diff --git a/README.md b/README.md index 10aef2f..cefbde0 100644 --- a/README.md +++ b/README.md @@ -296,7 +296,6 @@ - [linux信息收集/应急响应/常见后门检测脚本](https://github.com/al0ne/LinuxCheck) - [RdpThief-从远程桌面客户端提取明文凭据辅助工具](https://github.com/0x09AL/RdpThief) - [使用powershell或CMD直接运行命令反弹shell](https://github.com/ZHacker13/ReverseTCPShell) -- [FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令检测](https://github.com/netxfly/x-crack) - [GitHack-.git泄露利用脚本](https://github.com/lijiejie/GitHack) - [GitHacker---比GitHack更好用的git泄露利用脚本](https://github.com/WangYihang/GitHacker) - [SVN源代码泄露全版本Dump源码](https://github.com/admintony/svnExploit) @@ -403,7 +402,6 @@ - [PHPFuck-一款适用于php7以上版本的代码混淆](https://github.com/splitline/PHPFuck)|[[PHPFuck在线版本](https://splitline.github.io/PHPFuck/) - [冰蝎 bypass open_basedir 的马](./tools/冰蝎bypass_open_basedir_shell.md) - [goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理](https://github.com/snail007/goproxy-heroku) -- [自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用](https://github.com/cwkiller/Pentest_Dic) - [xFTP6密码解密](./tools/xFTP6密码解密.md) - [Mars-战神TideSec出品的WDScanner的重写一款综合的漏洞扫描,资产发现/变更,域名监控/子域名挖掘,Awvs扫描,POC检测,web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等工具](https://github.com/TideSec/Mars) - [Shellcode Compiler:用于生成Windows 和 Linux平台的shellcode工具](https://github.com/NytroRST/ShellcodeCompiler) @@ -423,7 +421,6 @@ - [ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。](https://github.com/Adminisme/ServerScan) - [域渗透-Windows hash dump之secretsdump.py](https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py)|[相关文章](https://github.com/PythonPig/PythonPig.github.io/blob/730be0e55603df96f45680c25c56ba8148052d2c/_posts/2019-07-16-Windows%20hash%20dump%E4%B9%8Bsecretsdump.md) - [WindowsVulnScan:基于主机的漏洞扫描工【类似windows-exp-suggester】](https://github.com/chroblert/WindowsVulnScan) -- [基于实战沉淀下的各种弱口令字典](https://github.com/klionsec/SuperWordlist) - [SpoofWeb:一键部署HTTPS钓鱼站](https://github.com/klionsec/SpoofWeb) - [VpsEnvInstall:一键部署VPS渗透环境](https://github.com/klionsec/VpsEnvInstall) - [tangalanga:Zoom会议扫描工具](https://github.com/elcuervo/tangalanga) @@ -475,7 +472,9 @@ - [ksubdomain:一款基于无状态子域名爆破工具](https://github.com/knownsec/ksubdomain) - [smuggler-一款用python3编写的http请求走私验证测试工具](https://github.com/defparam/smuggler) - [Fuzz_dic:又一个类型全面的参数和字典收集项目](https://github.com/SmithEcon/Fuzz_dic) -- [PentesterSpecialDict-该项目对 [ fuzzDicts | fuzzdb | Dict ] 等其他网上字典开源项目进行整合精简化和去重处理](https://github.com/ppbibo/PentesterSpecialDict) +- [【爆破字典】自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用](https://github.com/cwkiller/Pentest_Dic) +- [【爆破字典】基于实战沉淀下的各种弱口令字典](https://github.com/Mr-xn/SuperWordlist) +- [【爆破字典整合推荐】PentesterSpecialDict-该项目对 [ fuzzDicts | fuzzdb | Dict ] 等其他网上字典开源项目进行整合精简化和去重处理](https://github.com/ppbibo/PentesterSpecialDict) - [PowerUpSQL:为攻击SQLServer而设计的具有攻击性的PowerShell脚本](https://github.com/NetSPI/PowerUpSQL)|[利用PowerUpSQL攻击SQL Server实例](./books/%E5%88%A9%E7%94%A8PowerUpSQL%E6%94%BB%E5%87%BBSQL%20Server%E5%AE%9E%E4%BE%8B.pdf) - [adbsploit-一个基于Python3和ADB的安卓设备漏洞利用和管理工具](https://github.com/mesquidar/adbsploit) - [monsoon-一个用Go语言编写的目录扫描工具,类似于dirsearch](https://github.com/RedTeamPentesting/monsoon) @@ -501,7 +500,8 @@ - [【钓鱼】Mail-Probe-邮箱探针后台管理系统](https://github.com/r00tSe7en/Mail-Probe) - [momo-code-sec-inspector-java-IDEA静态代码安全审计及漏洞一键修复插件](https://github.com/momosecurity/momo-code-sec-inspector-java) - [pyrdp-RDP中间人攻击工具](https://github.com/GoSecure/pyrdp) -- [【爆破】PortBrute-一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD](https://github.com/awake1t/PortBrute) +- [【端口爆破】PortBrute-一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD](https://github.com/awake1t/PortBrute) +- [【端口爆破】x-crack-一款FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令爆破工具](https://github.com/netxfly/x-crack) - [【威胁日志分析】DeepBlueCLI-通过Windows事件日志来搜寻威胁的powershell模块](https://github.com/sans-blue-team/DeepBlueCLI) - [Pentest-and-Development-Tips-三好学生大佬出品的有关渗透测试和开发的小技巧](https://github.com/3gstudent/Pentest-and-Development-Tips) - [【免杀】ImgLoaderShellCode-将shellcode注入bmp图片文件](https://github.com/sv3nbeast/ImgLoaderShellCode)-[配合这个更佳](https://www.svenbeast.com/post/xue-xi-tu-pian-yin-xie-shellcode-jin-xing-yuan-cheng-jia-zai-guo-av/)