一些常用工具整理

windows 免杀远控

Cobalt Strike

信息收集

C段

https://phpinfo.me/bing.php

公司ip段

http://bgp.he.net

同ip反查

http://i.links.cn/sameip/61.164.241.103.html
http://s.tool.chinaz.com/same
http://www.114best.com/ip/114.aspx
https://www.yougetsignal.com/tools/web-sites-on-web-server/
http://tool.114la.com/sameip/
http://www.sameip.org/

Transparency Monitoring

https://developers.facebook.com/tools/ct/
https://transparencyreport.google.com/https/certificates

passive dns

https://www.circl.lu/services/passive-dns/
https://www.passivetotal.org/
https://www.virustotal.com/fr/documentation/public-api/#getting-ip-reports
https://www.passivetotal.org/
https://dnsdumpster.com/

地区ip

中国ip http://www.ipdeny.com/ipblocks/data/countries/cn.zone

网站证书查看

http://web.chacuo.net/netsslcheck

域名历史

http://toolbar.netcraft.com/site_report?url=5alt.me
https://www.benmi.com/whoishistory/

其他

https://x.threatbook.cn/
https://censys.io/data

数据

https://scans.io/study/sonar.fdns_v2

扫描器

https://github.com/lijiejie/BBScan
https://github.com/We5ter/Scanners-Box

查找cdn后原始ip

https://github.com/christophetd/CloudFlair

端口扫描

zmap 扫单一端口

sudo zmap -p 80 -o results.csv 10.0.0.0/24

massscan 扫多端口

sudo ./masscan -p1-65535 10.0.0.024 -oJ result.json

隐藏身份

https://www.noip.com/
https://github.com/fate0/proxylist/blob/master/proxy.list
127.0.0.1.xip.io
https://proxy.coderbusy.com/
https://github.com/SpiderClub/haipproxy

社工库

打码

http://163.donothackme.club/
https://haveibeenpwned.com/

注册查询

https://namechk.com/
http://www.reg007.com/

Twitter信息查询

https://tinfoleak.com/

社工库搜索

https://github.com/woanware/LogViewer
http://sary.sourceforge.net/ 10e以下数据推荐

hash

md5

http://cmd5.com/
http://www.md5.cc/
https://www.somd5.com/
http://pmd5.com/

window hash

http://www.objectif-securite.ch/ophcrack.php

密码生成

https://github.com/bit4woo/passmaker
字典 https://github.com/rootphantomer/Blasting_dictionary
https://github.com/LandGrey/pydictor

勒索软件解密

https://www.nomoreransom.org/

批量扫描

https://fofa.so/
https://www.zoomeye.org

web 指纹识别

https://github.com/Ms0x0/Dayu
https://github.com/boy-hack/w9scan

渗透辅助

https://github.com/BugScanTeam/DNSLog

在线运行

php https://3v4l.org/

数据库连接

https://www.adminer.org

java 反序列化问题

https://github.com/mbechler/marshalsec
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/federicodotta/Java-Deserialization-Scanner

web 学习

https://github.com/CHYbeta/Web-Security-Learning

静态代码分析

java http://find-sec-bugs.github.io/
ruby https://github.com/thesp0nge/dawnscanner
https://github.com/nccgroup/VCG

php 代码加密解密

PHP代码修复工具(针对乱码类、混淆类文件修复) http://zhaoyuanma.com/phpcodefix.html

前端库安全

https://retirejs.github.io/retire.js/

github 搜索

https://github.com/5alt/GitLeak
https://github.com/zricethezav/gitleaks

unicode 同形字

http://www.unicode.org/Public/security/latest/confusablesSummary.txt

反编译 flash

https://www.free-decompiler.com/flash/

git/svn 泄露

https://github.com/anantshri/svn-extractor
https://github.com/BugScanTeam/GitHack

漏洞环境

https://github.com/Medicean/VulApps
https://github.com/vulhub/vulhub

CSP 解析

https://csp-evaluator.withgoogle.com/

xss

https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet

uxss

https://github.com/Metnew/uxss-db

js 混淆

https://github.com/javascript-obfuscator/javascript-obfuscator
https://javascriptobfuscator.herokuapp.com/
https://github.com/mishoo/UglifyJS2
https://prepack.io/getting-started.html

js 反混淆

https://mindedsecurity.github.io/jstillery/
https://github.com/mindedsecurity/JStillery

poc

https://github.com/CHYbeta/cmsPoc
https://github.com/Lucifer1993/AngelSword

burpunlimited

https://sourceforge.net/projects/burpunlimited/?source=directory

分享到 评论