Awesome-Redteam

❗【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读法律法规。

Disclaimer: The technologies, concepts, and tools provided in this Git repository are intended for educational and research purposes only. Any use for illegal activities, unauthorized penetration testing, or commercial purposes is strictly prohibited. Please read the Awesome-Laws before using this repository.

📖 一个攻防知识库。A knowledge base for red teaming and offensive security.

👍 means recommand 推荐使用

Roadmap

目录 Contents

项目导航 Project Navigation
开源导航 Open-Source Navigation
信息收集 Reconnaissance
漏洞研究 Vulnerability Research
- 漏洞环境 Vulnerable Environments
- PoC Proof of Concept
  - PoC/ExP
  - PoC 模板 PoC Templates
漏洞利用 Vulnerability Exploits
渗透测试 Penetration Testing
内网渗透 Red Teaming and Offensive Security
域渗透 Active Directory Penetration
防御性安全 Blue Teaming and Defensive Security
云安全 Cloud Security
AI 安全 AI Security
提高生产力的辅助工具
- LLM
提高生产力的使用姿势

项目导航 Project Navigation

速查文档 CheatSheets

戳这里 Click Here

DefaultCreds-Cheat-Sheet.csv
Huawei-iBMC-DefaultCreds.csv
Huawei-Product-Cheat-Sheet.csv
WeakPassword-Cheat-Sheet.csv
安全厂商及官网链接速查.txt

一些代码 Scripts

戳这里 Click Here

ShellcodeWrapper: Shellcode加密
AntivirusScanner: 杀软进程检测脚本
runtime-exec-payloads.html: java.lang.Runtime.exec() Payloads生成 
Ascii2Char: ASCII码和字符互相转换脚本 修改webshell文件名密码 
Weakpass_Generator: 在线弱密码生成工具 汉化版
Godzilla_Decryptor: 哥斯拉流量解密
Behinder4_Key_Bruteforce: 冰蝎4密钥爆破
Flask_Session_Decryptor: Flask session注入解密

攻防知识 Tips

戳这里 Click Here

信息收集-敏感信息收集
内网渗透-免杀
内网渗透-隐藏
内网渗透-Pentesting AD Mindmap
安全架构-网络攻击与防御图谱
平台搭建-DNS Log
流量分析-CobaltStrike
流量分析-Webshell
社会工程学-钓鱼邮件主题汇总
逆向分析-微信小程序反编译

开源导航 Open-Source Navigation

编解码/加解密 Cryptography

在线工具 Online Tools

离线工具 Offline Tools

编码/解码 Encode/Decode

正则表达式 Regular Expressions

哈希算法 Hash Algorithms

公钥密码算法 RSA

国密算法 SM Algorithms

hutool-crypto: https://github.com/dromara/hutool hutool-crypto 模块，提供对称、非对称和摘要算法封装
GmSSL: https://github.com/guanzhi/GmSSL SM2/SM3/SM4/SM9/SSL
gmssl-python: https://github.com/gongxian-ding/gmssl-python SM2/SM3/SM4/SM9
SM4: https://www.toolhelper.cn/SymmetricEncryption/SM4

网络空间测绘 Cyberspace Search Engine

综合工具 Nice Tools

网页/端口 Web/Ports

Wayback Machine: https://web.archive.org/ 历史网页存档
VisualPing: https://visualping.io/ 网站变更监控
Dark Web Exposure: https://www.immuniweb.com/darkweb/
SG TCP/IP: https://www.speedguide.net/ports.php 端口数据库

谷歌搜索 Google Hacking

https://www.exploit-db.com/google-hacking-database Google Hacking 数据库
https://github.com/cipher387/Dorks-collections-list Google Hacking 数据库
https://cxsecurity.com/dorks/ Google Hacking 数据库
https://dorks.faisalahmed.me/ Google Hacking 在线工具
https://pentest-tools.com/information-gathering/google-hacking Google Hacking 在线工具
http://advangle.com/ Google Hacking 在线工具
https://0iq.me/gip/ Google Hacking 在线工具
https://github.com/obheda12/GitDorker Google Hacking 命令行工具
https://github.com/six2dez/dorks_hunter Google Hacking 命令行工具
https://github.com/Pa55w0rd/google-hacking-assistant Chrome 扩展程序

Github 搜索 Github Dork

开源情报 Open-Source Intelligence

综合工具 Nice Tools

威胁情报 Threat Intelligence

Virustotal: https://www.virustotal.com/
腾讯哈勃分析系统: https://habo.qq.com/tool/index
微步在线威胁情报: https://x.threatbook.com/
奇安信威胁情报: https://ti.qianxin.com/
360 威胁情报: https://ti.360.net/
网络安全威胁信息共享平台: https://share.anva.org.cn/web/publicity/listPhishing
安恒威胁情报: https://ti.dbappsecurity.com.cn/
火线安全平台: https://www.huoxian.cn
知道创宇黑客新闻流: https://hackernews.cc/
SecWiki 安全信息流: https://www.sec-wiki.com/

漏洞披露 Disclosed Vulnerabilities

国家信息安全漏洞库: https://www.cnnvd.org.cn/
国家互联网应急中心: https://www.cert.org.cn/
360 网络安全响应中心: https://cert.360.cn/
知道创宇漏洞库: https://www.seebug.org/
长亭漏洞库: https://stack.chaitin.com/vuldb/
阿里云漏洞库: https://avd.aliyun.com/high-risk/list
PeiQi 漏洞库: https://peiqi.wgpsec.org/
Hackerone: https://www.hackerone.com/
CVE: https://cve.mitre.org/
National Vulnerability Database: https://nvd.nist.gov/
Vulnerability & Exploit Database: https://www.rapid7.com/db/
Packet Storm's file archive: https://packetstormsecurity.com/files/tags/exploit
Shodan: https://cvedb.shodan.io/cves 实时更新 CVE 漏洞信息 curl https://cvedb.shodan.io/cves | jq '[.cves[] | select(.cvss > 8)]'
CVEShield: https://www.cveshield.com/ 最新热门漏洞

接口检索 API Search

源代码检索 Source Code Search

开源资源 Open-Source Resources

社区/知识库 Communities/Knowledge Base

先知社区: https://xz.aliyun.com/
Infocon: https://infocon.org/
ffffffff0x 安全知识框架: https://github.com/ffffffff0x/1earn
狼组公开知识库: https://wiki.wgpsec.org/
Mitre ATT&CK matrices: https://attack.mitre.org/matrices/enterprise
Mitre ATT&CK techniques: http://attack.mitre.org/techniques/enterprise/
Hacking Articles: https://www.hackingarticles.in/
PostSwigger Blog: https://portswigger.net/blog
InGuardians Labs Blog: https://www.inguardians.com/
Pentest Workflow: https://pentest.mxhx.org/
Pentest Cheatsheet: https://pentestbook.six2dez.com/

思维导图/备忘录 Mindmap/Cheat Sheets

https://cheatsheets.zip/ 开发者速查表
https://learnxinyminutes.com/ 编程/工具/命令/操作系统/快捷键速查表
https://github.com/Ignitetechnologies/Mindmap/ 网络安全思维导图
https://html5sec.org/ HTML5 安全速查表
https://orange-cyberdefense.github.io/ocd-mindmaps/img/mindmap_ad_dark_classic_2025.03.excalidraw.svg 域攻防思维导图
https://github.com/WADComs/WADComs.github.io Windows/域速查表 👍

进攻性安全 Red Teaming and Offensive Security

防御性安全 Blue Teaming and Defensive Security

https://github.com/Purp1eW0lf/Blue-Team-Notes

操作安全 Operation Security

https://github.com/WesleyWong420/OPSEC-Tradecraft

实战平台 Learning and Practice Platforms

Mac M1 使用 Vulnhub 等 ova 格式镜像，需要将 ova 格式转为 qcow2，再通过 UTM 运行：

信息收集 Reconnaissance

综合工具 Nice Tools

IP/域名/子域名 IP/Domain/Subdomain

指纹 Fingerprint

指纹库 Fingerprint Collection

指纹识别 Fingerprint Reconnaissance

WAF 识别 Waf Checks

扫描/爆破 Brute Force

扫描/爆破工具 Brute Force Tools

扫描/爆破字典 Brute Force Dictionaries

字典生成 Generate a Custom Dictionary

Online:
- Generate wordlists: https://weakpass.com/generate
- Generate subdomains and wordlists: https://weakpass.com/generate/domains
- 汉字转拼音: https://www.aies.cn/pinyin.htm
- 密码猜解: https://www.hacked.com.cn/pass.html
Private Deployment:
- Generate wordlists(offline): https://github.com/zzzteph/weakpass
- Generate subdomains and wordlists(offline): https://github.com/zzzteph/probable_subdomains
Offline:
- pydictor: https://github.com/LandGrey/pydictor/
- crunch:
  - Kali/Linux: https://sourceforge.net/projects/crunch-wordlist
  - Windows: https://github.com/shadwork/Windows-Crunch

默认口令查询 Default Credentials

社会工程学 Social Engineering

凭据泄露 Leaked Credentials

邮箱 Email

Temporary Email:
Snov.io: https://app.snov.io
Phonebook: 同时支持子域名和 URL https://phonebook.cz
Skymem: https://www.skymem.info
Hunter: https://hunter.io
email-format: https://www.email-format.com/i/search/
搜邮箱: https://souyouxiang.com/find-contact/
theHarvester: 同时支持子域名查询 https://github.com/laramies/theHarvester
Verify emails: https://tools.emailhippo.com/
Accounts registered by email: https://emailrep.io/

短信 SMS Online

钓鱼 Phishing

gophish: https://github.com/gophish/gophish 开源钓鱼工具包
SpoofWeb: https://github.com/5icorgi/SpoofWeb 部署钓鱼网站

移动端 Mobile

漏洞研究 Vulnerability Research

漏洞环境 Vulnerable Environments

基础漏洞 Basic Vulnerabilities

云环境 Vulnerable Cloud Environments

AI 环境 Vulnerable AI Environments

AI prompt injection challenge: https://gandalf.lakera.ai/baseline

PoC Proof of Concept

Be careful Malware，POC 库最新的 CVE 可能存在投毒风险。

PoC/ExP

PoC 模板 PoC Templates

漏洞利用 Vulnerability Exploits

综合工具 Nice Tools

代码审计 Code Audit

tabby: https://github.com/wh1t3p1g/tabby

序列化 Serialization

Java

https://github.com/phith0n/zkar

反序列化 Deserialization

Java

PHP

https://github.com/ambionics/phpggc PHP 反序列化漏洞利用载荷

数据库 Database

Redis

MySQL

Oracle

odat: https://github.com/quentinhardy/odat 远程代码执行
sqlplus: https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html 以 sysdba 身份执行

MSSQL

信息泄露 Information Disclosure

trufflehog: https://github.com/trufflesecurity/trufflehog 发现、验证并分析泄露的凭据
git-dumper: https://github.com/arthaud/git-dumper
gitleaks: https://github.com/gitleaks/gitleaks
dvcs-ripper: https://github.com/kost/dvcs-ripper .svn、.hg、.cvs 信息泄露
ds_store_exp: https://github.com/lijiejie/ds_store_exp .DS_Store 信息泄露
Hawkeye: https://github.com/0xbug/Hawkeye GitHub 敏感信息泄露监控爬虫

CMS/OA 漏洞 CMS/OA

TongdaScan_go https://github.com/Fu5r0dah/TongdaScan_go
Apt_t00ls: https://github.com/White-hua/Apt_t00ls
OA-EXPTOOL: https://github.com/LittleBear4/OA-EXPTOOL
DecryptTools: https://github.com/wafinfo/DecryptTools 22 种加解密
ncDecode: https://github.com/1amfine2333/ncDecode 用友 NC 解密
PassDecode-jar: https://github.com/Rvn0xsy/PassDecode-jar 帆软/致远解密
ezOFFICE_Decrypt: https://github.com/wafinfo/ezOFFICE_Decrypt 万户解密
LandrayDES: https://github.com/zhutougg/LandrayDES 蓝凌 OA 解密

中间件/应用层 Middleware/Application

Confluence

ConfluenceMemshell: https://github.com/Lotus6/ConfluenceMemshell
CVE-2022-26134 Memshell: https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
CVE-2023-22527 Memshell: https://github.com/Boogipop/CVE-2023-22527-Godzilla-MEMSHELL

Druid

Fastjson

fastjson-exp: https://github.com/amaz1ngday/fastjson-exp

GitLab

CVE-2021-22205: https://github.com/Al1ex/CVE-2021-22205/

Nacos

Nps

nps-auth-bypass: https://github.com/carr0t2/nps-auth-bypass

Java

jdwp-shellifier: python2 https://github.com/IOActive/jdwp-shellifier
jdwp-shellifier: https://github.com/Lz1y/jdwp-shellifier
jascypt encryption & decryption: https://www.devglan.com/online-tools/jasypt-online-encryption-decryption Jasypt 加解密工具

Shiro

Struts

Struts2VulsTools: https://github.com/shack2/Struts2VulsTools

Spring Boot

Tomcat

Thinkphp

Weblogic

WebSocket

wscat: https://github.com/websockets/wscat

vCenter

VcenterKiller: https://github.com/Schira4396/VcenterKiller
VcenterKit:https://github.com/W01fh4cker/VcenterKit
vcenter_saml_login: https://github.com/horizon3ai/vcenter_saml_login 提取身份提供商（IdP）证书

Zookeeper

ZooInspector: https://issues.apache.org/jira/secure/attachment/12436620/ZooInspector.zip
apache-zookeeper: https://archive.apache.org/dist/zookeeper/zookeeper-3.5.6/ zkCli.sh 命令行工具

渗透测试 Penetration Testing

综合工具 Nice Tools

渗透插件 Extensions

Chrome

ZeroOmega: https://github.com/zero-peak/ZeroOmega 适配 manifest v3 的 proxy switchyOmega
serp-analyzer: https://leadscloud.github.io/serp-analyzer/ 显示域名/IP
FindSomething: https://github.com/ResidualLaugh/FindSomething 在源代码或 javascript 中查找内容
Hack Bar:https://github.com/0140454/hackbar
Wappalyzer: https://www.wappalyzer.com/ 识别网站使用的技术栈
EditThisCookie:https://www.editthiscookie.com/
Cookie-Editor:https://github.com/Moustachauve/cookie-editor
Disable JavaScript: https://github.com/dpacassi/disable-javascript
Heimdallr: https://github.com/Ghr07h/Heimdallr 蜜罐检测工具
anti-honeypot:https://github.com/cnrstar/anti-honeypot 蜜罐检测工具
immersive-translate: https://github.com/immersive-translate/immersive-translate/ 翻译工具
relingo: https://cn.relingo.net/en/ 翻译工具
json-formatter: https://github.com/callumlocke/json-formatter
markdown-viewer: https://github.com/simov/markdown-viewer

Burpsuite

HaE: https://github.com/gh0stkey/HaE 高亮和提取工具
Log4j2Scan: https://github.com/whwlsfb/Log4j2Scan Log4j 漏洞扫描工具
RouteVulScan: https://github.com/F6JO/RouteVulScan 路由漏洞扫描工具
BurpCrypto: https://github.com/whwlsfb/BurpCrypto 支持 AES/RSA/DES/ExecJs 加密解密
domain hunter: https://github.com/bit4woo/domain_hunter_pro 域名收集工具
BurpAppletPentester: https://github.com/mrknow001/BurpAppletPentester sessionkey 解密工具

Yakit

HaeToYakit: https://github.com/youmulijiang/HaeToYakit

辅助工具 Auxiliary Tools

工具集 Open-Source Toolkit

带外通道 DNSLog

终端优化 Command Line

https://github.com/ohmyzsh/ohmyzsh zsh 命令行增强工具
https://github.com/chrisant996/clink cmd.exe 命令行增强工具
https://github.com/hanslub42/rlwrap readline 包装器
https://github.com/Eugeny/tabby 适用于 Windows 的终端工具
https://github.com/warpdotdev/Warp 适用于 Mac 的终端工具
https://github.com/zellij-org/zellij 终端复用器
https://github.com/tmux 终端复用器
https://github.com/tomnomnom/anew 向文件添加新行并跳过重复项的工具
https://github.com/jlevy/the-art-of-command-line
Linux command line:
https://explainshell.com/ 解释 shell 命令含义
https://github.com/BurntSushi/ripgrep 面向行的搜索工具（速度更快）

代码美化 Beautifier

生成器 Generator

revshells: https://www.revshells.com/
reverse-shell: https://forum.ywhack.com/reverse-shell/
reverse-shell-generator: https://tex2e.github.io/reverse-shell-generator/index.html
reverse-shell-generator: https://github.com/0dayCTF/reverse-shell-generator
File-Download-Generator: https://github.com/r0eXpeR/File-Download-Generator

SQL 注入 SQL Injection

访问控制 Access Control

403 绕过 Bypass 40X errors

跨站脚本 XSS

文件包含 File Inclusion

服务端请求伪造 SSRF

https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
https://github.com/tarunkant/Gopherus 适用于 py2 的 Gopherus 工具
https://github.com/Esonhugh/Gopherus3 适用于 py3 的 Gopherus 工具

移动端安全 Mobile Security

小程序 Mini Program

应用程序 APK

SessionKey 解密 SessionKey

https://github.com/mrknow001/wx_sessionkey_decrypt

载荷与绕过 Payload and Bypass

PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
IP to Decimal: https://www.browserling.com/tools/ip-to-dec IP 转十进制（127.0.0.1 >>> 2130706433）
java.lang.Runtime.exec() Payload: https://payloads.net/Runtime.exec/
PHPFuck: https://github.com/splitline/PHPFuck
JSFuck: http://www.jsfuck.com/
JavaScript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/ JavaScript 反混淆和解包工具
CVE-2021-44228-PoC-log4j-bypass-words: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

内网渗透 Red Teaming and Offensive Security

基础设施 Infrastructure

f8x: https://github.com/ffffffff0x/f8x 红队/蓝队环境自动化部署工具
openvpn-install: https://github.com/hwdsl2/openvpn-install OpenVPN 服务器安装脚本
cloudreve: https://github.com/cloudreve/Cloudreve 支持多云的自建文件管理系统
updog: https://github.com/sc0tfree/updog 通过 HTTP/S 上传下载文件
mattermost: https://github.com/mattermost/mattermost
rocketchat: https://github.com/RocketChat/Rocket.Chat
codimd: https://github.com/hackmdio/codimd
hedgedoc: https://github.com/hedgedoc/hedgedoc

信息收集 Reconnaissance

SharpHunter: https://github.com/lintstar/SharpHunter 自动化主机信息搜集工具
netspy: https://github.com/shmilylty/netspy 内网网段探测
SharpHostInfo: https://github.com/shmilylty/SharpHostInfo
SharpScan: https://github.com/INotGreen/SharpScan
smbmap: https://github.com/ShawnDEvans/smbmap SMB 枚举

凭证获取 Credential Access

凭证转储 Credential Dumping

LaZagne: https://github.com/AlessandroZ/LaZagne
WirelessKeyView: https://www.nirsoft.net/utils/wireless_key.html
Windows credential manager: https://www.nirsoft.net/utils/credentials_file_view.html
Pillager: https://github.com/qwqdanchun/Pillager/
searchall: https://github.com/Naturehi666/searchall
pypykatz: https://github.com/skelsec/pypykatz 纯 Python 实现的 mimikatz
regsecrets & dpapidump: fortra/impacket#1898 已在 Windows 11 和 Server 2022 测试无问题
DonPAPI: https://github.com/login-securite/DonPAPI
SharpDPAPI: https://github.com/GhostPack/SharpDPAPI
dploot: https://github.com/zblurx/dploot DPAPI
PPLdump: https://github.com/itm4n/PPLdump 受保护进程 LSASS 读取
lsassy: https://github.com/login-securite/lsassy

本地枚举 Local Enumeration

哈希破解 NTLM Cracking

NetNTLMv1: https://ntlmv1.com/ 在线破解
LM + NTLM hashes and corresponding plaintext passwords:
- https://openwall.info/wiki/_media/john/pw-fake-nt.gz 3107
- https://openwall.info/wiki/_media/john/pw-fake-nt100k.gz 100k

后渗透 Post Exploitation

综合工具 Nice Tools

二进制库 Binaries and Libraries

LOLBAS: https://github.com/LOLBAS-Project/LOLBAS-Project.github.io Windows 自带二进制与脚本
GTFOBins: https://github.com/GTFOBins/GTFOBins.github.io Unix 二进制利用

权限维持 Persistence

内存马 MemShell

Webshell 管理 Webshell Management

Webshell 免杀 Webshell Bypass

反弹 Shell 管理 Reverse Shell Management

权限提升 Privilege Escalation

Linux 本地枚举 Linux Local Enumeration

Windows 本地枚举 Windows Local Enumeration

Windows 提权 Windows Exploits

Linux 提权 Linux Exploits

数据库提权 Database Exploits

https://github.com/Hel10-Web/Databasetools

防御规避 Defense Evasion

Linux 防御规避 Linux Defense Evasion

libprocesshider: https://github.com/gianlucaborello/libprocesshider 使用 ld 预加载隐藏 Linux 进程
Linux Kernel Hacking: https://github.com/xcellerator/linux_kernel_hacking
tasklist /svc && ps -aux: https://tasklist.ffffffff0x.com/

Windows 防御规避 Windows Defense Evasion

yetAnotherObfuscator: https://github.com/0xb11a1/yetAnotherObfuscator
hoaxshell: https://github.com/t3l3machus/hoaxshell
bypassAV: https://github.com/pureqh/bypassAV
GolangBypassAV: https://github.com/safe6Sec/GolangBypassAV
BypassAntiVirus: https://github.com/TideSec/BypassAntiVirus
AV_Evasion_Tool: https://github.com/1y0n/AV_Evasion_Tool
shellcodeloader: https://github.com/knownsec/shellcodeloader
tasklist/systeminfo: https://www.shentoushi.top/av/av.php
rpeloader: https://github.com/Teach2Breach/rpeloader 在没有安装的情况下在 Windows 上使用 Python

内网穿透 Proxy

代理客户端 Proxy Client

代理工具 Proxy Tools

DNS 隧道 DNS Tunnel

ICMP 隧道 ICMP Tunnel

icmpsh: https://github.com/bdamele/icmpsh

端口转发 Port Forwarding

tcptunnel: https://github.com/vakuum/tcptunnel 内网 → dmz → 攻击机

操作安全 Operation Security

https://privacy.sexy/ 在 Windows、macOS、Linux 上强化隐私与安全最佳实践
https://transfer.sh/ 匿名文件传输
https://a.f8x.io/ 短链接服务

域渗透 Active Directory Penetration

域内信息收集 Collection and Discovery

域内权限提升 Privilege Escalation

https://github.com/CravateRouge/bloodyAD

域内漏洞利用 Known Exploited Vulnerabilities

MS14-068

noPac

CVE-2021-42278/CVE-2021-42287

Zerologon

CVE-2020-1472

ProxyLogon/ProxyShell

CVE-2021-34473

ProxyNotShell

CVE-2022-41040/CVE-2022-41082

https://github.com/testanull/ProxyNotShell-PoC

Printnightmare

CVE-2021-34527/CVE-2021-1675

域内渗透方式 Methodology

Coerce and Relay

Delegation

ADCS

Active Directory Certificate Services

Active Directory Certificate Services(AD CS) 枚举与利用:
PassTheCert: https://github.com/AlmondOffSec/PassTheCert

ACLs and ACEs

防御性安全 Blue Teaming and Defensive Security

内存马查杀 Memshell Detection

Webshell 查杀 Webshell Detection

攻击研判 Blue Teaming

CobaltStrike Decrypt: https://github.com/5ime/CS_Decrypt
BlueTeamTools: https://github.com/abc123info/BlueTeamTools
IP Logger: https://iplogger.org/ 记录并追踪 IP 地址

基线加固 Enforcement

应急响应 Incident Response

勒索病毒 Ransomware

搜索引擎 Search Engine

解密工具 Decryption Tools

开源蜜罐 Open-Source Honeypot

awesome-honeypots: https://github.com/paralax/awesome-honeypots 蜜罐资源汇总列表
HFish: https://github.com/hacklcx/HFish
conpot: https://github.com/mushorg/conpot 工业控制系统（ICS）专用蜜罐
MysqlHoneypot: https://github.com/qigpig/MysqlHoneypot 基于 MySQL 蜜罐获取微信号
Ehoney: https://github.com/seccome/Ehoney

逆向工程 Reverse Engineering

综合工具 Nice Tools

OpenArk: https://github.com/BlackINT3/OpenArk 反 Rootkit 工具
python arsenal for RE: https://pythonarsenal.com/ 逆向工程工具集
IDA Pro: https://hex-rays.com/ida-pro/
IDA Pro MCP: https://github.com/mrexodia/ida-pro-mcp 集成 AI 的 IDA Pro 工具
Angr: https://github.com/angr/angr 二进制分析平台
Cutter: https://cutter.re/ 开源逆向工程平台
UPX: https://github.com/upx/upx

静态分析 Static Analysis

动态调试 Dynamic Analysis

Java

Mobile

Python

py2exe: https://www.py2exe.org/ py->exe
pyinstaller: https://github.com/pyinstaller/pyinstaller py->exe
unpy2exe: https://github.com/matiasb/unpy2exe exe->pyc
pyinstxtractor: https://github.com/extremecoders-re/pyinstxtractor exe->pyc
pycDcode: https://github.com/rocky/python-uncompyle6/ pyc->py
pycDcode: https://github.com/BarakAharoni/pycDcode

Rust/Go/.NET

JavaScript

https://github.com/0xsdeo/AntiDebug_Breaker

云安全 Cloud Security

开源资源 Resources

TeamsSix:
- https://github.com/teamssix/awesome-cloud-security
- https://wiki.teamssix.com/
lzCloudSecurity:
- https://github.com/EvilAnne/lzCloudSecurity
- https://lzcloudsecurity.gitbook.io/yun-an-quan-gong-fang-ru-men/
CSA Research: https://c-csa.cn/research/results/
HackTricks Cloud: https://cloud.hacktricks.xyz/
Awesome-CloudSec-Labs: https://github.com/iknowjason/Awesome-CloudSec-Labs
Aliyun OpenAPI: https://next.api.aliyun.com/api/
Cloud Native Landscape: https://landscape.cncf.io/
Cloud Vulnerabilities and Security Issues Database: https://www.cloudvulndb.org/ 云漏洞与安全问题数据库

云安全矩阵 Cloud Threat Matrix

云服务 Cloud Services

三大云服务提供商： - Amazon Web Services (AWS) / Microsoft Azure / Google Cloud Platform (GCP) - 阿里云 / 腾讯云 / 华为云

云管平台 Management Tools

https://yun.cloudbility.com/ 云存储图形化管理平台
https://github.com/aliyun/aliyun-cli 适用于阿里云 OSS
https://github.com/aliyun/oss-browser 基于阿里云 CLI 的图形化工具
https://github.com/TencentCloud/cosbrowser 适用于腾讯云 COS
https://github.com/TencentCloud/tencentcloud-cli 基于腾讯云 CLI
https://support.huaweicloud.com/browsertg-obs/obs_03_1003.html 适用于华为云 OBS
https://www.ctyun.cn/document/10000101/10006768 适用于天翼云 OBS
https://www.ctyun.cn/document/10306929/10132519 适用于天翼云媒体服务
https://docsv4.qingcloud.com/user_guide/development_docs/cli/install/install/ 基于青云 CLI
https://github.com/qiniu/kodo-browser 适用于七牛云 OSS

AK/SK 利用 AK/SK Exploit

https://wiki.teamssix.com/cf/ 漏洞利用框架 v0.5.0（开源）
https://github.com/wgpsec/cloudsword 云服务安全测试工具
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite fit2cloud 云资源管理工具
https://github.com/mrknow001/aliyun-accesskey-Tools 阿里云 AccessKey 专用工具
https://github.com/iiiusky/alicloud-tools 阿里云安全工具集
https://github.com/NS-Sp4ce/AliyunAccessKeyTools 阿里云 AccessKey 利用工具
https://github.com/freeFV/Tencent_Yun_tools 腾讯云安全工具集
https://github.com/libaibaia/cloudSec 支持三大云 + AWS/七牛云的 Web 工具
https://github.com/wyzxxz/aksk_tool 支持三大云 + AWS/优刻得/京东云/百度云/七牛云
https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools 云存储桶泄露检测工具
https://github.com/dark-kingA/cloudTools 支持三大云 + 优刻得的安全工具

云原生 Cloud Native

综合工具 Nice Tools

https://github.com/HummerRisk/HummerRisk 开源云原生安全平台

容器 Docker

https://github.com/wagoodman/dive 探索 Docker 镜像各层结构
https://github.com/docker/docker-bench-security Docker 安全基准测试工具
https://github.com/eliasgranderubio/dagda/ Docker 镜像/容器静态分析工具（检测漏洞、木马、病毒等恶意威胁）
https://github.com/teamssix/container-escape-check 容器逃逸检测工具
https://github.com/brant-ruan/awesome-container-escape 容器逃逸技术汇总
https://github.com/cdk-team/CDK 容器渗透测试工具包
https://github.com/chaitin/veinmind-tools 容器安全工具集

集群 Kubernetes

https://kubernetes.io/docs/tasks/tools/ Kubernetes 官方工具文档
https://github.com/etcd-io/etcd 分布式键值存储（K8s 核心组件）
https://github.com/kubernetes/minikube 本地 Kubernetes 集群搭建工具
https://github.com/kubernetes-sigs/kind 基于 Docker 的本地 Kubernetes 集群工具
https://github.com/kubernetes/kubeadm 生产/测试环境 Kubernetes 集群部署工具
https://github.com/kubernetes-sigs/cri-tools Kubelet 容器运行时接口（CRI）工具集
https://github.com/derailed/k9s Kubernetes 终端管理 CLI 工具
https://github.com/lightspin-tech/red-kube 基于 kubectl 的红队 K8s 对抗模拟工具
https://github.com/DataDog/KubeHound Kubernetes 攻击路径自动化分析工具
https://github.com/inguardians/peirates Kubernetes 渗透测试工具
https://github.com/docker/docker-bench-security Docker CIS 基准测试分析工具
https://github.com/aquasecurity/kube-bench Kubernetes CIS 基准测试分析工具
https://github.com/aquasecurity/kube-hunter Kubernetes 安全弱点探测工具

AI 安全 AI Security

开源资源 Resources

GPTSecurity: https://www.gptsecurity.info/
Nsfocus AI 安全矩阵: https://aiss.nsfocus.com/

模型榜单与评测 Model Rankings & Evaluation Platforms

https://openrouter.ai/rankings OpenRouter AI 排行榜
https://arena.ai/leaderboard AI Arena 基准测试榜单
https://github.com/open-compass/opencompass OpenCompass 大模型评测平台

安全围栏与加固 AI Agent Security & Guardrails

https://github.com/kappa9999/ClawShield 适用于 OpenClaw
https://semgrep.dev/blog/2026/openclaw-security-engineers-cheat-sheet OpenClaw 安全工程师速查表

攻防自动化 AI-Powered Red Teaming & Offensive Automation

Some projects may not be fully tested. Use with caution. 部分项目未经完整测试，请谨慎使用。

https://github.com/GreyDGL/PentestGPT 基于大语言模型的自动化渗透测试智能体框架
https://github.com/NVIDIA/garak LLM 漏洞扫描器
http://github.com/SuperagenticAI/superclaw 红队 AI 智能体
https://github.com/usestrix/strix 开源 AI 黑客工具，用于发现并修复应用漏洞
https://github.com/jd-opensource/JoySafeter 安全能力操作系统
https://github.com/Significant-Gravitas/AutoGPT AutoGPT 是一个强大平台，可创建、部署与管理持续运行的 AI 智能体，自动化复杂工作流
https://github.com/aliasrobotics/cai 网络安全 AI（CAI），AI 安全框架
https://github.com/vxcontrol/pentagi 自动化安全测试
https://github.com/Ed1s0nZ/CyberStrikeAI AI 原生安全测试平台
https://github.com/KeygraphHQ/shannon AI 渗透测试工具

Agent Skills 工程 Agent Skills

https://github.com/JackyST0/awesome-agent-skills 适用于 Cursor、Claude Code、GitHub Copilot 等
https://github.com/affaan-m/everything-claude-code 适用于 Claude Code、Codex、Cowork 等（Anthropic 黑客松冠军项目）
https://github.com/libukai/awesome-agent-skills 快速入门、推荐技能、最新资讯与实战案例
https://github.com/JimLiu/baoyu-skills 适用于 Claude Code
https://github.com/anthropics/skills
https://github.com/anthropics/skills/blob/main/skills/skill-creator/SKILL.md Skills 生成

提高生产力的辅助工具

LLM

开源资源 Open-Source Resources

编排框架 orchestration framework

https://github.com/langchain-ai/langchain

提示词 Prompts

部署 Deployment

huggingface: https://huggingface.co/ 大型语言模型下载（AI 界 Github ）
ollama: https://github.com/ollama/ollama 启动并运行大型语言模型
open-webui: https://github.com/open-webui/open-webui 离线 WebUI
chatbox: https://github.com/Bin-Huang/chatbox 适用于 AI 模型/大语言模型的友好型桌面客户端（GPT、Claude、Gemini、Ollama...），支持 MacOS/Windows/Linux 系统
anythingllm: https://anythingllm.com/ 借助强大的内置工具和功能快速运行本地大语言模型，支持 MacOS/Windows/Linux 系统
enchanted: https://github.com/AugustDev/enchanted Enchanted 用于与私有自托管语言模型交互，支持 iOS/MacOS 系统
chatbox: https://github.com/Bin-Huang/chatbox 本地客户端 for Windows/MacOS/Linux
obsidian-copilot: https://github.com/logancyang/obsidian-copilot
continue: https://github.com/continuedev/continue

如果你想通过 ollama 在本地快速部署 LLM，可以参考这套技术栈：

运行大型语言模型：ollama
运行大型语言模型并部署 WebUI：ollama + open-webui
运行大型语言模型并部署应用程序：ollama + enchanted
运行大型语言模型并与本地编辑器集成（例如 Obsidian）：ollama + copilot（Obsidian 插件）
运行大型语言模型并与本地代码编辑器集成（例如 Vscode）： ollama + continue（Vscode 插件）
运行大型语言模型并构建本地 RAG 应用：ollama + langchain
...

