Sa-Shadow/hacking-tool-kit
GitHub: Sa-Shadow/hacking-tool-kit
面向安全研究人员和渗透测试人员的多合一黑客工具包管理器,集成了 185+ 款安全工具并支持一键安装、搜索和标签筛选。
Stars: 0 | Forks: 0
面向安全研究人员和渗透测试人员的多合一黑客工具
[](LICENSE) [](https://www.python.org/) [](#) [](https://github.com/Shadow/hackingtool/stargazers) [](https://github.com/Shadow/hackingtool/network/members) [](https://github.com/Shadow/hackingtool/issues) [](https://github.com/Shadow/hackingtool/commits/master)    | | | 功能 | 描述 | |:---:|---|---| | **🐍** | **Python 3.10+** | 移除了所有 Python 2 代码,全面采用现代语法 | | **🖥** | **感知操作系统的菜单** | 在 macOS 上自动隐藏仅限 Linux 的工具 | | **📦** | **185+ 工具** | 跨 6 个类别新增了 35 款现代工具 | | **🔍** | **搜索** | 输入 `/` 即可通过名称、描述或关键词搜索所有工具 | | **🏷** | **标签筛选** | 输入 `t` 即可通过 19 个标签进行筛选 — osint、web、c2、cloud、mobile... | | **💡** | **推荐** | 输入 `r` — “我想扫描网络” → 显示相关工具 | | **✅** | **安装状态** | 每个工具旁边都会显示 ✔/✘ — 随时了解就绪状态 | | **⚡** | **一键全部安装** | 在任何类别中选择选项 `97` — 批量一次性安装 | | **🔄** | **智能更新** | 每个工具都有更新选项 — 自动检测 git pull / pip upgrade / go install | | **📂** | **打开文件夹** | 直接跳转到任何工具的目录进行手动检查 | | **🐳** | **Docker** | 本地构建 — 无需未经核实的外部镜像 | | **🚀** | **单行安装** | `curl -sSL .../install.sh \| sudo bash` — 零手动步骤 | | **🏢** | **3 个新类别** | Active Directory、Cloud Security、Mobile Security | |
| 命令 | 操作 | 适用位置 |
|:---:|---|:---:|
| `/query` | **搜索** — 通过关键词即时查找工具 | 主菜单 |
| `t` | **标签** — 按 osint、scanner、c2、cloud、mobile... 筛选 | 主菜单 |
| `r` | **推荐** — “我想做 X” → 匹配的工具 | 主菜单 |
| `?` | **帮助** — 快速参考卡片 | 任何位置 |
| `q` | **退出** — 从任意深度退出 | 任何位置 |
| `97` | **全部安装** — 批量安装该类别下的所有工具 | 类别菜单 |
| `99` | **返回** — 返回上一级菜单 | 任何位置 |
## 工具分类
| # | 分类 | 工具数 | | # | 分类 | 工具数 |
|:---:|---|:---:|---|:---:|---|:---:|
| 1 | 🛡 [匿名隐藏](#anonymously-hiding-tools) | 2 | | 11 | 🧰 [漏洞利用框架](#exploit-framework) | 4 |
| 2 | 🔍 [信息收集](#information-gathering-tools) | 26 | | 12 | 🔁 [逆向工程](#reverse-engineering-tools) | 5 |
| 3 | 📚 [字典生成器](#wordlist-generator) | 7 | | 13 | ⚡ [DDOS 攻击](#ddos-attack-tools) | 5 |
| 4 | 📶 [无线攻击](#wireless-attack-tools) | 13 | | 14 | 🖥 [RAT](#remote-administrator-tools-rat) | 1 |
| 5 | 🧩 [SQL 注入](#sql-injection-tools) | 7 | | 15 | 💥 [XSS 攻击](#xss-attack-tools) | 9 |
| 6 | 🎣 [钓鱼攻击](#phishing-attack-tools) | 17 | | 16 | 🖼 [隐写术](#steganography-tools) | 4 |
| 7 | 🌐 [Web 攻击](#web-attack-tools) | 20 | | 17 | 🏢 [Active Directory](#active-directory-tools) | 6 |
| 8 | 🔧 [后渗透](#post-exploitation-tools) | 10 | | 18 | ☁ [Cloud Security](#cloud-security-tools) | 4 |
| 9 | 🕵 [数字取证](#forensic-tools) | 8 | | 19 | 📱 [Mobile Security](#mobile-security-tools) | 3 |
| 10 | 📦 [Payload 生成](#payload-creation-tools) | 8 | | 20 | ✨ [其他工具](#other-tools) | 24 |
## 🛡 匿名隐藏工具
- [Anonymously Surf](https://github.com/Und3rf10w/kali-anonsurf)
- [Multitor](https://github.com/trimstray/multitor)
## 🔍 信息收集工具
- [Network Map (nmap)](https://github.com/nmap/nmap)
- [Dracnmap](https://github.com/Screetsec/Dracnmap)
- 端口扫描
- Host to IP
- [Xerosploit](https://github.com/LionSec/xerosploit)
- [RED HAWK](https://github.com/Tuhinshubhra/RED_HAWK)
- [ReconSpider](https://github.com/bhavsec/reconspider)
- IsItDown
- [Infoga](https://github.com/m4ll0k/Infoga)
- [ReconDog](https://github.com/s0md3v/ReconDog)
- [Striker](https://github.com/s0md3v/Striker)
- [SecretFinder](https://github.com/m4ll0k/SecretFinder)
