https://portswigger.net/burp

渗透插件 Extensions

Chrome

ZeroOmega: https://github.com/zero-peak/ZeroOmega proxy switchyOmega for manifest v3
serp-analyzer: https://leadscloud.github.io/serp-analyzer/ show domain/IP
FindSomething: https://github.com/ResidualLaugh/FindSomething find something in source code or javascript
Hack Bar:https://github.com/0140454/hackbar
Wappalyzer: https://www.wappalyzer.com/ identify technologies on websites
EditThisCookie:https://www.editthiscookie.com/
Cookie-Editor:https://github.com/Moustachauve/cookie-editor
Disable JavaScript: https://github.com/dpacassi/disable-javascript
Heimdallr: https://github.com/Ghr07h/Heimdallr for honeypot
anti-honeypot:https://github.com/cnrstar/anti-honeypot for honeypot
immersive-translate: https://github.com/immersive-translate/immersive-translate/ translator
relingo: https://cn.relingo.net/en/ translator
json-formatter: https://github.com/callumlocke/json-formatter
markdown-viewer: https://github.com/simov/markdown-viewer

Burpsuite

HaE: https://github.com/gh0stkey/HaE highlighter and extractor
Log4j2Scan: https://github.com/whwlsfb/Log4j2Scan for Log4j
RouteVulScan: https://github.com/F6JO/RouteVulScan route vulnerable scanning
BurpCrypto: https://github.com/whwlsfb/BurpCrypto support AES/RSA/DES/ExecJs
domain hunter: https://github.com/bit4woo/domain_hunter_pro domain hunter
BurpAppletPentester: https://github.com/mrknow001/BurpAppletPentester sessionkey decryptor

辅助工具 Auxiliary Tools

工具集 Open-Source Toolkit

带外通道 DNSLog

dig.pm: https://dig.pm/
ceye.io: http://ceye.io/
dnslog.cn: http://dnslog.cn/
Alphalog: dns/http/rmi/ldap https://github.com/AlphabugX/Alphalog
DNS rebinding: https://lock.cmpxchg8b.com/rebinder.html
DNSLog-GO: https://github.com/lanyi1998/DNSlog-GO

终端优化 Command Line

https://github.com/ohmyzsh/ohmyzsh command line enhancement for zsh
https://github.com/chrisant996/clink command line enhancement for cmd.exe
https://github.com/Eugeny/tabby for Windows
https://github.com/warpdotdev/Warp for Mac
https://github.com/tomnomnom/anew tool for adding new lines to files, skipping duplicates
https://github.com/jlevy/the-art-of-command-line
Linux command line:
- https://github.com/jaywcjlove/linux-command online
- https://github.com/chenjiandongx/pls go ver.
- https://github.com/chenjiandongx/how python ver.
https://explainshell.com/ explain shell command
https://github.com/BurntSushi/ripgrep a line-oriented search tool(faster)

代码美化 Beautifier

生成器 Generator

revshells: https://www.revshells.com/
reverse-shell: https://forum.ywhack.com/reverse-shell/
reverse-shell-generator: https://tex2e.github.io/reverse-shell-generator/index.html
reverse-shell-generator: https://github.com/0dayCTF/reverse-shell-generator
File-Download-Generator: https://github.com/r0eXpeR/File-Download-Generator

SQL 注入 SQL Injection

访问控制 Access Control

403 绕过 Bypass 40X errors

跨站脚本 XSS

XSS Chop: https://xsschop.chaitin.cn/demo/
XSS/CSRF: https://evilcos.me/lab/xssor/

文件包含 File Inclusion

服务端请求伪造 SSRF

https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
https://github.com/tarunkant/Gopherus Gopherus for py2
https://github.com/Esonhugh/Gopherus3 Gopherus for py3

移动端安全 Mobile Security

小程序 Mini Program

应用程序 APK

SessionKey

https://github.com/mrknow001/wx_sessionkey_decrypt

Payload and Bypass

PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
java.lang.Runtime.exec() Payload: https://payloads.net/Runtime.exec/
PHPFuck: https://github.com/splitline/PHPFuck
JSFuck: http://www.jsfuck.com/
JavaScript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/
CVE-2021-44228-PoC-log4j-bypass-words: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