提高生产力的使用姿势

如何快速使用 alias

Windows 创建 alias.bat，激活 conda 虚拟环境，在隔离环境下运行程序或工具。双击 alias.bat，重启 cmd，配置生效。

@echo off
:: Software
@DOSKEY ida64=activate base$t"D:\CTFTools\Cracking\IDA_7.7\ida64.exe"

:: Tools
@DOSKEY fscan=cd /d D:\Software\HackTools\fscan$tactivate security$tdir

将 alias.bat 配置为开机自启动：

注册表进入 计算机\HKEY_CURRENT_USER\Software\Microsoft\Command Processor；
创建字符串值 autorun，赋值为 alias.bat 所在位置，例如 D: \Software\alias.bat；
重启系统，配置生效。

MacOS 编辑 .zshrc，重启 shell，配置生效：

# 3. Control and Command
alias behinder="cd /Users/threekiii/HackTools/C2/Behinder_v4.1/ && /Library/Java/JavaVirtualMachines/jdk-1.8.jdk/Contents/Home/bin/java -jar Behinder.jar "
alias godzilla="cd /Users/threekiii/HackTools/C2/Godzilla_v4.0.1/ && /Library/Java/JavaVirtualMachines/jdk-1.8.jdk/Contents/Home/bin/java -jar godzilla.jar "

如何优化原生终端

Windows 通过 tabby + clink 优化原生终端，实现命令自动补全、vps ssh/ftp/sftp、输出日志记录等功能：

MacOS 通过 warp + ohmyzsh 优化原生终端，warp 自带命令自动补全，引入“块”概念，提供了更现代化的编程体验（Modern UX and Text Editing）：

如何解决终端中文乱码

Windows 注册表进入 计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor，创建字符串值 autorun，赋值为 chcp 65001。

Name		Name	Last commit message	Last commit date
Latest commit History 23 Commits
cheatsheets		cheatsheets
images/README		images/README
scripts		scripts
tips		tips
README.md		README.md
README_en.md		README_en.md

Folders and files

Latest commit

History

Repository files navigation

Awesome-Redteam

Roadmap

目录 Contents

项目导航 Project Navigation

速查文档 CheatSheets

一些代码 Scripts

攻防知识 Tips

开源导航 Open-Source Navigation

编解码/加解密 Cryptography

在线工具 Online Tools

离线工具 Offline Tools

编码/解码 Encode/Decode

正则表达式 Regular Expressions

哈希算法 Hash Algorithms

公钥密码算法 RSA

国密算法 SM Algorithms

网络空间测绘 Cyberspace Search Engine

综合工具 Nice Tools

网页/端口 Web/Ports

谷歌搜索 Google Hacking

Github 搜索 Github Dork

开源情报 Open-Source Intelligence

综合工具 Nice Tools

威胁情报 Threat Intelligence

漏洞披露 Disclosed Vulnerabilities

接口检索 API Search

源代码检索 Source Code Search

开源资源 Open-Source Resources

社区/知识库 Communities/Knowledge Base

思维导图/备忘录 Mindmap/Cheat Sheets

进攻性安全 Red Teaming and Offensive Security

防御性安全 Blue Teaming and Defensive Security

操作安全 Operation Security

实战平台 Learning and Practice Platforms

信息收集 Reconnaissance

综合工具 Nice Tools

IP/域名/子域名 IP/Domain/Subdomain

指纹 Fingerprint

指纹库 Fingerprint Collection

指纹识别 Fingerprint Reconnaissance

WAF 识别 Waf Checks

扫描/爆破 Brute Force

扫描/爆破工具 Brute Force Tools

扫描/爆破字典 Brute Force Dictionaries

字典生成 Generate a Custom Dictionary

默认口令查询 Default Credentials

社会工程学 Social Engineering

凭据泄露 Leaked Credentials

邮箱 Email

短信 SMS Online

钓鱼 Phishing

移动端 Mobile

漏洞研究 Vulnerability Research

漏洞环境 Vulnerable Environments

基础漏洞 Basic Vulnerabilities

综合漏洞 Comprehensive Vulnerabilities

工控环境 Vulnerable IoT Environment

域环境 Vulnerable Active Directory Environment

云环境 Vulnerable Cloud Environments

AI 环境 Vulnerable AI Environments

PoC Proof of Concept

PoC/ExP

PoC 模板 PoC Templates

漏洞利用 Vulnerability Exploits

综合工具 Nice Tools

代码审计 Code Audit

序列化 Serialization

Java

反序列化 Deserialization

Java

PHP

数据库 Database

Redis

MySQL

Oracle

MSSQL