首页 › Python论坛 › Python渗透测试工具库

大小姐驾到 發表於 2019-8-26 09:15:00

Python渗透测试工具库

<h2><strong>漏洞及渗透练习平台</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">WebGoat漏洞练习平台：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/WebGoat/WebGoat</span>
webgoat-<span style="color: rgba(0, 0, 0, 1)">legacy漏洞练习平台:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/WebGoat/WebGoat-Legacy</span>
<span style="color: rgba(0, 0, 0, 1)">zvuldirll漏洞练习平台：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/710leo/ZVulDrill</span>
<span style="color: rgba(0, 0, 0, 1)">vulapps漏洞练习平台：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Medicean/VulApps</span>
<span style="color: rgba(0, 0, 0, 1)">dvwa漏洞练习平台：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/RandomStorm/DVWA</span>
<span style="color: rgba(0, 0, 0, 1)">数据库注入练习平台 ：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Audi-1/sqli-labs</span>
<span style="color: rgba(0, 0, 0, 1)">用node编写的漏洞练习平台，like OWASP Node Goat：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/cr0hn/vulnerable-node</span>
<span style="color: rgba(0, 0, 0, 1)">Ruby编写的一款工具，生成含漏洞的虚拟机：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/cliffe/secgen</span></pre>
</div>
<h2><strong>花式扫描器&nbsp;</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">Nmap端口扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/nmap/nmap</span>
<span style="color: rgba(0, 0, 0, 1)">本地网络扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/SkyLined/LocalNetworkScanner</span>
<span style="color: rgba(0, 0, 0, 1)">子域名扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/lijiejie/subDomainsBrute</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/aboul3la/Sublist3r</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/TheRook/subbrute</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/infosec-au/altdns</span>
<span style="color: rgba(0, 0, 0, 1)">linux漏洞扫描：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/future-architect/vuls</span>
<span style="color: rgba(0, 0, 0, 1)">基于端口扫描以及关联CVE:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/m0nad/HellRaiser</span>
<span style="color: rgba(0, 0, 0, 1)">漏洞路由扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/jh00nbr/Routerhunter-2.0</span>
<span style="color: rgba(0, 0, 0, 1)">迷你批量信息泄漏扫描脚本：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/lijiejie/BBScan</span>
<span style="color: rgba(0, 0, 0, 1)">Waf类型检测工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/EnableSecurity/wafw00f</span>
<span style="color: rgba(0, 0, 0, 1)">服务器端口弱口令扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/wilson9x1/fenghuangscanner_v3</span>
Fox-<span style="color: rgba(0, 0, 0, 1)">scan扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/fengxuangit/Fox-scan/</span></pre>
</div>
<h2><strong>信息搜集工具&nbsp;</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">社工收集器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/n0tr00t/Sreg</span>
<span style="color: rgba(0, 0, 0, 1)">Github信息搜集：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/sea-god/gitscan</span>
<span style="color: rgba(0, 0, 0, 1)">github Repo信息搜集工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/metac0rtex/GitHarvester</span>
<span style="color: rgba(0, 0, 0, 1)">信息探测及扫描工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/darryllane/Bluto</span>
<span style="color: rgba(0, 0, 0, 1)">内部网络信息扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/sowish/LNScan</span>
<span style="color: rgba(0, 0, 0, 1)">远程桌面登录扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/linuz/Sticky-Keys-Slayer</span>
<span style="color: rgba(0, 0, 0, 1)">网络基础设施渗透工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/SECFORCE/sparta</span>
<span style="color: rgba(0, 0, 0, 1)">SNMAP密码破解:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/SECFORCE/SNMP-Brute</span></pre>
</div>
<h2><strong>WEB</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">webshell大合集：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/tennc/webshell</span>
<span style="color: rgba(0, 0, 0, 1)">渗透以及web攻击脚本：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/brianwrf/hackUtils</span>
<span style="color: rgba(0, 0, 0, 1)">web渗透小工具大合集：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/rootphantomer/hacktoolsfor_me</span>
<span style="color: rgba(0, 0, 0, 1)">XSS数据接收平台：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/firesunCN/BlueLotus_XSSReceiver</span>
<span style="color: rgba(0, 0, 0, 1)">XSS与CSRF工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/evilcos/xssor</span>
<span style="color: rgba(0, 0, 0, 1)">xss多功能扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/shawarkhanethicalhacker/BruteXSS</span>
<span style="color: rgba(0, 0, 0, 1)">web漏洞扫描器:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/andresriancho/w3af</span>
<span style="color: rgba(0, 0, 0, 1)">WEB漏洞扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/sullo/nikto</span>
<span style="color: rgba(0, 0, 0, 1)">渗透常用小工具包：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/leonteale/pentestpackage</span>
<span style="color: rgba(0, 0, 0, 1)">web目录扫描器:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/maurosoria/dirsearch</span>
<span style="color: rgba(0, 0, 0, 1)">web向命令注入检测工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/stasinopoulos/commix</span>
<span style="color: rgba(0, 0, 0, 1)">自动化SQL注入检查工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/epinna/tplmap</span>
<span style="color: rgba(0, 0, 0, 1)">SSL扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/rbsec/sslscan</span>
<span style="color: rgba(0, 0, 0, 1)">安全工具集合：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/codejanus/ToolSuite</span>
<span style="color: rgba(0, 0, 0, 1)">apache日志分析器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/mthbernardes/ARTLAS</span>
<span style="color: rgba(0, 0, 0, 1)">php代码审计工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/pwnsdx/BadCode</span>
<span style="color: rgba(0, 0, 0, 1)">web指纹识别扫描：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/urbanadventurer/whatweb</span>
<span style="color: rgba(0, 0, 0, 1)">检查网站恶意攻击：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ciscocsirt/malspider</span>
<span style="color: rgba(0, 0, 0, 1)">wordprees漏洞扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/wpscanteam/wpscan</span>
<span style="color: rgba(0, 0, 0, 1)">固件漏洞扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/misterch0c/firminator_backend</span>
<span style="color: rgba(0, 0, 0, 1)">数据库注入工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/sqlmapproject/sqlmap</span>
<span style="color: rgba(0, 0, 0, 1)">Web代理：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/zt2/sqli-hunter</span>
<span style="color: rgba(0, 0, 0, 1)">新版中国菜刀：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Chora10/Cknife</span>
<span style="color: rgba(0, 0, 0, 1)">git泄露利用EXP：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/lijiejie/GitHack</span>
<span style="color: rgba(0, 0, 0, 1)">浏览器攻击框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/beefproject/beef</span>
<span style="color: rgba(0, 0, 0, 1)">自动化绕过WAF脚本：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/khalilbijjou/WAFNinja</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/owtf/wafbypasser</span>
<span style="color: rgba(0, 0, 0, 1)">一款开源WAF：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/SpiderLabs/ModSecurity</span>
<span style="color: rgba(0, 0, 0, 1)">http命令行客户端：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/jkbrzt/httpie</span>
<span style="color: rgba(0, 0, 0, 1)">浏览器调试利器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/firebug/firebug</span>
<span style="color: rgba(0, 0, 0, 1)">DISCUZ漏洞扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/code-scan/dzscan</span>
<span style="color: rgba(0, 0, 0, 1)">自动化代码审计工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/wufeifei/cobra</span>
<span style="color: rgba(0, 0, 0, 1)">浏览器攻击框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/julienbedard/browsersploit</span>
<span style="color: rgba(0, 0, 0, 1)">tomcat自动后门部署：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/mgeeky/tomcatWarDeployer</span>
<span style="color: rgba(0, 0, 0, 1)">网络空间指纹扫描器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/nanshihui/Scan-T</span>
<span style="color: rgba(0, 0, 0, 1)">burpsuit之J2EE扫描插件：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ilmila/J2EEScan</span></pre>
</div>
<h2><strong>windows域渗透工具</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">mimikatz明文注入：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/gentilkiwi/mimikatz</span>
<span style="color: rgba(0, 0, 0, 1)">Powershell渗透库合集：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/PowerShellMafia/PowerSploit</span>
<span style="color: rgba(0, 0, 0, 1)">Powershell tools合集：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/clymb3r/PowerShell</span>
<span style="color: rgba(0, 0, 0, 1)">powershell的mimikittenz:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/putterpanda/mimikittenz</span>
<span style="color: rgba(0, 0, 0, 1)">域渗透教程:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/l3m0n/pentest_study</span>
<span style="color: rgba(0, 0, 0, 1)">Fuzz:
Web向Fuzz工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/xmendez/wfuzz</span>
<span style="color: rgba(0, 0, 0, 1)">HTTP暴力破解，撞库攻击脚本
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/lijiejie/htpwdScan</span></pre>
</div>
<h2><strong>漏洞利用及攻击框架</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">msf框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/rapid7/metasploit-framework</span>
<span style="color: rgba(0, 0, 0, 1)">pocsscan攻击框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/erevus-cn/pocscan</span>
