想学渗透测试,还是要站在巨人工具的肩膀上
测试工具大汇总,建议收藏工具是多么的重要呀~~~,维护网络安全,人人有责哦
总结第二波:Last wave of links:
[Ten years of network security engineers] - Introduction to the use of 100 penetration testing tools
tool name |
Classification |
type |
Features |
Evaluation recommendation |
| mfor |
IC card |
cmd-line |
key program |
Do you want to learn the tools used in the various free meals and recharge tutorials? |
| mfterm |
IC card |
shell |
Interactive IC Card File Writing Tool |
To modify the data in the card is the final IC card |
| pixiewps |
wifi |
cmd-line |
Use the bug in WPS random number generation for wifi with WPS turned on |
Some say soon, some say that the success rate is relatively low |
| reaver |
wifi |
cmd-line |
Tools for wifi with WPS turned on |
#2 wifi tool after aircrack-ng |
| wifite |
wifi |
cmd-line |
More automated wifi tools |
|
| apktool |
Android reverse |
cmd-line |
Restore resource files such as xml and plates from the apk file |
|
| clang |
translater |
cmd-line |
Compiler similar to gcc, more lightweight, can compile c, c++, Objective-C |
|
| clang++ |
translater |
cmd-line |
C++ compiler, the relationship with clang is similar to the class system of gcc and g++ |
|
| dex2jar |
Android reverse |
cmd-line |
apktool restores apk to resource files and dex, dex2jar restores dex to jar file (.class) |
|
| edb-debug |
Dynamic debugging |
gui |
Software reverse dynamic debugging tool |
Ollydbg for Linux |
| flashm |
disassembly |
cmd-line |
The disassembly tool for .swf files can disassemble the script code in .swf |
|
| jad |
decompile |
cmd-line |
Dex2jar restores the file to .class, and jad further restores the file to .java |
|
| javasnoop |
fuzz |
gui |
Java program vulnerability assessment tool |
|
| nasm shell |
compilation |
shell |
nasm is a 32-bit assembly compiler, which is a nasm shell |
|
| ollydbg |
Dynamic debugging |
gui |
The well-known dynamic debugging tool on the windows platform, on Linux, it is a bit uncomfortable to run through wine |
|
| radar2 |
static analysis |
cmd-line |
A static disassembly analysis tool similar to ida, powerful and open source |
But the command line operation is a bit difficult |
| armitage |
exploit |
gui |
GUI interface for measploit |
Well, it seems to be better than the original msf-gui, but if you ask someone to start msf and log in, you don't have to forget it. |
| beef |
exploit |
cmd-line |
Using msf's exp combined with xss to construct a sexual html page, when the browser accesses it, it will receive and obtain the shell |
That's fine, but I don't know how it works on current browsers |
| metasploit |
exploit |
shell |
Just start msfconsole |
|
| msf payload center |
exploit |
cmd-line |
Generate executable files for various platforms such as windows/android containing exp, and make sharp tools |
What is the difference between this thing and msfvenom |
| searchsploit |
exploit |
cmd-line |
Used to search for exploit scripts that have been downloaded locally from exploitdb |
It can be understood that msf is all executable code written by ruby, and exploit is not necessarily written in ruby, it may just scan the description instead of the code |
| Social-Engineering |
exploit |
shell |
Generally used to generate various files with exp inserted, to induce the target to open and get hit |
Social engineering is always great, but I always feel that social engineering and DDOS are the most misnomers |
| termineter |
exploit |
shell |
Smart Meter Framework |
This requires hardware matching, haven't played it |
| bdfproxy |
middleman |
Can insert payload into passing traffic while in the middle |
||
| operating network |
Plate Sniffing |
cmd-line |
Used to sniff the plates in the traffic and display them on the x-window |
Only with arp as a middleman can it exert its power, and it's just fun to stop yourself |
| ettercap |
Traffic interception |
gui |
