/awesome-cyber-security

[Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.

所有收集类项目:

  • 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式
  • 逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/...
  • 网络相关的安全资源: 代理/GFW/反向代理/隧道/VPN/Tor/I2P,以及中间人/PortKnocking/嗅探/网络分析/网络诊断等
  • 攻击性网络安全资源: 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...

PenetrationTesting

English Version

Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。

点击这里查看完整版:中文-完整版

目录

新添加的


工具

新添加的

  • [825星][2m] [Py] corelan/mona 用于Immunity Debugger的mona.py
  • [813星][26d] [JS] sindresorhus/is-online 检查互联网连接是否正常
  • [810星][2m] [Shell] andreyvit/create-dmg 用于构建精美DMG的Shell脚本
  • [793星][2m] [Go] dreddsa5dies/gohacktools Golang编写的多款Hacking工具
  • [786星][1y] [PS] kevin-robertson/invoke-thehash 执行 pass the hash WMI 和 SMB 任务的PowerShell函数
  • [783星][26d] [Go] bishopfox/sliver 一个通用的跨平台植入程序框架,该框架C3支持Mutual-TLS,HTTP(S)和DNS
  • [770星][13d] [C++] shekyan/slowhttptest 应用层DoS攻击模拟器
  • [770星][18d] [C++] snort3/snort3 下一代Snort IPS(入侵防御系统)。
  • [761星][1y] [Py] greatsct/greatsct 生成绕过常见防病毒解决方案和应用程序白名单解决方案的metasploit payload
  • [760星][11d] [HTML] m4cs/babysploit 渗透测试工具包,旨在使您轻松学习如何使用更大,更复杂的框架(例如Metasploit)
  • [743星][1y] [C#] eladshamir/internal-monologue 在不接触LSASS的情况下提取NTLM hash
  • [742星][6m] [Go] talkingdata/owl 企业级分布式监控告警系
  • [731星][2d] [Go] gruntwork-io/cloud-nuke 通过检查(删除)其中的所有资源来清理云帐户
  • [731星][1m] [C] iaik/zombieload ZombieLoad攻击PoC
  • [729星][2m] [Py] shawndevans/smbmap SMB枚举
  • [728星][6m] [Go] anshumanbh/git-all-secrets 结合多个开源 git 搜索工具实现的代码审计工具
  • [723星][6d] [Py] skelsec/pypykatz 纯Python实现的Mimikatz
  • [720星][1y] [C#] p3nt4/powershdll 使用rundll32执行PowerShell,绕过软件限制
  • [716星][6m] [Py] adamlaurie/rfidiot python RFID / NFC library & tools
  • [715星][21d] [Py] f-secure/see 在安全环境中构建测试自动化的框架
  • [703星][2m] [Py] mjg59/python-broadlink Python模块,用于控制Broadlink RM2 / 3(Pro)遥控器、A1传感器平台和SP2 / 3智能插头
  • [695星][3m] netflix/security-bulletins Security Bulletins that relate to Netflix Open Source
  • [693星][7m] [Py] mr-un1k0d3r/powerlessshell 依靠MSBuild.exe远程执行PowerShell脚本和命令
  • [686星][3m] [Go] pquerna/otp 一次性密码工具,Golang编写
  • [683星][1y] [PS] arvanaghi/sessiongopher 使用WMI为远程访问工具(如WinSCP,PuTTY,SuperPuTTY,FileZilla和Microsoft远程桌面)提取保存的会话信息。PowerShell编写
  • [682星][1m] ptresearch/attackdetection 搜索新的漏洞和0day,进行服现并创建PoC exp,以了解这些安全漏洞的工作方式,以及如何在网络层上检测到相关的攻击
  • [679星][1y] [Py] endgameinc/rta 根据MITER ATT&CK进行建模,针对恶意tradecraft测试其检测功能。脚本框架
  • [679星][5d] [C#] ghostpack/rubeus 原始Kerberos交互和滥用,C#编写
  • [665星][6m] [Py] golismero/golismero 安全测试框架,当前主要是Web安全,可轻松扩展到其他扫描
  • [665星][12m] [C#] wwillv/godofhacker 由各种顶级黑客技术结合而成,基本功能覆盖面广,可满足大多数人的基本需求
  • [656星][6m] [PHP] l3m0n/bypass_disable_functions_shell 一个各种方式突破Disable_functions达到命令执行的shell
  • [647星][3m] [Py] gquere/pwn_jenkins 有关攻击Jenkins服务器的笔记
  • [639星][10m] [Py] dirkjanm/privexchange 通过滥用Exchange交换您对Domain Admin privs的特权
  • [635星][1y] [JS] alcuadrado/hieroglyphy 将所有JavaScript代码转换为等价的()[] {}!+字符序列!,可在浏览器中运行
  • [630星][5m] ankane/secure_rails Rails安全最佳实战
  • [621星][1m] [Go] evilsocket/arc 可用于管理私密数据的工具. 后端是 Go 语言编写的 RESTful 服务器, 前台是Html + JavaScript
  • [605星][30d] [Py] webrecorder/pywb 重放和记录Web存档
  • [601星][4d] [YARA] didierstevens/didierstevenssuite 工具、脚本列表
  • [601星][17d] [C] mrexodia/titanhide 用于隐藏某些进程调试器的驱动程序
  • [599星][2m] [PS] ramblingcookiemonster/powershell 各种PowerShell函数和脚本
  • [588星][11m] [C] justinsteven/dostackbufferoverflowgood 跨站点脚本编写者的演示和教程,这些站点编写者不能很好地堆积缓冲区溢出,并且也想做其他事情
  • [583星][10m] [Py] romanz/amodem 使用简单的耳机在两台计算机之间传输文件,实现真正的气密通信(通过扬声器和麦克风)或音频电缆(以提高传输速度)
  • [582星][1y] [C#] tyranid/dotnettojscript 创建从内存中加载.NET v2程序集的JScript文件
  • [580星][5m] [Py] nidem/kerberoast 一系列用于攻击MS Kerberos实现的工具
  • [570星][1y] [Solidity] crytic/not-so-smart-contracts 常见的以太坊智能合约漏洞示例,包括来自真实智能合约的代码。
  • [567星][4m] [Py] its-a-feature/apfell 利用python3,docker,docker-compose和Web浏览器UI构建的跨平台,后渗透的Red Team框架。
  • [557星][1m] [C] vanhauser-thc/thc-ipv6 IPv6攻击工具包
  • [550星][6m] [HCL] coalfire-research/red-baron 为Red Teams自动创建有弹性,disposable,安全和敏捷的基础架构。
  • [542星][9m] [C] hfiref0x/upgdsed 通用PG和DSE禁用工具
  • [539星][3m] [C] eliasoenal/multimon-ng multimon-ng是multimon的继承者。解码多种数字传输模式
  • [537星][1y] [C#] ghostpack/safetykatz Mimikatz和 .NET PE Loader的结合
  • [531星][13d] [Go] sensepost/gowitness Go 语言编写的网站快照工具
  • [526星][5d] [Ruby] hdm/mac-ages 确定IEEE分配的硬件地址范围的大概发布日期
  • [520星][2m] [Shell] trailofbits/twa 小型网页审计工具,可灵活设置参数
  • [517星][2m] [JS] mr-un1k0d3r/thundershell 通过HTTP请求进行通信的C#RAT
  • [517星][5m] [C++] shuax/greenchrome 超好用的Chrome浏览器增强软件
  • [516星][8m] [Visual Basic .NET] mr-un1k0d3r/maliciousmacrogenerator 生成混淆的宏,可进行AV /沙箱逃逸
  • [510星][12m] [Go] mthbernardes/gtrs 使用Google翻译器作为代理将任意命令发送到受感染的计算机
  • [505星][12m] [C] google/ktsan 用于Linux内核的快速数据竞赛检测器
  • [503星][1m] [JS] sindresorhus/public-ip 快速获取外网IP地址
  • [501星][2m] [C] m0nad/diamorphine 适用于Linux Kernels 2.6.x / 3.x / 4.x(x86和x86_64)的LKM rootkit
  • [500星][11m] [C] yangyangwithgnu/bypass_disablefunc_via_ld_preload 通过LD_PRELOA绕过disable_functions(不需要/ usr / sbin / sendmail)
  • [495星][3m] [PHP] nzedb/nzedb 自动扫描Usenet,类似于爬虫扫描互联网的方式
  • [492星][3m] [Go] gen2brain/cam2ip 将任何网络摄像头转换为IP 摄像机
  • [488星][2m] [Py] aoii103/darknet_chinesetrading 暗网中文网监控实时爬虫
  • [488星][3m] [Go] gorilla/csrf 为Go Web应用程序和服务提供CSRF预防中间件
  • [487星][12m] [Go] evanmiller/hecate Hex编辑器
  • [486星][11m] [Shell] craigz28/firmwalker 一个简单的bash脚本,用于搜索提取或安装的固件文件系统。
  • [478星][1m] xiangpasama/jdsrc-small-classroom 京东SRC小课堂系列文章
  • [478星][2m] [TS] mitre-attack/attack-navigator 提供ATT&CK矩阵的基本导航和注释的Web App
  • [472星][2m] [Py] bit4woo/teemo 域名和电子邮件地址收集工具
  • [469星][20d] [Py] fportantier/habu Python 编写的网络工具工具包,主要用于教学/理解网络攻击中的一些概念
  • [468星][2m] [Py] coleifer/micawber 用于从URL中提取丰富的内容库
  • [467星][1m] [Shell] wireghoul/graudit 简单的脚本和签名集,进行源代码审计
  • [465星][2m] [Go] gen0cide/gscript 基于运行时参数,动态安装恶意软件
  • [462星][5m] [C] phoenhex/files Phoenhex 团队的exploits/POCs/presentation
  • [461星][3m] [PS] rvrsh3ll/misc-powershell-scripts PowerShell工具集
  • [454星][19d] [PS] mr-un1k0d3r/redteampowershellscripts 在红队练习中可能会有用的各种PowerShell脚本
  • [454星][2m] [Py] super-l/superl-url 根据关键词,对搜索引擎内容检索结果的网址内容进行采集的一款轻量级软程序。 程序主要运用于安全渗透测试项目,以及批量评估各类CMS系统0DAY的影响程度,同时也是批量采集自己获取感兴趣的网站的一个小程序~~ 可自动从搜索引擎采集相关网站的真实地址与标题等信息,可保存为文件,自动去除重复URL。同时,也可以自定义忽略多条域名等。
  • [450星][4m] [C++] omerya/invisi-shell 隐藏您的Powershell脚本。绕过所有Powershell安全功能
  • [431星][7m] [Pascal] mojtabatajik/robber 查找易于发生DLL劫持的可执行文件
  • [431星][11d] [C++] tenable/routeros 对 MikroTik的RouterOS进行安全性研究时使用的各种工具和漏洞
  • [421星][8m] 7kbstorm/7kbscan-webpathbrute 路径暴力探测工具
  • [420星][11m] [Py] powerscript/katanaframework 用于进行渗透测试的框架,基于一个简单而全面的结构,任何人都可以使用,修改和共享。Python编写
  • [411星][5d] [HTML] w3c/webappsec Web App安全工作组
  • [411星][15d] [Py] ytisf/pyexfil 用于数据渗透的Python包
  • [409星][10m] [Py] linklayer/pyvit 与汽车接口的工具包。它旨在实现汽车系统中使用的通用硬件接口和协议。
  • [408星][2d] [Go] cloudfoundry/gorouter CF Router
  • [401星][1m] [Py] fbngrm/matroschka Python隐写术工具,可在图像中红隐藏文本或图像
  • [391星][12d] [C++] simsong/bulk_extractor 取证工具
  • [389星][24d] [Ruby] david942j/seccomp-tools 用于seccomp分析
  • [386星][4m] [PHP] msurguy/honeypot 一种简单有效的方法,来阻止某些进入您网站的垃圾邮件机器人
  • [384星][11d] [C#] bloodhoundad/sharphound C#重写BloodHound Ingestor
  • [383星][1y] [JS] empireproject/empire-gui Empire开渗透框架的图形界面
  • [383星][1m] [JS] nccgroup/tracy 查找web app中所有的sinks and sources, 并以易于理解的方式显示这些结果
  • [381星][1m] [Py] fox-it/bloodhound.py 基于Python的BloodHound Ingestor,基于Impacket
  • [379星][9m] [Py] k4m4/onioff url检测器,深度检测网页链接
  • [376星][2d] [Ruby] dradis/dradis-ce 面向信息安全团队的协作框架
  • [376星][7m] [Py] tidesec/tidefinger 指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确。
  • [375星][] [C] vanhauser-thc/aflplusplus 带社区补丁的afl 2.56b
  • [375星][6m] [Py] vysecurity/domlink 一种将具有注册组织名称和电子邮件的域链接到其他域的工具。
  • [369星][2m] [Py] emtunc/slackpirate Slack枚举和提取工具-从Slack工作区中提取敏感信息
  • [367星][20d] [Shell] trimstray/otseca 安全审计工具, 搜索并转储系统配置
  • [364星][1m] [Py] tenable/poc 漏洞PoC
  • [363星][2m] [Py] codingo/interlace 轻松将单线程命令行应用程序转换为具有CIDR和glob支持的快速,多线程应用程序。
  • [363星][11m] [Py] secynic/ipwhois 检索和解析IPv4和IPv6地址的Whois数据
  • [359星][4d] [C#] sonarsource/sonar-dotnet 用于C#和VB.NET语言的静态代码分析器,用作SonarQube和SonarCloud平台的扩展。
  • [356星][7d] [TeX] vlsergey/infosec MIPT无线电工程与控制系统部信息保护教科书
  • [356星][21d] hackerschoice/thc-tesla-powerwall2-hack TESLA PowerWall 2安全雪茄
  • [355星][19d] [Py] lockgit/hacking Hacking工具收集
  • [355星][5m] [Makefile] xdite/internet-security 互联网资安风控实战
  • [347星][7d] [Ruby] sunitparekh/data-anonymization 帮助您构建匿名的生产数据转储,可用于性能测试,安全性测试,调试和开发。
  • [346星][19d] [Perl] keydet89/regripper2.8 从注册表中提取/解析信息(键,值,数据)并将其呈现出来进行分析。
  • [344星][1y] [Assembly] egebalci/amber 反射式PE加壳器,用于绕过安全产品和缓解措施
  • [343星][2m] veracode-research/solr-injection Apache Solr注入研究
  • [342星][9m] [Py] skorov/ridrelay 通过使用具有低priv的SMB中继来枚举您没有信誉的域上的用户名。
  • [340星][11d] [C#] mr-un1k0d3r/scshell Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  • [339星][4d] [JS] meituan-dianping/lyrebird 基于拦截以及模拟HTTP/HTTPS网络请求的面向移动应用的插件化测试工作台
  • [339星][1y] [Ruby] srcclr/commit-watcher Find interesting and potentially hazardous commits in git projects
  • [335星][4m] [C] csete/gpredict a real time satellite tracking and orbit prediction program for the Linux desktop
  • [332星][11m] [C#] ghostpack/sharpdump SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
  • [332星][1y] [Py] leapsecurity/inspy A python based LinkedIn enumeration tool
  • [331星][1y] [Shell] 1n3/goohak Automatically Launch Google Hacking Queries Against A Target Domain
  • [328星][1y] [Java] ysrc/liudao “六道”实时业务风控系统
  • [327星][3m] [Py] defaultnamehere/cookie_crimes Read local Chrome cookies without root or decrypting
  • [326星][2m] [PS] joelgmsec/autordpwn The Shadow Attack Framework
  • [326星][1y] [JS] nccgroup/wssip 服务器和客户端之间通信时自定义 WebSocket 数据的捕获、修改和发送。
  • [326星][1m] [Go] wangyihang/platypus A modern multiple reverse shell sessions/clients manager via terminal written in go
  • [325星][21d] [Shell] al0ne/linuxcheck linux信息收集/应急响应/常见后门检测脚本
  • [324星][12d] [JS] privacypass/challenge-bypass-extension 用于匿名认证的浏览器扩展
  • [323星][1m] trustedsec/physical-docs This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
  • [322星][1y] crazywa1ker/darthsidious-chinese 从0开始你的域渗透之旅
  • [318星][2m] [Visual Basic .NET] nccgroup/vcg Code security scanning tool.
  • [317星][5d] [Py] circl/lookyloo Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other.
  • [316星][22d] [HTML] vanhauser-thc/thc-archive All releases of the security research group (a.k.a. hackers) The Hacker's Choice
  • [315星][6d] [VBA] itm4n/vba-runpe A VBA implementation of the RunPE technique or how to bypass application whitelisting.
  • [315星][8m] [C] tomac/yersinia layer 2 攻击框架
  • [315星][1y] [Go] benjojo/bgp-battleships Play battleships using BGP
  • [313星][2m] [Py] coalfire-research/slackor A Golang implant that uses Slack as a command and control server
  • [312星][7m] [C] pmem/syscall_intercept Linux系统调用拦截框架,通过 hotpatching 进程标准C库的机器码实现。
