目录导航
awesome-bbht.sh是一个自动安装,自动发现侦察,漏洞利用等有趣的漏洞搜索工具的列表bash脚本.
安装方法
git clone https://github.com/0xApt/awesome-bbht.sh
cd awesome-bbht
chmod + x awesome-bbht.sh
./awesome-bbht.sh脚本包括的工具列表
子域枚举
- aquatone-用于域立交桥的工具
- Knockpy -Knockpy是一个python工具,旨在通过单词列表枚举目标域上的子域。
- subbrute-枚举DNS记录和子域的DNS元查询蜘蛛。
- assetfinder-查找与给定域相关的域和子域
- 域查找器
- rsdl-使用Ping方法进行子域扫描
- subDomainizer-一种工具,用于查找子域和隐藏在其中的有趣内容,页面,文件夹和Github的外部Javascript文件。
- domain_analyzer-通过查找所有可能的信息来分析任何域的安全性。用python制造。
- massdns-用于批量查找和侦察(子域枚举)的高性能DNS存根解析器
- subfinder -Subfinder是一个子域发现工具,可发现网站的有效子域。设计为被动框架,可用于漏洞赏金和安全的渗透测试。
- amass-深度攻击面映射和资产发现
- sub.sh-在线子域检测脚本
- sublist3r-渗透测试人员的快速子域枚举工具
- Sudomy -Sudomy是一个子域枚举工具,使用bash脚本创建,可以快速全面地分析域并收集子域。以HTML或CSV格式报告输出https://github.com/Screetsec/
内容发现
API
- secretx-通过请求列表中的每个URL提取api密钥和机密。
AWS S3存储桶
- s3brute -s3暴力破解工具
- s3-bucket- finder-查找aws s3桶并提取数据。
- bucket- stream-通过查看证书透明性日志查找有趣的Amazon S3桶。
- 啜食-通过certstream,域或关键字枚举S3桶。
- lazys3-使用不同排列对AWS s3存储桶进行暴力破解的Ruby脚本。
- cred_scanner-一个基于文件的简单扫描程序,用于查找文件中潜在的AWS访问和密钥
- DumpsterDiver-一种工具,用于分析各种文件类型的大容量,以搜索诸如密钥(AWS访问密钥,Azuer共享密钥或SSH密钥)或密码之类的经编码秘密。
- S3Scanner-扫描打开的AWS S3存储桶并转储内容
检查JS文件
- JSParser-使用Tornado和JSBeautifier解析来自JavaScript文件的相对URL的python 2.7脚本。
- relative-url-extractor-一个从文件中提取相对URL的小工具。
- github搜索
- sub.js-一种从URL或子域列表中获取javascript文件的工具
- LinkFinder-在JavaScript文件中查找端点的python脚本
代码审核
- 眼镜蛇-源代码安全审计(Source Codes Security Audit)
爬行者
- 抓取工具-抓取网站提取链接
- waybackMachine-使用Wayback Machine数据提取路径列表。
- 梅格-获取许多主机的许多路径-而不杀死主机
- hakrawler-简单,快速的Web爬网程序,旨在轻松,快速地发现Web应用程序中的端点和资产
- igoturls -WaybackURLS + OtxURLS + CommonCrawl
目录暴力破解者和模糊者
开发
子域接管
谷歌云存储
- GCPBucketBrute-一个脚本,用于枚举Google存储桶,确定对它们的访问权限以及确定是否可以特权升级。
数字海洋
- spaces- finder-寻找可公开访问的DigitalOcean Spaces的工具
XXE
- XXEinjector-使用直接和不同的带外方法自动利用XXE漏洞的工具。
CSRF
- XSRFProbe-主要跨站点请求伪造(CSRF)审核和利用工具包。
命令注入
- commix-自动化的多合一OS命令注入和利用工具。https://commixproject.com
SQLi
- sqlmap-自动SQL注入和数据库接管工具http://sqlmap.org
- sqliv-大规模SQL注入漏洞扫描程序
- sqlmate – SQLmap的朋友,它将完成您对SQLmap的期望。
XSS
- XSS-Finder-世界上功能最强大和最先进的跨站点脚本编写软件
- XSStrike-最先进的XSS扫描仪。
- XSS-keylogger-用于在站点中利用XSS漏洞的击键记录器-仅供我个人使用
开放重定向
- open-redirect-scanner-打开重定向子域扫描仪
cms识别
- CMSmap -CMSmap是一个python开源CMS扫描程序,它可以自动检测最流行CMS的安全漏洞。
- CMSeeK -CMS检测和利用套件-扫描WordPress,Joomla,Drupal和170多个其他CMS
- wpscan -WPScan是一款免费的,非商业用途的黑盒WordPress漏洞扫描程序,专门为安全专业人员和博客维护人员编写,用于测试其WordPress网站的安全性
- Joomscan -OWASP Joomla漏洞扫描程序项目
- Droopescan-一种基于插件的扫描程序,可帮助安全研究人员确定多个CMS(主要是Drupal和Silverstripe)的问题。
- Drupwn -Drupal枚举和利用工具
渗透框架
- Sn1per-面向攻击性安全专家的自动渗透测试框架
- XRay -XRay是从公共网络进行侦察,映射和OSINT收集的工具。
- datasploit-一个#OSINT框架,用于对公司,人员,电话号码,比特币地址等执行各种侦查技术,汇总所有原始数据,并以多种格式提供数据。
