2018 Tools List
Android,iOS和移动黑客
易受攻击的iOS应用程序:Swift版
https://github.com/prateek147/DVIA-v2
代码评估
OWASP依赖性检查
https://github.com/jeremylong/DependencyCheck
美洲狮扫描
https://github.com/pumasecurity/puma-scan
加密
DeepViolet:SSL / TLS扫描API和工具
https://github.com/spoofzu/DeepViolet
数据取证和事件响应
初学者到专家
https://github.com/bro/bro
CyBot:开源威胁情报聊天机器人
https://github.com/CylanceSPEAR/CyBot
LogonTracer
https://github.com/JPCERTCC/LogonTracer
rastrea2r(重新加载!):用Gusto和Style收集和狩猎IOC
https://github.com/rastrea2r/rastrea2r
RedHunt OS(VM):用于对手仿真和威胁搜索的虚拟机
https://github.com/redhuntlabs/RedHunt-OS
剥削与道德黑客
AVET:AntiVirus Evasion Tool
https://github.com/govolution/avet
DSP:Docker安全游乐场
https://github.com/giper45/DockerSecurityPlayground
hideNsneak:攻击混淆框架
https://github.com/rmikehodges/hideNsneak
梅林
https://github.com/Ne0nd0g/merlin
RouterSploit
https://github.com/threat9/routersploit
硬件/嵌入式
ChipWhisperer
https://github.com/newaetech/chipwhisperer
JTAGulator :揭开硬件安全的致命弱点
https://github.com/grandideastudio/jtagulator
Micro-Renovator:将处理器固件带入代码
https://github.com/syncsrc/MicroRenovator
TumbleRF:RF模糊变得容易
https://github.com/riverloopsec/tumblerf
Walrus:充分利用您的卡片克隆设备
https://github.com/TeamWalrus/Walrus
物联网
物联网设备的可扩展动态分析框架
https://github.com/sycurelab/DECAF
BLE CTF项目
https://github.com/hackgnar/ble_ctf
WHID注射器和WHID Elite:新一代HID攻击性设备
https://github.com/whid-injector/WHID
恶意软件防御
为每位安全研究人员提供高级深度学习分析平台
https://github.com/intel/Resilient-ML-Research-Platform
EKTotal
https://github.com/nao-sec/ektotal
固件审计:Blue Teams和DFIR的平台固件安全自动化
https://github.com/PreOS-Security/fwaudit
MaliceIO
https://github.com/maliceio/malice
目标 – 参见MacOS安全工具
https://github.com/objective-see
恶意软件进攻
BloodHound 1.5
https://github.com/BloodHoundAD/BloodHound
网络攻击
军械库
https://github.com/depthsecurity/armory
Chiron:一种先进的IPv6安全评估和渗透测试框架
https://github.com/aatlasis/Chiron
DELTA:SDN安全评估框架
https://github.com/OpenNetworkingFoundation/DELTA
Mallet:任意协议的拦截代理
https://github.com/sensepost/mallet
PowerUpSQL:用于在企业环境中攻击SQL Server的PowerShell工具包
https://github.com/NetSPI/PowerUpSQL
WarBerryPi
https://github.com/secgroundzero/warberry
网络防御
ANWI(全新无线IDS):5美元的WIDS
https://github.com/SanketKarpe/anwi
CHIRON:基于家庭的网络分析和机器学习威胁检测框架
https://github.com/jzadeh/chiron-elk
云安全套件:AWS / GCP / Azure安全审计的一站式工具
https://github.com/SecurityFTW/cs-suite
DejaVu:一个开源欺骗框架
https://github.com/bhdresh/Dejavu
OSINT – 开源智能
DataSploit 2.0
https://github.com/DataSploit/datasploit
Dradis 框架:了解如何将报告时间缩短一半
https://github.com/dradis/dradis-ce
逆向工程
Snake:恶意软件存储动物园
https://github.com/countercept/snake
智能电网/工业安全
GRFICS :工业控制模拟的图形现实主义框架
https://github.com/djformby/GRFICS
漏洞评估
用于机器学习模型的对抗鲁棒性工具箱
https://github.com/IBM/adversarial-robustness-toolbox
Android动态分析工具(ADA)
https://github.com/ANELKAOS/ada
射箭:开源漏洞评估和管理
https://github.com/archerysec/archerysec
boofuzz
https://github.com/jtpereyda/boofuzz
BTA
https://github.com/airbus-seclab/bta
深度利用
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
Halcyon IDE:适用于Nmap脚本开发人员
https://github.com/s4n7h0/Halcyon
SimpleRisk
https://github.com/simplerisk
TROMMEL
https://github.com/CERTCC/trommel
Web AppSec
看看NGINX的ModSec 3.0:软件Web应用程序防火墙
https://github.com/SpiderLabs/ModSecurity
Astra:REST API的自动安全测试
https://github.com/flipkart-incubator/Astra
Burp Replicator:自动化复杂漏洞的复制
https://github.com/PortSwigger/replicator
OWASP进攻性Web测试框架
https://github.com/owtf/owtf
OWASP JoomScan项目
https://github.com/rezasp/joomscan
WSSAT