- 主机扫描
- 主机存活扫描
- nbtscan.exe:nbtscan 192.168.1.1/20
- arp-scan.exe:arp-scan.exe -t 192.168.1.1/24
- ping:for /L %I in (1,1, 254) do @ping -w 1 -n 1 192.168.1.%I | findstr “TTL=”
- Invoke-ARPScan.ps1: powershell.exe -exec bypass -Command “& {Import-Module c:\Invoke-ARPScan.ps1;Invoke-ARPScan -CIDR 192.168.1.1/24}” >> c:\log.txt
- cping:cping scan smbvul 10.33.93.1 10.33.93.1
- qs.exe:qs alive 192.168.1.1/24
- dnsbrute:
- F-NAScan.py
- Hscan
- 端口扫描
- s.exe: s.exe tcp 192.168.1.1 192.168.1.254 445,1433,3389,7001 256 /Banner /save
- scanline: scanline -h -t 20,80-89,110,389,445,3389,1099,7001,3306,1433,8080,1521 -u 53,161 -O c:\log.txt -p 192.168.1.1-254 /b
- Invoke-Portscan.ps1:Invoke-PortScan -StartAddress 192.168.1.1 -EndAddress 192.168.1.254 -ScanPort [探测存活 -ResolveHost]
- K8PortScan.exe
- F-NAScan.py
- nmap
- 主机存活扫描
- 敏感信息收集
- 密码抓取
- GetPass
- fgdump
- GetHash
- WCE
- PwDump7
- QuarksPwDump
- mimikatz
- Procdump
- Get-PassHashes.ps1
- lazagne
- lc5
- mimipenguin
- InternalMonologue
- gsecdump
- Invoke-Mimikatz
- Procdump
- PowerSploit.psd1
- Responder.py
- NTDSDumpEx.exe
- Net-GPPPassword.exe
- Get-GPPPassword.ps1
- 浏览器
- BrowserGhost
- WebBrowserPassView
- passrec全家桶
- SharpWeb
- 其它应用
- 邮件客户端
- mailpv.exe
- Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品
- SharpDecryptPwd.exe
- teamviewer
- tv_getpass.exe
- RDP
- rdpv.exe
- 邮件客户端
- 主机信息收集
- Seatbelt
- 密码抓取
- 隧道代理
- 网络层隧道
- IPv6隧道
- socat
- 6tunnel
- nt6tunnel
- ICMP隧道
- icmpsh
- PingTunnel
- IPv6隧道
- 传输层隧道
- lcx
- netcat
- powercat
- 应用层隧道
- SSH
- HTTP/HTTPS
- reDuh
- reGeorg
- tunna
- meterpreter
- DNS
- dnscat2
- iodine
- Socks代理
- EarthWorm
- reDuh
- reGeorg
- Neo-reGeorg
- sSocks
- frp
- ABPTTS
- Fport.exe
- NativePayload_ReverseShell.exe
- nps
- PortMap
- reprocks
- Tunna
- Venom
- 网络层隧道
- 提权工具
- Windows Exploit Suggester
- Sherlock
- Linux_Exploit_Suggester
- PowerUp.ps1
- Invoke-PsUACme
- rottenpotato.exe
- ADAPE-Script
- Invoke-ACLPwn.ps1
- 横向移动
- 漏洞利用
- ms17_010_eternalblue
- Ladon+MS17010EXP.ps1
- MS14-068.EXE
- ms14_068_kerberos_checksum
- pyKEK
- goldenPac.py
- SPN探测
- setspn
- Discover-PSInterestingServices.ps1
- GetUserSPNs.exe
- WMI
- wmiexec.py
- wmiexec.vbs
- Invoke-WmiCommand
- Invoke-WMIMethod
- Get-WMIObject
- Get-CimInstance
- wmiexec.exe
- wmipersist.exe
- wmiquery.exe
- 枚举用户名
- enum.exe
- hunter.exe
- lg.exe
- AdFind.exe
- dsquery.exe
- GetADUsers.exe
- SMB
- psexec
- crackmapexec
- wmiexec.exe
- 定位域管理员
- PVEFindADUser.exe
- qs.exe
- 漏洞利用
- 后门
- shift后门
- 注册表后门
- 计划任务后门
- QuasarRAT
- cobaltstrike
- DLL_Hijacker
- 免杀工具
- shellter.exe
- Restorator
- 弱口令爆破
- 御剑RDP爆破工具
- nbtenum
- hscan
- htpwdScan.py
- 超级弱口令检查工具
- 路由器密码扫描