Sa-Shadow/hacking-tool-kit

GitHub: Sa-Shadow/hacking-tool-kit

面向安全研究人员和渗透测试人员的多合一黑客工具包管理器,集成了 185+ 款安全工具并支持一键安装、搜索和标签筛选。

Stars: 0 | Forks: 0

HackingTool

面向安全研究人员和渗透测试人员的多合一黑客工具

[![License](https://img.shields.io/github/license/Shadow/hackingtool)](LICENSE)  [![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https://www.python.org/)  [![Version](https://img.shields.io/badge/v2.0.0-00FF88?style=flat-square)](#)  [![Stars](https://img.shields.io/github/stars/Shadow/hackingtool?style=flat-square&color=yellow)](https://github.com/Shadow/hackingtool/stargazers)  [![Forks](https://img.shields.io/github/forks/Shadow/hackingtool?style=flat-square&color=blue)](https://github.com/Shadow/hackingtool/network/members)  [![Issues](https://img.shields.io/github/issues/Shadow/hackingtool?style=flat-square&color=red)](https://github.com/Shadow/hackingtool/issues)  [![Last Commit](https://img.shields.io/github/last-commit/Shadow/hackingtool?style=flat-square&color=00FF88)](https://github.com/Shadow/hackingtool/commits/master) ![](https://img.shields.io/badge/20_Categories-7B61FF?style=for-the-badge) ![](https://img.shields.io/badge/185+_Tools-00FF88?style=for-the-badge) ![](https://img.shields.io/badge/19_Tags-FF61DC?style=for-the-badge) ![](https://img.shields.io/badge/Linux_%7C_Kali_%7C_Parrot_%7C_macOS-FFA116?style=for-the-badge&logo=linux&logoColor=white) Install Now  Quick Commands  Suggest a Tool
## v2.0.0 版本更新内容
| | 功能 | 描述 | |:---:|---|---| | **🐍** | **Python 3.10+** | 移除了所有 Python 2 代码,全面采用现代语法 | | **🖥** | **感知操作系统的菜单** | 在 macOS 上自动隐藏仅限 Linux 的工具 | | **📦** | **185+ 工具** | 跨 6 个类别新增了 35 款现代工具 | | **🔍** | **搜索** | 输入 `/` 即可通过名称、描述或关键词搜索所有工具 | | **🏷** | **标签筛选** | 输入 `t` 即可通过 19 个标签进行筛选 — osint、web、c2、cloud、mobile... | | **💡** | **推荐** | 输入 `r` — “我想扫描网络” → 显示相关工具 | | **✅** | **安装状态** | 每个工具旁边都会显示 ✔/✘ — 随时了解就绪状态 | | **⚡** | **一键全部安装** | 在任何类别中选择选项 `97` — 批量一次性安装 | | **🔄** | **智能更新** | 每个工具都有更新选项 — 自动检测 git pull / pip upgrade / go install | | **📂** | **打开文件夹** | 直接跳转到任何工具的目录进行手动检查 | | **🐳** | **Docker** | 本地构建 — 无需未经核实的外部镜像 | | **🚀** | **单行安装** | `curl -sSL .../install.sh \| sudo bash` — 零手动步骤 | | **🏢** | **3 个新类别** | Active Directory、Cloud Security、Mobile Security |
## 快捷命令
| 命令 | 操作 | 适用位置 | |:---:|---|:---:| | `/query` | **搜索** — 通过关键词即时查找工具 | 主菜单 | | `t` | **标签** — 按 osint、scanner、c2、cloud、mobile... 筛选 | 主菜单 | | `r` | **推荐** — “我想做 X” → 匹配的工具 | 主菜单 | | `?` | **帮助** — 快速参考卡片 | 任何位置 | | `q` | **退出** — 从任意深度退出 | 任何位置 | | `97` | **全部安装** — 批量安装该类别下的所有工具 | 类别菜单 | | `99` | **返回** — 返回上一级菜单 | 任何位置 |
## 工具分类
| # | 分类 | 工具数 | | # | 分类 | 工具数 | |:---:|---|:---:|---|:---:|---|:---:| | 1 | 🛡 [匿名隐藏](#anonymously-hiding-tools) | 2 | | 11 | 🧰 [漏洞利用框架](#exploit-framework) | 4 | | 2 | 🔍 [信息收集](#information-gathering-tools) | 26 | | 12 | 🔁 [逆向工程](#reverse-engineering-tools) | 5 | | 3 | 📚 [字典生成器](#wordlist-generator) | 7 | | 13 | ⚡ [DDOS 攻击](#ddos-attack-tools) | 5 | | 4 | 📶 [无线攻击](#wireless-attack-tools) | 13 | | 14 | 🖥 [RAT](#remote-administrator-tools-rat) | 1 | | 5 | 🧩 [SQL 注入](#sql-injection-tools) | 7 | | 15 | 💥 [XSS 攻击](#xss-attack-tools) | 9 | | 6 | 🎣 [钓鱼攻击](#phishing-attack-tools) | 17 | | 16 | 🖼 [隐写术](#steganography-tools) | 4 | | 7 | 🌐 [Web 攻击](#web-attack-tools) | 20 | | 17 | 🏢 [Active Directory](#active-directory-tools) | 6 | | 8 | 🔧 [后渗透](#post-exploitation-tools) | 10 | | 18 | ☁ [Cloud Security](#cloud-security-tools) | 4 | | 9 | 🕵 [数字取证](#forensic-tools) | 8 | | 19 | 📱 [Mobile Security](#mobile-security-tools) | 3 | | 10 | 📦 [Payload 生成](#payload-creation-tools) | 8 | | 20 | ✨ [其他工具](#other-tools) | 24 |
## 🛡 匿名隐藏工具 - [Anonymously Surf](https://github.com/Und3rf10w/kali-anonsurf) - [Multitor](https://github.com/trimstray/multitor) ## 🔍 信息收集工具 - [Network Map (nmap)](https://github.com/nmap/nmap) - [Dracnmap](https://github.com/Screetsec/Dracnmap) - 端口扫描 - Host to IP - [Xerosploit](https://github.com/LionSec/xerosploit) - [RED HAWK](https://github.com/Tuhinshubhra/RED_HAWK) - [ReconSpider](https://github.com/bhavsec/reconspider) - IsItDown - [Infoga](https://github.com/m4ll0k/Infoga) - [ReconDog](https://github.com/s0md3v/ReconDog) - [Striker](https://github.com/s0md3v/Striker) - [SecretFinder](https://github.com/m4ll0k/SecretFinder) - [Shodanfy](https://github.com/m4ll0k/Shodanfy.py) - [rang3r](https://github.com/floriankunushevci/rang3r) - [Breacher](https://github.com/s0md3v/Breacher) - [theHarvester](https://github.com/laramies/theHarvester) ★ - [Amass](https://github.com/owasp-amass/amass) ★ - [Masscan](https://github.com/robertdavidgraham/masscan) ★ - [RustScan](https://github.com/RustScan/RustScan) ★ - [Holehe](https://github.com/megadose/holehe) ★ - [Maigret](https://github.com/soxoj/maigret) ★ - [httpx](https://github.com/projectdiscovery/httpx) ★ - [SpiderFoot](https://github.com/smicallef/spiderfoot) ★ - [Subfinder](https://github.com/projectdiscovery/subfinder) ★ - [TruffleHog](https://github.com/trufflesecurity/trufflehog) ★ - [Gitleaks](https://github.com/gitleaks/gitleaks) ★ ## 📚 字典生成器 - [Cupp](https://github.com/Mebus/cupp) - [WordlistCreator](https://github.com/Shadow/wlcreator) - [Goblin WordGenerator](https://github.com/UndeadSec/GoblinWordGenerator) - [密码字典 (1.4B)](https://github.com/Viralmaniar/SMWYG-Show-Me-What-You-Got) - [Hashcat](https://github.com/hashcat/hashcat) ★ - [John the Ripper](https://github.com/openwall/john) ★ - [haiti](https://github.com/noraj/haiti) ★ ## 📶 无线攻击工具 - [WiFi-Pumpkin](https://github.com/P0cL4bs/wifipumpkin3) - [pixiewps](https://github.com/wiire/pixiewps) - [蓝牙蜜罐](https://github.com/andrewmichaelsmith/bluepot) - [Fluxion](https://github.com/FluxionNetwork/fluxion) - [Wifiphisher](https://github.com/wifiphisher/wifiphisher) - [Wifite](https://github.com/derv82/wifite2) - [EvilTwin](https://github.com/Shadow/fakeap) - [Fastssh](https://github.com/Shadow/fastssh) - Howmanypeople - [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) ★ - [hcxdumptool](https://github.com/ZerBea/hcxdumptool) ★ - [hcxtools](https://github.com/ZerBea/hcxtools) ★ - [Bettercap](https://github.com/bettercap/bettercap) ★ ## 🧩 SQL 注入工具 - [Sqlmap](https://github.com/sqlmapproject/sqlmap) - [NoSqlMap](https://github.com/codingo/NoSQLMap) - [DSSS](https://github.com/stamparm/DSSS) - [Explo](https://github.com/dtag-dev-sec/explo) - [Blisqy](https://github.com/JohnTroony/Blisqy) - [Leviathan](https://github.com/leviathan-framework/leviathan) - [SQLScan](https://github.com/Cvar1984/sqlscan) ## 🎣 钓鱼攻击工具 - [Autophisher](https://github.com/CodingRanjith/autophisher) - [PyPhisher](https://github.com/KasRoudra/PyPhisher) - [AdvPhishing](https://github.com/Ignitetch/AdvPhishing) - [Setoolkit](https://github.com/trustedsec/social-engineer-toolkit) - [SocialFish](https://github.com/UndeadSec/SocialFish) - [HiddenEye](https://github.com/Morsmalleo/HiddenEye) - [Evilginx3](https://github.com/kgretzky/evilginx2) - [I-See-You](https://github.com/Viralmaniar/I-See-You) - [SayCheese](https://github.com/hangetzzu/saycheese) - [二维码劫持](https://github.com/cryptedwolf/ohmyqr) - [BlackEye](https://github.com/thelinuxchoice/blackeye) - [ShellPhish](https://github.com/An0nUD4Y/shellphish) - [Thanos](https://github.com/TridevReddy/Thanos) - [QRLJacking](https://github.com/OWASP/QRLJacking) - [Maskphish](https://github.com/jaykali/maskphish) - [BlackPhish](https://github.com/iinc0gnit0/BlackPhish) - [dnstwist](https://github.com/elceef/dnstwist) ## 🌐 Web 攻击工具 - [Web2Attack](https://github.com/santatic/web2attack) - Skipfish - [Sublist3r](https://github.com/aboul3la/Sublist3r) - [CheckURL](https://github.com/UndeadSec/checkURL) - [子域名接管](https://github.com/edoardottt/takeover) - [Dirb](https://gitlab.com/kalilinux/packages/dirb) - [Nuclei](https://github.com/projectdiscovery/nuclei) ★ - [ffuf](https://github.com/ffuf/ffuf) ★ - [Feroxbuster](https://github.com/epi052/feroxbuster) ★ - [Nikto](https://github.com/sullo/nikto) ★ - [wafw00f](https://github.com/EnableSecurity/wafw00f) ★ - [Katana](https://github.com/projectdiscovery/katana) ★ - [Gobuster](https://github.com/OJ/gobuster) ★ - [Dirsearch](https://github.com/maurosoria/dirsearch) ★ - [OWASP ZAP](https://github.com/zaproxy/zaproxy) ★ - [testssl.sh](https://github.com/drwetter/testssl.sh) ★ - [Arjun](https://github.com/s0md3v/Arjun) ★ - [Caido](https://github.com/caido/caido) ★ - [mitmproxy](https://github.com/mitmproxy/mitmproxy) ★ ## 🔧 后渗透工具 - [Vegile](https://github.com/Screetsec/Vegile) - [Chrome 键盘记录器](https://github.com/UndeadSec/HeraKeylogger) - [pwncat-cs](https://github.com/calebstewart/pwncat) ★ - [Sliver](https://github.com/BishopFox/sliver) ★ - [Havoc](https://github.com/HavocFramework/Havoc) ★ - [PEASS-ng (LinPEAS/WinPEAS)](https://github.com/peass-ng/PEASS-ng) ★ - [Ligolo-ng](https://github.com/nicocha30/ligolo-ng) ★ - [Chisel](https://github.com/jpillora/chisel) ★ - [Evil-WinRM](https://github.com/Hackplayers/evil-winrm) ★ - [Mythic](https://github.com/its-a-feature/Mythic) ★ ## 🕵 数字取证工具 - Autopsy - Wireshark - [Bulk extractor](https://github.com/simsong/bulk_extractor) - [Guymager](https://guymager.sourceforge.io/) - [Toolsley](https://www.toolsley.com/- [Volatility 3](https://github.com/volatilityfoundation/volatility3) ★ - [Binwalk](https://github.com/ReFirmLabs/binwalk) ★ - [pspy](https://github.com/DominicBreuker/pspy) ★ ## 📦 Payload 生成工具 - [The FatRat](https://github.com/Screetsec/TheFatRat) - [Brutal](https://github.com/Screetsec/Brutal) - [Stitch](https://nathanlopez.github.io/Stitch) - [MSFvenom Payload 生成器](https://github.com/g0tmi1k/msfpc) - [Venom](https://github.com/r00t-3xp10it/venom) - [Spycam](https://github.com/indexnotfound404/spycam) - [Mob-Droid](https://github.com/kinghacker0/Mob-Droid) - [Enigma](https://github.com/UndeadSec/Enigma) ## 🧰 漏洞利用框架 - [RouterSploit](https://github.com/threat9/routersploit) - [WebSploit](https://github.com/The404Hacking/websploit) - [Commix](https://github.com/commixproject/commix) - [Web2Attack](https://github.com/santatic/web2attack) ## 🔁 逆向工程工具 - [Androguard](https://github.com/androguard/androguard) - [Apk2Gold](https://github.com/lxdvs/apk2gold) - [JadX](https://github.com/skylot/jadx) - [Ghidra](https://github.com/NationalSecurityAgency/ghidra) ★ - [Radare2](https://github.com/radareorg/radare2) ★ ## ⚡ DDOS 攻击工具 - [DDoS Script](https://github.com/the-deepnet/ddos) - [SlowLoris](https://github.com/gkbrk/slowloris) - [Asyncrone](https://github.com/fatihsnsy/aSYNcrone) - [UFOnet](https://github.com/epsylon/ufonet) - [GoldenEye](https://github.com/jseidl/GoldenEye) ## 🖥 远程管理工具 (RAT) - [Pyshell](https://github.com/knassar702/pyshell) ## 💥 XSS 攻击工具 - [DalFox](https://github.com/hahwul/dalfox) - [XSS Payload 生成器](https://github.com/capture0x/XSS-LOADER) - [Extended XSS Searcher](https://github.com/Damian89/extended-xss-search) - [XSS-Freak](https://github.com/PR0PH3CY33/XSS-Freak) - [XSpear](https://github.com/hahwul/XSpear) - [XSSCon](https://github.com/menkrep1337/XSSCon) - [XanXSS](https://github.com/Ekultek/XanXSS) - [XSStrike](https://github.com/UltimateHackers/XSStrike) - [RVuln](https://github.com/iinc0gnit0/RVuln) ## 🖼 隐写术工具 - SteganoHide - [StegoCracker](https://github.com/W1LDN16H7/StegoCracker) - [Whitespace](https://github.com/beardog108/snow10) ## 🏢 Active Directory 工具 - [BloodHound](https://github.com/BloodHoundAD/BloodHound) ★ - [NetExec (nxc)](https://github.com/Pennyw0rth/NetExec) ★ - [Impacket](https://github.com/fortra/impacket) ★ - [Responder](https://github.com/lgandx/Responder) ★ - [Certipy](https://github.com/ly4k/Certipy) ★ - [Kerbrute](https://github.com/ropnop/kerbrute) ★ ## ☁ Cloud Security 工具 - [Prowler](https://github.com/prowler-cloud/prowler) ★ - [ScoutSuite](https://github.com/nccgroup/ScoutSuite) ★ - [Pacu](https://github.com/RhinoSecurityLabs/pacu) ★ - [Trivy](https://github.com/aquasecurity/trivy) ★ ## 📱 Mobile Security 工具 - [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) ★ - [Frida](https://github.com/frida/frida) ★ - [Objection](https://github.com/sensepost/objection) ★ ## ✨ 其他工具 #### 社交媒体暴力破解 - [AllinOne 社交媒体攻击](https://github.com/Matrix07ksa/Brute_Force) - [Facebook 攻击](https://github.com/Matrix07ksa/Brute_Force) - [应用程序检查器](https://github.com/jakuta-tech/underhanded) #### Android 黑客工具 - [Keydroid](https://github.com/F4dl0/keydroid) - [MySMS](https://github.com/papusingh2sms/mysms) - [Lockphish](https://github.com/JasonJerry/lockphish) - [DroidCam / WishFish](https://github.com/kinghacker0/WishFish) - [EvilApp](https://github.com/crypticterminal/EvilApp) #### IDN 同形异义字攻击 - [EvilURL](https://github.com/UndeadSec/EvilURL) #### 邮箱验证工具 - [Knockmail](https://github.com/4w4k3/KnockMail) #### 哈希破解工具 - [Hash Buster](https://github.com/s0md3v/Hash-Buster) #### Wifi 强制断开连接 - [WifiJammer-NG](https://github.com/MisterBianco/wifijammer-ng) - [KawaiiDeauther](https://github.com/aryanrtm/KawaiiDeauther) #### 社交媒体查找器 - [通过人脸识别查找社交媒体](https://github.com/Greenwolf/social_mapper) - [通过用户名查找社交媒体](https://github.com/xHak9x/finduser) - [Sherlock](https://github.com/sherlock-project/sherlock) - [SocialScan](https://github.com/iojw/socialscan) #### Payload 注入器 - [Debinject](https://github.com/UndeadSec/Debinject) - [Pixload](https://github.com/chinarulezzz/pixload) #### Web 爬虫 - [Gospider](https://github.com/jaeles-project/gospider) #### 混合工具 - 终端复用器 - [Crivo](https://github.com/GMDSantana/crivo) ## 安装说明
### 单行安装(推荐) ``` curl -sSL https://raw.githubusercontent.com/Shadow/hackingtool/master/install.sh | sudo bash ``` 处理所有操作 — 前置依赖、克隆仓库、创建 venv、启动器。 ### 手动安装 ``` git clone https://github.com/Shadow/hackingtool.git cd hackingtool sudo python3 install.py ``` 然后运行:`hackingtool`
### Docker ``` # 构建 docker build -t hackingtool . # 运行(直接) docker run -it --rm hackingtool # 运行(Compose — 推荐) docker compose up -d docker exec -it hackingtool bash # Dev mode(实时源码挂载) docker compose --profile dev up docker exec -it hackingtool-dev bash # 停止 docker compose down # stop container docker compose down -v # also remove data volume ``` ### 环境要求 | 依赖 | 版本 | 用途 | |---|---|---| | Python | 3.10+ | 核心 | | Go | 1.21+ | nuclei, ffuf, amass, httpx, katana, dalfox, gobuster, subfinder | | Ruby | 任意版本 | haiti, evil-winrm | | Docker | 任意版本 | Mythic, MobSF (可选) | ``` pip install -r requirements.txt ``` ## Star 趋势 HackingTool Star History Chart ## 支持 如果这个项目对您有帮助,请考虑请我喝杯咖啡: Buy Me A Coffee ## 社交 [![Twitter](https://img.shields.io/badge/Twitter-Follow-1DA1F2?style=for-the-badge&logo=twitter&logoColor=white)](https://twitter.com/_Zinzu07) [![GitHub](https://img.shields.io/badge/GitHub-Follow-181717?style=for-the-badge&logo=github&logoColor=white)](https://github.com/Shadow/) 没有找到您最喜欢的工具?[在这里推荐](https://github.com/Shadow/hackingtool/issues/new?template=tool_request.md)
标签:Python, StruQ, 密码管理, 应用安全, 数据泄露, 无后门, 网络安全, 请求拦截, 逆向工具, 隐私保护, 黑客工具箱