SharpWizard/haxbox

## 为什么选择 HaxBox？ 大多数“多合一黑客工具”仓库在 2020 年左右就停止了更新。现代的攻防工作发生在那些旧列表未能覆盖的领域——**云控制平面、Kubernetes、移动端运行时、GraphQL API、LLM 提示词交互面以及软件供应链**。HaxBox 提供了经过精心筛选、具有明确导向且紧跟时代的解决方案。 | | 旧版 `hackingtool` 风格仓库 | **HaxBox** | |---|---|---| | 最近一次重大更新 | 2020–2021 | **2026** | | 云安全 (AWS / Azure / GCP) | ❌ | ✅ Prowler, ScoutSuite, CloudFox, Pacu | | 容器与 Kubernetes | ❌ | ✅ Trivy, kube-hunter, Peirates, kubescape | | 移动端 (Android/iOS) | ⚠️ 基础 | ✅ MobSF, Frida, Objection, jadx, Drozer | | API 与 GraphQL 测试 | ❌ | ✅ Kiterunner, InQL, graphql-cop, Akto | | AI / LLM 红队测试 | ❌ | ✅ Garak, PyRIT, promptfoo, llm-guard | | 供应链安全 | ❌ | ✅ Syft, Grype, OSV-Scanner, cosign | | 蓝队与 DFIR | ❌ | ✅ Velociraptor, Wazuh, Sigma, Atomic Red Team | | 现代侦察 (ProjectDiscovery) | ❌ | ✅ nuclei, httpx, katana, naabu, dnsx | | 报告生成与笔记记录 | ❌ | ✅ SysReptor, PwnDoc, Obsidian recipes | | 一键安装脚本 | ⚠️ 在现代发行版上已失效 | ✅ 已在 Kali 2024+, Ubuntu 22.04+, WSL2 上测试通过 | | 架构图 | ❌ | ✅ 参见 [架构设计](#-architecture) | | Issue/PR 模板、行为规范、SECURITY.md | ❌ | ✅ 完整的 GitHub 社区文件 | ## 演示 ``` ╔══════════════════════════════════════════════════════════════╗ ║ _ _ _ __ __ ____ ___ __ __ ║ ║ | | | | / \ \ \/ / | __ ) / _ \ \ \/ / ║ ║ | |_| | / _ \ \ / | _ \ | | | | \ / ║ ║ | _ |/ ___ \ / \ | |_) || |_| | / \ ║ ║ |_| |_/_/ \_\/_/\_\ |____/ \___/ /_/\_\ ║ ║ ║ ║ The 2026 Cybersecurity Toolbox · v1.0 · MIT ║ ╚══════════════════════════════════════════════════════════════╝ [ 1] Anonymity & Privacy ( 6 tools ) [ 2] OSINT & Information Gathering ( 14 tools ) [ 3] Modern Recon (ProjectDiscovery)( 11 tools ) [ 4] Web Application Testing ( 18 tools ) [ 5] API & GraphQL ( 9 tools ) [ 6] Cloud Security ( 12 tools ) [ 7] Container & Kubernetes ( 10 tools ) [ 8] Mobile Application Testing ( 11 tools ) [ 9] Wireless & SDR ( 9 tools ) [10] Forensics & DFIR ( 12 tools ) [11] Reverse Engineering ( 10 tools ) [12] Exploitation Frameworks ( 7 tools ) [13] Password & Hash Attacks ( 9 tools ) [14] Phishing & Social Engineering ( 6 tools ) [15] Hardware & IoT ( 8 tools ) [16] Steganography ( 6 tools ) [17] AI / LLM Red Team ( 9 tools ) ⭐ NEW [18] Supply Chain Security ( 8 tools ) ⭐ NEW [19] Blue Team & Detection ( 11 tools ) ⭐ NEW [20] CTF Helpers ( 9 tools ) [21] Reporting & Notes ( 6 tools ) [22] Automation & Workflows ( 7 tools ) [23] Learning Resources ( links ) [s] Search [u] Update Catalog [d] Doctor [q] Quit > ``` ## 快速安装 ### 一键安装 (Linux / macOS / WSL2) ``` curl -fsSL https://raw.githubusercontent.com/SharpWizard/haxbox/main/install.sh | bash ``` ### 手动安装 ``` git clone https://github.com/SharpWizard/haxbox.git cd haxbox python3 haxbox.py ``` ### Windows (PowerShell) ``` git clone https://github.com/SharpWizard/haxbox.git cd haxbox python haxbox.py ``` 启动器**仅使用 Python 标准库**——无需执行 `pip install`。 ## 工具分类

1 · 匿名与隐私 — Tor, ProxyChains, Mullvad, Whonix, Tails, AnonSurf

在您获得授权的侦察和测试活动中保持隐身。 - [Tor](https://www.torproject.org/) · [ProxyChains-NG](https://github.com/rofl0r/proxychains-ng) · [Mullvad](https://mullvad.net/) · [Whonix](https://www.whonix.org/) · [Tails](https://tails.net/) · [AnonSurf](https://github.com/Und3rf10w/kali-anonsurf)

2 · OSINT 与信息收集 — Maltego, Sherlock, Spiderfoot, GHunt, Holehe, theHarvester, +8 more

2026 年的最新 OSINT 技术栈——涵盖用户名、电子邮件、电话、社交图谱以及泄露数据。 - [Maltego CE](https://www.maltego.com/) · [Sherlock](https://github.com/sherlock-project/sherlock) · [Spiderfoot](https://github.com/smicallef/spiderfoot) · [GHunt](https://github.com/mxrch/GHunt) · [Holehe](https://github.com/megadose/holehe) · [theHarvester](https://github.com/laramies/theHarvester) · [Recon-ng](https://github.com/lanmaster53/recon-ng) · [Photon](https://github.com/s0md3v/Photon) · [PhoneInfoga](https://github.com/sundowndev/phoneinfoga) · [Maigret](https://github.com/soxoj/maigret) · [Snoop](https://github.com/snooppr/snoop) · [Mosint](https://github.com/alpkeskin/mosint) · [Toutatis](https://github.com/megadose/toutatis) · [WhatsMyName](https://github.com/WebBreacher/WhatsMyName)

3 · 现代侦察 (ProjectDiscovery) ⭐ — nuclei, httpx, katana, subfinder, naabu, dnsx, +5 more

ProjectDiscovery 套件——每位漏洞赏金猎人的日常必备工具，旧版工具包中缺失的利器。 - [nuclei](https://github.com/projectdiscovery/nuclei) · [httpx](https://github.com/projectdiscovery/httpx) · [subfinder](https://github.com/projectdiscovery/subfinder) · [naabu](https://github.com/projectdiscovery/naabu) · [katana](https://github.com/projectdiscovery/katana) · [dnsx](https://github.com/projectdiscovery/dnsx) · [chaos-client](https://github.com/projectdiscovery/chaos-client) · [interactsh](https://github.com/projectdiscovery/interactsh) · [notify](https://github.com/projectdiscovery/notify) · [tlsx](https://github.com/projectdiscovery/tlsx) · [gowitness](https://github.com/sensepost/gowitness)

4 · Web 应用程序测试 — Burp, ZAP, sqlmap, ffuf, gobuster, dalfox, wpscan, +11 more

- [Burp Suite Community](https://portswigger.net/burp/communitydownload) · [OWASP ZAP](https://www.zaproxy.org/) · [sqlmap](https://github.com/sqlmapproject/sqlmap) · [ffuf](https://github.com/ffuf/ffuf) · [gobuster](https://github.com/OJ/gobuster) · [feroxbuster](https://github.com/epi052/feroxbuster) · [dalfox](https://github.com/hahwul/dalfox) · [wpscan](https://github.com/wpscanteam/wpscan) · [Nikto](https://github.com/sullo/nikto) · [Wapiti](https://github.com/wapiti-scanner/wapiti) · [XSStrike](https://github.com/s0md3v/XSStrike) · [Commix](https://github.com/commixproject/commix) · [Nuclei templates](https://github.com/projectdiscovery/nuclei-templates) · [Arjun](https://github.com/s0md3v/Arjun) · [paramspider](https://github.com/devanshbatham/ParamSpider) · [SecLists](https://github.com/danielmiessler/SecLists) · [tplmap](https://github.com/epinna/tplmap) · [SSRFmap](https://github.com/swisskyrepo/SSRFmap)

5 · API 与 GraphQL ⭐ — Kiterunner, InQL, graphql-cop, Akto, Postman, +4 more

REST 与 GraphQL API 测试——尽管现代漏洞常出现在 API 中，但此类工具在旧版工具包中几乎完全缺席。 - [Kiterunner](https://github.com/assetnote/kiterunner) · [InQL](https://github.com/doyensec/inql) · [graphql-cop](https://github.com/dolevf/graphql-cop) · [GraphQL Voyager](https://github.com/IvanGoncharov/graphql-voyager) · [Akto](https://github.com/akto-api-security/akto) · [Postman](https://www.postman.com/) · [Insomnia](https://github.com/Kong/insomnia) · [Hetty](https://github.com/dstotijn/hetty) · [Caido](https://caido.io/)

6 · 云安全 ⭐ — Prowler, ScoutSuite, CloudFox, Pacu, +8 more

AWS, Azure, GCP——用于云控制平面的审计与漏洞利用工具集。 - [Prowler](https://github.com/prowler-cloud/prowler) · [ScoutSuite](https://github.com/nccgroup/ScoutSuite) · [CloudFox](https://github.com/BishopFox/cloudfox) · [Pacu](https://github.com/RhinoSecurityLabs/pacu) · [CloudSploit](https://github.com/aquasecurity/cloudsploit) · [Cartography](https://github.com/cartography-cncf/cartography) · [enumerate-iam](https://github.com/andresriancho/enumerate-iam) · [aws-recon](https://github.com/darkbitio/aws-recon) · [PMapper](https://github.com/nccgroup/PMapper) · [Stormspotter](https://github.com/Azure/Stormspotter) · [PurplePanda](https://github.com/carlospolop/PurplePanda) · [Cloudbrute](https://github.com/0xsha/CloudBrute)

7 · 容器与 Kubernetes ⭐ — Trivy, kube-hunter, kubescape, Peirates, +6 more

在旧版工具包开发时尚不存在的容器/k8s攻击面。 - [Trivy](https://github.com/aquasecurity/trivy) · [kube-hunter](https://github.com/aquasecurity/kube-hunter) · [kubescape](https://github.com/kubescape/kubescape) · [kube-bench](https://github.com/aquasecurity/kube-bench) · [Peirates](https://github.com/inguardians/peirates) · [Dockle](https://github.com/goodwithtech/dockle) · [Falco](https://github.com/falcosecurity/falco) · [Hadolint](https://github.com/hadolint/hadolint) · [Checkov](https://github.com/bridgecrewio/checkov) · [krane](https://github.com/appvia/krane)

8 · 移动应用测试 — MobSF, Frida, Objection, jadx, apktool, Drozer, +5 more

- [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) · [Frida](https://github.com/frida/frida) · [Objection](https://github.com/sensepost/objection) · [jadx](https://github.com/skylot/jadx) · [apktool](https://github.com/iBotPeaches/Apktool) · [Drozer](https://github.com/WithSecureLabs/drozer) · [House](https://github.com/nccgroup/house) · [Quark-Engine](https://github.com/quark-engine/quark-engine) · [androguard](https://github.com/androguard/androguard) · [r2frida](https://github.com/nowsecure/r2frida) · [iLEAPP](https://github.com/abrignoni/iLEAPP)

9 · 无线与 SDR — Aircrack-ng, Wifite, Bettercap, Kismet, Hcxdumptool, +4 more

- [Aircrack-ng](https://github.com/aircrack-ng/aircrack-ng) · [Wifite2](https://github.com/derv82/wifite2) · [Bettercap](https://github.com/bettercap/bettercap) · [Kismet](https://github.com/kismetwireless/kismet) · [Hcxdumptool](https://github.com/ZerBea/hcxdumptool) · [Reaver](https://github.com/t6x/reaver-wps-fork-t6x) · [Fluxion](https://github.com/FluxionNetwork/fluxion) · [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) · [GNU Radio](https://github.com/gnuradio/gnuradio)

10 · 取证与 DFIR ⭐ — Velociraptor, Volatility, Autopsy, Sleuthkit, plaso, +7 more

- [Velociraptor](https://github.com/Velocidex/velociraptor) · [Volatility 3](https://github.com/volatilityfoundation/volatility3) · [Autopsy](https://github.com/sleuthkit/autopsy) · [Sleuthkit](https://github.com/sleuthkit/sleuthkit) · [plaso/log2timeline](https://github.com/log2timeline/plaso) · [MISP](https://github.com/MISP/MISP) · [TheHive](https://github.com/TheHive-Project/TheHive) · [Cortex](https://github.com/TheHive-Project/Cortex) · [YARA](https://github.com/VirusTotal/yara) · [DFIR-IRIS](https://github.com/dfir-iris/iris-web) · [Hayabusa](https://github.com/Yamato-Security/hayabusa) · [Chainsaw](https://github.com/WithSecureLabs/chainsaw)

11 · 逆向工程 — Ghidra, Cutter/Radare2, x64dbg, Binary Ninja, IDA Free, +5 more

- [Ghidra](https://github.com/NationalSecurityAgency/ghidra) · [Cutter](https://github.com/rizinorg/cutter) · [Radare2](https://github.com/radareorg/radare2) · [x64dbg](https://github.com/x64dbg/x64dbg) · [Binary Ninja Free](https://binary.ninja/free/) · [IDA Free](https://hex-rays.com/ida-free/) · [angr](https://github.com/angr/angr) · [pwndbg](https://github.com/pwndbg/pwndbg) · [GEF](https://github.com/hugsy/gef) · [BinDiff](https://github.com/google/bindiff)

12 · 漏洞利用框架 — Metasploit, Sliver, Mythic, Havoc, Empire, +2 more

用于**授权红队**的开源 C2 / 框架参考。 - [Metasploit Framework](https://github.com/rapid7/metasploit-framework) · [Sliver](https://github.com/BishopFox/sliver) · [Mythic](https://github.com/its-a-feature/Mythic) · [Havoc](https://github.com/HavocFramework/Havoc) · [Empire (BC-Security)](https://github.com/BC-SECURITY/Empire) · [Villain](https://github.com/t3l3machus/Villain) · [Caldera](https://github.com/mitre/caldera)

13 · 密码与哈希攻击 — hashcat, John, hydra, kerbrute, CeWL, +4 more

- [hashcat](https://github.com/hashcat/hashcat) · [John the Ripper](https://github.com/openwall/john) · [hydra](https://github.com/vanhauser-thc/thc-hydra) · [kerbrute](https://github.com/ropnop/kerbrute) · [CeWL](https://github.com/digininja/CeWL) · [crunch](https://github.com/crunchsec/crunch) · [Hashes.com lookups](https://hashes.com/) · [Cupp](https://github.com/Mebus/cupp) · [Mentalist](https://github.com/sc0tfree/mentalist)

14 · 钓鱼与社会工程学 — GoPhish, evilginx2, SET, Modlishka, Zphisher, King-Phisher

仅限用于**授权的安全意识演练**。 - [GoPhish](https://github.com/gophish/gophish) · [evilginx2](https://github.com/kgretzky/evilginx2) · [SET (Social-Engineer Toolkit)](https://github.com/trustedsec/social-engineer-toolkit) · [Modlishka](https://github.com/drk1wi/Modlishka) · [Zphisher](https://github.com/htr-tech/zphisher) · [King-Phisher](https://github.com/rsmusllp/king-phisher)

15 · 硬件与 IoT — binwalk, firmwalker, EMBA, Routersploit, FACT, +3 more

- [binwalk](https://github.com/ReFirmLabs/binwalk) · [firmwalker](https://github.com/craigz28/firmwalker) · [EMBA](https://github.com/e-m-b-a/emba) · [Routersploit](https://github.com/threat9/routersploit) · [FACT](https://github.com/fkie-cad/FACT_core) · [firmware-mod-kit](https://github.com/rampageX/firmware-mod-kit) · [HardSploit](https://github.com/opale91/hardsploit) · [chipsec](https://github.com/chipsec/chipsec)

16 · 隐写术 — steghide, zsteg, stegseek, exiftool, OpenStego, foremost

- [steghide](http://steghide.sourceforge.net/) · [zsteg](https://github.com/zed-0xff/zsteg) · [stegseek](https://github.com/RickdeJager/stegseek) · [exiftool](https://github.com/exiftool/exiftool) · [OpenStego](https://github.com/syvaidya/openstego) · [foremost](https://foremost.sourceforge.net/)

17 · AI / LLM 红队 ⭐⭐ 全新 — Garak, PyRIT, promptfoo, llm-guard, vigil-llm, +4 more

在旧版工具包编写时根本不存在的工具类别。随着 LLM 成为生产环境的关键，提示词注入 / 越狱 / 数据窃取测试已成为全新的前沿领域。 - [Garak](https://github.com/leondz/garak) — LLM 漏洞扫描器 - [PyRIT (Microsoft)](https://github.com/Azure/PyRIT) — Python 风险识别工具包 - [promptfoo](https://github.com/promptfoo/promptfoo) — LLM 评估与红队测试 - [llm-guard](https://github.com/protectai/llm-guard) — 输入/输出防护栏 - [vigil-llm](https://github.com/deadbits/vigil-llm) — 提示词注入检测 - [Rebuff](https://github.com/protectai/rebuff) — 自我强化型 LLM 防火墙 - [Counterfit (Microsoft)](https://github.com/Azure/counterfit) — 对抗性机器学习 - [HouYi](https://github.com/LLMSecurity/HouYi) — 提示词注入研究 - [GPTFuzzer](https://github.com/sherdencooper/GPTFuzzer)

18 · 供应链安全 ⭐⭐ 全新 — Syft, Grype, OSV-Scanner, cosign, dep-scan, +3 more

SBOM、依赖项 CVE 漏洞、签名/认证——SolarWinds 事件之后的必备工具包。 - [Syft](https://github.com/anchore/syft) — SBOM 生成器 - [Grype](https://github.com/anchore/grype) — 漏洞扫描器 - [OSV-Scanner (Google)](https://github.com/google/osv-scanner) - [Trivy](https://github.com/aquasecurity/trivy) - [cosign (sigstore)](https://github.com/sigstore/cosign) - [dep-scan](https://github.com/owasp-dep-scan/dep-scan) - [Snyk CLI](https://github.com/snyk/cli) - [npm-audit-resolver](https://github.com/naugtur/npm-audit-resolver)

19 · 蓝队与威胁检测 ⭐⭐ 全新 — Wazuh, Sigma, Atomic Red Team, Suricata, Zeek, +6 more

紫队检测工程。防御者的工具箱，这通常是仅关注攻击的仓库所缺失的。 - [Wazuh](https://github.com/wazuh/wazuh) · [Sigma rules](https://github.com/SigmaHQ/sigma) · [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) · [Caldera (MITRE)](https://github.com/mitre/caldera) · [Suricata](https://github.com/OISF/suricata) · [Zeek](https://github.com/zeek/zeek) · [OSSEC](https://github.com/ossec/ossec-hids) · [Velociraptor](https://github.com/Velocidex/velociraptor) · [TheHive](https://github.com/TheHive-Project/TheHive) · [MISP](https://github.com/MISP/MISP) · [Wazuh Detection Lab](https://github.com/clong/DetectionLab)

20 · CTF 辅助工具 — CyberChef, RsaCtfTool, pwntools, gef, pwndbg, +4 more

- [CyberChef](https://github.com/gchq/CyberChef) · [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool) · [pwntools](https://github.com/Gallopsled/pwntools) · [gef](https://github.com/hugsy/gef) · [pwndbg](https://github.com/pwndbg/pwndbg) · [angr](https://github.com/angr/angr) · [stegsolve](http://www.caesum.com/handbook/Stegsolve.jar) · [aperisolve](https://www.aperisolve.com/) · [Decoder.fr](https://www.dcode.fr/)

21 · 报告与笔记 ⭐ — SysReptor, PwnDoc, Dradis, Obsidian, CherryTree, Trilium

渗透测试报告生成与结构化笔记记录——这些看似不起眼的工作往往能帮你赢得客户。 - [SysReptor](https://github.com/Syslifters/sysreptor) · [PwnDoc](https://github.com/pwndoc/pwndoc) · [Dradis CE](https://github.com/dradis/dradis-ce) · [Obsidian](https://obsidian.md/) · [CherryTree](https://github.com/giuspen/cherrytree) · [Trilium](https://github.com/zadam/trilium)

22 · 自动化与工作流 — n8n, reNgine, Axiom, Project Discovery workflows, BBRF, +2 more

- [reNgine](https://github.com/yogeshojha/rengine) · [Axiom](https://github.com/pry0cc/axiom) · [BBRF (Bug Bounty Reconnaissance Framework)](https://github.com/honoki/bbrf-server) · [Sn1per](https://github.com/1N3/Sn1per) · [Osmedeus](https://github.com/j3ssie/osmedeus) · [n8n](https://github.com/n8n-io/n8n) · [Trickest workflows](https://trickest.com/)

23 · 学习资源 — HackTheBox, TryHackMe, PortSwigger Academy, OWASP, +many

真正用来学习这些技术的免费与付费平台。 - [HackTheBox](https://www.hackthebox.com/) · [TryHackMe](https://tryhackme.com/) · [PortSwigger Web Academy](https://portswigger.net/web-security) · [OWASP Top 10](https://owasp.org/www-project-top-ten/) · [PentesterLab](https://pentesterlab.com/) · [VulnHub](https://www.vulnhub.com/) · [PicoCTF](https://picoctf.org/) · [OverTheWire](https://overthewire.org/) · [HackerOne CTF](https://ctf.hacker101.com/) · [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) · [HackTricks](https://book.hacktricks.xyz/)

## 架构设计 ``` flowchart LR User([User]) -->|menu / search| CLI[haxbox.py · TUI] CLI --> Catalog[(tools catalog
haxbox/data/tools.py)] CLI --> Installer[Installer Engine] CLI --> Doctor[Environment Doctor] Installer -->|apt / pipx / git| System[(Local System)] Installer -->|writes| State[(installed.json)] Doctor -->|verifies| System CLI -->|opens repo / docs| Browser([Browser]) classDef red fill:#ef4444,stroke:#7f1d1d,color:#fff,stroke-width:2px; classDef orange fill:#f97316,stroke:#7c2d12,color:#fff; classDef gray fill:#1f2937,stroke:#111827,color:#fff; class CLI red class Installer,Doctor orange class Catalog,State,System,Browser gray ``` 启动器基于**纯 Python 标准库 (stdlib)** 构建。工具目录是唯一的单一事实来源 (`haxbox/data/tools.py`)——每一个分类、README 章节和文档页面都派生自它。添加一个工具只需一个一行的 PR。 ## 路线图 - [x] **v1.0** — 核心启动器，23 个分类，200+ 款工具，支持 Linux/macOS/WSL2 安装 - [ ] **v1.1** — 原生 Windows 工具检测 (winget 集成) - [ ] **v1.2** — 基于 Docker 的“临时工具箱”模式 (`haxbox box `) - [ ] **v1.3** — 插件系统: `~/.haxbox/plugins/*.py` - [ ] **v1.4** — 基于 GitHub Releases 的目录自动更新 (`haxbox update`) - [ ] **v2.0** — Web UI (FastAPI)，支持分类下钻与逐个工具的文档 请在 [讨论区](https://github.com/SharpWizard/haxbox/discussions) 为下一步开发计划投票。 ## 参与贡献 那些**添加工具**、**修复安装命令**或**增加分类**的 PR 对我们来说最有价值。详情请参阅 [CONTRIBUTING.md](CONTRIBUTING.md)。所有的贡献者都将在发行版说明中被致谢。 ``` # 在 4 行代码中添加工具 # 1. 编辑 haxbox/data/tools.py # 2. 添加：Tool(name="...", repo="...", install="apt install ...", category="recon") # 3. 运行 python haxbox.py --validate # 4. PR ``` ## Star 历史 [](https://star-history.com/#SharpWizard/haxbox&Date) ## 负责任地使用 HaxBox **仅编目并安装公开可用的安全工具**。它**不**包含漏洞利用代码、攻击载荷或规避代码。您需对自己使用这些工具的行为负责。 - ✅ 具备书面授权范围的渗透测试 - ✅ 漏洞赏金项目（需遵守其规则） - ✅ CTF 及 HackTheBox / TryHackMe 实验室 - ✅ 您自己的系统、网络和账号 - ✅ 防御工程建设（蓝队、威胁检测） - ❌ 任何您未获得明确授权的测试 在几乎所有的司法管辖区，未经授权访问计算机系统都是违法的。**维护者对滥用行为不承担任何责任。** ## 许可证 [MIT](LICENSE) © 2026 [SharpWizard](https://github.com/SharpWizard). 此处编目的工具仍受其各自的原始许可证保护——HaxBox 并未对其进行再分发。

**如果这个项目为您节省了时间，请点个 ⭐ ——这是让更多人发现该项目的唯一途径。** _{由红队成员、蓝队成员以及那些拒绝在 Notion 页面里维护 200 行 `apt install` 脚本的人用 🖤 打造。}

标签：AD攻击面, API安全, Blue Team, Chrome Headless, Hackingtool, JSON输出, Kubernetes安全, Linux工具, macOS工具, Python, TGT, URL发现, Web截图, Windows内核, 人工智能安全, 反取证, 合规性, 域名收集, 大语言模型安全, 安全工具箱, 安全工具集, 安全检测, 安全评估, 实时处理, 容器安全, 应用安全, 开源安全工具, 攻防演练, 无后门, 机密管理, 白帽子, 目录枚举, 移动安全, 端口探测, 网络安全, 网络安全研究, 自动化安装, 请求拦截, 逆向工具, 逆向工程平台, 隐私保护