<span style="color: rgba(0, 0, 0, 1)">Pocsuite攻击框架:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/knownsec/Pocsuite</span>
<span style="color: rgba(0, 0, 0, 1)">Beebeeto攻击框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/n0tr00t/Beebeeto-framework</span>
漏洞POC&amp;<span style="color: rgba(0, 0, 0, 1)">EXP:
ExploitDB官方git版本:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/offensive-security/exploit-database</span>
<span style="color: rgba(0, 0, 0, 1)">php漏洞代码分析：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/80vul/phpcodz</span>
CVE-<span style="color: rgba(128, 0, 128, 1)">2016</span>-<span style="color: rgba(128, 0, 128, 1)">2107</span><span style="color: rgba(0, 0, 0, 1)">:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/FiloSottile/CVE-2016-2107</span>
CVE-<span style="color: rgba(128, 0, 128, 1)">2015</span>-<span style="color: rgba(128, 0, 128, 1)">7547</span><span style="color: rgba(0, 0, 0, 1)"> POC：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/fjserna/CVE-2015-7547</span>
<span style="color: rgba(0, 0, 0, 1)">JAVA反序列化POC生成工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/frohoff/ysoserial</span>
<span style="color: rgba(0, 0, 0, 1)">JAVA反序列化EXP:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/foxglovesec/JavaUnserializeExploits</span>
<span style="color: rgba(0, 0, 0, 1)">Jenkins CommonCollections EXP:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/CaledoniaProject/jenkins-cli-exploit</span>
CVE-<span style="color: rgba(128, 0, 128, 1)">2015</span>-<span style="color: rgba(128, 0, 128, 1)">2426</span><span style="color: rgba(0, 0, 0, 1)"> EXP (windows内核提权):
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/vlad902/hacking-team-windows-kernel-lpe</span>
<span style="color: rgba(0, 0, 0, 1)">use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示):
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/hxer/vulnapp</span>
<span style="color: rgba(0, 0, 0, 1)">php7缓存覆写漏洞Demo及相关工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/GoSecure/php7-opcache-override</span>
<span style="color: rgba(0, 0, 0, 1)">XcodeGhost木马样本:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/XcodeGhostSource/XcodeGhost</span></pre>
</div>
<h2><strong>中间人攻击及钓鱼</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">中间人攻击框架:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/secretsquirrel/the-backdoor-factory</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/secretsquirrel/BDFProxy</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/byt3bl33d3r/MITMf</span>
<span style="color: rgba(0, 0, 0, 1)">Inject code, jam wifi, and spy on wifi users:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/DanMcInerney/LANs.py</span>
<span style="color: rgba(0, 0, 0, 1)">中间人代理工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/intrepidusgroup/mallory</span>
<span style="color: rgba(0, 0, 0, 1)">wifi钓鱼:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/sophron/wifiphisher</span></pre>
</div>
<h2><strong>密码破解</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">密码破解工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/shinnok/johnny</span>
<span style="color: rgba(0, 0, 0, 1)">本地存储的各类密码提取利器:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/AlessandroZ/LaZagne</span>
<span style="color: rgba(0, 0, 0, 1)">二进制及代码分析工具：
二进制分析工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/devttys0/binwalk</span>
<span style="color: rgba(0, 0, 0, 1)">系统扫描器
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/quarkslab/binmap</span>
<span style="color: rgba(0, 0, 0, 1)">rp:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/0vercl0k/rp</span>
<span style="color: rgba(0, 0, 0, 1)">Windows Exploit Development工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/lillypad/badger</span>
<span style="color: rgba(0, 0, 0, 1)">二进制静态分析工具（python）:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/bdcht/amoco</span>
Python Exploit Development Assistance <span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> GDB:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/longld/peda</span>
<span style="color: rgba(0, 0, 0, 1)">对BillGates Linux Botnet系木马活动的监控工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ValdikSS/billgates-botnet-tracker</span>
<span style="color: rgba(0, 0, 0, 1)">木马配置参数提取工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/kevthehermit/RATDecoders</span>
<span style="color: rgba(0, 0, 0, 1)">Shellphish编写的二进制分析工具（CTF向）:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/angr/angr</span>
<span style="color: rgba(0, 0, 0, 1)">针对python的静态代码分析工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/yinwang0/pysonar2</span>
<span style="color: rgba(0, 0, 0, 1)">一个自动化的脚本（shell）分析工具，用来给出警告和建议:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/koalaman/shellcheck</span>
<span style="color: rgba(0, 0, 0, 1)">基于AST变换的简易Javascript反混淆辅助工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ChiChou/etacsufbo</span></pre>
</div>
<h2><strong>EXP编写框架及工具</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">二进制EXP编写工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/t00sh/rop-tool</span>
<span style="color: rgba(0, 0, 0, 1)">CTF Pwn 类题目脚本编写框架:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Gallopsled/pwntools</span>
an easy-to-use io library <span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> pwning development:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/zTrix/zio</span>
<span style="color: rgba(0, 0, 0, 1)">跨平台注入工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/frida/frida</span>
<span style="color: rgba(0, 0, 0, 1)">哈希长度扩展攻击EXP：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/citronneur/rdpy</span></pre>
</div>
<h2><strong>隐写</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">隐写检测工具
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/abeluck/stegdetect</span>
<span style="color: rgba(0, 0, 0, 1)">各类安全资料:
data_hacking合集:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ClickSecurity/data_hacking</span>
mobile-security-<span style="color: rgba(0, 0, 0, 1)">wiki:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/exploitprotocol/mobile-security-wiki</span>
书籍《reverse-engineering-<span style="color: rgba(0, 0, 255, 1)">for</span>-<span style="color: rgba(0, 0, 0, 1)">beginners》:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/veficos/reverse-engineering-for-beginners</span>
<span style="color: rgba(0, 0, 0, 1)">一些信息安全标准及设备配置:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/luyg24/IT_security</span>
<span style="color: rgba(0, 0, 0, 1)">APT相关笔记:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/kbandla/APTnotes</span>
<span style="color: rgba(0, 0, 0, 1)">Kcon资料:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/knownsec/KCon</span>
<span style="color: rgba(0, 0, 0, 1)">《DO NOT FUCK WITH A HACKER》:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/citypw/DNFWAH</span>
<span style="color: rgba(0, 0, 0, 1)">各类安全脑洞图：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/phith0n/Mind-Map</span>
<span style="color: rgba(0, 0, 0, 1)">信息安全流程图：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/SecWiki/sec-chart/ tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428</span></pre>
</div>
<h2><strong>各类CTF资源</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">近年ctf writeup大全:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ctfs/write-ups-2016</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ctfs/write-ups-2015</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ctfs/write-ups-2014</span>
<span style="color: rgba(0, 0, 0, 1)">fbctf竞赛平台Demo:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/facebook/fbctf</span>
<span style="color: rgba(0, 0, 0, 1)">ctf Resources:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ctfs/resources</span>
<span style="color: rgba(0, 0, 0, 1)">ctf及黑客资源合集:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/bt3gl/My-Gray-Hacker-Resources</span>
<span style="color: rgba(0, 0, 0, 1)">ctf和安全工具大合集:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/zardus/ctf-tools</span>
<span style="color: rgba(0, 0, 0, 1)">ctf向 python工具包
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/P1kachu/v0lt</span></pre>
</div>
<h2><strong>各类编程资源</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">大礼包（什么都有）:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/bayandin/awesome-awesomeness</span>
bash-<span style="color: rgba(0, 0, 0, 1)">handbook:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/denysdovhan/bash-handbook</span>
<span style="color: rgba(0, 0, 0, 1)">python资源大全:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/jobbole/awesome-python-cn</span>
<span style="color: rgba(0, 0, 0, 1)">git学习资料:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/xirong/my-git</span>
<span style="color: rgba(0, 0, 0, 1)">安卓开源代码解析
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/android-cn/android-open-project</span>
<span style="color: rgba(0, 0, 0, 1)">python框架，库，资源大合集:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/vinta/awesome-python</span>
<span style="color: rgba(0, 0, 0, 1)">JS 正则表达式库（用于简化构造复杂的JS正则表达式）:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/VerbalExpressions/JSVerbalExpressions</span>
<span style="color: rgba(0, 0, 0, 1)">Python：
python 正则表达式库（用于简化构造复杂的python正则表达式）:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/VerbalExpressions/</span>
<span style="color: rgba(0, 0, 0, 1)">python任务管理以及命令执行库:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/pyinvoke/invoke</span>
<span style="color: rgba(0, 0, 0, 1)">python exe打包库:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/pyinstaller/pyinstaller</span>
Veil-<span style="color: rgba(0, 0, 0, 1)">Evasion免杀项目：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Veil-Framework/Veil-Evasion</span>
