m14r41/PentestingEverything

GitHub: m14r41/PentestingEverything

Stars: 1473 | Forks: 331

## 🔜 本月即将推出的新资源 - 新模块:OWASP Top 10 LLMs and Gen AI - 新模块:OWASP MCP Top 10 - 新模块:Threat Modeling - 新模块:Design Review - 更新 OWASP Top 10:2025 (Web Application) 相关内容 - 更新安全评估自动化相关内容 ## 目前已更新:2026 ✅ iOS Pentesting 模块
✅ API Pentesting 模块
✅ SAST/Source Code Review
✅ Thick Client Pentesting 模块
🌐 语言
## 目录 | 编号 | 渗透测试类型 | 编号 | 目录名称 | | --- | --------------------------------------------------------------------------------------------------------------------------- | --- | ---------------------------------------------------------------------------------------------------------------------- | | 1 | [Web 应用安全](https://github.com/m14r41/PentestingEverything/tree/main/Web%20Applications) | 11 | [Active Directory 安全](https://github.com/m14r41/PentestingEverything/tree/main/Active%20Directory%20Pentesting) | | 2 | [API 安全](https://github.com/m14r41/PentestingEverything/tree/main/API%20Pentesting) | 12 | [基础设施安全](https://github.com/m14r41/PentestingEverything/tree/main/Infrastucture%20Pentesting) | | 3 | [移动应用安全](https://github.com/m14r41/PentestingEverything/tree/main/Mobile%20Pentesting) | 13 | [Threat Modeling](https://github.com/m14r41/PentestingEverything/tree/main/Threat%20Model) | | 4 | [Thick Client 应用安全](https://github.com/m14r41/PentestingEverything/tree/main/Thick%20Client%20Pentesting) | 14 | [IoT 安全](https://github.com/m14r41/PentestingEverything/tree/main/iOT%20Pentesting) | | 5 | [源代码审计](https://github.com/m14r41/PentestingEverything/tree/main/Secure%20Code%20Review) | 15 | [OSINT (开源情报)](https://github.com/m14r41/PentestingEverything/tree/main/OSINT) | | 6 | [网络安全](https://github.com/m14r41/PentestingEverything/tree/main/Network%20Pentesting) | 16 | [区块链安全](https://github.com/m14r41/PentestingEverything/tree/main/BlockChain%20Pentesting) | | 7 | [Wi-Fi 安全](https://github.com/m14r41/PentestingEverything/tree/main/Wifi%20Pentesting) | 17 | [CI/CD Pipeline 安全](https://github.com/m14r41/PentestingEverything/tree/main/CI-CD%20Pentesting) | | 8 | [云安全](https://github.com/m14r41/PentestingEverything/tree/main/Cloud%20Pentesting) | 18 | [Docker 容器安全](https://github.com/m14r41/PentestingEverything/tree/main/DockerContainer%20Pentesting) | | 9 | [DevSecOps](https://github.com/m14r41/PentestingEverything/tree/main/DevSecOps) | 19 | [钓鱼渗透测试](https://github.com/m14r41/PentestingEverything/tree/main/Phishing%20Penetration%20Testing) | | 10 | [配置审计](https://github.com/m14r41/PentestingEverything/tree/main/Configuration%20Review) | 20 | [取证分析](https://github.com/m14r41/PentestingEverything/tree/main/Forensic) | | 编号 | 渗透测试类型 | 描述 | | --- | ------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | | 1 | [Web 应用安全](https://github.com/m14r41/PentestingEverything/tree/main/Web%20Applications) | 评估并保障 Web 应用的安全,发现漏洞。 | | 2 | [API 安全](https://github.com/m14r41/PentestingEverything/tree/main/API%20Pentesting) | 测试并增强 API 和微服务的安全性。 | | 3 | [移动应用安全](https://github.com/m14r41/PentestingEverything/tree/main/Mobile%20Pentesting) | 评估移动应用和设备的安全性。 | | 4 | [Thick Client 应用安全](https://github.com/m14r41/PentestingEverything/tree/main/Thick%20Client%20Pentesting) | 评估 Thick Client 应用的安全问题。 | | 5 | [源代码审计](https://github.com/m14r41/PentestingEverything/tree/main/Secure%20Code%20Review) | 分析源代码以识别并修复漏洞。 | | 6 | [网络安全](https://github.com/m14r41/PentestingEverything/tree/main/Network%20Pentesting) | 通过识别和解决弱点来保障网络安全。 | | 7 | [Wi-Fi 网络安全](https://github.com/m14r41/PentestingEverything/tree/main/Wifi%20Pentesting) | 评估 Wi-Fi 网络和接入点的安全性。 | | 8 | [云安全](https://github.com/m14r41/PentestingEverything/tree/main/Cloud%20Pentesting) | 评估云端系统和服务的安全性。 | | 9 | [Active Directory 安全](https://github.com/m14r41/PentestingEverything/tree/main/Active%20Directory%20Pentesting) | 评估 Active Directory 环境的安全性。 | | 10 | [基础设施安全](https://github.com/m14r41/PentestingEverything/tree/main/Infrastucture%20Pentesting) | 保障底层 IT 基础设施和资产的安全。 | | 11 | [Threat Modeling](https://github.com/m14r41/PentestingEverything/tree/main/Threat%20Model) | 对威胁进行建模和评估以增强系统安全性。 | | 12 | [IoT 安全](https://github.com/m14r41/PentestingEverything/tree/main/iOT%20Pentesting) | 识别并缓解 IoT 设备中的漏洞。 | | 13 | [OSINT (开源情报)](https://github.com/m14r41/PentestingEverything/tree/main/OSINT) | 从开源渠道收集情报用于安全分析。 | | 14 | [区块链安全](https://github.com/m14r41/PentestingEverything/tree/main/BlockChain%20Pentesting) | 评估区块链系统的安全性和合规性。 | | 15 | [CI/CD Pipeline 安全](https://github.com/m14r41/PentestingEverything/tree/main/CI-CD%20Pentesting) | 评估持续集成流水线的安全性。 | | 16 | [Docker 容器安全](https://github.com/m14r41/PentestingEverything/tree/main/DockerContainer%20Pentesting) | 保障 Docker 容器及容器化应用的安全。 | | 17 | [DevSecOps](https://github.com/m14r41/PentestingEverything/tree/main/DevSecOps) | 将安全实践集成到整个 DevOps 生命周期中。 | | 18 | [钓鱼渗透测试](https://github.com/m14r41/PentestingEverything/tree/main/Phishing%20Penetration%20Testing) | 模拟并分析钓鱼攻击以进行安全意识培训。 | | 19 | [配置审计](https://github.com/m14r41/PentestingEverything/tree/main/Configuration%20Review) | 检查并验证系统配置中的安全问题。 | | 20 | [取证分析](https://github.com/m14r41/PentestingEverything/tree/main/Forensic) | 事件发生后调查并分析数字证据。 |

