常用工具

BurpSuite

Burp or Burp Suite is a graphical tool for testing Web application security. 
The tool is written in Java and developed by PortSwigger Security.

爆破 :

cheetch

Cheetah is a dictionary-based brute force password webshell tool, 
running as fast as a cheetah hunt for prey.

patator

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules 
and Nmap NSE scripts for password guessing attacks. 
I opted for a different approach in order to not create yet 
another brute-forcing tool and avoid repeating the same shortcomings. 
Patator is a multi-threaded tool written in Python, 
that strives to be more reliable and flexible than his fellow predecessors.

社会工程学工具 :

ccupp

基于社会工程学的弱口令密码字典生成工具

cupp

Common User Passwords Profiler

子域名枚举工具 :

subDomainBrute

A simple and fast sub domain brute tool for pentesters. 
It can rearch as fast as 1000 DNS queries per second.

密码搜集工具 :

LaZagne

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. 
Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). 
This tool has been developed for the purpose of finding these passwords for the most commonly-used software.

mimikatz_trunk

mimikatz is a tool I've made to learn C and make somes experiments with Windows security.

wce

Windows Credentials Editor (WCE) is a security tool 
that allows to list Windows logon sessions and add, change, list and delete associated credentials 
(e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).

远程管理工具 :

antSward

AntSword is an open source and cross-platform's Web Site Administration Tool.
You can use it easily and intuitively to management your website(webshell).

Webshell-Sniper

基于终端的 Webshell 管理工具

路由攻击工具 :

route_sploit

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

扫描器 :

lcyscan

https://phpinfo.me/2016/09/26/1378.html
python插件化漏洞扫描器

RASscan

内网端口极速扫描器

SourceLeakHacker

多线程WEB源码泄漏检测工具

weakfilescan

动态多线程敏感信息泄露检测工具

源码泄露利用工具 :

GitHacker

https://github.com/WangYihang/GitHacker

dvcs-ripper

Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...
It can rip repositories even when directory browsing is turned off.
Make sure to position yourself in empty directory where you want repositories to be downloaded/cloned.

隧道工具 :

ngrok

ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.

reGorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Termite

跨平台跳板机管理工具

ptunnel

ICMP隧道工具

iodine

DNS tunnel 工具

dns2tcp

https://www.aldeid.com/wiki/Dns2tcp
https://tools.kali.org/maintaining-access/dns2tcp

Dns2tcp is a tool for relaying TCP connections over DNS. Among other things, 
it can be used to bypass captive portals (e.g. hotels, airport, ...) 
when only port 53/udp is allowed by the firewall.