All Defense Tool

tool

First of all congratulations on finding the treasure. This project integrates excellent offensive and defensive weapons projects in the whole network, including information collection tools (automatic utilization tools, asset discovery tools, directory scanning tools, subdomain name collection tools…etc…), vulnerability exploitation tools (major CMS Utilization tools, middleware utilization tools, etc.), intranet penetration tools, emergency response tools, Party A’s operation and maintenance tools, and other security data items for use by both offensive and defensive parties. If you have better suggestions, you are welcome to make requests. This article includes excellent tools from the whole network, and you are welcome to submit them.

Semi/Fully Automated Exploitation Tool

project nameproject addressProject Description
ShuiZe_0x727https://github.com/0x727/ShuiZe_0x727One-stop service, you only need to enter the root domain name to collect relevant assets in all directions and detect vulnerabilities. You can also enter multiple domain names, C-segment IP, etc., see below for specific cases.
nemo_gohttps://github.com/hanc00l/nemo_gonemo_go automated information collection
cosinthttps://github.com/1in9e/gosintDistributed Asset Information Collection and Vulnerability Scanning Platform
ApolloScannerhttps://github.com/b0bac/ApolloScannerAutomated cruise scan framework (available for red team assessment)
what colour is ithttps://github.com/yogeshojha/rengineAutomated Detection Framework
Railgunhttps://github.com/lz520520/railgunGUI interface automation tool
online toolsethttps://github.com/iceyhexman/onlinetoolsOnline cms identification|information leakage|industrial control|system|Internet of things security|cms vulnerability scan|nmap port scan|subdomain acquisition|to be continued..
AlliNhttps://github.com/P1-Team/AlliNA comprehensive tool that assists ordinary penetration testing projects or quick management of offensive and defensive projects
AWVS-GUIhttps://github.com/x364e3ab6/AWVS-13-SCAN-PLUSAcunetix Web Vulnerability Scanner GUI Version]
vajrahttps://github.com/r3curs1v3-pr0xy/vajraA highly customizable web automated scanning framework
bayonethttps://github.com/CTF-MissFeng/bayonetIntegrated asset management system from subdomains, port services, vulnerabilities, crawlers, etc.
kscanhttps://github.com/lcvvvv/kscanAutomatic port scanning, TCP fingerprinting and banner capture for specified IP segments, asset lists, and surviving network segments

Asset Discovery Tool

project nameproject addressProject Description
linglonghttps://github.com/awake1t/linglongAsset Infinite Cruise Scanning System
LangSrcCurisehttps://github.com/LangziFun/LangSrcCuriseSRC subdomain asset monitoring
ARL (Lighthouse)https://github.com/TophantTechnology/ARLQuickly scout Internet assets associated with targets and build a basic asset information base.
AppInfoScannerhttps://github.com/kelvinBen/AppInfoScannerMobile terminal (Android, iOS, WEB, H5, static website) information collection scanning tool
Integrate GoogleHacking syntax for information collectionhttps://github.com/TebbaaX/GReconGrecon

Subdomain Collection Tool

Project Descriptionproject addressproject name
Online subdomain collectionhttps://rapiddns.io/subdomainonline collection
ssl certificate scan domain namehttps://myssl.com/myssl
A powerful subdomain collection toolhttps://github.com/shmilylty/OneForAlloneforall
ksubdomain stateless subdomain blasting toolhttps://github.com/knownsec/ksubdomainksubdomain
Easy-to-use and powerful subdomain scanning toolhttps://github.com/yunxu1/dnsubdnsub
Layer subdomain diggerhttps://github.com/euphrat1ca/LayerDomainFinderLayer
src subdomain monitoringhttps://github.com/LangziFun/LangSrcCuriseLangSrcCurise
Discover valid subdomains of a website by using passive online sourceshttps://github.com/projectdiscovery/subfindersubfinder

Directory Scanning Tool

Project Descriptionproject addressproject name
Web path scanner directory scanning toolhttps://github.com/maurosoria/dirsearchdirsearch
A fast, simple, recursive content discovery tool written in Rusthttps://github.com/epi052/feroxbusterferoxbuster
Fuzzing tool written in Gohttps://github.com/ffuf/ffufffuf
An advanced web directory and file scanning toolhttps://github.com/H4ckForJob/dirmapdirmap
Sensitive Directory Discovery Tool for Websiteshttps://github.com/deibit/cansinatiresome
Edgeworth Backstage Scanning Tool Collector’s Editionhttps://www.fujieace.com/hacker/tools/yujian.htmlEdgeworth
Directory/subdomain scanner developed with GoLanghttps://github.com/ReddyyZ/urlbruteurlbrute

Fingerprint Identification Tool

Project Descriptionproject addressproject name
Red Team Key Attack System Fingerprint Detection Toolhttps://github.com/EdgeSecurityTeam/EHoleEHole (edge ​​hole) 2.0
A full-featured web fingerprint identification and sharing platform with built-in more than 10,000 open source fingerprint information on the Internet.https://github.com/b1ackc4t/14Finger14Finger
A web application fingerprinting toolhttps://github.com/urbanadventurer/WhatWebWhatweb
Golang implements Wappalyzer fingerprint recognitionhttps://github.com/projectdiscovery/wappalyzergowappalyzergo
A fingerprint detection tool for red team survival detection and key attack systems in a large number of assetshttps://github.com/EASY233/FingerFinger
Glass is a quick fingerprinting tool for asset listingshttps://github.com/s7ckTeam/GlassGlass

port scan tool

Project Descriptionproject addressproject name
TXPortMap is a practical tool for port scanning and service identificationhttps://github.com/4dogs-cn/TXPortMapTXPortMap
High-concurrency network scanning and service detection tools developed using Golanghttps://github.com/Adminisme/ServerScanserverScan
naabu Fast port scanner written in gohttps://github.com/projectdiscovery/naabunaabu
masnmapscan is a port scanner. Integrated masscan and nmap scannershttps://github.com/hellogoldsnakeman/masnmapscan-V1.0integrated scanner
gonmap is a go language nmap port scanning libraryhttps://github.com/lcvvvv/gonmapgonmap
Online Port Scan 1http://coolaf.com/tool/portonline tools
Online Port Scan 2http://tool.cc/port/Online Tools 2
Xiaomi Fan

Burp+ browser plugin

Project Descriptionproject addressproject name
A collection of plugins (not stores), articles and tips for burpsuitehttps://github.com/Mr-xn/BurpSuite-collectionsBurpSuite-collections
A passive shiro detection plugin based on BurpSuitehttps://github.com/pmiaowu/BurpShiroPassiveScanBurpShiroPassiveScan
A passive FastJson detection plugin based on BurpSuitehttps://github.com/pmiaowu/BurpFastJsonScanBurpFastJsonScan
fastjson vulnerability burp plugin, detect fastjson less than 1.2.68 based on dnsloghttps://github.com/zilong3033/fastjsonScanfastjsonScan
Auxiliary BurpSuite plugin for HaE request highlighting and information extractionhttps://github.com/gh0stkey/HaEHaE
domain_hunter_pro is a Burp plugin for asset managementhttps://github.com/bit4woo/domain_hunter_prodomain_hunter_pro
GadgetProbe Burp plugin is used to blast remote classes to find Java deserializationhttps://github.com/BishopFox/GadgetProbeGadgetProbe
BurpSuite plugin for HopLa autocomplete Payloadhttps://github.com/synacktiv/HopLaHopLa
Identification codeshttps://github.com/f0ng/captcha-killer-modifiedcaptcha-killer-modified
fake ip addresshttps://github.com/TheKingOfDuck/burpFakeIPburpFakeIP
Automatically send requestshttps://github.com/nccgroup/AutoRepeaterAutoRepeater
Hack-Tools Browser Extension for Red Teamshttps://github.com/LasCC/Hack-ToolsHack-Tools
Proxy plugin for SwitchyOmega browserhttps://github.com/FelisCatus/SwitchyOmegaSwitchyOmega
Chrome plugin. Find DOM XSS with DevToolshttps://github.com/filedescriptor/untrusted-typesuntrusted-types
FOFA Pro view is a FOFA Pro asset display browser pluginhttps://github.com/fofapro/fofa_viewfofa_view
mitaka Chrome and Firefox extension for OSINT searchhttps://github.com/ninoseki/mitakamitaka
Git History View the history of git repository fileshttps://githistory.xyz/Git History

Exploit tool


Information disclosure tool

Project Descriptionproject addressproject name
swagger-exp Swagger REST API information disclosure toolhttps://github.com/lijiejie/swagger-expswagger-exp
swagger-hack automatically crawls and tests all swagger-ui.html interfaceshttps://github.com/jayus0821/swagger-hackswagger-hack
Packer Fuzzer is a scanning tool for detecting websites constructed by front-end packaging tools such as Webpackhttps://github.com/rtcatc/Packer-FuzzerPacker-Fuzzer
SvnExploit supports SVN source code leaking the full version of Dump source codehttps://github.com/admintony/svnExploitsvnExploit
git-dumper Tool to dump git repositories from websiteshttps://github.com/arthaud/git-dumpergit-dumper
GitDorker scrapes sensitive information from GitHub by using the large dorks repositoryhttps://github.com/obheda12/GitDorkerGitDorker
Extract sensitive information from JavaScript fileshttps://github.com/m4ll0k/SecretFinderSecretFinder
A JavaScript detection automation script with more functionshttps://github.com/KathanP19/JSFScan.shJSFScan

Vulnerability Scanning Frameworks/Tools

Project Descriptionproject addressproject name
A framework for accurate detection and deep exploitation of high-risk vulnerabilitieshttps://github.com/woodpecker-framework/woodpecker-framwork-releasewoodpecker-framwork
Web Vulnerability Attack Frameworkhttps://github.com/Anonymous-ghost/AttackWebFrameworkToolsAttackWebFrameworkTools
Open source remote vulnerability testing frameworkhttps://github.com/knownsec/pocsuite3pocsuite3
Brand new open source online poc testing frameworkhttps://github.com/jweny/pocassistpocassist
A powerful security assessment toolhttps://github.com/chaitin/xrayXray
Network Security Testing Toolhttps://github.com/gobysec/GobyGoby
is a web vulnerability scanning and verification toolhttps://github.com/zhzyker/vulmapVulmap

Middleware exploit tool

Project Descriptionproject addressproject name
Comprehensive high-risk exploit toolshttps://github.com/Liqunkit/LiqunKit_LiqunKit
Spring series of exploit toolshttps://github.com/SummerSec/SpringExploitSpringExploit
Comprehensive utilization of shiro deserialization vulnerability, including (echo execution command / memory injection) to fix the problem of NoCC in the original versionhttps://github.com/SummerSec/ShiroAttack2ShiroAttack2
Comprehensive utilization of shiro deserialization vulnerability, including (echo execution command / memory injection)https://github.com/j1anFen/shiro_attackshiro_attack
FastjonExploit | Fastjson Vulnerability Rapid Exploitation Frameworkhttps://github.com/c0ny1/FastjsonExploitFastjsonExploit
fastjson_rce_tool fastjson command executes automated exploitation toolhttps://github.com/wyzxxz/fastjson_rce_toolfastjson_rce_tool
fastjson one-click command executionhttps://github.com/mrknow001/fastjson_rec_exploitfastjson_rec_exploit
Jboss (and Java Deserialization Vulnerability) Validation and Exploitation Toolhttps://github.com/joaomatosf/jexbossexBoss
weblogic utilizes the tool weblogic-frameworkhttps://github.com/0nise/weblogic-frameworkweblogic-framework
woodpecker framework weblogic information detection pluginhttps://github.com/woodpecker-appstore/weblogic-infodetectorweblogic-infodetector
One-click quick attack test tool for Dubbo deserializationhttps://github.com/threedr3am/dubbo-expdubbo-exp
jenkins-attack-framework Attack framework for Jenkinshttps://github.com/Accenturejenkins-attack-framework
Jiraffe is a semi-automatic security tool written for leveraging Jira instances.https://github.com/0x48piraj/JiraffeGiraffe
STS2G Struts2 Vulnerability Scanning Tool – Golang versionhttps://github.com/xwuyi/STS2GSTS2G
Struts2-Scan Struts2 full vulnerability scanning toolhttps://github.com/HatBoy/Struts2-ScanStruts2-Scan
Spring boot Fat Jar arbitrary write file vulnerability to stable RCE exploit skillshttps://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricksFat Jar

Key cms utilization tool

Project Descriptionproject addressproject name
Zhiyuan OA comprehensive utilization toolhttps://github.com/Summer177/seeyon_expseeyon_exp
Tongda OA comprehensive utilization toolhttps://github.com/xinyu2428/TDOA_RCETDOA_RCE
Bluelink OA exploit tool/front-end unconditional RCE/file writehttps://github.com/yuanhaiGreg/LandrayExploitLandrayExploit
Panwei OA vulnerability comprehensive utilization scripthttps://github.com/z1un/weaver_expweaver_exp
Ruijie Networks EG Easy Gateway RCE Batch Security Inspectionhttps://github.com/Tas9er/EgGateWayGetShellEgGateWayGetShell
CMSmap A tool for security scanning of popular CMShttps://github.com/Dionach/CMSmapCMSmap
WordPress Vulnerability Scanner developed with Gohttps://github.com/blackbinn/wpreconwprecon
A Ruby framework designed to help with penetration testing of WordPress systemshttps://github.com/rastating/wordpress-exploit-frameworkwordpress-exploit-framework
WPScan WordPress Security Scannerhttps://github.com/wpscanteam/wpscanwpscan
WPForce WordPress Attack Kithttps://github.com/n00py/WPForceWPForce

General exploit tool

Project Descriptionproject addressproject name
DOM-based fast XSS vulnerability scannerhttps://github.com/dwisiswant0/findom-xssfindom-xss
Very common XSS platformhttps://github.com/beefproject/beefbeef

Database utilization tool

Project Descriptionproject addressproject name
MDUT 2.0 Database Utilization Toolhttps://github.com/SafeGroceryStore/MDUTMDUT
Comprehensive high-risk exploit tools (including major databases)https://github.com/Liqunkit/LiqunKit_LiqunKit
sqlserver exploit toolhttps://github.com/uknowsec/SharpSQLToolsSharpSQLTools
Perform lateral movement in constrained environments via a compromised Microsoft SQL Server via socket reusehttps://github.com/blackarrowsec/mssqlproxymssqlproxy
ODAT: Oracle Database Attack Toolhttps://github.com/quentinhardy/odatODAT

blasting tool

Project Descriptionproject addressproject name
A scanning blasting tool that combines excellent tool functions such as fscan and kscan.https://github.com/i11us0ry/goongoon
Super weak password check tool is a weak password audit tool for Windows platformhttps://github.com/shack2/SNETCrackerSuper weak password checker
Web-Brutator middleware interface blastinghttps://github.com/koutto/web-brutatorWeb-Brutator
WebCrack is a web background weak password/universal password batch detection toolhttps://github.com/yzddmr6/WebCrackWebCrack
zero-crack Web application (webapps) brute force cracking gadgethttps://github.com/0-sec/zero-crackzero-crack
WordPress super fast brute force toolhttps://github.com/22XploiterCrew-Team/WordPress-Brute-ForceWordPress-Brute-Force
ssb A faster and simpler tool for blasting SSH servershttps://github.com/kitabisa/ssbssh blast
rsync weak password scanning (blasting)https://github.com/hi-unc1e/some_scripts/blob/master/EXPs/rsync_weakpass.pyrsync

dictionary collection

Project Descriptionproject addressproject name
– Some common default device/app passwords organized onlinehttps://forum.ywhack.com/bountytips.php?passwordEdgeTeam
– Some default password tables for Huawei series devices organized onlinehttps://forum.ywhack.com/bountytips.php?huaweiEdgeTeam
– Dictionaries collection items such as penetration testing, SRC vulnerability mining, blasting, and Fuzzinghttps://github.com/insightglacier/Dictionary-Of-PentestingDictionary-Of-Pentesting
Fuzz dictionary, one is enoughhttps://github.com/TheKingOfDuck/fuzzDictsWeb Pentesting
– Web fuzzing dictionary with some payloadshttps://github.com/gh0stkey/Web-Fuzzing-BoxWeb Fuzzing Box
Upload vulnerability fuzz dictionary generation scripthttps://github.com/c0ny1/upload-fuzz-dic-builderupload-fuzz-dic-builder
Collection of multiple types of lists used during security assessmentshttps://github.com/danielmiessler/SecListsSecLists
Payload library for penetration testers and bug bounty huntershttps://github.com/sh377c0d3/PayloadsPayloads
Various weak password dictionaries based on actual combat precipitationhttps://github.com/fuzz-security/SuperWordlistSuperWordlist
TOP25 parameter dictionary of various vulnerabilitieshttps://github.com/lutfumertceylan/top25-parametertop25-parameter
Extract and collect qualified strong and weak passwords from previously leaked passwordshttps://github.com/r35tart/RW_PasswordRW_Password

Intranet penetration tool


webshell hosting tool

Project Descriptionproject addressproject name
Godzillahttps://github.com/BeichenDream/GodzillaGodzilla
“Ice Scorpion” dynamic binary encryption website management clienthttps://github.com/rebeyond/BehinderBehinder
China Ant Sword is an open source cross-platform website management toolhttps://github.com/AntSwordProject/antSwordantSword
One-sentence web management toolhttps://github.com/boy-hack/WebshellManagerWebshellManager
Cross-Platform Chinese Kitchen Knifehttps://github.com/Chora10/Cknifecknife

password extraction tool

Project Descriptionproject addressproject name
Various password extractionhttps://github.com/kerbyj/goLazagnegoLazagne
Used to read common program passwords, such as Navicat, TeamViewer, FileZilla, WinSCP, etc.https://github.com/RowTeam/SharpDecryptPwdSharpDecryptPwd
Xshell, Xftp password decryption toolhttps://github.com/JDArmy/SharpXDecryptSharpXDecrypt
An export tool for decrypting browser data (password|history|cookie|bookmark|credit card|download record), supporting mainstream browsers on all platforms.https://github.com/moonD4rk/HackBrowserData/HackBrowserData
An identification code and verification code extraction tool for sunflowerhttps://github.com/wafinfo/Sunflower_get_PasswordSunflower_get_Password
One-click CobaltStrike script to assist in grabbing 360 secure browser passwords and decryption gadgetshttps://github.com/hayasec/360SafeBrowsergetpass360SafeBrowsergetpass
BrowserGhost tool to grab browser passwordshttps://github.com/QAX-A-Team/BrowserGhostBrowserGhost
win-brute-logon cracks any Microsoft Windows user password without permissionhttps://github.com/DarkCoderSc/win-brute-logonwin-brute-logon
TeamViewer: Bypass anti-software tool to obtain Teamview passwordhttps://github.com/wafinfo/TeamViewerTeamViewer
Xdecrypt Xshell Xftp password decryptionhttps://github.com/dzxs/XdecryptXdecrypt

Lateral movement tool

Project Descriptionproject addressproject name
Mimikatz Windows Password Grabberhttps://github.com/gentilkiwi/mimikatzmimikatz
sharpwmi rpc-based lateral movement tool with upload and execute command functionshttps://github.com/QAX-A-Team/sharpwmisharpwmi
File download command is generated quicklyhttps://forum.ywhack.com/bountytips.php?downloadshortcut command
One-click generation of rebound shell commandshttps://forum.ywhack.com/shell.phpbounce shell
ATT&CK Lateral Movement Summary Tipshttps://attack.mitre.org/tactics/TA0008/attack
Pass hash to named pipe for token impersonationhttps://github.com/S3cur3Th1sSh1t/NamedPipePTHNamedPipePTH
Common lateral movement and domain control authority maintenance methodshttps://xz.aliyun.com/t/9382Methodology

Tunnel proxy tool

Project Descriptionproject addressproject name
A full-platform proxy tool that supports a variety of socks protocolshttps://www.proxifier.com/proxifier
High-performance reverse proxy application focusing on intranet penetrationhttps://github.com/fatedier/frpfrp
Lightweight, high-performance, powerful intranet penetration proxy serverhttps://github.com/ehang-io/npsnps
Improved reGeorg versionhttps://github.com/L-codes/Neo-reGeorgNeo-reGeorg
It is a tool that uses the dns protocol to transmit tcp datahttps://github.com/alex-sector/dns2tcpdns2tcp
is a DNS tunneling toolhttps://github.com/iagox86/dnscat2dnscat2
Intranet penetration proxy, port forwarding toolhttp://rootkiter.com/Termite/Termite
A simple reverse ICMP shellhttps://github.com/inquisb/icmpshicmpsh
Forward/reverse proxy, intranet penetration, port forwardinghttps://github.com/inconshreveable/ngrokskirt
Pingtunnel is a tool for forwarding tcp/udp/sock5 traffic disguised as icmp traffichttps://github.com/esrrhs/pingtunnelping tunnel
pystinger – An out-of-network tool that uses webshell for traffic forwardinghttps://github.com/FunnyWolf/pystingerpystinger
goproxy is a lightweight, powerful, high-performance proxy toolhttps://github.com/snail007/goproxygoproxy
A tool that can perform reverse proxy and cs online without going onlinehttps://github.com/Daybr4ak/C2ReverseProxyC2ReverseProxy

O&M & Party A & Defender Tools


emergency response tool

Project Descriptionproject addressproject name
Automatic and comprehensive detection script of the host-side Checklisthttps://github.com/grayddq/GScanGscan
Practical notes on emergency response, self-cultivation of a safety engineerhttps://github.com/Bypass007/Emergency-Response-NotesBypass007
Linux information collection/emergency response/common backdoor/mining detection/webshell detection scripthttps://github.com/al0ne/LinuxCheckLinuxCheck
APT-Hunter Windows log event emergency toolhttps://github.com/ahmedkhlief/APT-HunterAPT-Hunter
uroboros – A GNU/Linux monitoring and profiling tool that focuses on a single processhttps://github.com/evilsocket/uroborosuroboros
A powerful emergency response tool under whohk linuxhttps://github.com/heikanet/whohkwhohk
Malwoverview is a first responder tool for threat huntinghttps://github.com/alexandreborges/malwoverviewmalwoverview
Attack Surface Analyzer can help you analyze the security configuration of your operating systemhttps://github.com/Microsoft/AttackSurfaceAnalyzerAttackSurfaceAnalyzer
A tool for real-time detection of malicious web traffic based on IP reputation informationhttps://github.com/CRED-CLUB/ARTIFARTIF
Rootkit Hunter Rootkit Hunterhttp://rkhunter.sourceforge.net/Rootkit
SHELPUB.COM focuses on killing hippo webshell killinghttps://www.shellpub.com/hippo webshell
Fire Kylin-Network Security Emergency Response Tool (System Trace Collection)https://github.com/MountCloud/FireKylinFireKylin
Log analysis library, another usage of nucleihttps://github.com/ffffffff0x/LOG-HUBLOG-HUB

The Defense Tool is a github repository by L0una