2017年度开源黑客工具/渗透测试工具精选清单 (欧洲黑帽大会军火库)     

黑帽大会黑客工具推荐清单

每天都有大量黑客工具被上传到Github,这些工具良莠不齐,数量众多,让人目不暇接。优化渗透测试工具箱的一个最省力的办法,就是关注每年的黑帽大会,以下是最近的一次黑帽大会——2017年12月份欧洲黑帽大会上的军火库工具精选:

Android, iOS和移动攻击类
Objection
https://github.com/sensepost/objection
BADINTENT – INTEGRATING ANDROID WITH BURP
https://github.com/mateuszk87/BadIntent

数字取证与事件响应
CYBOT – OPEN-SOURCE THREAT INTELLIGENCE CHAT BOT (REVAMPED)
https://github.com/CylanceSPEAR/CyBot
NG-NETMS & OPTOSS PLUS
https://sourceforge.net/projects/ngnms/

漏洞利用与白帽攻击
DPAPI AND DPAPI-NG – DECRYPTION TOOLKIT
https://cqureacademy.com/blog/windows-internals/black-hat
UAC-A-MOLA
https://github.com/ElevenPaths/uac-a-mola
EXPLOIT PACK
https://github.com/juansacco/exploitpack
2FASSASSIN
https://github.com/maxwellkoh/2FAssassin

硬件/嵌入式
DYODE – A DIY, LOW-COST DATA DIODE FOR ICS
https://github.com/wavestone-cdt/dyode

物联网
WHID INJECTOR – HOW TO BRING HID ATTACKS TO THE NEXT LEVEL
https://github.com/whid-injector/WHID

恶意软件防御
MYSTIQUE
https://github.com/MinervaLabsResearch/Mystique
AKTAION V2 – A MACHINE LEARNING OPEN-SOURCE & ACTIVE DEFENSE (ORCHESTRATION) TOOL
https://github.com/jzadeh/aktaion2

网络攻击
DET (DATA EXFILTRATION TOOLKIT)
https://github.com/sensepost/DET
FruityC2
https://github.com/xtr4nge/FruityC2

网络防御
ACE (AUTOMATED COLLECTION AND ENRICHMENT PLATFORM)
https://github.com/Invoke-IR/ACE
CLOUD SECURITY SUITE – ONE STOP TOOL FOR AWS SECURITY AUDIT
https://github.com/SecurityFTW/cs-suite
ID2T – THE INTRUSION DETECTION DATASET GENERATION TOOLKIT
https://git.tk.informatik.tu-darmstadt.de/SPIN/ID2T-toolkit
WIPI-HUNTER – WIFI-PINEAPPLE ACTIVITIES DETECTION
https://github.com/WiPi-Hunter

OSINT – 开源情报
Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting
https://github.com/dradis/dradis-ce
DATASPLOIT – OSINT FRAMEWORK
https://github.com/DataSploit/datasploit
OSINT-SPY
https://github.com/SharadKumar97/OSINT-SPY
TINFOLEAK
http://www.vicenteaguileradiaz.com/tools/

漏洞评估
OPENSCAP AND SCAP SECURITY GUIDE
https://github.com/OpenSCAP/scap-security-guide
POWERSAP – POWERSHELL TOOL TO ASSESS SAP SECURITY
https://github.com/airbus-seclab/powersap
SECCUBUS
https://github.com/schubergphilis/Seccubus

Web应用安全
 MODSECURITY 3.0.0
https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-version-3-RC1
REFLECTOR – BURP SUITE EXTENSION
https://github.com/elkokc/reflector

跨站攻击 – 从XSS到RCE 2.75
https://github.com/Varbaek/xsser
OWASP ZAP
https://github.com/zaproxy/zaproxy
PYMULTITOR
https://github.com/realgam3/pymultitor

第一时间获取面向IT决策者的独家深度资讯,敬请关注IT经理网微信号:ctociocom

   

除非注明,本站文章均为原创或编译,未经许可严禁转载。

相关文章:


关于作者

        在TMT领域具有十余年的咨询和创业经验。 目前主要关注信息安全,同时密切关注云计算、社会化媒体、移动、企业2.0等领域的技术创新和商业价值。拥有美国麻省理工学院MBA学位和清华大学经济管理学院学士学位,曾任BDA中国公司高级顾问,服务过美国高通、英特尔、中国网通、SK电讯、及沃达丰等公司。联系邮件:wangmeng@ctocio.com