锁门框架:渗透测试框架
lockdoor-framework的Python项目详细描述
在
锁门悬挂框架
[~]在Kali、Ubuntu、Arch、Fedora、Opensuse和Windows(Cygwin)上测试过[~]
在
!新闻!在
[~]版本1.0测试版发布!!
版本:
2019年9月:1.0测试版
- Information Gathring Tools (21)
- Web Hacking Tools(15)
- Reverse Engineering Tools (15)
- Exploitation Tools (6)
- Pentesting & Security Assessment Findings Report Templates (6)
- Password Attack Tools (4)
- Shell Tools + Blackarch's Webshells Collection (4)
- Walk Throughs & Pentest Processing Helpers (3)
- Encryption/Decryption Tools (2)
- Social Engineering tools (1)
- All you need as Privilege Escalation scripts and exploits
- Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)
[~]版本1.0测试版发布!!
版本:
2019年9月:1.0测试版
- Information Gathring Tools (21)
- Web Hacking Tools(15)
- Reverse Engineering Tools (15)
- Exploitation Tools (6)
- Pentesting & Security Assessment Findings Report Templates (6)
- Password Attack Tools (4)
- Shell Tools + Blackarch's Webshells Collection (4)
- Walk Throughs & Pentest Processing Helpers (3)
- Encryption/Decryption Tools (2)
- Social Engineering tools (1)
- All you need as Privilege Escalation scripts and exploits
- Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)
2019年9月:1.0_测试
- Information Gathring tools (20)
- Web Hacking Tools (14)
- Working on Kali,Ubuntu,Arch,Fedora,Opensuse and Windows (Cygwin)
- Some bugs That I'm fixing with time so don't worry about that.
- Test :
查看Wiki页面以了解有关该工具的更多信息
- Wiki页面:
- Lockdoor Wiki page Home
- [锁门演示](ttps://github.com/SofianeHamlaoui/Lockdoor-Framework/wiki/Demos在
- Lockdoor Screenshots
概述
LockDoor是一个旨在帮助渗透测试员、缺陷赏金猎人和网络安全工程师的框架。 这个工具是为基于Debian/Ubuntu/ArchLinux的发行版设计的,可以为渗透测试创建一个类似的、熟悉的发行版。但却包含了Pentesters最喜欢和最常用的工具。 作为penters,我们大多数人都有他的个人“/pentest/”目录,所以这个框架可以帮助您构建一个完美的目录。在
特点
附加值:(是什么使它不同于其他框架)。在
Pentesting工具选择:
- 工具?:Lockdoor并不包含所有令人垂涎的工具(附加值),老实说吧!谁用过你在这些渗透测试发行版上找到的所有工具?锁门只包含最喜欢的(附加值)和最常用的工具Penters(附加值)。在
- 什么工具?:工具包含Lockdoor是Kali、Parrot Os和BlackArch上的最佳工具(附加值)的集合。还有一些私人工具(附加值)来自一些其他黑客团队(附加值),如InurlBr,伊朗网络。我在Github上找到了一些很棒的工具,这些工具是由一些完美的人类创造的(附加值)。在
- Easy Customization:轻松添加/删除工具。(附加值)
资源和备忘单:(附加值)
- 在
Resources:这就是Lockdoor增值的原因,Lockdoor不只是包含工具!Pentesing和安全评估结果报告模板(附加值)、Pentesting演练示例和tempales(附加值)等。在
在 - 在
Cheatsheets:每个人都可能忘记一些处理或工具使用的事情,甚至一些尝试。作弊单(附加值)角色来了!所有的东西都有作弊单,框架上的每一个工具,以及任何枚举、利用和后利用技术。在
在
锁门工具目录:
信息收集:
Tools:
- dirsearch : A Web path scanner
- brut3k1t : security-oriented bruteforce framework
- gobuster : DNS and VHost busting tool written in Go
- Enyx : an SNMP IPv6 Enumeration Tool
- Goohak : Launchs Google Hacking Queries Against A Target Domain
- Nasnum : The NAS Enumerator
- Sublist3r : Fast subdomains enumeration tool for penetration testers
- wafw00f : identify and fingerprint Web Application Firewall
- Photon : ncredibly fast crawler designed for OSINT.
- Raccoon : offensive security tool for reconnaissance and vulnerability scanning
- DnsRecon : DNS Enumeration Script
- sherlock : Find usernames across social networks
- snmpwn : An SNMPv3 User Enumerator and Attack tool
- Striker : an offensive information and vulnerability scanner.
- theHarvester : E-mails, subdomains and names Harvester
- URLextractor : Information gathering & website reconnaissance
- denumerator.py : Enumerates list of subdomains
- other : other Information gathering,recon and Enumeration scripts I collected somewhere.
- Frameworks: : - ReconDog : Reconnaissance Swiss Army Knife : - RED_HAWK : All in one tool for Information Gathering, Vulnerability Scanning and Crawling : - TIDoS : Offensive Manual Web Application Penetration Testing Framework. : - Dracnmap : Info Gathering Framework
Web黑客攻击:
Tools:
- Spaghetti : Spaghetti - Web Application Security Scanner
- HTTPoxyScan : HTTPoxy Exploit Scanner by 1N3
- CMSmap : CMS scanner
- BruteXSS : BruteXSS is a tool to find XSS vulnerabilities in web application
- J-dorker : Website List grabber from Bing
- droopescan : scanner , identify , CMSs , Drupal , Silverstripe.
- ptiva : Web Application Scanne
- V3n0M : Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
- Priv8SqliTool : Find Sqli Targets v
- SqliV : massive SQL injection vulnerability scanner
- AtScan : Advanced dork Search & Mass Exploit Scanner
- WPSeku : Wordpress Security Scanner
- WpBrute : Wordpress BruteForce Tools
- Wpscan : A simple Wordpress scanner written in python
- B7S-ToolB0x : Wordpress vulnerability scanner
- XSStrike : Most advanced XSS scanner.
- joomscan : Joomla Vulnerability Scanner Project
- Frameworks: : - Dzjecter : Server checking Tool : - W3af : web application attack and audit framework
权限升级:
Linux :
- Scripts :
- linux_checksec.sh
- linux_enum.sh
- linux_gather_files.sh
- linux_kernel_exploiter.pl
- linux_privesc.py
- linux_privesc.sh
- linux_security_test
- Linux_exploits folder
Windows :
- windows-privesc-check.py
- windows-privesc-check.exe
MySql :
- raptor_udf.c
- raptor_udf2.c
逆向工程:
- Radare2 : unix-like reverse engineering framework
- VirtusTotal : VirusTotal tools
- Miasm : Reverse engineering framework
- Mirror : reverses the bytes of a file
- DnSpy : .NET debugger and assembly
- DLLRunner : a smart DLL execution script for malware analysis in sandbox systems.
- Fuzzy Server : a Program That Uses Pre-Made Spike Scripts to Attack VulnServer.
- yara : a tool aimed at helping malware researchers toidentify and classify malware samples
- Spike : a protocol fuzzer creation kit + audits
- other : other scripts collected somewhere
利用:
- Findsploit : Find exploits in local and online databases instantly
- MassExpConsole : concurrent exploiting
- Pompem : Exploit and Vulnerability Finder
- rfix : Python tool that helps RFI exploitation.
- InUrlBr : Advanced search in search engines
- linux-exploit-suggester2 : Next-Generation Linux Kernel Exploit Suggester
- other : other scripts I collected somewhere.
Shells:
- WebShells : Webshells Collection
- ShellSum : A defense tool - detect web shells in local directories
- Weevely : Weaponized web shell
- python-pty-shells : Python PTY backdoors
密码攻击:
- crunch : a wordlist generator
- CeWL : a Custom Word List Generator
- patator : a multi-purpose brute-forcer, with a modular design and a flexible usage
加密-解密:
- Codetective : a tool to determine the crypto/encoding algorithm used
- findmyhash : Python script to crack hashes using online services
- hashID : Software to identify the different types of hashes
攻击后::
- TheFatRat : massive exploiting tool
逆向工程:
- scythe : an accounts enumerator
锁门资源目录:
信息收集:
- Cheatsheet_SMBEnumeration
- configuration_management
- dns_enumeration
- file_enumeration
- http_enumeration
- information_gathering_owasp_guide
- miniserv_webmin_enumeration
- ms_sql_server_enumeration
- nfs_enumeration
- osint_recon_ng
- passive_information_gathering
- pop3_enumeration
- ports_emumeration
- rpc_enumeration
- scanning
- smb_enumeration
- smtp_enumeration
- snmb_enumeration
- vulnerability_scanning
Crypto:
利用:
联网:
密码攻击:
后攻击:
权限升级:
Pentesting&Security Assessment Findings报告模板:
- Demo Company - Security Assessment Findings Report.docx
- linux-template.md
- PWKv1-REPORT.doc
- pwkv1_report.doc
- template-penetration-testing-report-v03.pdf
- windows-template.md
逆向工程:
社会工程:
漫游:
Web黑客攻击:
- auxiliary_info.md
- Cheatsheet_ApacheSSL
- Cheatsheet_AttackingMSSQL
- Cheatsheet_DomainAdminExploitation
- Cheatsheet_SQLInjection
- Cheatsheet_VulnVerify.txt
- code-execution-reverse-shell-commands
- file_upload.md
- html5_cheat_sheet
- jquery_cheat_sheet_1.3.2
- sqli
- sqli_cheatsheet
- sqli-quries
- sqli-tips
- web_app_security
- web_app_vulns_Arabic
- Xss_1
- Xss_2
- xss_actionscript
- xxe
其他:
- 项目
标签: