【免责声明】本项目所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,不得将其用于非授权渗透测试,否则后果自行承担,与本项目无关。使用本项目前请先阅读 法律法规。
- 项目导航 Project Navigation
- 开源导航 Open-Source Navigation
- 信息收集 Reconnaissance
- 漏洞研究 Vulnerability Research
- 漏洞利用 Exploits
- 渗透测试 Penertation Testing
- 内网渗透 Red Teaming
- 域渗透 Active Directory Penetration
- 安全防护 Defensive Security
- 云安全 Cloud Security
- AI 安全 AI Security
- 移动端安全 Mobile Security
- 逆向工程 Reverse engineering
- 提高生产力的辅助工具
- 提高生产力的使用姿势
戳这里 Click Here
DefaultCreds-Cheat-Sheet.csv
Huawei-iBMC-DefaultCreds.csv
Huawei-Product-Cheat-Sheet.csv
WeakPassword-Cheat-Sheet.csv
安全厂商及官网链接速查.txt
戳这里 Click Here
ShellcodeWrapper: Shellcode加密
AntivirusScanner: 杀软进程检测脚本
runtime-exec-payloads.html: java.lang.Runtime.exec() Payloads生成
Ascii2Char: ASCII码和字符互相转换脚本 修改webshell文件名密码
Weakpass_Generator: 在线弱密码生成工具 汉化版
Godzilla_Decryptor: 哥斯拉流量解密
Behinder4_Key_Bruteforce: 冰蝎4密钥爆破
Flask_Session_Decryptor: Flask session注入解密
戳这里 Click Here
信息收集-敏感信息收集
内网渗透-免杀
内网渗透-隐藏
内网渗透-Pentesting AD Mindmap
安全架构-网络攻击与防御图谱
平台搭建-DNS Log
流量分析-CobaltStrike
流量分析-Webshell
社会工程学-钓鱼邮件主题汇总
逆向分析-微信小程序反编译
- Online:
- Offline:
- Encode/Decode:
- http://code.mcdvisa.com/ GB2312
- https://www.compart.com/en/unicode/ Unicode
- http://web.chacuo.net/charsetuuencode UUencode
- https://tool.chinaz.com/tools/escape.aspx Escape/Unescape
- https://zh.rakko.tools/tools/21/ HTML Entity Encode
- Regular Expressions:
- Hash:
- RSA:
- https://www.ssleye.com/ssltool/
- https://www.lddgo.net/en/encrypt/rsa works with .pem
- Virustotal: https://www.virustotal.com/
- 腾讯哈勃分析系统: https://habo.qq.com/tool/index
- 微步在线威胁情报: https://x.threatbook.com/
- 奇安信威胁情报: https://ti.qianxin.com/
- 360 威胁情报: https://ti.360.net/
- 网络安全威胁信息共享平台: https://share.anva.org.cn/web/publicity/listPhishing
- 安恒威胁情报: https://ti.dbappsecurity.com.cn/
- 火线安全平台: https://www.huoxian.cn
- 知道创宇黑客新闻流: https://hackernews.cc/
- SecWiki 安全信息流: https://www.sec-wiki.com/
- Fofa: https://fofa.info/
- Shodan: https://www.shodan.io/
- ZoomEye: https://www.zoomeye.org/
- Hunter: https://hunter.qianxin.com/
- Ditecting: https://www.ditecting.com/
- Quake: https://quake.360.cn/quake/
- Censys: https://search.censys.io/
- Netlas: https://app.netlas.io/domains/
- Wayback Machine: https://web.archive.org/ web pages saved over time
- VisualPing: https://visualping.io/ website changes monitor
- Dark Web Exposure: https://www.immuniweb.com/darkweb/
- SG TCP/IP: https://www.speedguide.net/ports.php ports database
- Google Hacking Database:
- Google Hacking Online:
- Google Hacking Cli:
- Github Dork:
- OSINT Resource List: https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list
- OSINT Framework: https://osintframework.com/
- OSINT Handbook: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf
- Public APIs:
- Discover Secret API keys: https://serene-agnesi-57a014.netlify.app/
- Source Code Search Engine:
- Red Teaming and Offensive Security:
- https://www.ired.team/
- https://www.thehacker.recipes/
- https://ppn.snovvcrash.rocks/
- https://book.hacktricks.xyz/
- https://blog.harmj0y.net/
- https://hausec.com/domain-penetration-testing/
- https://dirkjanm.io/
- https://casvancooten.com/
- https://evasions.checkpoint.com/
- https://redteam.guide/docs/definitions
- https://github.com/HadessCS/Red-team-Interview-Questions
- Blue Teaming and Defensive Security:
- Operation Security:
- 国内信息披露平台:
- 国家信息安全漏洞库: https://www.cnnvd.org.cn/
- 国家互联网应急中心: https://www.cert.org.cn/
- 360 网络安全响应中心: https://cert.360.cn/
- 知道创宇漏洞库: https://www.seebug.org/
- 长亭漏洞库: https://stack.chaitin.com/vuldb/
- 阿里云漏洞库: https://avd.aliyun.com/high-risk/list
- PeiQi 漏洞库: https://peiqi.wgpsec.org/
- 国外信息披露平台:
- https://www.hackerone.com/
- https://cve.mitre.org/
- https://nvd.nist.gov/
- https://www.rapid7.com/db/
- https://packetstormsecurity.com/files/tags/exploit
- https://github.com/trickest/cve
- https://cvedb.shodan.io/cves stay updated with CVEs
curl https://cvedb.shodan.io/cves | jq '[.cves[] | select(.cvss > 8)]'
- Exploits 搜索引擎:
- https://sploitus.com/
- https://www.exploit-db.com/ works with
searchsploit <keywords>
- 先知社区: https://xz.aliyun.com/
- Infocon: https://infocon.org/
- ffffffff0x 安全知识框架: https://github.com/ffffffff0x/1earn
- 狼组公开知识库: https://wiki.wgpsec.org/
- Mitre ATT&CK:
- matrices: https://attack.mitre.org/matrices/enterprise
- techniques: http://attack.mitre.org/techniques/enterprise/
- Hacking Articles: https://www.hackingarticles.in/
- PostSwigger Blog: https://portswigger.net/blog
- InGuardians Labs Blog: https://www.inguardians.com/
- Pentest Workflow: https://pentest.mxhx.org/
- Pentest Cheatsheet: https://pentestbook.six2dez.com/
- Programming/Toolkit/Command/OS/Shortcuts Cheatsheets:
- Cyber Security Mindmap: https://github.com/Ignitetechnologies/Mindmap/
- NICE Tools:
- Beautifier:
- Reverse Shell Generator:
- File Download Generator:
- Shorten URLs: https://a.f8x.io/
- AlliN: https://github.com/P1-Team/AlliN
- fscan: https://github.com/shadow1ng/fscan
- TscanPlus: https://github.com/TideSec/TscanPlus
- kscan: https://github.com/lcvvvv/kscan
- Kunyu: https://github.com/knownsec/Kunyu
- OneForAll: https://github.com/shmilylty/OneForAll
- ShuiZe: https://github.com/0x727/ShuiZe_0x727
- FofaX: https://github.com/xiecat/fofax
- Fofa Viewer: https://github.com/wgpsec/fofa_viewer
- ENScan_GO: https://github.com/wgpsec/ENScan_GO
- Amass: https://github.com/owasp-amass/amass
- IP:
- Multi Ping:
- IP to Domain:
- Whois:
- DNS:
- ASN:
- TLS/SSL Certificat :
- Fingerprint Collection:
- Fingerprint Reconnaissance:
- https://github.com/EASY233/Finger
- https://github.com/EdgeSecurityTeam/EHole
- https://github.com/0x727/ObserverWard
- https://github.com/TideSec/TideFinger_Go
- https://github.com/zhzyker/dismap
- https://www.webshell.cc/4697.html
- http://www.yunsee.cn/ online
- Waf Checks:
- Port:
- Subdomain:
- Web:
- Directory:
- Password:
- Hash Cracking:
- Json web token (JWT):
- https://jwt.io/
- https://github.com/Sjord/jwtcrack
- https://github.com/ticarpi/jwt_tool
- https://github.com/mazen160/jwt-pwn
- https://github.com/brendan-rius/c-jwt-cracker
- https://github.com/wallarm/jwt-secrets/blob/master/jwt.secrets.list
- Wordlists for All:
- https://github.com/danielmiessler/SecLists 46.4k star
- https://github.com/SexyBeast233/SecDictionary + ffuf
- https://github.com/insightglacier/Dictionary-Of-Pentesting
- https://github.com/TheKingOfDuck/fuzzDicts
- https://github.com/gh0stkey/Web-Fuzzing-Box
- https://github.com/a3vilc0de/PentesterSpecialDict
- https://github.com/Bo0oM/fuzz.txt
- https://github.com/assetnote/wordlists
- https://github.com/rapid7/metasploit-framework/tree/master/data/wordlists
- Web Fuzz Wordlists:
- Others (not frequently used):
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext
- https://github.com/random-robbie/bruteforce-lists
- https://github.com/google/fuzzing/tree/master/dictionaries
- https://github.com/six2dez/OneListForAll
- Online:
- Generate wordlists: https://weakpass.com/generate
- Generate subdomains and wordlists: https://weakpass.com/generate/domains
- 汉字转拼音: https://www.aies.cn/pinyin.htm
- 密码猜解: https://www.hacked.com.cn/pass.html
- Private Deployment:
- Generate wordlists(offline): https://github.com/zzzteph/weakpass
- Generate subdomains and wordlists(offline): https://github.com/zzzteph/probable_subdomains
- Offline:
- pydictor: https://github.com/LandGrey/pydictor/
- crunch:
- Default Credentials Cheat Sheet: https://github.com/ihebski/DefaultCreds-cheat-sheet 3468 default creds
- datarecovery: https://datarecovery.com/rd/default-passwords/ online
- cirt.net: https://cirt.net/passwords online
- Online Router Passwords:
- Temporary Email:
- Snov.io: https://app.snov.io
- Phonebook: also works on subdomains and urls https://phonebook.cz
- Skymem: https://www.skymem.info
- Hunter: https://hunter.io
- email-format: https://www.email-format.com/i/search/
- 搜邮箱: https://souyouxiang.com/find-contact/