- Osmedeus-用于侦察和漏洞扫描的全自动进攻性安全框架
- TIDoS框架–令人讨厌的手动Web应用程序渗透测试框架。
- 发现-自定义bash脚本,用于自动执行各种渗透测试任务,包括使用Metasploit进行侦查,扫描,解析以及创建恶意有效负载和侦听器。
- lazyrecon-此脚本旨在以有组织的方式自动化您的侦察过程
- 003Recon-一些自动执行侦察的工具-003random
- LazyRecon-执行自动侦查漏洞赏金和渗透测试的自动化方法。
字典
- SecLists -SecLists是安全测试人员的伴侣。它是在安全评估期间使用的多种类型列表的集合,这些列表集中在一个地方。列表类型包括用户名,密码,URL,敏感数据模式,模糊有效载荷,Web Shell等。
- Jhaddix词表
- Nahamsec列表
其他
- altdns-生成子域的排列,变更和突变,然后对其进行解析
- nmap-网络映射器
- Blazy -Blazy是一种现代的登录暴力破解程序,它也测试CSRF,Clickjacking,Cloudflare和WAF。
- httprobe-列出域并探查工作的HTTP和HTTPS服务器
- 损坏的链接检查器-在HTML中查找损坏的链接,丢失的图像等。
工具下载地址
①GitHub
github.com/0xApt/awesome-bbht/archive/master.zip
②雨苁网盘:
https://w.ddosi.workers.dev/github/awesome-bbht/
③awesome-bbht.sh源码
#!/bin/bash
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get install -y libcurl4-openssl-dev
sudo apt-get install -y libssl-dev
sudo apt-get install -y jq
sudo apt-get install -y ruby-full
sudo apt-get install -y libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev
sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev
sudo apt-get install -y python-setuptools
sudo apt-get install -y libldns-dev
sudo apt-get install -y python3-pip
sudo apt-get install -y python-pip
sudo apt-get install -y python-dnspython
sudo apt-get install -y git
sudo apt-get install -y rename
sudo apt-get install -y xargs
#create a directory for tools
mkdir /opt/tools
echo "done"
#install go
if [[ -z "$GOPATH" ]];then
echo "It looks like go is not installed, would you like to install it now"
PS3="Please select an option : "
choices=("yes" "no")
select choice in "${choices[@]}"; do
case $choice in
yes)
echo "Installing Golang"
wget https://dl.google.com/go/go1.14.2.linux-amd64.tar.gz
sudo tar -xvf go1.14.2.linux-amd64.tar.gz
sudo mv go /usr/local
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
echo 'export GOROOT=/usr/local/go' >> ~/.bash_profile
echo 'export GOPATH=$HOME/go' >> ~/.bash_profile
echo 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' >> ~/.bash_profile
source ~/.bash_profile
sleep 1
break
;;
no)
echo "Please install go and rerun this script"
echo "Aborting installation..."
exit 1
;;
esac
done
fi
#create content-discovery, subdomain, and other directories
echo "Creating /opt/tools/subdomain-enum"
mkdir /opt/tools/subdomain-enum
echo "Creating /opt/tools/content-discovery"
mkdir /opt/tools/content-discovery
echo "Creating /opt/tools/other"
mkdir /opt/tools/other
#Don't forget to set up AWS credentials!
echo "Don't forget to set up AWS credentials!"
pip install awscli --upgrade --user
echo "Don't forget to set up AWS credentials!"