  • [312星][5m] [Java] shengqi158/fastjson-remote-code-execute-poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java
  • [311星][7m] [HTML] nccgroup/crosssitecontenthijacking Content hijacking proof-of-concept using Flash, PDF and Silverlight
  • [311星][1m] [YARA] needmorecowbell/hamburglar collect useful information from urls, directories, and files
  • [310星][2m] [PS] darkoperator/posh-secmod PowerShell Module with Security cmdlets for security work
  • [309星][4m] [PS] enigma0x3/misc-powershell-stuff random powershell goodness
  • [305星][3m] [C] 9176324/shark Turn off PatchGuard in real time for win7 (7600) ~ win10 (18950).
  • [305星][7d] ugvf2009/miles 二爷翻墙,专注翻墙30年,但没有掌握核心科技^_^
  • [305星][11d] [Py] xinsss/conf-for-surge-shadowrocket Surge Shadowrocket conf
  • [304星][2m] [JS] doyensec/electronegativity Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
  • [300星][] [C++] squalr/squally 2D Platformer Game for Teaching Game Hacking - C++/cocos2d-x
  • [300星][1m] [C] tarsnap/scrypt The scrypt key derivation function was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.
  • [299星][10m] [C++] anhkgg/superdllhijack SuperDllHijack:A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
  • [299星][1y] [C#] ghostpack/sharpup SharpUp is a C# port of various PowerUp functionality.
  • [298星][7m] [Py] edent/bmw-i-remote A reverse engineered interface for the BMW i3 Electric Car
  • [298星][14d] [Shell] fdiskyou/zines Mirror of my favourite hacking Zines for the lulz, nostalgy, and reference
  • [297星][10d] [JS] jesusprubio/strong-node
  • [297星][1y] [JS] xxxily/fiddler-plus 自定义的Fiddler规则,多环境切换、解决跨域开发、快速调试线上代码必备|高效调试分析利器
  • [296星][9m] [C] gianlucaborello/libprocesshider Hide a process under Linux using the ld preloader (
  • [295星][2m] [Go] mdsecactivebreach/o365-attack-toolkit A toolkit to attack Office365
  • [295星][9m] [C] rhboot/shim a trivial EFI application that, when run, attempts to open and execute another application
  • [292星][9d] [Go] cruise-automation/fwanalyzer a tool to analyze filesystem images for security
  • [292星][2m] [C] mboehme/aflfast AFLFast (extends AFL with Power Schedules)
  • [292星][2d] [Py] vulnerscom/api Python 2/3 library for the Vulners Database
  • [290星][20d] [C#] matterpreter/offensivecsharp Collection of Offensive C# Tooling
  • [290星][5m] [Py] opsdisk/pagodo pagodo (Passive Google Dork) - Automate Google Hacking Database scraping
  • [288星][12m] [Py] justicerage/ffm Freedom Fighting Mode: open source hacking harness
  • [287星][3m] [Py] apache/incubator-spot Mirror of Apache Spot
  • [283星][16d] [PS] nullbind/powershellery This repo contains Powershell scripts used for general hackery.
  • [282星][3m] [Py] hacktoolspack/hack-tools hack tools
  • [282星][4m] [Py] joxeankoret/pyew Official repository for Pyew.
  • [282星][13d] [PHP] nico3333fr/csp-useful Collection of scripts, thoughts about CSP (Content Security Policy)
  • [282星][1y] [HTML] googleprojectzero/p0tools Project Zero Docs and Tools
  • [278星][5d] geerlingguy/ansible-role-security Ansible Role - Security
  • [277星][5m] [Py] 18f/domain-scan A lightweight pipeline, locally or in Lambda, for scanning things like HTTPS, third party service use, and web accessibility.
  • [277星][8m] s0md3v/mypapers Repository for hosting my research papers
  • [276星][28d] [C#] mkaring/confuserex An open-source, free protector for .NET applications
  • [274星][4m] [Py] invernizzi/scapy-http Support for HTTP in Scapy
  • [273星][15d] [Py] den1al/jsshell An interactive multi-user web JS shell
  • [271星][8m] offensive-security/nethunter-lrt The Nethunter Linux Root Toolkit is a collection of bash scripts which install Nethunter onto a supported device.
  • [271星][8m] [Py] s0md3v/breacher An advanced multithreaded admin panel finder written in python.
  • [269星][18d] [Py] ledger-donjon/lascar Ledger's Advanced Side-Channel Analysis Repository
  • [269星][5d] [JS] nodejs/security-wg Node.js Security Working Group
  • [265星][5d] [C] eua/wxhexeditor wxHexEditor official GIT repo
  • [265星][1y] [PS] fox-it/invoke-aclpwn
  • [264星][11m] [Py] ant4g0nist/susanoo A REST API security testing framework.
  • [264星][t] [C++] fransbouma/injectablegenericcamerasystem This is a generic camera system to be used as the base for cameras for taking screenshots within games. The main purpose of the system is to hijack the in-game 3D camera by overwriting values in its camera structure with our own values so we can control where the camera is located, it's pitch/yaw/roll values, its FoV and the camera's look vector.
  • [264星][9m] [C] landhb/hideprocess A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
  • [264星][1y] [JS] roccomuso/netcat Netcat client and server modules written in pure Javascript for Node.j
  • [263星][25d] [Py] guimaizi/get_domain 域名收集与监测
  • [263星][1m] [Ruby] rapid7/recog Pattern recognition for hosts, services, and content
  • [262星][4m] [C] portcullislabs/linikatz UNIX版本的Mimikatz
  • [262星][] rustsec/advisory-db Security advisory database for Rust crates published through crates.io
  • [262星][6d] [Py] sofianehamlaoui/lockdoor-framework
  • [260星][12m] [Py] hysnsec/devsecops-studio DevSecOps Distribution - Virtual Environment to learn DevSecOps
  • [259星][10d] [C++] poweradminllc/paexec Remote execution, like PsExec
  • [258星][1y] [Py] m4ll0k/galileo Galileo - Web Application Audit Framework
  • [257星][1m] [Py] frint0/email-enum Email-Enum searches mainstream websites and tells you if an email is registered! #DEPRECATED
  • [257星][10m] [C] p0f/p0f p0f unofficial git repo
  • [255星][1m] [Py] cloudflare/python-cloudflare Python wrapper for the Cloudflare Client API v4
  • [254星][7m] [Go] lavalamp-/ipv666 IPV6地址枚举工具. Go编写
  • [254星][10m] [Py] wh0ale/src-experience 工欲善其事,必先利其器
  • [252星][3m] [Py] cvandeplas/pystemon Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon
  • [252星][7m] [Py] itskindred/procspy Python tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..
  • [252星][1m] [Py] rvrsh3ll/findfrontabledomains Search for potential frontable domains
  • [250星][9m] [C] jakeajames/rootlessjb
  • [249星][19d] [Py] cisco-config-analysis-tool/ccat Cisco Config Analysis Tool
  • [248星][8d] [Py] susmithkrishnan/torghost Tor anonimizer
  • [246星][8m] ethicalhack3r/wordpress_plugin_security_testing_cheat_sheet WordPress插件安全测试备忘录。
  • [246星][1y] xcsh/unity-game-hacking A guide for hacking unity games
  • [244星][9m] [Py] mazen160/bfac 自动化 web app 备份文件测试工具,可检测备份文件是否会泄露 web app 源代码
  • [244星][8m] [Py] openstack/syntribos 自动化的 API 安全测试工具
  • [242星][19d] [Rust] hirrolot/anevicon
  • [239星][1y] [Py] matthewclarkmay/geoip-attack-map Cyber security geoip attack map that follows syslog and parses IPs/port numbers to visualize attackers in real time.
  • [238星][2m] [JS] martinzhou2015/srcms SRCMS企业应急响应与缺陷管理系统
  • [238星][2m] [Py] timlib/webxray webxray is a tool for analyzing third-party content on webpages and identifying the companies which collect user data.
  • [237星][11m] duoergun0729/2book 《Web安全之深度学习实战》
  • [236星][10m] [Py] cryin/javaid java source code static code analysis and danger function identify prog
  • [236星][8m] [Py] xhak9x/fbi Facebook Information
  • [231星][18d] o-mg/demonseed minimal malicious USB cabl
  • [231星][3d] [Py] webbreacher/whatsmyname This repository has the unified data required to perform user enumeration on various websites. Content is in a JSON file and can easily be used in other projects.
  • [230星][2m] [Java] commonsguy/cwac-netsecurity CWAC-NetSecurity: Simplifying Secure Internet Access
  • [230星][2m] [PS] miriamxyra/eventlist help improving your Audit capabilities and to help to build your Security Operation Center.
  • [229星][1m] [C] vusec/ridl RIDL test suite and exploits
  • [226星][1y] [Go] netxfly/sec_check 服务器安全检测的辅助工具
  • [226星][1y] lanjelot/kb Respositoy of all my notes on infosec I have been building up over the years
  • [224星][1y] basilfx/tradfri-hacking Hacking the IKEA TRÅDFRI light bulbs and accessories.
  • [223星][1y] [Py] tkcert/mail-security-tester A testing framework for mail security and filtering solutions.
  • [221星][7m] bhdresh/dejavu deception framework which can be used to deploy decoys across the infrastructure
  • [220星][5m] [Shell] vedetta-com/vedetta OpenBSD Router Boilerplate
  • [220星][15d] [Py] wazuh/wazuh-ruleset ruleset is used to detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, system anomalies or security policy violations.
  • [219星][9m] [JS] zhuyingda/veneno 用Node.js编写的Web安全测试框架
  • [218星][10m] [C] feexd/pocs
  • [218星][10m] [JS] jopyth/mmm-remote-control Magic Mirror Module to shutdown or configure your mirror
  • [217星][10m] [Py] mckinsey666/vocabs A lightweight online dictionary integration to the command line
  • [216星][3m] [Py] jordanpotti/cloudscraper Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
  • [216星][9m] [C] sleinen/samplicator Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing
  • [215星][6m] [C#] erfg12/memory.dll C# Hacking library for making PC game trainers.
  • [214星][5m] [Py] infosecn1nja/maliciousmacromsbuild Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
  • [213星][6m] [Py] dirkjanm/krbrelayx Kerberos unconstrained delegation abuse toolkit
  • [213星][27d] [Py] nyxgeek/lyncsmash locate and attack Lync/Skype for Business
  • [210星][5m] [Java] dschanoeh/kayak Kayak is a CAN bus analysis tool based on SocketCAN
  • [210星][3m] [Py] si9int/cc.py Extracting URLs of a specific target based on the results of "commoncrawl.org"
  • [210星][2m] [Shell] hak5/lanturtle-modules The Official LAN Turtle Module Repository
  • [209星][5m] [PS] harmj0y/damp The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
  • [208星][11d] [C#] b4rtik/redpeanut RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.
  • [208星][1m] [Py] seahoh/gotox 本地自动代理,修改自 goagent。
  • [207星][8m] 1hack0/facebook-bug-bounty-write-ups Hunting Bugs for Fun and Profit
  • [207星][4m] [HCL] byt3bl33d3r/red-baron Automate creating resilient, disposable, secure and agile infrastructure for Red Teams
  • [207星][5m] [YARA] th3hurrican3/pepper An open source script to perform malware static analysis on Portable Executable
  • [206星][1y] [JS] jpcertcc/sysmonsearch Investigate suspicious activity by visualizing Sysmon's event log
  • [206星][1y] [Py] orf/xcat 辅助盲 Xpath 注入,检索正在由 Xpath 查询处理的整个 XML 文档,读取主机文件系统上的任意文件,并使用出站 HTTP 请求,使服务器将数据直接发送到xcat
  • [206星][9m] [Py] openstack/hacking OpenStack Hacking Style Checks
  • [204星][1m] [Jupyter Notebook] hunters-forge/attack-python-client Python Script to access ATT&CK content available in STIX via a public TAXII server
  • [203星][2m] [TS] helmetjs/csp Content Security Policy middleware
  • [203星][7m] [JS] wingleung/save-page-state A chrome extension to save the state of a page for further analysis
  • [202星][10d] [C++] oisf/libhtp LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces.

未分类

新添加1

新添加2

未分类3

未分类4

未分类5

其他

  • [923星][3d] [C] arm-software/arm-trusted-firmware Arm A-Profile体系结构(Armv8-A和Armv7-A)的安全世界软件的参考实现,其中包括Exception Level 3(EL3)安全监视器。

古老的&&有新的替代版本的

  • [1605星][3m] [Py] knownsec/pocsuite This project has stopped to maintenance, please to

文章

新添加的

收集&&集合


未分类


混合型收集


无工具类收集


收集类的收集


教育资源&&课程&&教程&&书籍


笔记&&Tips&&Tricks

未分类

blog


Talk&&Conference


文档&&Documentation&&规则说明&&RFC

  • [1705星][10m] [CSS] bagder/http2-explained A detailed document explaining and documenting HTTP/2, the successor to the widely popular HTTP/1.1 protocol

特定目标


未分类-XxTarget


AWS

  • [4471星][1y] [Go] wallix/awless A Mighty CLI for AWS
  • [4271星][4m] [Py] dxa4481/trufflehog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
  • [3301星][5d] [Shell] toniblyx/my-arsenal-of-aws-security-tools List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
  • [3154星][5d] [JS] duo-labs/cloudmapper 生成AWS环境的网络拓扑图
  • [2895星][3d] [Go] 99designs/aws-vault A vault for securely storing and accessing AWS credentials in development environments
  • [2645星][4m] [Java] teevity/ice AWS Usage Tool
  • [2374星][5m] [Go] mlabouardy/komiser
  • [1912星][6d] [Shell] toniblyx/prowler AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide:
  • [1895星][3d] [Py] mozilla/mozdef Mozilla Enterprise Defense Platform
  • [1604星][1y] [Py] nccgroup/scout2 Security auditing tool for AWS environments
  • [1386星][12m] [Py] eth0izzle/bucket-stream 通过certstream 监控多种证书 transparency 日志, 进而查找有趣的 Amazon S3 Buckets
  • [1198星][17d] [Py] lyft/cartography Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
  • [1149星][4m] [Py] rhinosecuritylabs/pacu The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • [938星][3m] [Py] sa7mon/s3scanner Scan for open AWS S3 buckets and dump the contents
  • [844星][26d] [Py] jordanpotti/awsbucketdump 快速枚举 AWS S3 Buckets,查找感兴趣的文件。类似于子域名爆破,但针对S3 Bucket,有额外功能,例如下载文件等
  • [814星][7d] [Go] rebuy-de/aws-nuke Nuke a whole AWS account and delete all its resources.
  • [804星][2d] [Py] awslabs/aws-config-rules [Node, Python, Java] Repository of sample Custom Rules for AWS Config.
  • [786星][11d] [Go] liamg/tfsec
  • [774星][13d] [Java] tmobile/pacbot PacBot (Policy as Code Bot)
  • [613星][3m] [Py] netflix/repokid AWS Least Privilege for Distributed, High-Velocity Deployment
  • [609星][21d] [Shell] securityftw/cs-suite Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
  • [563星][3m] [Shell] denizparlak/zeus AWS Auditing & Hardening Tool
  • [548星][9d] [Ruby] stelligent/cfn_nag Linting tool for CloudFormation templates
  • [539星][4d] [Py] salesforce/policy_sentry IAM Least Privilege Policy Generator
  • [505星][3m] [Py] awslabs/aws-security-benchmark Open source demos, concept and guidance related to the AWS CIS Foundation framework.
  • [485星][19d] [Py] netflix-skunkworks/diffy Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
  • [462星][8m] [Py] ustayready/fireprox AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
  • [409星][2m] [Ruby] arkadiyt/aws_public_ips Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
  • [400星][4m] [Py] duo-labs/cloudtracker CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  • [389星][2m] [Py] riotgames/cloud-inquisitor Enforce ownership and data security within AWS
  • [370星][11m] [Py] awslabs/aws-security-automation Collection of scripts and resources for DevSecOps and Automated Incident Response Security
  • [365星][7m] [Py] carnal0wnage/weirdaal WeirdAAL (AWS Attack Library)
  • [343星][2m] [Ruby] anaynayak/aws-security-viz Visualize your aws security groups.
  • [321星][1y] [Py] securing/dumpsterdiver Tool to search secrets in various filetypes.
  • [292星][8m] [Py] cesar-rodriguez/terrascan Collection of security and best practice test for static code analysis of terraform templates
  • [289星][1y] [Py] nccgroup/aws-inventory 发现在AWS账户中创建的资源
  • [274星][2m] [Py] nccgroup/pmapper A tool for quickly evaluating IAM permissions in AWS.
  • [260星][11d] [Py] voulnet/barq The AWS Cloud Post Exploitation framework!
  • [258星][14d] [Jupyter Notebook] aws-samples/aws-security-workshops A collection of the latest AWS Security workshops
  • [242星][6d] [HCL] nozaq/terraform-aws-secure-baseline Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations.
  • [224星][10d] [Dockerfile] thinkst/canarytokens-docker Docker configuration to quickly setup your own Canarytokens.
  • [204星][17d] stuhirst/awssecurity for AWS Security material
  • [203星][6m] [Py] dowjones/hammer Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

Phoenix

  • [820星][5d] [Elixir] nccgroup/sobelow Phoenix 框架安全方面的静态分析工具(Phoenix 框架:支持对webUI,接口, web性能,mobile app 或 mobile browser 进行自动化测试和监控的平台)

Kubernetes


Azure


Nginx

  • [6211星][2m] [Py] yandex/gixy Nginx 配置静态分析工具,防止配置错误导致安全问题,自动化错误配置检测

ELK

  • [1945星][4d] [CSS] cyb3rward0g/helk 对ELK栈进行分析,具备多种高级功能,例如SQL声明性语言,图形,结构化流,机器学习等

GoogleCloud&&谷歌云

  • [1066星][2d] [Py] forseti-security/forseti-security A community-driven collection of open source tools to improve the security of your Google Cloud Platform environments

物联网(IoT)&&嵌入式设备&&路由器&&交换机&&智能设备&&打印机


工具

未分类-IoT

  • [1218星][] [C] dgiese/dustcloud Xiaomi Smart Home Device Reverse Engineering and Hacking
  • [1145星][7m] nebgnahz/awesome-iot-hacks A Collection of Hacks in IoT Space so that we can address them (hopefully).
  • [1049星][29d] [Py] ct-open-source/tuya-convert A collection of scripts to flash Tuya IoT devices to alternative firmwares
  • [836星][5d] v33ru/iotsecurity101 From IoT Pentesting to IoT Security
  • [587星][9m] [Py] woj-ciech/danger-zone Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
  • [491星][18d] [Py] iti/ics-security-tools Tools, tips, tricks, and more for exploring ICS Security.
  • [461星][5d] [Py] rabobank-cdc/dettect Detect Tactics, Techniques & Combat Threats
  • [330星][1y] [Py] vmware/liota
  • [315星][16d] [Java] erudika/para Open source back-end server for web, mobile and IoT. The backend for busy developers. (self-hosted or hosted)

打印机

路由器&&交换机

嵌入式设备


文章

新添加

渗透&&offensive&&渗透框架&&后渗透框架


工具

未分类-Pentest

收集

渗透多合一&&渗透框架

  • [5062星][5m] [PS] empireproject/empire 后渗透框架. Windows客户端用PowerShell, Linux/OSX用Python. 之前PowerShell Empire和Python EmPyre的组合
  • [4752星][13d] [Py] manisso/fsociety fsociety Hacking Tools Pack – A Penetration Testing Framework
  • [3427星][1m] [PS] samratashok/nishang 渗透框架,脚本和Payload收集,主要是PowerShell,涵盖渗透的各个阶段
  • [3154星][t] [Shell] 1n3/sn1per 自动化渗透测试框架
  • [3136星][2m] [Py] byt3bl33d3r/crackmapexec 后渗透工具,自动化评估大型Active Directory网络的安全性
  • [2995星][18d] [Py] guardicore/monkey 自动化渗透测试工具, 测试数据中心的弹性, 以防范周边(perimeter)泄漏和内部服务器感染
  • [2840星][8m] [C#] quasar/quasarrat Remote Administration Tool for Windows
  • [2421星][5d] [Py] infobyte/faraday 渗透测试和漏洞管理平台
  • [1527星][19d] [Py] zerosum0x0/koadic 类似于Meterpreter、Powershell Empire 的post-exploitation rootkit,区别在于其大多数操作都是由 Windows 脚本主机 JScript/VBScript 执行
  • [1096星][11m] [Py] secforce/sparta 网络基础架构渗透测试
  • [961星][4m] [Py] 0xinfection/tidos-framework Web App渗透测试框架, 攻击性, 手动
  • [928星][1y] [Py] m4n3dw0lf/pythem 多功能渗透测试框架
  • [521星][t] [Py] gyoisamurai/gyoithon 使用机器学习的成长型渗透测试工具

自动化

数据渗透&&DataExfiltration

  • [1065星][1m] [C] quiet/quiet Transmit data with sound. Includes binaries for soundcards and .wav files.
  • [469星][4m] [Py] viralmaniar/powershell-rat Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

横向渗透

Burp

收集

未分类-Burp

  • [1112星][1y] [Py] bugcrowd/hunt Burp和ZAP的扩展收集
  • [917星][5d] [Batchfile] mr-xn/burpsuite-collections BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
  • [715星][1y] [Java] d3vilbug/hackbar HackBar plugin for Burpsuite
  • [663星][9m] [Java] vulnerscom/burp-vulners-scanner Vulnerability scanner based on vulners.com search API
  • [605星][9m] [Java] c0ny1/chunked-coding-converter Burp suite 分块传输辅助插件
  • [584星][1y] [Java] federicodotta/brida The new bridge between Burp Suite and Frida!
  • [510星][2m] [Java] wagiro/burpbounty Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
  • [496星][2m] [Py] romanzaikin/burpextension-whatsapp-decryption-checkpoint This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)
  • [445星][6m] [Py] albinowax/activescanplusplus ActiveScan++ Burp Suite Plugin
  • [423星][5m] [Java] bit4woo/recaptcha reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
  • [410星][8m] [Java] nccgroup/burpsuitehttpsmuggler A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
  • [381星][1y] [Py] rhinosecuritylabs/sleuthql Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
  • [378星][3m] [Java] nccgroup/autorepeater Automated HTTP Request Repeating With Burp Suite
  • [366星][13d] [Java] portswigger/http-request-smuggler an extension for Burp Suite designed to help you launch HTTP Request Smuggling attack
  • [364星][4d] [Kotlin] portswigger/turbo-intruder Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
  • [359星][5m] [Java] bit4woo/domain_hunter A Burp Suite Extender that try to find sub-domain, similar-domain and related-domain of an organization, not only a domain! 利用burp收集整个企业、组织的域名(不仅仅是单个主域名)的插件
  • [336星][13d] [Java] bit4woo/knife A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
  • [310星][1y] [Java] ebryx/aes-killer Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
  • [303星][6d] [Java] ilmila/j2eescan J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
  • [301星][1y] [Java] elkokc/reflector Burp 插件,浏览网页时实时查找反射 XSS
  • [299星][1y] [Java] vmware/burp-rest-api REST/JSON API to the Burp Suite security tool.
  • [298星][12m] [Shell] yw9381/burp_suite_doc_zh_cn 这是基于Burp Suite官方文档翻译而来的中文版文档
  • [273星][2m] [Py] quitten/autorize Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
  • [257星][3m] [Py] rhinosecuritylabs/iprotate_burp_extension Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
  • [250星][30d] [Java] c0ny1/jsencrypter 一个用于加密传输爆破的Burp Suite插件
  • [246星][5m] [Py] initroot/burpjslinkfinder Burp Extension for a passive scanning JS files for endpoint links.
  • [244星][3m] [Java] c0ny1/passive-scan-client Burp被动扫描流量转发插件
  • [238星][2m] [Java] samlraider/samlraider SAML2 Burp Extension
  • [235星][1y] [Java] difcareer/sqlmap4burp sqlmap embed in burpsuite
  • [230星][1y] [Py] audibleblink/doxycannon 为一堆OpenVPN文件分别创建Docker容器, 每个容器开启SOCKS5代理服务器并绑定至Docker主机端口, 再结合使用Burp或ProxyChains, 构建私有的Botnet
  • [225星][6m] [Perl] modzero/mod0burpuploadscanner HTTP file upload scanner for Burp Proxy
  • [219星][9m] [Py] teag1e/burpcollector 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。
  • [209星][3m] [Java] h3xstream/http-script-generator ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)

Metasploit

未分类-metasploit

免杀&&躲避AV检测

  • [1032星][5m] [C] govolution/avet 免杀工具
  • [733星][10m] [Py] mr-un1k0d3r/dkmc DKMC - Dont kill my cat - Malicious payload evasion tool
  • [686星][7m] [Py] paranoidninja/carboncopy A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
  • [472星][18d] [Go] arvanaghi/checkplease Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
  • [316星][1m] [C#] ch0pin/aviator Antivirus evasion project
  • [302星][1y] [Py] two06/inception Provides In-memory compilation and reflective loading of C# apps for AV evasion.
  • [276星][2m] [C#] hackplayers/salsa-tools Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

C&C

  • [2490星][4m] [Go] ne0nd0g/merlin Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
  • [1826星][6m] [C++] iagox86/dnscat2 在 DNS 协议上创建加密的 C&C channel
  • [1110星][1y] [Py] byt3bl33d3r/gcat A PoC backdoor that uses Gmail as a C&C server
  • [994星][2m] [C#] cobbr/covenant Covenant is a collaborative .NET C2 framework for red teamers.
  • [633星][11m] [Py] mehulj94/braindamage Remote administration tool which uses Telegram as a C&C server
  • [596星][19d] [Py] trustedsec/trevorc2 通过正常的可浏览的网站隐藏 C&C 指令的客户端/服务器模型,因为时间间隔不同,检测变得更加困难,并且获取主机数据时不会使用 POST 请求
  • [320星][1y] [C#] spiderlabs/dohc2 DoHC2 allows the ExternalC2 library from Ryan Hanson (
  • [283星][t] [PS] nettitude/poshc2 Python Server for PoshC2
  • [280星][4d] [PS] nettitude/poshc2 Python Server for PoshC2
  • [207星][1y] [C#] damonmohammadbagher/nativepayload_dns 使用DNS流量传输Payload,绕过杀软。C#编写
  • [201星][1y] [Py] sec-bit/awesome-buggy-erc20-tokens A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected

DDOS

OWASP

  • [11306星][2d] [Py] owasp/cheatsheetseries The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
  • [5084星][7d] [HTML] owasp/owasp-mstg 关于移动App安全开发、测试和逆向的相近手册
  • [2434星][13d] [Go] owasp/amass In-depth Attack Surface Mapping and Asset Discovery
  • [1964星][10d] [Perl] spiderlabs/owasp-modsecurity-crs OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
  • [1417星][3m] [HTML] owasp/top10 Official OWASP Top 10 Document Repository
  • [1056星][3m] [HTML] owasp/nodegoat 学习OWASP安全威胁Top10如何应用到Web App的,以及如何处理
  • [752星][2d] [Java] owasp/securityshepherd Web and mobile application security training platform
  • [698星][7d] [HTML] owasp/asvs Application Security Verification Standard
  • [625星][9d] [Py] zdresearch/owasp-nettacker Automated Penetration Testing Framework
  • [559星][6d] [Shell] owasp/owasp-masvs OWASP 移动App安全标准
  • [503星][10d] owasp/wstg The OWASP Web Security Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
  • [503星][10d] owasp/wstg The OWASP Web Security Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
  • [466星][8m] [Java] owasp/owasp-webscarab OWASP WebScarab
  • [422星][5m] [Py] stanislav-web/opendoor OWASP WEB Directory Scanner
  • [370星][4d] [Java] zaproxy/zap-extensions OWASP ZAP Add-ons
  • [348星][2m] [Java] esapi/esapi-java-legacy ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
  • [305星][5m] 0xradi/owasp-web-checklist OWASP Web Application Security Testing Checklist
  • [297星][5m] tanprathan/owasp-testing-checklist OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
  • [286星][5m] [JS] mike-goodwin/owasp-threat-dragon An open source, online threat modelling tool from OWASP
  • [258星][2m] owasp/api-security OWASP API Security Project
  • [255星][12m] [Java] owasp/owasp-java-encoder The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
  • [208星][17d] [Java] owasp/benchmark OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…

