Crane => Blog

猫系代码少年Crane

0%

各种奇怪的工具记录

记录一下在github或者别的什么地方下的工具,以免忘记

扫描

goby

资产收集

https://cn.gobies.org/

ARL

资产收集

https://github.com/TophantTechnology/ARL

WebAliveScan

端口扫描,目录扫描

https://github.com/broken5/WebAliveScan

myscan

myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。 此项目源自个人开发项目,结合个人对web渗透,常见漏洞原理和检测的代码实现,通用poc的搜集,被动扫描器设计,以及信息搜集等思考实践。

https://github.com/amcai/myscan

Packer-Fuzzer

Webpack打包api提取测试

https://github.com/rtcatc/Packer-Fuzzer

Git_Extract

现有的 git 恢复工具都依赖于 git 命令,没有将各版本的文件恢复,存在需要手动提取恢复 objects 的情况,对于部分文件的考虑存在欠缺,如 logs/HEAD, refs/stash, info/packs

https://github.com/gakki429/Git_Extract

ksubdomain

ksubdomain是一款基于无状态子域名爆破工具,支持在Windows/Linux/Mac上使用,它会很快的进行DNS爆破,在Mac和Windows上理论最大发包速度在30w/s,linux上为160w/s的速度

https://github.com/knownsec/ksubdomain

字典

Web Pentesting Fuzz 字典

https://github.com/TheKingOfDuck/fuzzDicts

SEC\fuzzDicts

利用框架

kunpeng

https://github.com/opensec-cn/kunpeng

Medusa

https://github.com/Ascotbe/Medusa

爆破

sha256-go

sha爆破

https://github.com/hydewww/sha256-go

Ruler

Ruler is a tool that allows you to interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP protocol. The main aim is abuse the client-side Outlook features and gain a shell remotely.

https://github.com/sensepost/ruler

内网

超级弱口令

windows .net 弱口令扫描 内网渗透

https://github.com/shack2/SNETCracker

LaZagne

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.

https://github.com/AlessandroZ/LaZagne

Cobalt-Strike-Aggressor-Scripts

可能是目前用起来最顺手的Cobalt Strike插件集合之一!

https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts

ServerScan

一款使用Golang开发且适用于攻防演习内网横向信息收集高并发网络扫描、服务探测工具。

https://github.com/Adminisme/ServerScan

Rubeus

Rubeus is a C# toolset for raw Kerberos interaction and abuses.

https://github.com/GhostPack/Rubeus

Seatbelt

Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives.

https://github.com/GhostPack/Seatbelt

Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

https://github.com/lgandx/Responder

3snake

dump sshd and sudo credential related strings

https://github.com/blendin/3snake

提权

SweetPotato

A collection of various native Windows privilege escalation techniques from service accounts to SYSTEM

https://github.com/CCob/SweetPotato

Kernelhub

Windows Kernel提权漏洞合集,附带编译环境,演示GIF图,漏洞详细信息,可执行文件

https://github.com/Ascotbe/Kernelhub

linux-exploit-suggester

Linux privilege escalation auditing tool

https://github.com/mzet-/linux-exploit-suggester

BURP

knife

https://github.com/bit4woo/knife

HaE

https://github.com/gh0stkey/HaE

Android

FRIDA-DEXDump

https://github.com/hluwa/FRIDA-DEXDump

r0capture

  • 仅限安卓平台,测试安卓7、8、9、10 可用 ;
  • 无视所有证书校验或绑定,不用考虑任何证书的事情;
  • 通杀TCP/IP四层模型中的应用层中的全部协议;
  • 通杀协议包括:Http,WebSocket,Ftp,Xmpp,Imap,Smtp,Protobuf等等、以及它们的SSL版本;
  • 通杀所有应用层框架,包括HttpUrlConnection、Okhttp1/3/4、Retrofit/Volley等等;
  • 如果有抓不到的情况欢迎提issue,或者直接加vx:r0ysue,进行反馈~

https://github.com/r0ysue/r0capture

审计

Kunlun-M

目前工具主要支持php、javascript的语义分析,以及chrome ext, solidity的基础扫描.

https://github.com/LoRexxar/Kunlun-M

监控

pspy

unprivileged Linux process snooping

https://github.com/DominicBreuker/pspy