漏洞利用/检测 ======================================== 数据库注入 ---------------------------------------- - `SQLMap `_ - `bbqsql `_ - `MSDAT `_ Microsoft SQL Database Attacking Tool 非结构化数据库注入 ---------------------------------------- - `NoSQLAttack `_ - `NoSQLMap `_ - `Nosql Exploitation Framework `_ - `MongoDB audit `_ 数据库漏洞利用 ---------------------------------------- - `mysql unsha1 `_ - `ODAT `_ Oracle Database Attacking Tool XSS ---------------------------------------- - `BeEF `_ - `XSS Reciver `_ - `DSXS `_ - `XSStrike `_ - `xsssniper `_ - `tracy `_ - `xsleaks `_ A collection of browser-based side channel attack vectors SSRF ---------------------------------------- - `SSRFmap `_ - `SSRF Proxy `_ - `Gopherus `_ - `SSRF Testing `_ 模版注入 ---------------------------------------- - `tplmap `_ HTTP Request Smuggling ---------------------------------------- - `smuggler `_ An HTTP Request Smuggling / Desync testing tool written in Python - `h2cSmuggler `_ HTTP Request Smuggling over HTTP/2 Cleartext (h2c) 命令注入 ---------------------------------------- - `commix `_ PHP ---------------------------------------- - `Chankro `_ Herramienta para evadir disable_functions y open_basedir LFI ---------------------------------------- - `LFISuite `_ - `FDsploit `_ struts ---------------------------------------- - `struts scan `_ CMS ---------------------------------------- - `Joomla Vulnerability Scanner `_ - `Drupal enumeration & exploitation tool `_ - `Wordpress Vulnerability Scanner `_ - `TPscan `_ 一键ThinkPHP漏洞检测 - `dedecmscan `_ 织梦全版本漏洞扫描 Java框架 ---------------------------------------- - `ShiroScan `_ Shiro<=1.2.4反序列化检测工具 - `fastjson rce tool `_ fastjson命令执行利用工具 DNS相关漏洞 ---------------------------------------- - `dnsAutoRebinding `_ - `AngelSword `_ - `Subdomain TakeOver `_ - `mpDNS `_ - `JudasDNS Nameserver DNS poisoning `_ - `singularity `_ A DNS rebinding attack framework by NGC Group DNS数据提取 ---------------------------------------- - `dnsteal `_ - `DNSExfiltrator `_ - `dns exfiltration by krmaxwell `_ - `dns exfiltration by coryschwartz `_ - `requestbin for dns `_ DNS 隧道 ---------------------------------------- - `dnstunnel de `_ - `iodine `_ DNS Shell ---------------------------------------- - `chashell `_ - `dnscat2 `_ XXE ---------------------------------------- - `XXEinjector `_ - `XXER `_ - `DTD Finder `_ List DTDs and generate XXE payloads using those local DTDs 反序列化 ---------------------------------------- Java反序列化 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `ysoserial `_ - `JRE8u20 RCE Gadget `_ - `Java Serialization Dumper `_ A tool to dump Java serialization streams in a more human readable form - `marshalsec `_ Java Unmarshaller Security - Turning your data into code execution - `gadgetinspector `_ A byte code analyzer for finding deserialization gadget chains in Java applications - `fastjsonScan `_ fastjson漏洞burp插件 .NET反序列化 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - `viewgen `_ ASP.NET ViewState Generator JNDI ---------------------------------------- - `Rogue JNDI `_ A malicious LDAP server for JNDI injection attacks - `JNDI Injection Exploit `_ - `JNDIExploit `_ 端口Hack ---------------------------------------- - `nmap vulners `_ - `nmap nse scripts `_ - `Vulnerability Scanning with Nmap `_ JWT ---------------------------------------- - `jwtcrack `_ 无线 ---------------------------------------- - `infernal twin `_ 中间人攻击 ---------------------------------------- - `mitmproxy `_ - `MITMf `_ - `ssh mitm `_ - `injectify `_ - `Responder `_ Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. - `toxy `_ Hackable HTTP proxy for resiliency testing and simulated network conditions - `bettercap `_ The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks DHCP ---------------------------------------- - `DHCPwn `_ DDoS ---------------------------------------- - `Saddam `_ 正则表达式 ---------------------------------------- - `Regexploit `_ Find regular expressions which are vulnerable to ReDoS Shellcode ---------------------------------------- - `go shellcode `_ A repository of Windows Shellcode runners and supporting utilities 越权 ---------------------------------------- - `secscan authcheck `_ 利用平台 ---------------------------------------- - `DNSLog `_ 是一款监控 DNS 解析记录和 HTTP 访问记录的工具 - `LuWu `_ 红队基础设施自动化部署工具 漏洞利用库 ---------------------------------------- - `Penetration Testing POC `_ - `thc ipv6 `_ IPv6 attack toolkit 漏洞利用框架 ---------------------------------------- - `pocsuite3 `_ Windows ---------------------------------------- - `PyWSUS `_ a standalone implementation of a legitimate WSUS server which sends malicious responses to clients