diff --git a/README.md b/README.md index 5ce0231..01cdaca 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ Not only large tools which break security barriers,various small tools that op - 对目标的安全检测,主要集中在对不同链路的主动安全检测 - Security Monitor 安全监控 - 对某个安全链路的安全监控、管理平台 - - [gshark](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#gshark-) ![](https://img.shields.io/badge/-New-red) + - [gshark](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#gshark-) - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-madneal-orange) ![](https://img.shields.io/badge/Language-Go-blue) - 一款开源敏感信息监测系统,支持github、gitlab、searchcode @@ -64,6 +64,18 @@ Not only large tools which break security barriers,various small tools that op - Reconnaissance 信息收集 - 在渗透测试前置准备工作过程种涉及到的各类信息收集 + - [zsdevX/DarkEye](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#zsdevX/DarkEye) ![](https://img.shields.io/badge/-New-red) + - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-zsdevX-orange) ![](https://img.shields.io/badge/Language-Go-blue) + - 基于go完成的渗透测试信息收集利器 + - [Glass](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#Glass) ![](https://img.shields.io/badge/-New-red) + - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Author-s7ckTeam-orange) ![](https://img.shields.io/badge/Language-Python-blue) + - Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。 + - [HaE](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#HaE) ![](https://img.shields.io/badge/-New-red) + - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Author-gh0stkey-orange) ![](https://img.shields.io/badge/Language-Java-blue) + - HaE是一款可以快速挖掘目标指纹和关键信息的Burp插件 + - [AppInfoScanner](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#AppInfoScanner) ![](https://img.shields.io/badge/-New-red) + - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-kelvinBen-orange) ![](https://img.shields.io/badge/Language-Python-blue) + - 一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具。 - Vulnerability Assessment 漏洞探测 @@ -87,13 +99,13 @@ Not only large tools which break security barriers,various small tools that op - ![](https://img.shields.io/badge/Positivity-In-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-c0ny1-orange) ![](https://img.shields.io/badge/Language-Java-blue) - java内存对象搜索辅助工具,配合IDEA在Java应用运行时,对内存中的对象进行搜索。比如可以可以用挖掘request对象用于回显等场景。 - - [HackBrowserData](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#hackbrowserdata-) ![](https://img.shields.io/badge/-New-red) + - [HackBrowserData](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#hackbrowserdata-) - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-moonD4rk-orange) ![](https://img.shields.io/badge/Language-Go-blue) - 一款可全平台运行的浏览器数据导出解密工具 - - [frida-skeleton](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#frida-skeleton-) ![](https://img.shields.io/badge/-New-red) + - [frida-skeleton](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#frida-skeleton-) - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-Margular-orange) ![](https://img.shields.io/badge/Language-Python-blue) - 基于Frida完成的一个更简单易用的安卓hook框架 - - [MySQLMonitor & FileMonitor](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#mysqlmonitor--filemonitor-) ![](https://img.shields.io/badge/-New-red) + - [MySQLMonitor & FileMonitor](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#mysqlmonitor--filemonitor-) - - ![](https://img.shields.io/badge/Positivity-IN-green) ![![](https://img.shields.io/badge/Author-madneal-orange) ](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Author-TheKingofDuck-orange) ![](https://img.shields.io/badge/Language-Java|Python-blue) - MySQL实时监控工具 & 文件变化实时监控工具 @@ -105,7 +117,9 @@ Not only large tools which break security barriers,various small tools that op - Others 其他相关 - 其他安全链路下的安全类工具 - + - [passive-scan-client](https://github.com/knownsec/404StarLink2.0-Galaxy/blob/master/TOOLS_README.md#passive-scan-client) ![](https://img.shields.io/badge/-New-red) + - ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Author-c0ny1-orange) ![](https://img.shields.io/badge/Language-Java-blue) + - Passive Scan Client是一款可以将经过筛选的流量转发到指定代理的Burp被动扫描流量转发插件。 ​ # Community diff --git a/TOOLS_README.md b/TOOLS_README.md index 6350b77..c8d0d09 100644 --- a/TOOLS_README.md +++ b/TOOLS_README.md @@ -9,19 +9,31 @@ * [gshark](#gshark-) * [乙方工具向](#%E4%B9%99%E6%96%B9%E5%B7%A5%E5%85%B7%E5%90%91) * [Reconnaissance 信息收集](#reconnaissance-%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86) + * [HaE](#hae) + * [zsdevX/DarkEye](#zsdevX/DarkEye) + * [Glass](#Glass) + * [AppInfoScanner](#AppInfoScanner) + * [Vulnerability Assessment 漏洞探测](#vulnerability-assessment-%E6%BC%8F%E6%B4%9E%E6%8E%A2%E6%B5%8B) * [Kunpeng](#kunpeng) * [myscan](#myscan) + * [Penetration Test 攻击与利用](#penetration-test-%E6%94%BB%E5%87%BB%E4%B8%8E%E5%88%A9%E7%94%A8) + * [Redis Rogue Server](#redis-rogue-server) + * [Information analysis 信息分析](#information-analysis-%E4%BF%A1%E6%81%AF%E5%88%86%E6%9E%90) * [java\-object\-searcher](#java-object-searcher) * [HackBrowserData](#hackbrowserdata-) * [frida\-skeleton](#frida-skeleton-) * [MySQLMonitor & FileMonitor](#mysqlmonitor--filemonitor-) + * [Back\-penetration, intranet tools 后渗透、内网工具](#back-penetration-intranet-tools--%E5%90%8E%E6%B8%97%E9%80%8F%E5%86%85%E7%BD%91%E5%B7%A5%E5%85%B7) + * [antSword](#antsword) + * [Others 其他相关](#others-%E5%85%B6%E4%BB%96%E7%9B%B8%E5%85%B3) + * [passive-scan-client](#passive-scan-client) # 甲方工具向 @@ -65,7 +77,7 @@ https://github.com/C4o/Juggler 对某个安全链路的安全监控、管理平台 -### [gshark](https://github.com/madneal/gshark) ![](https://img.shields.io/badge/-New-red) +### [gshark](https://github.com/madneal/gshark) ![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-madneal-orange) ![](https://img.shields.io/badge/Language-Go-blue) @@ -88,6 +100,70 @@ https://github.com/madneal/gshark 在渗透测试前置准备工作过程种涉及到的各类信息收集 +## [HaE](https://github.com/gh0stkey/HaE) + +![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Author-gh0stkey-orange) ![](https://img.shields.io/badge/Language-Java-blue) + +##### 项目链接: + +https://github.com/gh0stkey/HaE + +##### 项目简述: +HaE是一款可以快速挖掘目标指纹和关键信息的Burp插件 + +##### 推荐评语: + +如果说为了挖掘资产和敏感信息用专用的工具太过繁重,那选择一个burp插件不失为一个好的选择,作者整理的大量指纹也是项目的一个很大的亮点。 + + +## [zsdevX/DarkEye](https://github.com/zsdevX/DarkEye) + +![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Author-zsdevX-orange) ![](https://img.shields.io/badge/Language-Go-blue) + +##### 项目链接: + +https://github.com/zsdevX/DarkEye + +##### 项目简述: +基于go完成的渗透测试信息收集利器 + +##### 推荐评语: + +信息收集作为渗透测试的前置步骤一直以来都繁琐复杂,这个工具很好的集成了多个功能以及api来完成这一步,且内置图形界面的工具会让使用者的体验大大提升。 + + +## [Glass](https://github.com/s7ckTeam/Glass) + +![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Author-s7ckTeam-orange) ![](https://img.shields.io/badge/Language-Python-blue) + +##### 项目链接: + +https://github.com/s7ckTeam/Glass + +##### 项目简述: +Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。 + +##### 推荐评语: + +如果从大量杂乱的信息收集结果中提取有用的系统是一个亘古不变的话题,足够的指纹识别+多来源的数据不失为一个有效的手段。 + +## [AppInfoScanner](https://github.com/kelvinBen/AppInfoScanner) + +![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85%E2%98%85-green) ![](https://img.shields.io/badge/Language-Python-blue) ![](https://img.shields.io/badge/Author-kelvinBen-orange) + +##### 项目链接: + +https://github.com/kelvinBen/AppInfoScanner + +##### 项目简述: +一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。 + +##### 推荐评语: + +从移动端APP(Android,iOS)中收集信息是在渗透测试过程中很容易忽略的一个点,如果有一个合适的工具来完成它那么最合适不过了。 + + + ## Vulnerability Assessment 漏洞探测 对目标的各类漏洞探测扫描 @@ -237,3 +313,13 @@ https://github.com/AntSwordProject/antSword 其他安全链路下的安全类工具 +## [passive-scan-client](https://github.com/c0ny1/passive-scan-client) + +![](https://img.shields.io/badge/Positivity-IN-green) ![](https://img.shields.io/badge/Score-%E2%98%85%E2%98%85%E2%98%85-yellow) ![](https://img.shields.io/badge/Language-Java-blue) ![](https://img.shields.io/badge/Author-c0ny1-orange) + +##### 项目链接: + +https://github.com/c0ny1/passive-scan-client + +##### 项目简述: +Passive Scan Client是一款可以将经过筛选的流量转发到指定代理的Burp被动扫描流量转发插件 \ No newline at end of file