| 工具类型 | 工具地址 |
| 内网扫描 | https://github.com/shadow1ng/fscan |
| 哥斯拉Webshell管理 | https://github.com/BeichenDream/Godzilla |
| ARL 资产侦察灯塔 | https://github.com/TophantTechnology/ARL |
| aliyun-accesskey-Tools | https://github.com/mrknow001/aliyun-accesskey-Tools |
| PEASS-ng 提权套装 | https://github.com/carlospolop/PEASS-ng |
| nuclei 漏洞扫描器 | https://github.com/projectdiscovery/nuclei |
| railgun 渗透集成化工具 | https://github.com/lz520520/railgun |
| YAKIT 网络安全单兵工具 | https://github.com/yaklang/yakit |
| EHole(棱洞)3.0 指纹探测工具 | https://github.com/EdgeSecurityTeam/EHole |
| Traitor 提权工具 | https://github.com/liamg/traitor |
| Stowaway 内网穿透 | https://github.com/ph4ntonn/Stowaway |
| CF 云环境利用框架 | https://github.com/teamssix/cf |
| Naabu 端口扫描 | https://github.com/projectdiscovery/naabu |
| HackBrowserData | https://github.com/moonD4rk/HackBrowserData |
| Malleable C2 Profiles | https://github.com/xx0hcd/Malleable-C2-Profiles |
| shuize(水泽) 信息收集 | https://github.com/0x727/ShuiZe_0x727 |
| Cloud-Bucket-Leak-Detection-Tools | https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools |
| SharpHostInfo 内网主机探测 | https://github.com/shmilylty/SharpHostInfo |
| pocsuite3 | https://github.com/knownsec/pocsuite3 |
| URLFinder | https://github.com/pingc0y/URLFinder |
| ALLiN 扫描工具 | https://github.com/P1-Team/AlliN |
| ihoneyBakFileScan 备份文件泄露扫描 | https://github.com/VMsec/ihoneyBakFileScan_Modify |
| spark(火花) 自动字典生成器 | https://github.com/G0mini/spark |
| Exphub 漏洞利用脚本 | https://github.com/zhzyker/exphub |
| EasyPen 综合利用工具 | https://github.com/lijiejie/EasyPen |
| Dog Tunnel(狗洞)端口映射工具 | https://github.com/vzex/dog-tunnel |
| frp 端口映射工具 | https://github.com/fatedier/frp |
| MYExploit 综合利用工具 | https://github.com/achuna33/MYExploit |
| dirsearch 目录扫描工具 | https://github.com/maurosoria/dirsearch |
| OneForAll 子域收集工具 | https://github.com/shmilylty/OneForAll |
| Cloud-Bucket-Leak-Detection-Tools 云储存利用工具 | https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools |
| ObserverWard 指纹识别工具 | https://github.com/0x727/ObserverWard |
| AtlasC2 C2框架Atlas | https://github.com/Gr1mmie/AtlasC2 |
| Goblin 钓鱼演练工具 | https://github.com/xiecat/goblin |
| AsamF 资产收集工具 | https://github.com/Kento-Sec/AsamF |
| Httpx IP、Url批量存活探测 | https://github.com/projectdiscovery/httpx |
| Ghidra 软件逆向工程框架 | https://github.com/NationalSecurityAgency/ghidra |
| crack 弱口令爆破工具 | https://github.com/niudaii/crack |
| Empire 后开发框架 | https://github.com/BC-SECURITY/Empire |
| ksubdomain 子域名爆破工具 | https://github.com/knownsec/ksubdomain |
| scan4all 综合扫描 | https://github.com/hktalent/scan4all |
| Kscan 资产测绘工具 | https://github.com/lcvvvv/kscan |
| RedGuard C2流量前置工具 | https://github.com/wikiZ/RedGuard |
| VScan 漏洞扫描工具 | https://github.com/veo/vscan |
| pydictor 字典建立工具 | https://github.com/LandGrey/pydictor |
| AutoPWN Suite 漏扫利用工具 | https://github.com/GamehunterKaan/AutoPWN-Suite |
| CloudFlair 找CF真实IP工具 | https://github.com/christophetd/CloudFlair |
| feroxbuster 目录扫描工具 | https://github.com/epi052/feroxbuster |
| POC-bomber 漏洞检测/利用工具 | https://github.com/tr0uble-mAker/POC-bomber |
| iox 端口转发工具 | https://github.com/EddieIvan01/iox |
| f8x 一键环境搭建 | https://github.com/ffffffff0x/f8x |
