运维 · 2023年9月22日 0

红队框架工具列表|收藏

攻击技战法

  • [list] 云上攻击技战法 https://hackingthe.cloud/

  • [doc] 红队技术实战 https://ired.team/

威胁情报 Threat Intelligence

  • [list] https://github.com/hslatman/awesome-threat-intelligence

红队框架/工具集 Redteam Framework

  • [tool] Utilities for MITRE™ ATT&CK https://github.com/nshalabi/ATTACK-Tools

  • [tool] 好用的渗透工具列表 https://github.com/enaqx/awesome-pentest

  • [book] KALI渗透 https://jobrest.gitbooks.io/kali-linux-cn/content/

  • [paper] ATT&CK 发布了七款安全产品的评估 https://medium.com/mitre-attack/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d

  • [doc] 红队技术实战 https://ired.team/

  • [tool] 红队框架 https://ired.team/offensive-security/red-team-infrastructure/automating-red-team-infrastructure-with-terraform

  • [cheatsheet] 红队手册 https://github.com/mantvydasb/Offensive-Security-OSCP-Cheatsheets/

  • [tool] 渗透、红队工具集 https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

  • [tool] 红队资源集合 https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/

  • [tool] APT实战资源 https://osint-labs.org/apt/

  • [cheatsheet] Windows 渗透 https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html

MITRE ATT&CK Matrix

  • Caldera https://github.com/mitre/caldera https://caldera.readthedocs.io/en/latest/index.html

  • Atomic Red Team https://github.com/redcanaryco/atomic-red-team https://atomicredteam.io

  • DumpsterFire https://github.com/TryCatchHCF/DumpsterFire

  • Metta https://github.com/uber-common/metta https://github.com/uber-common/metta/wiki

  • RTA https://github.com/endgameinc/RTA

业内红队 Industry

  • https://specterops.io/

  • https://www.synack.com/red-team/

攻击杀伤链

信息搜集 Reconnaissance

OSINT 在线工具

  • [tool] 信息搜集和渗透工具集 https://github.com/projectdiscovery/

  • [tool] 企业邮箱搜索工具 http://www.skymem.info/

  • [tool] 子域名和DNS历史记录Dnstrails https://securitytrails.com/dns-trails

  • [tool] 全网证书搜索 http://crt.sh

  • [tool] 多种域名/IP信息工具 https://viewdns.info/

  • [tool] https://pentest-tools.com

  • [tool] 全网资产搜索 Shodan https://www.shodan.io/

  • [tool] 全网资产搜索 Censys https://censys.io

  • [tool] 全网资产搜索 Fofa https://fofa.so/

  • [tool] 全网资产搜索 Zoomeye https://www.zoomeye.org/

  • [tool] DNS查询 https://dnsdumpster.com/

  • [tool] 文件在线监测 VirusTotal https://www.virustotal.com/

  • [tool] DNS查询 http://www.dnsgoodies.com/

  • [tool] Google ASE aka Google Dorking [Most effective in some cases]

  • [tool] Spiderfoot [Currently Free, just request for a Spiderfoot instance]

  • [tool] Binaryedge [Paid/Rate-Limited]

  • [tool] onyphe.io [Free mostly]

  • [tool] Github用户历史记录API https://api.github.com/users/{username}/events

信息搜集工具

  • [tool] BigBountyRecon https://github.com/Viralmaniar/BigBountyRecon

指纹识别

  • [tool] WAF识别 https://github.com/stamparm/identYwaf

入口突破 Entry

钓鱼 Phishing

  • [tool] https://github.com/klionsec/PhishingExploit

  • [tool] https://github.com/gophish/gophish

  • [cases] 利用谷歌开放平台OAuth授权,伪装成Google Doc使用GMail传播钓鱼 https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/

  • [blog] Office在线视频钓鱼 https://blog.cymulate.com/abusing-microsoft-office-online-video