<span style="color: rgba(0, 0, 0, 1)">py3 爬虫框架:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/orf/cyborg</span>
<span style="color: rgba(0, 0, 0, 1)">一个提供底层接口数据包编程和网络协议支持的python库:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/CoreSecurity/impacket</span>
<span style="color: rgba(0, 0, 0, 1)">python requests 库:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/kennethreitz/requests</span>
<span style="color: rgba(0, 0, 0, 1)">python 实用工具合集:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/mahmoud/boltons</span>
<span style="color: rgba(0, 0, 0, 1)">python爬虫系统:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/binux/pyspider</span></pre>
</div>
<h2><strong>kxsw</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/XX-net/XX-Net</span></pre>
</div>
<h2><strong>福利</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">微信自动抢红包动态库
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/east520/AutoGetRedEnv</span>
<span style="color: rgba(0, 0, 0, 1)">微信抢红包插件（安卓版）
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/geeeeeeeeek/WeChatLuckyMoney</span>
<span style="color: rgba(0, 0, 0, 1)">hardsed神器:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/yangyangwithgnu/hardseed</span>
<span style="color: rgba(0, 0, 0, 1)">甲方安全工程师生存指南
web索引及日志搜索工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/thomaspatzke/WASE</span>
<span style="color: rgba(0, 0, 0, 1)">开源日志采集器：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/wgliang/logcool</span>
<span style="color: rgba(0, 0, 0, 1)">扫描CS结构的web debuger
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Kozea/wdb</span>
<span style="color: rgba(0, 0, 0, 1)">恢复sqlite数据库删除注册信息：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/aramosf/recoversqlite/</span>
<span style="color: rgba(0, 0, 0, 1)">gps欺骗检测工具:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/zxsecurity/gpsnitch</span>
<span style="color: rgba(0, 0, 0, 1)">应急处置响应框架:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/biggiesmallsAG/nightHawkResponse</span>
<span style="color: rgba(0, 0, 0, 1)">web安全开发指南:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/FallibleInc/security-guide-for-developers</span>
<span style="color: rgba(0, 0, 0, 1)">各个知名厂商漏洞测试报告模板：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/juliocesarfort/public-pentesting-reportslinux下恶意代码检测包：</span>
https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/rfxn/linux-malware-detect</span>
<span style="color: rgba(0, 0, 0, 1)">操作系统运行指标可视化框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/facebook/osquery</span>
<span style="color: rgba(0, 0, 0, 1)">恶意代码分析系统：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/cuckoosandbox/cuckoo</span>
<span style="color: rgba(0, 0, 0, 1)">定期搜索及存储web应用：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/Netflix/Scumblr</span>
<span style="color: rgba(0, 0, 0, 1)">事件响应框架：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/google/grr</span>
<span style="color: rgba(0, 0, 0, 1)">综合主机监控检测平台：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/ossec/ossec-hids</span>
<span style="color: rgba(0, 0, 0, 1)">分布式实时数字取证系统：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/mozilla/mig</span>
Microsoft &amp;<span style="color: rgba(0, 0, 0, 1)"> Unix 文件系统及硬盘取证工具：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/sleuthkit/sleuthkit</span></pre>
</div>
<h2><strong>蜜罐</strong></h2>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">SSH蜜罐：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/desaster/kippo</span>
<span style="color: rgba(0, 0, 0, 1)">蜜罐集合资源：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/paralax/awesome-honeypots</span>
<span style="color: rgba(0, 0, 0, 1)">kippo进阶版蜜罐：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/micheloosterhof/cowrie</span>
<span style="color: rgba(0, 0, 0, 1)">SMTP 蜜罐：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/awhitehatter/mailoney</span>
<span style="color: rgba(0, 0, 0, 1)">web应用程序蜜罐：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/mushorg/glastopf</span>
<span style="color: rgba(0, 0, 0, 1)">数据库蜜罐：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/jordan-wright/elastichoney</span>
<span style="color: rgba(0, 0, 0, 1)">web蜜罐：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/atiger77/Dionaea</span></pre>
</div>
<h2><strong>远控</strong></h2>
<div class="cnblogs_code">
<pre>用gmail充当C&amp;<span style="color: rgba(0, 0, 0, 1)">C服务器的后门
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/byt3bl33d3r/gcat</span>
<span style="color: rgba(0, 0, 0, 1)">开源的远控：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/UbbeLoL/uRAT</span>
<span style="color: rgba(0, 0, 0, 1)">c#远控：
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">github.com/hussein-aitlahcen/BlackHole</span></pre>
</div>
<p>&nbsp;</p><br><br>
来源：https://www.cnblogs.com/xyongsec/p/11410533.html

查看完整版本: Python渗透测试工具库