Awesome-Redteam

约 4387 字大约 15 分钟

❗【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读法律法规。

Disclaimer: The technologies, concepts, and tools provided in this Git repository are intended for educational and research purposes only. Any use for illegal activities, unauthorized penetration testing, or commercial purposes is strictly prohibited. Please read the Awesome-Laws before using this repository.

📖 一个攻防知识库。A knowledge base for red teaming and offensive security.

👍 means recommand 推荐使用

to be continued...

速查文档 CheatSheets

戳这里 Click Here

DefaultCreds-Cheat-Sheet.csv
Huawei-iBMC-DefaultCreds.csv
Huawei-Product-Cheat-Sheet.csv
WeakPassword-Cheat-Sheet.csv
安全厂商及官网链接速查.txt

一些代码 Scripts

戳这里 Click Here

ShellcodeWrapper: Shellcode加密
AntivirusScanner: 杀软进程检测脚本
runtime-exec-payloads.html: java.lang.Runtime.exec() Payloads生成 
Ascii2Char: ASCII码和字符互相转换脚本 修改webshell文件名密码 
Weakpass_Generator: 在线弱密码生成工具 汉化版
Godzilla_Decryptor: 哥斯拉流量解密
Behinder4_Key_Bruteforce: 冰蝎4密钥爆破
Flask_Session_Decryptor: Flask session注入解密

攻防知识 Tips

戳这里 Click Here

信息收集-敏感信息收集
内网渗透-免杀
内网渗透-隐藏
内网渗透-Pentesting AD Mindmap
安全架构-网络攻击与防御图谱
平台搭建-DNS Log
流量分析-CobaltStrike
流量分析-Webshell
社会工程学-钓鱼邮件主题汇总
逆向分析-微信小程序反编译

编解码/加解密 Cryptography

在线工具 Online Tools

http://www.ip33.com/
http://www.metools.info/
https://www.107000.com/
http://www.hiencode.com/
http://www.atoolbox.net/
https://www.sojson.com/
https://the-x.cn/

离线工具 Offline Tools

https://github.com/wangyiwy/oktools
https://github.com/Ciphey/Ciphey
https://github.com/gchq/CyberChef 👍
http://1o1o.xyz/bo_ctfcode.html
https://github.com/guyoung/CaptfEncoder

编码/解码 Encode/Decode

http://code.mcdvisa.com/ Chinese Commercial Code 标准中文电码
https://www.compart.com/en/unicode/ Unicode
http://web.chacuo.net/charsetuuencode UUencode
https://tool.chinaz.com/tools/escape.aspx Escape/Unescape
https://zh.rakko.tools/tools/21/ HTML Entity Encode

正则表达式 Regular Expressions

https://regex101.com/
https://github.com/VincentSit/ChinaMobilePhoneNumberRegex
https://github.com/any86/any-rule

哈希算法 Hash Crack

https://www.cmd5.org/
https://www.somd5.com/
https://www.onlinehashcrack.com/
https://crackstation.net/
https://crack.sh/
https://passwordrecovery.io/
https://md5decrypt.net/en/Sha256/
https://hashes.com/en/decrypt/hash

公钥密码算法 RSA

https://www.ssleye.com/ssltool/
https://www.lddgo.net/en/encrypt/rsa works with .pem

国密算法 SM

hutool-crypto: https://github.com/dromara/hutool hutool-crypto 模块，提供对称、非对称和摘要算法封装
GmSSL: https://github.com/guanzhi/GmSSL SM2/SM3/SM4/SM9/SSL
gmssl-python: https://github.com/gongxian-ding/gmssl-python SM2/SM3/SM4/SM9
SM4: https://www.toolhelper.cn/SymmetricEncryption/SM4

网络空间测绘 Cyberspace Search Engine

综合工具 Nice Tools

Fofa: https://fofa.info/
Shodan: https://www.shodan.io/
ZoomEye: https://www.zoomeye.org/
Hunter: https://hunter.qianxin.com/
Ditecting: https://www.ditecting.com/
Quake: https://quake.360.cn/quake/
Censys: https://search.censys.io/
Netlas: https://app.netlas.io/domains/

网页/端口 Web/Ports

Wayback Machine: https://web.archive.org/ web pages saved over time
VisualPing: https://visualping.io/ website changes monitor
Dark Web Exposure: https://www.immuniweb.com/darkweb/
SG TCP/IP: https://www.speedguide.net/ports.php ports database

谷歌搜索 Google Hacking

https://www.exploit-db.com/google-hacking-database Google Hacking Database
https://github.com/cipher387/Dorks-collections-list Google Hacking Database
https://cxsecurity.com/dorks/ Google Hacking Database
https://dorks.faisalahmed.me/ Google Hacking Online
https://pentest-tools.com/information-gathering/google-hacking Google Hacking Online
http://advangle.com/ Google Hacking Online
https://0iq.me/gip/ Google Hacking Online
https://github.com/obheda12/GitDorker Google Hacking Cli
https://github.com/six2dez/dorks_hunter Google Hacking Cli

Github 搜索 Github Dork

https://github.com/search/advanced Github Dork
https://github.com/obheda12/GitDorker Github Dork
https://github.com/damit5/gitdorks_go Github Dork

开源情报 Open-Source Intelligence

综合工具 Nice Tools

OSINT Resource List: https://start.me/p/rx6Qj8/nixintel-s-osint-resource-list
OSINT Framework: https://osintframework.com/
OSINT Handbook: https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf

威胁情报 Threat Intelligence

Virustotal: https://www.virustotal.com/
腾讯哈勃分析系统: https://habo.qq.com/tool/index
微步在线威胁情报: https://x.threatbook.com/
奇安信威胁情报: https://ti.qianxin.com/
360 威胁情报: https://ti.360.net/
网络安全威胁信息共享平台: https://share.anva.org.cn/web/publicity/listPhishing
安恒威胁情报: https://ti.dbappsecurity.com.cn/
火线安全平台: https://www.huoxian.cn
知道创宇黑客新闻流: https://hackernews.cc/
SecWiki 安全信息流: https://www.sec-wiki.com/

