- Contents
Information collection of the target before penetration testing
https://github.com/knownsec/ksubdomain
ksubdomain is the fastest subdomain enumeration tool, and it runs on Windows/Linux/Mac.
https://github.com/knownsec/Zoomeye-Tools
Zoomeye Tools includes Zoomeye minitools and Zoomeye preview.
Minitools is currently integrated for use in zoomeye.org, copy all targets in multiple formats, and enter the next scan in a convenient and quick way.
Preview implements a simple Zoomeye interface. When a user login and clicks on preview, he can quickly and easily see various information of the current station ip and open port information.
https://github.com/knownsec/ZoomEye-python
ZoomEye-python is a Python library developed based on the ZoomEye API. It provides the ZoomEye command line mode and can also be integrated into other tools as an SDK. The library allows technicians to search, filter, and export ZoomEye data more conveniently.
Vulnerability scanning and detection of targets
https://github.com/knownsec/pocsuite3
pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.
https://github.com/knownsec/LSpider
A front-end crawler for passive scanners~ It is composed of five parts: Chrome Headless, LSpider master control, Mysql database, RabbitMQ, and passive scanner.
(1) Based on Chrome Headless, the core principle is to simulate clicks and trigger events, and to export traffic to the passive scanner by setting a proxy.
(2) Divergent crawling through the built-in task + subdomain api, the purpose may trigger the traffic of the corresponding target domain.
(3) Task management is carried out through RabbitMQ, supporting a large number of threads at the same time.
(4) Fill in the form intelligently, submit the form, etc.
(5) Use some methods to intelligently judge the login box and feed it back to the user. The user can complete the login by adding a cookie.
(6) Customized the corresponding Webhook interface for sending Webhook statistics to WeChat.
(7) Built-in Hackerone and bugcrowd crawlers, you can get all the range of a target with one click when you provide an account.
Penetration test on target
https://github.com/knownsec/shellcodeloader
Because shellcode can be changed and restored at will, it is difficult to check and kill. Therefore, it is one of the most popular ways to bypass AV by making shellcode Trojan. However, for the conventional production method of shellcode payload of cobalt strike, the shellcode text needs to be encrypted, and put into the source code to find a way to bypass AV, then compile.
The process is too cumbersome. Many of the steps are time-consuming and labor-consuming. After changing shellcode, many processes need to be repeated.
This tool aims to solve most of the repetitive work in shellcodeloader generation process, reduce the working time of bypass AV, and put more energy on penetration or discovery of new ways to bypass AV.
Analysis and processing of information in the penetration process, including code audits, etc.
https://github.com/LoRexxar/Kunlun-M
Kunlun-Mirror is developed from Cobra-W2.0. After long-term maintenance and improvement, Kunlun-Mirror will focus on the development of tools on the use of security researchers, and will continuously improve the user experience around the use of tools.
At present, the tool mainly supports semantic analysis of php and javascript, as well as basic scanning of chrome ext and solidity.
KunLun-M may be the only open source and long-term maintained automated code audit tool on the market. It is hoped that open source tools can promote the development of white box auditing:>.
https://github.com/LoRexxar/Kunlun-M/tree/master/core/plugins/phpunserializechain
Based on the concept of .QL, a set of CodeDB was explored, and a tool demo for finding the PHP deserialization chain was exploratoryly completed. It is still demo in nature, and there are still many problems to be solved.
https://github.com/LoRexxar/Kunlun-M/tree/master/core/plugins/entrancefinder
An interesting small tool for quickly discovering possible entry pages (or missing by developers) when auditing a large amount of php code.
Including maintenance of permissions after penetration and intranet tools, etc.
https://github.com/knownsec/Portforward
PortForward is a port forwarding tool developed using Golang, which solves the problem that the internal and external networks cannot communicate in certain scenarios.
the others
https://github.com/knownsec/LBot
XSS Bot is a threshold for XSS in the CTF. Insufficient back-end performance and imperfect environmental processing will affect every aspect of the bot.
LBot is a simple template born out of a crawler. With the corresponding functions, a mature Bot can be completed quickly and easily.
https://github.com/knownsec/wam
WAM is a platform powered by Python to monitor "Web App", "The dynamic network information". To a certain extent, it greatly help the security researchers save time on tracking the vulnerable code updates and industry dynamics of investment.
AM Model: This module can monitor every updates on all of apps on internet, analysising the changes to make Tag and provide mail notification;
IDM Model: This module uses Web crawler to fetch the industry dynamic information and report that to users;
VDR Model: This module manager all of application package in the history, and save the updated version of which DIFF details;
This category mainly aggregates gadgets and scripts involved in various security research processes, aiming to optimize the daily security automation experience.
https://github.com/knownsec/Minitools-bin_extractor
A simple script for quickly mining sensitive information in binary files. It can be used to quickly dig and verify inscription information such as URL links in binary files.
https://github.com/knownsec/Minitools-CookieTest
A script used to quickly test APIs or required parameters and cookies for a certain request. It can be used to quickly confirm the required parameters of an api for further testing of penetration, etc.
https://github.com/knownsec/Minitools-ipstatistics
ipstatistics is a script based on the ipip library that is used to quickly filter the ip list. It can quickly filter out countries, regions, and exclude ip targets in special regions.
https://github.com/knownsec/Minitools-cidrgen
cidrgen is based on cidr's subnet IP list generator, which quickly solves the pain points of expanding subnets during scanning.