Original: Dry | Python3 test tool library
Author:
Vulnerability and penetration exercise platform:
WebGoat vulnerability exercise platform:
https://github.com/WebGoat/WebGoat
webgoat-legacy platform vulnerability exercises:
https://github.com/WebGoat/WebGoat-Legacy
zvuldirll vulnerability exercise platform:
https://github.com/710leo/ZVulDrill
vulapps vulnerability exercise platform:
https://github.com/Medicean/VulApps
dvwa vulnerability exercise platform:
https://github.com/RandomStorm/DVWA
Data Library Injection exercise platform:
https://github.com/Audi-1/sqli-labs
Written by node vulnerability exercise platform, like OWASP Node Goat:
https://github.com/cr0hn/vulnerable-node
A tool written in Ruby, with loopholes generated virtual machine:
https://github.com/cliffe/secgen
Fancy scanner:
Nmap port scanner:
https://github.com/nmap/nmap
Local Network Scanner:
https://github.com/SkyLined/LocalNetworkScanner
Subdomain scanner:
https://github.com/lijiejie/subDomainsBrute
https://github.com/aboul3la/Sublist3r
https://github.com/TheRook/subbrute
https://github.com/infosec-au/altdns
linux vulnerability scanning:
https://github.com/future-architect/vuls
Port-based scanning and associated CVE:
https://github.com/m0nad/HellRaiser
Vulnerability Scanner route:
https://github.com/jh00nbr/Routerhunter-2.0
Mini batch scanning information leakage script:
https://github.com/lijiejie/BBScan
Waf type detection tool:
https://github.com/EnableSecurity/wafw00f
Server port scanner weak passwords:
https://github.com/wilson9x1/fenghuangscanner_v3
Fox-scan scanner:
https://github.com/fengxuangit/Fox-scan/
Information gathering tools:
Social workers Collector:
https://github.com/n0tr00t/Sreg
Github information gathering:
https://github.com/sea-god/gitscan
github Repo information gathering tool:
https://github.com/metac0rtex/GitHarvester
Information detection and scanning tools:
https://github.com/darryllane/Bluto
Internal network information scanner:
https://github.com/sowish/LNScan
Remote desktop logon scanner:
https://github.com/linuz/Sticky-Keys-Slayer
Network infrastructure penetration tool
https://github.com/SECFORCE/sparta
SNMAP password cracking:
https://github.com/SECFORCE/SNMP-Brute
WEB:
webshell big collection:
https://github.com/tennc/webshell
Penetration and web attacks script:
https://github.com/brianwrf/hackUtils
web penetration big collection of gadgets:
https://github.com/rootphantomer/hacktoolsfor_me
XSS data receiving platform:
https://github.com/firesunCN/BlueLotus_XSSReceiver
XSS and CSRF tools:
https://github.com/evilcos/xssor
xss versatile scanner:
https://github.com/shawarkhanethicalhacker/BruteXSS
web vulnerability scanner:
https://github.com/andresriancho/w3af
WEB vulnerability scanner:
https://github.com/sullo/nikto
Penetration commonly used small tool kit:
https://github.com/leonteale/pentestpackage
web directory scanner:
https://github.com/maurosoria/dirsearch
detection means to the command injection web:
https://github.com/stasinopoulos/commix
Automated SQL injection tool to check:
https://github.com/epinna/tplmap
SSL Scanner:
https://github.com/rbsec/sslscan
Set of security tools:
https://github.com/codejanus/ToolSuite
apache log analyzer:
https://github.com/mthbernardes/ARTLAS
php code audit tools:
https://github.com/pwnsdx/BadCode
web fingerprint scans:
https://github.com/urbanadventurer/whatweb
Check the website of malicious attacks :
https://github.com/ciscocsirt/malspider
wordprees vulnerability scanner:
https://github.com/wpscanteam/wpscan
Firmware vulnerability scanner:
https://github.com/misterch0c/firminator_backend
Database injection tool
https://github.com/sqlmapproject/sqlmap
Web Proxy:
https://github.com/zt2/sqli-hunter
The new Chinese choppers:
https://github.com/Chora10/Cknife
git disclose the use of EXP:
https://github.com/lijiejie/GitHack
Browser attacks framework:
https://github.com/beefproject/beef
WAF bypass the automated script:
https://github.com/khalilbijjou/WAFNinja
https://github.com/owtf/wafbypasser
An open source WAF:
https://github.com/SpiderLabs/ModSecurity
http command-line client:
https://github.com/jkbrzt/httpie
Browser debugging tool:
https://github.com/firebug/firebug
DISCUZ vulnerability scanner:
https://github.com/code-scan/dzscan
Automated code audit tools
https://github.com/wufeifei/cobra
Browser exploits framework:
https://github.com/julienbedard/browsersploit
tomcat automatically back door Deployment:
https://github.com/mgeeky/tomcatWarDeployer
Cyberspace fingerprint scanner:
https://github.com/nanshihui/Scan-T
burpsuit of J2EE scanning plug-ins:
https://github.com/ilmila/J2EEScan
windows domain penetration tools:
mimikatz expressly injection:
https://github.com/gentilkiwi/mimikatz
Powershell penetration library collection:
https://github.com/PowerShellMafia/PowerSploit
Powershell tools collection:
https://github.com/clymb3r/PowerShell
powershell的mimikittenz:
https://github.com/putterpanda/mimikittenz
Domain penetration Tutorial:
https://github.com/l3m0n/pentest_study
Fuzz:
Web tool to Fuzz
https://github.com/xmendez/wfuzz
HTTP brute, hit attack script library
https://github.com/lijiejie/htpwdScan
Exploits and attacks framework:
msf framework:
https://github.com/rapid7/metasploit-framework
pocsscan attacks framework:
https://github.com/erevus-cn/pocscan
Pocsuite attacks framework:
https://github.com/knownsec/Pocsuite
Beebeeto attacks framework:
https://github.com/n0tr00t/Beebeeto-framework
Vulnerability POC & EXP:
ExploitDB official git version:
https://github.com/offensive-security/exploit-database
php exploit code analysis:
https://github.com/80vul/phpcodz
CVE-2016-2107:
https://github.com/FiloSottile/CVE-2016-2107
CVE-2015-7547 POC:
https://github.com/fjserna/CVE-2015-7547
JAVA deserialization generation tool POC:
https://github.com/frohoff/ysoserial
JAVA deserialization EXP:
https://github.com/foxglovesec/JavaUnserializeExploits
Jenkins CommonCollections EXP:
https://github.com/CaledoniaProject/jenkins-cli-exploit
CVE-2015-2426 EXP (windows kernel privilege escalation):
https://github.com/vlad902/hacking-team-windows-kernel-lpe
use docker to show web attack (php file that contains the combination of local and ssrf phpinfo getshell combined use of demonstration curl):
https://github.com/hxer/vulnapp
php7 cache overwrite vulnerability Demo and related tools:
https://github.com/GoSecure/php7-opcache-override
XcodeGhost Trojan sample:
https://github.com/XcodeGhostSource/XcodeGhost
Middle attacks and phishing
Middle attacks framework:
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/secretsquirrel/BDFProxy
https://github.com/byt3bl33d3r/MITMf
Inject code, jam wifi, and spy on wifi users:
https://github.com/DanMcInerney/LANs.py
Middleman proxy tool:
https://github.com/intrepidusgroup/mallory
wifi Fishing:
https://github.com/sophron/wifiphisher
Password cracking:
Password cracking tools:
https://github.com/shinnok/johnny
Various types of locally stored password extraction tool:
https://github.com/AlessandroZ/LaZagne
And binary code analysis tool:
Binary Analysis Tool
https://github.com/devttys0/binwalk
System Scanner
https://github.com/quarkslab/binmap
rp:
https://github.com/0vercl0k/rp
Windows Exploit Development Tools
https://github.com/lillypad/badger
Binary static analysis tool (python):
https://github.com/bdcht/amoco
Python Exploit Development Assistance for GDB:
https://github.com/longld/peda
Department of BillGates Linux Botnet Trojan monitoring tools activities
https://github.com/ValdikSS/billgates-botnet-tracker
Trojan configuration parameter extraction tool:
https://github.com/kevthehermit/RATDecoders
Binary analysis tool written in Shellphish (CTF to):
https://github.com/angr/angr
Python for static code analysis tool:
https://github.com/yinwang0/pysonar2
An automated script (shell) analysis tool, used to give warning and advice:
https://github.com/koalaman/shellcheck
Anti-aliasing aids based on simple Javascript AST transformations:
https://github.com/ChiChou/etacsufbo
EXP framework for the preparation and tools:
Binary EXP authoring tools:
https://github.com/t00sh/rop-tool
CTF Pwn class of topics Scripting Framework:
https://github.com/Gallopsled/pwntools
an easy-to-use io library for pwning development:
https://github.com/zTrix/zio
Cross-platform injection tool:
https://github.com/frida/frida
Hash length extension attack EXP:
https://github.com/citronneur/rdpy
Steganography:
Steganography detection tools
https://github.com/abeluck/stegdetect
Various types of security information:
data_hacking Collection:
https://github.com/ClickSecurity/data_hacking
mobile-security-wiki:
https://github.com/exploitprotocol/mobile-security-wiki
书籍《reverse-engineering-for-beginners》:
https://github.com/veficos/reverse-engineering-for-beginners
Some information security standards and device configuration:
https://github.com/luyg24/IT_security
APT-related notes:
https://github.com/kbandla/APTnotes
Kcon Information:
https://github.com/knownsec/KCon
《DO NOT FUCK WITH A HACKER》:
https://github.com/citypw/DNFWAH
Brain various security hole chart:
https://github.com/phith0n/Mind-Map
Information Security Flowchart:
https://github.com/SecWiki/sec-chart/ tree/294d7c1ff1eba297fa892dda08f3c05e90ed1428
Various types of CTF resources
In recent years, ctf writeup Daquan:
https://github.com/ctfs/write-ups-2016
https://github.com/ctfs/write-ups-2015
https://github.com/ctfs/write-ups-2014
fbctf Contest Platform Demo:
https://github.com/facebook/fbctf
ctf Resources:
https://github.com/ctfs/resources
ctf and hacking resource collection:
https://github.com/bt3gl/My-Gray-Hacker-Resources
ctf large collection of tools and safety:
https://github.com/zardus/ctf-tools
ctf tool bag to python
https://github.com/P1kachu/v0lt
Various types of programming resources:
Spree (everything):
https://github.com/bayandin/awesome-awesomeness
bash-handbook:
https://github.com/denysdovhan/bash-handbook
python Resource Kit:
https://github.com/jobbole/awesome-python-cn
git learning materials:
https://github.com/xirong/my-git
Android open source code analysis
https://github.com/android-cn/android-open-project
python frameworks, libraries, resource large collection:
https://github.com/vinta/awesome-python
JS regular expression library (JS used to simplify construction of complex regular expression):
https://github.com/VerbalExpressions/JSVerbalExpressions
Python:
python regular expression library (python for simplifying the construction of complex regular expression):
https://github.com/VerbalExpressions/
python library task management and execution of commands:
https://github.com/pyinvoke/invoke
python exe packed library:
https://github.com/pyinstaller/pyinstaller
Veil-Evasion free to kill the project:
https://github.com/Veil-Framework/Veil-Evasion
py3 reptiles framework:
https://github.com/orf/cyborg
Underlying interface provides a packet data network protocol and programming support python library:
https://github.com/CoreSecurity/impacket
python requests library:
https://github.com/kennethreitz/requests
python utility collection:
https://github.com/mahmoud/boltons
python crawler system:
https://github.com/binux/pyspider
kexue Internet:
kexue Internet Tools
https://github.com/XX-net/XX-Net
welfare:
Micro-channel automatic grab a red envelope dynamic library
https://github.com/east520/AutoGetRedEnv
Micro-channel grab a red envelope plugin (Android version)
https://github.com/geeeeeeeeek/WeChatLuckyMoney
hardsed Artifact:
https://github.com/yangyangwithgnu/hardseed
Party Survival Guide Safety Engineer
web log index and search tool:
https://github.com/thomaspatzke/WASE
Open source log collector:
https://github.com/wgliang/logcool
web debuger scanning CS structure
https://github.com/Kozea/wdb
Recover deleted sqlite database registration information:
https://github.com/aramosf/recoversqlite/
gps fraud detection tool:
https://github.com/zxsecurity/gpsnitch
Emergency response framework:
https://github.com/biggiesmallsAG/nightHawkResponse
web security Development Guide:
https://github.com/FallibleInc/security-guide-for-developers
Various well-known manufacturers vulnerability testing report templates:
https://github.com/juliocesarfort/public-pentesting-reports linux the malicious code detection package:
https://github.com/rfxn/linux-malware-detect
Operating system metrics visualization framework:
https://github.com/facebook/osquery
Malicious code analysis system:
https://github.com/cuckoosandbox/cuckoo
Regular search and storage web applications:
https://github.com/Netflix/Scumblr
Incident Response Framework:
https://github.com/google/grr
Integrated Host Monitoring Detection Platform:
https://github.com/ossec/ossec-hids
Digital forensics distributed real-time systems:
https://github.com/mozilla/mig
Microsoft & Unix file system and hard disk forensic tools:
https://github.com/sleuthkit/sleuthkit
honey jar:
SSH honeypot:
https://github.com/desaster/kippo
Honeypot collection of resources:
https://github.com/paralax/awesome-honeypots
kippo Premium honeypot:
https://github.com/micheloosterhof/cowrie
SMTP honeypot:
https://github.com/awhitehatter/mailoney
web application honeypot:
https://github.com/mushorg/glastopf
Database honeypot:
https://github.com/jordan-wright/elastichoney
web honeypot:
https://github.com/atiger77/Dionaea
Remote Control:
Gmail act as a C & C server's back door
https://github.com/byt3bl33d3r/gcat
Open source remote control:
https://github.com/UbbeLoL/uRAT
c # remote control:
https://github.com/hussein-aitlahcen/BlackHole