渗透测试与工具

40 多种安全评估工具

# 渗透测试与工具 | **类别** | **工具** | | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Web 应用渗透测试** | Acunetix, Burp Suite Professional, Dirb, FFUF, Nmap, Nikto, Nuclei, OWASP ZAP, SQLMap, WhatWeb, WPScan, Invicti (Netsparker), Fortify WebInspect | | **Android 安全** | adb, APKTool, Apkscan, AndroBugs, Android Studio / Genymotion, AppMon, Dexter/Objection (Objection), Drozer, Frida, Magisk, MITMProxy, MobSF, Quark Engine, JADX | | **iOS 安全** | checkra1n, Class-dump, Frida, iMazing, iOS-decrypt, iOS-Hook, MobSF, Needle, Objection, Palera1n, Passionfruit, SSL Kill Switch 2, Cycript | | **API 渗透测试** | Burp Suite Professional, GraphQL Raider, GraphQL Voyager, Insomnia, Kite Runner, Postman, Swagger UI | | **安全代码审计** | Bandit, Checkmarx, CodeQL, FindSecBugs, Gitleaks, Semgrep, SonarQube, Snyk, Veracode, Fortify Static (Workbench/Audit) | | **Thick-Client 安全** | Burp Suite Professional, dnSpy, de4dot, Fiddler, Ghidra, IDA Pro, OllyDbg, Process Explorer, x64dbg, CFF Explorer, Sysinternals Suite, Wireshark | | **网络渗透测试** | Bettercap, CrackMapExec, Metasploit, Netcat, Nessus, Nmap, OpenVAS, Responder, Wireshark | # 扩展版本 | **类别** | **工具** | | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Active Directory 渗透测试** | **BloodHound**, **Mimikatz**, **CrackMapExec**, **Impacket**, **Kerbrute**, **Rubeus**, **LDAPDomainDump**, **SharpHound**, **PowerView**, **ADRecon** | | **云安全** | **Prowler**, **ScoutSuite**, **CloudSploit**, **Pacu**, **Steampipe**, **CloudMapper**, **NCC Scout**, **kube-bench**, **Terrascan**, **KICS** | | **IoT 安全** | **Firmwalker**, **Binwalk**, **Firmware-Mod-Kit**, **Shodan**, **RIOT**, **JTAGulator**, **Qiling**, **Ghidra**, **Avatar2**, **Firmadyne** | | **防火墙渗透测试** | **hping3**, **NPing**, **Scapy**, **Zmap**, **firewalk**, **FTester**, **Nmap (Firewall Bypass)**, **Packet Sender**, **T50**, **Ettercap**, **TCPReplay** | | **固件分析** | **Binwalk**, **Firmware Analysis Toolkit (FAT)**, **QEMU**, **Ghidra**, **IDA Pro**, **Firmware-Mod-Kit**, **Radare2**, **Firmadyne** | | **容器安全** | **Trivy**, **Aqua Microscanner**, **Clair**, **Anchore**, **Docker Bench**, **kube-hunter**, **Falco**, **Sysdig**, **Snyk**, **Grype** | | **WiFi 渗透测试** | **Aircrack-ng**, **Kismet**, **Bettercap**, **Reaver**, **Fluxion**, **Wireshark**, **hcxtools**, **Fern WiFi Cracker**, **Wifiphisher**, **Hashcat** | | **DevSecOps** | **GitHub Advanced Security**, **Trivy**, **Snyk**, **Anchore**, **OWASP Dependency-Check**, **Jenkins**, **Checkmarx**, **Veracode **Dagda**, **Sysdig Secure**, **Cloud Custodian**, **Bridgecrew**, **Kubescape** | | **OSINT** | **theHarvester**, **Maltego**, **SpiderFoot**, **Recon-ng**, **Shodan**, **FOCA**, **Google Dorks**, **OSINT Framework**, **GHunt**, **Sherlock**, **PhoneInfoga** | | **配置审计** | **Lynis**, **OpenSCAP**, **Auditd**, **Tripwire**, **cis-cat Pro**, **Chef InSpec**, **Prowler**, **Kubescape** | | **钓鱼模拟** | **GoPhish**, **SET**, **Evilginx2**, **Phishery**, **King Phisher**, **Modlishka**, **Phishing Frenzy** | | **取证** | **Autopsy**, **Volatility**, **Sleuth Kit**, **FTK Imager**, **Redline**, **Magnet AXIOM**, **X-Ways**, **Bulk Extractor**, **ExifTool** | | **区块链安全** | **Mythril**, **Slither**, **Manticore**, **Remix IDE**, **Oyente**, **SmartCheck**, **Echidna**, **Tenderly** | | **Threat Modeling** | **Microsoft TMT**, **OWASP Threat Dragon**, **IriusRisk**, **SeaSponge**, **Draw.io**, **Pytm** | | **红队工具** | **Cobalt Strike**, **Sliver**, **Mythic**, **Empire**, **Metasploit**, **Brute Ratel**, **Koadic**, **FudgeC2**, **Nishang**, **PowerShell Empire** | | **蓝队工具** | **Velociraptor**, **Wazuh**, **OSQuery**, **GRR**, **Sysmon**, **CrowdStrike Falcon**, **Elastic Security**, **Sigma Rules** | | **SIEM 与日志分析** | **Splunk**, **ELK Stack**, **Graylog**, **Wazuh**, **AlienVault OSSIM**, **SIEMonster**, **Logstash**, **Fluentd**, **Loki**, **Falco**, **Humio**, **Kibana**, **Loggly**, **Logz.io** | | **密码破解** | **Hashcat**, **John the Ripper**, **Hydra**, **CrackStation**, **Cain & Abel**, **Medusa**, **THC-Hydra** | | **逆向工程** | **Ghidra**, **IDA Pro**, **x64dbg**, **OllyDbg**, **Binary Ninja**, **Radare2**, **Cutter** | | **硬件黑客** | **ChipWhisperer**, **Saleae Logic**, **OpenOCD**, **JTAGulator**, **Bus Pirate**, **Flashrom**, **Arduino**, **Raspberry Pi**, **RTL-SDR** | | **社会工程学** | **SET**, **BeEF**, **King Phisher**, **Evilginx / Evilginx2**, **Modlishka**, **EyeWitness**, **PhishToolkit**, **PhishX**, **心理学框架 (Pretexting, Elicitation)** | | **SCADA/ICS 安全** | **Snort**, **Wireshark**, **ModScan**, **ModbusPal**, **Scadafence**, **OpenPLC**, **GasPot**, **Conpot**, **PLCScan** | | **供应链安全** | **Snyk**, **OWASP Dependency-Check**, **Trivy**, **Syft**, **Grype**, **CycloneDX**, **Whitesource**, **Anchore Engine** | | **邮件安全测试** | **GoPhish**, **Modlishka**, **SMTPTester**, **MailSniper**, **Evilginx2**, **Phish5**, **Email Header Analyzer** | | **移动恶意软件分析** | **APKTool**, **MobSF**, **Jadx**, **Frida**, **VirusTotal Mobile**, **Droidbox**, **Bytecode Viewer**, **Drozer**, **Quark-Engine** | | **AI/ML 安全** | **Adversarial Robustness Toolbox (ART)**, **TextAttack**, **Foolbox**, **IBM AI Explainability 360**, **CleverHans**, **Alibi Detect**, **SecML**, **DeepExploit** | | **安全自动化 / SOAR** | **StackStorm**, **Cortex XSOAR**, **Shuffle**, **DFIR-IR-Playbook**, **Phantom Cyber**, **Tines** | | **漏洞赏金工具包** | **Amass**, **Sublist3r**, **Nuclei**, **HTTPX**, **Naabu**, **FFUF**, **GF**, **Dalfox**, **Kiterunner**, **Hakrawler**, **JSParser**, **ParamSpider** | | **凭据窃取与破解** | **LaZagne**, **Mimikatz**, **Hashcat**, **John the Ripper**, **Windows Credential Editor**, **CrackMapExec**, **GetNPUsers.py** | | **Payload 生成** | **MSFVenom**, **Unicorn**, **Shellter**, **Veil**, **Nishang**, **Empire**, **Obfuscation.io**, **Metasploit**, **Donut** | | **蜜罐 / 欺骗防御** | **Cowrie**, **Dionaea**, **Kippo**, **Honeyd**, **T-Pot**, **Conpot**, **Canarytokens**, **Artillery** | | **MacOS 安全** | **KnockKnock**, **BlockBlock**, **OSXCollector**, **Objective-See Suite**, **MacMonitor**, **Little Snitch**, **Dylib Hijack Scanner** | | **Windows 后渗透** | **PowerView**, **Seatbelt**, **SharpUp**, **WinPEAS**, **Sherlock**, **Empire**, **FireEye Red Team Tools**, **SharpHound** | | **Linux 后渗透** | **LinPEAS**, **Linux Exploit Suggester**, **pspy**, **Chkrootkit**, **rkhunter**, **bashark**, **GTFOBins**, **Sudomy** | | **浏览器安全测试** | **BeEF**, **XSStrike**, **XSSer**, **Burp Collaborator**, **NoScript**, **uBlock Origin**, **Chrome Developer Tools** | ## Star 趋势 [![Star 趋势图](https://api.star-history.com/svg?repos=m14r41/PentestingEverything&type=Timeline)](https://star-history.com/#m14r41/PentestingEverything&Timeline)

Support:

m14r41

标签:Android安全, API安全, API渗透测试, AppSec, Burp Suite, CISA项目, DAST, DevSecOps, iOS渗透测试, JSON输出, meg, OWASP LLM Top 10, OWASP Top 10, SAST, Thick Client, VAPT, Web安全, Web报告查看器, Windows内核, 上游代理, 信息安全, 内核模块, 反取证, 威胁建模, 安全指南, 安全评估, 安全资源, 恶意软件分析, 数据展示, 源代码审计, 生成式AI安全, 白帽子, 目录枚举, 盲注攻击, 移动安全, 红队, 网络安全, 网络渗透测试, 胖客户端安全, 蓝队分析, 虚拟机, 设计审查, 防御加固, 隐私保护