内网渗透 Red Teaming and Offensive Security

基础设施 Infrastructure

f8x: https://github.com/ffffffff0x/f8x red/blue team environment automation deployment tool
cloudreve: https://github.com/cloudreve/Cloudreve self-hosted file management system with muilt-cloud support
updog: https://github.com/sc0tfree/updog uploading and downloading via HTTP/S
mattermost: https://github.com/mattermost/mattermost
rocketchat: https://github.com/RocketChat/Rocket.Chat
codimd: https://github.com/hackmdio/codimd
hedgedoc: https://github.com/hedgedoc/hedgedoc

信息收集 Reconnaissance

netspy: https://github.com/shmilylty/netspy intranet segment spy
SharpHostInfo: https://github.com/shmilylty/SharpHostInfo

凭证获取 Credential Access

凭证转储 Credential Dumping

LaZagne: https://github.com/AlessandroZ/LaZagne
WirelessKeyView: https://www.nirsoft.net/utils/wireless_key.html
Windows credential manager: https://www.nirsoft.net/utils/credentials_file_view.html
Pillager: https://github.com/qwqdanchun/Pillager/
searchall: https://github.com/Naturehi666/searchall
pypykatz: https://github.com/skelsec/pypykatz mimikatz implementation in pure python

本地枚举 Local Enumeration

HackBrowserData: https://github.com/moonD4rk/HackBrowserData
BrowserGhost: https://github.com/QAX-A-Team/BrowserGhost
chrome: http://www.nirsoft.net/utils/chromepass.html
firefox: https://github.com/unode/firefox_decrypt
foxmail: https://securityxploded.com/foxmail-password-decryptor.php
mobaxterm: https://github.com/HyperSine/how-does-MobaXterm-encrypt-password
navicat: https://github.com/Zhuoyuan1/navicat_password_decrypt
navicat: https://github.com/HyperSine/how-does-navicat-encrypt-password
sunflower: https://github.com/wafinfo/Sunflower_get_Password
FindToDeskPass: https://github.com/yangliukk/FindToDeskPass
sundeskQ: sunflower & todesk https://github.com/milu001/sundeskQ
securreCRT: https://github.com/depau/shcrt
xshell:

哈希破解 NTLM Cracking

NetNTLMv1: https://ntlmv1.com/ online
LM + NTLM hashes and corresponding plaintext passwords:
- https://openwall.info/wiki/_media/john/pw-fake-nt.gz 3107
- https://openwall.info/wiki/_media/john/pw-fake-nt100k.gz 100k

后渗透 Post Exploitation

综合工具 Nice Tools

https://github.com/rapid7/metasploit-framework
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/Pennyw0rth/NetExec
https://github.com/fortra/impacket AV Evasion based on wmiexec.py
https://github.com/XiaoliChan/wmiexec-Pro
https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
https://github.com/GhostPack/Rubeus
https://github.com/Kevin-Robertson/Powermad
https://github.com/PowerShellMafia/PowerSploit
https://github.com/k8gege/Ladon
https://github.com/samratashok/nishang for powershell
Cobaltstrike Extensions:
- Awesome CobaltStrike: https://github.com/zer0yu/Awesome-CobaltStrike
- Erebus: https://github.com/DeEpinGh0st/Erebus
- LSTAR: https://github.com/lintstar/LSTAR
- ElevateKit: https://github.com/rsmudge/ElevateKit
- C2ReverseProxy: https://github.com/Daybr4ak/C2ReverseProxy
- pystinger: https://github.com/FunnyWolf/pystinger

二进制库 Binaries and Libraries

LOLBAS: https://github.com/LOLBAS-Project/LOLBAS binaries and scripts for Windows
GTFOBins: https://gtfobins.github.io/ binaries for Unix

