windows漏洞利用相关整理 https://github.com/enddo/awesome-windows-exploitation
从内存中提取敏感信息的工具 https://github.com/putterpanda/mimikittenz
fireeye红军渗透工具
https://github.com/chango77747/AdEnumerator
https://github.com/Raikia/CredNinja
https://github.com/ChrisTruncer/WMIOps
https://github.com/ChrisTruncer/EyeWitness
https://github.com/ChrisTruncer/Egress-Assess
windows渗透神器 https://github.com/gentilkiwi/mimikatz
在线渗透测试资源、Shellcode开发、开源情报资源、社会工程资源等 https://github.com/enaqx/awesome-pentest
Powershell渗透库合集 https://github.com/PowerShellMafia/PowerSploit
Powershell tools合集 https://github.com/clymb3r/PowerShell
MSF--最强大的渗透平台 https://github.com/rapid7/metasploit-framework
Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等 https://github.com/erevus-cn/pocscan
Pocsuite -开源的远程漏洞测试框架 https://github.com/knownsec/Pocsuite
The YAWAST Antecedent Web Application Security Toolkit https://github.com/adamcaudill/yawast
Beebeeto是由众多安全研究人员所共同维护的一个规范化POC/EXP平台 https://github.com/n0tr00t/Beebeeto-framework
一个用Node.js编写的Web安全测试框架 https://github.com/zhuyingda/veneno
常见的渗透测试/安全Cheatsheet https://github.com/jshaw87/Cheatsheets
渗透脚本集合包括backdoor,exploit,fuzzing,note,misc,powershell https://github.com/Ridter/Pentest
消息队列和中间人注入工具,可以用于攻击 Redis, RabbitMQ和ZeroMQ。 https://github.com/cr0hn/enteletaor
DotDotPwn - 目录遍历Fuzzer(http://dotdotpwn.blogspot.com/) https://github.com/wireghoul/dotdotpwn
FuzzLabs Fuzzing框架 https://dcnws.com https://github.com/keymandll/FuzzLabs
谷歌出品强大分析配置项目fuzzing组件 https://github.com/google/honggfuzz
谷歌fuzzing引擎测试集 https://github.com/google/fuzzer-test-suite
Fuzzinator随机测试框架 https://github.com/renatahodovan/fuzzinator
各种fuzzing图书、课程、工具、教程和易受攻击应用集合 https://github.com/secfigo/Awesome-Fuzzing
Linux内核fuzzing和缺陷相关的资源 https://github.com/xairy/linux-kernel-exploitation
fuzzing框架 https://github.com/MozillaSecurity/peach
fuddly: a fuzzing and data manipulation framework https://github.com/k0retux/fuddly
通用,易于使用的,可自选兴趣选项分析的fuzer https://github.com/google/honggfuzz
Kitty fuzzing框架扩展库 https://github.com/cisco-sas/katnip
Fuzzer API接口,通过可以用通用的渗透技术和漏洞列表进行fuzz请求 https://github.com/lalithr95/API-fuzzer
找出文件系统存存储的加密文件 https://github.com/antagon/TCHunt-ng
安卓媒体Fuzzing框架 https://github.com/fuzzing/MFFA
安卓fuzz工具 https://github.com/MindMac/IntentFuzzer
Fuzzing数据集 https://github.com/MozillaSecurity/fuzzdata
WebFuzz工具 https://github.com/xmendez/wfuzz
web fuzz https://github.com/henshin/filebuster
AFL的Android移植版本 https://github.com/ele7enxxh/android-afl
Fuzzing results for various interpreters. https://github.com/dyjakan/interpreter-bugs
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem https://github.com/lalithr95/fuzzapi
webshell大合集 https://github.com/tennc/webshell
渗透以及web攻击脚本 https://github.com/brianwrf/hackUtils
web渗透小工具大合集 https://github.com/rootphantomer/hack_tools_for_me
detectem - detect software and its version on websites. https://github.com/spectresearch/detectem
Hydra is a penetration testing tool exclusively focused on dictionary-attacking web-based login forms. https://github.com/opennota/hydra
数据库注入工具 https://github.com/sqlmapproject/sqlmap
SQLiScanner -- Automatic SQL injection with Charles and sqlmap api https://github.com/0xbug/SQLiScanner
Web代理,通过加载sqlmap api进行sqli实时检测 https://github.com/zt2/sqli-hunter
新版中国菜刀 https://github.com/Chora10/Cknife
.git泄露利用EXP https://github.com/lijiejie/GitHack
浏览器攻击框架 https://github.com/beefproject/beef
自动化绕过WAF脚本 https://github.com/khalilbijjou/WAFNinja
http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl) https://github.com/jkbrzt/httpie
浏览器调试利器 https://github.com/firebug/firebug
WAF绕过检测工具 https://github.com/owtf/wafbypasser
浏览器攻击框架 https://github.com/julienbedard/browsersploit
web端webshell管理器 https://github.com/guillotines/WebShell
tomcat自动后门部署 https://github.com/mgeeky/tomcatWarDeployer
TomcatBrute tool https://github.com/WallbreakerTeam/TomcatBrute
通过调用sqlmap api,自动检测sqli的代理 https://github.com/fengxuangit/Fox-scan/
免杀payload生成器 https://github.com/Veil-Framework/Veil-Evasion
用gmail充当C&C服务器的后门 https://github.com/byt3bl33d3r/gcat
burp教学payloads集合 https://github.com/1N3/IntruderPayloads
SQL盲注利用工具 https://github.com/Neohapsis/bbqsql
Script for doing evil stuff to Redis servers (for education purposes only). https://github.com/matiasinsaurralde/evilredis
dnscat2的Powershell客户端,加密的DNS命令和控制工具 https://github.com/lukebaggett/dnscat2-powershell
burp插件收集项目 https://github.com/xl7dev/BurpSuite/tree/master/Extender
一个用来辅助WP渗透测试的ruby框架 https://github.com/rastating/wordpress-exploit-framework/
.DS_store文件泄露利用脚本 https://github.com/lijiejie/ds_store_exp
Short for command injection exploiter,web向命令注入检测工具 https://github.com/stasinopoulos/commix
XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver
一个快速的TLS扫描器( non-blocking, event-driven ) https://prbinu.github.io/tls-scan https://github.com/prbinu/tls-scan
一个Python RESTful接口框架,用于提供在线恶意软件和URL分析服务 https://github.com/diogo-fernan/malsub
XSS与CSRF工具 https://github.com/evilcos/xssor
中间人攻击框架 https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/secretsquirrel/BDFProxy
https://github.com/byt3bl33d3r/MITMf
代码注入,wifi jam以及wifi用户探测 https://github.com/DanMcInerney/LANs.py
可扩展的中间人代理工具 https://github.com/intrepidusgroup/mallory
wifi钓鱼 https://github.com/sophron/wifiphisher
XSS数据接收平台 https://github.com/firesunCN/BlueLotus_XSSReceiver
XSS与CSRF工具 https://github.com/evilcos/xssor
密码破解工具 https://github.com/shinnok/johnny
本地存储的各类密码提取利器 https://github.com/AlessandroZ/LaZagne
HTTP暴力破解,撞库攻击脚本 https://github.com/lijiejie/htpwdScan
超过80GB密码库总结出的字典项目 https://github.com/berzerk0/Probable-Wordlists