Kali

  • [2538星][8m] offensive-security/kali-nethunter The Kali NetHunter Project
  • [2436星][8m] [Py] lionsec/katoolin Automatically install all Kali linux tools
  • [1699星][3m] [PHP] xtr4nge/fruitywifi FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.
  • [879星][11m] [Shell] esc0rtd3w/wifi-hacker Shell Script For Attacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2)
  • [769星][13d] [Py] rajkumrdusad/tool-x Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other android terminals. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based distributions.
  • [675星][8m] offensive-security/kali-arm-build-scripts Kali Linux ARM build scripts
  • [556星][2m] [Shell] offensive-security/kali-linux-docker PLEASE USE GITLAB
  • [425星][4m] jack-liang/kalitools Kali Linux工具清单
  • [336星][8m] offensive-security/kali-linux-recipes Kali Linux Recipes
  • [316星][2m] [Shell] brainfucksec/kalitorify 用于Kali的shell脚本,使用iptables创建通过Tor网络的透明代理。可以执行各种检查:检查Tor出口节点(即在Tor代理下时的公共IP),或者Tor已正确配置,可以检查服务和网络设置。
  • [273星][27d] [C++] steve-m/kalibrate-rtl fork of
  • [203星][5m] jiansiting/kali-windows Kali Windows

CobaltStrike

  • [1072星][9d] [C#] k8gege/ladon 大型内网渗透扫描器&Cobalt Strike,包含信息收集/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、Weblogic、ActiveMQ、Tomcat等,密码口令爆破含(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB)等,可高度自定义插件支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器一键生成Web漏洞POC,可快速扩展扫描或利用能力。支持Cobalt Strike插件化直接内存加载Ladon扫描快速拓展内网横向移动
  • [770星][5m] aleenzz/cobalt_strike_wiki Cobalt Strike系列
  • [474星][1m] [Py] k8gege/k8cscan 大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
  • [397星][1y] [Shell] killswitch-gui/cobaltstrike-toolkit Some useful scripts for CobaltStrike
  • [287星][7m] [JS] joshuaferrara/node-csgo A node-steam plugin for Counter-Strike: Global Offensive.
  • [217星][12d] [JS] saul/demofile Node.js library for parsing Counter-Strike: Global Offensive demo files
  • [215星][9m] [PS] outflanknl/excel4-dcom PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
  • [207星][1y] [C#] spiderlabs/sharpcompile SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…

CMS

日志

劫持&&各种劫持

未分类-Hijack

  • [1417星][1m] [Java] chrisk44/hijacker Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
  • [554星][6m] [Py] owasp/qrljacking 一个简单的能够进行会话劫持的社会工程攻击向量,影响所有使用“使用 QR 码登录”作为安全登录方式的应用程序。( Quick Response CodeLogin Jacking)

点击劫持

RedTeam

  • [617星][19d] [Py] facebookincubator/weasel DNS covert channel implant for Red Teams.
  • [542星][8m] [Py] wyatu/perun 主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
  • [476星][13d] [PS] mantvydasb/redteam-tactics-and-techniques Red Teaming Tactics and Techniques
  • [357星][2m] [C] nccgroup/phantap Phantom Tap (PhanTap) - an ‘invisible’ network tap aimed at red teams
  • [221星][2m] [Py] khast3x/redcloud Comfy & powerful Red Team Infrastructure deployement using Docker
  • [220星][9m] [Py] coalfire-research/deathmetal Red team & penetration testing tools to exploit the capabilities of Intel AMT
  • [217星][1y] foobarto/redteam-notebook Collection of commands, tips and tricks and references I found useful during preparation for OSCP exam.

BlueTeam

  • [883星][4m] [CSS] outflanknl/redelk 跟踪和警告Blue Team活动以及长期运营中的更高可用性
  • [639星][5m] smgorelik/windows-rce-exploits The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS, the samples are uploaded for education purposes for red and blue teams.
  • [409星][1y] [C] ww9210/linux_kernel_exploits Repo for FUZE project. I will also publish some Linux kernel LPE exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.
  • [261星][11d] [Ruby] evait-security/envizon 网络可视化工具, 在渗透测试中快速识别最可能的目标

文章

新添加的

Metasploit

BurpSuite

CobaltStrike

扫描器&&安全扫描&&App扫描&&漏洞扫描


工具

未分类-Scanner

  • [11486星][3m] [C] robertdavidgraham/masscan masscan:世界上最快的互联网端口扫描器,号称可6分钟内扫描整个互联网
  • [7449星][3d] [Py] s0md3v/xsstrike Most advanced XSS scanner.
  • [5351星][15d] [Go] zricethezav/gitleaks Audit git repos for secrets
  • [4563星][8d] [Ruby] wpscanteam/wpscan WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites.
  • [4215星][24d] we5ter/scanners-box 安全行业从业者自研开源扫描器合辑
  • [3455星][26d] [Perl] sullo/nikto Nikto web server scanner
  • [3279星][20d] [Go] mozilla/sops Simple and flexible tool for managing secrets
  • [3252星][26d] [Py] maurosoria/dirsearch Web path scanner
  • [3092星][3m] [C] zmap/zmap ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
  • [2960星][2m] [Py] andresriancho/w3af Web App安全扫描器, 辅助开发者和渗透测试人员识别和利用Web App中的漏洞
  • [2669星][20d] [Py] cloudflare/flan A pretty sweet vulnerability scanner
  • [2287星][4m] [JS] retirejs/retire.js scanner detecting the use of JavaScript libraries with known vulnerabilities
  • [2113星][12d] [Ruby] urbanadventurer/whatweb Next generation web scanner
  • [2050星][23d] [Py] nabla-c0d3/sslyze SSL/TLS服务器扫描
  • [1682星][2m] [NSIS] angryip/ipscan Angry IP Scanner - fast and friendly network scanner
  • [1560星][8m] [Py] m4ll0k/wascan WAScan - Web Application Scanner
  • [1511星][9d] [Py] hannob/snallygaster Python脚本, 扫描HTTP服务器"秘密文件"
  • [1139星][24d] [Py] gerbenjavado/linkfinder A python script that finds endpoints in JavaScript files
  • [1102星][3m] [PHP] tuhinshubhra/red_hawk 信息收集、漏洞扫描、爬虫多合一
  • [1076星][8m] [Py] lucifer1993/struts-scan struts2漏洞全版本检测和利用工具
  • [1062星][4m] [Py] h4ckforjob/dirmap 一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
  • [935星][6m] [PHP] tidesec/wdscanner 分布式web漏洞扫描、客户管理、漏洞定期扫描、子域名枚举、端口扫描、网站爬虫、暗链检测、坏链检测、网站指纹搜集、专项漏洞检测、代理搜集及部署等功能。
  • [933星][3m] [Py] tuhinshubhra/cmseek CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 170 other CMSs
  • [896星][20d] [Py] ajinabraham/nodejsscan NodeJsScan is a static security code scanner for Node.js applications.
  • [855星][12d] [JS] cloudsploit/scans Cloud security configuration checks
  • [767星][2m] [Py] vesche/scanless 端口扫描器
  • [758星][2m] [Py] nekmo/dirhunt Web爬虫, 针对搜索和分析路径做了优化
  • [734星][7m] [Py] ztgrace/changeme 默认证书扫描器
  • [725星][14d] [CSS] w-digital-scanner/w12scan a network asset discovery engine that can automatically aggregate related assets for analysis and use
  • [704星][23d] [Py] grayddq/gscan 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
  • [703星][5m] [CSS] ajinabraham/cmsscan Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
  • [702星][1m] [C] scanmem/scanmem memory scanner for Linux
  • [686星][14d] [Py] kevthehermit/pastehunter Scanning pastebin with yara rules
  • [671星][8m] [Py] m4ll0k/wpseku WPSeku - Wordpress Security Scanner
  • [671星][2m] [Ruby] mozilla/ssh_scan A prototype SSH configuration and policy scanner (Blog:
  • [669星][6m] [Py] droope/droopescan A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
  • [665星][6m] [Py] rabbitmask/weblogicscan Weblogic一键漏洞检测工具,V1.3
  • [641星][1y] [Py] lmco/laikaboss Laika BOSS: Object Scanning System
  • [618星][5m] [Py] faizann24/xsspy Web Application XSS Scanner
  • [610星][1y] [Ruby] thesp0nge/dawnscanner Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • [578星][8d] [Py] codingo/vhostscan A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
  • [576星][3m] [Perl] alisamtechnology/atscan Advanced dork Search & Mass Exploit Scanner
  • [574星][2m] [HTML] gwillem/magento-malware-scanner 用于检测 Magento 恶意软件的规则/样本集合
  • [563星][8m] [Go] marco-lancini/goscan Interactive Network Scanner
  • [539星][5m] [Py] cisagov/pshtt Scan domains and return data based on HTTPS best practices
  • [485星][2m] [Py] fcavallarin/htcap htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.
  • [476星][1y] [C] nanshihui/scan-t a new crawler based on python with more function including Network fingerprint search
  • [442星][11d] [Py] w-digital-scanner/w13scan Passive Security Scanner (被动式安全扫描器)
  • [401星][11m] [JS] eviltik/evilscan 大规模 IP/端口扫描器,Node.js 编写
  • [400星][1y] [Py] grayddq/publicmonitors 对公网IP列表进行端口服务扫描,发现周期内的端口服务变化情况和弱口令安全风险
  • [398星][t] [C] hasherezade/hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
  • [393星][11m] [Py] mitre/multiscanner Modular file scanning/analysis framework
  • [384星][1m] [Py] stamparm/dsss Damn Small SQLi Scanner
  • [376星][1m] [Py] skavngr/rapidscan | The Multi-Tool Web Vulnerability Scanner.
  • [368星][4d] [Swift] evermeer/passportscanner Scan the MRZ code of a passport and extract the firstname, lastname, passport number, nationality, date of birth, expiration date and personal numer.
  • [356星][5m] [Py] swisskyrepo/wordpresscan WPScan rewritten in Python + some WPSeku ideas
  • [346星][4m] [Java] portswigger/backslash-powered-scanner Finds unknown classes of injection vulnerabilities
  • [343星][28d] [Py] fgeek/pyfiscan Web App 漏洞及版本扫描
  • [333星][1y] [Py] flipkart-incubator/rta Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
  • [330星][2d] [C] royhills/arp-scan The ARP Scanner
  • [320星][12d] [HTML] coinbase/salus Security scanner coordinator
  • [314星][1m] [PS] canix1/adaclscanner Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory
  • [305星][3m] [Ruby] m0nad/hellraiser Vulnerability Scanner
  • [303星][10m] [PHP] steverobbins/magescan Scan a Magento site for information
  • [301星][6d] [Shell] mitchellkrogza/apache-ultimate-bad-bot-blocker Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
  • [296星][9m] [Py] boy-hack/w8fuckcdn 通过扫描全网绕过CDN获取网站IP地址
  • [296星][1y] [Shell] cryptolok/ghostinthenet Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan
  • [293星][5m] enkomio/taipan Web application vulnerability scanner
  • [288星][1m] [Go] zmap/zgrab2 Go Application Layer Scanner
  • [287星][4d] [Py] target/strelka Real-time, container-based file scanning at enterprise scale
  • [287星][2m] [Py] xdavidhu/portspider A lightning fast multithreaded network scanner framework with modules.
  • [285星][1y] [Py] code-scan/dzscan Dzscan
  • [282星][4m] [Py] shenril/sitadel Web Application Security Scanner
  • [271星][14d] [Py] abhisharma404/vault swiss army knife for hackers
  • [263星][3m] [Py] m4ll0k/konan Konan - Advanced Web Application Dir Scanner
  • [252星][24d] [Swift] netyouli/whc_scan 高效强大扫描分析iOS和Android项目里没有使用的类Mac开源工具,清理项目垃圾类,让项目结构干净清爽,升级维护得心应手. Efficient and powerful scanning analysis iOS and Android project no classes used in Mac open source tools, cleaning rubbish class project, make project structure clean and relaxed, upgrade maintenance
  • [251星][10m] jeffzh3ng/insectsawake Network Vulnerability Scanner
  • [246星][2m] [Py] gildasio/h2t h2t (HTTP Hardening Tool) scans a website and suggests security headers to apply
  • [239星][2m] [PHP] psecio/versionscan A PHP version scanner for reporting possible vulnerabilities
  • [237星][8m] [Go] gocaio/goca Goca Scanner
  • [225星][6m] [Py] rub-nds/corstest A simple CORS misconfiguration scanner
  • [224星][6m] [JS] pavanw3b/sh00t Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
  • [220星][1y] [Py] dionach/cmsmap CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
  • [216星][4m] [Py] iojw/socialscan Check email address and username availability on online platforms with 100% accuracy
  • [213星][10m] [Py] nullarray/dorknet Selenium powered Python script to automate searching for vulnerable web apps.
  • [208星][4m] [Py] lengjibo/dedecmscan 织梦全版本漏洞扫描
  • [202星][1y] [PS] sud0woodo/dcomrade Powershell script for enumerating vulnerable DCOM Applications

隐私&&Secret&&Privacy扫描

  • [6861星][30d] [Shell] awslabs/git-secrets Prevents you from committing secrets and credentials into git repositories
  • [4468星][1m] [Py] jofpin/trape 学习在互联网上跟踪别人,获取其详细信息,并避免被别人跟踪
  • [3091星][5d] [Py] tribler/tribler Privacy enhanced BitTorrent client with P2P content discovery
  • [2204星][1m] sobolevn/awesome-cryptography A curated list of cryptography resources and links.
  • [1141星][5m] [Vue] 0xbug/hawkeye GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor Spider)
  • [955星][19d] [Py] mozilla/openwpm A web privacy measurement framework
  • [932星][5d] [C#] elevenpaths/foca Tool to find metadata and hidden information in the documents.
  • [892星][2m] [Py] al0ne/vxscan python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
  • [395星][7m] [Py] repoog/gitprey Searching sensitive files and contents in GitHub associated to company name or other key words
  • [355星][2m] [Py] hell0w0rld0/github-hunter This tool is for sensitive information searching on Github - The Fast Version here:
  • [324星][4d] [HTML] tanjiti/sec_profile 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)

隐私存储

未分类

隐写

  • [583星][2m] [Go] dimitarpetrov/stegify Go tool for LSB steganography, capable of hiding any file within an image.
  • [358星][7m] [Go] lukechampine/jsteg JPEG steganography
  • [354星][6m] [Java] syvaidya/openstego OpenStego is a steganography application that provides two functionalities: a) Data Hiding: It can hide any data within a cover file (e.g. images). b) Watermarking: Watermarking files (e.g. images) with an invisible signature. It can be used to detect unauthorized file copying.
  • [280星][1y] [C] abeluck/stegdetect UNMAINTAINED. USE AT OWN RISK. Stegdetect is an automated tool for detecting steganographic content in images.
  • [258星][] [Py] cedricbonhomme/stegano Stegano is a pure Python steganography module.

文章

新添加的

侦察&&信息收集&&子域名发现与枚举&&OSINT


工具

未分类-OSINT

  • [7307星][12d] [Java] lionsoul2014/ip2region Ip2region is a offline IP location library with accuracy rate of 99.9% and 0.0x millseconds searching performance. DB file is less then 5Mb with all ip address stored. binding for Java,PHP,C,Python,Nodejs,Golang,C#,lua. Binary,B-tree,Memory searching algorithm
  • [6964星][22d] greatfire/wiki 自由浏览
  • [6140星][10m] [Py] schollz/howmanypeoplearearound 检测 Wifi 信号统计你周围的人数
  • [2224星][1m] [C] texane/stlink stm32 discovery line linux programmer
  • [2134星][t] [Py] fortynorthsecurity/eyewitness 给网站做快照,提供服务器Header信息,识别默认凭证等
  • [1792星][t] [Shell] leebaird/discover 自定义的bash脚本, 用于自动化多个渗透测试任务, 包括: 侦查、扫描、解析、在Metasploit中创建恶意Payload和Listener
  • [1666星][] [Py] cea-sec/ivre Network recon framework.
  • [1642星][25d] [Go] awnumar/memguard 处理内存中敏感的值,纯Go语言编写。
  • [1609星][5m] [Py] mozilla/cipherscan 查找指定目标支持的SSL ciphersuites
  • [1484星][13d] [Py] enablesecurity/wafw00f 识别保护网站的WAF产品
  • [1401星][13d] [JS] lockfale/osint-framework OSINT Framework
  • [1363星][2m] [CSS] undeadsec/socialfish 网络钓鱼培训与信息收集
  • [1354星][8d] [Py] s0md3v/arjun HTTP parameter discovery suite.
  • [1289星][3m] [Py] codingo/reconnoitre A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
  • [1279星][1y] [PS] dafthack/mailsniper 在Microsoft Exchange环境中搜索邮件中包含的指定内容:密码、insider intel、网络架构信息等
  • [1224星][1m] [Py] codingo/nosqlmap Automated NoSQL database enumeration and web application exploitation tool.
  • [1199星][11m] [C] blechschmidt/massdns A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
  • [1108星][t] [Py] sundowndev/phoneinfoga Advanced information gathering & OSINT tool for phone numbers
  • [1102星][3m] [PHP] tuhinshubhra/red_hawk 信息收集、漏洞扫描、爬虫多合一
  • [1059星][16d] [Rust] fgribreau/mailchecker 邮件检测库,跨语言。覆盖33078虚假邮件提供者
  • [976星][5m] [C] rbsec/sslscan 测试启用SSL/TLS的服务,发现其支持的cipher suites
  • [931星][16d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析
  • [906星][5m] derpopo/uabe Unity Assets Bundle Extractor
  • [866星][8m] [Py] s0md3v/recondog Reconnaissance Swiss Army Knife
  • [778星][5m] [Shell] nahamsec/lazyrecon 侦查(reconnaissance)过程自动化脚本, 可自动使用Sublist3r/certspotter获取子域名, 调用nmap/dirsearch等
  • [778星][1y] [HTML] sense-of-security/adrecon 收集Active Directory信息并生成报告
  • [758星][2m] [Py] khast3x/h8mail Password Breach Hunting and Email OSINT tool, locally or using premium services. Supports chasing down related email
  • [754星][4m] [Py] threatexpress/domainhunter Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
  • [706星][21d] [Ruby] intrigueio/intrigue-core 外部攻击面发现框架,自动化OSINT
  • [625星][5m] [Py] deibit/cansina web 内容发现工具。发出各种请求并过滤回复,识别是否存在请求的资源。
  • [595星][2m] [Py] 1n3/blackwidow A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
  • [582星][8m] [Py] ekultek/zeus-scanner Advanced reconnaissance utility
  • [561星][1m] [Py] m4ll0k/infoga 邮件信息收集工具
  • [516星][1m] no-github/digital-privacy 一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗
  • [492星][29d] [Rust] kpcyrd/sn0int Semi-automatic OSINT framework and package manager
  • [475星][4m] [Py] xillwillx/skiptracer OSINT python webscaping framework
  • [442星][3m] [Py] superhedgy/attacksurfacemapper AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
  • [422星][1y] [JS] ciscocsirt/gosint 收集、处理、索引高质量IOC的框架
  • [411星][5m] [Shell] d4rk007/redghost Linux post exploitation framework written in bash designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.
  • [409星][3m] ph055a/osint-collection Maintained collection of OSINT related resources. (All Free & Actionable)
  • [397星][5d] [Go] graniet/operative-framework operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
  • [392星][1y] [Py] chrismaddalena/odin Automated network asset, email, and social media profile discovery and cataloguing.
  • [383星][2m] [Py] dedsecinside/torbot Dark Web OSINT Tool
  • [354星][12m] [Py] aancw/belati The Traditional Swiss Army Knife for OSINT
  • [353星][18d] [Py] depthsecurity/armory Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information.
  • [344星][16d] [Py] darryllane/bluto DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking
  • [336星][12m] [Py] mdsecactivebreach/linkedint A LinkedIn scraper for reconnaissance during adversary simulation
  • [329星][6m] [Go] nhoya/gosint OSINT Swiss Army Knife
  • [328星][17d] [Py] initstring/linkedin2username Generate username lists for companies on LinkedIn
  • [314星][] [Py] sharadkumar97/osint-spy Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. If you want to ask something please feel free to reach out to me at robotcoder@protonmail.com
  • [313星][1y] [Py] twelvesec/gasmask Information gathering tool - OSINT
  • [307星][1y] [Py] r3vn/badkarma network reconnaissance toolkit
  • [297星][7m] [Shell] eschultze/urlextractor Information gathering & website reconnaissance |
  • [292星][3m] [JS] pownjs/pown-recon A powerful target reconnaissance framework powered by graph theory.
  • [286星][1y] [Shell] ha71/namechk Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks.
  • [285星][23d] [Py] ekultek/whatbreach OSINT tool to find breached emails, databases, pastes, and relevant information
  • [269星][1y] [Go] tomsteele/blacksheepwall blacksheepwall is a hostname reconnaissance tool
  • [259星][4m] [Py] thewhiteh4t/finalrecon OSINT Tool for All-In-One Web Reconnaissance
  • [258星][3m] [Shell] solomonsklash/chomp-scan A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.
  • [257星][8d] [TS] ninoseki/mitaka A browser extension for OSINT search
  • [253星][26d] [Py] zephrfish/googd0rker GoogD0rker is a tool for firing off google dorks against a target domain, it is purely for OSINT against a specific target domain. READ the readme before messaging or tweeting me.
  • [243星][2m] [Py] sc1341/instagramosint An Instagram Open Source Intelligence Tool
  • [236星][7m] [JS] cliqz-oss/local-sheriff Think of Local sheriff as a recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
  • [233星][2m] [Propeller Spin] grandideastudio/jtagulator Assisted discovery of on-chip debug interfaces
  • [229星][2m] [Py] anon-exploiter/sitebroker A cross-platform python based utility for information gathering and penetration testing automation!
  • [226星][5d] [Py] eth0izzle/the-endorser An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
  • [223星][1y] [Shell] edoverflow/megplus Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
  • [222星][1m] [PS] tonyphipps/meerkat A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
  • [220星][9d] [Shell] x1mdev/reconpi ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
  • [217星][5m] [Py] spiderlabs/hosthunter HostHunter a recon tool for discovering hostnames using OSINT techniques.
  • [211星][2m] [Py] inquest/omnibus The OSINT Omnibus (beta release)
  • [201星][4m] [Py] sham00n/buster An advanced tool for email reconnaissance

子域名枚举&&爆破

  • [4153星][2m] [Py] aboul3la/sublist3r Fast subdomains enumeration tool for penetration testers
  • [3270星][27d] [Py] laramies/theharvester E-mails, subdomains and names Harvester - OSINT
  • [3102星][7m] [Go] michenriksen/aquatone 子域名枚举工具。除了经典的爆破枚举之外,还利用多种开源工具和在线服务大幅度增加发现子域名的数量。
  • [2028星][8d] [Go] projectdiscovery/subfinder 使用Passive Sources, Search Engines, Pastebins, Internet Archives等查找子域名
  • [1808星][7m] [Py] lijiejie/subdomainsbrute 子域名爆破
  • [1716星][8m] [Py] guelfoweb/knock 使用 Wordlist 枚举子域名
  • [1561星][11d] [Go] caffix/amass 子域名枚举, 搜索互联网数据源, 使用机器学习猜测子域名. Go语言
  • [1115星][2m] [Py] john-kurkowski/tldextract Accurately separate the TLD from the registered domain and subdomains of a URL, using the Public Suffix List.
  • [990星][6d] [Py] shmilylty/oneforall 子域收集工具
  • [823星][8d] [Rust] edu4rdshl/findomain The fastest and cross-platform subdomain enumerator, don't waste your time.
  • [773星][5m] [Go] haccer/subjack 异步多线程扫描子域列表,识别能够被劫持的子域。Go 编写
  • [649星][1y] [Py] simplysecurity/simplyemail Email recon made fast and easy, with a framework to build on
  • [575星][3m] [Py] jonluca/anubis Subdomain enumeration and information gathering tool
  • [553星][9m] [Py] feeicn/esd Enumeration sub domains(枚举子域名)
  • [499星][3m] [Py] yanxiu0614/subdomain3 简单快速的子域名爆破工具。
  • [498星][27d] [Py] typeerror/domained Multi Tool Subdomain Enumeration
  • [479星][6m] [Py] threezh1/jsfinder JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
  • [454星][25d] [Py] nsonaniya2010/subdomainizer A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
  • [445星][1y] [Go] ice3man543/subover A Powerful Subdomain Takeover Tool
  • [432星][11m] [Py] appsecco/bugcrowd-levelup-subdomain-enumeration This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
  • [334星][5m] [Py] chris408/ct-exposer An OSINT tool that discovers sub-domains by searching Certificate Transparency logs
  • [332星][2m] [Go] tomnomnom/assetfinder Find domains and subdomains related to a given domain
  • [293星][4d] [Go] anshumanbh/tko-subs A tool that can help detect and takeover subdomains with dead DNS records
  • [279星][26d] [Py] franccesco/getaltname 直接从SSL证书中提取子域名或虚拟域名
  • [277星][11m] [Py] appsecco/the-art-of-subdomain-enumeration This repository contains all the supplement material for the book "The art of sub-domain enumeration"
  • [228星][2m] [Shell] screetsec/sudomy Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way . Report output in HTML or CSV format

信息收集&&侦查&&Recon&&InfoGather

  • [3603星][11d] [Shell] drwetter/testssl.sh 检查服务器任意端口对 TLS/SSL 的支持、协议以及一些加密缺陷,命令行工具
  • [2489星][1m] [Py] smicallef/spiderfoot 自动收集指定目标的信息:IP、域名、主机名、网络子网、ASN、邮件地址、用户名
  • [2021星][7d] [Py] j3ssie/osmedeus Fully automated offensive security framework for reconnaissance and vulnerability scanning
  • [1966星][9m] [JS] weichiachang/stacks-cli Check website stack from the terminal
  • [1958星][30d] [Go] mpolden/echoip IP address lookup service
  • [1651星][1y] [Py] evyatarmeged/raccoon 高性能的侦查和漏洞扫描工具
  • [1486星][6m] [Py] oros42/imsi-catcher This program show you IMSI numbers of cellphones around you.
  • [1305星][1y] [Go] evilsocket/xray 自动化执行一些信息收集、网络映射的初始化工作
  • [1154星][23d] [C] xroche/httrack download a World Wide website from the Internet to a local directory, building recursively all directories, getting html, images, and other files from the server to your computer.
  • [975星][2m] [HTML] n0tr00t/sreg 可对使用者通过输入email、phone、username的返回用户注册的所有互联网护照信息。
  • [923星][3m] [Ruby] weppos/whois An intelligent — pure Ruby — WHOIS client and parser.
  • [860星][11m] [Shell] thelinuxchoice/userrecon Find usernames across over 75 social networks
  • [838星][7d] [HTML] rewardone/oscprepo A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder.
  • [677星][2m] [Py] tib3rius/autorecon AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
  • [512星][10m] [Py] fortynorthsecurity/just-metadata Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.
  • [483星][2m] [Py] yassineaboukir/sublert Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
  • [418星][2m] [Py] lanmaster53/recon-ng Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
  • [394星][11m] [Swift] ibm/mac-ibm-enrollment-app The Mac@IBM enrollment app makes setting up macOS with Jamf Pro more intuitive for users and easier for IT. The application offers IT admins the ability to gather additional information about their users during setup, allows users to customize their enrollment by selecting apps or bundles of apps to install during setup, and provides users with …
  • [362星][2m] [Shell] vitalysim/totalrecon TotalRecon installs all the recon tools you need
  • [361星][5m] [C++] wbenny/pdbex pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers
  • [307星][5m] [PLpgSQL] amachanic/sp_whoisactive sp_whoisactive
  • [300星][18d] [Py] govanguard/legion Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
  • [273星][20d] [Rust] nccgroup/dirble Fast directory scanning and scraping tool
  • [269星][11m] [Py] LaNMaSteR53/recon-ng
  • [258星][4d] [Java] ripe-ncc/whois RIPE Database whois code repository
  • [233星][2m] [C] elfmaster/libelfmaster Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
  • [200星][2m] [Py] tylous/vibe A framework for stealthy domain reconnaissance

指纹&&Fingerprinting

  • [9519星][12d] [JS] valve/fingerprintjs2 Modern & flexible browser fingerprinting library
  • [4758星][7m] [Py] worldveil/dejavu Audio fingerprinting and recognition in Python
  • [3072星][2m] [JS] valve/fingerprintjs Anonymous browser fingerprint
  • [1670星][] [JS] ghacksuserjs/ghacks-user.js An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting
  • [1618星][10m] [C] nmikhailov/validity90 Reverse engineering of Validity/Synaptics 138a:0090, 138a:0094, 138a:0097, 06cb:0081, 06cb:009a fingerprint readers protocol
  • [931星][8m] [JS] song-li/cross_browser cross_browser_fingerprinting
  • [831星][1m] [Py] salesforce/ja3 SSL/TLS 客户端指纹,用于恶意代码检测
  • [380星][2m] [Py] 0x4d31/fatt FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
  • [313星][3m] [Py] dpwe/audfprint Landmark-based audio fingerprinting
  • [312星][4m] [Py] salesforce/hassh HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
  • [282星][1y] [CSS] w-digital-scanner/w11scan 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
  • [245星][3m] [C] leebrotherston/tls-fingerprinting TLS Fingerprinting
  • [223星][25d] [GLSL] westpointltd/tls_prober A tool to fingerprint SSL/TLS servers
  • [220星][1y] [Py] sensepost/spartan Frontpage and Sharepoint fingerprinting and attack tool.