漏洞披露 Disclosed Vulnerabilities

国家信息安全漏洞库: https://www.cnnvd.org.cn/
国家互联网应急中心: https://www.cert.org.cn/
360 网络安全响应中心: https://cert.360.cn/
知道创宇漏洞库: https://www.seebug.org/
长亭漏洞库: https://stack.chaitin.com/vuldb/
阿里云漏洞库: https://avd.aliyun.com/high-risk/list
PeiQi 漏洞库: https://peiqi.wgpsec.org/
Hackerone: https://www.hackerone.com/
CVE: https://cve.mitre.org/
National Vulnerability Database: https://nvd.nist.gov/
Vulnerability & Exploit Database: https://www.rapid7.com/db/
Packet Storm's file archive: https://packetstormsecurity.com/files/tags/exploit
Shodan: https://cvedb.shodan.io/cves stay updated with CVEs curl https://cvedb.shodan.io/cves | jq '[.cves[] | select(.cvss > 8)]'
CVEShield: https://www.cveshield.com/ latest trending vulnerabilities

接口检索 API Search

https://www.postman.com/explore/ public API
https://rapidapi.com/ public API
https://serene-agnesi-57a014.netlify.app/ discover secret API keys:

源代码检索 Source Code Search

https://publicwww.com/
https://searchcode.com/

开源资源 Open-Source Resources

社区/知识库 Communities/Knowledge Base

先知社区: https://xz.aliyun.com/
Infocon: https://infocon.org/
ffffffff0x 安全知识框架: https://github.com/ffffffff0x/1earn
狼组公开知识库: https://wiki.wgpsec.org/
Mitre ATT&CK matrices: https://attack.mitre.org/matrices/enterprise
Mitre ATT&CK techniques: http://attack.mitre.org/techniques/enterprise/
Hacking Articles: https://www.hackingarticles.in/
PostSwigger Blog: https://portswigger.net/blog
InGuardians Labs Blog: https://www.inguardians.com/
Pentest Workflow: https://pentest.mxhx.org/
Pentest Cheatsheet: https://pentestbook.six2dez.com/

思维导图/备忘录 Mindmap/Cheat Sheets

https://cheatsheets.zip/ Cheat Sheets for Developers
https://learnxinyminutes.com/ Programming/Toolkit/Command/OS/Shortcuts cheat sheet
https://github.com/Ignitetechnologies/Mindmap/ Cyber Security Mindmap
https://html5sec.org/ HTML5 Security Cheatsheet
https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg AD attack&defense mindmaps
https://github.com/WADComs/WADComs.github.io Windows/AD cheat sheet 👍

进攻性安全 Red Teaming and Offensive Security

https://www.ired.team/
https://www.thehacker.recipes/
https://ppn.snovvcrash.rocks/
https://book.hacktricks.xyz/
https://blog.harmj0y.net/
https://hausec.com/domain-penetration-testing/
https://dirkjanm.io/
https://casvancooten.com/
https://evasions.checkpoint.com/
https://redteam.guide/docs/definitions
https://github.com/HadessCS/Red-team-Interview-Questions

防御性安全 Blue Teaming and Defensive Security

https://github.com/Purp1eW0lf/Blue-Team-Notes

操作安全 Operation Security

https://github.com/WesleyWong420/OPSEC-Tradecraft

实战平台 Learning and Practice Platforms

Cybrary: https://www.cybrary.it/
HacktheBox: https://www.hackthebox.com/
TryHackMe: https://tryhackme.com/
Try2Hack: https://try2hack.me/
Vulnmachines: https://www.vulnmachines.com/
RangeForce: https://www.rangeforce.com/
Root Me: https://www.root-me.org/
ichunqiu: https://yunjing.ichunqiu.com/
echoCTF: https://github.com/echoCTF/echoCTF.RED for CTF
Vulnhub: https://www.vulnhub.com/

Mac M1 使用 Vulnhub 等 ova 格式镜像，需要将 ova 格式转为 qcow2，再通过 UTM 运行：

https://github.com/qemu/qemu
https://github.com/utmapp/UTM

信息收集 Reconnaissance

综合工具 Nice Tools

AlliN: https://github.com/P1-Team/AlliN
fscan: https://github.com/shadow1ng/fscan
qscan: https://github.com/qi4L/qscan
TscanPlus: https://github.com/TideSec/TscanPlus
dddd: https://github.com/SleepingBag945/dddd
kscan: https://github.com/lcvvvv/kscan
Kunyu: https://github.com/knownsec/Kunyu
OneForAll: https://github.com/shmilylty/OneForAll
ShuiZe: https://github.com/0x727/ShuiZe_0x727
FofaX: https://github.com/xiecat/fofax
Fofa Viewer: https://github.com/wgpsec/fofa_viewer
ENScan_GO: https://github.com/wgpsec/ENScan_GO
Amass: https://github.com/owasp-amass/amass
ApolloScanner: https://github.com/b0bac/ApolloScanner

IP/域名/子域名 IP/Domain/Subdomain

IP:
- https://www.ipuu.net/
- https://site.ip138.com/
- https://myip.ms/
- https://ipwhois.cnnic.net.cn
Multi Ping:
- https://ping.chinaz.com/
- https://www.host-tracker.com/
- https://www.webpagetest.org/
- https://dnscheck.pingdom.com/
IP to Domain:
- https://site.ip138.com/
- https://x.threatbook.cn/
- https://www.virustotal.com/
Whois:
- https://whois.chinaz.com/
- https://whois.aliyun.com/
- https://who.is/
- https://www.whoxy.com/
DNS:
- https://hackertarget.com/find-dns-host-records
- https://dnsdumpster.com
- https://dnsdb.io/zh-cn
- https://centralops.net/co/
- https://viewdns.info/
- https://dnsdumpster.com/
- https://rapiddns.io/
ASN:
- https://wq.apnic.net/
- https://bgp.he.net/
- https://bgpview.io/
TLS/SSL Certificat :
- https://censys.io
- https://crt.sh

指纹 Fingerprint

指纹库 Fingerprint Collection

https://github.com/r0eXpeR/fingerprint
https://github.com/0x727/FingerprintHub

指纹识别 Fingerprint Reconnaissance

https://github.com/EASY233/Finger
https://github.com/EdgeSecurityTeam/EHole
https://github.com/lemonlove7/EHole_magic
https://github.com/0x727/ObserverWard
https://github.com/TideSec/TideFinger_Go
https://github.com/zhzyker/dismap
https://www.webshell.cc/4697.html
http://www.yunsee.cn/ online