权限维持 Persistence

内存马 Webshell Collection

Webshell 管理 Webshell Management

Webshell 免杀 Webshell Bypass

反弹 Shell 管理 Reverse Shell Management

权限提升 Privilege Escalation

Linux 本地枚举 Linux Local Enumeration

Windows 本地枚举 Windows Local Enumeration

Windows 提权 Windows Exploits

Linux 提权 Linux Exploits

数据库提权 Database Exploits

https://github.com/Hel10-Web/Databasetools

防御规避 Defense Evasion

Linux 防御规避 Linux Defense Evasion

libprocesshider: https://github.com/gianlucaborello/libprocesshider hide a process under Linux using the ld preloader
Linux Kernel Hacking: https://github.com/xcellerator/linux_kernel_hacking
tasklist /svc && ps -aux: https://tasklist.ffffffff0x.com/

Windows 防御规避 Windows Defense Evasion

hoaxshell: https://github.com/t3l3machus/hoaxshell
bypassAV: https://github.com/pureqh/bypassAV
GolangBypassAV: https://github.com/safe6Sec/GolangBypassAV
BypassAntiVirus: https://github.com/TideSec/BypassAntiVirus
AV_Evasion_Tool: https://github.com/1y0n/AV_Evasion_Tool
shellcodeloader: https://github.com/knownsec/shellcodeloader
tasklist/systeminfo: https://www.shentoushi.top/av/av.php

内网穿透 Proxy

代理客户端 Proxy Client

Proxifier: https://www.proxifier.com/
Proxychains: https://github.com/haad/proxychains

反向代理 Reverse Proxy

frp: https://github.com/fatedier/frp
frpModify: https://github.com/uknowsec/frpModify
Stowaway: https://github.com/ph4ntonn/Stowaway
Neo-reGeorg: https://github.com/L-codes/Neo-reGeorg
nps: https://github.com/ehang-io/nps
reGeorg: https://github.com/sensepost/reGeorg
rakshasa: https://github.com/Mob2003/rakshasa
Viper: https://github.com/FunnyWolf/Viper

DNS 隧道 DNS Tunnel

iodine: https://github.com/yarrick/iodine
dnscat2: https://github.com/iagox86/dnscat2
DNS-Shell: https://github.com/sensepost/DNS-Shell

ICMP 隧道 ICMP Tunnel

icmpsh: l https://github.com/bdamele/icmpsh

端口转发 Port Forwarding

tcptunnel: https://github.com/vakuum/tcptunnel intranet → dmz → attacker

操作安全 Operation Security

https://privacy.sexy/ enforce privacy & security best-practices on Windows, macOS and Linux.
https://transfer.sh/ anonymous file transfer
https://a.f8x.io/ shorten URLs

域渗透 Active Directory Penetration

域内信息收集 Collection and Discovery

BloodHound:
https://github.com/lzzbb/Adinfo
https://github.com/wh0amitz/SharpADWS via Active Directory Web Services (ADWS) protocol
https://github.com/FalconForceTeam/SOAPHound via Active Directory Web Services (ADWS) protocol

域内漏洞利用 Known Exploited Vulnerabilities

noPac

CVE-2021-42278/CVE-2021-42287

Zerologon

CVE-2020-1472

ProxyLogon/ProxyShell

Printnightmare

CVE-2021-34527/CVE-2021-1675

域内渗透方式 Methodology

Kerbrute

kerbrute: https://github.com/ropnop/kerbrute

DCSync

DCSync: https://github.com/n00py/DCSync

NTLM Relay

PetitPotam: https://github.com/topotam/PetitPotam
PrinterBug: https://github.com/leechristensen/SpoolSample
DFSCoerce: https://github.com/Wh04m1001/DFSCoerce
ShadowCoerce: https://github.com/ShutdownRepo/ShadowCoerce
PrivExchange: https://github.com/dirkjanm/privexchange/
Coercer: https://github.com/p0dalirius/Coercer
cannon: https://github.com/Amulab/cannon
Responder: https://github.com/lgandx/Responder
Responder-Windows: https://github.com/lgandx/Responder-Windows

ADCS

Active Directory Certificate Services

Active Directory Certificate Services(AD CS) enumeration and abuse:
- Certify: https://github.com/GhostPack/Certify
- Certipy: https://github.com/ly4k/Certipy
- certi: https://github.com/zer1t0/certi
- PKINITtools: https://github.com/dirkjanm/PKINITtools
- ADCSPwn: https://github.com/bats3c/ADCSPwn
PassTheCert: https://github.com/AlmondOffSec/PassTheCert

防御性安全 Blue Teaming and Defensive Security

内存马查杀 Memshell Detection

Webshell 查杀 Webshell Detection

攻击研判 Blue Teaming

CobaltStrike Decrypt: https://github.com/5ime/CS_Decrypt
BlueTeamTools: https://github.com/abc123info/BlueTeamTools
IP Logger: https://iplogger.org/ log and track IP Addresses

基线加固 Enforcement

勒索病毒 Ransomware

搜索引擎 Search Engine

360: http://lesuobingdu.360.cn
腾讯: https://guanjia.qq.com/pr/ls
启明星辰: https://lesuo.venuseye.com.cn
奇安信: https://lesuobingdu.qianxin.com
深信服: https://edr.sangfor.com.cn/#/information/ransom_search

解密工具 Decryption Tools

开源蜜罐 Open-Source Honeypot

awesome-honeypots: https://github.com/paralax/awesome-honeypots list of honeypot resources
HFish: https://github.com/hacklcx/HFish
conpot: https://github.com/mushorg/conpot for ICS
MysqlHoneypot: https://github.com/qigpig/MysqlHoneypot via MySQL honeypot to get wechat ID
Ehoney: https://github.com/seccome/Ehoney

逆向工程 Reverse Engineering

综合工具 Nice Tools

https://github.com/BlackINT3/OpenArk anti-rootkit
https://pythonarsenal.com/ reverse toolkit

ELF/EXE

IDA: https://hex-rays.com/ida-pro/
x64DBG: https://x64dbg.com/
Ollydbg: https://www.ollydbg.de/
ExeinfoPE: https://github.com/ExeinfoASL/ASL
PEiD: https://www.aldeid.com/wiki/PEiD
UPX: https://github.com/upx/upx

Java

Python

https://www.py2exe.org/ py->exe
https://github.com/pyinstaller/pyinstaller py->exe
https://github.com/matiasb/unpy2exe exe->pyc
https://github.com/extremecoders-re/pyinstxtractor exe->pyc
https://github.com/rocky/python-uncompyle6/ pyc->py

Rust/Go/.NET

云安全 Cloud Security

开源资源 Resources

TeamsSix:
- https://github.com/teamssix/awesome-cloud-security
- https://wiki.teamssix.com/
lzCloudSecurity:
- https://github.com/EvilAnne/lzCloudSecurity
- https://lzcloudsecurity.gitbook.io/yun-an-quan-gong-fang-ru-men/
HackTricks Cloud: https://cloud.hacktricks.xyz/
Awesome-CloudSec-Labs: https://github.com/iknowjason/Awesome-CloudSec-Labs
Aliyun OpenAPI: https://next.api.aliyun.com/api/
Cloud Native Landscape: https://landscape.cncf.io/
Cloud Vulnerabilities and Security Issues Database: https://www.cloudvulndb.org/

云安全矩阵 Cloud Threat Matrix

云漏洞环境 Vulnerable Cloud Environments

Metarget: https://github.com/Metarget/metarget
TerraformGoat: https://github.com/HXSecurity/TerraformGoat
Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat
Attack Defense: https://attackdefense.pentesteracademy.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-s3
AWSGoat: https://github.com/ine-labs/AWSGoat
CloudGoat: https://github.com/RhinoSecurityLabs/cloudgoat

云服务 Cloud Services

Top3 Cloud Serive Proider：

Amazon Web Services (AWS) / Microsoft Azure /Google Cloud Platform (GCP)

Alibaba Cloud / Tencent Cloud / Huawei Cloud

云管平台 Management Tools

https://yun.cloudbility.com/ 云存储图形化管理平台
https://github.com/aliyun/aliyun-cli for aliyun oss
https://github.com/aliyun/oss-browser via aliyun cli
https://github.com/TencentCloud/cosbrowser for tencentcloud cos
https://github.com/TencentCloud/tencentcloud-cli via tencentcloud cli
https://support.huaweicloud.com/browsertg-obs/obs_03_1003.html for huaweicloud obs
https://www.ctyun.cn/document/10000101/10006768 for ctyun obs
https://www.ctyun.cn/document/10306929/10132519 for ctyun media
https://docsv4.qingcloud.com/user_guide/development_docs/cli/install/install/ via qingcloud cli
https://github.com/qiniu/kodo-browser for qiniu oss

AK/SK 利用 AK/SK Exploit

https://github.com/trufflesecurity/trufflehog find, verify, and analyze leaked credentials
https://wiki.teamssix.com/cf/ exploit framework v0.5.0(open source)
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite fit2cloud CloudExplorer
https://github.com/mrknow001/aliyun-accesskey-Tools
https://github.com/iiiusky/alicloud-tools
https://github.com/NS-Sp4ce/AliyunAccessKeyTools
https://github.com/freeFV/Tencent_Yun_tools
https://github.com/libaibaia/cloudSec web tool for top3 + aws/qiniu
https://github.com/wyzxxz/aksk_tool for top3 + aws/ucloud/jd/baidu/qiniu
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools leak detection
https://github.com/dark-kingA/cloudTools top3 + ucloud

云原生 Cloud Native

综合工具 Nice Tools

https://github.com/HummerRisk/HummerRisk open source cloud-native security platform

容器 Docker

https://github.com/wagoodman/dive exploring each layer in a docker image
https://github.com/docker/docker-bench-security docker bench for security
https://github.com/eliasgranderubio/dagda/ static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats
https://github.com/teamssix/container-escape-check container escape check
https://github.com/brant-ruan/awesome-container-escape container escape check
https://github.com/cdk-team/CDK pentest toolkit
https://github.com/chaitin/veinmind-tools pentest toolkit

集群 Kubernetes

https://kubernetes.io/docs/tasks/tools/
https://github.com/etcd-io/etcd
https://github.com/derailed/k9s kubernetes cli
https://github.com/lightspin-tech/red-kube redteam k8s adversary emulation based on kubectl
https://github.com/DataDog/KubeHound tool for building kubernetes attack paths
https://github.com/inguardians/peirates kubernetes pentest tool

AI 安全 AI Security

AI 安全矩阵 AI Threat Matrix

Nsfocus: https://aiss.nsfocus.com/

提高生产力的辅助工具

LLM

开源资源 Open-Source Resources

提示词 Prompts

部署 Deployment

huggingface: https://huggingface.co/ 大型语言模型下载（AI 界 Github ）
ollama: https://github.com/ollama/ollama 启动并运行大型语言模型
open-webui: https://github.com/open-webui/open-webui 离线 WebUI
enchanted: https://github.com/AugustDev/enchanted 将私有模型部署为应用程序

如果你想通过 ollama 在本地快速部署 LLM，可以参考这套技术栈：

运行大型语言模型：ollama
运行大型语言模型并部署 WebUI：ollama + open-webui
运行大型语言模型并部署应用程序：ollama + enchanted
运行大型语言模型并与本地编辑器集成（例如 Obsidian）：ollama + copilot（Obsidian 插件）
运行大型语言模型并与本地代码编辑器集成（例如 Vscode）： ollama + continue（Vscode 插件）
...