  • [tool] 邮件钓鱼工具 https://www.mailsploit.com/index

  • [trick] 利用DOCX文档远程模板注入执行宏https://xz.aliyun.com/t/2496

  • [trick] 浏览器窗口伪造 https://github.com/openworldoperations/FISHY

  • [trick] 鼠标光标伪造 https://jameshfisher.github.io/cursory-hack/

硬件交互设备 HID Attack

无线入侵 Wireless Attack

  • [tool] 无需四次握手包破解WPA&WPA2密码 http://www.freebuf.com/articles/wireless/179953.html

服务器带外管理BMC、IPMI供应链攻击

  • [blog] 针对目标企业开源项目的针对性软件供应链攻击 https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

Exploitation

  • [tool] PE文件转为Shellcode / https://github.com/hasherezade/pe_to_shellcode

  • [blog] Java Runtime.exec(String)执行任意命令 https://www.anquanke.com/post/id/159554https://mp.weixin.qq.com/s/pzpc44-xH932M4eCJ8LxYghttp://jackson.thuraisamy.me/runtime-exec-payloads.html

  • [paper] 利用 Java JDBC 驱动利用反序列化漏洞 https://xz.aliyun.com/t/7067

  • [blog] 关于Jackson的CVEs https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

  • [paper] FastJson漏洞历史 https://github.com/miaochiahao/slides/tree/master/fastjson

  • [tool] 一键日Jira https://github.com/0x48piraj/Jiraffe

  • [tool] 很全的JNDI内存马利用工具 https://github.com/feihong-cs/JNDIExploit

权限提升 Privilege Escalation

  • [cheatsheet] Windows提权笔记 https://xz.aliyun.com/t/2519

  • [cheatsheet] Windows提权小抄 https://guif.re/windowseop

  • [cheatsheet] Windows本地提权技巧 http://payloads.online/archivers/2018-10-08/1

  • [cheatsheet] Linux提权小抄 https://guif.re/linuxeop

  • [exploit] Windows-Exploit-Suggester https://github.com/GDSSecurity/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py

  • [exploit] Linux-Exploit-Suggester https://github.com/PenturaLabs/Linux_Exploit_Suggester/

  • [exploit] Windows Exploits https://github.com/abatchy17/WindowsExploits

  • [exploit] Windows Sherlock本地提权漏洞检查 https://github.com/rasta-mouse/Sherlock

  • [cheatsheet] Linux sudo滥用提权 http://touhidshaikh.com/blog/?p=790

  • [blog] 深入解读MS14-068漏洞:微软精心策划的后门?http://www.freebuf.com/vuls/56081.html

  • [paper] Windows特权提升 https://www.exploit-db.com/docs/english/46131-windows-privilege-escalations.pdf

  • [tool] juicy-potato本地提权 https://github.com/ohpe/juicy-potato https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/

  • [exploit] hh.exe提权 https://twitter.com/FlatL1ne/status/1194208167976165376

  • [tool] Linux本地信息搜集 https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh

  • [tool] Linux进程监控 https://github.com/DominicBreuker/pspy

  • [cheatsheet] Linux Privilege Escalation https://book.hacktricks.xyz/linux-unix/privilege-escalation

持久化后门 Persistent

  • [tool] Gray Dragon .NET应用Runtime注入工具 / https://www.digitalbodyguard.com/graydragon.html

  • [trick] 利用环境变量,在任意.Net应用DLL注入 / https://mobile.twitter.com/subTee/status/864903111952875521 https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/bb384689(v=vs.100)

  • [tool] PHP-FPM无文件后门Webshell https://www.anquanke.com/post/id/163197

  • [tool] 利用PrintDialog持久化+执行命令 http://www.hexacorn.com/blog/2018/08/11/printdialog-exe-yet-another-lolbin-for-loading-dlls/

  • [tool] SystemSettings http://www.hexacorn.com/blog/2018/08/12/systemsettings-exe-yet-another-lolbin-for-loading-dlls/

  • [tool] 二进制加密Webshell https://xz.aliyun.com/t/2744https://github.com/rebeyond/Behinder

  • [cheatsheet] Linux权限维持 https://xz.aliyun.com/t/7338

  • [tool] Linux eBPF backdoor https://github.com/kris-nova/boopkit

  • [tool] 5行代码编译 PAM 后门 https://infosecwriteups.com/creating-a-backdoor-in-pam-in-5-line-of-code-e23e99579cd9

Post Exploitation

Windows

  • 无Powershell.exe的Powershell工具 / https://github.com/Ben0xA/nps

  • 全阶段的Powershell渗透测试脚本 / https://github.com/samratashok/nishang

  • 命令执行 Living off the Land https://github.com/api0cradle/LOLBAS

  • C# 后渗透测试库 SharpSploit 介绍 https://posts.specterops.io/introducing-sharpsploit-a-c-post-exploitation-library-5c7be5f16c51

  • [blog] Windows执行命令和下载文件总结 https://www.cnblogs.com/17bdw/p/8550189.html

  • [trick] 使用Rundll32运行.Net程序 https://blog.xpnsec.com/rundll32-your-dotnet/

  • [tool] .NET DllExport https://github.com/3F/DllExport

Linux

  • 纯Bash实现的后渗透工具 / https://github.com/TheSecondSun/Bashark/

凭据窃取 Credentials

  • [tool] SafetyKatz https://github.com/GhostPack/SafetyKatz

  • [tool] Shellcode Dump LSASS https://osandamalith.com/2019/05/11/shellcode-to-dump-the-lsass-process/

  • [tool] 内网密码搜集和解密工具 https://github.com/klionsec/Decryption-tool

横向移动 Letaral Movement

  • [tool] 端口扫描 wrriten in GO https://github.com/ffuf/ffuf/tree/master

  • [tool] 域信息搜集,域管理员的六度空间 https://github.com/BloodHoundAD/SharpHound

  • [usage] NMap空闲隐蔽扫描 https://nmap.org/book/idlescan.html

  • [blog] 使用meterpreter进行NTLM中继攻击 https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445/

  • [tool] Responder NetBIOS名称欺骗和LLMNR欺骗 https://github.com/SpiderLabs/Responder

  • [tool] NTLM Relay 攻击 Exchange Web Services https://github.com/Arno0x/NtlmRelayToEWS

  • [tool] SMB中间人劫持 https://github.com/quickbreach/SMBetray

  • [tool] 代理隧道 https://github.com/txthinking/brook

  • [tool] 代理隧道 https://github.com/Dliv3/Venom

绕过检测 Defense Evasion

  • [book] 效果不错的免杀,使用C#绕过杀毒软件

  • [tool] 生成免杀的Metasploit Payload / https://github.com/Veil-Framework/Veil

  • [code] 自定义Meterpreter加载 / http://www.freebuf.com/articles/system/53818.html

  • [blog] 九种姿势执行Mimikaz

  • [blog] 使用.Net可执行程序进行渗透

  • [blog] ATT&CK 攻击矩阵 躲避防御

  • [blog] 绕过下一代杀软

  • [blog] Windows NTFS特殊文件夹绕过检测

  • [paper] Winnti Bootkit http://williamshowalter.com/a-universal-windows-bootkit/

  • [paper] UEFI Rootkit https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/

  • [twitter] Linux Bash 混淆 https://twitter.com/DissectMalware/status/1025580967384305664

  • [tool] 免杀工具 AVEThttps://github.com/govolution/avet

  • [blog] 绕过CrowdStrike检测 https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

  • [blog] 10 种绕过杀毒软件的方式 https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/

  • [tool] DLL Side Loding Attack Gen https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator

  • [tool] BypassAV ShellCode Loader https://github.com/k8gege/scrun

  • [blog] Protecting Your Malware with blockdlls and ACG 利用微软自身提供的安全机制来反EDR https://blog.xpnsec.com/protecting-your-malware/

  • [blog] Detecting Parent PID Spoofing https://blog.f-secure.com/detecting-parent-pid-spoofing/

  • [tips] 对抗EDR的三个重要特征: 1. Process Relationship / 2. Suspicious Network / 3. Command Line.

