隨著互聯網的迅速發展,網絡安全問題日益嚴峻。黑客攻擊和網絡漏洞成為讓人頭痛的問題。為了保護自己的網絡安全,安全專家不僅需要了解網絡安全原理,還需要熟悉網絡滲透工具的使用。Python作為一種簡單易學且功能強大的編程語言,被廣泛應用于網絡安全領域。本文將推薦python滲透工具。
漏洞及滲透練習平臺
WebGoat漏洞練習平臺: https://github.com/WebGoat/WebGoat webgoat-legacy漏洞練習平臺: https://github.com/WebGoat/WebGoat-Legacy zvuldirll漏洞練習平臺: https://github.com/710leo/ZVulDrill vulapps漏洞練習平臺: https://github.com/Medicean/VulApps dvwa漏洞練習平臺: https://github.com/RandomStorm/DVWA 數據庫注入練習平臺 : https://github.com/Audi-1/sqli-labs 用node編寫的漏洞練習平臺,like OWASP Node Goat: https://github.com/cr0hn/vulnerable-node Ruby編寫的一款工具,生成含漏洞的虛擬機: https://github.com/cliffe/secgen
花式掃描器
Nmap端口掃描器: https://github.com/nmap/nmap 本地網絡掃描器: https://github.com/SkyLined/LocalNetworkScanner 子域名掃描器: https://github.com/lijiejie/subDomainsBrute https://github.com/aboul3la/Sublist3r https://github.com/TheRook/subbrute https://github.com/infosec-au/altdns linux漏洞掃描: https://github.com/future-architect/vuls 基于端口掃描以及關聯CVE: https://github.com/m0nad/HellRaiser 漏洞路由掃描器: https://github.com/jh00nbr/Routerhunter-2.0 迷你批量信息泄漏掃描腳本: https://github.com/lijiejie/BBScan Waf類型檢測工具: https://github.com/EnableSecurity/wafw00f 服務器端口弱口令掃描器: https://github.com/wilson9x1/fenghuangscanner_v3 Fox-scan掃描器: https://github.com/fengxuangit/Fox-scan/
信息搜集工具
社工收集器: https://github.com/n0tr00t/Sreg Github信息搜集: https://github.com/sea-god/gitscan github Repo信息搜集工具: https://github.com/metac0rtex/GitHarvester 信息探測及掃描工具: https://github.com/darryllane/Bluto 內部網絡信息掃描器: https://github.com/sowish/LNScan 遠程桌面登錄掃描器: https://github.com/linuz/Sticky-Keys-Slayer 網絡基礎設施滲透工具 https://github.com/SECFORCE/sparta SNMAP密碼破解: https://github.com/SECFORCE/SNMP-Brute
WEB
webshell大合集: https://github.com/tennc/webshell 滲透以及web攻擊腳本: https://github.com/brianwrf/hackUtils web滲透小工具大合集: https://github.com/rootphantomer/hacktoolsfor_me XSS數據接收平臺: https://github.com/firesunCN/BlueLotus_XSSReceiver XSS與CSRF工具: https://github.com/evilcos/xssor xss多功能掃描器: https://github.com/shawarkhanethicalhacker/BruteXSS web漏洞掃描器: https://github.com/andresriancho/w3af WEB漏洞掃描器: https://github.com/sullo/nikto 滲透常用小工具包: https://github.com/leonteale/pentestpackage web目錄掃描器: https://github.com/maurosoria/dirsearch web向命令注入檢測工具: https://github.com/stasinopoulos/commix 自動化SQL注入檢查工具: https://github.com/epinna/tplmap SSL掃描器: https://github.com/rbsec/sslscan 安全工具集合: https://github.com/codejanus/ToolSuite apache日志分析器: https://github.com/mthbernardes/ARTLAS php代碼審計工具: https://github.com/pwnsdx/BadCode web指紋識別掃描: https://github.com/urbanadventurer/whatweb 檢查網站惡意攻擊: https://github.com/ciscocsirt/malspider wordprees漏洞掃描器: https://github.com/wpscanteam/wpscan 固件漏洞掃描器: https://github.com/misterch0c/firminator_backend 數據庫注入工具 https://github.com/sqlmapproject/sqlmap Web代理: https://github.com/zt2/sqli-hunter 新版中國菜刀: https://github.com/Chora10/Cknife git泄露利用EXP: https://github.com/lijiejie/GitHack 瀏覽器攻擊框架: https://github.com/beefproject/beef 自動化繞過WAF腳本: https://github.com/khalilbijjou/WAFNinja https://github.com/owtf/wafbypasser 一款開源WAF: https://github.com/SpiderLabs/ModSecurity http命令行客戶端: https://github.com/jkbrzt/httpie 瀏覽器調試利器: https://github.com/firebug/firebug DISCUZ漏洞掃描器: https://github.com/code-scan/dzscan 自動化代碼審計工具 https://github.com/wufeifei/cobra 瀏覽器攻擊框架: https://github.com/julienbedard/browsersploit tomcat自動后門部署: https://github.com/mgeeky/tomcatWarDeployer 網絡空間指紋掃描器: https://github.com/nanshihui/Scan-T burpsuit之J2EE掃描插件: https://github.com/ilmila/J2EEScan
CNCERT國家工程研究中心
全球網絡安全資訊
看雪學苑
D1Net
安全牛
GoUpSec
E安全
看雪學苑
安全圈
E安全
系統安全運維
安全牛