收集

社交网络

其他-SocialNetwork

  • [9767星][4d] [Py] sherlock-project/sherlock Find Usernames Across Social Networks
  • [2578星][3m] [Py] greenwolf/social_mapper 对多个社交网站的用户Profile图片进行大规模的人脸识别
  • [1131星][3m] [Py] thoughtfuldev/eagleeye Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.
  • [664星][1y] [Go] 0x09al/raven raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

Twitter

  • [3033星][4d] [Py] twintproject/twint An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

Github

  • [1717星][2m] [Go] eth0izzle/shhgit 监听Github Event API,实时查找Github代码和Gist中的secret和敏感文件
  • [1636星][2m] [Shell] internetwache/gittools find websites with their .git repository available to the public
  • [1563星][1y] [Py] unkl4b/gitminer Github内容挖掘
  • [1352星][7m] [Py] feeicn/gsil GitHub敏感信息泄露监控,几乎实时监控,发送警告
  • [859星][2m] [JS] vksrc/github-monitor Github Sensitive Information Leakage Monitor(Github信息泄漏监控系统)
  • [857星][7m] [Go] misecurity/x-patrol github泄露扫描系统
  • [810星][4m] [Py] techgaun/github-dorks 快速搜索Github repo中的敏感信息
  • [789星][2m] [Py] bishopfox/gitgot Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
  • [667星][3m] [Py] hisxo/gitgraber monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
  • [324星][4d] [HTML] tanjiti/sec_profile 爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
  • [294星][8m] [Py] s0md3v/zen 查找Github用户的邮箱地址

DNS

  • [2562星][5m] [Go] oj/gobuster Directory/File, DNS and VHost busting tool written in Go
  • [2380星][2m] [Py] ab77/netflix-proxy Smart DNS proxy to watch Netflix
  • [2131星][2m] [Py] elceef/dnstwist 域名置换引擎,用于检测打字错误,网络钓鱼和企业间谍活动
  • [1933星][7d] [C++] powerdns/pdns PowerDNS
  • [1735星][4m] [Py] lgandx/responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
  • [1144星][16d] [Py] darkoperator/dnsrecon DNS 枚举脚本
  • [1090星][1m] [Go] looterz/grimd Fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers.
  • [1090星][2m] [Go] nadoo/glider 正向代理,支持若干协议
  • [1078星][3m] [Py] infosec-au/altdns Generates permutations, alterations and mutations of subdomains and then resolves them
  • [977星][7m] [Py] m57/dnsteal DNS Exfiltration tool for stealthily sending files over DNS requests.
  • [912星][5m] [Py] m0rtem/cloudfail 通过错误配置的DNS和老数据库,发现CloudFlare网络后面的隐藏IP
  • [908星][30d] [Py] mschwager/fierce A DNS reconnaissance tool for locating non-contiguous IP space.
  • [708星][1y] [Py] bugscanteam/dnslog 监控 DNS 解析记录和 HTTP 访问记录
  • [613星][8m] [Shell] cokebar/gfwlist2dnsmasq A shell script which convert gfwlist into dnsmasq rules. Python version:
  • [585星][2m] [C] getdnsapi/stubby Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).
  • [461星][9m] [C] cofyc/dnscrypt-wrapper This is dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt support to any name resolver.
  • [415星][6m] [Py] dnsviz/dnsviz s a tool suite for analysis and visualization of Domain Name System (DNS) behavior, including its security extensions (DNSSEC)
  • [375星][1m] [JS] nccgroup/singularity A DNS rebinding attack framework.
  • [355星][1y] [Py] i3visio/osrframework 开源研究框架,提供 API 和工具执行更加精确的在线研究,例如用户名检查、DNS lookup、信息泄露研究、深度 web 研究、正则表达式提取等。
  • [336星][5m] [Py] rbsec/dnscan a python wordlist-based DNS subdomain scanner.
  • [267星][1y] [Py] trycatchhcf/packetwhisper Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
  • [265星][2m] [Go] sensepost/godoh A DNS-over-HTTPS Command & Control Proof of Concept
  • [263星][3m] [Go] zmap/zdns 快速DNS查找, 命令行工具
  • [258星][7d] [Go] erbbysam/dnsgrep Quickly Search Large DNS Datasets
  • [256星][3m] [Py] qunarcorp/open_dnsdb OpenDnsdb 是去哪儿网OPS团队开源的基于Python语言的DNS管理系统
  • [252星][8m] [Py] dirkjanm/adidnsdump Active Directory Integrated DNS dumping by any authenticated user
  • [251星][4m] [C#] kevin-robertson/inveighzero Windows C# LLMNR/mDNS/NBNS/DNS spoofer/man-in-the-middle tool
  • [241星][23d] [Py] mandatoryprogrammer/trusttrees a script to recursively follow all the possible delegation paths for a target domain and graph the relationships between various nameservers along the way.

Shodan

nmap

  • [3609星][7d] [C] nmap/nmap Nmap
  • [2116星][7m] [Py] calebmadrigal/trackerjacker 映射你没连接到的Wifi网络, 类似于NMap, 另外可以追踪设备
  • [1871星][20d] [Lua] vulnerscom/nmap-vulners NSE script based on Vulners.com API
  • [1536星][5d] [C++] nmap/npcap Nmap项目的针对Windows系统的数据包嗅探库,基于WinPcap/Libpcap,用NDIS6和LWF做了升级
  • [1317星][3m] [Lua] scipag/vulscan Nmap 模块,将 Nmap 转化为高级漏洞扫描器
  • [1029星][1m] [Shell] trimstray/sandmap 使用NMap引擎, 辅助网络和系统侦查(reconnaissance)
  • [887星][12m] [Py] rev3rsesecurity/webmap Nmap Web Dashboard and Reporting
  • [849星][5d] [Py] x90skysn3k/brutespray 获取 nmapGNMAP 输出,自动调用 Medusa 使用默认证书爆破服务(brute-forces services)
  • [733星][5m] [Lua] cldrn/nmap-nse-scripts My collection of nmap NSE scripts
  • [696星][2m] [Py] iceyhexman/onlinetools 在线cms识别|信息泄露|工控|系统|物联网安全|cms漏洞扫描|nmap端口扫描|子域名获取|待续..
  • [503星][1y] [XSLT] honze-net/nmap-bootstrap-xsl A Nmap XSL implementation with Bootstrap.
  • [394星][8m] [Py] savon-noir/python-libnmap libnmap is a python library to run nmap scans, parse and diff scan results. It supports python 2.6 up to 3.4. It's wonderful.
  • [328星][10m] [Py] samhaxr/hackbox 集合了某些Hacking工具和技巧的攻击工具
  • [308星][1y] [Java] s4n7h0/halcyon First IDE for Nmap Script (NSE) Development.
  • [283星][1y] [Ruby] danmcinerney/pentest-machine Automates some pentest jobs via nmap xml file
  • [261星][1y] [Shell] m4ll0k/autonse Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner
  • [257星][1y] [Java] danicuestasuarez/nmapgui Advanced Graphical User Interface for NMap
  • [246星][8m] [Lua] rvn0xsy/nse_vuln Nmap扫描、漏洞利用脚本
  • [233星][6m] [Py] maaaaz/nmaptocsv A simple python script to convert Nmap output to CSV
  • [223星][12d] [Py] rackerlabs/scantron A distributed nmap / masscan scanning framework
  • [204星][6m] [Py] hellogoldsnakeman/masnmapscan-v1.0 一款端口扫描器。整合了masscan和nmap两款扫描器,masscan扫描端口,nmap扫描端口对应服务,二者结合起来实现了又快又好地扫描。并且加入了防火墙的功能

文章

新添加

社工(SET)&&钓鱼&&鱼叉攻击


工具

未分类-SET

  • [1363星][2m] [CSS] undeadsec/socialfish 网络钓鱼培训与信息收集
  • [754星][4m] [Py] threatexpress/domainhunter Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
  • [658星][18d] [Py] thewhiteh4t/seeker Accurately Locate Smartphones using Social Engineering
  • [342星][2m] [Py] raikia/uhoh365 A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.

社工

钓鱼&&Phish

  • [8455星][8d] [Py] wifiphisher/wifiphisher 流氓AP框架, 用于RedTeam和Wi-Fi安全测试
  • [4242星][4d] [Go] gophish/gophish 网络钓鱼工具包
  • [2829星][2m] [Go] kgretzky/evilginx2 独立的MITM攻击工具,用于登录凭证钓鱼,可绕过双因素认证
  • [2131星][2m] [Py] elceef/dnstwist 域名置换引擎,用于检测打字错误,网络钓鱼和企业间谍活动
  • [1400星][9m] [JS] anttiviljami/browser-autofill-phishing A simple demo of phishing by abusing the browser autofill feature
  • [1369星][10m] [HTML] thelinuxchoice/blackeye The most complete Phishing Tool, with 32 templates +1 customizable
  • [1019星][22d] [Py] securestate/king-phisher Phishing Campaign Toolkit
  • [996星][2m] [Py] x0rz/phishing_catcher 使用Certstream 捕获钓鱼域名
  • [968星][19d] [HTML] darksecdevelopers/hiddeneye Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ]
  • [918星][8m] [HTML] thelinuxchoice/shellphish 针对18个社交媒体的钓鱼工具:Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
  • [842星][1m] [PHP] raikia/fiercephish FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
  • [537星][2m] [Py] shellphish/driller augmenting AFL with symbolic execution!
  • [460星][4d] [Py] angr/rex Shellphish's automated exploitation engine, originally created for the Cyber Grand Challenge.
  • [351星][5m] [Py] tatanus/spf SpeedPhishing Framework
  • [300星][11m] [Py] mr-un1k0d3r/catmyphish Search for categorized domain
  • [274星][1m] [Go] muraenateam/muraena Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
  • [242星][3m] [Py] atexio/mercure 对员工进行网络钓鱼的培训
  • [233星][1y] [Jupyter Notebook] wesleyraptor/streamingphish 使用受监督的机器学习, 从证书透明度(Certificate Transparency)日志中检测钓鱼域名
  • [228星][4m] [Py] duo-labs/isthislegit 收集、分析和回复网络钓鱼邮件的框架
  • [218星][9m] [Go] joncooperworks/judas a phishing proxy
  • [207星][3d] [JS] 409h/etheraddresslookup Adds links to strings that look like Ethereum addresses to your favourite blockchain explorer. Adds protection against private key phishing. Offers custom site bookmarks.
  • [205星][3m] [Py] dionach/phemail PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test

鱼叉攻击


文章

新添加的

环境配置&&分析系统


工具

未分类-Env

  • [1678星][2d] [HTML] clong/detectionlab Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
  • [1433星][11d] [Go] crazy-max/windowsspyblocker
  • [1308星][18d] [C] cisco-talos/pyrebox 逆向沙箱,基于QEMU,Python Scriptable
  • [1229星][11m] [JS] mame82/p4wnp1_aloa 将 Rapsberry Pi Zero W 转变成灵活的渗透平台
  • [827星][1m] redhuntlabs/redhunt-os Virtual Machine for Adversary Emulation and Threat Hunting
  • [800星][3m] sh4hin/androl4b 用于评估Android应用程序,逆向工程和恶意软件分析的虚拟机
  • [564星][6m] [Ruby] sliim/pentest-env Pentest environment deployer (kali linux + targets) using vagrant and chef.
  • [214星][12m] [Shell] proxycannon/proxycannon-ng 使用多个云环境构建私人僵尸网络, 用于渗透测试和RedTeaming

Linux-Distro

  • [2927星][4d] [Py] trustedsec/ptf 创建基于Debian/Ubuntu/ArchLinux的渗透测试环境
  • [2375星][18d] security-onion-solutions/security-onion Linux distro for intrusion detection, enterprise security monitoring, and log management
  • [1489星][t] [Shell] blackarch/blackarch BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers.
  • [347星][t] [Shell] archstrike/archstrike An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

环境自动配置&&自动安装

  • [3142星][3m] [PS] fireeye/commando-vm Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com
  • [1748星][2m] [PS] fireeye/flare-vm 火眼发布用于 Windows 恶意代码分析的虚拟机:FLARE VM

文章

新添加的

密码&&凭证&&认证


工具

未分类-Password

  • [4889星][13d] [Py] alessandroz/lazagne Credentials recovery project
  • [1457星][1y] [Py] d4vinci/cr3dov3r Know the dangers of credential reuse attacks.
  • [1384星][24d] [Shell] drduh/pwd.sh GPG symmetric password manager
  • [1282星][19d] [Py] pyauth/pyotp Python One-Time Password Library
  • [1034星][1y] [PS] danmcinerney/icebreaker Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
  • [1000星][10d] [Ruby] mdp/rotp Ruby One Time Password library
  • [913星][7d] [C] cossacklabs/themis 用于存储或通信的加密库,可用于Swift, ObjC, Android, С++, JS, Python, Ruby, PHP, Go。
  • [814星][9m] [Py] nccgroup/featherduster 自动化的密码分析工具,模块化
  • [805星][2m] [Py] hellman/xortool 分析多字节异或密码
  • [740星][1m] [Py] ricterz/genpass **特色的弱口令生成器
  • [523星][3m] [Py] unode/firefox_decrypt Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox/Thunderbird/SeaMonkey) profiles
  • [507星][3m] [Py] byt3bl33d3r/sprayingtoolkit Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient
  • [485星][1y] [JS] emilbayes/secure-password Making Password storage safer for all
  • [454星][1y] [Go] ncsa/ssh-auditor 扫描网络中的弱SSH密码
  • [399星][2m] [Py] x899/chrome_password_grabber Get unencrypted 'Saved Password' from Google Chrome
  • [391星][1y] [Shell] mthbernardes/sshlooter Script to steal passwords from ssh.
  • [369星][4m] [Ruby] digininja/pipal Pipal, THE password analyser
  • [361星][21d] [Py] davidtavarez/pwndb Search for leaked credentials
  • [341星][11m] [C] 1clickman/3snake reads memory from sshd and sudo system calls that handle password based authentication
  • [295星][6m] [C#] raikia/credninja A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
  • [290星][3m] [JS] kspearrin/ff-password-exporter Easily export your passwords from Firefox.
  • [289星][7m] [Shell] greenwolf/spray A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
  • [286星][17d] [Py] xfreed0m/rdpassspray Python3 tool to perform password spraying using RDP
  • [256星][5m] [C] rub-syssec/omen Ordered Markov ENumerator - Password Guesser
  • [212星][4m] [Ruby] bdmac/strong_password Entropy-based password strength checking for Ruby and Rails.