WAF 识别 Waf Checks

https://github.com/stamparm/identYwaf
https://github.com/EnableSecurity/wafw00f
https://github.com/MISP/misp-warninglists

扫描/爆破 Brute Force

扫描/爆破工具 Brute Force Tools

Port:
- https://github.com/antirez/hping
Subdomain:
- https://github.com/projectdiscovery/subfinder
- https://github.com/knownsec/ksubdomain
Web:
- https://github.com/pingc0y/URLFinder
- https://github.com/s0md3v/Arjun
- https://github.com/OJ/gobuster
- https://github.com/jaeles-project/gospider
- https://github.com/xmendez/wfuzz
Directory:
- https://github.com/maurosoria/dirsearch
- https://github.com/H4ckForJob/dirmap
- https://github.com/ffuf/ffuf
Password:
- https://github.com/vanhauser-thc/thc-hydra
- https://github.com/galkan/crowbar supports sshkey and openvpn
- https://github.com/evilsocket/legba/
Hash Cracking:
- https://github.com/openwall/john
- https://github.com/hashcat/hashcat
- https://hashcat.net/wiki/doku.php?id=example_hashes hashcat examples
- https://github.com/HashPals/Name-That-Hash hash identifier
- https://github.com/noraj/haiti hash identifier
Json web token (JWT):
- https://jwt.io/
- https://github.com/Sjord/jwtcrack
- https://github.com/ticarpi/jwt_tool
- https://github.com/mazen160/jwt-pwn
- https://github.com/brendan-rius/c-jwt-cracker
- https://github.com/wallarm/jwt-secrets/blob/master/jwt.secrets.list

扫描/爆破字典 Brute Force Dictionaries

Wordlists for All:
- https://github.com/danielmiessler/SecLists 46.4k star
- https://github.com/SexyBeast233/SecDictionary + ffuf
- https://github.com/insightglacier/Dictionary-Of-Pentesting
- https://github.com/TheKingOfDuck/fuzzDicts
- https://github.com/gh0stkey/Web-Fuzzing-Box
- https://github.com/a3vilc0de/PentesterSpecialDict
- https://github.com/Bo0oM/fuzz.txt
- https://github.com/assetnote/wordlists
- https://github.com/rapid7/metasploit-framework/tree/master/data/wordlists
Web Fuzz Wordlists:
- https://github.com/xmendez/wfuzz/tree/master/wordlist
- https://github.com/lutfumertceylan/top25-parameter
Others (not frequently used):
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext
- https://github.com/random-robbie/bruteforce-lists
- https://github.com/google/fuzzing/tree/master/dictionaries
- https://github.com/six2dez/OneListForAll

字典生成 Generate a Custom Dictionary

Online:
- Generate wordlists: https://weakpass.com/generate
- Generate subdomains and wordlists: https://weakpass.com/generate/domains
- 汉字转拼音: https://www.aies.cn/pinyin.htm
- 密码猜解: https://www.hacked.com.cn/pass.html
Private Deployment:
- Generate wordlists(offline): https://github.com/zzzteph/weakpass
- Generate subdomains and wordlists(offline): https://github.com/zzzteph/probable_subdomains
Offline:
- pydictor: https://github.com/LandGrey/pydictor/
- crunch:
  - Kali/Linux: https://sourceforge.net/projects/crunch-wordlist
  - Windows: https://github.com/shadwork/Windows-Crunch

默认口令查询 Default Credentials

Default Credentials Cheat Sheet: https://github.com/ihebski/DefaultCreds-cheat-sheet 3468 default creds
datarecovery: https://datarecovery.com/rd/default-passwords/ online
cirt.net: https://cirt.net/passwords online
Online Router Passwords:
- https://www.routerpasswords.com/
- https://portforward.com/router-password/
- https://www.cleancss.com/router-default/
- https://www.toolmao.com/baiduapp/routerpwd/
- https://datarecovery.com/rd/default-passwords/

凭据泄露 Leaked Credentials

https://have-ibeenpwned.com/
https://breachdirectory.org/

邮箱 Email

Temporary Email:
- http://24mail.chacuo.net/
- https://www.guerrillamail.com/
- https://rootsh.com/
Snov.io: https://app.snov.io
Phonebook: also works on subdomains and urls https://phonebook.cz
Skymem: https://www.skymem.info
Hunter: https://hunter.io
email-format: https://www.email-format.com/i/search/
搜邮箱: https://souyouxiang.com/find-contact/
theHarvester: also works on subdomains https://github.com/laramies/theHarvester
Verify emails: https://tools.emailhippo.com/
Accounts registered by email: https://emailrep.io/

短信 SMS Online

https://sms-activate.io 👍 more than 180 countries for sale
https://www.supercloudsms.com/en/
https://getfreesmsnumber.com/
https://www.zusms.com/
https://yunduanxin.net/
https://www.free-sms-receive.com/
https://receive-sms.cc/#google_vignette
https://bestsms.xyz/
https://smscodeonline.com/

钓鱼 Phishing

gophish: https://github.com/gophish/gophish open-source phishing toolkit
SpoofWeb: https://github.com/5icorgi/SpoofWeb deploy phishing website

移动端 Mobile

https://www.xiaolanben.com/
https://www.qimai.cn/

漏洞研究 Vulnerability Research

漏洞环境 Vulnerable Environments

基础漏洞 Basic Vulnerabilities

Sqli-labs: https://github.com/Audi-1/sqli-labs
Upload-labs: https://github.com/c0ny1/upload-labs
Xss-labs: https://github.com/do0dl3/xss-labs
DVWA: https://github.com/digininja/DVWA
WebGoat: https://github.com/WebGoat/WebGoat
encrypt-labs: https://github.com/SwagXz/encrypt-labs AES/DES/RSA

综合漏洞 Comprehensive Vulnerabilities

Vulhub: https://vulhub.org/
PortSwigger Web Security Academy: https://portswigger.net/web-security
OWASP Top10: https://owasp.org/www-project-juice-shop/
Vulstudy: https://github.com/c0ny1/vulstudy 17 platform based on docker
Vulfocus: https://github.com/fofapro/vulfocus
FastJsonParty: https://github.com/lemono0/FastJsonParty

