小狐狸FM 2023-02-27 00:00:00

AntSword

名称	备注	链接
as_bypass_php_disable_functions	disable函数绕过	https://github.com/Medicean/as_bypass_php_disable_functions
As-Exploits	内存马	https://github.com/yzddmr6/As-Exploits
GenShell	webshell生成	https://github.com/Medicean/GenShell
msmap	webshell生成	https://github.com/hosch3n/msmap

ARL

名称	备注	链接
ARL-Finger-ADD	指纹库增强	https://github.com/loecho-sec/ARL-Finger-ADD

Burpsuite

phantomjs为可编程无头浏览器，可结合jsEncrypter插件使用

https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-windows.zip

名称	备注	链接
403Bypass	403绕过	https://github.com/sting8k/BurpSuite_403Bypasser
agartha	注入检测	https://github.com/volkandindar/agartha
APIKit		https://github.com/API-Security/APIKit
autoDecoder	加解密	https://github.com/f0ng/autoDecoder
Autorize	授权检测	https://github.com/Quitten/Autorize
authz	越权检测	https://github.com/portswigger/authz
CustomCrypto	加解密	https://github.com/dreamncn/CustomCrypto
BpScan	被动漏扫	https://github.com/EASY233/BpScan
BypassPro	403绕过\|shiro权限绕过	https://github.com/0x727/BypassPro
burp-cph	参数提取	https://github.com/elespike/burp-cph
BurpExtractor	参数提取	https://github.com/NetSPI/BurpExtractor
burp-vps-proxy	vps代理节点创建	https://github.com/d3mondev/burp-vps-proxy
burpsuite_hack	SQL、SSRF漏扫	https://github.com/depycode/burpsuite_hack
burp-unauth-checker	未授权检测	https://github.com/theLSA/burp-unauth-checker
Burpsuite-UAScan	未授权检测	https://github.com/ddostest123/Burpsuite-UAScan
BurpCRLFScan	CRLF漏洞检测	https://github.com/A0WaQ4/BurpCRLFScan
burp-vulners-scanner	根据Vulners.com提供的漏洞库扫描	https://github.com/vulnersCom/burp-vulners-scanner
burp-PocSuite3-POC	pocsuite3联动插件	https://github.com/gubeihc/burp-PocSuite3-POC
burplugin-java-rce	elasticsearch Struts2	https://github.com/bigsizeme/burplugin-java-rce
BurpShiroPassiveScan	Shiro	https://github.com/pmiaowu/BurpShiroPassiveScan
BurpSuite-Extender-phpStudy-Backdoor-Scanner	phpstudy后门检测	https://github.com/54Xxcong/BurpSuite-Extender-phpStudy-Backdoor-Scanner
burp-suite-swaggy	swagger接口利用	https://github.com/augustd/burp-suite-swaggy
Burpy	前端加解密	https://github.com/mr-m0nst3r/Burpy
CaA	流量分析	https://github.com/gh0stkey/CaA
captcha-killer	验证码识别	https://github.com/c0ny1/captcha-killer
captcha-killer-modified	验证码识别	https://github.com/f0ng/captcha-killer-modified
Doraemon	Payload插入	https://github.com/yuyan-sec/Doraemon
ExchangeOWA	Outlook用户信息收集	https://github.com/KrystianLi/ExchangeOWA
BurpFastJsonScan	fastjson检测	https://github.com/pmiaowu/BurpFastJsonScan
fastjsonScan	fastjson检测	https://github.com/zilong3033/fastjsonScan
fastjson-check	fastjson检测	https://github.com/bigsizeme/fastjson-check
fastjson-exp	fastjson利用，内存马	https://github.com/amaz1ngday/fastjson-exp
HaE	请求高亮标记与信息提取	https://github.com/gh0stkey/HaE
HackBar		https://github.com/d3vilbug/HackBar
hackvertor	编码工具	https://github.com/portswigger/hackvertor
interactsh-collaborator	interactsh反连	https://github.com/wdahlenburg/interactsh-collaborator
JsonDetect	json框架识别	https://github.com/a1phaboy/JsonDetect
jsEncrypter	js加密	https://github.com/c0ny1/jsEncrypter
nuclei-burp-plugin	nuclei	https://github.com/projectdiscovery/nuclei-burp-plugin
npscrack	nps反制	https://github.com/weishen250/npscrack
OLa	欧拉	https://github.com/d3ckx1/OLa
OneScan	递归目录扫描	https://github.com/vaycore/OneScan
passive-scan-client	被动扫描	https://github.com/c0ny1/passive-scan-client
passive-scan-client-plus	被动扫描	https://github.com/winezer0/passive-scan-client-plus
PowerScanner		https://github.com/usualwyy/PowerScanner
RouteVulScan	递归目录扫描	https://github.com/F6JO/RouteVulScan
sqlmap4burp-plus-plus	sqlmap联动	https://github.com/c0ny1/sqlmap4burp-plus-plus
Sylas	子域收集	https://github.com/Acmesec/Sylas
Struts2-RCE		https://github.com/prakharathreya/Struts2-RCE
sweetPotato	资产分析	https://github.com/z2p/sweetPotato
TProxer	基于SSRF反代目录探测	https://github.com/ethicalhackingplayground/TProxer
wsdler	wsdl接口利用	https://github.com/portswigger/wsdler
xia_sql	sql报错检测	https://github.com/smxiazi/xia_sql
xia_Yue	越权、未授权漏洞检测	https://github.com/smxiazi/xia_Yue
xp_CAPTCHA	验证码识别付费版	https://github.com/smxiazi/xp_CAPTCHA
NEW_xp_CAPTCHA	验证码识别	https://github.com/smxiazi/NEW_xp_CAPTCHA

