rttools——本项目集合了在渗透测试过程中可能涉及到的所有工具,去繁化简,做高效安全测试人。
项目内包含工具涉及类别:漏洞利用工具代审辅助、漏洞利用、靶场环境、漏洞扫描/序列化、密码/隧道、免杀、内网渗透、应急响应、木马查杀、中间件工具、字典/钓鱼/社工/爆破、自动化/资产项目地址列表、子域名/目录/指纹。
本项目主要内容为:对GitHub平台上的渗透测试工具整合,项目中所涉及工具是否存在后门等程序,需使用人员自行测试,建议在虚拟环境运行。
声明: 工具仅供安全研究或授权渗透,非法用途后果自负。
PS:项目内容不定期更新,可按需下载。(路过的师傅们,如果觉得本项目对您的安全学习研究有帮助,可以留下您的星。)
Rttools - This project gathers all the tools that may be involved in the Penetration test process, reduces complexity, and is an efficient security tester.
The categories of tools included in the project include: proxy audit assistance of vulnerability utilization tools, vulnerability utilization, shooting range environment, vulnerability scanning/serialization, password/tunnel, kill free, intranet penetration, emergency response, Trojan horse killing, middleware tools, dictionary/fishing/social workers/blasting, automation/asset project address list, Subdomain/directory/fingerprint.
The main content of this project is to integrate the Penetration test tools on the GitHub platform.
Whether there are backdoors and other programs for the tools involved in the project needs to be tested by the users themselves.
It is recommended to run them in a virtual environment.
Disclaimer: The tool is only for security research or authorized penetration, and the consequences of illegal use shall be borne by oneself.
PS: The project content is updated periodically and can be downloaded as needed.
(Passing masters, if you find this project helpful for your safety learning research, you can leave your star behind.)
⭐ 🍴 🖥️ 😈
https://github.com/SafeGroceryStore/MDUT
https://github.com/ktaranov/sqlserver-kit
https://github.com/blackarrowsec/mssqlproxy
https://github.com/yuyan-sec/RedisEXP
https://github.com/HXSecurity/DongTai
https://github.com/webraybtl/CodeQLpy
https://github.com/github/codeql
https://github.com/code-star/sbt-findsecbugs
https://github.com/Eugeny/tabby
https://github.com/ripsscanner/rips
https://github.com/nccgroup/VCG
https://github.com/PyCQA/bandit
https://github.com/zsdlove/Hades
https://github.com/linshaoSec/SeeyonExploit-GUI
https://github.com/Summer177/seeyon_exp
https://github.com/xinyu2428/TDOA_RCE
https://github.com/dionach/CMSmap
https://github.com/attacker-codeninja/wprecon
https://github.com/wpscanteam/wpscan
https://github.com/n00py/WPForce
https://github.com/zangcc/Aazhen-RexHa
https://github.com/Lotus6/ThinkphpGUI
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools
https://github.com/lijiejie/swagger-exp
https://github.com/jayus0821/swagger-hack
https://github.com/wyzxxz/heapdump_tool
https://github.com/rtcatc/Packer-Fuzzer
https://github.com/0xHJK/dumpall
https://github.com/arthaud/git-dumper
https://github.com/obheda12/GitDorker
https://github.com/m4ll0k/SecretFinder.git
https://github.com/KathanP19/JSFScan.sh
https://github.com/Ice3man543/SubOver
https://github.com/fofapro/vulfocus
https://hub.docker.com/u/vulfocus
https://github.com/vulhub/vulhub
https://github.com/VulnTotal-Team/IoT-vulhub
https://github.com/tangxiaofeng7/SecExample
https://github.com/cn-panda/logbackRceDemo
https://github.com/digininja/DVWA
https://github.com/shadforth/pentesterlab-bootcamp
https://github.com/ffffffff0x/f8x
https://github.com/MvsCode/frps-onekey
https://github.com/kitabisa/mubeng
https://github.com/akkuman/rotateproxy.git
云安全靶场:
github.com/HXSecurity/TerraformGoat/blob/main/README_CN.md
Web安全靶场:
dvwa:sourceforge.net/projects/dvwa.mirror/
bwapp:sourceforge.net/projects/bwapp/files/bee-box/
portswiger:portswigger.net/web-security/dashboard
vulhub:github.com/vulhub/vulhub
vulnhub:www.vulnhub.com
https://github.com/hahwul/dalfox
https://github.com/Raghavd3v/CRLFsuite
https://github.com/chenjj/CORScanner
https://github.com/klsfct/getshell
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/vladko312/SSTImap
https://github.com/ksharinarayanan/SSRFire
https://github.com/frohoff/ysoserial
https://github.com/k8gege/LadonGo
序列化
https://github.com/welk1n/JNDI-Injection-Exploit
https://github.com/WhiteHSBG/JNDIExploit
https://github.com/wyzxxz/jndi_tool
https://github.com/exp1orer/JNDI-Inject-Exploit
密码 https://github.com/gentilkiwi/mimikatz
https://github.com/AlessandroZ/LaZagne
https://github.com/dzxs/Xdecrypt
https://github.com/hayasec/360SafeBrowsergetpass
https://github.com/attackercan/teamviewer-dumper
https://github.com/Jamesits/proxifier-profiles
https://github.com/fatedier/frp.git
隧道
https://github.com/fatedier/frp
https://github.com/ehang-io/nps
https://github.com/LeonardoNve/dns2proxy
https://github.com/qiuzi/dns2socks
https://github.com/rootkiter/Termite
https://github.com/bdamele/icmpsh
https://github.com/inconshreveable/ngrok
https://github.com/FunnyWolf/pystinger
https://github.com/snail007/goproxy
https://github.com/testxxxzzz/geacon_pro
https://github.com/darkr4y/geacon
https://github.com/t3l3machus/Villain
https://github.com/akkuman/rotateproxy
https://github.com/WangYihang/Platypus
https://github.com/sveinbjornt/Platypus
https://github.com/t3l3machus/Villain
https://github.com/BeichenDream/Godzilla
https://github.com/rebeyond/Behinder
https://github.com/AntSwordProject/antSword
https://github.com/AntSwordProject/AntSword-Loader
https://github.com/tennc/webshell
https://github.com/Chora10/Cknife
https://github.com/0x00007c00/JundeadShell
https://github.com/rebeyond/memShell
https://github.com/hosch3n/msmap
https://githhttps://github.com/1y0n/AV_Evasion_Tool
https://github.com/optiv/ScareCrowub.com/t3l3machus/hoaxshell
https://github.com/TryGOTry/CobaltStrike_Cat_4.5
https://github.com/TryGOTry/DogCs4.4
https://github.com/midisec/BypassAnti-Virus
https://github.com/PSPDFKit-labs/bypass
https://github.com/Uncodin/bypass
https://github.com/TideSec/BypassAntiVirus
https://github.com/alphaSeclab/anti-av
https://github.com/lengjibo/FourEye
https://github.com/1y0n/AV_Evasion_Tool
https://github.com/optiv/ScareCrow
https://github.com/CMEPW/BypassAV
https://github.com/mgeeky/ShellcodeFluctuation
https://github.com/Hzllaga/JsLoader
https://github.com/tokyoneon/Chimera
https://github.com/LandGrey/webshell-detect-bypass
https://github.com/AabyssZG/WebShell-Bypass-Guide
https://github.com/Tylous/Limelighter
https://github.com/TheWover/CertStealer
https://github.com/CCob/SharpBlock
内网收集
https://github.com/shadow1ng/fscan
https://github.com/dwagon/Hostinfo
https://github.com/shmilylty/netspy
https://github.com/c1y2m3/ATAttack
域渗透
https://github.com/0x727/UserRegEnum_0x727
https://github.com/mscandev/mscan
https://github.com/BloodHoundAD/BloodHound
横向
https://github.com/shadow1ng/fscan
https://github.com/k8gege/Ladon
https://github.com/lcvvvv/kscan
https://github.com/QAX-A-Team/sharpwmi
https://github.com/pandasec888/taowu-cobalt-strike
https://github.com/hzphreak/VMInjector
https://github.com/rootclay/WMIHACKER
权限维持
https://github.com/360-Linton-Lab/Telemetry
https://github.com/AV1080p/Schtasks-Backdoor
https://github.com/0x727/SchTask_0x727
https://github.com/Ivan1ee/NetDLLSpy
https://github.com/yanghaoi/CobaltStrike_CNA
提权
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/xkaneiki/CVE-2023-0386
https://github.com/aleenzz/MSSQL_SQL_BYPASS_WIKI
https://github.com/Ascotbe/Kernelhub
https://github.com/lyshark/Windows-exploits
https://github.com/SecWiki/macos-kernel-exploits
https://github.com/klsfct/getshell
https://github.com/microsoft/WindowsProtocolTestSuites
https://github.com/hahwul/WebHackersWeapons
https://github.com/MountCloud/FireKylin
https://github.com/grayddq/GScan
https://github.com/evilsocket/uroboros
https://github.com/wgpsec/whohk
https://github.com/vxunderground/MalwareSourceCode
https://github.com/mtkirby/rootkitrecon
http://tools.bugscaner.com/killwebshell/
https://github.com/chaitin/cloudwalker
windows版:
http://dl.shellpub.com/hm-ui/latest/HmSetup.zip?version=1.8.2
linux-amd64版:
http://dl.shellpub.com/hm/latest/hm-linux-amd64.tgz?version=1.8.2
linux-386版:
http://dl.shellpub.com/hm/latest/hm-linux-386.tgz?version=1.8.2
https://edr.sangfor.com.cn/api/download/WebShellKillerForLinux.tar.gz
https://github.com/LittleBear4/OA-EXPTOOL
https://github.com/ExpLangcn/HVVExploitApply
https://github.com/SummerSec/SpringExploit
https://github.com/wyzxxz/shiro_rce_tool
https://github.com/SummerSec/ShiroAttack2
https://github.com/Maskhe/FastjsonScan
https://github.com/a1phaboy/FastjsonScan
https://github.com/MagicZer0/fastjson-rce-exploit
https://github.com/mrknow001/fastjson_rec_exploit
https://github.com/sp4zcmd/WeblogicExploit-GUI
https://github.com/0xn0ne/weblogicScanner
https://github.com/sv3nbeast/weblogic-framework
https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp
https://github.com/lp008/dubbo-exp
https://github.com/Accenture/jenkins-attack-framework
https://github.com/0x48piraj/jiraffe
https://github.com/xfiftyone/STS2G
https://github.com/HatBoy/Struts2-Scan
https://github.com/inbug-team/Log4j_RCE_Tool
https://github.com/fullhunt/log4j-scan
https://github.com/f0ng/log4j2burpscanner
https://github.com/jbaines-r7/through_the_wire
https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
https://github.com/Tas9er/YApiRCE.git
https://github.com/Schira4396/VcenterKiller
https://github.com/0x727/SpringBootExploit
https://github.com/Taonn/EmailAll
https://github.com/Josue87/EmailFinder
https://github.com/rm1984/IMAPLoginTester
https://github.com/gophish/gophish
https://github.com/gyxuehu/EwoMail
社工
https://github.com/D4Vinci/Cr3dOv3r
https://github.com/soxoj/maigret
https://github.com/n0tr00t/Sreg
https://github.com/famavott/osint-scraper
https://github.com/Ridter/Mailget
字典
https://github.com/danielmiessler/SecLists
https://github.com/duyet/bruteforce-database
https://github.com/drtychai/wordlists
https://github.com/lutfumertceylan/top25-parameter
https://github.com/r35tart/RW_Password
https://github.com/ignis-sec/Pwdb-Public.git
爆破
https://github.com/i11us0ry/goon
https://github.com/0x727/ShuiZe_0x727
https://github.com/yaklang/yakit
https://github.com/b0bac/ApolloScanner
https://github.com/lcvvvv/kscan
https://github.com/broken5/bscan
https://github.com/78778443/QingScan
https://github.com/ciscocsirt/GOSINT
https://github.com/P1-Team/AlliN
https://github.com/hanc00l/nemo_go
https://github.com/CTF-MissFeng/bayonet
https://github.com/r3curs1v3-pr0xy/vajra
https://github.com/six2dez/reconftw
https://github.com/yogeshojha/rengine
https://github.com/lz520520/railgun
https://github.com/Bywalks/DarkAngel
资产发现
https://github.com/knownsec/Kunyu
https://quake.360.net/quake/#/index
https://www.exploit-db.com/google-hacking-database
https://github.com/six2dez/reconftw
https://github.com/TophantTechnology/ARL
https://github.com/wgpsec/ENScan
https://github.com/wgpsec/ENScan_GO
https://github.com/SiJiDo/IEyes
https://github.com/fengyuanchen/jquery-viewer
https://github.com/Kento-Sec/AsamF
https://github.com/reduxjs/redux-thunk
https://github.com/tomnomnom/waybackurls
https://github.com/TebbaaX/GRecon
https://github.com/awake1t/linglong
https://github.com/Laravel-Lang/lang
子域名
https://github.com/knownsec/ksubdomain
https://github.com/boy-hack/ksubdomain
https://github.com/shmilylty/OneForAll
https://github.com/CTF-MissFeng/bayonet
https://github.com/projectdiscovery/subfinder
https://github.com/LangziFun/LangSrcCurise
https://github.com/aboul3la/Sublist3r
https://github.com/projectdiscovery/subfinder
https://github.com/yunxu1/dnsub
目录
https://github.com/maurosoria/dirsearch
https://github.com/epi052/feroxbuster
https://github.com/H4ckForJob/dirmap
https://github.com/deibit/cansina
https://github.com/H4ckForJob/dirmap
https://github.com/ReddyyZ/urlbrute
https://github.com/ReddyyZ/URLBrute-Py
https://github.com/foryujian/yjdirscan
https://github.com/hunyaio/yuhScan
https://github.com/pingc0y/URLFinder
https://github.com/jaeles-project/gospider
https://github.com/projectdiscovery/katana
https://github.com/devploit/dontgo403
指纹
https://github.com/EdgeSecurityTeam/EHole
https://github.com/ShiHuang-ESec/EHole
https://github.com/wappalyzer/wappalyzer
https://github.com/b1ackc4t/14Finger
urbanadventurer/WhatWeb 城市冒险家/WhatWeb
https://github.com/fingerprintjs/fingerprintjs
https://github.com/EASY233/Finger
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
https://github.com/ezshine/wxapkg-convertor
https://github.com/kelvinBen/AppInfoScanner
https://github.com/sulab999/AppMessenger
https://github.com/dwisiswant0/apkleaks
https://github.com/Anof-cyber/apkleaks
端口
https://github.com/projectdiscovery/naabu
https://github.com/4dogs-cn/TXPortMap