ykrishhh/awesome-cybersecurity-tools

GitHub: ykrishhh/awesome-cybersecurity-tools

一份精心整理的网络安全工具与框架精选列表,按渗透测试、漏洞赏金和安全研究等场景分类,帮助从业者快速发现和选用合适的安全工具。

Stars: 0 | Forks: 0

# 极佳的 Cybersecurity 工具 ![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) ![GitHub Stars](https://img.shields.io/github/stars/ykrishhh/awesome-cybersecurity-tools?style=flat-square&color=yellow) ![GitHub Forks](https://img.shields.io/github/forks/ykrishhh/awesome-cybersecurity-tools?style=flat-square) ![License](https://img.shields.io/github/license/ykrishhh/awesome-cybersecurity-tools?style=flat-square) ![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen?style=flat-square) 一份精心整理的包含 **60+** 款安全工具、框架和资源的列表,专为渗透测试人员、漏洞赏金猎人和安全研究人员准备。 [贡献](#contributing) · [请求工具](https://github.com/ykrishhh/awesome-cybersecurity-tools/issues)
## 安全概览 ### 工具分类概述 ``` mindmap root((Cybersecurity
Tools)) Network Analysis Nmap Wireshark Masscan tcpdump Web App Security Burp Suite OWASP ZAP SQLMap XSStrike Exploitation Metasploit SearchSploit Responder OSINT Maltego Sherlock SpiderFoot Recon-ng Reverse Engineering Ghidra Radare2 pwntools Password Attacks Hashcat John the Ripper Hydra Digital Forensics Autopsy Volatility Sleuth Kit Wireless & RF Aircrack-ng HackRF One Kismet Container & Cloud Trivy Grype Kube-Hunter Security Automation Nuclei Subfinder Amass Gitleaks Social Engineering SET Gophish ``` ### 渗透测试工作流 ``` flowchart LR subgraph RECON["1. Reconnaissance"] R1[Passive OSINT] --> R2[Active Scanning] R2 --> R3[Service Enumeration] end subgraph SCAN["2. Scanning"] S1[Vulnerability Scan] --> S2[Port Scanning] S2 --> S3[Web Crawling] end subgraph EXPLOIT["3. Exploitation"] E1[Choose Exploit] --> E2[Gain Access] E2 --> E3[Verify Foothold] end subgraph POST["4. Post-Exploitation"] P1[Privilege Escalation] --> P2[Lateral Movement] P2 --> P3[Data Exfiltration] end RECON --> SCAN --> EXPLOIT --> POST style RECON fill:#264653,color:#fff style SCAN fill:#2a9d8f,color:#fff style EXPLOIT fill:#e76f51,color:#fff style POST fill:#d62828,color:#fff ``` ### 按目标类型选择工具 ``` flowchart TD START([Target Type?]) --> Q1{What are you
testing?} Q1 -->|Web Application| WEB[Burp Suite + SQLMap
+ OWASP ZAP] Q1 -->|Network / Infrastructure| NET[Nmap + Masscan
+ Metasploit] Q1 -->|Wireless| WIFI[Aircrack-ng
+ Kismet] Q1 -->|Binary / Firmware| RE[Ghidra + Radare2
+ Binwalk] Q1 -->|Passwords| PASS[Hashcat + John
+ Hydra] Q1 -->|Cloud / Containers| CLOUD[Trivy + Grype
+ Kube-Hunter] Q1 -->|Social Engineering| SOC[SET + Gophish] Q1 -->|Source Code| CODE[Gitleaks + Semgrep] style WEB fill:#e76f51,color:#fff style NET fill:#264653,color:#fff style WIFI fill:#2a9d8f,color:#fff style RE fill:#7b2cbf,color:#fff style PASS fill:#d62828,color:#fff style CLOUD fill:#0078d4,color:#fff style SOC fill:#f4a261,color:#000 style CODE fill:#6c757d,color:#fff ``` ## 目录 - [网络分析](#network-analysis) - [Web 应用安全](#web-application-security) - [无线与射频](#wireless--rf) - [逆向工程](#reverse-engineering) - [数字取证](#digital-forensics) - [密码攻击](#password-attacks) - [漏洞利用](#exploitation) - [OSINT](#osint) - [容器与云安全](#container--cloud-security) - [安全自动化](#security-automation) - [社会工程学](#social-engineering) - [贡献](#contributing) ## 网络分析 | 工具 | 描述 | Stars | |------|-------------|-------| | [Nmap](https://github.com/nmap/nmap) | 网络发现和安全审计实用工具 | ![Stars](https://img.shields.io/github/stars/nmap/nmap?style=social) | | [Wireshark](https://github.com/wireshark/wireshark) | 用于深度数据包检查的网络协议分析器 | ![Stars](https://img.shields.io/github/stars/wireshark/wireshark?style=social) | | [tcpdump](https://github.com/the-tcpdump-group/tcpdump) | 强大的命令行数据包分析器 | ![Stars](https://img.shields.io/github/stars/the-tcpdump-group/tcpdump?style=social) | | [Netcat](https://github.com/diegocr/netcat) | 用于网络调试的 TCP/UDP 瑞士军刀 | ![Stars](https://img.shields.io/github/stars/diegocr/netcat?style=social) | | [Masscan](https://github.com/robertdavidgraham/masscan) | TCP 端口扫描器 —— 互联网上最快的扫描器 | ![Stars](https://img.shields.io/github/stars/robertdavidgraham/masscan?style=social) | | [Zeek](https://github.com/zeek/zeek) | 网络安全监控框架 | ![Stars](https://img.shields.io/github/stars/zeek/zeek?style=social) | ## Web 应用安全 | 工具 | 描述 | Stars | |------|-------------|-------| | [Burp Suite](https://github.com/PortSwigger/burp-extensions) | 领先的 Web 漏洞扫描器 (扩展) | ![Stars](https://img.shields.io/github/stars/PortSwigger/burp-extensions?style=social) | | [OWASP ZAP](https://github.com/zaproxy/zaproxy) | 免费、开源的 Web 应用安全扫描器 | ![Stars](https://img.shields.io/github/stars/zaproxy/zaproxy?style=social) | | [SQLMap](https://github.com/sqlmapproject/sqlmap) | 自动化 SQL 注入和数据库接管工具 | ![Stars](https://img.shields.io/github/stars/sqlmapproject/sqlmap?style=social) | | [Nikto](https://github.com/sullo/nikto) | 用于检测危险文件/CGI 的 Web 服务器扫描器 | ![Stars](https://img.shields.io/github/stars/sullo/nikto?style=social) | | [Dirb](https://github.com/v0re/dirb) | 用于暴力破解目录发现的 Web 内容扫描器 | ![Stars](https://img.shields.io/github/stars/v0re/dirb?style=social) | | [Wapiti](https://github.com/wapiti-scanner/wapiti) | Web 应用漏洞扫描器 | ![Stars](https://img.shields.io/github/stars/wapiti-scanner/wapiti?style=social) | | [XSStrike](https://github.com/s0md3v/XSStrike) | 最先进的 XSS 扫描器 | ![Stars](https://img.shields.io/github/stars/s0md3v/XSStrike?style=social) | ## 无线与射频 | 工具 | 描述 | Stars | |------|-------------|-------| | [Aircrack-ng](https://github.com/aircrack-ng/aircrack-ng) | 用于 WiFi 安全评估的完整套件 | ![Stars](https://img.shields.io/github/stars/aircrack-ng/aircrack-ng?style=social) | | [HackRF One](https://github.com/mossmann/hackrf) | 用于射频实验的 SDR 平台 | ![Stars](https://img.shields.io/github/stars/mossmann/hackrf?style=social) | | [ESP32 Marauder](https://github.com/justcallmekoko/ESP32Marauder) | ESP32 WiFi/BLE 攻击工具 | ![Stars](https://img.shields.io/github/stars/justcallmekoko/ESP32Marauder?style=social) | | [Kalibrate-RTL](https://github.com/steve-m/kalibrate-rtl) | 校准 RTL-SDR dongles | ![Stars](https://img.shields.io/github/stars/steve-m/kalibrate-rtl?style=social) | | [Kismet](https://github.com/kismetwireless/kismet) | 无线网络和设备检测器/嗅探器 | ![Stars](https://img.shields.io/github/stars/kismetwireless/kismet?style=social) | ## 逆向工程 | 工具 | 描述 | Stars | |------|-------------|-------| | [Ghidra](https://github.com/NationalSecurityAgency/ghidra) | 由 NSA 开发的软件逆向工程框架 | ![Stars](https://img.shields.io/github/stars/NationalSecurityAgency/ghidra?style=social) | | [Radare2](https://github.com/radareorg/radare2) | 类 UNIX 的逆向工程框架 | ![Stars](https://img.shields.io/github/stars/radareorg/radare2?style=social) | | [Binary Ninja](https://github.com/Vector35/binaryninja-api) | 二进制分析平台 API | ![Stars](https://img.shields.io/github/stars/Vector35/binaryninja-api?style=social) | | [Binwalk](https://github.com/ReFirmLabs/binwalk) | 固件分析工具 | ![Stars](https://img.shields.io/github/stars/ReFirmLabs/binwalk?style=social) | | [pwntools](https://github.com/Gallopsled/pwntools) | CTF 框架和漏洞利用开发库 | ![Stars](https://img.shields.io/github/stars/Gallopsled/pwntools?style=social) | | [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) | 搜索用于 ROP 漏洞利用的 gadgets | ![Stars](https://img.shields.io/github/stars/JonathanSalwan/ROPgadget?style=social) | ## 数字取证 | 工具 | 描述 | Stars | |------|-------------|-------| | [Autopsy](https://github.com/sleuthkit/autopsy) | 数字取证平台和 TSK 的 GUI | ![Stars](https://img.shields.io/github/stars/sleuthkit/autopsy?style=social) | | [Volatility](https://github.com/volatilityfoundation/volatility3) | 高级内存取证框架 | ![Stars](https://img.shields.io/github/stars/volatilityfoundation/volatility3?style=social) | | [Sleuth Kit](https://github.com/sleuthkit/sleuthkit) | 文件和卷系统取证分析 | ![Stars](https://img.shields.io/github/stars/sleuthkit/sleuthkit?style=social) | | [Plaso](https://github.com/log2timeline/plaso) | 超级时间线创建工具 | ![Stars](https://img.shields.io/github/stars/log2timeline/plaso?style=social) | ## 密码攻击 | 工具 | 描述 | Stars | |------|-------------|-------| | [Hashcat](https://github.com/hashcat/hashcat) | 世界上最快的密码恢复实用工具 | ![Stars](https://img.shields.io/github/stars/hashcat/hashcat?style=social) | | [John the Ripper](https://github.com/openwall/john) | 支持多种哈希类型的密码破解器 | ![Stars](https://img.shields.io/github/stars/openwall/john?style=social) | | [Hydra](https://github.com/vanhauser-thc/thc-hydra) | 快速网络登录破解器 | ![Stars](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?style=social) | | [CeWL](https://github.com/digininja/CeWL) | 从目标网站生成自定义字典的工具 | ![Stars](https://img.shields.io/github/stars/digininja/CeWL?style=social) | ## 漏洞利用 | 工具 | 描述 | Stars | |------|-------------|-------| | [Metasploit](https://github.com/rapid7/metasploit-framework) | 全球使用最广泛的渗透测试框架 | ![Stars](https://img.shields.io/github/stars/rapid7/metasploit-framework?style=social) | | [SearchSploit](https://github.com/offensive-security/exploitdb) | Exploit-DB 归档和搜索工具 | ![Stars](https://img.shields.io/github/stars/offensive-security/exploitdb?style=social) | | [BeEF](https://github.com/beefproject/beef) | 浏览器漏洞利用框架 | ![Stars](https://img.shields.io/github/stars/beefproject/beef?style=social) | | [Responder](https://github.com/lgandx/Responder) | LLMNR/NBT-NS/MDNS 毒化工具 | ![Stars](https://img.shields.io/github/stars/lgandx/Responder?style=social) | ## OSINT | 工具 | 描述 | Stars | |------|-------------|-------| | [Maltego](https://github.com/MaltegoTech/maltego) | 交互式数据挖掘和链接分析 | ![Stars](https://img.shields.io/github/stars/MaltegoTech/maltego?style=social) | | [Sherlock](https://github.com/sherlock-project/sherlock) | 跨社交网络查找用户名 | ![Stars](https://img.shields.io/github/stars/sherlock-project/sherlock?style=social) | | [theHarvester](https://github.com/laramies/theHarvester) | 电子邮件、子域名和人名收集工具 | ![Stars](https://img.shields.io/github/stars/laramies/theHarvester?style=social) | | [SpiderFoot](https://github.com/smicallef/spiderfoot) | OSINT 自动化工具 | ![Stars](https://img.shields.io/github/stars/smicallef/spiderfoot?style=social) | | [Recon-ng](https://github.com/lanmaster53/recon-ng) | 功能齐全的 Web 侦察框架 | ![Stars](https://img.shields.io/github/stars/lanmaster53/recon-ng?style=social) | ## 容器与云安全 | 工具 | 描述 | Stars | |------|-------------|-------| | [Trivy](https://github.com/aquasecurity/trivy) | 全面的容器漏洞扫描器 | ![Stars](https://img.shields.io/github/stars/aquasecurity/trivy?style=social) | | [Grype](https://github.com/anchore/grype) | 容器镜像漏洞扫描器 | ![Stars](https://img.shields.io/github/stars/anchore/grype?style=social) | | [Scout](https://github.com/aquasecurity/scout) | 容器镜像分析 | ![Stars](https://img.shields.io/github/stars/aquasecurity/scout?style=social) | | [Kube-Hunter](https://github.com/aquasecurity/kube-hunter) | 寻找 Kubernetes 集群中的安全弱点 | ![Stars](https://img.shields.io/github/stars/aquasecurity/kube-hunter?style=social) | ## 安全自动化 | 工具 | 描述 | Stars | |------|-------------|-------| | [Nuclei](https://github.com/projectdiscovery/nuclei) | 基于模板的快速漏洞扫描器 | ![Stars](https://img.shields.io/github/stars/projectdiscovery/nuclei?style=social) | | [Subfinder](https://github.com/projectdiscovery/subfinder) | 快速的被动子域名枚举工具 | ![Stars](https://img.shields.io/github/stars/projectdiscovery/subfinder?style=social) | | [httpx](https://github.com/projectdiscovery/httpx) | 快速且多功能的 HTTP 工具包 | ![Stars](https://img.shields.io/github/stars/projectdiscovery/httpx?style=social) | | [Am](https://github.com/owasp-amass/amass) | 深度的攻击面映射和资产发现 | ![Stars](https://img.shields.io/github/stars/owasp-amass/amass?style=social) | | [Gitleaks](https://github.com/gitleaks/gitleaks) | 用于 git 仓库的密钥扫描器 | ![Stars](https://img.shields.io/github/stars/gitleaks/gitleaks?style=social) | ## 社会工程学 | 工具 | 描述 | Stars | |------|-------------|-------| | [SET](https://github.com/trustedsec/social-engineer-toolkit) | 由 TrustedSec 开发的社会工程学工具包 | ![Stars](https://img.shields.io/github/stars/trustedsec/social-engineer-toolkit?style=social) | | [Gophish](https://github.com/gophish/gophish) | 开源网络钓鱼框架 | ![Stars](https://img.shields.io/github/stars/gophish/gophish?style=social) | ## 许可证 [![CC0](https://licensebuttons.net/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/) 在法律允许的范围内,[ykrishhh](https://github.com/ykrishhh) 已放弃与此作品相关的所有版权及邻接权利。
**如果您觉得此列表有用,请给它点个 Star ⭐** *最后更新:2026年7月*
标签:CTI, Go语言工具, 后端开发, 域环境安全, 实时处理, 插件系统, 网络安全, 隐私保护