简介
security tools包括了很多渗透测试常用的工具,包括以下方面:
安卓, 暴力破解, 云安全, CMS, 内容发现, CORS, CRLF, CSRF, 反序列化, 数字取证, 扩展名, Git, GraphQL, IDOR (间接对象引用攻击), 注入, JS侦察, JWT (JSON Web Token), 杂项, 网络, 开放重定向, 开源情报收集(OSINT), 参数, 端口扫描, 竞争条件, 侦察, 请求劫持, 资源, S3, 静态应用安全测试(SAST), 扫描器, 截图, 秘密, 全选, SQL注入, SSL, SSRF (服务器端请求伪造), SSTI (服务器端模板注入), 子域名枚举, 子域名劫持, 技术, 漏洞管理, Windows, XXE (XML外部实体)
Android,Brute Force,Cloud,CMS,Content Discovery,CORS,CRLF,CSRF,Deserialization,Digital Forensics,Extension,Git,Graphql,IDOR,Injection,JS Recon,JWT,Miscellaneous,Network,Open Redirect,OSINT,Parameter,Port Scanning,Race Condition,Recon,Request Smuggling,Resources,S3,SAST,Scanner,Screenshot,Secret,Select All,SQL Injection,SSL,SSRF,SSTI,Subdomain Enumeration,Subdomain Takeover,Technology,Vulnerability management,Windows,XXE
工具清单
sslyze
testssl.sh
Wifipumpkin3
xray
sleuthkit
routersploit
w3af
brakeman
Faraday
rengine
wb
Phonebook.cz
Responder
XFFenum
awesome-mobile-security
awesome-vulnerable-apps
bounty-targets-data
android-security-awesome
PayloadsAllTheThings
CyberChef
SSTImap
JSONBee
cariddi
OWASP ZAP
getsploit
Eagle
jaeles
Osmedeus
nikto
arachni
Sn1per
metasploit-framework
can-i-take-over-xyz
takeover
SubOver
subjack
jwt-hack
postMessage-tracker
jwt_tool
jwt-cracker
CMSmap
joomscan
wpscan
WPSpider
CloudScraper
S3BucketList
S3Scanner
AWSBucketDump
GitTools
GitHunter
detect-secrets
GitMiner
github-search
gitrob
GitGot
git-all-secrets
truffleHog
gitGraber
git-secrets
gitleaks
thc-hydra
BruteX
xxexploiter
XXEinjector
domxssscanner
XSSwagger
BruteXSS
XSS-Radar
xssValidator
bXSS
dalfox
xsser
xsscrapy
xsshunter
XSStrike
xssor2
SQLiScanner
waybackSqliScanner
sqlmap
NoSQLMap
ssrfDetector
httprebind
gaussrf
SSRFire
smuggler
SSRFmap
race-the-web
http-request-smuggling
requests-racer
turbo-intruder
OpenRedireX
razzer
Oralyzer
Injectus
ysoserial
Autorize
shapeshifter
headi
GraphQLmap
dotdotpwn
inql
CRLF-Injection-Scanner
XSRFProbe
CORStest
CRLFsuite
Corsy
wfuzz
ffuf
Arjun
ParamSpider
parameth
param-miner
gau
getJS
waybackurls
BurpJSLinkFinder
LinkFinder
LinksDumper
hakrawler
filebuster
gospider
gobuster
dirsearch
retire.js
fingerprintx
webanalyze
whatweb
httpscreenshot
wappalyzer
eyeballer
scrying
gowitness
WitnessMe
Aquatone
screenshoteer
ScanCannon
EyeWitness
naabu
nmap
masscan
RustScan
censys-subdomain-finder
assetfinder
domained
shuffledns
Sudomy
interactsh
katana
tlsx
dnsx
uncover
subfinder
httpx
massdns
nuclei
Findomain
Sublist3r
Amass
网站地址
https://securitycipher.com/security-tools
标签:secrets,jwt,CRLF,测试工具,security,tools,Injection From: https://www.cnblogs.com/lusuo/p/18318537