Skip to content

Instantly share code, notes, and snippets.

@evilH2O2

evilH2O2/A工具.yaml

Last active March 12, 2021 17:19
Show Gist options
  • Save evilH2O2/e193901cb03cb853cec775528aa16010 to your computer and use it in GitHub Desktop.
Save evilH2O2/e193901cb03cb853cec775528aa16010 to your computer and use it in GitHub Desktop.
Download ZIP
Git-Stars
Raw
A工具.yaml
- PadBuster:
- Padding Oracle attacks 自动化脚本
- https://github.com/AonCyberLabs/PadBuster
- perl
- bettercap:
- 一个非常强大、灵活可移植的中间人攻击框架,它具有跨平台、轻量级以及模块化等优点,在渗透测试过程中能够非常好的进行中间人测试
- https://github.com/bettercap/bettercap
- go
- pydictor:
- 一个强大而有用的黑客字典生成器,用于蛮力攻击
- https://github.com/landgrey/pydictor
- python
- Nikto:
- Nikto web server scanner
- https://github.com/sullo/nikto
- perl
- spiderfoot:
- SpiderFoot,最完整的OSINT收集和侦察工具
- https://github.com/smicallef/spiderfoot
- python
- Invoke-Phant0m:
- Windows Event Log Killer
- https://github.com/hlldz/Invoke-Phant0m
- powershell
- Erebus:
- CobaltStrike后渗透测试插件
- https://github.com/DeEpinGh0st/Erebus
- powershell
- pwntools:
- CTF框架和漏洞利用开发库
- https://github.com/Gallopsled/pwntools
- python
- adidnsdump:
- 任何经过身份验证的用户都可以进行Active Directory集成DNS转储
- https://github.com/dirkjanm/adidnsdump
- python
- UAC_Bypass_In_The_Wild:
- Windows 10 UAC bypass for all executable files which are autoelevate true .
- https://github.com/sailay1996/UAC_Bypass_In_The_Wild
- c
- OneForAll:
- OneForAll是一款功能强大的子域收集工具
- https://github.com/shmilylty/OneForAll
- python
- aircrack-ng:
- WiFi安全审核工具套件
- https://github.com/aircrack-ng/aircrack-ng
- c
- wsManager:
- Webshell Manager
- https://github.com/guillaC/wsManager
- c#
- docem:
- 在docx、odt、pptx等中嵌入XXE和XSS有效载荷(OXML_XEE on steroids)
- https://github.com/whitel1st/docem
- python
- terminal:
- 新的Windows终端和原始的Windows控制台主机-都在同一地方!
- https://github.com/microsoft/terminal
- c++
- nmap-nse-scripts:
- nmap NSE脚本集合
- https://github.com/cldrn/nmap-nse-scripts
- lua
- xray:
- 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
- https://github.com/chaitin/xray
- go
- LinEnum:
- 脚本化的本地Linux枚举和特权升级检查
- https://github.com/rebootuser/LinEnum
- shell
- Impacket:
- Impacket是一组用于处理网络协议的Python类
- https://github.com/SecureAuthCorp/impacket
- python
- Sn1per:
- 针对攻击性安全专家的自动Pentest框架
- https://github.com/1N3/Sn1per
- hashcat:
- 世界上最快和最先进的密码解密工具
- https://github.com/hashcat/hashcat
- c
- mimipenguin:
- 一个从当前linux用户转储登录密码的工具
- https://github.com/huntergregal/mimipenguin
- c
- PowerSploit:
- PowerSploit - A PowerShell Post-Exploitation Framework
- https://github.com/PowerShellMafia/PowerSploit
- powershell
- mimikatz:
- Windows安全的小工具
- https://github.com/gentilkiwi/mimikatz
- c
- frp:
- 快速反向代理可帮助您将NAT或防火墙后面的本地服务器公开到Internet
- https://github.com/fatedier/frp
- go
- POC-T:
- 渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
- https://github.com/Xyntax/POC-T