#install aquatone
echo "Installing Aquatone"
go get github.com/michenriksen/aquatone
echo "done"
#install knockpy
echo "Installing knockpy"
git clone https://github.com/guelfoweb/knock.git /opt/tools/subdomain-enum/knockpy
echo "done"
#install subbrute
echo "Installing subbrute"
git clone https://github.com/TheRook/subbrute.git /opt/tools/subdomain-enum/subbrute
echo "done"
#install assetfinder
echo "Installing asset finder"
go get -u github.com/tomnomnom/assetfinder
echo "done"
#install domain-finder
echo "Installing domain-finder"
cd /opt/tools/subdomain-enum
wget https://raw.githubusercontent.com/gwen001/pentest-tools/master/domain-finder.py
echo "done"
#install rsdl
echo "Installing rsdl"
go get github.com/tismayil/rsdl
go build rsdl.go
#install subDomainizer
echo "Installing subDomainizer"
git clone https://github.com/nsonaniya2010/SubDomainizer.git /opt/tools/subdomain-enum/subDomainizer
echo "done"
#install domain_analyzer
echo "Installing domain_analyzer"
git clone https://github.com/eldraco/domain_analyzer.git /opt/tools/subdomain-enum/domain_analyzer
echo "done"
#install massdns
echo "Installing massdns"
git clone https://github.com/blechschmidt/massdns.git /opt/tools/subdomain-enum/massdns
echo "done"
#install subfinder
echo "Installing subfinder"
git clone https://github.com/subfinder/subfinder.git /opt/tools/subdomain-enum/subfinder
cd /opt/tools/subdomain-enum/subfinder
go get github.com/subfinder/subfinder
echo "done"
#install amass
echo "Installing amass"
go get -u github.com/caffix/amass
echo "done"
#install sub.sh
echo "Installing sub.sh"
sudo apt-get install jq
git clone https://github.com/cihanmehmet/sub.sh.git /opt/tools/subdomain-enum/sub.sh
echo "done"
#install sublist3r
echo "Installing Sublist3r"
git clone https://github.com/aboul3la/Sublist3r.git /opt/tools/subdomain-enum/Sublist3r
cd /opt/tools/subdomin-enum/Sublist3r
pip install -r requirements.txt
echo "done"
#install Sudomy
echo "Installing Sudomy"
git clone --recursive https://github.com/screetsec/Sudomy.git /opt/tools/subdomain-enum/Sudomy
cd /opt/tools/subdomain-enum/Sudomy
pip install -r requirements.txt
echo "done"
#############################################
# Content Discovery #
#############################################
###########################
# API #
###########################
#install secretx
echo "installing secrtex"
git clone https://github.com/xyele/secretx.git /opt/tools/content-discovery/api/secretx
cd /opt/tools/content-discovery/api/secretx
python3 -m pip install -r requirements.txt
echo "done"
###########################
# AWS S3 Bucket #
###########################
#install s3brute
echo "installing s3brute"
git clone https://github.com/ghostlulzhacks/s3brute.git /opt/tools/content-discovery/AWS/s3brute
echo "done"
#install s3-buckets-finder
echo "installing s3-buckets-finder"
git clone https://github.com/gwen001/s3-buckets-finder.git /opt/tools/content-discovery/AWS/s3-buckets-finder
echo "done"
#install bucket-stream
echo "installing bucket-stream"
git clone https://github.com/eth0izzle/bucket-stream.git /opt/tools/content-discovery/AWS/bucket-stream
cd /opt/tools/content-discovery/AWS/bucket-stream
pip3 install -r requirements.txt
echo "done"
#install slurp
echo "installing slurp"
go get github.com/nuncan/slurp
echo "done"
#install lazys3
echo "installing lazys3"
git clone https://github.com/nahamsec/lazys3.git /opt/tools/content-discovery/AWS/lazys3
echo "done"
#install cred_scanner
echo "installing cred_scanner"
git clone https://github.com/disruptops/cred_scanner.git /opt/tools/content-discovery/AWS/cred_scanner
cd /opt/tools/content-discovery/AWS/cred_scanner
pip install -r requirements.txt
echo "done"
#install DumpsterDiver
echo "installing DumpsterDiver"
git clone https://github.com/securing/DumpsterDiver.git /opt/tools/content-discovery/AWS/DumpsterDiver
cd /opt/tools/content-discovery/AWS/DumpsterDiver
pip install -r requirements.txt
echo "done"
#install S3Scanner
echo "installing S3Scanner"
git clone https://github.com/sa7mon/S3Scanner.git /opt/tools/content-discovery/AWS/S3Scanner
cd /opt/tools/content-discovery/AWS/S3Scanner
pip install -r requirements.txt
echo "done"
###########################
# Inspecting JS Files #
###########################
#install JSParser
echo "installing JSParser"
git clone https://github.com/nahamsec/JSParser.git /opt/tools/content-discovery/JS/JSParser
cd JSParser*
sudo python setup.py install
echo "done"
#intall relative-url-extractor
echo "installing relative-url-extractor"
git clone https://github.com/jobertabma/relative-url-extractor.git /opt/tools/content-discovery/JS/relative-url-extractor
echo "done"
#install github-search
echo "installing github-search"
cd /opt/tools/content-discovery/JS
wget https://raw.githubusercontent.com/gwen001/github-search/master/github-subdomains.py
echo "done"
#install subjs
echo "installing subjs"
go get -u github.com/lc/subjs
echo "done"
#install LinkFinder
echo "install LinkFinder"
git clone https://github.com/GerbenJavado/LinkFinder.git /opt/tools/content-discovery/JS/LinkFinder
cd /opt/tools/content-discovery/JS/LinkFinder
python3 -m pip install -r requirements.txt
echo "done"
###########################
# Code Audit #
###########################
#install Cobra
echo "installing Cobra"
git clone https://github.com/WhaleShark-Team/cobra.git /opt/tools/content-discovery/code_audit/Cobra
cd /opt/tools/content-discovery/code_audit/Cobra
pip install -r requirements.txt
echo "done"
###########################
# Crawlers #
###########################
#install crawler
echo "installing crawler"
git clone https://github.com/ghostlulzhacks/crawler.git /opt/tools/content-discovery/crawlers/crawler
echo "done"
#install waybackMachine
echo "installing waybackMachine"
git clone https://github.com/ghostlulzhacks/waybackMachine.git /opt/tools/content-discovery/crawlers/waybackMachine
echo "done"
#install meg
echo "installing meg"
go get -u github.com/tomnomnom/meg
echo "done"
#install hakrawler
echo "installing hakrawler"
go get github.com/hakluke/hakrawler
echo "done"
#install igoturls
echo "installing igoturls"
git clone https://github.com/xyele/igoturls.git /opt/tools/content-discovery/crawlers/igoturls
echo "done"
###########################
# Directory Bruteforcers #
# & #
# Fuzzers #
###########################
#install gobuster
echo "installing gobuster"
go get github.com/OJ/gobuster
echo "done"
#install ffuf
echo "installing ffuf"
go get github.com/ffuf/ffuf
echo "done"
#install dirsearch
echo "installing dirsearch"
git clone https://github.com/maurosoria/dirsearch.git /opt/tools/dir-fuzz/dirsearch
echo "done"
#############################################
# Exploitation #
#############################################
###########################
# API #
###########################
#install imperva
echo "installing imperva"
git clone https://github.com/imperva/automatic-api-attack-tool.git /opt/tools/exploitation/api/imperva
echo "done"
###########################
# Subdomain Takeover #
###########################
#install subjack
echo "installing subjack"
go get github.com/haccer/subjack
echo "done"
#install subdomain-takeover
echo "installing subdomain-takeover"
git clone https://github.com/antichown/subdomain-takeover.git /opt/tools/exploitation/subdomain-takeover
cd /opt/tools/exploitation/subdomain-takeover
pip install -r requirements.txt
echo "done"
#install takeover
echo "installing takeover"
git clone https://github.com/m4ll0k/takeover.git /opt/tools/exploitation/takeover
echo "done"
#install SubOver
echo "installing SubOver"
go get github.com/Ice3man543/SubOver
###########################
# Google Cloud Storage #
###########################
#install GCPBucketBrute
echo "installing GCPBucketBrute"
git clone https://github.com/RhinoSecurityLabs/GCPBucketBrute.git /opt/tools/exploitation/google-cloud-storage/GCPBucketBrute
cd /opt/tools/exploitation/google-cloud-storage/GCPBucketBrute
python3 -m pip install -r requirements.txt
echo "done"
###########################
# Digital Ocean #
###########################
#install spaces-finder
echo "installing spaces-finder"
git clone https://github.com/appsecco/spaces-finder.git /opt/tools/exploitation/digital-ocean/spaces-finder
cd /opt/tools/exploitation/digital-ocean/spaces-finder
python3 -m pip install -r requirements.txt
###########################
# XXE #
###########################
#install XEEinjector
echo "installing XEEinjector"
git clone https://github.com/enjoiz/XXEinjector.git /opt/tools/exploitation/XXE/XXEinjector
echo "done"
###########################
# CSRF #
###########################
#install XSRFProbe
echo "installing XSRFProbe"
git clone https://github.com/0xInfection/XSRFProbe.git /opt/tools/exploitation/CSRF/XSRFProbe
cd /opt/tools/exploitation/CSRF/XSRFProbe
python3 setup.py install
echo "done"
###########################
# Command injection #
###########################
#install commix
echo "installing commix"
git clone https://github.com/commixproject/commix.git /opt/tools/exploitation/command-injection/commix
echo "done"
###########################
# SQLi #
###########################
#install sqlmap
echo "installing sqlmap"
git clone https://github.com/sqlmapproject/sqlmap.git /opt/tools/exploitation/sqli/sqlmap
echo "done"
#install sqliv
echo "installing sqliv"
git clone https://github.com/the-robot/sqliv.git /opt/tools/exploitation/sqli/sqliv
cd /opt/tools/exploitation/sqli/sqliv
sudo python2 setup.py -i
echo "done"
#install sqlmate
echo "installing sqlmate"
git clone https://github.com/s0md3v/sqlmate.git /opt/tools/exploitation/sqli/sqlmate
cd /opt/tools/exploitation/sqli/sqlmate
pip install -r requirements.txt
echo "done"
###########################
# XSS #
###########################
#install XSS-Finder
echo "installing XSS-Finder"
git clone https://github.com/haroonawanofficial/XSS-Finder.git
echo "done"
#install XSStrike
echo "installing XSStrike"
git clone https://github.com/s0md3v/XSStrike.git /opt/tools/exploitation/xss/XSStrike
cd /opt/tools/exploitation/xss/XSStrike
python3 -m pip install -r requirements.txt
echo "done"
#install XSS-keylogger
echo "installing XSS-keylogger"
git clone https://github.com/hadynz/xss-keylogger.git /opt/tools/exploitation/xss/XSS-keylogger
echo "done"
###########################
# Open Redirect #
###########################
#install open-redirect-scanner
echo "installing open-redirect-scanner"
git clone https://github.com/ak1t4/open-redirect-scanner.git /opt/tools/exploitation/open-redirect/open-redirect-scanner
echo "done"
#############################################
# CMS #
#############################################
#install CMSmap
echo "installing CMSmap"
git clone https://github.com/Dionach/CMSmap.git /opt/tools/CMS/CMSmap
cd /opt/tools/CMS/CMSmap
pip3 install .
echo "done"
#install CMSeek
echo "installing CMSeek"
git clone https://github.com/Tuhinshubhra/CMSeeK.git /opt/tools/CMS/CMSeek
cd /opt/tools/CMS/CMSeek
python3 -m pip install -r requirements.txt
echo "done"
#install Joomscan
echo "installing Joomscan"
git clone https://github.com/rezasp/joomscan.git /opt/tools/CMS/Joomscan
echo "done"
#install wpscan
echo "installing wpscan"
gem install wpscan
echo "done"
#install droopescan
echo "installing droopescan"
apt-get install python-pip
pip install droopescan
echo "done"
#install drupwn
echo "installing drupwn"
git clone https://github.com/immunIT/drupwn.git /opt/tools/CMS/drupwn
cd /opt/tools/CMS/drupwn
python3 setup.py install
drupwn --help
echo "done"
#############################################
# Frameworks #
#############################################
#install Sn1per
echo "installing Sn1per"
git clone https://github.com/1N3/Sn1per.git /opt/tools/Frameworks/Sn1per
cd /opt/tools/Frameworks/Sn1per
bash install.sh
echo "done"
#install XRay
echo "installing XRay"
go get github.com/evilsocket/xray
cd $GOPATH/src/github.com/evilsocket/xray/
make
echo "done"
#install datasploit
echo "installing datasploit"
git clone https://github.com/DataSploit/datasploit.git /opt/tools/Frameworks/datasploit
cd /opt/tools/Frameworks/datasploit
python3 -m pip install --upgrade --force-reinstall -r requirements.txt
echo "done"
#install Osmedeus
echo "installing Osmedeus"
git clone https://github.com/j3ssie/Osmedeus.git /opt/tools/Frameworks/osmedeus
cd /opt/tools/Frameworks/osmedeus
./install.sh
echo "done"
#install TIDoS-Framework
echo "installing TIDoS-Framework"
git clone https://github.com/0xinfection/tidos-framework.git /opt/tools/Frameworks/TIDoS-Framework
cd /opt/tools/Frameworks/osmedeus
chmod +x install
./install
echo "done"
#install discover
echo "installing discover"
git clone https://github.com/leebaird/discover.git /opt/tools/Frameworks/discover
cd /opt/tools/Frameworks/discover
./update.sh
echo "done"
#install lazyrecon
echo "installing lazyrecon"
git clone https://github.com/nahamsec/lazyrecon.git /opt/tools/Frameworks/lazyrecon
echo "done"
#install 003Recon
echo "installing 003Recon"
git clone https://github.com/003random/003Recon.git /opt/tools/Frameworks/003Recon
cd /opt/tools/Frameworks/003Recon
./install.sh
echo "done"
#install LazyRecon
echo "installing LazyRecon"
echo "remember to set API keys!!"
git clone https://github.com/capt-meelo/LazyRecon.git /opt/tools/Frameworks/
echo "done"
#############################################
# Other #
#############################################
#install altdns
echo "installing altdns"
pip install py-altdns
echo "done"
#install nmap
echo "installing nmap"
sudo apt-get install -y nmap
echo "done"
#install Blazy
echo "installing Blazy"
git clone https://github.com/s0md3v/Blazy.git /opt/tools/other/Blazy
cd /opt/tools/other/Blazy
pip install -r requirements.txt
echo "done"
#install httprobe
echo "installing httprobe"
go get -u github.com/tomnomnom/httprobe
echo "done"
#install broken-link-checker
echo "installing broken-link-checker"
npm install broken-link-checker -g
echo "done"
###########################
# Wordlists #
###########################
#install Seclists
echo "downloading Seclist"
git clone https://github.com/danielmiessler/SecLists.git /opt/tools/Wordlists/SecLists
echo "done"
cd /opt/tools/Wordlists/SecLists/Discovery/DNS/
##THIS FILE BREAKS MASSDNS AND NEEDS TO BE CLEANED
cat dns-Jhaddix.txt | head -n -14 > clean-jhaddix-dns.txt
#install JHaddix Wordlist
echo "downloading JHaddix wordlist"
cd /opt/tools/Wordlists
wget https://gist.githubusercontent.com/jhaddix/b80ea67d85c13206125806f0828f4d10/raw/c81a34fe84731430741e0463eb6076129c20c4c0/content_discovery_all.txt
echo "done"
#install Nahamsec list
echo "downloading Nahamsec list"
cd /opt/tools/Wordlists
wget https://gist.githubusercontent.com/Leoid/38984017886cd058a314dfda5c3d6c6e/raw/1ee5fe1da82a3ae92b0c486f86fbe26bbdff1e06/Nahamsec%2520Thread
echo "done"