渗透测试专用扫描器 漏洞扫描器 服务器端模板注入漏洞检测与利用工具 wordpress扫描工具 无线安全审计工具 白盒代码安全审计系统 跟踪、分析PHP运行情况的工具 集合owasp top10漏洞扫描和边界资产发现能力的分布式web漏洞扫描框架 BkScanner 分布式插件化web漏洞扫描器 WEB渗透测试数据库
https://github.com/blackye/Jenkins/ (Jenkins漏洞探测、用户抓取爆破)
https://github.com/code-scan/dzscan/ (discuz扫描)
https://github.com/chuhades/CMS-Exploit-Framework/ (CMS攻击框架)
https://github.com/lijiejie/IISshortnameScanner/ (an IIS shortname Scanner)
https://github.com/riusksk/FlashScanner/ (flashxss扫描)
https://github.com/coffeehb/SSTIF (一个Fuzzing服务器端模板注入漏洞的半自动化工具)
https://github.com/epinna/tplmap (服务器端模板注入漏洞检测与利用工具)
https://github.com/cr0hn/dockerscan (docker扫描工具)
https://github.com/m4ll0k/WPSeku (一款精简的wordpress扫描工具)
无线网络扫描器
https://github.com/savio-code/fern-wifi-cracker/ (无线安全审计工具)
https://github.com/m4n3dw0lf/PytheM (Python网络/渗透测试工具)
https://github.com/P0cL4bs/WiFi-Pumpkin (无线安全渗透测试套件)
代码扫描器
https://github.com/wufeifei/cobra (白盒代码安全审计系统)
https://github.com/OneSourceCat/phpvulhunter (静态php代码审计)
https://github.com/Qihoo360/phptrace (跟踪、分析PHP运行情况的工具)
https://github.com/ajinabraham/NodeJsScan (NodeJS应用代码审计)
集成扫描器
https://github.com/az0ne/AZScanner (自动漏洞扫描器,子域名爆破,端口扫描,目录爆破,常用框架漏洞检测)
https://github.com/blackye/lalascan (集合owasp top10漏洞扫描和边界资产发现能力的分布式web漏洞扫描框架)
https://github.com/blackye/BkScanner (BkScanner 分布式、插件化web漏洞扫描器)
https://github.com/ysrc/GourdScanV2 (被动式漏洞扫描)
https://github.com/alpha1e0/pentestdb (WEB渗透测试数据库)
https://github.com/netxfly/passive_scan (基于
http代理的web漏洞扫描器)
https://github.com/1N3/Sn1per (自动化扫描器,包括中间件扫描以及设备指纹识别)
https://github.com/RASSec/pentestEr_Fully-automatic-scanner (定向全自动化渗透测试工具)
https://github.com/3xp10it/3xp10it (自动化渗透测试框架)
https://github.com/Lcys/lcyscan (扫描效果未验证)
https://github.com/Xyntax/POC-T (渗透测试插件化并发框架)
https://github.com/v3n0m-Scanner/V3n0M-Scanner (Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns)
https://github.com/Skycrab/leakScan (web端的在线漏洞扫描)
https://github.com/zhangzhenfeng/AnyScan (又一款自动化渗透测试框架)
https://github.com/brianwrf/NagaScan (又一款自动化渗透测试框架)
高级持续性威胁(APT)
https://github.com/Neo23x0/Loki (一款APT入侵痕迹扫描器) 工控安全
https://github.com/w3h/icsmaster/tree/master/nse (ICS设备nmap扫描脚本)
Blackhat 2017 安全工具集:
Android, iOS and Mobile Hacking Android Tamer
https://github.com/AndroidTamer
DiffDroid
https://github.com/antojoseph/diff-droid
Kwetza
https://github.com/sensepost/kwetza
Needle
https://github.com/mwrlabs/needle
NoPE Proxy
http Proxy Extension)
https://github.com/summitt/Burp-Non-
http-Extension
Code Assessment Puma Scan
https://github.com/pumasecurity/puma-scan
Tintorera: Source Code Intelligence
(Code not yet uploaded)
https://github.com/vulnex/Tintorera
Cryptography Hashview
https://github.com/hashview/hashview
Gibber Sense
https://github.com/smxlabs/gibbersense
Data Forensics and Incident Response PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrieval
https://github.com/dirtbags/pcapdb
SCOT
(Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System
https://github.com/sandialabs/scot
Security Monkey
https://github.com/Netflix/security_monkey
ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWS
https://github.com/ThreatResponse
Yalda — Automated Bulk Intelligence Collection
(Code not yet uploaded)
https://github.com/gitaziabari/Yalda
Exploitation and Ethical Hacking AVET — AntiVirus Evasion Tool
https://github.com/govolution/avet
GDB Enhanced Features
(GEF)
https://github.com/hugsy/gef
Leviathan Framework
https://github.com/leviathan-framework/leviathan
MailSniper
https://github.com/dafthack/MailSniper
Seth
https://github.com/SySS-Research/Seth
Hardware/Embedded ChipWhisperer
https://github.com/newaetech/chipwhisperer
DYODE, a DIY, Low-Cost Data Diode for ICS
https://github.com/arnaudsoullie/dyode
FTW: Framework for Testing WAFs
https://github.com/fastly/ftw
The Bicho: An Advanced Car Backdoor Maker
https://github.com/UnaPibaGeek/CBM
Internet of Things Hacker Mode
https://github.com/xssninja/Alexa-Hacker-Mode
Universal Radio Hacker: Investigate Wireless Protocols Like a Boss
https://github.com/jopohl/urh
Malware Defense Aktaion v2 — Open Source Machine Learning and Active Defense Tool
https://github.com/jzadeh/Aktaion
Cuckoo Sandbox
https://github.com/cuckoosandbox/cuckoo
LimaCharlie
https://github.com/refractionPOINT/limacharlie
Malboxes
https://github.com/GoSecure/malboxes
Network Attacks BloodHound 1.3
https://github.com/BloodHoundAD/BloodHound
CrackMapExec v4
https://github.com/byt3bl33d3r/CrackMapExec
DELTA: SDN Security Evaluation Framework
https://github.com/OpenNetworkingFoundation/DELTA
eaphammer
https://github.com/s0lst1c3/eaphammer
gr-lora: An Open-Source SDR Implementation of the LoRa PHY
https://github.com/BastilleResearch/gr-lora
Yasuo
https://github.com/0xsauby/yasuo
Network Defense Assimilator
https://github.com/videlanicolas/assimilator
Noddos
https://github.com/noddos/noddos
SITCH: Distributed, Coordinated GSM Counter-Surveillance
https://github.com/sitch-io/sensor
Sweet Security
https://github.com/TravisFSmith/SweetSecurity
OSINT — Open Source Intelligence Datasploit — Automated Open Source Intelligence
(OSINT) Tool
https://github.com/DataSploit/datasploit
Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting
https://github.com/dradis/dradis-ce
OSRFramework: Open Sources Research Framework
https://github.com/i3visio/osrframework
Reverse Engineering BinGrep
https://github.com/m4b/bingrep
Vulnerability Assessment Aardvark and Repokid
https://github.com/square/Aardvark SERPI
此文章来源于
http://www.ddosi.org /2017/09/30/scan/
2018年以前网站服务器的备份,当时决定不要了,删了所有东西,现在还原一下(有些图片挂了,永远找不回来了,sorry)