- python
- dirmap:
- An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑
- https://github.com/H4ckForJob/dirmap
- python
- WhatWeb:
- 下一代web扫描器
- https://github.com/urbanadventurer/WhatWeb
- ruby
- social-engineer-toolkit:
- TrustedSec中的社会工程师工具包(SET)存储库——SET的所有新版本都将部署在这里。
- https://github.com/trustedsec/social-engineer-toolkit
- python
- GitHack:
- A `.git` folder disclosure exploit
- https://github.com/lijiejie/GitHack
- python
- subDomainsBrute:
- 子域名枚举
- https://github.com/lijiejie/subDomainsBrute
- python
- wydomain:
- 子域名枚举
- https://github.com/ring04h/wydomain
- python
- subfinder:
- 子域名枚举
- https://github.com/projectdiscovery/subfinder
- go
- knock:
- 子域名枚举
- https://github.com/guelfoweb/knock
- python
- WhatWaf:
- 检测和绕过web应用程序防火墙和保护系统
- https://github.com/Ekultek/WhatWaf
- python
- fuzzDicts:
- Web Pentesting Fuzz 字典,一个就够了。
- https://github.com/TheKingOfDuck/fuzzDicts
- python
- dirsearch:
- Web目录枚举
- https://github.com/maurosoria/dirsearch
- python
- massdns:
- 用于批量查找和侦察的高性能DNS存根解析器(子域枚举)
- https://github.com/blechschmidt/massdns
- c
- zmap:
- ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
- https://github.com/zmap/zmap
- c
- Sublist3r:
- 子域名枚举
- https://github.com/aboul3la/Sublist3r
- python
- subbrute:
- 一个DNS meta-query蜘蛛,列举了DNS记录(子域名枚举)
- https://github.com/TheRook/subbrute
- python
- null
Raw
B程序.yaml
- Tilix:
- 使用GTK + 3的Linux平铺终端模拟器
- https://github.com/gnunn1/tilix
- proxychains-ng:
- proxychains 升级版
- https://github.com/rofl0r/proxychains-ng
- lepton:
- Gist 客户端
- https://github.com/dropbox/lepton
- c++
- themer:
- 生成主题(编辑器、终端、壁纸等等)
- https://github.com/mjswensen/themer
- javascript
- mactype:
- Windows 字体美化
- https://github.com/snowie2000/mactype
- c++
- foliate:
- 一个简单和现代的GTK电子书阅读器
- https://github.com/johnfactotum/foliate
- fzf:
- 一个命令行模糊查找程序
- https://github.com/junegunn/fzf
- go
- Moeditor:
- markdown editor(停止开发)
- https://github.com/Moeditor/Moeditor
- javascript
- ItChat:
- A complete and graceful API for Wechat. 微信个人号接口、微信机器人及命令行微信,三十行即可自定义个人号机器人。
- https://github.com/littlecodersh/ItChat
- python
- kitty:
- 一个跨平台,快速,功能齐全,基于GPU的终端模拟器
- https://github.com/kovidgoyal/kitty
- python
- shadowsocksr:
- Python port of ShadowsocksR
- https://github.com/shadowsocksr-backup/shadowsocksr
- python
- translate-shell:
- 命令行翻译工具
- awk
- Hyuga:
- Hyuga 是一个用来检测带外(Out-of-Band)流量(DNS查询和HTTP请求)的监控工具
- https://github.com/Buzz2d0/Hyuga
- pythpn
- peda:
- 为 gdb 漏洞开发提供帮助
- https://github.com/longld/peda
- python
- ttygif:
- 终端录制工具
- https://github.com/icholy/ttygif
- c
- androidtool-mac:
- 一键截图,视频录制,iOS和Android应用安装
- https://github.com/mortenjust/androidtool-mac
- swift
- carbon:
- 代码截图(生成代码图片)
- https://github.com/carbon-app/carbon
- javascript
- xsec-proxy-scanner:
- xsec-proxy-scanner是一款速度超快、小巧的代理扫描器