| URL 搜集工具 | https://github.com/lc/gau |
| 子域名发现工具 | https://github.com/projectdiscovery/subfinder |
| pocassist POC框架 | https://github.com/jweny/pocassist |
| Gobuster 目录文件、DNS和VHost爆破工具 | https://github.com/OJ/gobuster |
| Vulmap web漏洞扫描和验证工具 | https://github.com/zhzyker/vulmap |
| ESP32 Wi-Fi攻击工具 | https://github.com/risinek/esp32-wifi-penetration-tool |
| 牛屎花 C2远控 | https://github.com/YDHCUI/manjusaka |
| Amass 资产发现、子域名扫描工具 | https://github.com/OWASP/Amass |
| GitHack Git泄露利用工具 | https://github.com/lijiejie/GitHack |
| subDomainsBrute 子域名爆破工具 | https://github.com/lijiejie/subDomainsBrute |
| JNDI-Inject-Exploit 反序列化测试工具 | https://github.com/exp1orer/JNDI-Inject-Exploit |
| LadonGo 内网渗透扫描器框架 | https://github.com/k8gege/LadonGo |
| Dismap 资产发现及指纹识别 | https://github.com/zhzyker/dismap |
| afrog 漏洞扫描工具 | https://github.com/zan8in/afrog |
| TruffleHog 敏感信息搜集工具 | https://github.com/trufflesecurity/trufflehog |
| Komo 综合资产收集和漏洞扫描工具 | https://github.com/komomon/Komo |
| xray 被动扫描安全评估工具 | https://github.com/chaitin/xray |
| AppInfoScanner 移动端信息收集扫描工具 | https://github.com/kelvinBen/AppInfoScanner |
| Linux提权exp | https://github.com/Al1ex/LinuxEelvation |
| Packer Fuzzer Webpack网站扫描工具 | https://github.com/rtcatc/Packer-Fuzzer |
| Polaris 信息搜集与漏洞利用框架 | https://github.com/doimet/Polaris |
| geacon_pro 免杀工具 | https://github.com/H4de5-7/geacon_pro |
| spp 隧道代理工具 | https://github.com/esrrhs/spp |
| Payer 子域名挖掘机 | https://github.com/Pik-sec/Payer |
| MobSF 移动安全测试框架 | https://github.com/MobSF/Mobile-Security-Framework-MobSF |
| ByPassGodzilla/哥斯拉免杀生成 | https://github.com/Tas9er/ByPassGodzilla |
| katana 下一代爬虫框架 | https://github.com/projectdiscovery/katana |
| SourceDetector 自动发现.map文件 | https://github.com/SunHuawei/SourceDetector |
| windows提权漏洞检测 | https://github.com/bitsadmin/wesng |
| API未授权扫描插件 | https://github.com/API-Security/APIKit |
| Dirmap web目录扫描工具 | https://github.com/H4ckForJob/dirmap |
| vshell c2主机群管理工具 | https://github.com/veo/vshell |
| Yasso 内网渗透辅助工具集 | https://github.com/sairson/Yasso |
| JSFinder 信息收集接口 | https://github.com/Threezh1/JSFinder |
| Perun 综合扫描器 | https://github.com/WyAtu/Perun |
| AntSword 加载器 | https://github.com/AntSwordProject/AntSword-Loader |
| AntSword | https://github.com/AntSwordProject/antSword |
| Goby 漏洞扫描 | https://github.com/gobysec/Goby |
| goby exp库 | https://github.com/k3vi-07/goby-exp |
| reNgine 自动侦察框架 | https://github.com/yogeshojha/rengine |
| SatanSword 红队综合渗透框架 | https://github.com/Lucifer1993/SatanSword |
| Dirscan 目录扫描 | https://github.com/corunb/Dirscan |
| LSTAR CobaltStrike综合后渗透插件 | https://github.com/lintstar/LSTAR |
| Platypus 交互式反向 Shell 管理器 | https://github.com/WangYihang/Platypus |
| Phoenix 新一代目录扫描神器 | https://github.com/Pik-sec/Phoenix |
| RouteVulScan 递归式被动检测脆弱路径的bp插件 | https://github.com/F6JO/RouteVulScan |
| MDUT 数据库跨平台利用工具 | https://github.com/SafeGroceryStore/MDUT |
| LaZagne 密码凭证收集工具 | https://github.com/AlessandroZ/LaZagne |
| Erfrp frp二开-免杀与隐藏 | https://github.com/Goqi/Erfrp |
| EventCleaner 日志清理 | https://github.com/QAX-A-Team/EventCleaner |
| UACMe Windows bypassUAC | https://github.com/hfiref0x/UACME |
| SCAMagicScan POC漏洞扫描工具 | https://github.com/SCAMagic/SCAMagicScan |
| ENScan Go 企业信息搜集工具 | https://github.com/wgpsec/ENScan_GO |
| ThunderSearch 闪电搜索器 | https://github.com/xzajyjs/ThunderSearch |
| EmailAll 邮箱收集工具 | https://github.com/Taonn/EmailAll |
| finger 资产识别工具 | https://github.com/EASY233/Finger |
| apk扫描器 | https://github.com/dwisiswant0/apkleaks |
| Neo-reGeorg 代理工具 | https://github.com/L-codes/Neo-reGeorg |
| blasting 图形化后台爆破工具 | https://github.com/gubeihc/blasting |
| HaE 敏感信息收集 burp插件 | https://github.com/gh0stkey/HaE |
| powershell免杀混淆 | https://github.com/H4de5-7/powershell-obfuscation |
| Bundler-bypass 免杀捆绑器 | https://github.com/H4de5-7/Bundler-bypass |
| java图形化漏洞利用工具集 | https://github.com/savior-only/javafx_tools |
| Passive Scan Client - Burp被动扫描流量转发插件 | https://github.com/c0ny1/passive-scan-client |
| ffuf - Fuzz Faster U Fool | https://github.com/ffuf/ffuf |
| JDumpSpider - HeapDump敏感信息提取工具 | https://github.com/whwlsfb/JDumpSpider |
| rapiddns | https://github.com/able403/rapiddns |
| CDK - Zero Dependency Docker/K8s Penetration Toolkit | https://github.com/cdk-team/CDK |
| Mythic | https://github.com/its-a-feature/Mythic |
| windows-kernel-exploits -Windows提权 | https://github.com/SecWiki/windows-kernel-exploits |
| IPSearch - 离线IP Whois查询工具 | https://github.com/SleepingBag945/IPSearch |
| LOLBAS - Living Off The Land Binaries and Scripts | https://github.com/LOLBAS-Project/LOLBAS |
| GTFOBins - 提权命令辅助 | https://github.com/GTFOBins/GTFOBins.github.io |
| jsleak | https://github.com/channyein1337/jsleak |
| veinmind-tools - 容器安全工具集 | https://github.com/chaitin/veinmind-tools |
| BypassAntiVirus | https://github.com/TideSec/BypassAntiVirus |
| adduserbysamr-bof CS插件 | https://github.com/AgeloVito/adduserbysamr-bof |
| Supershell - C2远控平台 | https://github.com/tdragon6/Supershell |
| ExchangeOWA - OutLook信息收集工具 | https://github.com/KrystianLi/ExchangeOWA |
| gogo - 自动化扫描器 | https://github.com/chainreactors/gogo |
| HTTPServer - 内网工具 | https://github.com/Axx8/HTTPServer |
| Kunyu(坤舆) - 更高效的企业资产收集 | https://github.com/knownsec/Kunyu |
| Behinder - 冰蝎网站管理客户端 | https://github.com/rebeyond/Behinder |
| Gitleaks | https://github.com/gitleaks/gitleaks |
| Mischief-DLL-Stager | https://github.com/MitchHS/Mischief-DLL-Stager |
| GC2 - 谷歌sheet充当C2 | https://github.com/looCiprian/GC2-sheet |
| noterce | https://github.com/xiao-zhu-zhu/noterce |
| Super Xray - XRAY的GUI启动器 | https://github.com/4ra1n/super-xray |
| Firefly - Web黑盒测试工具 | https://github.com/Brum3ns/firefly |
| Fuso扶桑 - 端口转发工具 | https://github.com/editso/fuso |
| Fofa Viewer - FOFA 客户端 | https://github.com/wgpsec/fofa_viewer |
| AScan - 爱企查 | https://github.com/i11us0ry/AScan |
| ENScan Go - 企业信息查询 | https://github.com/wgpsec/ENScan_GO |
| Suo5 - HTTP代理隧道工具 | https://github.com/zema1/suo5 |
| Hikvision - 海康威视后渗透利用工具 | https://github.com/wafinfo/Hikvision |
| RedTeam-Tools | https://github.com/A-poc/RedTeam-Tools |
| API越权漏洞检测工具 | https://github.com/y1nglamore/IDOR_detect_tool |
| cdnChecker - cdn检测工具 | https://github.com/alwaystest18/cdnChecker |
| hostCollision - host碰撞工具 | https://github.com/alwaystest18/hostCollision |