CobaltStrike

名称	备注	链接
CobaltStrike_CNA	WinAPI权限维持脚本	https://github.com/yanghaoi/CobaltStrike_CNA
Registry-Recon		https://github.com/optiv/Registry-Recon
SharpZippo		https://github.com/OG-Sadpanda/SharpZippo
Erebus	劫持msdtc	https://github.com/DeEpinGh0st/Erebus

Godzila

名称	备注	链接
shc_bypass	内存加载shellcode绕过waf	https://github.com/ExpLangcn/shc_bypass

Hexo

名称	备注	链接
butterfly	主题	https://butterfly.js.org/posts/21cfbf15/

Woodpecker

名称	备注	链接
woodpecker官方仓库		https://github.com/woodpecker-appstore
log4j-payload-generator	log4j payload生成	https://github.com/woodpecker-appstore/log4j-payload-generator
druid-decrypter	druid数据库密码解密	https://github.com/woodpecker-appstore/druid-decrypter
jexpr-encoder-utils	Java表达式语句生成器	https://github.com/woodpecker-appstore/jexpr-encoder-utils
rmi-deserialization-vuldb	rmi反序列化	https://github.com/woodpecker-appstore/rmi-deserialization-vuldb
springboot-vuldb		https://github.com/woodpecker-appstore/springboot-vuldb
weblogic-infodetector	weblogic信息收集	https://github.com/woodpecker-appstore/weblogic-infodetector

IDEA

名称	备注	链接
inspector	代码审计辅助插件	https://github.com/KimJun1010/inspector

浏览器

名称	备注	链接
FindSomething	信息收集	https://github.com/momosecurity/FindSomething
fofa_view	信息收集	https://github.com/fofapro/fofa_view
HackerBar		https://github.com/Mr-xn/hackbar2.1.3
HackTools	各类型漏洞payload生成	https://github.com/LasCC/Hack-Tools
Heimdallr	指纹\|谷歌浏览器	https://github.com/graynjo/Heimdallr
oscnews	Linux命令	https://github.com/jaywcjlove/oscnews
Markdown Viewer	markdown查看
NoScript	防止xss攻击，可防护蜜罐	https://noscript.net/getit/
AntiHoneypot-Chrome-simple	蜜罐检测插件	https://github.com/iiiusky/AntiHoneypot-Chrome-simple
SourceDetector	.js.map文件vue源码下载
wappalyzer		https://github.com/wappalyzer/wappalyzer
wappalyzer	火狐浏览器	https://addons.mozilla.org/zh-CN/firefox/addon/wappalyzer/