Z4nzu/hackingtool

GitHub: Z4nzu/hackingtool

一个集成185+款安全工具的渗透测试工具箱框架,按攻击链分类并提供统一菜单、搜索推荐和批量安装能力。

Stars: 55239 | Forks: 6013

HackingTool

面向安全研究人员和渗透测试人员的一体化黑客工具

[![License](https://img.shields.io/github/license/Z4nzu/hackingtool)](LICENSE)  [![Python](https://img.shields.io/badge/Python-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https://www.python.org/)  [![Version](https://img.shields.io/badge/v2.0.0-00FF88?style=flat-square)](#)  [![Stars](https://img.shields.io/github/stars/Z4nzu/hackingtool?style=flat-square&color=yellow)](https://github.com/Z4nzu/hackingtool/stargazers)  [![Forks](https://img.shields.io/github/forks/Z4nzu/hackingtool?style=flat-square&color=blue)](https://github.com/Z4nzu/hackingtool/network/members)  [![Issues](https://img.shields.io/github/issues/Z4nzu/hackingtool?style=flat-square&color=red)](https://github.com/Z4nzu/hackingtool/issues)  [![Last Commit](https://img.shields.io/github/last-commit/Z4nzu/hackingtool?style=flat-square&color=00FF88)](https://github.com/Z4nzu/hackingtool/commits/master) ![](https://img.shields.io/badge/20_Categories-7B61FF?style=for-the-badge) ![](https://img.shields.io/badge/185+_Tools-00FF88?style=for-the-badge) ![](https://img.shields.io/badge/19_Tags-FF61DC?style=for-the-badge) ![](https://img.shields.io/badge/Linux_%7C_Kali_%7C_Parrot_%7C_macOS-FFA116?style=for-the-badge&logo=linux&logoColor=white) Install Now  Quick Commands  Suggest a Tool
## v2.0.0 版本更新内容
| | 功能 | 描述 | |:---:|---|---| | **🐍** | **Python 3.10+** | 移除所有 Python 2 代码,全面采用现代语法 | | **🖥** | **系统感知菜单** | 在 macOS 上自动隐藏仅限 Linux 的工具 | | **📦** | **185+ 工具** | 在 6 个类别中新增 35 个现代工具 | | **🔍** | **搜索** | 输入 `/` 可按名称、描述或关键字搜索所有工具 | | **🏷** | **标签筛选** | 输入 `t` 按 19 个标签筛选 — osint, web, c2, cloud, mobile... | | **💡** | **推荐** | 输入 `r` — “我想扫描网络” → 显示相关工具 | | **✅** | **安装状态** | 每个工具旁显示 ✔/✘ — 了解哪些已就绪 | | **⚡** | **安装全部** | 任意类别中的选项 `97` — 批量一次性安装 | | **🔄** | **智能更新** | 每个工具都有更新选项 — 自动检测 git pull / pip upgrade / go install | | **📂** | **打开目录** | 跳转到任意工具的目录以便手动检查 | | **🐳** | **Docker** | 本地构建 — 无未验证的外部镜像 | | **🚀** | **一键安装** | `curl -sSL .../install.sh \| sudo bash` — 零手动步骤 | | **🏢** | **3 个新类别** | Active Directory, Cloud Security, Mobile Security |
## 快捷命令
| 命令 | 动作 | 适用范围 | |:---:|---|:---:| | `/query` | **搜索** — 按关键字即时查找工具 | 主菜单 | | `t` | **标签** — 按 osint, scanner, c2, cloud, mobile... 筛选 | 主菜单 | | `r` | **推荐** — “我想做 X” → 匹配相关工具 | 主菜单 | | `?` | **帮助** — 快速参考卡 | 任何位置 | | `q` | **退出** — 从任意深度退出 | 任何位置 | | `97` | **安装全部** — 批量安装类别中的所有工具 | 类别菜单 | | `99` | **返回** — 返回上一级菜单 | 任何位置 |
## 工具类别
| # | 类别 | 工具数 | | # | 类别 | 工具数 | |:---:|---|:---:|---|:---:|---|:---:| | 1 | 🛡 [匿名隐藏](#anonymously-hiding-tools) | 2 | | 11 | 🧰 [漏洞利用框架](#exploit-framework) | 4 | | 2 | 🔍 [信息收集](#information-gathering-tools) | 26 | | 12 | 🔁 [逆向工程](#reverse-engineering-tools) | 5 | | 3 | 📚 [字典生成器](#wordlist-generator) | 7 | | 13 | ⚡ [DDOS 攻击](#ddos-attack-tools) | 5 | | 4 | 📶 [无线攻击](#wireless-attack-tools) | 13 | | 14 | 🖥 [RAT](#remote-administrator-tools-rat) | 1 | | 5 | 🧩 [SQL 注入](#sql-injection-tools) | 7 | | 15 | 💥 [XSS 攻击](#xss-attack-tools) | 9 | | 6 | 🎣 [钓鱼攻击](#phishing-attack-tools) | 17 | | 16 | 🖼 [隐写术](#steganography-tools) | 4 | | 7 | 🌐 [Web 攻击](#web-attack-tools) | 20 | | 17 | 🏢 [Active Directory](#active-directory-tools) | 6 | | 8 | 🔧 [后渗透](#post-exploitation-tools) | 10 | | 18 | ☁ [Cloud Security](#cloud-security-tools) | 4 | | 9 | 🕵 [取证工具](#forensic-tools) | 8 | | 19 | 📱 [Mobile Security](#mobile-security-tools) | 3 | | 10 | 📦 [Payload 生成](#payload-creation-tools) | 8 | | 20 | ✨ [其他工具](#other-tools) | 24 |
## 🛡 匿名隐藏工具 - [匿名上网](https://github.com/Und3rf10w/kali-anonsurf) - [Multitor](https://github.com/trimstray/multitor) ## 🔍 信息收集工具 - [Network Map (nmap)](https://github.com/nmap/nmap) - [Dracnmap](https://github.com/Screetsec/Dracnmap) - 端口扫描 - 主机转 IP - [Xerosploit](https://github.com/LionSec/xerosploit) - [RED HAWK](https://github.com/Tuhinshubhra/RED_HAWK) - [ReconSpider](https://github.com/bhavsec/reconspider) - IsItDown - [Infoga](https://github.com/m4ll0k/Infoga) - [ReconDog](https://github.com/s0md3v/ReconDog) - [Striker](https://github.com/s0md3v/Striker) - [SecretFinder](https://github.com/m4ll0k/SecretFinder) - [Shodanfy](https://github.com/m4ll0k/Shodanfy.py) - [rang3r](https://github.com/floriankunushevci/rang3r) - [Breacher](https://github.com/s0md3v/Breacher) - [theHarvester](https://github.com/laramies/theHarvester) ★ - [Amass](https://github.com/owasp-amass/amass) ★ - [Masscan](https://github.com/robertdavidgraham/masscan) ★ - [RustScan](https://github.com/RustScan/RustScan) ★ - [Holehe](https://github.com/megadose/holehe) ★ - [Maigret](https://github.com/soxoj/maigret) ★ - [httpx](https://github.com/projectdiscovery/httpx) ★ - [SpiderFoot](https://github.com/smicallef/spiderfoot) ★ - [Subfinder](https://github.com/projectdiscovery/subfinder) ★ - [TruffleHog](https://github.com/trufflesecurity/trufflehog) ★ - [Gitleaks](https://github.com/gitleaks/gitleaks) ★ ## 📚 字典生成器 - [Cupp](https://github.com/Mebus/cupp) - [WordlistCreator](https://github.com/Z4nzu/wlcreator) - [Goblin WordGenerator](https://github.com/UndeadSec/GoblinWordGenerator) - [密码列表 (1.4B)](https://github.com/Viralmaniar/SMWYG-Show-Me-What-You-Got) - [Hashcat](https://github.com/hashcat/hashcat) ★ - [John the Ripper](https://github.com/openwall/john) ★ - [haiti](https://github.com/noraj/haiti) ★ ## 📶 无线攻击工具 - [WiFi-Pumpkin](https://github.com/P0cL4bs/wifipumpkin3) - [pixiewps](https://github.com/wiire/pixiewps) - [蓝牙蜜罐 (bluepot)](https://github.com/andrewmichaelsmith/bluepot) - [Fluxion](https://github.com/FluxionNetwork/fluxion) - [Wifiphisher](https://github.com/wifiphisher/wifiphisher) - [Wifite](https://github.com/derv82/wifite2) - [EvilTwin](https://github.com/Z4nzu/fakeap) - [Fastssh](https://github.com/Z4nzu/fastssh) - Howmanypeople - [Airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) ★ - [hcxdumptool](https://github.com/ZerBea/hcxdumptool) ★ - [hcxtools](https://github.com/ZerBea/hcxtools) ★ - [Bettercap](https://github.com/bettercap/bettercap) ★ ## 🧩 SQL 注入工具 - [Sqlmap](https://github.com/sqlmapproject/sqlmap) - [NoSqlMap](https://github.com/codingo/NoSQLMap) - [DSSS](https://github.com/stamparm/DSSS) - [Explo](https://github.com/dtag-dev-sec/explo) - [Blisqy](https://github.com/JohnTroony/Blisqy) - [Leviathan](https://github.com/leviathan-framework/leviathan) - [SQLScan](https://github.com/Cvar1984/sqlscan) ## 🎣 钓鱼攻击工具 - [Autophisher](https://github.com/CodingRanjith/autophisher) - [PyPhisher](https://github.com/KasRoudra/PyPhisher) - [AdvPhishing](https://github.com/Ignitetch/AdvPhishing) - [Setoolkit](https://github.com/trustedsec/social-engineer-toolkit) - [SocialFish](https://github.com/UndeadSec/SocialFish) - [HiddenEye](https://github.com/Morsmalleo/HiddenEye) - [Evilginx3](https://github.com/kgretzky/evilginx2) - [I-See-You](https://github.com/Viralmaniar/I-See-You) - [SayCheese](https://github.com/hangetzzu/saycheese) - [二维码劫持](https://github.com/cryptedwolf/ohmyqr) - [BlackEye](https://github.com/thelinuxchoice/blackeye) - [ShellPhish](https://github.com/An0nUD4Y/shellphish) - [Thanos](https://github.com/TridevReddy/Thanos) - [QRLJacking](https://github.com/OWASP/QRLJacking) - [Maskphish](https://github.com/jaykali/maskphish) - [BlackPhish](https://github.com/iinc0gnit0/BlackPhish) - [dnstwist](https://github.com/elceef/dnstwist) ## 🌐 Web 攻击工具 - [Web2Attack](https://github.com/santatic/web2attack) - Skipfish - [Sublist3r](https://github.com/aboul3la/Sublist3r) - [CheckURL](https://github.com/UndeadSec/checkURL) - [子域名接管](https://github.com/edoardottt/takeover) - [Dirb](https://gitlab.com/kalilinux/packages/dirb) - [Nuclei](https://github.com/projectdiscovery/nuclei) ★ - [ffuf](https://github.com/ffuf/ffuf) ★ - [Feroxbuster](https://github.com/epi052/feroxbuster) ★ - [Nikto](https://github.com/sullo/nikto) ★ - [wafw00f](https://github.com/EnableSecurity/wafw00f) ★ - [Katana](https://github.com/projectdiscovery/katana) ★ - [Gobuster](https://github.com/OJ/gobuster) ★ - [Dirsearch](https://github.com/maurosoria/dirsearch) ★ - [OWASP ZAP](https://github.com/zaproxy/zaproxy) ★ - [testssl.sh](https://github.com/drwetter/testssl.sh) ★ - [Arjun](https://github.com/s0md3v/Arjun) ★ - [Caido](https://github.com/caido/caido) ★ - [mitmproxy](https://github.com/mitmproxy/mitmproxy) ★ ## 🔧 后渗透工具 - [Vegile](https://github.com/Screetsec/Vegile) - [Chrome 键盘记录器](https://github.com/UndeadSec/HeraKeylogger) - [pwncat-cs](https://github.com/calebstewart/pwncat) ★ - [Sliver](https://github.com/BishopFox/sliver) ★ - [Havoc](https://github.com/HavocFramework/Havoc) ★ - [PEASS-ng (LinPEAS/WinPEAS)](https://github.com/peass-ng/PEASS-ng) ★ - [Ligolo-ng](https://github.com/nicocha30/ligolo-ng) ★ - [Chisel](https://github.com/jpillora/chisel) ★ - [Evil-WinRM](https://github.com/Hackplayers/evil-winrm) ★ - [Mythic](https://github.com/its-a-feature/Mythic) ★ ## 🕵 取证工具 - Autopsy - Wireshark - [Bulk extractor](https://github.com/simsong/bulk_extractor) - [Guymager](https://guymager.sourceforge.io/) - [Toolsley](https://www.toolsley.com/) - [Volatility 3](https://github.com/volatilityfoundation/volatility3) ★ - [Binwalk]() ★ - [pspy](https://github.com/DominicBreuker/pspy) ★ ## 📦 Payload 生成工具 - [The FatRat](https://github.com/Screetsec/TheFatRat) - [Brutal](https://github.com/Screetsec/Brutal) - [Stitch](https://nathanlopez.github.io/Stitch) - [MSFvenom Payload Creator](https://github.com/g0tmi1k/msfpc) - [Venom](https://github.com/r00t-3xp10it/venom) - [Spycam](https://github.com/indexnotfound404/spycam) - [Mob-Droid](https://github.com/kinghacker0/Mob-Droid) - [Enigma](https://github.com/UndeadSec/Enigma) ## 🧰 漏洞利用框架 - [RouterSploit](https://github.com/threat9/routersploit) - [WebSploit](https://github.com/The404Hacking/websploit) - [Commix](https://github.com/commixproject/commix) - [Web2Attack](https://github.com/santatic/web2attack) ## 🔁 逆向工程工具 - [Androguard](https://github.com/androguard/androguard) - [Apk2Gold](https://github.com/lxdvs/apk2gold) - [JadX](https://github.com/skylot/jadx) - [Ghidra](https://github.com/NationalSecurityAgency/ghidra) ★ - [Radare2](https://github.com/radareorg/radare2) ★ ## ⚡ DDOS 攻击工具 - [DDoS Script](https://github.com/the-deepnet/ddos) - [SlowLoris](https://github.com/gkbrk/slowloris) - [Asyncrone](https://github.com/fatihsnsy/aSYNcrone) - [UFOnet](https://github.com/epsylon/ufonet) - [GoldenEye](https://github.com/jseidl/GoldenEye) ## 🖥 远程管理工具 (RAT) - [Pyshell](https://github.com/knassar702/pyshell) ## 💥 XSS 攻击工具 - [DalFox](https://github.com/hahwul/dalfox) - [XSS Payload Generator](https://github.com/capture0x/XSS-LOADER) - [Extended XSS Searcher](https://github.com/Damian89/extended-xss-search) - [XSS-Freak](https://github.com/PR0PH3CY33/XSS-Freak) - [XSpear](https://github.com/hahwul/XSpear) - [XSSCon](https://github.com/menkrep1337/XSSCon) - [XanXSS](https://github.com/Ekultek/XanXSS) - [XSStrike](https://github.com/UltimateHackers/XSStrike) - [RVuln](https://github.com/iinc0gnit0/RVuln) ## 🖼 隐写术工具 - SteganoHide - [StegoCracker](https://github.com/W1LDN16H7/StegoCracker) - [Whitespace](https://github.com/beardog108/snow10) ## 🏢 Active Directory 工具 - [BloodHound](https://github.com/BloodHoundAD/BloodHound) ★ - [NetExec (nxc)](https://github.com/Pennyw0rth/NetExec) ★ - [Impacket](https://github.com/fortra/impacket) ★ - [Responder](https://github.com/lgandx/Responder) ★ - [Certipy](https://github.com/ly4k/Certipy) ★ - [Kerbrute](https://github.com/ropnop/kerbrute) ★ ## ☁ Cloud Security 工具 - [Prowler](https://github.com/prowler-cloud/prowler) ★ - [ScoutSuite](https://github.com/nccgroup/ScoutSuite) ★ - [Pacu](https://github.com/RhinoSecurityLabs/pacu) ★ - [Trivy](https://github.com/aquasecurity/trivy) ★ ## 📱 Mobile Security 工具 - [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) ★ - [Frida](https://github.com/frida/frida) ★ - [Objection](https://github.com/sensepost/objection) ★ ## ✨ 其他工具 #### 社交媒体暴力破解 - [AllinOne SocialMedia Attack](https://github.com/Matrix07ksa/Brute_Force) - [Facebook Attack](https://github.com/Matrix07ksa/Brute_Force) - [Application Checker](https://github.com/jakuta-tech/underhanded) #### Android 黑客工具 - [Keydroid](https://github.com/F4dl0/keydroid) - [MySMS](https://github.com/papusingh2sms/mysms) - [Lockphish](https://github.com/JasonJerry/lockphish) - [DroidCam / WishFish](https://github.com/kinghacker0/WishFish) - [EvilApp](https://github.com/crypticterminal/EvilApp) #### IDN 同形异义词攻击 - [EvilURL](https://github.com/UndeadSec/EvilURL) #### 邮箱验证工具 - [Knockmail](https://github.com/4w4k3/KnockMail) #### 哈希破解工具 - [Hash Buster](https://github.com/s0md3v/Hash-Buster) #### Wifi 反认证 - [WifiJammer-NG](https://github.com/MisterBianco/wifijammer-ng) - [KawaiiDeauther](https://github.com/aryanrtm/KawaiiDeauther) #### 社交媒体查找 - [通过面部识别查找社交媒体](https://github.com/Greenwolf/social_mapper) - [通过用户名查找社交媒体](https://github.com/xHak9x/finduser) - [Sherlock](https://github.com/sherlock-project/sherlock) - [SocialScan](https://github.com/iojw/socialscan) #### Payload 注入器 - [Debinject](https://github.com/UndeadSec/Debinject) - [Pixload](https://github.com/chinarulezzz/pixload) #### Web 爬虫 - [Gospider](https://github.com/jaeles-project/gospider) #### 混合工具 - Terminal Multiplexer (tilix) - [Crivo](https://github.com/GMDSantana/crivo) ## 贡献 — 添加新工具
### 提交 Issue 使用 [工具请求](.github/ISSUE_TEMPLATE/tool_request.md) 模板。 必填项:工具名称、GitHub URL、类别、操作系统、安装命令、理由。 ### 提交 Pull Request 使用 [PR 模板](.github/PULL_REQUEST_TEMPLATE.md) 检查清单。 必填项:`tools/*.py` 中的类、TITLE、DESCRIPTION、INSTALL/RUN 命令、SUPPORTED_OS,本地测试。
## 安装
### 一键安装(推荐) ``` curl -sSL https://raw.githubusercontent.com/Z4nzu/hackingtool/master/install.sh | sudo bash ``` 处理所有事务 — 前置依赖、克隆、venv、启动器。 ### 手动安装 ``` git clone https://github.com/Z4nzu/hackingtool.git cd hackingtool sudo python3 install.py ``` 然后运行:`hackingtool`
### Docker ``` # 构建 docker build -t hackingtool . # 运行 (direct) docker run -it --rm hackingtool # 运行 (Compose — 推荐) docker compose up -d docker exec -it hackingtool bash # 开发模式 (live source mount) docker compose --profile dev up docker exec -it hackingtool-dev bash # 停止 docker compose down # stop container docker compose down -v # also remove data volume ``` ### 依赖环境 | 依赖 | 版本 | 用途 | |---|---|---| | Python | 3.10+ | 核心 | | Go | 1.21+ | nuclei, ffuf, amass, httpx, katana, dalfox, gobuster, subfinder | | Ruby | any | haiti, evil-winrm | | Docker | any | Mythic, MobSF (可选) | ``` pip install -r requirements.txt ``` ## Star 历史 HackingTool Star History Chart ## 支持 如果这个项目对你有帮助,请考虑请我喝杯咖啡: Buy Me A Coffee ## 社交 [![Twitter](https://img.shields.io/badge/Twitter-Follow-1DA1F2?style=for-the-badge&logo=twitter&logoColor=white)](https://twitter.com/_Zinzu07) [![GitHub](https://img.shields.io/badge/GitHub-Follow-181717?style=for-the-badge&logo=github&logoColor=white)](https://github.com/Z4nzu/) 找不到你最喜欢的工具?[在这里推荐](https://github.com/Z4nzu/hackingtool/issues/new?template=tool_request.md)
标签:CISA项目, CTF工具, DDOS, DOS头擦除, IP 地址批量处理, Parrot OS, Python, Windows内核, XSS, XXE攻击, 云资产清单, 僵尸网络, 域环境安全, 密码破解, 密码管理, 工具集, 应用安全, 攻击路径可视化, 数据展示, 无后门, 日志审计, 漏洞情报, 漏洞搜索, 白帽子, 红队, 网络安全, 网络连接监控, 请求拦截, 逆向工具, 逆向工程, 隐私保护, 黑客工具