后门制造工厂
● Patch PE, ELF, Mach-O 二进制文件注入shellcode
git clone /secretsquirrel/the-backdoor-factory /opt/the-backdoorfactorycd /opt/the-backdoorfactory/./install.sh#若编译失败,请安装依赖apt-get install gcc-multilib apt --fix-broken install
HTTPScreenShot
● HTTPScreenshot 实现屏幕截图和大型网页抓取
pip install seleniumgit clone /breenmachine/httpscreenshot.git /opt/httpscreenshotcd /opt/httpscreenshotchmod +x install-dependencies.sh && ./install-dependencies.sh
SMBExec
● 使用samba工具的一种快速psexec 类型攻击
git clone /pentestgeek/smbexec.git /opt/smbexeccd /opt/smbexec && ./install.sh
● 选择1 – Debian/Ubuntu and derivatives ● 选择所有默认值 ● ./install.sh ● 选择 4 编译 smbexec 二进制文件 ● 编译完成后,选择5退出
Masscan
● 这是最快速的互联网端口扫描工具,比nmap更加牛逼不知道多少.,它能够在6分钟内扫描整个互联网。
apt-get install git gcc make libpcap-devgit clone /robertdavidgraham/masscan.git /opt/masscancd /opt/masscanmakemake install
Gitrob
● 一种针对github组织的探测工具
git clone /michenriksen/gitrob.git /opt/gitrobgem sources --add https://gems.ruby-/ --remove /gem install bundlerservice postgresql startsu postgrescreateuser -s gitrob --pwpromptcreatedb -O gitrob gitrobexitapt-get install libpq-dev -yapt-get install build-essential patch ruby-dev zlib1g-dev liblzma-dev -ycd /opt/gitrob/bingem install gitrob
CMSmap
● CMSmap 是基于Python开发的开源内容管理系统扫描工具,实现对安全漏洞的自动扫描
git clone /Dionach/CMSmap /opt/CMSmap
WPScan
● WordPress 漏洞扫描工具和暴力破解工具
git clone /wpscanteam/wpscan.git /opt/wpscancd /opt/wpscan && ./wpscan.rb --update
Eyewitness
● EyeWitness 工具实现网站截图,搜集服务器报头信息和判断网站是否采用默认口令 git clone /ChrisTruncer/EyeWitness.git /opt/EyeWitness
Printer Exploits
● 打印机漏洞利用工具 Contains a number of commonly found printer exploits git clone /MooseDojo/praedasploit /opt/praedasploit
Discover Scripts
● 定制bash脚本,自动化处理各种渗透任务 git clone /leebaird/discover.git /opt/discover cd /opt/discover && ./setup.sh
Responder
● 一个LLMNR, NBT-NS and MDNS 协议攻击工具, 包括 HTTP/SMB/MSSQL/FTP/LDAP 诱骗认证方法,支持 NTLMv1/NTLMv2/LMv2, 扩展的 NTLMSSP and 基本HTTP认证协议。 Responder 用于获取 NTLM challenge/response 哈希值。 git clone /SpiderLabs/Responder.git /opt/Responder
黑客秘籍2-自定义脚本 ● 针对《the hacker playbook2》大量自定义脚本
git clone /cheetz/Easy-P.git /opt/Easy-Pgit clone /cheetz/Password_Plus_One /opt/Password_Plus_Onegit clone /cheetz/PowerShell_Popup /opt/PowerShell_Popupgit clone /cheetz/icmpshock /opt/icmpshockgit clone /cheetz/brutescrape /opt/brutescrapegit clone /cheetz/reddit_xss /opt/reddit_xss
The Hacker Playbook 2 代码副本
git clone /cheetz/PowerSploit /opt/HP_PowerSploitgit clone /cheetz/PowerTools /opt/HP_PowerToolsgit clone /cheetz/nishang /opt/nishang
DSHashes:
● 从 NTDSXtract 中提取用户易于理解的哈希值
wget /svn/trunk/dshashes.py -O/opt/NTDSXtract/dshashes.py
SPARTA:
基于py的图形化程序,用于辅助渗透人员简化网站架构的渗透测试工作
git clone /secforce/sparta.git /opt/spartaapt-get install python-elixirapt-get install ldap-utils rwho rsh-client x11-apps finger
NoSQLMap
● 用于MongoDB数据库和网站应用程序的自动化渗透测试工具集
git clone /tcstool/NoSQLMap.git /opt/NoSQLMap
Spiderfoot
● 开源的指纹检测工具
mkdir /opt/spiderfoot/ && cd /opt/spiderfootwget /projects/spiderfoot/files/spiderfoot-2.3.0-src.tar.gz/downloadtar xzvf downloadpip install lxmlpip install netaddrpip install M2Cryptopip install cherrypypip install mako
WCE
● windows凭证编辑器 (WCE)用于从内存中获取密码 ● 下载地址: /research/windows-credentialseditor/ and save to /opt/. For example:
/research/wce_v1_4beta_universal.zipmkdir /opt/wce && unzip wce_v1* -d /opt/wce && rm wce_v1*.zip
Mimikatz
● 用于从内存中获取明文密码,票据和万能钥匙等 ● 下载地址:/gentilkiwi/mimikatz/releases/latest
cd /opt/ && wget/downloads/mimikatz_trunk.zipunzip -d ./mimikatz mimikatz_trunk.zip
PowerSploit (PowerShell)
● PowerShell scripts 用于用户后渗透测试
git clone /mattifestation/PowerSploit.git /opt/PowerSploitcd /opt/PowerSploit && wget/obscuresec/random/master/StartListener.py &&wget/darkoperator/powershell_scripts/master/ps_encoder.
Nishang (PowerShell)
● Powershell漏洞利用和后渗透测试脚本汇总
git clone /samratashok/nishang /opt/nishang
Veil-Framework ● 用于规避杀毒软件检测.
git clone /Veil-Framework/Veil /opt/Veilcd /opt/Veil/ && ./Install.sh -c
Fuzzing Lists (SecLists)
● 用于配置burp渗透测试参数
git clone /danielmiessler/SecLists.git /opt/SecLists
Net-Creds Network Parsing
● 分析pcap文件,获取用户名密码
git clone /DanMcInerney/net-creds.git /opt/net-creds
推荐firefox安装的插件
● Web Developer Add-on: /en-US/firefox/addon/webdeveloper/ ● Tamper Data: /en-US/firefox/addon/tamper-data/ ● Foxy Proxy: /en-US/firefox/addon/foxyproxy-standard/ ● User Agent Switcher: /en-US/firefox/addon/user-agentswitcher/
Wifite
● WiFi网络攻击工具
git clone /derv82/wifite /opt/wifite
WIFIPhisher
● WiFi网络自动化钓鱼攻击
git clone /sophron/wifiphisher.git /opt/wifiphisher
Phishing (可选):
● Phishing-Frenzy
git clone /pentestgeek/phishing-frenzy.git/var/www/phishing-frenzy
● 其他自定义列表
git clone /macubergeek/gitlist.git /opt/gitlist
如果觉得《网络安全-《黑客秘笈渗透测试实用指南(第2版)》工具安装部分》对你有帮助,请点赞、收藏,并留下你的观点哦!