10.6. 漏洞利用/检测¶
10.6.1. 数据库注入¶
10.6.2. 非结构化数据库注入¶
10.6.3. 数据库漏洞利用¶
ODAT Oracle Database Attacking Tool
10.6.4. XSS¶
10.6.5. SSRF¶
10.6.6. 模版注入¶
10.6.7. HTTP Request Smuggling¶
smuggler An HTTP Request Smuggling / Desync testing tool written in Python
h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
10.6.8. 命令注入¶
10.6.9. PHP¶
Chankro Herramienta para evadir disable_functions y open_basedir
10.6.10. LFI¶
10.6.11. struts¶
10.6.12. CMS¶
TPscan 一键ThinkPHP漏洞检测
dedecmscan 织梦全版本漏洞扫描
10.6.13. Java框架¶
ShiroScan Shiro<=1.2.4反序列化检测工具
fastjson rce tool fastjson命令执行利用工具
10.6.14. DNS相关漏洞¶
singularity A DNS rebinding attack framework by NGC Group
10.6.15. DNS数据提取¶
10.6.16. DNS 隧道¶
10.6.17. DNS Shell¶
10.6.18. XXE¶
DTD Finder List DTDs and generate XXE payloads using those local DTDs
10.6.19. 反序列化¶
10.6.19.1. Java反序列化¶
Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form
marshalsec Java Unmarshaller Security - Turning your data into code execution
gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications
fastjsonScan fastjson漏洞burp插件
10.6.19.2. .NET反序列化¶
viewgen ASP.NET ViewState Generator
10.6.20. JNDI¶
Rogue JNDI A malicious LDAP server for JNDI injection attacks
10.6.21. 端口Hack¶
10.6.22. JWT¶
10.6.23. 无线¶
10.6.24. 中间人攻击¶
Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks
10.6.25. DHCP¶
10.6.26. DDoS¶
10.6.27. 正则表达式¶
Regexploit Find regular expressions which are vulnerable to ReDoS
10.6.28. Shellcode¶
go shellcode A repository of Windows Shellcode runners and supporting utilities
10.6.29. 越权¶
10.6.30. 利用平台¶
10.6.31. 漏洞利用库¶
thc ipv6 IPv6 attack toolkit
10.6.32. 漏洞利用框架¶
10.6.33. Windows¶
PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients