包含内容:
侦察
武器化
投递
命令与控制
横向移动
建立立足点
提权
数据传输
杂项
内容很不错,建议转发朋友圈作为存档。
侦察
主动情报收集
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
https://github.com/ChrisTruncer/EyeWitness
AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot.
https://github.com/jordanpotti/AWSBucketDump
AQUATONE is a set of tools for performing reconnaissance on domain names.
https://github.com/michenriksen/aquatone
spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing.
https://github.com/BishopFox/spoofcheck
Nmap is used to discover hosts and services on a computer network, thus building a "map" of the network.
https://github.com/nmap/nmap
dnsrecon a tool DNS Enumeration Script.
https://github.com/darkoperator/dnsrecon
dirsearch is a simple command line tool designed to brute force directories and files in websites.
https://github.com/maurosoria/dirsearch
Sn1per automated pentest recon scanner.
https://github.com/1N3/Sn1per
被动情报收集
Social Mapper OSINT Social Media Mapping Tool, takes a list of names & images (or LinkedIn company name) and performs automated target searching on a huge scale across multiple social media sites. Not restricted by APIs as it instruments a browser using Selenium. Outputs reports to aid in correlating targets across sites.
https://github.com/SpiderLabs/social_mapper
skiptracer OSINT scraping framework, utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget.
https://github.com/xillwillx/skiptracer
FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans.
https://github.com/ElevenPaths/FOCA
theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources.
https://github.com/laramies/theHarvester
Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.
https://github.com/laramies/metagoofil
SimplyEmail Email recon made fast and easy, with a framework to build on.
https://github.com/killswitch-GUI/SimplyEmail
truffleHog searches through git repositories for secrets, digging deep into commit history and branches.
https://github.com/dxa4481/truffleHog
Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.
https://github.com/ChrisTruncer/Just-Metadata
typofinder a finder of domain typos showing country of IP address.
https://github.com/nccgroup/typofinder
pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account.
https://github.com/thewhiteh4t/pwnedOrNot
GitHarvester This tool is used for harvesting information from GitHub like google dork.
https://github.com/metac0rtex/GitHarvester
pwndb is a python command-line tool for searching leaked credentials using the Onion service with the same name.
https://github.com/davidtavarez/pwndb/
LinkedInt LinkedIn Recon Tool.
https://github.com/vysecurity/LinkedInt
CrossLinked LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping.
https://github.com/m8r0wn/CrossLinked
findomain is a fast domain enumeration tool that uses Certificate Transparency logs and a selection of APIs.
https://github.com/Edu4rdSHL/findomain
框架
Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates.
https://www.paterva.com/web7/downloads.php
SpiderFoot the open source footprinting and intelligence-gathering tool.
https://github.com/smicallef/spiderfoot
datasploit is an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
https://github.com/DataSploit/datasploit
Recon-ng is a full-featured Web Reconnaissance framework written in Python.
https://bitbucket.org/LaNMaSteR53/recon-ng
红队武器化
WinRAR Remote Code Execution Proof of Concept exploit for CVE-2018-20250. https://github.com/WyAtu/CVE-2018-20250
Composite Moniker Proof of Concept exploit for CVE-2017-8570.
https://github.com/rxwx/CVE-2017-8570
Exploit toolkit CVE-2017-8759 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE.
https://github.com/bhdresh/CVE-2017-8759
CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.
https://github.com/unamer/CVE-2017-11882
Adobe Flash Exploit CVE-2018-4878.
https://github.com/anbai-inc/CVE-2018-4878
Exploit toolkit CVE-2017-0199 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE.
https://github.com/bhdresh/CVE-2017-0199
demiguise is a HTA encryption tool for RedTeams.
https://github.com/nccgroup/demiguise
Office-DDE-Payloads collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
CACTUSTORCH Payload Generation for Adversary Simulations.
https://github.com/mdsecactivebreach/CACTUSTORCH
SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code.
https://github.com/mdsecactivebreach/SharpShooter
Don't kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode.
https://github.com/Mr-Un1k0d3r/DKMC
Malicious Macro Generator Utility Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.
https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator
SCT Obfuscator Cobalt Strike SCT payload obfuscator.
https://github.com/Mr-Un1k0d3r/SCT-obfuscator
Invoke-Obfuscation PowerShell Obfuscator.
https://github.com/danielbohannon/Invoke-Obfuscation
Invoke-CradleCrafter PowerShell remote download cradle generator and obfuscator.
https://github.com/danielbohannon/Invoke-CradleCrafter
Invoke-DOSfuscation cmd.exe Command Obfuscation Generator & Detection Test Harness.
https://github.com/danielbohannon/Invoke-DOSfuscation
morphHTA Morphing Cobalt Strike's evil.HTA.
https://github.com/vysec/morphHTA
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
https://github.com/trustedsec/unicorn
Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
https://www.shellterproject.com/
EmbedInHTML Embed and hide any file in an HTML file.
https://github.com/Arno0x/EmbedInHTML
SigThief Stealing Signatures and Making One Invalid Signature at a Time.
https://github.com/secretsquirrel/SigThief
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
https://github.com/Veil-Framework/Veil
CheckPlease Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
https://github.com/Arvanaghi/CheckPlease
Invoke-PSImage is a tool to embeded a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.
https://github.com/peewpw/Invoke-PSImage
LuckyStrike a PowerShell based utility for the creation of malicious Office macro documents. To be used for pentesting or educational purposes only.
https://github.com/curi0usJack/luckystrike
ClickOnceGenerator Quick Malicious ClickOnceGenerator for Red Team. The default application a simple WebBrowser widget that point to a website of your choice.
https://github.com/Mr-Un1k0d3r/ClickOnceGenerator
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of MS Office documents, VB scripts, and other formats for pentest, demo, and social engineering assessments.
https://github.com/sevagas/macro_pack
StarFighters a JavaScript and VBScript Based Empire Launcher. https://github.com/Cn33liz/StarFighters
nps_payload this script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.
https://github.com/trustedsec/nps_payload
Social