提高生产力的使用姿势

如何快速使用 alias

Windows 创建 alias.bat，激活 conda 虚拟环境，在隔离环境下运行程序或工具。双击 alias.bat，重启 cmd，配置生效。

@echo off
:: Software
@DOSKEY ida64=activate base$t"D:\CTFTools\Cracking\IDA_7.7\ida64.exe"

:: Tools
@DOSKEY fscan=cd /d D:\Software\HackTools\fscan$tactivate security$tdir

将 alias.bat 配置为开机自启动：

注册表进入 计算机\HKEY_CURRENT_USER\Software\Microsoft\Command Processor；
创建字符串值 autorun，赋值为 alias.bat 所在位置，例如 D: \Software\alias.bat；
重启系统，配置生效。

MacOS 编辑 .zshrc，重启 shell，配置生效：

# 3. Control and Command
alias behinder="cd /Users/threekiii/HackTools/C2/Behinder_v4.1/ && /Library/Java/JavaVirtualMachines/jdk-1.8.jdk/Contents/Home/bin/java -jar Behinder.jar "
alias godzilla="cd /Users/threekiii/HackTools/C2/Godzilla_v4.0.1/ && /Library/Java/JavaVirtualMachines/jdk-1.8.jdk/Contents/Home/bin/java -jar godzilla.jar "

如何优化原生终端

Windows 通过 tabby + clink 优化原生终端，实现命令自动补全、vps ssh/ftp/sftp、输出日志记录等功能：

MacOS 通过 warp + ohmyzsh 优化原生终端，warp 自带命令自动补全，引入“块”概念，提供了更现代化的编程体验（Modern UX and Text Editing）：

warp: https://github.com/warpdotdev/Warp
ohmyzsh: https://github.com/ohmyzsh/ohmyzsh

如何解决终端中文乱码

Windows 注册表进入 计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor，创建字符串值 autorun，赋值为 chcp 65001。

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
cheatsheets		cheatsheets
images/README		images/README
scripts		scripts
tips		tips
README.md		README.md

Threekiii/Awesome-Redteam

Folders and files

Latest commit

History

Repository files navigation

Awesome-Redteam

Roadmap

目录 Contents

项目导航 Project Navigation

速查文档 CheatSheets

一些代码 Scripts

攻防知识 Tips

开源导航 Open-Source Navigation

编解码/加解密 Cryptography

在线工具 Online Tools

离线工具 Offline Tools

编码/解码 Encode/Decode

正则表达式 Regular Expressions

哈希算法 Hash Crack

公钥密码算法 RSA

国密算法 SM

网络空间测绘 Cyberspace Search Engine

综合工具 Nice Tools

网页/端口 Web/Ports

谷歌搜索 Google Hacking

Github 搜索 Github Dork

开源情报 Open-Source Intelligence

综合工具 Nice Tools

威胁情报 Threat Intelligence

漏洞披露 Disclosed Vulnerabilities

接口检索 API Search

源代码检索 Source Code Search

开源资源 Open-Source Resources

社区/知识库 Communities/Knowledge Base

思维导图/备忘录 Mindmap/Cheat Sheets

进攻性安全 Red Teaming and Offensive Security

防御性安全 Blue Teaming and Defensive Security

操作安全 Operation Security

信息收集 Reconnaissance

综合工具 Nice Tools

IP/域名/子域名 IP/Domain/Subdomain

指纹 Fingerprint

指纹库 Fingerprint Collection

指纹识别 Fingerprint Reconnaissance

WAF 识别 Waf Checks

扫描/爆破 Brute Force

扫描/爆破工具 Brute Force Tools

扫描/爆破字典 Brute Force Dictionaries

字典生成 Generate a Custom Dictionary

默认口令查询 Default Credentials

社会工程学 Social Engineering

凭据泄露 Leaked Credentials

邮箱 Email

短信 SMS Online

钓鱼 Phishing

移动端 Mobile

漏洞研究 Vulnerability Research

漏洞环境 Vulnerable Environments

基础漏洞 Basic Vulnerabilities

综合漏洞 Comprehensive Vulnerabilities

工控环境 Vulnerable IoT Environment

域环境 Vulnerable Active Directory Environment

PoC Proof of Concept

PoC/ExP

PoC Templates

漏洞利用 Vulnerability Exploits

综合工具 Nice Tools

代码审计 Code Audit

反序列化 Deserialization

Java

PHP

数据库 Database

Redis

MySQL

Oracle

MSSQL

信息泄露 Information Disclosure

CMS/OA

中间件/应用层 Middleware/Application

渗透测试 Penetration Testing