工控环境 Vulnerable IoT Environment

IoT-vulhub: https://github.com/firmianay/IoT-vulhub

域环境 Vulnerable Active Directory Environment

Game of active directory: https://github.com/Orange-Cyberdefense/GOAD
BadBlood: https://github.com/davidprowe/BadBlood create your own example Active Directory environment

云环境 Vulnerable Cloud Environments

Awesome-CloudSec-Labs: https://github.com/iknowjason/Awesome-CloudSec-Labs
K8s Lan Party: https://www.k8slanparty.com/
badPods: https://github.com/BishopFox/badPods
Metarget: https://github.com/Metarget/metarget
TerraformGoat: https://github.com/HXSecurity/TerraformGoat
Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat
Attack Defense: https://attackdefense.pentesteracademy.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-s3
AWSGoat: https://github.com/ine-labs/AWSGoat
CloudGoat: https://github.com/RhinoSecurityLabs/cloudgoat

AI 环境 Vulnerable AI Environments

AI prompt injection challenge: https://gandalf.lakera.ai/baseline

漏洞利用 Vulnerability Exploits

综合工具 Nice Tools

https://github.com/chaitin/xpoc
https://github.com/chaitin/xray
https://github.com/zhzyker/vulmap
https://github.com/zan8in/afrog
https://github.com/projectdiscovery/nuclei

代码审计 Code Audit

tabby: https://github.com/wh1t3p1g/tabby

反序列化 Deserialization

Java

https://github.com/frohoff/ysoserial
https://github.com/Y4er/ysoserial
https://github.com/wh1t3p1g/ysomap
https://github.com/mbechler/marshalsec
https://github.com/qi4L/JYso
https://github.com/vulhub/JNDIExploit
https://github.com/welk1n/JNDI-Injection-Exploit
https://github.com/WhiteHSBG/JNDIExploit
https://github.com/rebeyond/JNDInjector
https://github.com/A-D-Team/attackRmi
https://github.com/Java-Chains/web-chains
https://github.com/DeEpinGh0st/ysoserial

PHP

https://github.com/ambionics/phpggc PHP unserialize() payloads

数据库 Database

Redis

https://github.com/cinience/RedisStudio
https://github.com/qishibo/AnotherRedisDesktopManager
https://github.com/n0b0dyCN/redis-rogue-server
https://github.com/Ridter/redis-rce
https://github.com/yuyan-sec/RedisEXP
https://github.com/r35tart/RedisWriteFile

MySQL

https://github.com/SafeGroceryStore/MDUT multiple database utilization tools
https://github.com/4ra1n/mysql-fake-server
https://github.com/dushixiang/evil-mysql-server
https://github.com/fnmsd/MySQL_Fake_Server

Oracle

odat: https://github.com/quentinhardy/odat RCE
sqlplus: https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html xxx as sysdba

MSSQL

https://github.com/uknowsec/SharpSQLTools
https://github.com/Ridter/PySQLTools

信息泄露 Information Disclosure

trufflehog: https://github.com/trufflesecurity/trufflehog find, verify, and analyze leaked credentials
git-dumper: https://github.com/arthaud/git-dumper
gitleaks: https://github.com/gitleaks/gitleaks
dvcs-ripper: https://github.com/kost/dvcs-ripper .svn、.hg、.cvs disclosure
ds_store_exp: https://github.com/lijiejie/ds_store_exp .DS_Store disclosure
Hawkeye: https://github.com/0xbug/Hawkeye gitHub sensitive information leakage monitor Spider

CMS/OA

TongdaScan_go https://github.com/Fu5r0dah/TongdaScan_go
Apt_t00ls: https://github.com/White-hua/Apt_t00ls
OA-EXPTOOL: https://github.com/LittleBear4/OA-EXPTOOL
DecryptTools: https://github.com/wafinfo/DecryptTools 22 种加解密
ncDecode: https://github.com/1amfine2333/ncDecode 用友 NC 解密
PassDecode-jar: https://github.com/Rvn0xsy/PassDecode-jar 帆软/致远解密
ezOFFICE_Decrypt: https://github.com/wafinfo/ezOFFICE_Decrypt 万户解密
LandrayDES: https://github.com/zhutougg/LandrayDES 蓝凌 OA 解密

中间件/应用层 Middleware/Application

Confluence

ConfluenceMemshell: https://github.com/Lotus6/ConfluenceMemshell
CVE-2022-26134 Memshell: https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
CVE-2023-22527 Memshell: https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL

Druid

DruidCrack: https://github.com/rabbitmask/DruidCrack
druid_sessions: https://github.com/yuyan-sec/druid_sessions

Fastjson

fastjson-exp: https://github.com/amaz1ngday/fastjson-exp

GitLab

CVE-2021-22205: https://github.com/Al1ex/CVE-2021-22205/

Nacos

NacosRce: https://github.com/c0olw/NacosRce/
nacosleak: https://github.com/a1phaboy/nacosleak
nacosScan:https://github.com/Whoopsunix/nacosScan
NacosExploitGUI: https://github.com/charonlight/NacosExploitGUI

Nps

nps-auth-bypass: https://github.com/carr0t2/nps-auth-bypass

Java

jdwp-shellifier: python2 https://github.com/IOActive/jdwp-shellifier
jdwp-shellifier: https://github.com/Lz1y/jdwp-shellifier
jascypt encryption & decryption: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption Shiro
Shiro rememberMe Decrypt: https://vulsee.com/tools/shiroDe/shiroDecrypt.html
shiro_attack: https://github.com/j1anFen/shiro_attack
shiro_rce_tool: https://github.com/wyzxxz/shiro_rce_tool
ShiroExploit: https://github.com/feihong-cs/ShiroExploit-Deprecated
ShiroExp: https://github.com/safe6Sec/ShiroExp
shiro_key: https://github.com/yanm1e/shiro_key 1k+

Struts

Struts2VulsTools: https://github.com/shack2/Struts2VulsTools

Spring Boot

SpringBoot-Scan: https://github.com/AabyssZG/SpringBoot-Scan
SpringBootVulExploit: https://github.com/LandGrey/SpringBootVulExploit
CVE-2022-22963 https://github.com/mamba-2021/EXP-POC/tree/main/Spring-cloud-function-SpEL-RCE
CVE-2022-22947/CVE-2022-22963: https://github.com/savior-only/Spring_All_Reachable
swagger-exp: https://github.com/lijiejie/swagger-exp
jasypt decrypt: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption
heapdump_tool: https://github.com/wyzxxz/heapdump_tool
Memory Analyzer: https://eclipse.dev/mat/download/
JDumpSpider:https://github.com/whwlsfb/JDumpSpider

Tomcat

CVE-2020-1938: https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi
ClassHound: https://github.com/LandGrey/ClassHound

Thinkphp

ThinkphpGUI: https://github.com/Lotus6/ThinkphpGUI
thinkphp_gui_tools: https://github.com/bewhale/thinkphp_gui_tools

Weblogic

WeblogicTool: https://github.com/KimJun1010/WeblogicTool
WeblogicScan: https://github.com/dr0op/WeblogicScan
WeblogicScan: https://github.com/rabbitmask/WeblogicScan
weblogicScanner: https://github.com/0xn0ne/weblogicScanner
weblogic-framework: https://github.com/sv3nbeast/weblogic-framework
CVE-2020-14882: https://github.com/zhzyker/exphub/blob/master/weblogic/cve-2020-14882_rce.py

WebSocket

wscat: https://github.com/websockets/wscat

vCenter

VcenterKiller: https://github.com/Schira4396/VcenterKiller
VcenterKit:https://github.com/W01fh4cker/VcenterKit
vcenter_saml_login: https://github.com/horizon3ai/vcenter_saml_login extract the Identity Provider (IdP) cert

Zookeeper

ZooInspector: https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
apache-zookeeper: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.6/ zkCli.sh

渗透测试 Penetration Testing

综合工具 Nice Tools

Yakit: https://github.com/yaklang/yakit
Burpsuite: https://portswigger.net/burp

渗透插件 Extensions

Chrome

ZeroOmega: https://github.com/zero-peak/ZeroOmega proxy switchyOmega for manifest v3
serp-analyzer: https://leadscloud.github.io/serp-analyzer/ show domain/IP
FindSomething: https://github.com/ResidualLaugh/FindSomething find something in source code or javascript
Hack Bar:https://github.com/0140454/hackbar
Wappalyzer: https://www.wappalyzer.com/ identify technologies on websites
EditThisCookie:https://www.editthiscookie.com/
Cookie-Editor:https://github.com/Moustachauve/cookie-editor
Disable JavaScript: https://github.com/dpacassi/disable-javascript
Heimdallr: https://github.com/Ghr07h/Heimdallr for honeypot
anti-honeypot:https://github.com/cnrstar/anti-honeypot for honeypot
immersive-translate: https://github.com/immersive-translate/immersive-translate/ translator
relingo: https://cn.relingo.net/en/ translator
json-formatter: https://github.com/callumlocke/json-formatter
markdown-viewer: https://github.com/simov/markdown-viewer

Burpsuite

HaE: https://github.com/gh0stkey/HaE highlighter and extractor
Log4j2Scan: https://github.com/whwlsfb/Log4j2Scan for Log4j
RouteVulScan: https://github.com/F6JO/RouteVulScan route vulnerable scanning
BurpCrypto: https://github.com/whwlsfb/BurpCrypto support AES/RSA/DES/ExecJs
domain hunter: https://github.com/bit4woo/domain_hunter_pro domain hunter
BurpAppletPentester: https://github.com/mrknow001/BurpAppletPentester sessionkey decryptor

Yakit

HaeToYakit: https://github.com/youmulijiang/HaeToYakit

辅助工具 Auxiliary Tools

工具集 Open-Source Toolkit

https://forum.ywhack.com/bountytips.php?tools
https://github.com/knownsec/404StarLink
https://pentest-tools.com/

带外通道 DNSLog

dig.pm: https://dig.pm/
ceye.io: http://ceye.io/
dnslog.cn: http://dnslog.cn/
Alphalog: dns/http/rmi/ldap https://github.com/AlphabugX/Alphalog
DNS rebinding: https://lock.cmpxchg8b.com/rebinder.html
DNSLog-GO: https://github.com/lanyi1998/DNSlog-GO

终端优化 Command Line

https://github.com/ohmyzsh/ohmyzsh command line enhancement for zsh
https://github.com/chrisant996/clink command line enhancement for cmd.exe
https://github.com/hanslub42/rlwrap a readline wrapper
https://github.com/Eugeny/tabby for Windows
https://github.com/warpdotdev/Warp for Mac
https://github.com/zellij-org/zellij terminal multiplexers
https://github.com/tmux terminal multiplexers
https://github.com/tomnomnom/anew tool for adding new lines to files, skipping duplicates
https://github.com/jlevy/the-art-of-command-line
Linux command line:
- https://github.com/jaywcjlove/linux-command online
- https://github.com/chenjiandongx/pls go ver.
- https://github.com/chenjiandongx/how python ver.
https://explainshell.com/ explain shell command
https://github.com/BurntSushi/ripgrep a line-oriented search tool(faster)

代码美化 Beautifier

http://web.chacuo.net/formatsh
https://beautifier.io/
http://jsnice.org/

生成器 Generator

revshells: https://www.revshells.com/
reverse-shell: https://forum.ywhack.com/reverse-shell/
reverse-shell-generator: https://tex2e.github.io/reverse-shell-generator/index.html
reverse-shell-generator: https://github.com/0dayCTF/reverse-shell-generator
File-Download-Generator: https://github.com/r0eXpeR/File-Download-Generator

SQL 注入 SQL Injection

https://github.com/sqlmapproject/sqlmap
https://github.com/payloadbox/sql-injection-payload-list

访问控制 Access Control

403 绕过 Bypass 40X errors

https://github.com/yunemse48/403bypasser
https://github.com/lobuhi/byp4xx
https://github.com/Dheerajmadhukar/4-ZERO-3
https://github.com/devploit/nomore403