- https://github.com/netxfly/xsec-proxy-scanner
- go
- starred:
- 通过GitHub stars创建自己的超赞列表(整理你的stars)
- https://github.com/maguowei/starred
- python
- HexFiend:
- Mac OS X 下的 hex编辑器
- https://github.com/ridiculousfish/HexFiend
- Objective-C
- shadowsocks-qt5:
- SS GUI
- https://github.com/shadowsocks/shadowsocks-qt5
- c++
- Motrix:
- 一个全功能的下载管理器
- https://github.com/agalwood/Motrix
- javascript
- weweChat:
- 基于 Electron 和 微信 Web端的微信客户端
- https://github.com/trazyn/weweChat
- javascript
- BaiduPCS-Go:
- 百度网盘客户端 - Go语言编写
- https://github.com/iikira/BaiduPCS-Go
- go
- ieaseMusic:
- 网易云音乐第三方
- https://github.com/trazyn/ieaseMusic
- javascript
- listen1_desktop:
- Listen 1可以搜索和播放来自网易云音乐,虾米,QQ音乐三个主流音乐网站的歌曲(音乐客户端)
- https://github.com/listen1/listen1_desktop
- javascript
- Here:
- Here Music 一个使用 Electron + React 开发的音乐客户端
- https://github.com/caijinyc/Here
- javascript
- null
Raw
C文档资料.md
Raw
D其他.md
Raw
E漏洞利用及验证.yaml
- CVE-2019-19781:
- CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit
- https://github.com/mpgn/CVE-2019-19781
- python
- CVE-2019-1388:
- CVE-2019-1388 UAC提权 (nt authority\system)
- https://github.com/jas502n/CVE-2019-1388
- none
- CurveBall:
- PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)
- https://github.com/ollypwn/CurveBall
- ruby
- CVE-2019-19634:
- 这是一个过滤器绕过的漏洞,导致在 class.upload.php <= 2.0.4 中执行任意文件上传和远程代码
- https://github.com/jra89/CVE-2019-19634
- php
- CVE-2019-11539:
- 利用Pulse Secure Connect中的Post-Auth RCE漏洞
- https://github.com/0xDezzy/CVE-2019-11539
- python
- CVE-2018-8120:
- CVE-2018-8120 Windows LPE exploit
- https://github.com/unamer/CVE-2018-8120
- c++
- pykek:
- Kerberos Exploitation Kit
- https://github.com/mubix/pykek
- python
- null
Raw
F实用.yaml
- USB-Rubber-Ducky:
- 橡皮鸭利用代码
- https://github.com/hak5darren/USB-Rubber-Ducky
- c
- DigiSpark-Scripts:
- 为 DigiSpark 编写的 USB Rubber Ducky 类型脚本
- https://github.com/CedArctic/DigiSpark-Scripts
- c++
- nodemcu-pyflasher:
- 基于esptool.py和wxPython的带GUI的自包含NodeMCU刷新器
- https://github.com/marcelstoer/nodemcu-pyflasher
- python
- pwndbg:
- 利用GDB进行开发和逆向工程变得很容易
- https://github.com/pwndbg/pwndbg
- python
- WooyunDrops:
- Wooyun知识库,乌云知识库,https://wooyun.kieran.top
- https://github.com/SuperKieran/WooyunDrops
- html
- LS_COLORS:
- LS_COLORS定义的集合(ls color)
- https://github.com/trapd00r/LS_COLORS
- null
- trash-cli:
- CLI的回收站操作(查看 or 清空)
- https://github.com/andreafrancia/trash-cli
- python
- windows-kernel-exploits:
- windows-kernel-exploits
- https://github.com/redteampa1/Windows
- null
- linux-kernel-exploits:
- linux-kernel-exploits Linux平台提权漏洞集合
- https://github.com/SecWiki/linux-kernel-exploits
- c
- windows-kernel-exploits:
- windows-kernel-exploits Windows平台提权漏洞集合
- https://github.com/SecWiki/windows-kernel-exploits
- c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment