|
|
|
## 攻击与利用 / penetration_test
|
|
|
|
|
|
|
|
1. [pocsuite3](#pocsuite3)
|
|
|
|
2. [CDK](#cdk)
|
|
|
|
3. [Viper](#viper)
|
|
|
|
4. [MDUT](#mdut)
|
|
|
|
5. [BurpCrypto](#burpcrypto)
|
|
|
|
6. [ysomap](#ysomap)
|
|
|
|
7. [MySQL-Fake-Server](#mysql-fake-server)
|
|
|
|
8. [Redis-Rogue-Server](#redis-rogue-server)
|
|
|
|
9. [MysqlT](#mysqlt)
|
|
|
|
|
|
|
|
----------------------------------------
|
|
|
|
|
|
|
|
### [pocsuite3](detail/pocsuite3.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-knownsec404-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-Python-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/knownsec/pocsuite3.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V1.8.9-red)
|
|
|
|
|
|
|
|
<https://github.com/knownsec/pocsuite3>
|
|
|
|
|
|
|
|
pocsuite3是由Knownsec 404团队开发的开源远程漏洞测试和概念验证开发框架。它带有强大的概念验证引擎,以及针对最终渗透测试人员和安全研究人员的许多强大功能。
|
|
|
|
|
|
|
|
### [CDK](detail/CDK.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-cdkteam-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-CDK-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/cdk-team/CDK.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V1.0.4-red)
|
|
|
|
|
|
|
|
<https://github.com/cdk-team/CDK>
|
|
|
|
|
|
|
|
CDK是一款为容器环境定制的渗透测试工具,在已攻陷的容器内部提供零依赖的常用命令及PoC/EXP。集成Docker/K8s场景特有的逃逸、横向移动、持久化利用方式,插件化管理。
|
|
|
|
|
|
|
|
### [Viper](detail/Viper.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-FunnyWolf-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-JS/Python-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/FunnyWolf/Viper.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V1.5.10-red)
|
|
|
|
|
|
|
|
<https://github.com/FunnyWolf/Viper>
|
|
|
|
|
|
|
|
VIPER是一款图形化内网渗透工具,将内网渗透过程中常用的战术及技术进行模块化及武器化。
|
|
|
|
|
|
|
|
### [MDUT](detail/MDUT.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-Ch1ngg-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-Java-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/SafeGroceryStore/MDUT.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V2.0.8-red)
|
|
|
|
|
|
|
|
<https://github.com/SafeGroceryStore/MDUT>
|
|
|
|
|
|
|
|
MDUT 全称 Multiple Database Utilization Tools,旨在将常见的数据库利用手段集合在一个程序中,打破各种数据库利用工具需要各种环境导致使用相当不便的隔阂;MDUT 使用 Java 开发,支持跨平台使用。
|
|
|
|
|
|
|
|
### [BurpCrypto](detail/BurpCrypto.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-whwlsfb-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-Java-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/whwlsfb/BurpCrypto.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V0.0.1-red)
|
|
|
|
|
|
|
|
<https://github.com/whwlsfb/BurpCrypto>
|
|
|
|
|
|
|
|
支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件。
|
|
|
|
|
|
|
|
### [ysomap](detail/ysomap.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-wh1t3p1g-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-Java-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/wh1t3p1g/ysomap.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V0.1.1-red)
|
|
|
|
|
|
|
|
<https://github.com/wh1t3p1g/ysomap>
|
|
|
|
|
|
|
|
Ysomap是一款适配于各类实际复杂环境的Java反序列化利用框架,可动态配置具备不同执行效果的Java反序列化利用链payload,以应对不同场景下的反序列化利用。
|
|
|
|
|
|
|
|
### [MySQL-Fake-Server](detail/MySQL-Fake-Server.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-fnmsd-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-Python-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/fnmsd/MySQL_Fake_Server.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V0.0.1-red)
|
|
|
|
|
|
|
|
<https://github.com/fnmsd/MySQL_Fake_Server>
|
|
|
|
|
|
|
|
用于渗透测试过程中的假MySQL服务器,纯原生python3实现,不依赖其它包。
|
|
|
|
|
|
|
|
### [Redis-Rogue-Server](detail/Redis-Rogue-Server.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-Dliv3-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-Python-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/Dliv3/redis-rogue-server.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V1.0.0-red)
|
|
|
|
|
|
|
|
<https://github.com/Dliv3/redis-rogue-server>
|
|
|
|
|
|
|
|
Redis 4.x/Redis 5.x RCE利用脚本. 项目最初来源于 <https://github.com/n0b0dyCN/redis-rogue-server>
|
|
|
|
|
|
|
|
### [MysqlT](detail/MysqlT.md)
|
|
|
|
![Author](https://img.shields.io/badge/Author-BeichenDream-orange)
|
|
|
|
![Language](https://img.shields.io/badge/Language-C%23-blue)
|
|
|
|
![GitHub stars](https://img.shields.io/github/stars/BeichenDream/MysqlT.svg?style=flat&logo=github)
|
|
|
|
![Version](https://img.shields.io/badge/Version-V1.0.0-red)
|
|
|
|
|
|
|
|
<https://github.com/BeichenDream/MysqlT>
|
|
|
|
|
|
|
|
伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击。
|
|
|
|
|