跨站脚本 XSS

XSS Chop: https://xsschop.chaitin.cn/demo/
XSS/CSRF: https://evilcos.me/lab/xssor/

文件包含 File Inclusion

https://github.com/hansmach1ne/lfimap
https://github.com/mzfr/liffy

服务端请求伪造 SSRF

https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
https://github.com/tarunkant/Gopherus Gopherus for py2
https://github.com/Esonhugh/Gopherus3 Gopherus for py3

移动端安全 Mobile Security

小程序 Mini Program

~~[wxappUnpacker: https://github.com/xuedingmiaojun/wxappUnpacker]~~
https://github.com/Cherrison/CrackMinApp
https://github.com/mrknow001/API-Explorer ak/sk for X
https://github.com/eeeeeeeeee-code/e0e1-wx
https://github.com/wux1an/wxapkg

应用程序 APK

https://github.com/kelvinBen/AppInfoScanner
https://github.com/iBotPeaches/Apktool

SessionKey

https://github.com/mrknow001/wx_sessionkey_decrypt

Payload and Bypass

PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
IP to Decimal: https://www.browserling.com/tools/ip-to-dec 127.0.0.1 >>> 2130706433
java.lang.Runtime.exec() Payload: https://payloads.net/Runtime.exec/
PHPFuck: https://github.com/splitline/PHPFuck
JSFuck: http://www.jsfuck.com/
JavaScript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/
CVE-2021-44228-PoC-log4j-bypass-words: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

内网渗透 Red Teaming and Offensive Security

基础设施 Infrastructure

f8x: https://github.com/ffffffff0x/f8x red/blue team environment automation deployment tool
openvpn-install: https://github.com/hwdsl2/openvpn-install OpenVPN server installer for x
cloudreve: https://github.com/cloudreve/Cloudreve self-hosted file management system with muilt-cloud support
updog: https://github.com/sc0tfree/updog uploading and downloading via HTTP/S
mattermost: https://github.com/mattermost/mattermost
rocketchat: https://github.com/RocketChat/Rocket.Chat
codimd: https://github.com/hackmdio/codimd
hedgedoc: https://github.com/hedgedoc/hedgedoc

信息收集 Reconnaissance

SharpHunter: https://github.com/lintstar/SharpHunter Automated Hosting Information Hunting Tool
netspy: https://github.com/shmilylty/netspy intranet segment spy
SharpHostInfo: https://github.com/shmilylty/SharpHostInfo
SharpScan: https://github.com/INotGreen/SharpScan
smbmap: https://github.com/ShawnDEvans/smbmap SMB enumeration

凭证获取 Credential Access

凭证转储 Credential Dumping

LaZagne: https://github.com/AlessandroZ/LaZagne
WirelessKeyView: https://www.nirsoft.net/utils/wireless_key.html
Windows credential manager: https://www.nirsoft.net/utils/credentials_file_view.html
Pillager: https://github.com/qwqdanchun/Pillager/
searchall: https://github.com/Naturehi666/searchall
pypykatz: https://github.com/skelsec/pypykatz mimikatz implementation in pure python
regsecrets & dpapidump: https://github.com/fortra/impacket/pull/1898 tested on windows 11 and server 2022 without issue
DonPAPI: https://github.com/login-securite/DonPAPI
SharpDPAPI: https://github.com/GhostPack/SharpDPAPI
dploot: https://github.com/zblurx/dploot DPAPI
PPLdump: https://github.com/itm4n/PPLdump LSASS as protected process
lsassy: https://github.com/login-securite/lsassy

本地枚举 Local Enumeration

HackBrowserData: https://github.com/moonD4rk/HackBrowserData
BrowserGhost: https://github.com/QAX-A-Team/BrowserGhost
chrome: http://www.nirsoft.net/utils/chromepass.html
firefox: https://github.com/unode/firefox_decrypt
foxmail: https://securityxploded.com/foxmail-password-decryptor.php
mobaxterm: https://github.com/HyperSine/how-does-MobaXterm-encrypt-password
navicat: https://github.com/Zhuoyuan1/navicat_password_decrypt
navicat: https://github.com/HyperSine/how-does-navicat-encrypt-password
sunflower: https://github.com/wafinfo/Sunflower_get_Password
FindToDeskPass: https://github.com/yangliukk/FindToDeskPass
sundeskQ: sunflower & todesk https://github.com/milu001/sundeskQ
securreCRT: https://github.com/depau/shcrt
xshell:
- https://github.com/HyperSine/how-does-Xmanager-encrypt-password version<7.0
- https://github.com/RowTeam/SharpDecryptPwd decrypt locally
- https://github.com/JDArmy/SharpXDecrypt

哈希破解 NTLM Cracking

NetNTLMv1: https://ntlmv1.com/ online
LM + NTLM hashes and corresponding plaintext passwords:
- https://openwall.info/wiki/_media/john/pw-fake-nt.gz 3107
- https://openwall.info/wiki/_media/john/pw-fake-nt100k.gz 100k

后渗透 Post Exploitation

综合工具 Nice Tools

https://github.com/rapid7/metasploit-framework
https://github.com/byt3bl33d3r/CrackMapExec 👍
https://github.com/Pennyw0rth/NetExec
https://github.com/fortra/impacket 👍
https://github.com/ghost-ng/slinger An impacket-lite cli tool that combines many useful impacket functions using a single session.
https://github.com/XiaoliChan/wmiexec-Pro AV Evasion based on wmiexec.py
https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
https://github.com/GhostPack/Rubeus
https://github.com/Kevin-Robertson/Powermad
https://github.com/PowerShellMafia/PowerSploit
https://github.com/k8gege/Ladon
https://github.com/samratashok/nishang for powershell
Cobaltstrike Extensions:
- Awesome CobaltStrike: https://github.com/zer0yu/Awesome-CobaltStrike
- Erebus: https://github.com/DeEpinGh0st/Erebus
- LSTAR: https://github.com/lintstar/LSTAR
- ElevateKit: https://github.com/rsmudge/ElevateKit
- C2ReverseProxy: https://github.com/Daybr4ak/C2ReverseProxy
- pystinger: https://github.com/FunnyWolf/pystinger