I heard that it can intercept the traffic of the same subnet. It is invincible. What is the principle? |
|
| hampster |
acting |
cmd-line |
It seems that the proxy is also forwarding traffic. |
|
| macchanger |
mac |
cmd-line |
Modify the mac address of the machine when surfing the Internet, one is used to hide the identity, and the other can be used to bypass the wifi mac blacklist |
It should be just a soft modification of the mac address, which is impossible to write. |
| mitmproxy |
acting |
cmd-line |
It seems that the proxy is also forwarding traffic. |
It doesn't feel special. |
| netsniff-ng |
Traffic capture |
cmd-line |
High-performance traffic capture kit, the capture effect may be relatively stable when the traffic is large |
|
| responder |
host sniffing |
cmd-line |
Passively sniffing information such as the operating system version of the host that interacts with the host |
|
| wireshark |
Traffic capture |
gui |
Block all traffic passing through the specified network card |
sectools常年排行第一的工具,这就不用多说了吧 |
| backdoor |
||||
| exe2hex |
编码转换 |
cmd |
顾名思义就是把exe文件转成十六进制文件 |
不过这样的意义是什么,不是以十六进制就能打开了吗 |
| Intersect |
脚本生成 |
shell |
感觉是SQL 有Intersect语句的生成工具 |
|
| mimikatz |
提取 |
cmd-line |
用于从windows内存中提取 |
|
| nishang |
后渗透 |
cmd-line |
基于powershell的后渗透工具 |
|
| PowerSploit |
后渗透 |
cmd-line |
也是一个基于powershell的后渗透工具 |
|
| proxychains |
多重代理 |
cmd-line |
好像用来配置多种代理的 |
|
| weevely |
webshell |
shell |
webshell连接工具不过好像要用自己生成的小马 |
|
| autopsy |
网页分析 |
web |
启动一个服务通过浏览器访问使用,感觉是分析网页各种元素的不是很懂 |
|
| binwalk |
文件识别 |
cmd-line |
用于分析一个文件中是否其实有多个文件 |
ctf的key文件提取就常用到的 |
| bulk_extractor |
要素提取 |
cmd-line |
扫描给定的目录或文件,如果发现一些如电话号码网址等关键的信息则输出到文件 |
|
| chkrootkit |
系统检查 |
cmd-line |
扫描本机,查看本机是否存在受rootkit影响的地方 |
理解成360的查杀也差不多 |
| foremost |
文件恢复 |
cmd-line |
文件恢复工具,用于被删除的文件的恢复,就是360等的那个文件恢复功能 |
|
| galleta |
cookie文件 |
cmd-line |
用于分析IE的cookie文件输出其中的有用信息 |
|
| hashdeep |
hash计算 |
cmd-line |
用于计算文件hash值,支持多种散列算法 |
|
| volafox |
内存分析 |
cmd-line |
针对Mac OS X的内存分析工具,可从其内存镜像中读取进程列表等各种主机信息 |
先用工具把当前内存抓取下来,然后再用来分析;内存数据容易被破坏所以这确实很有意义 |
| volatility |
内存分析 |
cmd-line |
volafox的扩展,支持Mac OS X/Linux/Windows |
|
| casefile |
报告编写 |
gui |
一个画图工具,packet tracer用来画网络拓扑,这用来画场景拓扑 |
这写出高大上的报告啊 |
| cutycapt |
网页截屏 |
cmd-line |
一个基于WebKit内核的网页截图工具,就是指定一个url它就能用解析url并把url界面截下来 |
各种扫描器中的截图就是使用类似的工具完成的,并不会真用个浏览器访问再截图下来 |
| dradis |
报告生成 |
web |
可解析burpsuite/nmap等生成的扫描文件,并可将扫描结果转存为pdf或html |
|
| faraday IDE |
报告管理 |
gui |
||
| keepnote |
笔记本 |
gui |
较之记事本,可建文件夹,支持富文本,可导出为其他格式 |
|
| magictree |
报告管理 |
gui |
||
| pipal |
词频统计 |
cmd-line |
||
| recordmydesktop |
屏幕录制 |
cmd-line |
屏幕录制,输出.ogv格式视频 |
不过感觉这视频格式占用磁盘有点大啊 |
| maltegoce |
关系分析 |
gui |
通过网络搜索,获取某个IP或邮箱与其他IP或邮箱的拓扑关系 |
这东西有那么强,但社工的东西还是没那么强,而且还是外国的工具在天朝的网络 |
请记得一键三连哦~~~~~~~~~·
推荐阅读
渗透测试专用系统
kali-linux-e17-2019.1a-amd64.iso系统镜像_kalilinux2019镜像-Linux文档类资源-CSDN下载
kali-linux-2018.4-amd64操作系统_-Linux文档类资源-CSDN下载
manjaro-xfce-17.1.7-stable-x86_64.iso系统镜像_manjaro镜像下载-Linux文档类资源-CSDN下载
nst-32-11992.x86_64.iso操作系统镜像.zip_-Linux文档类资源-CSDN下载
manjaro-xfce-17.1.7-stable-x86_64操作系统_-Linux文档类资源-CSDN下载
cyborg-hawk-linux-v-1.1操作系统_cyborghwak安装教程-Linux文档类资源-CSDN下载
渗透测试相关工具
渗透测试实战专栏https://blog.csdn.net/weixin_42350212/category_7716334.html
- Java实现照片GPS定位【完整脚本】
- ReadPicExif.zip_-Java document resources-CSDN download https://download.csdn.net/download/weixin_42350212/20024262
- The goddess forgot the album secret python20 lines of code to open.py-Python document resources-CSDN downloadhttps://download.csdn.net/download/weixin_42350212/19871942
- Python modifies the background color, size, background, and cutout of the ID photo [complete source code] https://download.csdn.net/download/weixin_42350212/19815306
- Python modify the background color, size, background, and cutout of the ID photo [full source code] _python how to modify the size of the ID photo-Python documentation resources-CSDN download https://download.csdn.net/download/weixin_42350212/19815306