Question

10.6. 漏洞利用/检测

10.6.1. 数据库注入

• SQLMap
• bbqsql
• MSDAT Microsoft SQL Database Attacking Tool

10.6.2. 非结构化数据库注入

• NoSQLAttack
• NoSQLMap
• Nosql Exploitation Framework
• MongoDB audit

10.6.3. 数据库漏洞利用

• mysql unsha1
• ODAT Oracle Database Attacking Tool

10.6.4. XSS

• BeEF
• XSS Reciver
• DSXS
• XSStrike
• xsssniper
• tracy
• xsleaks A collection of browser-based side channel attack vectors

10.6.5. SSRF

• SSRFmap
• SSRF Proxy
• Gopherus
• SSRF Testing

10.6.6. 模版注入

• tplmap

10.6.7. HTTP Request Smuggling

• smuggler An HTTP Request Smuggling / Desync testing tool written in Python
• h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

10.6.8. 命令注入

• commix

10.6.9. PHP

• Chankro Herramienta para evadir disable_functions y open_basedir

10.6.10. LFI

• LFISuite
• FDsploit

10.6.11. struts

• struts scan

10.6.12. CMS

• Joomla Vulnerability Scanner
• Drupal enumeration & exploitation tool
• Wordpress Vulnerability Scanner
• TPscan 一键ThinkPHP漏洞检测
• dedecmscan 织梦全版本漏洞扫描

10.6.13. Java框架

• ShiroScan Shiro<=1.2.4反序列化检测工具
• fastjson rce tool fastjson命令执行利用工具

10.6.14. DNS相关漏洞

• dnsAutoRebinding
• AngelSword
• Subdomain TakeOver
• dnsReaper dnsReaper - subdomain takeover tool
• mpDNS
• JudasDNS Nameserver DNS poisoning
• singularity A DNS rebinding attack framework by NGC Group

10.6.15. DNS数据提取

• dnsteal
• DNSExfiltrator
• dns exfiltration by krmaxwell
• dns exfiltration by coryschwartz
• requestbin for dns

10.6.16. DNS 隧道

• dnstunnel de
• iodine

10.6.17. DNS Shell

• chashell
• dnscat2

10.6.18. XXE

• XXEinjector
• XXER
• DTD Finder List DTDs and generate XXE payloads using those local DTDs

10.6.19. 反序列化

10.6.19.1. Java反序列化

• ysoserial
• JRE8u20 RCE Gadget
• Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form
• marshalsec Java Unmarshaller Security - Turning your data into code execution
• gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications
• fastjsonScan fastjson漏洞burp插件

10.6.19.2. .NET反序列化

• viewgen ASP.NET ViewState Generator

10.6.20. JNDI

• Rogue JNDI A malicious LDAP server for JNDI injection attacks
• JNDI Injection Exploit
• JNDIExploit

10.6.21. 端口Hack

• nmap vulners
• nmap nse scripts
• Vulnerability Scanning with Nmap

10.6.22. JWT

• jwtcrack

10.6.23. 无线

• infernal twin

10.6.24. 中间人攻击

• mitmproxy
• MITMf
• ssh mitm
• injectify
• Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
• toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
• bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks

10.6.25. DHCP

• DHCPwn

10.6.26. DDoS

• Saddam

10.6.27. 正则表达式

• Regexploit Find regular expressions which are vulnerable to ReDoS

10.6.28. Shellcode

• go shellcode A repository of Windows Shellcode runners and supporting utilities

10.6.29. 越权

• secscan authcheck

10.6.30. 利用平台

• DNSLog 是一款监控 DNS 解析记录和 HTTP 访问记录的工具
• LuWu 红队基础设施自动化部署工具

10.6.31. 漏洞利用库

• Penetration Testing POC
• thc ipv6 IPv6 attack toolkit

10.6.32. 漏洞利用框架

• pocsuite3

10.6.33. Windows

• PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients