2018黑帽大会工具清单-Blackhat

 

1、Android，iOS和移动黑客

易受攻击的iOS应用程序：Swift版
https://github.com/prateek147/DVIA-v2


2、代码评估

OWASP依赖性检查
https://github.com/jeremylong/DependencyCheck


美洲狮扫描
https://github.com/pumasecurity/puma-scan


3、加密

DeepViolet：SSL / TLS扫描API和工具
https://github.com/spoofzu/DeepViolet

4、数据取证和事件响应

初学者到专家
https://github.com/bro/bro

CyBot：开源威胁情报聊天机器人
https://github.com/CylanceSPEAR/CyBot

LogonTracer
https://github.com/JPCERTCC/LogonTracer

rastrea2r（重新加载！）：用Gusto和Style收集和狩猎IOC
https://github.com/rastrea2r/rastrea2r

RedHunt OS（VM）：用于对手仿真和威胁搜索的虚拟机
https://github.com/redhuntlabs/RedHunt-OS


5、剥削与道德黑客

AVET：AntiVirus Evasion Tool
https://github.com/govolution/avet

DSP：Docker安全游乐场
https://github.com/giper45/DockerSecurityPlayground

hideNsneak：攻击混淆框架
https://github.com/rmikehodges/hideNsneak

梅林
https://github.com/Ne0nd0g/merlin

RouterSploit
https://github.com/threat9/routersploit


6、硬件/嵌入式

ChipWhisperer
https://github.com/newaetech/chipwhisperer

JTAGulator ：揭开硬件安全的致命弱点
https://github.com/grandideastudio/jtagulator

Micro-Renovator：将处理器固件带入代码
https://github.com/syncsrc/MicroRenovator

TumbleRF：RF模糊变得容易
https://github.com/riverloopsec/tumblerf

Walrus：充分利用您的卡片克隆设备
https://github.com/TeamWalrus/Walrus


7、物联网

物联网设备的可扩展动态分析框架
https://github.com/sycurelab/DECAF

BLE CTF项目
https://github.com/hackgnar/ble_ctf

WHID注射器和WHID Elite：新一代HID攻击性设备
https://github.com/whid-injector/WHID


8、恶意软件防御

为每位安全研究人员提供高级深度学习分析平台
https://github.com/intel/Resilient-ML-Research-Platform

EKTotal
https://github.com/nao-sec/ektotal

固件审计：Blue Teams和DFIR的平台固件安全自动化
https://github.com/PreOS-Security/fwaudit

MaliceIO
https://github.com/maliceio/malice

目标 – 参见MacOS安全工具
https://github.com/objective-see


9、恶意软件进攻

BloodHound 1.5
https://github.com/BloodHoundAD/BloodHound


10、网络攻击

军械库
https://github.com/depthsecurity/armory

Chiron：一种先进的IPv6安全评估和渗透测试框架
https://github.com/aatlasis/Chiron

DELTA：SDN安全评估框架
https://github.com/OpenNetworkingFoundation/DELTA

Mallet：任意协议的拦截代理
https://github.com/sensepost/mallet

PowerUpSQL：用于在企业环境中攻击SQL Server的PowerShell工具包
https://github.com/NetSPI/PowerUpSQL

WarBerryPi
https://github.com/secgroundzero/warberry


11、网络防御

ANWI（全新无线IDS）：5美元的WIDS
https://github.com/SanketKarpe/anwi

CHIRON：基于家庭的网络分析和机器学习威胁检测框架
https://github.com/jzadeh/chiron-elk

云安全套件：AWS / GCP / Azure安全审计的一站式工具
https://github.com/SecurityFTW/cs-suite

DejaVu：一个开源欺骗框架
https://github.com/bhdresh/Dejavu


O12、SINT – 开源智能

DataSploit 2.0
https://github.com/DataSploit/datasploit

Dradis 框架：了解如何将报告时间缩短一半
https://github.com/dradis/dradis-ce


13、逆向工程

Snake：恶意软件存储动物园
https://github.com/countercept/snake


14、智能电网/工业安全

GRFICS ：工业控制模拟的图形现实主义框架
https://github.com/djformby/GRFICS


15、漏洞评估

用于机器学习模型的对抗鲁棒性工具箱
https://github.com/IBM/adversarial-robustness-toolbox

Android动态分析工具（ADA）
https://github.com/ANELKAOS/ada

射箭：开源漏洞评估和管理
https://github.com/archerysec/archerysec

boofuzz
https://github.com/jtpereyda/boofuzz

BTA
https://github.com/airbus-seclab/bta

深度利用
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit

Halcyon IDE：适用于Nmap脚本开发人员
https://github.com/s4n7h0/Halcyon

SimpleRisk
https://github.com/simplerisk

TROMMEL
https://github.com/CERTCC/trommel

16、Web AppSec

看看NGINX的ModSec 3.0：软件Web应用程序防火墙
https://github.com/SpiderLabs/ModSecurity

Astra：REST API的自动安全测试
https://github.com/flipkart-incubator/Astra

Burp Replicator：自动化复杂漏洞的复制
https://github.com/PortSwigger/replicator

OWASP进攻性Web测试框架
https://github.com/owtf/owtf

OWASP JoomScan项目
https://github.com/rezasp/joomscan

WSSAT
https://github.com/YalcinYolalan/WSSAT