2018-BlackHat-Tools-List

2018 BlackHat Tools List

Android,iOS和移动黑客

易受攻击的iOS应用程序:Swift版

https://github.com/prateek147/DVIA-v2

代码评估

OWASP依赖性检查

https://github.com/jeremylong/DependencyCheck

美洲狮扫描

https://github.com/pumasecurity/puma-scan

加密

DeepViolet:SSL / TLS扫描API和工具

https://github.com/spoofzu/DeepViolet

数据取证和事件响应

初学者到专家

https://github.com/bro/bro

CyBot:开源威胁情报聊天机器人

https://github.com/CylanceSPEAR/CyBot

LogonTracer

https://github.com/JPCERTCC/LogonTracer

rastrea2r(重新加载!):用Gusto和Style收集和狩猎IOC

https://github.com/rastrea2r/rastrea2r

RedHunt OS(VM):用于对手仿真和威胁搜索的虚拟机

https://github.com/redhuntlabs/RedHunt-OS

剥削与道德黑客

AVET:AntiVirus Evasion Tool

https://github.com/govolution/avet

DSP:Docker安全游乐场

https://github.com/giper45/DockerSecurityPlayground

hideNsneak:攻击混淆框架

https://github.com/rmikehodges/hideNsneak

梅林

https://github.com/Ne0nd0g/merlin

RouterSploit

https://github.com/threat9/routersploit

硬件/嵌入式

ChipWhisperer

https://github.com/newaetech/chipwhisperer

JTAGulator :揭开硬件安全的致命弱点

https://github.com/grandideastudio/jtagulator

Micro-Renovator:将处理器固件带入代码

https://github.com/syncsrc/MicroRenovator

TumbleRF:RF模糊变得容易

https://github.com/riverloopsec/tumblerf

Walrus:充分利用您的卡片克隆设备

https://github.com/TeamWalrus/Walrus

物联网

物联网设备的可扩展动态分析框架

https://github.com/sycurelab/DECAF

BLE CTF项目

https://github.com/hackgnar/ble_ctf

WHID注射器和WHID Elite:新一代HID攻击性设备

https://github.com/whid-injector/WHID

恶意软件防御

为每位安全研究人员提供高级深度学习分析平台

https://github.com/intel/Resilient-ML-Research-Platform

EKTotal

https://github.com/nao-sec/ektotal

固件审计:Blue Teams和DFIR的平台固件安全自动化

https://github.com/PreOS-Security/fwaudit

MaliceIO

https://github.com/maliceio/malice

目标 – 参见MacOS安全工具

https://github.com/objective-see

恶意软件进攻

BloodHound 1.5

https://github.com/BloodHoundAD/BloodHound

网络攻击

军械库

https://github.com/depthsecurity/armory

Chiron:一种先进的IPv6安全评估和渗透测试框架

https://github.com/aatlasis/Chiron

DELTA:SDN安全评估框架

https://github.com/OpenNetworkingFoundation/DELTA

Mallet:任意协议的拦截代理

https://github.com/sensepost/mallet

PowerUpSQL:用于在企业环境中攻击SQL Server的PowerShell工具包

https://github.com/NetSPI/PowerUpSQL

WarBerryPi

https://github.com/secgroundzero/warberry

网络防御

ANWI(全新无线IDS):5美元的WIDS

https://github.com/SanketKarpe/anwi

CHIRON:基于家庭的网络分析和机器学习威胁检测框架

https://github.com/jzadeh/chiron-elk

云安全套件:AWS / GCP / Azure安全审计的一站式工具

https://github.com/SecurityFTW/cs-suite

DejaVu:一个开源欺骗框架

https://github.com/bhdresh/Dejavu

OSINT – 开源智能

DataSploit 2.0

https://github.com/DataSploit/datasploit

Dradis 框架:了解如何将报告时间缩短一半

https://github.com/dradis/dradis-ce

逆向工程

Snake:恶意软件存储动物园

https://github.com/countercept/snake

智能电网/工业安全

GRFICS :工业控制模拟的图形现实主义框架

https://github.com/djformby/GRFICS

漏洞评估

用于机器学习模型的对抗鲁棒性工具箱

https://github.com/IBM/adversarial-robustness-toolbox

Android动态分析工具(ADA)

https://github.com/ANELKAOS/ada

射箭:开源漏洞评估和管理

https://github.com/archerysec/archerysec

boofuzz

https://github.com/jtpereyda/boofuzz

BTA

https://github.com/airbus-seclab/bta

深度利用

https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit

Halcyon IDE:适用于Nmap脚本开发人员

https://github.com/s4n7h0/Halcyon

SimpleRisk

https://github.com/simplerisk

TROMMEL

https://github.com/CERTCC/trommel

Web AppSec

看看NGINX的ModSec 3.0:软件Web应用程序防火墙

https://github.com/SpiderLabs/ModSecurity

Astra:REST API的自动安全测试

https://github.com/flipkart-incubator/Astra

Burp Replicator:自动化复杂漏洞的复制

https://github.com/PortSwigger/replicator

OWASP进攻性Web测试框架

https://github.com/owtf/owtf

OWASP JoomScan项目

https://github.com/rezasp/joomscan

WSSAT

https://github.com/YalcinYolalan/WSSAT


Reprint please specify: only_free blog 2018-BlackHat-Tools-List

Previous
gayhub上的工具集合 gayhub上的工具集合
项目简介Scanners Box是一个集合github平台上的安全行业从业者自研开源扫描器的仓库,包括子域名枚举、数据库漏洞扫描、弱口令或信息泄漏扫描、端口扫描、指纹识别以及其他大型扫描器或模块化扫描器,同时该仓库只收录各位网友自己编写的一
2018-12-24
Next
【总结】- Bypass 360主机卫士SQL注入防御(多姿势) 【总结】- Bypass 360主机卫士SQL注入防御(多姿势)
原文链接:https://www.t00ls.net/articles-45943.html 此文并非抄袭,而是把文章中作者没写清楚的知识点写出来,然后更为人性化的输出来(吹个牛皮),也是为了让自己印象更加深刻~ 首先第一步作者使用的注
2018-12-24
TOC