二进制库 Binaries and Libraries

LOLBAS: https://github.com/LOLBAS-Project/LOLBAS-Project.github.io binaries and scripts for Windows
GTFOBins: https://github.com/GTFOBins/GTFOBins.github.io binaries for Unix

权限维持 Persistence

内存马 MemShell

https://github.com/pen4uin/java-memshell-generator 👍
https://github.com/ReaJason/MemShellParty
https://github.com/BeichenDream/GodzillaMemoryShellProject
https://github.com/1ucky7/jmg-for-Godzilla
https://github.com/X1r0z/Godzilla-Suo5MemShell
https://github.com/tennc/webshell
https://github.com/novysodope/RMI_Inj_MemShell
https://github.com/ce-automne/TomcatMemShell
https://github.com/veo/wsMemShell

Webshell 管理 Webshell Management

https://github.com/rebeyond/Behinder
https://github.com/BeichenDream/Godzilla
https://github.com/shack2/skyscorpion

Webshell 免杀 Webshell Bypass

https://github.com/AabyssZG/WebShell-Bypass-Guide
http://bypass.tidesec.com/web/
https://github.com/cseroad/Webshell_Generate

反弹 Shell 管理 Reverse Shell Management

https://github.com/WangYihang/Platypus
https://github.com/calebstewart/pwncat python 3.9+

权限提升 Privilege Escalation

Linux 本地枚举 Linux Local Enumeration

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
https://github.com/mostaphabahadou/postenum
https://github.com/rebootuser/LinEnum
https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh
https://github.com/DominicBreuker/pspy Monitor linux processes without root permission

Windows 本地枚举 Windows Local Enumeration

https://github.com/S3cur3Th1sSh1t/WinPwn
https://github.com/carlospolop/PEASS-ng/blob/master/winPEAS/winPEASbat/winPEAS.bat
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
https://github.com/Flangvik/SharpCollection
https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
https://github.com/dafthack/DomainPasswordSpray
https://github.com/dafthack/MailSniper

Windows 提权 Windows Exploits

https://github.com/bitsadmin/wesng
https://github.com/AonCyberLabs/Windows-Exploit-Suggester
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/Al1ex/WindowsElevation
https://i.hacking8.com/tiquan/ online
https://github.com/BeichenDream/BadPotato/
https://github.com/giuliano108/SeBackupPrivilege
https://github.com/gtworek/PSBits/blob/master/Misc/EnableSeBackupPrivilege.ps1
https://github.com/itm4n/PrivescCheck
https://github.com/peass-ng/PEASS-ng/blob/master/winPEAS/winPEASexe/README.md
https://github.com/Ascotbe/Kernelhub

Linux 提权 Linux Exploits

https://github.com/The-Z-Labs/linux-exploit-suggester
https://github.com/InteliSecureLabs/Linux_Exploit_Suggester
https://github.com/liamg/traitor

数据库提权 Database Exploits

https://github.com/Hel10-Web/Databasetools

防御规避 Defense Evasion

Linux 防御规避 Linux Defense Evasion

libprocesshider: https://github.com/gianlucaborello/libprocesshider hide a process under Linux using the ld preloader
Linux Kernel Hacking: https://github.com/xcellerator/linux_kernel_hacking
tasklist /svc && ps -aux: https://tasklist.ffffffff0x.com/

Windows 防御规避 Windows Defense Evasion

yetAnotherObfuscator: https://github.com/0xb11a1/yetAnotherObfuscator
hoaxshell: https://github.com/t3l3machus/hoaxshell
bypassAV: https://github.com/pureqh/bypassAV
GolangBypassAV: https://github.com/safe6Sec/GolangBypassAV
BypassAntiVirus: https://github.com/TideSec/BypassAntiVirus
AV_Evasion_Tool: https://github.com/1y0n/AV_Evasion_Tool
shellcodeloader: https://github.com/knownsec/shellcodeloader
tasklist/systeminfo: https://www.shentoushi.top/av/av.php
rpeloader: https://github.com/Teach2Breach/rpeloader 在没有安装的情况下在 Windows 上使用 Python

内网穿透 Proxy

代理客户端 Proxy Client

Proxifier: https://www.proxifier.com/
Proxychains: https://github.com/haad/proxychains

代理工具 Proxy Tools

frp: https://github.com/fatedier/frp
frpModify: https://github.com/uknowsec/frpModify
suo5: https://github.com/zema1/suo5
Stowaway: https://github.com/ph4ntonn/Stowaway
Neo-reGeorg: https://github.com/L-codes/Neo-reGeorg
nps: https://github.com/ehang-io/nps
reGeorg: https://github.com/sensepost/reGeorg
rakshasa: https://github.com/Mob2003/rakshasa
Viper: https://github.com/FunnyWolf/Viper
ligolo-ng: https://github.com/nicocha30/ligolo-ng TUN interface
gost: https://github.com/ginuerzh/gost

DNS 隧道 DNS Tunnel

iodine: https://github.com/yarrick/iodine
dnscat2: https://github.com/iagox86/dnscat2
DNS-Shell: https://github.com/sensepost/DNS-Shell

ICMP 隧道 ICMP Tunnel

icmpsh: l https://github.com/bdamele/icmpsh

端口转发 Port Forwarding

tcptunnel: https://github.com/vakuum/tcptunnel intranet → dmz → attacker

操作安全 Operation Security

https://privacy.sexy/ enforce privacy & security best-practices on Windows, macOS and Linux.
https://transfer.sh/ anonymous file transfer
https://a.f8x.io/ shorten URLs

域渗透 Active Directory Penetration

域内信息收集 Collection and Discovery

BloodHound:
- https://github.com/SpecterOps/BloodHound
- https://github.com/dirkjanm/BloodHound.py
- https://github.com/BloodHoundAD/SharpHound
- https://github.com/CompassSecurity/BloodHoundQueries
- https://github.com/SpecterOps/BloodHound-Legacy/blob/master/Collectors/SharpHound.ps1
- https://github.com/AD-Security/AD_Miner
- https://github.com/NH-RED-TEAM/RustHound
- https://github.com/FalconForceTeam/SOAPHound
https://github.com/lzzbb/Adinfo
https://github.com/wh0amitz/SharpADWS via Active Directory Web Services (ADWS) protocol
LDAP:
- https://github.com/franc-pentest/ldeep
- https://github.com/dirkjanm/ldapdomaindump
- https://github.com/yaap7/ldapsearch-ad
DNS:
- https://github.com/dirkjanm/adidnsdump
SCCM:
- https://github.com/garrettfoster13/sccmhunter
- https://github.com/Mayyhem/SharpSCCM
Brute force users:
- https://github.com/ropnop/kerbrute

域内权限提升 Privilege Escalation

https://github.com/CravateRouge/bloodyAD

域内漏洞利用 Known Exploited Vulnerabilities

MS14-068

https://github.com/SpiderLabs/Responder/blob/master/tools/FindSMB2UPTime.py
https://github.com/SecWiki/windows-kernel-exploits/blob/master/MS14-068/pykek/ms14-068.py
https://github.com/fortra/impacket/blob/master/examples/goldenPac.py

noPac

CVE-2021-42278/CVE-2021-42287

https://github.com/Ridter/noPac
https://github.com/Amulab/advul

Zerologon

CVE-2020-1472

https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py
https://github.com/XiaoliChan/zerologon-Shot
https://github.com/dirkjanm/CVE-2020-1472
https://github.com/Potato-py/Potato/tree/03c3551e4770db440b27b0a48fc02b0a38a1cf04/exp/cve/CVE-2020-1472
https://github.com/risksense/zerologon
https://github.com/StarfireLab/AutoZerologon

ProxyLogon/ProxyShell

https://github.com/Orange-Cyberdefense/CVE-2021-26855
https://github.com/Al1ex/CVE-2021-26855
https://github.com/dirkjanm/ExchangeProxyShell
https://github.com/dirkjanm/CVE-2021-34527
https://github.com/HA71/ProxyLogon
https://github.com/HA71/ProxyShell
https://github.com/rootsecdev/ProxyLogon

域内横向移动 Lateral Movement

RDP

RDP Screenshot: https://github.com/lightless233/rdpscreenshot
SharpRDP: https://github.com/0x09AL/SharpRDP

PTH

https://github.com/fortra/impacket/blob/master/examples/psexec.py
https://github.com/fortra/impacket/blob/master/examples/wmiexec.py
https://github.com/fortra/impacket/blob/master/examples/smbexec.py

WMI

https://github.com/fortra/impacket/blob/master/examples/wmiexec.py

WinRM

https://github.com/fortra/impacket/blob/master/examples/evil-winrm.py
https://github.com/Hackplayers/evil-winrm

DCOM

https://github.com/WhiteHSBG/DcomLateralMovement

域内权限维持 Persistence

黄金票据 Golden Ticket

https://github.com/fortra/impacket/blob/master/examples/ticketer.py

白银票据 Silver Ticket

https://github.com/fortra/impacket/blob/master/examples/ticketer.py

钻石票据 Diamond Ticket

https://github.com/morRubin/Diamorphine

SID History

https://github.com/fortra/impacket/blob/master/examples/addcomputer.py

域管权限维持 Domain Admin Persistence

https://github.com/cyberark/RiskySPN

域内后门 Domain Backdoor

https://github.com/ShadowBrokers-Files/docs/tree/master/LegacyMicrosoft/Chef

密码学 Cryptography

在线工具 Online Tools

https://www.devglan.com/online-tools/aes-encryption-decryption
https://www.dcode.fr/en
https://gchq.github.io/CyberChef/
https://www.cryptool.org/en/
https://www.boxentriq.com/code-breaking
https://www.dcode.fr/caesar-cipher
https://www.dcode.fr/vigenere-cipher
https://www.dcode.fr/affine-cipher
https://www.dcode.fr/atbash-cipher
https://www.dcode.fr/rot13-cipher
https://www.dcode.fr/rot47-cipher
https://www.dcode.fr/rail-fence-cipher
https://www.dcode.fr/columnar-transposition-cipher
https://www.dcode.fr/playfair-cipher
https://www.dcode.fr/hill-cipher
https://www.dcode.fr/enigma-machine
https://www.dcode.fr/vic-cipher
https://www.dcode.fr/one-time-pad
https://www.dcode.fr/rsa-encryption
https://www.dcode.fr/ecc-encryption

离线工具 Offline Tools

https://github.com/gchq/CyberChef
https://github.com/Ciphey/Ciphey
https://github.com/hellman/libnum
https://github.com/ius/rsatool
https://github.com/ashutosh1206/Crypton

移动安全 Mobile Security

安卓 Android

逆向工具 Reverse Engineering Tools

APKTool: https://github.com/iBotPeaches/Apktool
Dex2Jar: https://github.com/pxb1988/dex2jar
JD-GUI: https://github.com/java-decompiler/jd-gui
JADX: https://github.com/skylot/jadx
Bytecode Viewer: https://github.com/Konloch/bytecode-viewer
Enjarify: https://github.com/google/enjarify
smali/baksmali: https://github.com/JesusFreke/smali

动态分析 Dynamic Analysis

Frida: https://github.com/frida/frida
Xposed: https://github.com/rovo89/Xposed
Cydia Substrate: https://www.cydiasubstrate.com/
Android Studio: https://developer.android.com/studio
Charles: https://www.charlesproxy.com/
Burp Suite: https://portswigger.net/burp
MITMProxy: https://mitmproxy.org/

静态分析 Static Analysis

MobSF: https://github.com/MobSF/Mobile-Security-Framework-MobSF
QARK: https://github.com/linkedin/qark
Androguard: https://github.com/androguard/androguard
APKLeaks: https://github.com/dwisiswant0/apkleaks
Android Lint: https://developer.android.com/studio/write/lint

漏洞利用 Vulnerability Exploitation

https://github.com/hybrid-analysis/malware-jailbreak-detection
https://github.com/OWASP/owasp-mstg
https://github.com/OWASP/owasp-masvs

iOS

逆向工具 Reverse Engineering Tools

Hopper Disassembler: https://www.hopperapp.com/
IDA Pro: https://hex-rays.com/ida-pro/
class-dump: https://github.com/nygard/class-dump
otool: https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/MachOTopics/0-Introduction/introduction.html
dyld_decache: https://github.com/kennytm/Miscellaneous/blob/master/dyld_decache.cpp