- theHarvester: also works on subdomains https://github.com/laramies/theHarvester
- Verify emails: https://tools.emailhippo.com/
- Accounts registered by email: https://emailrep.io/
- SMS Online:
- gophish: https://github.com/gophish/gophish open-source phishing toolkit
- SpoofWeb: https://github.com/5icorgi/SpoofWeb deploy phishing website
- Basic:
- Comprehensive:
- Vulhub: https://vulhub.org/
- ichunqiu: https://yunjing.ichunqiu.com/
- HackTheBox: https://www.hackthebox.com/
- OWASP Top10: https://owasp.org/www-project-juice-shop/
- Vulstudy: https://github.com/c0ny1/vulstudy 17 platform based on docker
- Vulfocus: https://github.com/fofapro/vulfocus
- IoT:
- Others:
- FastJsonParty: https://github.com/lemono0/FastJsonParty
Be careful Malware,POC 库最新的 CVE 可能存在投毒风险。
- PoC:
- https://github.com/wy876/POC
- https://github.com/lal0ne/vulnerability
- https://github.com/DawnFlame/POChouse
- https://github.com/coffeehb/Some-PoC-oR-ExP
- https://github.com/luck-ying/Library-POC
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/helloexp/0day
- PoC templates:
- https://github.com/chaitin/xpoc
- https://github.com/chaitin/xray
- https://github.com/zhzyker/vulmap
- https://github.com/zan8in/afrog
- https://github.com/projectdiscovery/nuclei
- Java:
- https://github.com/frohoff/ysoserial
- https://github.com/mbechler/marshalsec
- https://github.com/qi4L/JYso
- https://github.com/welk1n/JNDI-Injection-Exploit
- https://github.com/WhiteHSBG/JNDIExploit
- https://github.com/rebeyond/JNDInjector
- https://github.com/A-D-Team/attackRmi
- php:
- Mysql jdbc:
- Redis GUI Client:
- Redis RCE:
- MDUT: https://github.com/SafeGroceryStore/MDUT multiple database utilization tools
- Oracle:
- odat: https://github.com/quentinhardy/odat RCE
- sqlplus: https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html xxx as sysdba
- MSSQL:
- GitHack(py3): https://github.com/lijiejie/GitHack .git folder disclosure exploit
- GitHack(py2 or upgrade the code): https://github.com/BugScanTeam/GitHack .git folder disclosure exploit(recommand)
- dvcs-ripper: https://github.com/kost/dvcs-ripper .svn、.hg、.cvs disclosure
- ds_store_exp: https://github.com/lijiejie/ds_store_exp .DS_Store disclosure
- Hawkeye: https://github.com/0xbug/Hawkeye gitHub sensitive information leakage monitor Spider
- TongdaScan_go https://github.com/Fu5r0dah/TongdaScan_go
- Apt_t00ls: https://github.com/White-hua/Apt_t00ls
- OA-EXPTOOL: https://github.com/LittleBear4/OA-EXPTOOL
- DecryptTools: https://github.com/wafinfo/DecryptTools 22 种加解密
- ncDecode: https://github.com/1amfine2333/ncDecode 用友 NC 解密
- PassDecode-jar: https://github.com/Rvn0xsy/PassDecode-jar 帆软/致远解密
- ezOFFICE_Decrypt: https://github.com/wafinfo/ezOFFICE_Decrypt 万户解密
- LandrayDES: https://github.com/zhutougg/LandrayDES 蓝凌 OA 解密
- Confluence:
- ConfluenceMemshell: https://github.com/Lotus6/ConfluenceMemshell
- CVE-2022-26134 Memshell: https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
- CVE-2023-22527 Memshell: https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL
- Druid:
- DruidCrack: https://github.com/rabbitmask/DruidCrack
- druid_sessions: https://github.com/yuyan-sec/druid_sessions
- Fastjson:
- fastjson-exp: https://github.com/amaz1ngday/fastjson-exp
- GitLab:
- CVE-2021-22205: https://github.com/Al1ex/CVE-2021-22205/
- Nacos:
- Nps:
- nps-auth-bypass: https://github.com/carr0t2/nps-auth-bypass
- Java:
- jdwp-shellifier: python2 https://github.com/IOActive/jdwp-shellifier
- jdwp-shellifier: https://github.com/Lz1y/jdwp-shellifier
- Shiro:
- Shiro rememberMe Decrypt: https://vulsee.com/tools/shiroDe/shiroDecrypt.html
- shiro_attack: https://github.com/j1anFen/shiro_attack
- shiro_rce_tool: https://github.com/wyzxxz/shiro_rce_tool
- ShiroExploit: https://github.com/feihong-cs/ShiroExploit-Deprecated
- ShiroExp: https://github.com/safe6Sec/ShiroExp
- shiro_key: https://github.com/yanm1e/shiro_key 1k+
- Struts:
- Struts2VulsTools: https://github.com/shack2/Struts2VulsTools
- Spring:
- SpringBoot-Scan: https://github.com/AabyssZG/SpringBoot-Scan
- SpringBootVulExploit: https://github.com/LandGrey/SpringBootVulExploit
- CVE-2022-22963 https://github.com/mamba-2021/EXP-POC/tree/main/Spring-cloud-function-SpEL-RCE
- CVE-2022-22947/CVE-2022-22963: https://github.com/savior-only/Spring_All_Reachable
- swagger-exp: https://github.com/lijiejie/swagger-exp
- jasypt decrypt: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption
- Heapdump:
- heapdump_tool: https://github.com/wyzxxz/heapdump_tool
- Memory Analyzer: https://eclipse.dev/mat/previousReleases.php
- JDumpSpider:https://github.com/whwlsfb/JDumpSpider
- Tomcat:
- Thinkphp:
- ThinkphpGUI: https://github.com/Lotus6/ThinkphpGUI
- thinkphp_gui_tools: https://github.com/bewhale/thinkphp_gui_tools
- Weblogic:
- WeblogicTool: https://github.com/KimJun1010/WeblogicTool
- WeblogicScan: https://github.com/dr0op/WeblogicScan
- WeblogicScan: https://github.com/rabbitmask/WeblogicScan
- weblogicScanner: https://github.com/0xn0ne/weblogicScanner
- weblogic-framework: https://github.com/sv3nbeast/weblogic-framework
- CVE-2020-14882: https://github.com/zhzyker/exphub/blob/master/weblogic/cve-2020-14882_rce.py
- WebSocket:
- vCenter:
- Zookeeper:
- ZooInspector: https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
- apache-zookeeper: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.6/ zkCli.sh
- Yakit: https://github.com/yaklang/yakit
- Burpsuite: https://portswigger.net/burp
- Burpsuite Extensions:
- https://github.com/gh0stkey/HaE highlighter and extractor
- https://github.com/whwlsfb/Log4j2Scan for Log4j
- https://github.com/F6JO/RouteVulScan route vulnerable scanning
- https://github.com/whwlsfb/BurpCrypto support AES/RSA/DES/ExecJs
- https://github.com/bit4woo/domain_hunter_pro domain hunter
- XSS:
- XSS Chop: https://xsschop.chaitin.cn/demo/
- XSS/CSRF: https://evilcos.me/lab/xssor/
- HTML5 Security Cheatsheet: https://html5sec.org/
- Local File Inclusion:
- SSRF:
- Online:
- Alphalog: dns/http/rmi/ldap https://github.com/AlphabugX/Alphalog
- DNS rebinding: https://lock.cmpxchg8b.com/rebinder.html
- DNSLog-GO: https://github.com/lanyi1998/DNSlog-GO
- Bypass HTTP 40X errors:
- PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
- java.lang.Runtime.exec() Payload: https://payloads.net/Runtime.exec/
- PHP Generic Gadget Chains: https://github.com/ambionics/phpggc PHP unserialize() payloads
- PHPFuck: https://github.com/splitline/PHPFuck
- JSFuck: http://www.jsfuck.com/
- JavaScript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/
- Gopherus:
- CVE-2021-44228-PoC-log4j-bypass-words: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- Credential Dumping:
- LaZagne: https://github.com/AlessandroZ/LaZagne
- WirelessKeyView: https://www.nirsoft.net/utils/wireless_key.html
- Windows credential manager: https://www.nirsoft.net/utils/credentials_file_view.html
- Pillager: https://github.com/qwqdanchun/Pillager/
- searchall: https://github.com/Naturehi666/searchall
- pypykatz: https://github.com/skelsec/pypykatz mimikatz implementation in pure python
- Local Enumeration:
- HackBrowserData: https://github.com/moonD4rk/HackBrowserData
- BrowserGhost: https://github.com/QAX-A-Team/BrowserGhost
- chrome: http://www.nirsoft.net/utils/chromepass.html
- firefox: https://github.com/unode/firefox_decrypt
- foxmail: https://securityxploded.com/foxmail-password-decryptor.php
- mobaxterm: https://github.com/HyperSine/how-does-MobaXterm-encrypt-password
- navicat: https://github.com/Zhuoyuan1/navicat_password_decrypt
- navicat: https://github.com/HyperSine/how-does-navicat-encrypt-password
- sunflower: https://github.com/wafinfo/Sunflower_get_Password
- FindToDeskPass: https://github.com/yangliukk/FindToDeskPass
- sundeskQ: sunflower & todesk https://github.com/milu001/sundeskQ
- securreCRT: https://github.com/depau/shcrt
- xshell:
- NTLM Cracking:
- NetNTLMv1: https://ntlmv1.com/ online
- LM + NTLM hashes and corresponding plaintext passwords:
- NICE TOOLS:
- https://github.com/rapid7/metasploit-framework
- https://github.com/byt3bl33d3r/CrackMapExec
- https://github.com/Pennyw0rth/NetExec
- https://github.com/fortra/impacket AV Evasion based on wmiexec.py
- https://github.com/XiaoliChan/wmiexec-Pro
- https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
- https://github.com/GhostPack/Rubeus
- https://github.com/Kevin-Robertson/Powermad
- https://github.com/PowerShellMafia/PowerSploit
- https://github.com/k8gege/Ladon
- https://github.com/samratashok/nishang for powershell
- netspy: https://github.com/shmilylty/netspy intranet segment spy
- LOLBAS: https://github.com/LOLBAS-Project/LOLBAS binaries and scripts for Windows
- GTFOBins: https://gtfobins.github.io/ binaries for Unix
- Responder:
- Linux Local Enumeration:
- https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
- https://github.com/mostaphabahadou/postenum
- https://github.com/rebootuser/LinEnum
- https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh
- https://github.com/DominicBreuker/pspy
- Windows Local Enumeration:
- https://github.com/S3cur3Th1sSh1t/WinPwn
- https://github.com/carlospolop/PEASS-ng/blob/master/winPEAS/winPEASbat/winPEAS.bat
- https://github.com/S3cur3Th1sSh1t/PowerSharpPack
- https://github.com/Flangvik/SharpCollection
- https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
- https://github.com/dafthack/DomainPasswordSpray
- https://github.com/dafthack/MailSniper
- Windows Exploits:
- https://github.com/AonCyberLabs/Windows-Exploit-Suggester
- https://github.com/SecWiki/windows-kernel-exploits
- https://github.com/Al1ex/WindowsElevation
- https://i.hacking8.com/tiquan/ online
- https://github.com/BeichenDream/BadPotato/
- https://github.com/giuliano108/SeBackupPrivilege
- https://github.com/gtworek/PSBits/blob/master/Misc/EnableSeBackupPrivilege.ps1
- Linux Exploits:
- Database Exploits:
- Webshell Collection:
- Webshell Management:
- Webshell Bypass:
- Reverse Shell Management:
- Linux:
- libprocesshider: https://github.com/gianlucaborello/libprocesshider hide a process under Linux using the ld preloader
- Linux Kernel Hacking: https://github.com/xcellerator/linux_kernel_hacking
- tasklist /svc && ps -aux: https://tasklist.ffffffff0x.com/
- Windows:
- bypassAV: https://github.com/pureqh/bypassAV
- GolangBypassAV: https://github.com/safe6Sec/GolangBypassAV
- BypassAntiVirus: https://github.com/TideSec/BypassAntiVirus
- AV_Evasion_Tool: https://github.com/1y0n/AV_Evasion_Tool
- shellcodeloader: https://github.com/knownsec/shellcodeloader
- tasklist/systeminfo: https://www.shentoushi.top/av/av.php
- frp: https://github.com/fatedier/frp
- frpModify: https://github.com/uknowsec/frpModify
- Stowaway: https://github.com/ph4ntonn/Stowaway
- Neo-reGeorg: https://github.com/L-codes/Neo-reGeorg
- nps: https://github.com/ehang-io/nps
- reGeorg: https://github.com/sensepost/reGeorg
- rakshasa: https://github.com/Mob2003/rakshasa
- Viper: https://github.com/FunnyWolf/Viper
- Proxifier: https://www.proxifier.com/
- Proxychains: https://github.com/haad/proxychains
- iodine: https://github.com/yarrick/iodine dns tunnel
- dnscat2: https://github.com/iagox86/dnscat2 dns tunnel
- DNS-Shell: https://github.com/sensepost/DNS-Shell dns tunnel
- icmpsh: l https://github.com/bdamele/icmpsh icmp tunne
- tcptunnel: https://github.com/vakuum/tcptunnel intranet → dmz → attacker
- Cobaltstrike Extensions:
- Awesome CobaltStrike: https://github.com/zer0yu/Awesome-CobaltStrike
- Erebus: https://github.com/DeEpinGh0st/Erebus
- LSTAR: https://github.com/lintstar/LSTAR
- ElevateKit: https://github.com/rsmudge/ElevateKit
- C2ReverseProxy: https://github.com/Daybr4ak/C2ReverseProxy
- pystinger: https://github.com/FunnyWolf/pystinger
- OPSEC Tools:
- https://privacy.sexy/ enforce privacy & security best-practices on Windows, macOS and Linux.
- https://transfer.sh/ anonymous file transfer
- AD attack&defense mindmaps: https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg
- Game of active directory: https://github.com/Orange-Cyberdefense/GOAD
- Windows/AD cheatsheet: https://wadcoms.github.io/
- BloodHound:
- https://github.com/lzzbb/Adinfo
- https://github.com/wh0amitz/SharpADWS via Active Directory Web Services (ADWS) protocol
- https://github.com/FalconForceTeam/SOAPHound via Active Directory Web Services (ADWS) protocol
- https://github.com/shmilylty/SharpHostInfo
- noPac: CVE-2021-42278 / CVE-2021-42287
- Zerologon CVE-2020-1472:
- https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py
- https://github.com/XiaoliChan/zerologon-Shot
- https://github.com/dirkjanm/CVE-2020-1472
- https://github.com/Potato-py/Potato/tree/03c3551e4770db440b27b0a48fc02b0a38a1cf04/exp/cve/CVE-2020-1472
- https://github.com/risksense/zerologon
- https://github.com/StarfireLab/AutoZerologon
- Exchange ProxyLogon & ProxyShell:
- Printnightmare CVE-2021-34527 / CVE-2021-1675:
- kerbrute: https://github.com/ropnop/kerbrute
- DCSync: https://github.com/n00py/DCSync
- Coerce & NTLM relay:
- PetitPotam: https://github.com/topotam/PetitPotam
- PrinterBug: https://github.com/leechristensen/SpoolSample
- DFSCoerce: https://github.com/Wh04m1001/DFSCoerce
- ShadowCoerce: https://github.com/ShutdownRepo/ShadowCoerce
- PrivExchange: https://github.com/dirkjanm/privexchange/
- Coercer: https://github.com/p0dalirius/Coercer
- cannon: https://github.com/Amulab/cannon
- Active Directory Certificate Services(AD CS) enumeration and abuse:
- PassTheCert: https://github.com/AlmondOffSec/PassTheCert
- https://github.com/LandGrey/copagent for java
- https://github.com/alibaba/arthas for java
- https://github.com/c0ny1/java-memshell-scanner for java
- https://github.com/yzddmr6/ASP.NET-Memshell-Scanner for aspx
- CobaltStrike Decrypt: https://github.com/5ime/CS_Decrypt
- BlueTeamTools: https://github.com/abc123info/BlueTeamTools
- IP Logger: https://iplogger.org/ log and track IP Addresses
- https://github.com/AV1080p/Benchmarks
- https://github.com/xiaoyunjie/Shell_Script
- https://github.com/grayddq/GScan
- https://github.com/ppabc/security_check
- https://github.com/T0xst/linux
- Search Engine:
- Decryption Tools:
- 腾讯: https://habo.qq.com/tool
- 金山毒霸: http://www.duba.net/dbt/wannacry.html
- 瑞星: http://it.rising.com.cn/fanglesuo/index.html
- 卡巴斯基: https://noransom.kaspersky.com/
- https://www.nomoreransom.org/zh/index.html
- https://id-ransomware.malwarehunterteam.com
- https://www.avast.com/ransomware-decryption-tools
- https://www.emsisoft.com/en/ransomware-decryption/
- https://github.com/jiansiting/Decryption-Tools
- awesome-honeypots: https://github.com/paralax/awesome-honeypots list of honeypot resources
- HFish: https://github.com/hacklcx/HFish
- conpot: https://github.com/mushorg/conpot for ICS
- MysqlHoneypot: https://github.com/qigpig/MysqlHoneypot via MySQL honeypot to get wechat ID
- Ehoney: https://github.com/seccome/Ehoney
- TeamsSix:
- lzCloudSecurity:
- HackTricks Cloud: https://cloud.hacktricks.xyz/
- Awesome-CloudSec-Labs: https://github.com/iknowjason/Awesome-CloudSec-Labs
- Aliyun OpenAPI: https://next.api.aliyun.com/api/
- Cloud Native Landscape: https://landscape.cncf.io/
- Cloud Vulnerabilities and Security Issues Database: https://www.cloudvulndb.org/
- https://attack.mitre.org/matrices/enterprise/cloud/
- https://cloudsec.huoxian.cn/
- https://cloudsec.tencent.com/home/
- https://www.microsoft.com/en-us/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/ threat matrix for Kubernetes
- Metarget: https://github.com/Metarget/metarget
- TerraformGoat: https://github.com/HXSecurity/TerraformGoat
- Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat
- Attack Defense: https://attackdefense.pentesteracademy.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-s3
- AWSGoat: https://github.com/ine-labs/AWSGoat
- CloudGoat: https://github.com/RhinoSecurityLabs/cloudgoat
- Management Tools :
- https://yun.cloudbility.com/ 云存储图形化管理平台
- https://github.com/aliyun/aliyun-cli for aliyun oss
- https://github.com/aliyun/oss-browser via aliyun cli
- https://github.com/TencentCloud/cosbrowser for tencentcloud cos
- https://github.com/TencentCloud/tencentcloud-cli via tencentcloud cli
- https://support.huaweicloud.com/browsertg-obs/obs_03_1003.html for huaweicloud obs
- https://www.ctyun.cn/document/10000101/10006768 for ctyun obs
- https://www.ctyun.cn/document/10306929/10132519 for ctyun media
- https://docsv4.qingcloud.com/user_guide/development_docs/cli/install/install/ via qingcloud cli
- https://github.com/qiniu/kodo-browser for qiniu oss
Top3 Cloud Serive Proider:
- Amazon Web Services (AWS) / Microsoft Azure /Google Cloud Platform (GCP)
- Alibaba Cloud / Tencent Cloud / Huawei Cloud
- AK/SK Exploit():
- https://github.com/trufflesecurity/trufflehog find, verify, and analyze leaked credentials
- https://wiki.teamssix.com/cf/ exploit framework v0.5.0(open source)
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite fit2cloud CloudExplorer
- https://github.com/mrknow001/aliyun-accesskey-Tools
- https://github.com/iiiusky/alicloud-tools
- https://github.com/NS-Sp4ce/AliyunAccessKeyTools
- https://github.com/freeFV/Tencent_Yun_tools
- https://github.com/libaibaia/cloudSec web tool for top3 + aws/qiniu
- https://github.com/wyzxxz/aksk_tool for top3 + aws/ucloud/jd/baidu/qiniu
- https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools leak detection
- https://github.com/dark-kingA/cloudTools top3 + ucloud
- NICE TOOLS:
- https://github.com/HummerRisk/HummerRisk open source cloud-native security platform
- Docker:
- https://github.com/wagoodman/dive exploring each layer in a docker image
- https://github.com/docker/docker-bench-security docker bench for security
- https://github.com/eliasgranderubio/dagda/ static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats
- https://github.com/teamssix/container-escape-check container escape check
- https://github.com/brant-ruan/awesome-container-escape container escape check
- https://github.com/cdk-team/CDK pentest toolkit
- https://github.com/chaitin/veinmind-tools pentest toolkit
- Kubernetes:
- https://kubernetes.io/docs/tasks/tools/
- https://github.com/etcd-io/etcd
- https://github.com/derailed/k9s kubernetes cli
- https://github.com/lightspin-tech/red-kube redteam k8s adversary emulation based on kubectl
- https://github.com/DataDog/KubeHound tool for building kubernetes attack paths
- https://github.com/inguardians/peirates kubernetes pentest tool
- Nsfocus: https://aiss.nsfocus.com/
[wxappUnpacker: https://github.com/xuedingmiaojun/wxappUnpacker]- https://github.com/Cherrison/CrackMinApp
- https://github.com/mrknow001/API-Explorer ak/sk for X
- https://github.com/eeeeeeeeee-code/e0e1-wx
- https://github.com/kelvinBen/AppInfoScanner
- https://github.com/iBotPeaches/Apktool
- https://github.com/mrknow001/wx_sessionkey_decrypt
- https://github.com/mrknow001/BurpAppletPentester
- NICE TOOLS:
- https://github.com/BlackINT3/OpenArk anti-rootkit
- https://pythonarsenal.com/ reverse toolkit
- ELF/EXE:
- IDA: https://hex-rays.com/ida-pro/
- x64DBG: https://x64dbg.com/
- Ollydbg: https://www.ollydbg.de/
- ExeinfoPE: https://github.com/ExeinfoASL/ASL
- PEiD: https://www.aldeid.com/wiki/PEiD
- UPX: https://github.com/upx/upx
- Java:
- Python:
- Rust:
- Go:
- .NET:
