2018黑帽大会工具清单-Blackhat

 2019-04-13    763  


Android,iOS和移动黑客

易受攻击的iOS应用程序:Swift版

https://github.com/prateek147/DVIA-v2

代码评估

OWASP依赖性检查

https://github.com/jeremylong/DependencyCheck

美洲狮扫描

https://github.com/pumasecurity/puma-scan

加密

DeepViolet:SSL / TLS扫描API和工具

https://github.com/spoofzu/DeepViolet

数据取证和事件响应

初学者到专家

https://github.com/bro/bro

CyBot:开源威胁情报聊天机器人

https://github.com/CylanceSPEAR/CyBot

LogonTracer

https://github.com/JPCERTCC/LogonTracer

rastrea2r(重新加载!):用Gusto和Style收集和狩猎IOC


https://github.com/rastrea2r/rastrea2r



RedHunt OS(VM):用于对手仿真和威胁搜索的虚拟机


https://github.com/redhuntlabs/RedHunt-OS



剥削与道德黑客


AVET:AntiVirus Evasion Tool



https://github.com/govolution/avet

DSP:Docker安全游乐场


https://github.com/giper45/DockerSecurityPlayground



hideNsneak:攻击混淆框架


https://github.com/rmikehodges/hideNsneak



梅林


https://github.com/Ne0nd0g/merlin



RouterSploit


https://github.com/threat9/routersploit



硬件/嵌入式


ChipWhisperer


https://github.com/newaetech/chipwhisperer




JTAGulator :揭开硬件安全的致命弱点


https://github.com/grandideastudio/jtagulator



Micro-Renovator:将处理器固件带入代码


https://github.com/syncsrc/MicroRenovator



TumbleRF:RF模糊变得容易


https://github.com/riverloopsec/tumblerf



Walrus:充分利用您的卡片克隆设备


https://github.com/TeamWalrus/Walrus



物联网


物联网设备的可扩展动态分析框架


https://github.com/sycurelab/DECAF




BLE CTF项目


https://github.com/hackgnar/ble_ctf



WHID注射器和WHID Elite:新一代HID攻击性设备


https://github.com/whid-injector/WHID



恶意软件防御


为每位安全研究人员提供高级深度学习分析平台


https://github.com/intel/Resilient-ML-Research-Platform




EKTotal


https://github.com/nao-sec/ektotal



固件审计:Blue Teams和DFIR的平台固件安全自动化


https://github.com/PreOS-Security/fwaudit



MaliceIO


https://github.com/maliceio/malice



目标 – 参见MacOS安全工具


https://github.com/objective-see



恶意软件进攻


BloodHound 1.5


https://github.com/BloodHoundAD/BloodHound




网络攻击


军械库


https://github.com/depthsecurity/armory




Chiron:一种先进的IPv6安全评估和渗透测试框架


https://github.com/aatlasis/Chiron



DELTA:SDN安全评估框架


https://github.com/OpenNetworkingFoundation/DELTA



Mallet:任意协议的拦截代理

https://github.com/sensepost/mallet

PowerUpSQL:用于在企业环境中攻击SQL Server的PowerShell工具包


https://github.com/NetSPI/PowerUpSQL



WarBerryPi


https://github.com/secgroundzero/warberry



网络防御


ANWI(全新无线IDS):5美元的WIDS


https://github.com/SanketKarpe/anwi




CHIRON:基于家庭的网络分析和机器学习威胁检测框架


https://github.com/jzadeh/chiron-elk



云安全套件:AWS / GCP / Azure安全审计的一站式工具


https://github.com/SecurityFTW/cs-suite



DejaVu:一个开源欺骗框架


https://github.com/bhdresh/Dejavu



OSINT – 开源智能


DataSploit 2.0


https://github.com/DataSploit/datasploit




Dradis 框架:了解如何将报告时间缩短一半


https://github.com/dradis/dradis-ce



逆向工程


Snake:恶意软件存储动物园


https://github.com/countercept/snake




智能电网/工业安全


GRFICS :工业控制模拟的图形现实主义框架


https://github.com/djformby/GRFICS




漏洞评估


用于机器学习模型的对抗鲁棒性工具箱


https://github.com/IBM/adversarial-robustness-toolbox




Android动态分析工具(ADA)


https://github.com/ANELKAOS/ada



射箭:开源漏洞评估和管理


https://github.com/archerysec/archerysec



boofuzz


https://github.com/jtpereyda/boofuzz



BTA


https://github.com/airbus-seclab/bta



深度利用


https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit



Halcyon IDE:适用于Nmap脚本开发人员


https://github.com/s4n7h0/Halcyon



SimpleRisk


https://github.com/simplerisk



TROMMEL


https://github.com/CERTCC/trommel



Web AppSec


看看NGINX的ModSec 3.0:软件Web应用程序防火墙


https://github.com/SpiderLabs/ModSecurity




Astra:REST API的自动安全测试


https://github.com/flipkart-incubator/Astra



Burp Replicator:自动化复杂漏洞的复制


https://github.com/PortSwigger/replicator



OWASP进攻性Web测试框架


https://github.com/owtf/owtf



OWASP JoomScan项目


https://github.com/rezasp/joomscan



WSSAT


https://github.com/YalcinYolalan/WSSAT



  •  标签:  

原文链接:https://www.ceacer.cn/?id=39

=========================================

https://www.ceacer.cn/ 为 “Ceacer 网安” 唯一官方服务平台,请勿相信其他任何渠道。