- [Shodanfy](https://github.com/m4ll0k/Shodanfy.py)
- [rang3r](https://github.com/floriankunushevci/rang3r)
- [Breacher](https://github.com/s0md3v/Breacher)
- [theHarvester](https://github.com/laramies/theHarvester) ★
- [Amass](https://github.com/owasp-amass/amass) ★
- [Masscan](https://github.com/robertdavidgraham/masscan) ★
- [RustScan](https://github.com/RustScan/RustScan) ★
- [Holehe](https://github.com/megadose/holehe) ★
- [Maigret](https://github.com/soxoj/maigret) ★
- [httpx](https://github.com/projectdiscovery/httpx) ★
- [SpiderFoot](https://github.com/smicallef/spiderfoot) ★
- [Subfinder](https://github.com/projectdiscovery/subfinder) ★
- [TruffleHog](https://github.com/trufflesecurity/trufflehog) ★
- [Gitleaks](https://github.com/gitleaks/gitleaks) ★
## 📚 字典生成器
- [Cupp](https://github.com/Mebus/cupp)
- [WordlistCreator](https://github.com/Shadow/wlcreator)
- [Goblin WordGenerator](https://github.com/UndeadSec/GoblinWordGenerator)
- [密码字典 (1.4B)](https://github.com/Viralmaniar/SMWYG-Show-Me-What-You-Got)
- [Hashcat](https://github.com/hashcat/hashcat) ★
- [John the Ripper](https://github.com/openwall/john) ★
- [haiti](https://github.com/noraj/haiti) ★
## 📶 无线攻击工具
- [WiFi-Pumpkin](https://github.com/P0cL4bs/wifipumpkin3)
- [pixiewps](https://github.com/wiire/pixiewps)
- [蓝牙蜜罐](https://github.com/andrewmichaelsmith/bluepot)
- [Fluxion](https://github.com/FluxionNetwork/fluxion)
- [Wifiphisher](https://github.com/wifiphisher/wifiphisher)
- [Wifite](https://github.com/derv82/wifite2)
- [EvilTwin](https://github.com/Shadow/fakeap)
- [Fastssh](https://github.com/Shadow/fastssh)
- Howmanypeople
- [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) ★
- [hcxdumptool](https://github.com/ZerBea/hcxdumptool) ★
- [hcxtools](https://github.com/ZerBea/hcxtools) ★
- [Bettercap](https://github.com/bettercap/bettercap) ★
## 🧩 SQL 注入工具
- [Sqlmap](https://github.com/sqlmapproject/sqlmap)
- [NoSqlMap](https://github.com/codingo/NoSQLMap)
- [DSSS](https://github.com/stamparm/DSSS)
- [Explo](https://github.com/dtag-dev-sec/explo)
- [Blisqy](https://github.com/JohnTroony/Blisqy)
- [Leviathan](https://github.com/leviathan-framework/leviathan)
- [SQLScan](https://github.com/Cvar1984/sqlscan)
## 🎣 钓鱼攻击工具
- [Autophisher](https://github.com/CodingRanjith/autophisher)
- [PyPhisher](https://github.com/KasRoudra/PyPhisher)
- [AdvPhishing](https://github.com/Ignitetch/AdvPhishing)
- [Setoolkit](https://github.com/trustedsec/social-engineer-toolkit)
- [SocialFish](https://github.com/UndeadSec/SocialFish)
- [HiddenEye](https://github.com/Morsmalleo/HiddenEye)
- [Evilginx3](https://github.com/kgretzky/evilginx2)
- [I-See-You](https://github.com/Viralmaniar/I-See-You)
- [SayCheese](https://github.com/hangetzzu/saycheese)
- [二维码劫持](https://github.com/cryptedwolf/ohmyqr)
- [BlackEye](https://github.com/thelinuxchoice/blackeye)
- [ShellPhish](https://github.com/An0nUD4Y/shellphish)
- [Thanos](https://github.com/TridevReddy/Thanos)
- [QRLJacking](https://github.com/OWASP/QRLJacking)
- [Maskphish](https://github.com/jaykali/maskphish)
- [BlackPhish](https://github.com/iinc0gnit0/BlackPhish)
- [dnstwist](https://github.com/elceef/dnstwist)
## 🌐 Web 攻击工具
- [Web2Attack](https://github.com/santatic/web2attack)
- Skipfish
- [Sublist3r](https://github.com/aboul3la/Sublist3r)
- [CheckURL](https://github.com/UndeadSec/checkURL)
- [子域名接管](https://github.com/edoardottt/takeover)
- [Dirb](https://gitlab.com/kalilinux/packages/dirb)
- [Nuclei](https://github.com/projectdiscovery/nuclei) ★
- [ffuf](https://github.com/ffuf/ffuf) ★
- [Feroxbuster](https://github.com/epi052/feroxbuster) ★
- [Nikto](https://github.com/sullo/nikto) ★
- [wafw00f](https://github.com/EnableSecurity/wafw00f) ★
- [Katana](https://github.com/projectdiscovery/katana) ★
- [Gobuster](https://github.com/OJ/gobuster) ★
- [Dirsearch](https://github.com/maurosoria/dirsearch) ★
- [OWASP ZAP](https://github.com/zaproxy/zaproxy) ★
- [testssl.sh](https://github.com/drwetter/testssl.sh) ★
- [Arjun](https://github.com/s0md3v/Arjun) ★
- [Caido](https://github.com/caido/caido) ★
- [mitmproxy](https://github.com/mitmproxy/mitmproxy) ★
## 🔧 后渗透工具
- [Vegile](https://github.com/Screetsec/Vegile)
- [Chrome 键盘记录器](https://github.com/UndeadSec/HeraKeylogger)
- [pwncat-cs](https://github.com/calebstewart/pwncat) ★
- [Sliver](https://github.com/BishopFox/sliver) ★
- [Havoc](https://github.com/HavocFramework/Havoc) ★
- [PEASS-ng (LinPEAS/WinPEAS)](https://github.com/peass-ng/PEASS-ng) ★
- [Ligolo-ng](https://github.com/nicocha30/ligolo-ng) ★
- [Chisel](https://github.com/jpillora/chisel) ★
- [Evil-WinRM](https://github.com/Hackplayers/evil-winrm) ★
- [Mythic](https://github.com/its-a-feature/Mythic) ★
## 🕵 数字取证工具
- Autopsy
- Wireshark
- [Bulk extractor](https://github.com/simsong/bulk_extractor)
- [Guymager](https://guymager.sourceforge.io/)
- [Toolsley](https://www.toolsley.com/- [Volatility 3](https://github.com/volatilityfoundation/volatility3) ★
- [Binwalk](https://github.com/ReFirmLabs/binwalk) ★
- [pspy](https://github.com/DominicBreuker/pspy) ★
## 📦 Payload 生成工具
- [The FatRat](https://github.com/Screetsec/TheFatRat)
- [Brutal](https://github.com/Screetsec/Brutal)
- [Stitch](https://nathanlopez.github.io/Stitch)
- [MSFvenom Payload 生成器](https://github.com/g0tmi1k/msfpc)
- [Venom](https://github.com/r00t-3xp10it/venom)
- [Spycam](https://github.com/indexnotfound404/spycam)
- [Mob-Droid](https://github.com/kinghacker0/Mob-Droid)
- [Enigma](https://github.com/UndeadSec/Enigma)
## 🧰 漏洞利用框架
- [RouterSploit](https://github.com/threat9/routersploit)
- [WebSploit](https://github.com/The404Hacking/websploit)
- [Commix](https://github.com/commixproject/commix)
- [Web2Attack](https://github.com/santatic/web2attack)
## 🔁 逆向工程工具
- [Androguard](https://github.com/androguard/androguard)
- [Apk2Gold](https://github.com/lxdvs/apk2gold)
- [JadX](https://github.com/skylot/jadx)
- [Ghidra](https://github.com/NationalSecurityAgency/ghidra) ★
- [Radare2](https://github.com/radareorg/radare2) ★
## ⚡ DDOS 攻击工具
- [DDoS Script](https://github.com/the-deepnet/ddos)
- [SlowLoris](https://github.com/gkbrk/slowloris)
- [Asyncrone](https://github.com/fatihsnsy/aSYNcrone)
- [UFOnet](https://github.com/epsylon/ufonet)
- [GoldenEye](https://github.com/jseidl/GoldenEye)
## 🖥 远程管理工具 (RAT)
- [Pyshell](https://github.com/knassar702/pyshell)
## 💥 XSS 攻击工具
- [DalFox](https://github.com/hahwul/dalfox)
- [XSS Payload 生成器](https://github.com/capture0x/XSS-LOADER)
- [Extended XSS Searcher](https://github.com/Damian89/extended-xss-search)
- [XSS-Freak](https://github.com/PR0PH3CY33/XSS-Freak)
- [XSpear](https://github.com/hahwul/XSpear)
- [XSSCon](https://github.com/menkrep1337/XSSCon)
- [XanXSS](https://github.com/Ekultek/XanXSS)
- [XSStrike](https://github.com/UltimateHackers/XSStrike)
- [RVuln](https://github.com/iinc0gnit0/RVuln)
## 🖼 隐写术工具
- SteganoHide
- [StegoCracker](https://github.com/W1LDN16H7/StegoCracker)
- [Whitespace](https://github.com/beardog108/snow10)
## 🏢 Active Directory 工具
- [BloodHound](https://github.com/BloodHoundAD/BloodHound) ★
- [NetExec (nxc)](https://github.com/Pennyw0rth/NetExec) ★
- [Impacket](https://github.com/fortra/impacket) ★
- [Responder](https://github.com/lgandx/Responder) ★
- [Certipy](https://github.com/ly4k/Certipy) ★
- [Kerbrute](https://github.com/ropnop/kerbrute) ★
## ☁ Cloud Security 工具
- [Prowler](https://github.com/prowler-cloud/prowler) ★
- [ScoutSuite](https://github.com/nccgroup/ScoutSuite) ★
- [Pacu](https://github.com/RhinoSecurityLabs/pacu) ★
- [Trivy](https://github.com/aquasecurity/trivy) ★
## 📱 Mobile Security 工具
- [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) ★
- [Frida](https://github.com/frida/frida) ★
- [Objection](https://github.com/sensepost/objection) ★
## ✨ 其他工具
#### 社交媒体暴力破解
- [AllinOne 社交媒体攻击](https://github.com/Matrix07ksa/Brute_Force)
- [Facebook 攻击](https://github.com/Matrix07ksa/Brute_Force)
- [应用程序检查器](https://github.com/jakuta-tech/underhanded)
#### Android 黑客工具
- [Keydroid](https://github.com/F4dl0/keydroid)
- [MySMS](https://github.com/papusingh2sms/mysms)
- [Lockphish](https://github.com/JasonJerry/lockphish)
- [DroidCam / WishFish](https://github.com/kinghacker0/WishFish)
- [EvilApp](https://github.com/crypticterminal/EvilApp)
#### IDN 同形异义字攻击
- [EvilURL](https://github.com/UndeadSec/EvilURL)
#### 邮箱验证工具
- [Knockmail](https://github.com/4w4k3/KnockMail)
#### 哈希破解工具
- [Hash Buster](https://github.com/s0md3v/Hash-Buster)
#### Wifi 强制断开连接
- [WifiJammer-NG](https://github.com/MisterBianco/wifijammer-ng)
- [KawaiiDeauther](https://github.com/aryanrtm/KawaiiDeauther)
#### 社交媒体查找器
- [通过人脸识别查找社交媒体](https://github.com/Greenwolf/social_mapper)
- [通过用户名查找社交媒体](https://github.com/xHak9x/finduser)
- [Sherlock](https://github.com/sherlock-project/sherlock)
- [SocialScan](https://github.com/iojw/socialscan)
#### Payload 注入器
- [Debinject](https://github.com/UndeadSec/Debinject)
- [Pixload](https://github.com/chinarulezzz/pixload)
#### Web 爬虫
- [Gospider](https://github.com/jaeles-project/gospider)
#### 混合工具
- 终端复用器
- [Crivo](https://github.com/GMDSantana/crivo)
## 安装说明
| ### 单行安装(推荐) ``` curl -sSL https://raw.githubusercontent.com/Shadow/hackingtool/master/install.sh | sudo bash ``` 处理所有操作 — 前置依赖、克隆仓库、创建 venv、启动器。 | ### 手动安装 ``` git clone https://github.com/Shadow/hackingtool.git cd hackingtool sudo python3 install.py ``` 然后运行:`hackingtool` |
## 社交
[](https://twitter.com/_Zinzu07)
[](https://github.com/Shadow/)
没有找到您最喜欢的工具?[在这里推荐](https://github.com/Shadow/hackingtool/issues/new?template=tool_request.md)标签:Python, StruQ, 密码管理, 应用安全, 数据泄露, 无后门, 网络安全, 请求拦截, 逆向工具, 隐私保护, 黑客工具箱