  • [blog] Antivirus Evasion with Python https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1

  • [tool] JS免杀Shellcode https://github.com/Hzllaga/JsLoader

  • [tool] 利用杀毒软件销毁自身 https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/

  • [tool] 免杀合集 https://github.com/TideSec/BypassAntiVirus

  • [tool] Apache/Nginx端口转发,隐藏TeamServer https://github.com/threatexpress/cs2modrewrite

  • [tool] 《使用C#编写自定义后门负载》学习笔记及免杀尝试 https://xz.aliyun.com/t/6222

  • [tool] 杀软进程名检查 https://github.com/gh0stkey/avList/

  • [blog] Windows免杀新技术 Process Herpaderping https://jxy-s.github.io/herpaderping/

  • [blog] Domain Borrowing: 一种基于CDN的新型隐蔽通信方法 https://xlab.tencent.com/cn/2021/05/14/domain-borrowing/

C&C

  • [tool] ICMP后门 https://github.com/inquisb/icmpsh

  • [tool] Windows远控 in C# https://github.com/quasar/QuasarRAT

  • [tool] Defcon后渗透工具,大宝剑 https://github.com/zerosum0x0/koadic

  • [tool] Custom Command and Control https://labs.mwrinfosecurity.com/tools/c3

  • [paper] CobaltStrike教程文档 https://wbglil.gitbooks.io/cobalt-strike/

  • [blog] PowerGhost挖矿病毒分析 https://www.freebuf.com/articles/system/219715.html

  • [tool] 隐藏网络连接的后门 https://github.com/BeetleChunks/redsails

  • [tool] Powershell反连后门 https://github.com/ZHacker13/ReverseTCPShell

  • [tool] JS VBS Payload生成器 https://github.com/mdsecactivebreach/CACTUSTORCH

  • [tool] 基于Golang的C2,DeimosC2 https://github.com/DeimosC2/DeimosC2

  • [tool] 基于Golang的反弹Shell管理程序 https://github.com/WangYihang/Platypus

  • [tool] 基于.Net框架的开源C2,https://github.com/cobbr/Covenant

  • [tool] 基于Rust的开源C2 Link,支持 Windows、Linux、MacOS https://github.com/postrequest/link

  • [tool] C语言编写的小巧精悍后门 https://github.com/MarioVilas/thetick

  • [tool] C2 Silver https://github.com/BishopFox/sliver

数据外传 Data Exfiltration

  • [blog] 数据外传技术 https://www.pentestpartners.com/security-blog/data-exfiltration-techniques/

杂项 & 辅助工具 Misc

  • [forum] Hack the box https://www.hackthebox.eu/

  • [tool] 代码生成手绘图 https://www.websequencediagrams.com/

  • [tool] 本地代码生成ascii文本绘图 graph::easy

  • [tricks] 技巧汇总 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet#lbwh-anchor

匿名邮箱和短信接收平台

  • https://lcx.cc/post/4594/

  • 复用Gmail邮箱的技巧 https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html

中间人 MITM

  • [tool] https://github.com/LionSec/xerosploit

  • [tool] 钓鱼反向代理中间人工具 https://github.com/hash3liZer/evilginx2

安卓安全 Android

  • [paper] Frida操作手册 https://github.com/hookmaster/frida-all-in-one

逆向分析 Reverse

  • [tool] NSA发布逆向分析框架Ghidra https://www.nsa.gov/resources/everyone/ghidra/

  • [tool] Modern Java Bytecode Editor https://github.com/Col-E/Recaf

爆破 & 字典 Wordlist

  • 常见服务的暴力破解 https://github.com/lanjelot/patator

  • 看起来很强的弱密码 https://github.com/r35tart/RW_Password

  • 超全Payload https://github.com/swisskyrepo/PayloadsAllTheThings

  • 社工字典生成工具 https://github.com/Saferman/cupper

渗透辅助 & OOB工具

  • [tool] nuclei 的 dnslog https://github.com/projectdiscovery/interactsh

  • [tool] lijiejie 基于 bugscan dnslog 二开的 dnslog https://github.com/lijiejie/eyes.sh

自动化扫描 & 巡检

  • [tool] 分布式扫描器WDScanner https://www.freebuf.com/sectool/203772.html

  • [tool] 灯塔资产巡检 https://github.com/TophantTechnology/ARL

云安全 & 云原生

  • [book] K8S指南 https://feisky.gitbooks.io/kubernetes/introduction/101.html

  • [list] 云上攻击技战法 https://hackingthe.cloud/

Web安全

  • [collections] Web安全项目合集 https://github.com/qazbnm456/awesome-web-security

  • [tool] Web扫描通用辅助函数集 https://wsltools.readthedocs.io/en/latest/

  • [tool] Web爬虫,基于Chrome Headless https://github.com/chaitin/rad

  • [tool] Burpsuite插件,敏感信息识别和提取 https://github.com/gh0stkey/HaE

  • [tool] MLoger – HTTP(S)/TCP/WS 抓包测试工具 https://github.com/momosecurity/Mloger

  • [tool] Web扫描器 nuclei,支持POC扫描 https://github.com/projectdiscovery/nuclei

软件包/组件/依赖安全

  • [tool] 开源漏洞库,组件安全,依赖安全 https://security.snyk.io/

  • [tool] 组件依赖安全检测 https://github.com/jeremylong/DependencyCheck

XXE

  • [tool] XXE盲打外传工具 https://github.com/TheTwitchy/xxer

  • [tool] 攻击Java RMI https://github.com/NickstaDB/BaRMIe

Java安全

  • [book] Java安全 https://github.com/anbai-inc/javaweb-sec

  • [tool] 优化版本yso https://github.com/zema1/ysoserial

前端黑魔法

  • paper 反爬虫JS破解与混淆还原手册 https://github.com/LoseNine/Restore-JS

Defense

入侵检测 Detection

  • [blog] 针对微软活动目录(AD)的七大高级攻击技术及相应检测方法 https://www.anquanke.com/post/id/161815

  • [blog] 攻防对抗:活动目录中的欺骗技术 https://www.anquanke.com/post/id/162210

  • [tool] Webshell查杀 http://www.shellpub.com/

  • [paper] eBPF进程阻断 https://www.cnxct.com/linux-kernel-hotfix-with-ebpf-lsm/

  • [paper] Tetragon进程阻断原理 https://www.cnxct.com/how-tetragon-preventing-attacks/

溯源反制

  • [tool] 利用JetBrains来进行RCE反制 https://github.com/CC11001100/idea-project-fish-exploit

主机加固

  • [blog] 隐藏其他用户的进程信息 https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/

法律法规 Laws

  • 美国信息泄露通知法 https://en.wikipedia.org/wiki/Security_breach_notification_laws

转自文章来源: https://kingx.me/pentest-tools/

如有侵权,请联系删除

好文推荐

红队打点评估工具推荐
干货|红队项目日常渗透笔记
实战|后台getshell+提权一把梭
一款漏洞查找器(挖漏洞的有力工具)
神兵利器 | 附下载 · 红队信息搜集扫描打点利器
神兵利器 | 分享 直接上手就用的内存马(附下载)
推荐一款自动向hackerone发送漏洞报告的扫描器

关注我,学习网络安全不迷路