密码

  • [7035星][t] [C] hashcat/hashcat 世界上最快最先进的密码恢复工具
  • [5173星][1y] [JS] samyk/poisontap Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
  • [3209星][2d] [C] magnumripper/johntheripper This is the official repo for John the Ripper, "Jumbo" version. The "bleeding-jumbo" branch is based on 1.9.0-Jumbo-1 which was released on May 14, 2019. An import of the "core" version of john this jumbo was based on (or newer) is found in the "master" branch (CVS:
  • [2583星][2m] [C] huntergregal/mimipenguin dump 当前Linux用户的登录密码
  • [1162星][8m] [Py] mebus/cupp Common User Passwords Profiler (CUPP)
  • [874星][5m] [Go] fireeye/gocrack 火眼开源的密码破解工具,可以跨多个 GPU 服务器执行任务
  • [852星][3m] [Go] ukhomeoffice/repo-security-scanner CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
  • [652星][1y] [Java] faizann24/wifi-bruteforcer-fsecurify Android app,无需 Root 即可爆破 Wifi 密码
  • [602星][7m] [C] hashcat/hashcat-utils Small utilities that are useful in advanced password cracking
  • [598星][1y] [Py] brannondorsey/passgan A Deep Learning Approach for Password Guessing (
  • [593星][4m] [Py] thewhiteh4t/pwnedornot OSINT Tool for Finding Passwords of Compromised Email Addresses
  • [493星][1y] [PS] dafthack/domainpasswordspray DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
  • [353星][8m] [Py] iphelix/pack PACK (Password Analysis and Cracking Kit)
  • [334星][2m] [CSS] guyoung/captfencoder CaptfEncoder是一款跨平台网络安全工具套件,提供网络安全相关编码转换、古典密码、密码学、特殊编码等工具,并聚合各类在线工具。
  • [333星][26d] [JS] auth0/repo-supervisor Serverless工具,在pull请求中扫描源码,搜索密码及其他秘密

认证&&Authenticate

  • [901星][1m] [Go] smallstep/cli 🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  • [665星][9m] [C] samdenty/wi-pwn performs deauth attacks on cheap Arduino boards
  • [298星][15d] [Java] shred/acme4j a protocol that a certificate authority (CA) and an applicant can use to automate the process of verification and certificate issuance
  • [281星][4m] [Java] ztosec/secscan-authcheck 越权检测工具
  • [214星][1y] [C#] leechristensen/spoolsample PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

文章

新添加的

辅助周边


未分类-Assist

  • [26031星][3d] [Py] certbot/certbot Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
  • [7784星][2d] [JS] gchq/cyberchef The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
  • [4909星][3m] [Rust] sharkdp/hexyl 命令行中查看hex
  • [4402星][] [JS] cure53/dompurify a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
  • [3239星][7m] [HTML] leizongmin/js-xss Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
  • [3097星][8d] [Shell] trimstray/htrace.sh My simple Swiss Army knife for http/https troubleshooting and profiling.
  • [1223星][1y] [Go] cloudflare/redoctober Go server for two-man rule style file encryption and decryption.
  • [1022星][9m] [Go] maliceio/malice 开源版的VirusTotal
  • [508星][6d] [Py] certtools/intelmq IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
  • [481星][5m] [JS] ehrishirajsharma/swiftnessx A cross-platform note-taking & target-tracking app for penetration testers.

TLS&&SSL&&HTTPS

  • [22020星][23d] [Go] filosottile/mkcert A simple zero-config tool to make locally trusted development certificates with any names you'd like.
  • [4322星][12d] [Py] diafygi/acme-tiny A tiny script to issue and renew TLS certs from Let's Encrypt
  • [1694星][9d] [HTML] chromium/badssl.com
  • [1230星][1m] [Go] jsha/minica minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
  • [1211星][2d] [Go] smallstep/certificates 私有的证书颁发机构(X.509和SSH)和ACME服务器,用于安全的自动证书管理,因此您可以在SSH和SSO处使用TLS
  • [833星][10m] [Py] ietf-wg-acme/acme A protocol for automating certificate issuance
  • [740星][21d] [Shell] dokku/dokku-letsencrypt BETA: Automatic Let's Encrypt TLS Certificate installation for dokku
  • [691星][5m] [C++] google/certificate-transparency Auditing for TLS certificates.
  • [512星][1m] [Java] rub-nds/tls-attacker TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (
  • [469星][3m] [Go] square/certigo A utility to examine and validate certificates in a variety of formats
  • [279星][1m] [Shell] trimstray/mkchain 建立从根证书到最终用户证书的有效的SSL证书链, 修复不完整的证书链并下载所有缺少的CA证书
  • [229星][7m] [Shell] r00t-3xp10it/meterpreter_paranoid_mode-ssl Meterpreter Paranoid Mode - SSL/TLS connections
  • [225星][12m] [Shell] nviso-be/magisktrustusercerts A Magisk module that automatically adds user certificates to the system root CA store

防护&&Defense


工具

未分类-Defense

WAF

  • [5094星][2m] [Lua] alexazhou/verynginx A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards.
  • [3294星][3m] [C] nbs-system/naxsi NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
  • [3207星][1m] [C++] spiderlabs/modsecurity ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
  • [619星][3m] [Py] 3xp10it/xwaf waf 自动爆破(绕过)工具
  • [617星][4m] [Lua] jx-sec/jxwaf JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的web应用防火墙
  • [552星][8m] [Py] s0md3v/blazy Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
  • [540星][4d] [Go] janusec/janusec Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing.
  • [481星][8m] [Java] chengdedeng/waf
  • [452星][3d] [PHP] akaunting/firewall Web Application Firewall (WAF) package for Laravel
  • [433星][9m] [Py] aws-samples/aws-waf-sample This repository contains example scripts and sets of rules for the AWS WAF service. Please be aware that the applicability of these examples to specific workloads may vary.
  • [423星][6d] [Py] awslabs/aws-waf-security-automations This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
  • [415星][5d] [C#] jbe2277/waf Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.
  • [412星][11m] [C] titansec/openwaf Web security protection system based on openresty
  • [384星][6d] [PHP] terrylinooo/shieldon Web Application Firewall (WAF) for PHP.
  • [248星][1y] [Py] warflop/cloudbunny CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
  • [216星][1m] [Py] stamparm/identywaf Blind WAF identification tool
  • [209星][7m] [C] coolervoid/raptor_waf Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta

防火墙&&FireWall

  • [4209星][2m] [Py] evilsocket/opensnitch opensnitch:Little Snitch 应用程序防火墙的 GNU/Linux 版本。(Little Snitch:Mac操作系统的应用程序防火墙,能防止应用程序在你不知道的情况下自动访问网络)
  • [3283星][11d] [ObjC] objective-see/lulu LuLu is the free macOS firewall
  • [1542星][6d] [Java] ukanth/afwall AFWall+ (Android Firewall +) - iptables based firewall for Android
  • [1095星][3m] [PHP] antonioribeiro/firewall Firewall package for Laravel applications
  • [1049星][8d] [Shell] firehol/firehol A firewall for humans...
  • [852星][20d] trimstray/iptables-essentials Common Firewall Rules and Commands.
  • [567星][7m] [Go] sysdream/chashell Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
  • [468星][6m] [Shell] vincentcox/bypass-firewalls-by-dns-history Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
  • [279星][11d] [Shell] geerlingguy/ansible-role-firewall Ansible Role - iptables Firewall configuration.
  • [261星][2m] [C#] wokhansoft/wfn Windows Firewall Notifier extends the default Windows embedded firewall by allowing to handle and notify about outgoing connections, offers real time connections monitoring, connections map, bandwidth usage monitoring and more...
  • [260星][4d] [Ruby] puppetlabs/puppetlabs-firewall Puppet Firewall Module
  • [240星][7d] [Shell] essandess/macos-fortress Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)
  • [220星][1y] [Go] maksadbek/tcpovericmp TCP implementation over ICMP protocol to bypass firewalls

IDS&&IPS

  • [2938星][4d] [Zeek] zeek/zeek Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
  • [2852星][10d] [C] ossec/ossec-hids 入侵检测系统
  • [1622星][2m] [Go] ysrc/yulong-hids 一款由 YSRC 开源的主机入侵检测系统
  • [1325星][9d] [C] oisf/suricata a network IDS, IPS and NSM engine
  • [581星][5d] [Py] 0kee-team/watchad AD Security Intrusion Detection System
  • [512星][5m] [C] decaf-project/decaf DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.
  • [499星][8m] [Shell] stamusnetworks/selks A Suricata based IDS/IPS distro
  • [383星][7m] jnusimba/androidsecnotes some learning notes about Android Security
  • [298星][4d] [C] ebwi11/agentsmith-hids By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.
  • [248星][1y] [Perl] mrash/psad iptables 的入侵检测和日志分析
  • [225星][1m] [Py] secureworks/dalton 使用预定义/指定的规则, 针对IDS传感器(例如Snort/Suricata)进行网络数据包捕获

隐私保护&&Privacy

  • [3236星][5m] [Go] meshbird/meshbird cloud-native multi-region multi-cloud decentralized private networking
  • [1069星][20d] [Py] yelp/detect-secrets An enterprise friendly way of detecting and preventing secrets in code.

文章

新添加的

SoftwareDefinedRadio


工具

  • [934星][1y] [C++] miek/inspectrum analysing captured signals, primarily from software-defined radio receivers.
  • [454星][10m] [C] martinmarinov/tempestsdr Remote video eavesdropping using a software-defined radio platform
  • [369星][4d] [Py] p1sec/qcsuper QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.

文章

LOLBin&&LOLScript


工具

  • [1433星][1m] [XSLT] lolbas-project/lolbas Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
  • [1349星][1y] [XSLT] api0cradle/lolbas Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

文章

日志&&Log


工具


文章

威胁狩猎&&ThreatHunt


工具

未分类

  • [1998星][10d] [Py] momosecurity/aswan 陌陌风控系统静态规则引擎,零基础简易便捷的配置多种复杂规则,实时高效管控用户异常行为。

文章

新添加的

Crypto&&加密&&密码学


工具


文章

恶意代码&&Malware&&APT


工具


文章

REST_API&&RESTFUL


工具


文章

蓝牙&&Bluetooth


工具


文章

浏览器&&browser


工具

  • [4672星][5d] [JS] beefproject/beef The Browser Exploitation Framework Project
  • [970星][9m] [Py] selwin/python-user-agents A Python library that provides an easy way to identify devices like mobile phones, tablets and their capabilities by parsing (browser) user agent strings.
  • [883星][3m] escapingbug/awesome-browser-exploit awesome list of browser exploitation tutorials
  • [459星][2m] [Py] globaleaks/tor2web Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
  • [455星][12d] m1ghtym0/browser-pwn An updated collection of resources targeting browser-exploitation.
  • [411星][3m] [Pascal] felipedaragon/sandcat 为渗透测试和开发者准备的轻量级浏览器, 基于Chromium和Lua
  • [320星][3m] xsleaks/xsleaks A collection of browser-based side channel attack vectors.
  • [232星][1y] [C#] djhohnstein/sharpweb .NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.
  • [217星][3m] [Py] icsec/airpwn-ng force the target's browser to do what we want

文章

MitreATT&CK


工具

未分类的


文章

新添加的

破解&&Crack&&爆破&&BruteForce


工具

未分类的

  • [3325星][1m] [C] vanhauser-thc/thc-hydra 网络登录破解,支持多种服务
  • [1925星][29d] [Py] lanjelot/patator Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
  • [1096星][4m] [Py] landgrey/pydictor A powerful and useful hacker dictionary builder for a brute-force attack
  • [898星][3m] [Py] trustedsec/hate_crack 使用HashCat 的自动哈希破解工具
  • [894星][29d] [Py] ticarpi/jwt_tool 测试,调整和破解JSON Web Token 的工具包
  • [857星][7m] [C] brendan-rius/c-jwt-cracker C 语言编写的 JWT 爆破工具
  • [803星][11m] [Py] mak-/parameth 在文件中(例如PHP 文件)暴力搜索GET 和 POST 请求的参数
  • [763星][5m] [Py] s0md3v/hash-buster Crack hashes in seconds.
  • [690星][8m] [Shell] 1n3/brutex Automatically brute force all services running on a target.
  • [687星][9d] [JS] animir/node-rate-limiter-flexible Node.js rate limit requests by key with atomic increments. Protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM
  • [659星][5m] [C#] shack2/snetcracker 超级弱口令检查工具是一款Windows平台的弱口令审计工具,支持批量多线程检查,可快速发现弱密码、弱口令账号,密码支持和用户名结合进行检查,大大提高成功率,支持自定义服务端口和字典。
  • [588星][6m] [PHP] s3inlc/hashtopolis Hashcat wrapper, 用于跨平台分布式Hash破解
  • [563星][2m] [Py] pure-l0g1c/instagram Bruteforce attack for Instagram
  • [559星][1y] [CSS] hashview/hashview 密码破解和分析工具
  • [538星][27d] [C] nmap/ncrack Ncrack network authentication tool
  • [528星][3m] [Py] ypeleg/hungabunga HungaBunga: Brute-Force all sklearn models with all parameters using .fit .predict!
  • [520星][4m] duyetdev/bruteforce-database Bruteforce database
  • [490星][1y] [C] mikeryan/crackle Crack and decrypt BLE encryption
  • [451星][6m] [JS] coalfire-research/npk A mostly-serverless distributed hash cracking platform
  • [442星][1y] [C] ryancdotorg/brainflayer A proof-of-concept cracker for cryptocurrency brainwallets and other low entropy key alogrithms.
  • [358星][2m] [Py] denyhosts/denyhosts Automated host blocking from SSH brute force attacks
  • [356星][28d] [Java] wycm/selenium-geetest-crack selenium破解滑动验证码
  • [332星][11m] [C] e-ago/bitcracker BitLocker密码破解器
  • [309星][8d] [Go] ropnop/kerbrute A tool to perform Kerberos pre-auth bruteforcing
  • [304星][2m] [Py] yzddmr6/webcrack 网站后台弱口令/万能密码批量检测工具
  • [292星][12m] [Shell] cyb0r9/socialbox SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi
  • [286星][9d] [Shell] wuseman/emagnet Emagnet is a tool for find leaked databases with 97.1% accurate to grab mail + password together from pastebin leaks. Support for brute forcing spotify accounts, instagram accounts, ssh servers, microsoft rdp clients and gmail accounts
  • [275星][1y] [C] jmk-foofus/medusa Medusa is a speedy, parallel, and modular, login brute-forcer.
  • [274星][1y] [Shell] thelinuxchoice/instainsane Multi-threaded Instagram Brute Forcer (100 attemps at once)
  • [250星][1y] [Py] avramit/instahack Instagram bruteforce tool
  • [250星][1y] [Py] hsury/geetest3-crack
  • [248星][11d] [Py] evilmog/ntlmv1-multi 修改NTLMv1/NTLMv1-ESS/MSCHAPv1 Hask, 使其可以在hashcat中用DES模式14000破解
  • [235星][7m] [Py] blark/aiodnsbrute Python 3.5+ DNS asynchronous brute force utility
  • [233星][8m] [Py] paradoxis/stegcracker Steganography brute-force utility to uncover hidden data inside files
  • [221星][12m] [Py] chris408/known_hosts-hashcat A guide and tool for cracking ssh known_hosts files with hashcat
  • [219星][4m] [Py] isaacdelly/plutus An automated bitcoin wallet collider that brute forces random wallet addresses
  • [215星][2m] [C] hyc/fcrackzip A braindead program for cracking encrypted ZIP archives. Forked from
  • [207星][27d] [Py] m4ll0k/smbrute SMB Protocol Bruteforce
  • [206星][5m] [Shell] anshumanbh/brutesubs An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
  • [204星][1y] [JS] lmammino/jwt-cracker jwt-cracker:HS256JWT 令牌暴力破解工具,只对弱密码有效
  • [200星][1y] [ObjC] sunweiliang/neteasemusiccrack iOS网易云音乐 免VIP下载、去广告、去更新 无需越狱...