- https://github.com/ohmyzsh/ohmyzsh command line enhancement for zsh
- https://github.com/chrisant996/clink command line enhancement for cmd.exe
- https://github.com/Eugeny/tabby for Windows
- https://github.com/warpdotdev/Warp for Mac
- https://github.com/tomnomnom/anew tool for adding new lines to files, skipping duplicates
- https://github.com/jlevy/the-art-of-command-line
- Linux command line:
- https://explainshell.com/ explain shell command
- https://github.com/BurntSushi/ripgrep a line-oriented search tool(faster)
- ZeroOmega: https://github.com/zero-peak/ZeroOmega proxy switchyOmega for manifest v3
- serp-analyzer: https://leadscloud.github.io/serp-analyzer/ show domain/IP
- FindSomething: https://github.com/ResidualLaugh/FindSomething find something in source code or javascript
- Hack Bar:https://github.com/0140454/hackbar
- Wappalyzer: https://www.wappalyzer.com/ identify technologies on websites
- EditThisCookie:https://www.editthiscookie.com/
- Cookie-Editor:https://github.com/Moustachauve/cookie-editor
- Disable JavaScript: https://github.com/dpacassi/disable-javascript
- Heimdallr: https://github.com/Ghr07h/Heimdallr for honeypot
- anti-honeypot:https://github.com/cnrstar/anti-honeypot for honeypot
- immersive-translate: https://github.com/immersive-translate/immersive-translate/ translator
- relingo: https://cn.relingo.net/en/ translator
- json-formatter: https://github.com/callumlocke/json-formatter
- markdown-viewer: https://github.com/simov/markdown-viewer
- f8x: https://github.com/ffffffff0x/f8x red/blue team environment automation deployment tool
- cloudreve: https://github.com/cloudreve/Cloudreve self-hosted file management system with muilt-cloud support
- updog: https://github.com/sc0tfree/updog uploading and downloading via HTTP/S
- mattermost: https://github.com/mattermost/mattermost
- rocketchat: https://github.com/RocketChat/Rocket.Chat
- codimd: https://github.com/hackmdio/codimd
- hedgedoc: https://github.com/hedgedoc/hedgedoc
- https://github.com/Hannibal046/Awesome-LLM
- https://github.com/HqWu-HITCS/Awesome-Chinese-LLM
- https://github.com/f/awesome-chatgpt-prompts
- https://github.com/PlexPt/awesome-chatgpt-prompts-zh
- huggingface: https://huggingface.co/ 大型语言模型下载(AI 界 Github )
- ollama: https://github.com/ollama/ollama 启动并运行大型语言模型
- open-webui: https://github.com/open-webui/open-webui 离线 WebUI
- enchanted: https://github.com/AugustDev/enchanted 将私有模型部署为应用程序
如果你想通过 ollama 在本地快速部署 LLM,可以参考这套技术栈:
- 运行大型语言模型:ollama
- 运行大型语言模型并部署 WebUI:ollama + open-webui
- 运行大型语言模型并部署应用程序:ollama + enchanted
- 运行大型语言模型并与本地编辑器集成(例如 Obsidian):ollama + copilot(Obsidian 插件)
- 运行大型语言模型并与本地代码编辑器集成(例如 Vscode): ollama + continue(Vscode 插件)
- ...
to be continued...
创建 alias.bat,激活 conda 虚拟环境,在隔离环境下运行程序或工具。双击 alias.bat,重启 cmd,配置生效。
@echo off
:: Software
@DOSKEY ida64=activate base$t"D:\CTFTools\Cracking\IDA_7.7\ida64.exe"
:: Tools
@DOSKEY fscan=cd /d D:\Software\HackTools\fscan$tactivate security$tdir
将 alias.bat 配置为开机自启动:
- 注册表进入
计算机\HKEY_CURRENT_USER\Software\Microsoft\Command Processor
; - 创建字符串值
autorun
,赋值为 alias.bat 所在位置,例如D: \Software\alias.bat
; - 重启系统,配置生效。
创建 run.bat,激活 conda 环境并运行 python 程序:
call D:\YOUR_PATH\Anaconda\Scripts\activate.bat D:\YOUR_PATH\Anaconda\
call conda activate YOUR_ENV
cd D:\YOUR_WORKDIR
python YOUR_PYTHON_FILE.py
pause
Windows 通过 tabby + clink 优化原生终端,实现命令自动补全、vps ssh/ftp/sftp、输出日志记录等功能:
- tabby: https://github.com/Eugeny/tabby
- clink: https://github.com/chrisant996/clink
MacOS 通过 warp + ohmyzsh 优化原生终端,warp 自带命令自动补全,引入“块”概念,提供了更现代化的编程体验(Modern UX and Text Editing):
- warp: https://github.com/warpdotdev/Warp
- ohmyzsh: https://github.com/ohmyzsh/ohmyzsh
注册表进入 计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor
,创建字符串值 autorun
,赋值为 chcp 65001
。