内网渗透测试常用工具
-
主机扫描
-
主机存活扫描
-
nbtscan.exe:nbtscan 192.168.1.1/20
-
arp-scan.exe:arp-scan.exe -t 192.168.1.1/24
-
ping:for /L %I in (1,1, 254) do @ping -w 1 -n 1 192.168.1.%I | findstr "TTL="
-
Invoke-ARPScan.ps1: powershell.exe -exec bypass -Command "& {Import-Module c:\Invoke-ARPScan.ps1;Invoke-ARPScan -CIDR 192.168.1.1/24}" >> c:\log.txt
-
cping:cping scan smbvul 10.33.93.1 10.33.93.1
-
qs.exe:qs alive 192.168.1.1/24
-
dnsbrute:
-
F-NAScan.py
-
Hscan
-
-
端口扫描
-
s.exe: s.exe tcp 192.168.1.1 192.168.1.254 445,1433,3389,7001 256 /Banner /save
-
scanline: scanline -h -t 20,80-89,110,389,445,3389,1099,7001,3306,1433,8080,1521 -u 53,161 -O c:\log.txt -p 192.168.1.1-254 /b
-
Invoke-Portscan.ps1:Invoke-PortScan -StartAddress 192.168.1.1 -EndAddress 192.168.1.254 -ScanPort [探测存活 -ResolveHost]
-
K8PortScan.exe
-
F-NAScan.py
-
nmap
-
-
-
敏感信息收集
-
密码抓取
-
GetPass
-
fgdump
-
GetHash
-
WCE
-
PwDump7
-
QuarksPwDump
-
mimikatz
-
Procdump
-
Get-PassHashes.ps1
-
lazagne
-
lc5
-
mimipenguin
-
InternalMonologue
-
gsecdump
-
Invoke-Mimikatz
-
Procdump
-
PowerSploit.psd1
-
Responder.py
-
NTDSDumpEx.exe
-
Net-GPPPassword.exe
-
Get-GPPPassword.ps1
-
-
浏览器
-
BrowserGhost
-
WebBrowserPassView
-
passrec全家桶
-
SharpWeb
-
-
其它应用
-
邮件客户端
- mailpv.exe
-
Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品
- SharpDecryptPwd.exe
-
teamviewer
- tv_getpass.exe
-
RDP
- rdpv.exe
-
-
主机信息收集
- Seatbelt
-
-
隧道代理
-
网络层隧道
-
IPv6隧道
-
socat
-
6tunnel
-
nt6tunnel
-
-
ICMP隧道
-
icmpsh
-
PingTunnel
-
-
-
传输层隧道
-
lcx
-
netcat
-
powercat
-
-
应用层隧道
-
SSH
-
HTTP/HTTPS
-
reDuh
-
reGeorg
-
tunna
-
meterpreter
-
-
DNS
-
dnscat2
-
iodine
-
-
-
Socks代理
-
EarthWorm
-
reDuh
-
reGeorg
-
Neo-reGeorg
-
sSocks
-
frp
-
ABPTTS
-
Fport.exe
-
NativePayload_ReverseShell.exe
-
nps
-
PortMap
-
reprocks
-
Tunna
-
Venom
-
-
-
提权工具
-
Windows Exploit Suggester
-
Sherlock
-
Linux_Exploit_Suggester
-
PowerUp.ps1
-
Invoke-PsUACme
-
rottenpotato.exe
-
ADAPE-Script
-
Invoke-ACLPwn.ps1
-
-
横向移动
-
漏洞利用
-
ms17_010_eternalblue
-
Ladon+MS17010EXP.ps1
-
MS14-068.EXE
-
ms14_068_kerberos_checksum
-
pyKEK
-
goldenPac.py
-
-
SPN探测
-
setspn
-
Discover-PSInterestingServices.ps1
-
GetUserSPNs.exe
-
-
WMI
-
wmiexec.py
-
wmiexec.vbs
-
Invoke-WmiCommand
-
Invoke-WMIMethod
-
Get-WMIObject
-
Get-CimInstance
-
wmiexec.exe
-
wmipersist.exe
-
wmiquery.exe
-
-
枚举用户名
-
enum.exe
-
hunter.exe
-
lg.exe
-
AdFind.exe
-
dsquery.exe
-
GetADUsers.exe
-
-
SMB
-
psexec
-
crackmapexec
-
wmiexec.exe
-
-
定位域管理员
-
PVEFindADUser.exe
-
qs.exe
-
-
-
后门
-
shift后门
-
注册表后门
-
计划任务后门
-
QuasarRAT
-
cobaltstrike
-
DLL_Hijacker
-
-
免杀工具
-
shellter.exe
-
Restorator
-
-
弱口令爆破
-
御剑RDP爆破工具
-
nbtenum
-
hscan
-
htpwdScan.py
-
超级弱口令检查工具
-
路由器密码扫描
-