文章

新添加的

泄漏&&Breach&&Leak


工具

未分类

  • [1437星][6m] gitguardian/apisecuritybestpractices Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.
  • [1398星][1y] [Go] filosottile/whosthere A ssh server that knows who you are
  • [1147星][3m] [HTML] cure53/httpleaks HTTPLeaks - All possible ways, a website can leak HTTP requests
  • [906星][2m] [Py] woj-ciech/leaklooker Find open databases - Powered by Binaryedge.io
  • [862星][3d] [Py] circl/ail-framework AIL framework - Analysis Information Leak framework
  • [728星][2m] streaak/keyhacks Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  • [726星][3d] [Py] globaleaks/globaleaks The Open-Source Whistleblowing Software
  • [301星][5m] [Py] wangyihang/githacker a multiple threads tool to detect whether a site has git source leaks, and has the ability to download the site source to the local

文章

新添加的

爬虫


工具

未分类


文章

新添加的

无线&&WiFi&&AP&&802.11


未分类-WiFi


WPS&&WPA&&WPA2

  • [319星][4m] [Py] hash3lizer/wifibroot A WiFi Pentest Cracking tool for WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)

802.11

Payload&&远控&&RAT


工具

未分类-payload

  • [1829星][6m] [Py] veil-framework/veil generate metasploit payloads that bypass common anti-virus solutions
  • [1258星][2m] [PS] hak5/bashbunny-payloads The Official Bash Bunny Payload Repository
  • [982星][2m] [C] zardus/preeny Some helpful preload libraries for pwning stuff.
  • [569星][11m] [Py] genetic-malware/ebowla Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
  • [546星][3m] [C++] screetsec/brutal Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
  • [493星][5d] [Py] ctxis/cape Malware Configuration And Payload Extraction
  • [343星][8m] [Java] portswigger/param-miner identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities
  • [339星][12m] [JS] gabemarshall/brosec Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands.
  • [288星][1m] [Shell] petit-miner/blueberry-pi Blueberry PI
  • [262星][2m] [Py] felixweyne/imaginaryc2 Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
  • [246星][13d] [C] shchmue/lockpick_rcm Nintendo Switch encryption key derivation bare metal RCM payload
  • [244星][7d] cujanovic/open-redirect-payloads Open Redirect Payloads
  • [238星][6d] cujanovic/markdown-xss-payloads XSS payloads for exploiting Markdown syntax
  • [235星][5m] [Shell] hak5/packetsquirrel-payloads The Official Packet Squirrel Payload Repository
  • [233星][6m] cr0hn/nosqlinjection_wordlists This repository contains payload to test NoSQL Injections
  • [232星][18d] [PS] rsmudge/elevatekit The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
  • [229星][3m] [Py] whitel1st/docem Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
  • [227星][2m] [Py] brent-stone/can_reverse_engineering Automated Payload Reverse Engineering Pipeline for the Controller Area Network (CAN) protocol
  • [217星][2m] [PHP] zigoo0/jsonbee A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
  • [210星][4d] [Py] danmcinerney/msf-autoshell Feed the tool a .nessus file and it will automatically get you MSF shell

Payload收集

远控&&RAT

  • [5131星][4m] [Py] n1nj4sec/pupy Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
  • [1745星][7m] [Smali] ahmyth/ahmyth-android-rat Android Remote Administration Tool
  • [1335星][1y] [Py] marten4n6/evilosx An evil RAT (Remote Administration Tool) for macOS / OS X.
  • [780星][2m] [Py] kevthehermit/ratdecoders Python Decoders for Common Remote Access Trojans
  • [599星][1y] [PS] fortynorthsecurity/wmimplant This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
  • [500星][6m] [Visual Basic .NET] nyan-x-cat/lime-rat LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
  • [372星][3m] [C++] werkamsus/lilith Lilith, The Open Source C++ Remote Administration Tool (RAT)
  • [323星][3d] [C#] nyan-x-cat/asyncrat-c-sharp Open-Source Remote Administration Tool For Windows C# (RAT)
  • [317星][6m] [Py] mvrozanti/rat-via-telegram Windows Remote Administration Tool via Telegram
  • [293星][4m] [C++] yuanyuanxiang/simpleremoter 基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。此项目初版见:

Payload生成

  • [3369星][8d] [C] screetsec/thefatrat Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…
  • [2678星][4m] [Java] frohoff/ysoserial 生成会利用不安全的Java对象反序列化的Payload
  • [1792星][t] [Shell] leebaird/discover 自定义的bash脚本, 用于自动化多个渗透测试任务, 包括: 侦查、扫描、解析、在Metasploit中创建恶意Payload和Listener
  • [1339星][3m] [PS] peewpw/invoke-psimage Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
  • [1075星][5m] [Py] nccgroup/winpayloads Undetectable Windows Payload Generation
  • [1016星][1y] [Py] d4vinci/dr0p1t-framework 创建免杀的Dropper
  • [884星][19d] [PHP] ambionics/phpggc PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
  • [872星][10m] [Visual Basic .NET] mdsecactivebreach/sharpshooter Payload Generation Framework
  • [836星][28d] [C#] pwntester/ysoserial.net 生成Payload,恶意利用不安全的 .NET 对象反序列化
  • [832星][7m] [Go] tiagorlampert/chaos a PoC that allow generate payloads and control remote operating system
  • [752星][1y] [Py] oddcod3/phantom-evasion Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)
  • [713星][6d] [Py] sevagas/macro_pack 自动生成并混淆MS 文档, 用于渗透测试、演示、社会工程评估等
  • [634星][2d] [C] thewover/donut Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
  • [633星][8m] [Shell] g0tmi1k/msfpc MSFvenom Payload Creator (MSFPC)
  • [419星][27d] [Perl] chinarulezzz/pixload Image Payload Creating/Injecting tools
  • [301星][8m] [Py] 0xacb/viewgen viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
  • [278星][1y] [Java] ewilded/shelling SHELLING - a comprehensive OS command injection payload generator
  • [268星][1y] [Shell] abedalqaderswedan1/aswcrypter An Bash&Python Script For Generating Payloads that Bypasses All Antivirus so far [FUD]

Botnet&&僵尸网络

  • [3747星][4m] [Py] malwaredllc/byob BYOB (Build Your Own Botnet)
  • [2163星][1y] [C++] maestron/botnets This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY
  • [412星][1m] [C++] souhardya/uboat HTTP Botnet Project
  • [328星][6m] [Go] saturnsvoid/gobot2 Second Version of The GoBot Botnet, But more advanced.

后门&&添加后门

  • [386星][8m] [C] zerosum0x0/smbdoor Windows kernel backdoor via registering a malicious SMB handler
  • [378星][3m] [Shell] screetsec/vegile This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
  • [370星][8m] [Py] s0md3v/cloak Cloak can backdoor any python script with some tricks.
  • [349星][15d] [Shell] r00t-3xp10it/backdoorppt 将Exe格式Payload伪装成Doc(.ppt)
  • [348星][9d] [C] cr4sh/smmbackdoor System Management Mode backdoor for UEFI
  • [318星][1y] [Ruby] carletonstuberg/browser-backdoor BrowserBackdoor is an Electron Application with a JavaScript WebSocket Backdoor and a Ruby Command-Line Listener
  • [301星][4m] [C#] mvelazc0/defcon27_csharp_workshop Writing custom backdoor payloads with C# - Defcon 27
  • [205星][9m] [C] paradoxis/php-backdoor Your interpreter isn’t safe anymore  —  The PHP module backdoor

混淆器&&Obfuscate

Payload管理

勒索软件

  • [391星][1y] [Go] mauri870/ransomware A POC Windows crypto-ransomware (Academic)
  • [331星][t] [Batchfile] mitchellkrogza/ultimate.hosts.blacklist The Ultimate Unified Hosts file for protecting your network, computer, smartphones and Wi-Fi devices against millions of bad web sites. Protect your children and family from gaining access to bad web sites and protect your devices and pc from being infected with Malware or Ransomware.

键盘记录器&&Keylogger

Meterpreter

Payload投递

  • [263星][4m] [Py] no0be/dnslivery Easy files and payloads delivery over DNS

文章

新添加

后渗透


工具

未分类-post-exp

  • [7035星][t] [C] hashcat/hashcat 世界上最快最先进的密码恢复工具
  • [3369星][8d] [C] screetsec/thefatrat Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…
  • [2479星][1m] [Shell] rebootuser/linenum Scripted Local Linux Enumeration & Privilege Escalation Checks
  • [2171星][1m] [Py] commixproject/commix Automated All-in-One OS command injection and exploitation tool.
  • [1243星][10m] [C] a0rtega/pafish Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
  • [1225星][1y] [C#] cn33liz/p0wnedshell PowerShell Runspace Post Exploitation Toolkit
  • [1116星][9m] [Py] 0x00-0x00/shellpop 在渗透中生产简易的/复杂的反向/绑定Shell
  • [1062星][2m] [Boo] byt3bl33d3r/silenttrinity An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
  • [1024星][4m] [Py] byt3bl33d3r/deathstar 在Active Directory环境中使用Empire自动获取域管理员权限
  • [765星][5m] [Py] lgandx/pcredz This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
  • [743星][5m] [PS] hausec/adape-script Active Directory Assessment and Privilege Escalation Script
  • [697星][2m] [C#] cobbr/sharpsploit SharpSploit is a .NET post-exploitation library written in C#
  • [422星][16d] [Shell] thesecondsun/bashark Bash post exploitation toolkit
  • [344星][5m] [Py] adrianvollmer/powerhub A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
  • [282星][1y] [JS] chrisallenlane/novahot Webshell框架,实现了基于Json的API,可与任何语言编写的后门(默认支持PHP/Ruby/Python)进行通信。
  • [233星][2d] [Go] brompwnie/botb A container analysis and exploitation tool for pentesters and engineers.
  • [204星][2m] [Py] elevenpaths/ibombshell Tool to deploy a post-exploitation prompt at any time

提权&&PrivilegeEscalation

Windows

未分类-Windows

  • [8785星][28d] [C] gentilkiwi/mimikatz A little tool to play with Windows security
  • [2153星][2m] [Py] trustedsec/unicorn 通过PowerShell降级攻击, 直接将Shellcode注入到内存
  • [2045星][13d] [C++] darthton/blackbone Windows memory hacking library
  • [999星][11m] [Batchfile] sagishahar-zz/lpeworkshop Windows / Linux Local Privilege Escalation Workshop
  • [931星][6d] [C#] googleprojectzero/sandbox-attacksurface-analysis-tools 沙箱攻击面(Attack Surface)分析工具,用于测试 Windows 上沙箱的各种属性
  • [700星][8m] [C] hfiref0x/tdl Driver loader for bypassing Windows x64 Driver Signature Enforcement
  • [694星][5m] [C#] outflanknl/evilclippy A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
  • [611星][9m] [C#] 0xbadjuju/tokenvator A tool to elevate privilege with Windows Tokens
  • [519星][12m] [PS] a-min3/winspect Powershell-based Windows Security Auditing Toolbox
  • [416星][1m] [C++] hoshimin/kernel-bridge Windows kernel hacking framework, driver template, hypervisor and API written on C++
  • [391星][2m] [Java] tiagorlampert/saint a Spyware Generator for Windows systems written in Java
  • [349星][2m] [Shell] orlikoski/skadi collection, processing and advanced analysis of forensic artifacts and images.
  • [341星][1y] [C++] qax-a-team/eventcleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities.
  • [340星][19d] [C] mattiwatti/efiguard Disable PatchGuard and DSE at boot time
  • [302星][2d] [Py] skylined/bugid Detect, analyze and uniquely identify crashes in Windows applications
  • [298星][1y] [PS] onelogicalmyth/zeroday-powershell A PowerShell example of the Windows zero day priv esc
  • [290星][7m] [Py] ropnop/windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
  • [288星][11m] maaaaz/impacket-examples-windows The great impacket example scripts compiled for Windows
  • [213星][4m] [PHP] rizer0/log-killer Clear all your logs in [linux/windows] servers
  • [212星][1m] [C++] can1357/byepg Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI
  • [211星][1y] [C++] tandasat/pgresarch PatchGuard Research
  • [206星][20d] [Py] mzfr/rsh generate reverse shell from CLI for linux and Windows.
  • [203星][5d] [Py] ropnop/impacket_static_binaries Standalone binaries for Linux/Windows of Impacket's examples
  • [201星][10m] [HTML] mxmssh/drltrace Drltrace is a library calls tracer for Windows and Linux applications.

UAC

  • [2355星][3d] [C] hfiref0x/uacme Defeating Windows User Account Control

AppLocker

ActiveDirectory

  • [3652星][19d] [PS] bloodhoundad/bloodhound a single page Javascript web application, uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
  • [2009星][3m] infosecn1nja/ad-attack-defense Attack and defend active directory using modern post exploitation adversary tradecraft activity
  • [338星][9m] [Py] dirkjanm/ldapdomaindump Active Directory information dumper via LDAP
  • [242星][1y] [Go] netspi/goddi goddi (go dump domain info) dumps Active Directory domain information

域渗透

WET

驻留&&Persistence

Linux&&Xnix


文章

新添加

贡献

内容为系统自动导出, 有任何问题请提issue