漏洞利用
----------------------------------------

数据库注入
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `SQLMap <https://github.com/sqlmapproject/sqlmap>`_
- `bbqsql <https://github.com/Neohapsis/bbqsql>`_

非结构化数据库注入
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `NoSQLAttack <https://github.com/youngyangyang04/NoSQLAttack>`_
- `NoSQLMap <https://github.com/codingo/NoSQLMap>`_
- `Nosql Exploitation Framework <https://github.com/torque59/Nosql-Exploitation-Framework>`_
- `MongoDB audit <https://github.com/stampery/mongoaudit>`_

数据库漏洞利用
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `mysql unsha1 <https://github.com/cyrus-and/mysql-unsha1>`_

XSS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `BeEF <https://github.com/beefproject/beef>`_
- `XSS Reciver <https://github.com/firesunCN/BlueLotus_XSSReceiver>`_
- `DSXS <https://github.com/stamparm/DSXS>`_
- `XSStrike <https://github.com/s0md3v/XSStrike>`_
- `xsssniper <https://github.com/gbrindisi/xsssniper>`_
- `tracy <https://github.com/nccgroup/tracy>`_

SSRF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `SSRFmap <https://github.com/swisskyrepo/SSRFmap>`_
- `SSRF Proxy <https://github.com/bcoles/ssrf_proxy>`_
- `Gopherus <https://github.com/tarunkant/Gopherus>`_
- `SSRF Testing <https://github.com/cujanovic/SSRF-Testing>`_

模版注入
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `tplmap <https://github.com/epinna/tplmap>`_

命令注入
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `commix <https://github.com/commixproject/commix>`_

PHP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Chankro <https://github.com/TarlogicSecurity/Chankro>`_ Herramienta para evadir disable_functions y open_basedir

LFI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `LFISuite <https://github.com/D35m0nd142/LFISuite>`_
- `FDsploit <https://github.com/chrispetrou/FDsploit>`_

struts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `struts scan <https://github.com/Lucifer1993/struts-scan>`_

CMS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Joomla Vulnerability Scanner <https://github.com/rezasp/joomscan>`_
- `Drupal enumeration & exploitation tool <https://github.com/immunIT/drupwn>`_
- `Wordpress Vulnerability Scanner <https://github.com/UltimateLabs/Zoom>`_
- `TPscan <https://github.com/Lucifer1993/TPscan>`_ 一键ThinkPHP漏洞检测
- `dedecmscan <https://github.com/lengjibo/dedecmscan>`_ 织梦全版本漏洞扫描

DNS相关漏洞
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `dnsAutoRebinding <https://github.com/Tr3jer/dnsAutoRebinding>`_
- `AngelSword <https://github.com/Lucifer1993/AngelSword>`_
- `Subdomain TakeOver <https://github.com/m4ll0k/takeover>`_
- `mpDNS <https://github.com/nopernik/mpDNS>`_
- `JudasDNS Nameserver DNS poisoning <https://github.com/mandatoryprogrammer/JudasDNS>`_
- `singularity <https://github.com/nccgroup/singularity>`_ A DNS rebinding attack framework by NGC Group

DNS数据提取
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `dnsteal <https://github.com/m57/dnsteal>`_
- `DNSExfiltrator <https://github.com/Arno0x/DNSExfiltrator>`_
- `dns exfiltration by krmaxwell <https://github.com/krmaxwell/dns-exfiltration>`_
- `dns exfiltration by coryschwartz <https://github.com/coryschwartz/dns_exfiltration>`_
- `requestbin for dns <http://requestbin.net/dns>`_

DNS 隧道
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `dnstunnel de <https://dnstunnel.de/>`_
- `iodine <https://code.kryo.se/iodine/>`_
- `dnscat2 <https://github.com/iagox86/dnscat2>`_

XXE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `XXEinjector <https://github.com/enjoiz/XXEinjector>`_
- `XXER <https://github.com/TheTwitchy/xxer>`_

反序列化
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `ysoserial <https://github.com/frohoff/ysoserial>`_
- `JRE8u20 RCE Gadget <https://github.com/pwntester/JRE8u20_RCE_Gadget>`_
- `Java Serialization Dumper <https://github.com/NickstaDB/SerializationDumper>`_
- `marshalsec <https://github.com/mbechler/marshalsec>`_ Java Unmarshaller Security - Turning your data into code execution
- `gadgetinspector <https://github.com/JackOfMostTrades/gadgetinspector>`_ A byte code analyzer for finding deserialization gadget chains in Java applications

端口Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Oracle Database Attacking Tool <https://github.com/quentinhardy/odat>`_
- `nmap vulners <https://github.com/vulnersCom/nmap-vulners>`_
- `nmap nse scripts <https://github.com/cldrn/nmap-nse-scripts>`_
- `Vulnerability Scanning with Nmap <https://github.com/scipag/vulscan>`_

JWT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `jwtcrack <https://github.com/brendan-rius/c-jwt-cracker>`_

无线
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `infernal twin <https://github.com/entropy1337/infernal-twin>`_

中间人攻击
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `mitmproxy <https://github.com/mitmproxy/mitmproxy>`_
- `MITMf <https://github.com/byt3bl33d3r/MITMf>`_
- `ssh mitm <https://github.com/jtesta/ssh-mitm>`_
- `injectify <https://github.com/samdenty99/injectify>`_
- `Responder <https://github.com/lgandx/Responder>`_ Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. 
- `toxy <https://github.com/h2non/toxy>`_ Hackable HTTP proxy for resiliency testing and simulated network conditions

DHCP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `DHCPwn <https://github.com/mschwager/dhcpwn>`_

DDoS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Saddam <https://github.com/OffensivePython/Saddam>`_

Bad USB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `WiFiDuck <https://github.com/spacehuhn/WiFiDuck>`_ Keystroke injection attack plattform