子域名枚舉類
https://github.com/lijiejie/subDomainsBrute (經典的子域名爆破枚舉腳本) https://github.com/ring04h/wydomain (子域名字典窮舉) https://github.com/le4f/dnsmaper (子域名枚舉與地圖標記) https://github.com/0xbug/orangescan (在線子域名信息收集工具) https://github.com/TheRook/subbrute (根據DNS記錄查詢子域名) https://github.com/We5ter/GoogleSSLdomainFinder (基於谷歌SSL透明證書的子域名查詢腳本) https://github.com/mandatoryprogrammer/cloudflare_enum (使用CloudFlare進行子域名枚舉的腳本) https://github.com/18F/domain-scan (A domain scanner) https://github.com/Evi1CLAY/CoolPool/tree/master/Python/DomainSeeker(多方式收集目標子域名信息)
數據庫漏洞掃描類
https://github.com/0xbug/SQLiScanner (一款基於SQLMAP和Charles的被動SQL注入漏洞掃描工具) https://github.com/stamparm/DSSS (99行代碼實現的sql注入漏洞掃描器) https://github.com/LoRexxar/Feigong(針對各種情況自由變化的MySQL注入腳本) https://github.com/youngyangyang04/NoSQLAttack (一款針對mongoDB的***工具) https://github.com/Neohapsis/bbqsql(SQL盲注利用框架) https://github.com/NetSPI/PowerUpSQL(***SQLSERVER的Powershell腳本框架)
弱口令或信息泄漏掃描類
https://github.com/lijiejie/htpwdScan (一個簡單的HTTP暴力破解、撞庫***腳本) https://github.com/lijiejie/BBScan (一個迷你的信息泄漏批量掃描腳本) https://github.com/lijiejie/GitHack (.git文件夾泄漏利用工具) https://github.com/wilson9x1/fenghuangscanner_v3 (端口及弱口令檢測) https://github.com/ysrc/F-Scrack (對各類服務進行弱口令檢測的腳本) https://github.com/Mebus/cupp (根據用戶習慣生成弱口令探測字典腳本) https://github.com/RicterZ/genpAss (中國特色的弱口令生成器) https://github.com/netxfly/crack_ssh (go寫的協程版的ssh\redis\mongodb弱口令破解工具
物聯網設備掃描
https://github.com/rapid7/IoTSeeker (物聯網設備默認密碼掃描檢測工具) https://github.com/shodan-labs/iotdb (使用nmap掃描IoT設備)
xss掃描器
https://github.com/shawarkhanethicalhacker/BruteXSS (Cross-Site Scripting Bruteforcer) https://github.com/1N3/XSSTracer (A small python script to check for Cross-Site Tracing) https://github.com/0x584A/fuzzXssPHP (PHP版本的反射型xss掃描) https://github.com/chuhades/xss_scan (批量掃描xss的python腳本)
企業網絡自檢
https://github.com/sowish/LNScan (詳細的內部網絡信息掃描器) https://github.com/ysrc/xunfeng (網絡資產識別引擎,漏洞檢測引擎) https://github.com/SkyLined/LocalNetworkScanner (javascript實現的本地網絡掃描器) https://github.com/laramies/theHarvester (企業被搜索引擎收錄敏感資產信息監控腳本:員工郵箱、子域名、Hosts) https://github.com/x0day/Multisearch-v2 (bing、google、360、zoomeye等搜索引擎聚合搜索,可用於發現企業被搜索引擎收錄的敏感資產信息)
webshell檢測
https://github.com/We5ter/Scanners-Box/tree/master/Find_webshell/ (php後門檢測,腳本較簡單,因此存在誤報高和效率低下的問題) https://github.com/yassineaddi/BackdoorMan (A toolkit find malicious, hidden and suspicious PHP scripts and shells in a chosen destination)
內網***
https://github.com/0xwindows/VulScritp (企業內網***腳本,包括banner掃描、端口掃描;phpmyadmin、jenkins等通用漏洞利用等) https://github.com/lcatro/network_backdoor_scanner(基於網絡流量的內網探測框架) https://github.com/fdiskyou/hunter(調用 Windows API 枚舉用戶登錄信息)
中間件掃描、指紋識別類
https://github.com/ring04h/wyportmap (目標端口掃描+系統服務指紋識別) https://github.com/ring04h/weakfilescan (動態多線程敏感信息泄露檢測工具) https://github.com/EnableSecurity/wafw00f (WAF產品指紋識別) https://github.com/rbsec/sslscan (ssl類型識別) https://github.com/urbanadventurer/whatweb (web指紋識別) https://github.com/tanjiti/FingerPrint (web應用指紋識別) https://github.com/nanshihui/Scan-T (網絡爬蟲式指紋識別) https://github.com/OffensivePython/Nscan (a fast Network scanner inspired by Masscan and Zmap) https://github.com/ywolf/F-NAScan (網絡資產信息掃描, ICMP存活探測,端口掃描,端口指紋服務識別) https://github.com/ywolf/F-MiddlewareScan (中間件掃描) https://github.com/maurosoria/dirsearch (Web path scanner) https://github.com/x0day/bannerscan (C段Banner與路徑掃描) https://github.com/RASSec/RASscan (端口服務掃描) https://github.com/3xp10it/bypass_waf (waf自動暴破) https://github.com/3xp10it/mytools/blob/master/xcdn.py(獲取cdn背後的真實ip) https://github.com/Xyntax/BingC(基於Bing搜索引擎的C段/旁站查詢,多線程,支持API) https://github.com/Xyntax/DirBrute(多線程WEB目錄爆破工具) https://github.com/zer0h/httpscan(一個爬蟲式的網段Web主機發現小工具) https://github.com/lietdai/doom(thorn上實現的分佈式任務分發的ip端口漏洞掃描器)
專用掃描器
https://github.com/blackye/Jenkins (Jenkins漏洞探測、用戶抓取爆破) https://github.com/code-scan/dzscan (discuz掃描) https://github.com/chuhades/CMS-Exploit-Framework (CMS***框架) https://github.com/lijiejie/IIS_shortname_Scanner (an IIS shortname Scanner) https://github.com/We5ter/Scanners-Box/tree/master/FlashScanner.pl (flashxss掃描) https://github.com/coffeehb/SSTIF(一個Fuzzing服務器端模板注入漏洞的半自動化工具)
無線網絡
https://github.com/savio-code/fern-wifi-cracker/ (無線安全審計工具) https://github.com/m4n3dw0lf/PytheM(Python網絡/***測試工具) https://github.com/P0cL4bs/WiFi-Pumpkin(無線安全***測試套件)
綜合類
https://github.com/az0ne/AZScanner (自動漏洞掃描器,子域名爆破,端口掃描,目錄爆破,常用框架漏洞檢測) https://github.com/blackye/lalascan (自主開發的分佈式web漏洞掃描框架,集合owasp top10漏洞掃描和邊界資產發現能力) https://github.com/blackye/BkScanner (BkScanner 分佈式、插件化web漏洞掃描器) https://github.com/ysrc/GourdScanV2 (被動式漏洞掃描) https://github.com/alpha1e0/pentestdb (WEB***測試數據庫) https://github.com/netxfly/passive_scan (基於http代理的web漏洞掃描器) https://github.com/1N3/Sn1per (自動化掃描器,包括中間件掃描以及設備指紋識別) https://github.com/RASSec/pentestEr_Fully-automatic-scanner (定向全自動化***測試工具) https://github.com/3xp10it/3xp10it (3xp10it自動化***測試框架) https://github.com/Lcys/lcyscan(python插件化漏洞掃描器) https://github.com/Xyntax/POC-T(***測試插件化併發框架)
Struts漏洞掃描
http://pan.baidu.com/s/1qXR9XSC (k8的struts系列掃描器)
原文鏈接:http://www.test404.com/post-1298.html