From ae1f2531c9b0d4159d6117a3cc7328f2312808bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=85=AC=E6=98=8E?= <83812544+Ed1s0nZ@users.noreply.github.com> Date: Sat, 8 Nov 2025 22:57:03 +0800 Subject: [PATCH] Add files via upload --- tools/amass.yaml | 42 ++++++++++++++ tools/anew.yaml | 32 +++++++++++ tools/angr.yaml | 48 ++++++++++++++++ tools/api-fuzzer.yaml | 48 ++++++++++++++++ tools/api-schema-analyzer.yaml | 37 +++++++++++++ tools/arjun.yaml | 60 ++++++++++++++++++++ tools/arp-scan.yaml | 44 +++++++++++++++ tools/autorecon.yaml | 61 +++++++++++++++++++++ tools/binwalk.yaml | 37 +++++++++++++ tools/burpsuite.yaml | 65 ++++++++++++++++++++++ tools/checkov.yaml | 52 ++++++++++++++++++ tools/checksec.yaml | 29 ++++++++++ tools/clair.yaml | 45 +++++++++++++++ tools/cloudmapper.yaml | 43 +++++++++++++++ tools/create-file.yaml | 36 ++++++++++++ tools/dalfox.yaml | 61 +++++++++++++++++++++ tools/delete-file.yaml | 35 ++++++++++++ tools/dirsearch.yaml | 60 ++++++++++++++++++++ tools/dnsenum.yaml | 43 +++++++++++++++ tools/docker-bench-security.yaml | 44 +++++++++++++++ tools/dotdotpwn.yaml | 37 +++++++++++++ tools/enum4linux-ng.yaml | 82 ++++++++++++++++++++++++++++ tools/enum4linux.yaml | 35 ++++++++++++ tools/execute-python-script.yaml | 36 ++++++++++++ tools/exiftool.yaml | 43 +++++++++++++++ tools/falco.yaml | 51 +++++++++++++++++ tools/feroxbuster.yaml | 44 +++++++++++++++ tools/ffuf.yaml | 57 +++++++++++++++++++ tools/fierce.yaml | 36 ++++++++++++ tools/foremost.yaml | 44 +++++++++++++++ tools/gau.yaml | 44 +++++++++++++++ tools/gdb-peda.yaml | 50 +++++++++++++++++ tools/gdb.yaml | 43 +++++++++++++++ tools/ghidra.yaml | 50 +++++++++++++++++ tools/gobuster.yaml | 50 +++++++++++++++++ tools/graphql-scanner.yaml | 53 ++++++++++++++++++ tools/hakrawler.yaml | 43 +++++++++++++++ tools/hashcat.yaml | 64 ++++++++++++++++++++++ tools/hashpump.yaml | 42 ++++++++++++++ tools/http-framework-test.yaml | 54 ++++++++++++++++++ tools/http-intruder.yaml | 55 +++++++++++++++++++ tools/http-repeater.yaml | 27 +++++++++ tools/httpx.yaml | 85 +++++++++++++++++++++++++++++ tools/hydra.yaml | 69 +++++++++++++++++++++++ tools/install-python-package.yaml | 33 +++++++++++ tools/jaeles.yaml | 58 ++++++++++++++++++++ tools/john.yaml | 49 +++++++++++++++++ tools/jwt-analyzer.yaml | 36 ++++++++++++ tools/katana.yaml | 53 ++++++++++++++++++ tools/kube-bench.yaml | 51 +++++++++++++++++ tools/kube-hunter.yaml | 59 ++++++++++++++++++++ tools/libc-database.yaml | 37 +++++++++++++ tools/list-files.yaml | 44 +++++++++++++++ tools/masscan.yaml | 59 ++++++++++++++++++++ tools/metasploit.yaml | 32 +++++++++++ tools/modify-file.yaml | 36 ++++++++++++ tools/msfvenom.yaml | 57 +++++++++++++++++++ tools/nbtscan.yaml | 45 +++++++++++++++ tools/netexec.yaml | 70 ++++++++++++++++++++++++ tools/nmap-advanced.yaml | 91 +++++++++++++++++++++++++++++++ tools/nuclei.yaml | 56 +++++++++++++++++++ tools/objdump.yaml | 37 +++++++++++++ tools/one-gadget.yaml | 36 ++++++++++++ tools/pacu.yaml | 44 +++++++++++++++ tools/paramspider.yaml | 51 +++++++++++++++++ tools/prowler.yaml | 60 ++++++++++++++++++++ tools/pwninit.yaml | 51 +++++++++++++++++ tools/pwntools.yaml | 48 ++++++++++++++++ tools/qsreplace.yaml | 33 +++++++++++ tools/radare2.yaml | 36 ++++++++++++ tools/responder.yaml | 60 ++++++++++++++++++++ tools/ropgadget.yaml | 36 ++++++++++++ tools/ropper.yaml | 59 ++++++++++++++++++++ tools/rpcclient.yaml | 56 +++++++++++++++++++ tools/rustscan.yaml | 51 +++++++++++++++++ tools/scout-suite.yaml | 53 ++++++++++++++++++ tools/smbmap.yaml | 55 +++++++++++++++++++ tools/steghide.yaml | 57 +++++++++++++++++++ tools/strings.yaml | 36 ++++++++++++ tools/subfinder.yaml | 50 +++++++++++++++++ tools/terrascan.yaml | 60 ++++++++++++++++++++ tools/trivy.yaml | 50 +++++++++++++++++ tools/uro.yaml | 37 +++++++++++++ tools/volatility.yaml | 43 +++++++++++++++ tools/volatility3.yaml | 43 +++++++++++++++ tools/wafw00f.yaml | 29 ++++++++++ tools/waybackurls.yaml | 44 +++++++++++++++ tools/wfuzz.yaml | 36 ++++++++++++ tools/wpscan.yaml | 35 ++++++++++++ tools/x8.yaml | 59 ++++++++++++++++++++ tools/xsser.yaml | 36 ++++++++++++ tools/xxd.yaml | 44 +++++++++++++++ tools/zap.yaml | 75 +++++++++++++++++++++++++ 93 files changed, 4482 insertions(+) create mode 100644 tools/amass.yaml create mode 100644 tools/anew.yaml create mode 100644 tools/angr.yaml create mode 100644 tools/api-fuzzer.yaml create mode 100644 tools/api-schema-analyzer.yaml create mode 100644 tools/arjun.yaml create mode 100644 tools/arp-scan.yaml create mode 100644 tools/autorecon.yaml create mode 100644 tools/binwalk.yaml create mode 100644 tools/burpsuite.yaml create mode 100644 tools/checkov.yaml create mode 100644 tools/checksec.yaml create mode 100644 tools/clair.yaml create mode 100644 tools/cloudmapper.yaml create mode 100644 tools/create-file.yaml create mode 100644 tools/dalfox.yaml create mode 100644 tools/delete-file.yaml create mode 100644 tools/dirsearch.yaml create mode 100644 tools/dnsenum.yaml create mode 100644 tools/docker-bench-security.yaml create mode 100644 tools/dotdotpwn.yaml create mode 100644 tools/enum4linux-ng.yaml create mode 100644 tools/enum4linux.yaml create mode 100644 tools/execute-python-script.yaml create mode 100644 tools/exiftool.yaml create mode 100644 tools/falco.yaml create mode 100644 tools/feroxbuster.yaml create mode 100644 tools/ffuf.yaml create mode 100644 tools/fierce.yaml create mode 100644 tools/foremost.yaml create mode 100644 tools/gau.yaml create mode 100644 tools/gdb-peda.yaml create mode 100644 tools/gdb.yaml create mode 100644 tools/ghidra.yaml create mode 100644 tools/gobuster.yaml create mode 100644 tools/graphql-scanner.yaml create mode 100644 tools/hakrawler.yaml create mode 100644 tools/hashcat.yaml create mode 100644 tools/hashpump.yaml create mode 100644 tools/http-framework-test.yaml create mode 100644 tools/http-intruder.yaml create mode 100644 tools/http-repeater.yaml create mode 100644 tools/httpx.yaml create mode 100644 tools/hydra.yaml create mode 100644 tools/install-python-package.yaml create mode 100644 tools/jaeles.yaml create mode 100644 tools/john.yaml create mode 100644 tools/jwt-analyzer.yaml create mode 100644 tools/katana.yaml create mode 100644 tools/kube-bench.yaml create mode 100644 tools/kube-hunter.yaml create mode 100644 tools/libc-database.yaml create mode 100644 tools/list-files.yaml create mode 100644 tools/masscan.yaml create mode 100644 tools/metasploit.yaml create mode 100644 tools/modify-file.yaml create mode 100644 tools/msfvenom.yaml create mode 100644 tools/nbtscan.yaml create mode 100644 tools/netexec.yaml create mode 100644 tools/nmap-advanced.yaml create mode 100644 tools/nuclei.yaml create mode 100644 tools/objdump.yaml create mode 100644 tools/one-gadget.yaml create mode 100644 tools/pacu.yaml create mode 100644 tools/paramspider.yaml create mode 100644 tools/prowler.yaml create mode 100644 tools/pwninit.yaml create mode 100644 tools/pwntools.yaml create mode 100644 tools/qsreplace.yaml create mode 100644 tools/radare2.yaml create mode 100644 tools/responder.yaml create mode 100644 tools/ropgadget.yaml create mode 100644 tools/ropper.yaml create mode 100644 tools/rpcclient.yaml create mode 100644 tools/rustscan.yaml create mode 100644 tools/scout-suite.yaml create mode 100644 tools/smbmap.yaml create mode 100644 tools/steghide.yaml create mode 100644 tools/strings.yaml create mode 100644 tools/subfinder.yaml create mode 100644 tools/terrascan.yaml create mode 100644 tools/trivy.yaml create mode 100644 tools/uro.yaml create mode 100644 tools/volatility.yaml create mode 100644 tools/volatility3.yaml create mode 100644 tools/wafw00f.yaml create mode 100644 tools/waybackurls.yaml create mode 100644 tools/wfuzz.yaml create mode 100644 tools/wpscan.yaml create mode 100644 tools/x8.yaml create mode 100644 tools/xsser.yaml create mode 100644 tools/xxd.yaml create mode 100644 tools/zap.yaml diff --git a/tools/amass.yaml b/tools/amass.yaml new file mode 100644 index 00000000..b58968e3 --- /dev/null +++ b/tools/amass.yaml @@ -0,0 +1,42 @@ +name: "amass" +command: "amass" +enabled: true + +short_description: "子域名枚举和网络映射工具" + +description: | + Amass是一个深度子域名枚举和网络映射工具,通过多种技术发现目标域名的子域名。 + + **主要功能:** + - 被动和主动子域名枚举 + - 多种数据源集成 + - 网络映射和可视化 + - 证书透明度日志查询 + + **使用场景:** + - 子域名发现 + - 资产发现 + - 渗透测试信息收集 + - Bug bounty侦察 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + flag: "-d" + format: "flag" + + - name: "mode" + type: "string" + description: "运行模式(enum, intel, viz)" + required: false + default: "enum" + flag: "-mode" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的Amass参数" + required: false + diff --git a/tools/anew.yaml b/tools/anew.yaml new file mode 100644 index 00000000..782539f8 --- /dev/null +++ b/tools/anew.yaml @@ -0,0 +1,32 @@ +name: "anew" +command: "anew" +enabled: true + +short_description: "数据去重工具,用于处理文件中的新行" + +description: | + Anew是一个数据去重工具,用于将新行追加到文件中,自动过滤重复项。 + + **主要功能:** + - 数据去重 + - 文件追加 + - 唯一行过滤 + - 快速处理 + + **使用场景:** + - 数据处理 + - 结果去重 + - 数据合并 + - 工具链集成 + +parameters: + - name: "input_data" + type: "string" + description: "输入数据" + required: true + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + diff --git a/tools/angr.yaml b/tools/angr.yaml new file mode 100644 index 00000000..eec02700 --- /dev/null +++ b/tools/angr.yaml @@ -0,0 +1,48 @@ +name: "angr" +command: "python3" +enabled: true + +short_description: "符号执行和二进制分析框架" + +description: | + Angr是一个符号执行和二进制分析框架,用于自动化漏洞发现和利用。 + + **主要功能:** + - 符号执行 + - 控制流图分析 + - 静态分析 + - 漏洞发现 + + **使用场景:** + - 二进制分析 + - 漏洞发现 + - 符号执行 + - 安全研究 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + + - name: "script_content" + type: "string" + description: "自定义angr脚本内容" + required: false + + - name: "find_address" + type: "string" + description: "符号执行中要查找的地址" + required: false + + - name: "avoid_addresses" + type: "string" + description: "要避免的地址(逗号分隔)" + required: false + + - name: "analysis_type" + type: "string" + description: "分析类型(symbolic, cfg, static)" + required: false + default: "symbolic" + diff --git a/tools/api-fuzzer.yaml b/tools/api-fuzzer.yaml new file mode 100644 index 00000000..14234d66 --- /dev/null +++ b/tools/api-fuzzer.yaml @@ -0,0 +1,48 @@ +name: "api-fuzzer" +command: "ffuf" +enabled: true + +short_description: "API端点模糊测试工具,支持智能参数发现" + +description: | + 高级API端点模糊测试工具,支持智能参数发现和漏洞评估。 + + **主要功能:** + - API端点发现 + - 参数模糊测试 + - 漏洞评估 + - 多种HTTP方法支持 + + **使用场景:** + - API安全测试 + - 端点发现 + - 参数测试 + - 安全评估 + +parameters: + - name: "base_url" + type: "string" + description: "API基础URL" + required: true + flag: "-u" + format: "flag" + + - name: "endpoints" + type: "string" + description: "要测试的特定端点(逗号分隔)" + required: false + + - name: "methods" + type: "string" + description: "HTTP方法(逗号分隔)" + required: false + default: "GET,POST,PUT,DELETE" + + - name: "wordlist" + type: "string" + description: "端点发现字典" + required: false + default: "/usr/share/wordlists/api/api-endpoints.txt" + flag: "-w" + format: "flag" + diff --git a/tools/api-schema-analyzer.yaml b/tools/api-schema-analyzer.yaml new file mode 100644 index 00000000..1f36b827 --- /dev/null +++ b/tools/api-schema-analyzer.yaml @@ -0,0 +1,37 @@ +name: "api-schema-analyzer" +command: "spectral" +enabled: true + +short_description: "API模式分析工具,识别潜在安全问题" + +description: | + 分析API模式(OpenAPI/Swagger/GraphQL)并识别潜在安全问题。 + + **主要功能:** + - API模式分析 + - 安全问题识别 + - 端点发现 + - 建议生成 + + **使用场景:** + - API安全审计 + - 模式分析 + - 安全问题发现 + - 安全评估 + +parameters: + - name: "schema_url" + type: "string" + description: "API模式URL(OpenAPI/Swagger/GraphQL)" + required: true + flag: "-s" + format: "flag" + + - name: "schema_type" + type: "string" + description: "模式类型(openapi, swagger, graphql)" + required: false + default: "openapi" + flag: "--type" + format: "flag" + diff --git a/tools/arjun.yaml b/tools/arjun.yaml new file mode 100644 index 00000000..f8844af0 --- /dev/null +++ b/tools/arjun.yaml @@ -0,0 +1,60 @@ +name: "arjun" +command: "arjun" +enabled: true + +short_description: "HTTP参数发现工具" + +description: | + Arjun是一个HTTP参数发现工具,用于发现Web应用中的隐藏参数。 + + **主要功能:** + - HTTP参数发现 + - 多种HTTP方法支持 + - 多线程支持 + - 稳定模式 + + **使用场景:** + - 参数发现 + - Web应用安全测试 + - Bug bounty侦察 + - 安全测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "method" + type: "string" + description: "HTTP方法(GET, POST等)" + required: false + flag: "-m" + format: "flag" + default: "GET" + + - name: "wordlist" + type: "string" + description: "自定义字典文件" + required: false + flag: "-w" + format: "flag" + + - name: "threads" + type: "int" + description: "线程数" + required: false + flag: "-t" + format: "flag" + default: 25 + + - name: "stable" + type: "bool" + description: "使用稳定模式" + required: false + flag: "--stable" + format: "flag" + default: false + diff --git a/tools/arp-scan.yaml b/tools/arp-scan.yaml new file mode 100644 index 00000000..34c24dbb --- /dev/null +++ b/tools/arp-scan.yaml @@ -0,0 +1,44 @@ +name: "arp-scan" +command: "arp-scan" +enabled: true + +short_description: "ARP网络发现工具" + +description: | + Arp-scan是一个ARP网络发现工具,用于发现本地网络中的活动主机。 + + **主要功能:** + - ARP扫描 + - 本地网络发现 + - MAC地址识别 + - 快速扫描 + + **使用场景:** + - 本地网络发现 + - 主机发现 + - 网络映射 + - 渗透测试 + +parameters: + - name: "target" + type: "string" + description: "目标IP范围(如果不使用local_network)" + required: false + flag: "-l" + format: "flag" + + - name: "interface" + type: "string" + description: "网络接口" + required: false + flag: "-I" + format: "flag" + + - name: "local_network" + type: "bool" + description: "扫描本地网络" + required: false + flag: "-l" + format: "flag" + default: false + diff --git a/tools/autorecon.yaml b/tools/autorecon.yaml new file mode 100644 index 00000000..19941446 --- /dev/null +++ b/tools/autorecon.yaml @@ -0,0 +1,61 @@ +name: "autorecon" +command: "autorecon" +enabled: true + +short_description: "自动化综合侦察工具" + +description: | + AutoRecon是一个自动化综合侦察工具,用于执行全面的目标枚举。 + + **主要功能:** + - 自动化端口扫描 + - 服务识别 + - 漏洞扫描 + - 综合报告 + + **使用场景:** + - 综合安全评估 + - 渗透测试 + - 网络侦察 + - 安全审计 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址或主机名" + required: true + position: 0 + format: "positional" + + - name: "output_dir" + type: "string" + description: "输出目录" + required: false + flag: "-o" + format: "flag" + default: "/tmp/autorecon" + + - name: "port_scans" + type: "string" + description: "端口扫描配置" + required: false + flag: "--port-scans" + format: "flag" + default: "top-100-ports" + + - name: "service_scans" + type: "string" + description: "服务扫描配置" + required: false + flag: "--service-scans" + format: "flag" + default: "default" + + - name: "timeout" + type: "int" + description: "单个扫描的超时时间(秒)" + required: false + flag: "--timeout" + format: "flag" + default: 300 + diff --git a/tools/binwalk.yaml b/tools/binwalk.yaml new file mode 100644 index 00000000..348c232c --- /dev/null +++ b/tools/binwalk.yaml @@ -0,0 +1,37 @@ +name: "binwalk" +command: "binwalk" +enabled: true + +short_description: "固件和文件分析工具" + +description: | + Binwalk是一个固件分析工具,用于分析、提取和逆向工程固件镜像。 + + **主要功能:** + - 文件签名识别 + - 文件提取 + - 熵分析 + - 固件分析 + + **使用场景:** + - 固件分析 + - 文件格式识别 + - 数据提取 + - 逆向工程 + +parameters: + - name: "file_path" + type: "string" + description: "要分析的文件路径" + required: true + position: 0 + format: "positional" + + - name: "extract" + type: "bool" + description: "提取发现的文件" + required: false + flag: "-e" + format: "flag" + default: false + diff --git a/tools/burpsuite.yaml b/tools/burpsuite.yaml new file mode 100644 index 00000000..86027685 --- /dev/null +++ b/tools/burpsuite.yaml @@ -0,0 +1,65 @@ +name: "burpsuite" +command: "burpsuite" +enabled: true + +short_description: "Web应用安全测试平台" + +description: | + Burp Suite是一个Web应用安全测试平台,提供全面的Web安全测试功能。 + + **主要功能:** + - Web应用安全扫描 + - 代理拦截 + - 漏洞扫描 + - 手动测试工具 + + **使用场景:** + - Web应用安全测试 + - 渗透测试 + - 漏洞扫描 + - 安全评估 + +parameters: + - name: "project_file" + type: "string" + description: "Burp项目文件路径" + required: false + flag: "--project-file" + format: "flag" + + - name: "config_file" + type: "string" + description: "Burp配置文件路径" + required: false + flag: "--config-file" + format: "flag" + + - name: "target" + type: "string" + description: "目标URL" + required: false + flag: "--target" + format: "flag" + + - name: "headless" + type: "bool" + description: "无头模式运行" + required: false + flag: "--headless" + format: "flag" + default: false + + - name: "scan_type" + type: "string" + description: "要执行的扫描类型" + required: false + flag: "--scan-type" + format: "flag" + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + flag: "--output" + format: "flag" + diff --git a/tools/checkov.yaml b/tools/checkov.yaml new file mode 100644 index 00000000..e43add6c --- /dev/null +++ b/tools/checkov.yaml @@ -0,0 +1,52 @@ +name: "checkov" +command: "checkov" +enabled: true + +short_description: "基础设施即代码安全扫描工具" + +description: | + Checkov是一个静态代码分析工具,用于基础设施即代码(IaC)的安全扫描。 + + **主要功能:** + - 支持多种IaC框架(Terraform, CloudFormation, Kubernetes等) + - 数百个内置策略 + - 自定义策略支持 + - CI/CD集成 + + **使用场景:** + - IaC安全扫描 + - 云配置审计 + - 安全策略检查 + - 合规性检查 + +parameters: + - name: "directory" + type: "string" + description: "要扫描的目录" + required: false + flag: "-d" + format: "flag" + default: "." + + - name: "framework" + type: "string" + description: "要扫描的框架(terraform, cloudformation, kubernetes等)" + required: false + flag: "--framework" + format: "flag" + + - name: "check" + type: "string" + description: "要运行的特定检查" + required: false + flag: "--check" + format: "flag" + + - name: "output_format" + type: "string" + description: "输出格式(json, yaml, cli)" + required: false + flag: "--output" + format: "flag" + default: "json" + diff --git a/tools/checksec.yaml b/tools/checksec.yaml new file mode 100644 index 00000000..f3b3f3bf --- /dev/null +++ b/tools/checksec.yaml @@ -0,0 +1,29 @@ +name: "checksec" +command: "checksec" +enabled: true + +short_description: "二进制安全特性检查工具" + +description: | + Checksec是一个用于检查二进制文件安全特性的工具。 + + **主要功能:** + - 安全特性检查 + - 保护机制检测 + - 多种架构支持 + - 详细报告 + + **使用场景:** + - 二进制安全分析 + - 保护机制检查 + - 漏洞研究 + - 安全评估 + +parameters: + - name: "binary" + type: "string" + description: "要检查的二进制文件路径" + required: true + position: 0 + format: "positional" + diff --git a/tools/clair.yaml b/tools/clair.yaml new file mode 100644 index 00000000..12542487 --- /dev/null +++ b/tools/clair.yaml @@ -0,0 +1,45 @@ +name: "clair" +command: "clair" +enabled: true + +short_description: "容器漏洞分析工具" + +description: | + Clair是一个容器漏洞分析工具,用于扫描容器镜像中的漏洞。 + + **主要功能:** + - 容器镜像扫描 + - 漏洞检测 + - 多种数据库支持 + - API接口 + + **使用场景:** + - 容器安全扫描 + - 漏洞检测 + - CI/CD集成 + - 安全审计 + +parameters: + - name: "image" + type: "string" + description: "要扫描的容器镜像" + required: true + flag: "--image" + format: "flag" + + - name: "config" + type: "string" + description: "Clair配置文件" + required: false + flag: "--config" + format: "flag" + default: "/etc/clair/config.yaml" + + - name: "output_format" + type: "string" + description: "输出格式(json, yaml)" + required: false + flag: "--format" + format: "flag" + default: "json" + diff --git a/tools/cloudmapper.yaml b/tools/cloudmapper.yaml new file mode 100644 index 00000000..9a8bfe87 --- /dev/null +++ b/tools/cloudmapper.yaml @@ -0,0 +1,43 @@ +name: "cloudmapper" +command: "cloudmapper" +enabled: true + +short_description: "AWS网络可视化和安全分析工具" + +description: | + CloudMapper是一个AWS网络可视化和安全分析工具。 + + **主要功能:** + - AWS网络可视化 + - 安全分析 + - 网络映射 + - 管理员查找 + + **使用场景:** + - AWS网络分析 + - 安全评估 + - 网络可视化 + - 安全审计 + +parameters: + - name: "action" + type: "string" + description: "要执行的操作(collect, prepare, webserver, find_admins等)" + required: false + default: "collect" + + - name: "account" + type: "string" + description: "要分析的AWS账户" + required: false + flag: "--account" + format: "flag" + + - name: "config" + type: "string" + description: "配置文件路径" + required: false + flag: "--config" + format: "flag" + default: "config.json" + diff --git a/tools/create-file.yaml b/tools/create-file.yaml new file mode 100644 index 00000000..cdd6dba3 --- /dev/null +++ b/tools/create-file.yaml @@ -0,0 +1,36 @@ +name: "create-file" +command: "sh" +enabled: true + +short_description: "创建文件工具" + +description: | + 在服务器上创建指定内容的文件。 + + **主要功能:** + - 创建文件 + - 写入内容 + - 支持二进制文件 + + **使用场景:** + - 文件创建 + - 脚本生成 + - 数据保存 + +parameters: + - name: "filename" + type: "string" + description: "要创建的文件名" + required: true + + - name: "content" + type: "string" + description: "文件内容" + required: true + + - name: "binary" + type: "bool" + description: "是否为二进制内容" + required: false + default: false + diff --git a/tools/dalfox.yaml b/tools/dalfox.yaml new file mode 100644 index 00000000..91fea54d --- /dev/null +++ b/tools/dalfox.yaml @@ -0,0 +1,61 @@ +name: "dalfox" +command: "dalfox" +enabled: true + +short_description: "高级XSS漏洞扫描器" + +description: | + Dalfox是一个高级XSS漏洞扫描器,支持多种XSS检测技术。 + + **主要功能:** + - XSS漏洞检测 + - 盲XSS测试 + - DOM挖掘 + - 字典挖掘 + + **使用场景:** + - XSS漏洞测试 + - Web应用安全测试 + - Bug bounty侦察 + - 安全测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "pipe_mode" + type: "bool" + description: "使用管道模式输入" + required: false + flag: "--pipe" + format: "flag" + default: false + + - name: "blind" + type: "bool" + description: "启用盲XSS测试" + required: false + flag: "-b" + format: "flag" + default: false + + - name: "mining_dom" + type: "bool" + description: "启用DOM挖掘" + required: false + flag: "--mining-dom" + format: "flag" + default: true + + - name: "mining_dict" + type: "bool" + description: "启用字典挖掘" + required: false + flag: "--mining-dict" + format: "flag" + default: true + diff --git a/tools/delete-file.yaml b/tools/delete-file.yaml new file mode 100644 index 00000000..3ec5572f --- /dev/null +++ b/tools/delete-file.yaml @@ -0,0 +1,35 @@ +name: "delete-file" +command: "rm" +enabled: true + +short_description: "删除文件或目录工具" + +description: | + 删除服务器上的文件或目录。 + + **主要功能:** + - 删除文件 + - 删除目录 + - 递归删除 + + **使用场景:** + - 文件清理 + - 临时文件删除 + - 目录清理 + +parameters: + - name: "filename" + type: "string" + description: "要删除的文件或目录名" + required: true + position: 0 + format: "positional" + + - name: "recursive" + type: "bool" + description: "递归删除目录" + required: false + flag: "-r" + format: "flag" + default: false + diff --git a/tools/dirsearch.yaml b/tools/dirsearch.yaml new file mode 100644 index 00000000..4af55853 --- /dev/null +++ b/tools/dirsearch.yaml @@ -0,0 +1,60 @@ +name: "dirsearch" +command: "dirsearch" +enabled: true + +short_description: "高级目录和文件发现工具" + +description: | + Dirsearch是一个高级Web内容扫描器,用于发现目录和文件。 + + **主要功能:** + - 快速目录和文件发现 + - 多线程支持 + - 递归扫描 + - 扩展名过滤 + + **使用场景:** + - Web应用安全测试 + - 目录枚举 + - 文件发现 + - 渗透测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "extensions" + type: "string" + description: "文件扩展名(逗号分隔)" + required: false + flag: "-e" + format: "flag" + default: "php,html,js,txt,xml,json" + + - name: "wordlist" + type: "string" + description: "字典文件路径" + required: false + flag: "-w" + format: "flag" + + - name: "threads" + type: "int" + description: "线程数" + required: false + flag: "-t" + format: "flag" + default: 30 + + - name: "recursive" + type: "bool" + description: "启用递归扫描" + required: false + flag: "-r" + format: "flag" + default: false + diff --git a/tools/dnsenum.yaml b/tools/dnsenum.yaml new file mode 100644 index 00000000..2082d329 --- /dev/null +++ b/tools/dnsenum.yaml @@ -0,0 +1,43 @@ +name: "dnsenum" +command: "dnsenum" +enabled: true + +short_description: "DNS枚举工具" + +description: | + DNSenum是一个DNS信息收集工具,用于枚举DNS信息。 + + **主要功能:** + - DNS信息收集 + - 子域名枚举 + - 区域传输测试 + - 反向查找 + + **使用场景:** + - DNS枚举 + - 子域名发现 + - 网络侦察 + - 渗透测试 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + position: 0 + format: "positional" + + - name: "dns_server" + type: "string" + description: "要使用的DNS服务器" + required: false + flag: "-n" + format: "flag" + + - name: "wordlist" + type: "string" + description: "用于暴力破解的字典文件" + required: false + flag: "-f" + format: "flag" + diff --git a/tools/docker-bench-security.yaml b/tools/docker-bench-security.yaml new file mode 100644 index 00000000..8784d4a8 --- /dev/null +++ b/tools/docker-bench-security.yaml @@ -0,0 +1,44 @@ +name: "docker-bench-security" +command: "docker-bench-security" +enabled: true + +short_description: "Docker安全基准检查工具" + +description: | + Docker Bench for Security是一个Docker安全基准检查工具,用于检查Docker配置是否符合安全最佳实践。 + + **主要功能:** + - Docker安全基准检查 + - 配置审计 + - 安全最佳实践检查 + - 详细报告 + + **使用场景:** + - Docker安全审计 + - 配置检查 + - 合规性验证 + - 安全评估 + +parameters: + - name: "checks" + type: "string" + description: "要运行的特定检查" + required: false + flag: "--check" + format: "flag" + + - name: "exclude" + type: "string" + description: "要排除的检查" + required: false + flag: "--exclude" + format: "flag" + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + flag: "--output" + format: "flag" + default: "/tmp/docker-bench-results.json" + diff --git a/tools/dotdotpwn.yaml b/tools/dotdotpwn.yaml new file mode 100644 index 00000000..ea4541ce --- /dev/null +++ b/tools/dotdotpwn.yaml @@ -0,0 +1,37 @@ +name: "dotdotpwn" +command: "dotdotpwn" +enabled: true + +short_description: "目录遍历漏洞测试工具" + +description: | + DotDotPwn是一个目录遍历漏洞测试工具,支持多种协议。 + + **主要功能:** + - 目录遍历测试 + - 多种协议支持(HTTP, FTP, TFTP等) + - 自动化测试 + - 报告生成 + + **使用场景:** + - 目录遍历漏洞测试 + - Web应用安全测试 + - 渗透测试 + - 漏洞验证 + +parameters: + - name: "target" + type: "string" + description: "目标主机名或IP" + required: true + flag: "-m" + format: "flag" + + - name: "module" + type: "string" + description: "要使用的模块(http, ftp, tftp等)" + required: false + flag: "-m" + format: "flag" + default: "http" + diff --git a/tools/enum4linux-ng.yaml b/tools/enum4linux-ng.yaml new file mode 100644 index 00000000..d69009fc --- /dev/null +++ b/tools/enum4linux-ng.yaml @@ -0,0 +1,82 @@ +name: "enum4linux-ng" +command: "enum4linux-ng" +enabled: true + +short_description: "高级SMB枚举工具(Enum4linux的下一代版本)" + +description: | + Enum4linux-ng是Enum4linux的下一代版本,提供更强大的SMB枚举功能。 + + **主要功能:** + - SMB共享枚举 + - 用户和组枚举 + - 策略枚举 + - 系统信息收集 + + **使用场景:** + - Windows系统渗透测试 + - SMB安全评估 + - 域环境侦察 + - 安全测试 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址" + required: true + position: 0 + format: "positional" + + - name: "username" + type: "string" + description: "用户名" + required: false + flag: "-u" + format: "flag" + + - name: "password" + type: "string" + description: "密码" + required: false + flag: "-p" + format: "flag" + + - name: "domain" + type: "string" + description: "域名" + required: false + flag: "-d" + format: "flag" + + - name: "shares" + type: "bool" + description: "枚举共享" + required: false + flag: "-S" + format: "flag" + default: true + + - name: "users" + type: "bool" + description: "枚举用户" + required: false + flag: "-U" + format: "flag" + default: true + + - name: "groups" + type: "bool" + description: "枚举组" + required: false + flag: "-G" + format: "flag" + default: true + + - name: "policy" + type: "bool" + description: "枚举策略" + required: false + flag: "-P" + format: "flag" + default: true + diff --git a/tools/enum4linux.yaml b/tools/enum4linux.yaml new file mode 100644 index 00000000..3e0855ab --- /dev/null +++ b/tools/enum4linux.yaml @@ -0,0 +1,35 @@ +name: "enum4linux" +command: "enum4linux" +enabled: true + +short_description: "SMB枚举工具,用于Windows/Samba系统信息收集" + +description: | + Enum4linux是一个用于枚举SMB共享和Windows系统信息的工具。 + + **主要功能:** + - SMB共享枚举 + - 用户和组枚举 + - 密码策略信息 + - 系统信息收集 + + **使用场景:** + - Windows系统渗透测试 + - SMB安全评估 + - 网络信息收集 + - 域环境侦察 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址" + required: true + position: 0 + format: "positional" + + - name: "additional_args" + type: "string" + description: "额外的Enum4linux参数(默认:-a)" + required: false + default: "-a" + diff --git a/tools/execute-python-script.yaml b/tools/execute-python-script.yaml new file mode 100644 index 00000000..47efab83 --- /dev/null +++ b/tools/execute-python-script.yaml @@ -0,0 +1,36 @@ +name: "execute-python-script" +command: "python3" +enabled: true + +short_description: "执行Python脚本工具" + +description: | + 在虚拟环境中执行Python脚本。 + + **主要功能:** + - 执行Python脚本 + - 虚拟环境支持 + - 脚本内容执行 + + **使用场景:** + - 脚本执行 + - 自动化任务 + - 数据处理 + +parameters: + - name: "script" + type: "string" + description: "要执行的Python脚本内容" + required: true + + - name: "env_name" + type: "string" + description: "虚拟环境名称" + required: false + default: "default" + + - name: "filename" + type: "string" + description: "自定义脚本文件名(为空则自动生成)" + required: false + diff --git a/tools/exiftool.yaml b/tools/exiftool.yaml new file mode 100644 index 00000000..34b1f7ec --- /dev/null +++ b/tools/exiftool.yaml @@ -0,0 +1,43 @@ +name: "exiftool" +command: "exiftool" +enabled: true + +short_description: "元数据提取工具" + +description: | + ExifTool用于读取、写入和编辑各种文件格式的元数据。 + + **主要功能:** + - 元数据提取 + - 多种文件格式支持 + - 元数据编辑 + - 批量处理 + + **使用场景:** + - 取证分析 + - 元数据检查 + - 隐私保护 + - 文件分析 + +parameters: + - name: "file_path" + type: "string" + description: "要分析的文件路径" + required: true + position: 0 + format: "positional" + + - name: "output_format" + type: "string" + description: "输出格式(json, xml, csv)" + required: false + flag: "-j" + format: "flag" + + - name: "tags" + type: "string" + description: "要提取的特定标签" + required: false + flag: "-TAG" + format: "flag" + diff --git a/tools/falco.yaml b/tools/falco.yaml new file mode 100644 index 00000000..70306e5e --- /dev/null +++ b/tools/falco.yaml @@ -0,0 +1,51 @@ +name: "falco" +command: "falco" +enabled: true + +short_description: "运行时安全监控工具" + +description: | + Falco是一个运行时安全监控工具,用于检测容器和主机中的异常行为。 + + **主要功能:** + - 运行时监控 + - 异常检测 + - 规则引擎 + - 实时告警 + + **使用场景:** + - 运行时安全监控 + - 异常检测 + - 安全事件响应 + - 合规性监控 + +parameters: + - name: "config_file" + type: "string" + description: "Falco配置文件" + required: false + flag: "--config" + format: "flag" + default: "/etc/falco/falco.yaml" + + - name: "rules_file" + type: "string" + description: "自定义规则文件" + required: false + flag: "--rules" + format: "flag" + + - name: "output_format" + type: "string" + description: "输出格式(json, text)" + required: false + flag: "--output" + format: "flag" + default: "json" + + - name: "duration" + type: "int" + description: "监控持续时间(秒)" + required: false + default: 60 + diff --git a/tools/feroxbuster.yaml b/tools/feroxbuster.yaml new file mode 100644 index 00000000..edafa7f3 --- /dev/null +++ b/tools/feroxbuster.yaml @@ -0,0 +1,44 @@ +name: "feroxbuster" +command: "feroxbuster" +enabled: true + +short_description: "递归内容发现工具" + +description: | + Feroxbuster是一个快速、简单的递归内容发现工具。 + + **主要功能:** + - 递归目录发现 + - 多线程支持 + - 自动过滤 + - 多种输出格式 + + **使用场景:** + - Web内容发现 + - 目录枚举 + - 文件发现 + - 安全测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "wordlist" + type: "string" + description: "字典文件路径" + required: false + flag: "-w" + format: "flag" + + - name: "threads" + type: "int" + description: "线程数" + required: false + flag: "-t" + format: "flag" + default: 10 + diff --git a/tools/ffuf.yaml b/tools/ffuf.yaml new file mode 100644 index 00000000..e57cb166 --- /dev/null +++ b/tools/ffuf.yaml @@ -0,0 +1,57 @@ +name: "ffuf" +command: "ffuf" +enabled: true + +short_description: "快速Web模糊测试工具,用于目录、参数和内容发现" + +description: | + FFuf是一个快速的Web模糊测试工具,用于目录发现、参数模糊测试和内容发现。 + + **主要功能:** + - 快速目录和文件发现 + - 参数模糊测试 + - 虚拟主机发现 + - 自定义过滤器和匹配器 + - 多线程支持 + + **使用场景:** + - Web应用安全测试 + - 目录枚举 + - 参数发现 + - 内容发现 + +parameters: + - name: "url" + type: "string" + description: "目标URL(使用FUZZ作为占位符)" + required: true + flag: "-u" + format: "flag" + + - name: "wordlist" + type: "string" + description: "字典文件路径" + required: false + default: "/usr/share/wordlists/dirb/common.txt" + flag: "-w" + format: "flag" + + - name: "mode" + type: "string" + description: "模糊测试模式(directory, vhost, parameter)" + required: false + default: "directory" + + - name: "match_codes" + type: "string" + description: "匹配的HTTP状态码(逗号分隔)" + required: false + default: "200,204,301,302,307,401,403" + flag: "-mc" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的FFuf参数" + required: false + diff --git a/tools/fierce.yaml b/tools/fierce.yaml new file mode 100644 index 00000000..d28bc450 --- /dev/null +++ b/tools/fierce.yaml @@ -0,0 +1,36 @@ +name: "fierce" +command: "fierce" +enabled: true + +short_description: "DNS侦察工具" + +description: | + Fierce是一个DNS侦察工具,用于发现目标域名的子域名。 + + **主要功能:** + - 子域名发现 + - DNS暴力破解 + - 区域传输测试 + - 网络映射 + + **使用场景:** + - DNS侦察 + - 子域名枚举 + - 网络映射 + - 渗透测试 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + flag: "-dns" + format: "flag" + + - name: "dns_server" + type: "string" + description: "要使用的DNS服务器" + required: false + flag: "-dnsserver" + format: "flag" + diff --git a/tools/foremost.yaml b/tools/foremost.yaml new file mode 100644 index 00000000..e3033f9e --- /dev/null +++ b/tools/foremost.yaml @@ -0,0 +1,44 @@ +name: "foremost" +command: "foremost" +enabled: true + +short_description: "文件恢复工具" + +description: | + Foremost是一个基于文件头和尾的文件恢复工具。 + + **主要功能:** + - 文件恢复 + - 多种文件类型支持 + - 磁盘镜像分析 + - 数据恢复 + + **使用场景:** + - 数据恢复 + - 取证分析 + - 文件提取 + - 磁盘分析 + +parameters: + - name: "input_file" + type: "string" + description: "输入文件或设备" + required: true + flag: "-i" + format: "flag" + + - name: "output_dir" + type: "string" + description: "输出目录" + required: false + flag: "-o" + format: "flag" + default: "/tmp/foremost_output" + + - name: "file_types" + type: "string" + description: "要恢复的文件类型(jpg,gif,png等)" + required: false + flag: "-t" + format: "flag" + diff --git a/tools/gau.yaml b/tools/gau.yaml new file mode 100644 index 00000000..cb966532 --- /dev/null +++ b/tools/gau.yaml @@ -0,0 +1,44 @@ +name: "gau" +command: "gau" +enabled: true + +short_description: "从多个数据源获取所有URL" + +description: | + Gau (Get All URLs) 从多个数据源获取目标域名的所有URL。 + + **主要功能:** + - 从Wayback Machine获取URL + - 从CommonCrawl获取URL + - 从OTX获取URL + - 从URLScan获取URL + + **使用场景:** + - URL发现 + - 历史URL收集 + - Bug bounty侦察 + - 安全测试 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + position: 0 + format: "positional" + + - name: "providers" + type: "string" + description: "数据源(wayback,commoncrawl,otx,urlscan)" + required: false + flag: "-providers" + format: "flag" + + - name: "include_subs" + type: "bool" + description: "包含子域名" + required: false + flag: "-subs" + format: "flag" + default: true + diff --git a/tools/gdb-peda.yaml b/tools/gdb-peda.yaml new file mode 100644 index 00000000..ed7542c3 --- /dev/null +++ b/tools/gdb-peda.yaml @@ -0,0 +1,50 @@ +name: "gdb-peda" +command: "gdb" +enabled: true + +short_description: "带PEDA增强的GDB调试器" + +description: | + GDB-PEDA是带有PEDA(Python Exploit Development Assistance)增强的GDB调试器。 + + **主要功能:** + - 增强的GDB功能 + - 自动化分析 + - 漏洞利用辅助 + - 可视化显示 + + **使用场景:** + - 二进制调试 + - 漏洞利用开发 + - 逆向工程 + - 安全研究 + +parameters: + - name: "binary" + type: "string" + description: "要调试的二进制文件" + required: false + position: 0 + format: "positional" + + - name: "commands" + type: "string" + description: "GDB命令(分号分隔)" + required: false + flag: "-ex" + format: "flag" + + - name: "attach_pid" + type: "int" + description: "要附加的进程ID" + required: false + flag: "-p" + format: "flag" + + - name: "core_file" + type: "string" + description: "核心转储文件路径" + required: false + flag: "-c" + format: "flag" + diff --git a/tools/gdb.yaml b/tools/gdb.yaml new file mode 100644 index 00000000..a7fe73b8 --- /dev/null +++ b/tools/gdb.yaml @@ -0,0 +1,43 @@ +name: "gdb" +command: "gdb" +enabled: true + +short_description: "GNU调试器,用于二进制分析和调试" + +description: | + GDB是GNU调试器,用于调试和分析二进制程序。 + + **主要功能:** + - 程序调试 + - 内存分析 + - 反汇编 + - 断点设置 + + **使用场景:** + - 二进制分析 + - 漏洞研究 + - 逆向工程 + - 程序调试 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + position: 0 + format: "positional" + + - name: "commands" + type: "string" + description: "要执行的GDB命令(分号分隔)" + required: false + flag: "-ex" + format: "flag" + + - name: "script_file" + type: "string" + description: "GDB脚本文件路径" + required: false + flag: "-x" + format: "flag" + diff --git a/tools/ghidra.yaml b/tools/ghidra.yaml new file mode 100644 index 00000000..502cb986 --- /dev/null +++ b/tools/ghidra.yaml @@ -0,0 +1,50 @@ +name: "ghidra" +command: "ghidra" +enabled: true + +short_description: "高级二进制分析和逆向工程工具" + +description: | + Ghidra是NSA开发的免费二进制分析和逆向工程工具。 + + **主要功能:** + - 反汇编和反编译 + - 高级分析 + - 脚本支持 + - 协作功能 + + **使用场景:** + - 二进制分析 + - 逆向工程 + - 恶意软件分析 + - 漏洞研究 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + + - name: "project_name" + type: "string" + description: "Ghidra项目名称" + required: false + default: "hexstrike_analysis" + + - name: "script_file" + type: "string" + description: "自定义Ghidra脚本文件" + required: false + + - name: "analysis_timeout" + type: "int" + description: "分析超时时间(秒)" + required: false + default: 300 + + - name: "output_format" + type: "string" + description: "输出格式(xml, json)" + required: false + default: "xml" + diff --git a/tools/gobuster.yaml b/tools/gobuster.yaml new file mode 100644 index 00000000..97047009 --- /dev/null +++ b/tools/gobuster.yaml @@ -0,0 +1,50 @@ +name: "gobuster" +command: "gobuster" +enabled: true + +short_description: "Web内容扫描工具,用于发现目录、文件和子域名" + +description: | + Gobuster是一个快速的内容发现工具,用于Web应用程序的目录、文件和子域名枚举。 + + **主要功能:** + - 目录和文件发现 + - DNS子域名枚举 + - 虚拟主机发现 + - 支持多种模式(dir, dns, fuzz, vhost) + + **使用场景:** + - Web应用安全测试 + - 目录枚举和文件发现 + - 子域名发现 + - 渗透测试信息收集 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "mode" + type: "string" + description: "扫描模式(dir, dns, fuzz, vhost)" + required: false + default: "dir" + flag: "-m" + format: "flag" + + - name: "wordlist" + type: "string" + description: "字典文件路径" + required: false + default: "/usr/share/wordlists/dirb/common.txt" + flag: "-w" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的Gobuster参数" + required: false + diff --git a/tools/graphql-scanner.yaml b/tools/graphql-scanner.yaml new file mode 100644 index 00000000..a05520bf --- /dev/null +++ b/tools/graphql-scanner.yaml @@ -0,0 +1,53 @@ +name: "graphql-scanner" +command: "graphqlmap" +enabled: true + +short_description: "GraphQL安全扫描和自省工具" + +description: | + 高级GraphQL安全扫描和自省工具,用于检测GraphQL API中的安全问题。 + + **主要功能:** + - GraphQL自省 + - 查询深度测试 + - 突变操作测试 + - 漏洞评估 + + **使用场景:** + - GraphQL安全测试 + - API安全评估 + - 漏洞发现 + - 安全测试 + +parameters: + - name: "endpoint" + type: "string" + description: "GraphQL端点URL" + required: true + flag: "-u" + format: "flag" + + - name: "introspection" + type: "bool" + description: "测试自省查询" + required: false + default: true + flag: "--introspection" + format: "flag" + + - name: "query_depth" + type: "int" + description: "要测试的最大查询深度" + required: false + default: 10 + flag: "--depth" + format: "flag" + + - name: "test_mutations" + type: "bool" + description: "测试突变操作" + required: false + default: true + flag: "--mutations" + format: "flag" + diff --git a/tools/hakrawler.yaml b/tools/hakrawler.yaml new file mode 100644 index 00000000..d7c2ec48 --- /dev/null +++ b/tools/hakrawler.yaml @@ -0,0 +1,43 @@ +name: "hakrawler" +command: "hakrawler" +enabled: true + +short_description: "Web端点发现工具" + +description: | + Hakrawler是一个快速、简单的Web端点发现工具。 + + **主要功能:** + - Web端点发现 + - 链接提取 + - JavaScript文件发现 + - 快速爬取 + + **使用场景:** + - Web端点发现 + - 内容爬取 + - 安全测试 + - Bug bounty侦察 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + + - name: "depth" + type: "int" + description: "爬取深度" + required: false + flag: "-d" + format: "flag" + default: 2 + + - name: "forms" + type: "bool" + description: "包含表单" + required: false + flag: "-forms" + format: "flag" + default: true + diff --git a/tools/hashcat.yaml b/tools/hashcat.yaml new file mode 100644 index 00000000..c9f2d48c --- /dev/null +++ b/tools/hashcat.yaml @@ -0,0 +1,64 @@ +name: "hashcat" +command: "hashcat" +enabled: true + +short_description: "高级密码破解工具,支持GPU加速" + +description: | + Hashcat是一个高级密码恢复工具,支持多种哈希算法和攻击模式。 + + **主要功能:** + - 支持多种哈希算法 + - GPU加速 + - 多种攻击模式(字典、组合、掩码等) + - 规则引擎 + + **使用场景:** + - 密码恢复 + - 哈希破解 + - 安全测试 + - 取证分析 + +parameters: + - name: "hash_file" + type: "string" + description: "包含哈希的文件" + required: true + position: 0 + format: "positional" + + - name: "hash_type" + type: "string" + description: "哈希类型编号" + required: true + flag: "-m" + format: "flag" + + - name: "attack_mode" + type: "string" + description: "攻击模式(0=字典, 1=组合, 3=掩码等)" + required: false + default: "0" + flag: "-a" + format: "flag" + + - name: "wordlist" + type: "string" + description: "字典文件" + required: false + default: "/usr/share/wordlists/rockyou.txt" + position: 1 + format: "positional" + + - name: "mask" + type: "string" + description: "掩码(用于掩码攻击)" + required: false + flag: "-a" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的Hashcat参数" + required: false + diff --git a/tools/hashpump.yaml b/tools/hashpump.yaml new file mode 100644 index 00000000..7962861a --- /dev/null +++ b/tools/hashpump.yaml @@ -0,0 +1,42 @@ +name: "hashpump" +command: "hashpump" +enabled: true + +short_description: "哈希长度扩展攻击工具" + +description: | + HashPump是一个用于执行哈希长度扩展攻击的工具。 + + **主要功能:** + - 哈希长度扩展攻击 + - 多种哈希算法支持 + - 签名生成 + - 数据追加 + + **使用场景:** + - 密码学攻击 + - 哈希函数测试 + - CTF挑战 + - 安全研究 + +parameters: + - name: "signature" + type: "string" + description: "原始哈希签名" + required: true + + - name: "data" + type: "string" + description: "原始数据" + required: true + + - name: "key_length" + type: "string" + description: "密钥长度" + required: true + + - name: "append_data" + type: "string" + description: "要追加的数据" + required: true + diff --git a/tools/http-framework-test.yaml b/tools/http-framework-test.yaml new file mode 100644 index 00000000..7e1432f1 --- /dev/null +++ b/tools/http-framework-test.yaml @@ -0,0 +1,54 @@ +name: "http-framework-test" +command: "curl" +enabled: true + +short_description: "增强的HTTP测试框架(Burp Suite替代)" + +description: | + 增强的HTTP测试框架,用于综合Web安全测试(Burp Suite替代)。 + + **主要功能:** + - HTTP请求测试 + - 代理拦截 + - 重放器 + - 入侵者 + + **使用场景:** + - Web安全测试 + - HTTP测试 + - 渗透测试 + - 安全评估 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + + - name: "method" + type: "string" + description: "HTTP方法(GET, POST, PUT, DELETE等)" + required: false + default: "GET" + + - name: "data" + type: "string" + description: "请求数据/参数(JSON格式)" + required: false + + - name: "headers" + type: "string" + description: "自定义请求头(JSON格式)" + required: false + + - name: "cookies" + type: "string" + description: "自定义Cookie(JSON格式)" + required: false + + - name: "action" + type: "string" + description: "要执行的操作(request, spider, proxy_history, repeater, intruder)" + required: false + default: "request" + diff --git a/tools/http-intruder.yaml b/tools/http-intruder.yaml new file mode 100644 index 00000000..756d7596 --- /dev/null +++ b/tools/http-intruder.yaml @@ -0,0 +1,55 @@ +name: "http-intruder" +command: "ffuf" +enabled: true + +short_description: "简单的Intruder(sniper)模糊测试工具" + +description: | + 简单的Intruder(sniper)模糊测试,逐个参数迭代载荷。 + + **主要功能:** + - 参数模糊测试 + - 载荷迭代 + - 多种位置支持 + - 批量请求 + + **使用场景:** + - 参数模糊测试 + - 载荷测试 + - 安全测试 + - 漏洞发现 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + + - name: "method" + type: "string" + description: "HTTP方法" + required: false + default: "GET" + + - name: "location" + type: "string" + description: "载荷位置(query, body, headers, cookie)" + required: false + default: "query" + + - name: "params" + type: "string" + description: "参数列表(JSON格式)" + required: false + + - name: "payloads" + type: "string" + description: "载荷列表(JSON格式)" + required: false + + - name: "max_requests" + type: "int" + description: "最大请求数" + required: false + default: 100 + diff --git a/tools/http-repeater.yaml b/tools/http-repeater.yaml new file mode 100644 index 00000000..213f2adb --- /dev/null +++ b/tools/http-repeater.yaml @@ -0,0 +1,27 @@ +name: "http-repeater" +command: "curl" +enabled: true + +short_description: "发送精心制作的HTTP请求(Burp Repeater等效)" + +description: | + 发送精心制作的HTTP请求,类似于Burp Suite的Repeater功能。 + + **主要功能:** + - 请求重放 + - 请求修改 + - 响应查看 + - 多次发送 + + **使用场景:** + - HTTP请求测试 + - 请求重放 + - 安全测试 + - 漏洞验证 + +parameters: + - name: "request_spec" + type: "string" + description: "请求规范(JSON格式,包含url, method, headers, cookies, data)" + required: true + diff --git a/tools/httpx.yaml b/tools/httpx.yaml new file mode 100644 index 00000000..c190040d --- /dev/null +++ b/tools/httpx.yaml @@ -0,0 +1,85 @@ +name: "httpx" +command: "httpx" +enabled: true + +short_description: "快速HTTP探测和指纹识别工具" + +description: | + HTTPx是一个快速HTTP探测工具,用于发现和验证HTTP服务。 + + **主要功能:** + - 快速HTTP探测 + - 技术检测 + - 状态码过滤 + - 多线程支持 + + **使用场景:** + - HTTP服务发现 + - 技术栈识别 + - Web应用发现 + - 安全测试 + +parameters: + - name: "target" + type: "string" + description: "目标文件或单个URL" + required: true + flag: "-u" + format: "flag" + + - name: "probe" + type: "bool" + description: "启用探测" + required: false + flag: "-probe" + format: "flag" + default: true + + - name: "tech_detect" + type: "bool" + description: "启用技术检测" + required: false + flag: "-td" + format: "flag" + default: false + + - name: "status_code" + type: "bool" + description: "显示状态码" + required: false + flag: "-sc" + format: "flag" + default: false + + - name: "content_length" + type: "bool" + description: "显示内容长度" + required: false + flag: "-cl" + format: "flag" + default: false + + - name: "title" + type: "bool" + description: "显示页面标题" + required: false + flag: "-title" + format: "flag" + default: false + + - name: "web_server" + type: "bool" + description: "显示Web服务器" + required: false + flag: "-server" + format: "flag" + default: false + + - name: "threads" + type: "int" + description: "线程数" + required: false + flag: "-t" + format: "flag" + default: 50 + diff --git a/tools/hydra.yaml b/tools/hydra.yaml new file mode 100644 index 00000000..c3eddfa1 --- /dev/null +++ b/tools/hydra.yaml @@ -0,0 +1,69 @@ +name: "hydra" +command: "hydra" +enabled: true + +short_description: "密码暴力破解工具,支持多种协议和服务" + +description: | + Hydra是一个快速的网络登录破解工具,支持多种协议和服务的密码暴力破解。 + + **主要功能:** + - 支持多种协议(SSH, FTP, HTTP, SMB等) + - 快速并行破解 + - 支持用户名和密码字典 + - 可恢复的会话 + + **使用场景:** + - 密码强度测试 + - 渗透测试 + - 安全评估 + - 弱密码检测 + +parameters: + - name: "target" + type: "string" + description: "目标IP或主机名" + required: true + position: 0 + format: "positional" + + - name: "service" + type: "string" + description: "服务类型(ssh, ftp, http等)" + required: true + position: 1 + format: "positional" + + - name: "username" + type: "string" + description: "单个用户名" + required: false + flag: "-l" + format: "flag" + + - name: "username_file" + type: "string" + description: "用户名字典文件" + required: false + flag: "-L" + format: "flag" + + - name: "password" + type: "string" + description: "单个密码" + required: false + flag: "-p" + format: "flag" + + - name: "password_file" + type: "string" + description: "密码字典文件" + required: false + flag: "-P" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的Hydra参数" + required: false + diff --git a/tools/install-python-package.yaml b/tools/install-python-package.yaml new file mode 100644 index 00000000..24a6513a --- /dev/null +++ b/tools/install-python-package.yaml @@ -0,0 +1,33 @@ +name: "install-python-package" +command: "pip" +enabled: true + +short_description: "安装Python包工具" + +description: | + 在虚拟环境中安装Python包。 + + **主要功能:** + - 安装Python包 + - 虚拟环境支持 + - 依赖管理 + + **使用场景:** + - 环境配置 + - 依赖安装 + - 工具安装 + +parameters: + - name: "package" + type: "string" + description: "要安装的Python包名" + required: true + position: 0 + format: "positional" + + - name: "env_name" + type: "string" + description: "虚拟环境名称" + required: false + default: "default" + diff --git a/tools/jaeles.yaml b/tools/jaeles.yaml new file mode 100644 index 00000000..68d95f30 --- /dev/null +++ b/tools/jaeles.yaml @@ -0,0 +1,58 @@ +name: "jaeles" +command: "jaeles" +enabled: true + +short_description: "高级漏洞扫描器,支持自定义签名" + +description: | + Jaeles是一个高级漏洞扫描器,支持自定义签名进行漏洞检测。 + + **主要功能:** + - 自定义签名支持 + - 多种漏洞检测 + - 快速扫描 + - 详细报告 + + **使用场景:** + - 漏洞扫描 + - Web应用安全测试 + - 自定义检测规则 + - 安全测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "signatures" + type: "string" + description: "自定义签名路径" + required: false + flag: "-s" + format: "flag" + + - name: "config" + type: "string" + description: "配置文件" + required: false + flag: "-c" + format: "flag" + + - name: "threads" + type: "int" + description: "线程数" + required: false + flag: "-t" + format: "flag" + default: 20 + + - name: "timeout" + type: "int" + description: "请求超时时间(秒)" + required: false + flag: "--timeout" + format: "flag" + default: 20 diff --git a/tools/john.yaml b/tools/john.yaml new file mode 100644 index 00000000..12cf5c41 --- /dev/null +++ b/tools/john.yaml @@ -0,0 +1,49 @@ +name: "john" +command: "john" +enabled: true + +short_description: "John the Ripper密码破解工具" + +description: | + John the Ripper是一个快速的密码破解工具,支持多种哈希算法。 + + **主要功能:** + - 多种哈希算法支持 + - 字典攻击 + - 暴力破解 + - 规则引擎 + + **使用场景:** + - 密码恢复 + - 哈希破解 + - 安全测试 + - 取证分析 + +parameters: + - name: "hash_file" + type: "string" + description: "包含哈希的文件" + required: true + position: 0 + format: "positional" + + - name: "wordlist" + type: "string" + description: "字典文件" + required: false + default: "/usr/share/wordlists/rockyou.txt" + flag: "--wordlist" + format: "flag" + + - name: "format_type" + type: "string" + description: "哈希格式类型" + required: false + flag: "--format" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的John参数" + required: false + diff --git a/tools/jwt-analyzer.yaml b/tools/jwt-analyzer.yaml new file mode 100644 index 00000000..bf70c8fd --- /dev/null +++ b/tools/jwt-analyzer.yaml @@ -0,0 +1,36 @@ +name: "jwt-analyzer" +command: "jwt_tool" +enabled: true + +short_description: "JWT令牌分析和漏洞测试工具" + +description: | + 高级JWT令牌分析和漏洞测试工具,用于检测JWT实现中的安全问题。 + + **主要功能:** + - JWT令牌分析 + - 漏洞测试 + - 攻击向量检测 + - 令牌操作 + + **使用场景:** + - JWT安全测试 + - 令牌分析 + - 漏洞发现 + - 安全测试 + +parameters: + - name: "jwt_token" + type: "string" + description: "要分析的JWT令牌" + required: true + flag: "-t" + format: "flag" + + - name: "target_url" + type: "string" + description: "用于测试令牌操作的可选目标URL" + required: false + flag: "-u" + format: "flag" + diff --git a/tools/katana.yaml b/tools/katana.yaml new file mode 100644 index 00000000..a606ffe8 --- /dev/null +++ b/tools/katana.yaml @@ -0,0 +1,53 @@ +name: "katana" +command: "katana" +enabled: true + +short_description: "下一代Web爬虫和蜘蛛工具" + +description: | + Katana是一个快速、智能的Web爬虫工具,用于发现Web应用中的端点和资源。 + + **主要功能:** + - 智能Web爬虫 + - JavaScript渲染支持 + - 表单提取 + - 端点发现 + + **使用场景:** + - Web应用侦察 + - 端点发现 + - 内容爬取 + - 安全测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "-u" + format: "flag" + + - name: "depth" + type: "int" + description: "爬取深度" + required: false + flag: "-d" + format: "flag" + default: 3 + + - name: "js_crawl" + type: "bool" + description: "启用JavaScript爬取" + required: false + flag: "-js-crawl" + format: "flag" + default: true + + - name: "form_extraction" + type: "bool" + description: "启用表单提取" + required: false + flag: "-form" + format: "flag" + default: true + diff --git a/tools/kube-bench.yaml b/tools/kube-bench.yaml new file mode 100644 index 00000000..6bea9883 --- /dev/null +++ b/tools/kube-bench.yaml @@ -0,0 +1,51 @@ +name: "kube-bench" +command: "kube-bench" +enabled: true + +short_description: "CIS Kubernetes基准检查工具" + +description: | + Kube-bench是一个CIS Kubernetes基准检查工具,用于检查Kubernetes集群是否符合CIS基准。 + + **主要功能:** + - CIS基准检查 + - 多种目标支持(master, node, etcd, policies) + - 详细报告 + - 配置验证 + + **使用场景:** + - Kubernetes合规性检查 + - 安全配置审计 + - CIS基准验证 + - 安全评估 + +parameters: + - name: "targets" + type: "string" + description: "要检查的目标(master, node, etcd, policies)" + required: false + flag: "--targets" + format: "flag" + + - name: "version" + type: "string" + description: "Kubernetes版本" + required: false + flag: "--version" + format: "flag" + + - name: "config_dir" + type: "string" + description: "配置目录" + required: false + flag: "--config-dir" + format: "flag" + + - name: "output_format" + type: "string" + description: "输出格式(json, yaml)" + required: false + flag: "--output" + format: "flag" + default: "json" + diff --git a/tools/kube-hunter.yaml b/tools/kube-hunter.yaml new file mode 100644 index 00000000..6245241c --- /dev/null +++ b/tools/kube-hunter.yaml @@ -0,0 +1,59 @@ +name: "kube-hunter" +command: "kube-hunter" +enabled: true + +short_description: "Kubernetes渗透测试工具" + +description: | + Kube-hunter是一个Kubernetes渗透测试工具,用于发现Kubernetes集群中的安全问题。 + + **主要功能:** + - Kubernetes安全扫描 + - 漏洞发现 + - 配置问题检测 + - 主动和被动模式 + + **使用场景:** + - Kubernetes安全测试 + - 集群安全评估 + - 渗透测试 + - 安全审计 + +parameters: + - name: "target" + type: "string" + description: "特定目标扫描" + required: false + flag: "--remote" + format: "flag" + + - name: "cidr" + type: "string" + description: "CIDR范围扫描" + required: false + flag: "--cidr" + format: "flag" + + - name: "interface" + type: "string" + description: "网络接口扫描" + required: false + flag: "--interface" + format: "flag" + + - name: "active" + type: "bool" + description: "启用主动扫描(可能有风险)" + required: false + flag: "--active" + format: "flag" + default: false + + - name: "report" + type: "string" + description: "报告格式(json, yaml)" + required: false + flag: "--report" + format: "flag" + default: "json" + diff --git a/tools/libc-database.yaml b/tools/libc-database.yaml new file mode 100644 index 00000000..b6afebcd --- /dev/null +++ b/tools/libc-database.yaml @@ -0,0 +1,37 @@ +name: "libc-database" +command: "libc-database" +enabled: true + +short_description: "libc识别和偏移查找工具" + +description: | + Libc-database是一个用于libc识别和偏移查找的工具。 + + **主要功能:** + - libc识别 + - 符号偏移查找 + - libc下载 + - 数据库查询 + + **使用场景:** + - CTF挑战 + - 漏洞利用开发 + - libc识别 + - 安全研究 + +parameters: + - name: "action" + type: "string" + description: "要执行的操作(find, dump, download)" + required: true + + - name: "symbols" + type: "string" + description: "符号和偏移(格式:symbol1:offset1 symbol2:offset2)" + required: false + + - name: "libc_id" + type: "string" + description: "Libc ID(用于dump/download操作)" + required: false + diff --git a/tools/list-files.yaml b/tools/list-files.yaml new file mode 100644 index 00000000..fb75d305 --- /dev/null +++ b/tools/list-files.yaml @@ -0,0 +1,44 @@ +name: "list-files" +command: "ls" +enabled: true + +short_description: "列出目录文件工具" + +description: | + 列出服务器上指定目录中的文件。 + + **主要功能:** + - 列出文件 + - 显示详细信息 + - 递归列出 + + **使用场景:** + - 目录浏览 + - 文件查找 + - 系统检查 + +parameters: + - name: "directory" + type: "string" + description: "要列出的目录(相对于服务器基础目录)" + required: false + default: "." + position: 0 + format: "positional" + + - name: "long_format" + type: "bool" + description: "显示详细信息" + required: false + flag: "-l" + format: "flag" + default: true + + - name: "recursive" + type: "bool" + description: "递归列出" + required: false + flag: "-R" + format: "flag" + default: false + diff --git a/tools/masscan.yaml b/tools/masscan.yaml new file mode 100644 index 00000000..a1896fcb --- /dev/null +++ b/tools/masscan.yaml @@ -0,0 +1,59 @@ +name: "masscan" +command: "masscan" +enabled: true + +short_description: "高速互联网级端口扫描工具" + +description: | + Masscan是一个高速端口扫描工具,可以在几分钟内扫描整个互联网。 + + **主要功能:** + - 极高的扫描速度 + - 支持大规模网络扫描 + - Banner抓取 + - 可配置扫描速率 + + **使用场景:** + - 大规模网络扫描 + - 互联网级扫描 + - 快速端口发现 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址或CIDR范围" + required: true + position: 0 + format: "positional" + + - name: "ports" + type: "string" + description: "端口范围(如:1-65535)" + required: false + flag: "-p" + format: "flag" + default: "1-65535" + + - name: "rate" + type: "int" + description: "每秒数据包数" + required: false + flag: "--rate" + format: "flag" + default: 1000 + + - name: "interface" + type: "string" + description: "网络接口" + required: false + flag: "-e" + format: "flag" + + - name: "banners" + type: "bool" + description: "启用Banner抓取" + required: false + flag: "--banners" + format: "flag" + default: false + diff --git a/tools/metasploit.yaml b/tools/metasploit.yaml new file mode 100644 index 00000000..b58184ca --- /dev/null +++ b/tools/metasploit.yaml @@ -0,0 +1,32 @@ +name: "metasploit" +command: "msfconsole" +enabled: true + +short_description: "Metasploit渗透测试框架" + +description: | + Metasploit是一个渗透测试框架,提供大量漏洞利用模块和辅助工具。 + + **主要功能:** + - 漏洞利用 + - 载荷生成 + - 后渗透模块 + - 辅助工具 + + **使用场景:** + - 渗透测试 + - 漏洞利用 + - 安全测试 + - 安全研究 + +parameters: + - name: "module" + type: "string" + description: "要使用的Metasploit模块" + required: true + + - name: "options" + type: "string" + description: "模块选项(JSON格式)" + required: false + diff --git a/tools/modify-file.yaml b/tools/modify-file.yaml new file mode 100644 index 00000000..b498b68a --- /dev/null +++ b/tools/modify-file.yaml @@ -0,0 +1,36 @@ +name: "modify-file" +command: "sh" +enabled: true + +short_description: "修改文件工具" + +description: | + 修改服务器上的现有文件。 + + **主要功能:** + - 修改文件 + - 追加内容 + - 覆盖内容 + + **使用场景:** + - 文件编辑 + - 内容追加 + - 配置修改 + +parameters: + - name: "filename" + type: "string" + description: "要修改的文件名" + required: true + + - name: "content" + type: "string" + description: "要写入或追加的内容" + required: true + + - name: "append" + type: "bool" + description: "是否追加(true)或覆盖(false)" + required: false + default: false + diff --git a/tools/msfvenom.yaml b/tools/msfvenom.yaml new file mode 100644 index 00000000..2870e12e --- /dev/null +++ b/tools/msfvenom.yaml @@ -0,0 +1,57 @@ +name: "msfvenom" +command: "msfvenom" +enabled: true + +short_description: "Metasploit载荷生成工具" + +description: | + MSFVenom是Metasploit框架的载荷生成工具,用于创建各种类型的攻击载荷。 + + **主要功能:** + - 多种载荷类型 + - 编码器支持 + - 多种输出格式 + - 平台支持 + + **使用场景:** + - 渗透测试 + - 载荷生成 + - 漏洞利用 + - 安全测试 + +parameters: + - name: "payload" + type: "string" + description: "要生成的载荷(如:windows/meterpreter/reverse_tcp)" + required: true + flag: "-p" + format: "flag" + + - name: "format_type" + type: "string" + description: "输出格式(exe, elf, raw等)" + required: false + flag: "-f" + format: "flag" + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + flag: "-o" + format: "flag" + + - name: "encoder" + type: "string" + description: "编码器(如:x86/shikata_ga_nai)" + required: false + flag: "-e" + format: "flag" + + - name: "iterations" + type: "string" + description: "编码迭代次数" + required: false + flag: "-i" + format: "flag" + diff --git a/tools/nbtscan.yaml b/tools/nbtscan.yaml new file mode 100644 index 00000000..3f0605a9 --- /dev/null +++ b/tools/nbtscan.yaml @@ -0,0 +1,45 @@ +name: "nbtscan" +command: "nbtscan" +enabled: true + +short_description: "NetBIOS名称扫描工具" + +description: | + Nbtscan是一个NetBIOS名称扫描工具,用于发现网络中的Windows系统。 + + **主要功能:** + - NetBIOS名称扫描 + - Windows系统发现 + - 网络映射 + - 快速扫描 + + **使用场景:** + - Windows网络发现 + - NetBIOS枚举 + - 网络映射 + - 渗透测试 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址或范围" + required: true + position: 0 + format: "positional" + + - name: "verbose" + type: "bool" + description: "详细输出" + required: false + flag: "-v" + format: "flag" + default: false + + - name: "timeout" + type: "int" + description: "超时时间(秒)" + required: false + flag: "-t" + format: "flag" + default: 2 + diff --git a/tools/netexec.yaml b/tools/netexec.yaml new file mode 100644 index 00000000..1fdac60d --- /dev/null +++ b/tools/netexec.yaml @@ -0,0 +1,70 @@ +name: "netexec" +command: "netexec" +enabled: true + +short_description: "网络枚举和利用框架(原CrackMapExec)" + +description: | + NetExec(原CrackMapExec)是一个网络枚举和利用框架,支持多种协议。 + + **主要功能:** + - 多协议支持(SMB, SSH, WinRM等) + - 凭证验证 + - 横向移动 + - 模块化架构 + + **使用场景:** + - 网络渗透测试 + - 域环境测试 + - 横向移动测试 + - 凭证验证 + +parameters: + - name: "target" + type: "string" + description: "目标IP或网络" + required: true + position: 0 + format: "positional" + + - name: "protocol" + type: "string" + description: "协议类型(smb, ssh, winrm等)" + required: false + default: "smb" + flag: "-M" + format: "flag" + + - name: "username" + type: "string" + description: "用户名" + required: false + flag: "-u" + format: "flag" + + - name: "password" + type: "string" + description: "密码" + required: false + flag: "-p" + format: "flag" + + - name: "hash_value" + type: "string" + description: "NTLM哈希(用于Pass-the-Hash)" + required: false + flag: "-H" + format: "flag" + + - name: "module" + type: "string" + description: "要执行的模块" + required: false + flag: "-M" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的NetExec参数" + required: false + diff --git a/tools/nmap-advanced.yaml b/tools/nmap-advanced.yaml new file mode 100644 index 00000000..6dd09888 --- /dev/null +++ b/tools/nmap-advanced.yaml @@ -0,0 +1,91 @@ +name: "nmap-advanced" +command: "nmap" +enabled: true + +short_description: "高级Nmap扫描,支持自定义NSE脚本和优化时序" + +description: | + 高级Nmap扫描工具,支持自定义NSE脚本、优化时序和多种扫描技术。 + + **主要功能:** + - 多种扫描技术(SYN, TCP, UDP等) + - 自定义NSE脚本 + - 时序优化 + - OS检测和版本检测 + + **使用场景:** + - 高级网络扫描 + - 深度安全评估 + - 渗透测试 + - 网络侦察 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址或主机名" + required: true + position: 0 + format: "positional" + + - name: "scan_type" + type: "string" + description: "扫描类型(-sS, -sT, -sU等)" + required: false + flag: "" + format: "positional" + default: "-sS" + + - name: "ports" + type: "string" + description: "要扫描的端口" + required: false + flag: "-p" + format: "flag" + + - name: "timing" + type: "string" + description: "时序模板(T0-T5)" + required: false + flag: "-T" + format: "flag" + default: "T4" + + - name: "nse_scripts" + type: "string" + description: "要运行的自定义NSE脚本" + required: false + flag: "--script" + format: "flag" + + - name: "os_detection" + type: "bool" + description: "启用OS检测" + required: false + flag: "-O" + format: "flag" + default: false + + - name: "version_detection" + type: "bool" + description: "启用版本检测" + required: false + flag: "-sV" + format: "flag" + default: false + + - name: "aggressive" + type: "bool" + description: "启用激进扫描" + required: false + flag: "-A" + format: "flag" + default: false + + - name: "stealth" + type: "bool" + description: "启用隐蔽模式" + required: false + flag: "-sS" + format: "flag" + default: false + diff --git a/tools/nuclei.yaml b/tools/nuclei.yaml new file mode 100644 index 00000000..67eaeee4 --- /dev/null +++ b/tools/nuclei.yaml @@ -0,0 +1,56 @@ +name: "nuclei" +command: "nuclei" +enabled: true + +short_description: "快速漏洞扫描器,使用YAML模板进行漏洞检测" + +description: | + Nuclei是一个基于模板的快速漏洞扫描器,使用社区维护的YAML模板进行漏洞检测。 + + **主要功能:** + - 快速漏洞扫描 + - 基于模板的检测 + - 支持多种协议(HTTP, TCP, DNS等) + - 实时结果输出 + - 支持自定义模板 + + **使用场景:** + - 漏洞扫描和发现 + - 安全评估 + - 渗透测试 + - 漏洞验证 + +parameters: + - name: "target" + type: "string" + description: "目标URL或IP" + required: true + flag: "-u" + format: "flag" + + - name: "severity" + type: "string" + description: "严重程度过滤(critical,high,medium,low,info)" + required: false + flag: "-s" + format: "flag" + + - name: "tags" + type: "string" + description: "标签过滤(如cve,rce,lfi)" + required: false + flag: "-tags" + format: "flag" + + - name: "template" + type: "string" + description: "自定义模板路径" + required: false + flag: "-t" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的Nuclei参数" + required: false + diff --git a/tools/objdump.yaml b/tools/objdump.yaml new file mode 100644 index 00000000..80e3695c --- /dev/null +++ b/tools/objdump.yaml @@ -0,0 +1,37 @@ +name: "objdump" +command: "objdump" +enabled: true + +short_description: "二进制文件反汇编工具" + +description: | + Objdump是GNU binutils的一部分,用于反汇编二进制文件。 + + **主要功能:** + - 反汇编 + - 符号表显示 + - 节信息显示 + - 多种架构支持 + + **使用场景:** + - 二进制分析 + - 逆向工程 + - 程序理解 + - 调试辅助 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + position: 0 + format: "positional" + + - name: "disassemble" + type: "bool" + description: "反汇编二进制文件" + required: false + flag: "-d" + format: "flag" + default: true + diff --git a/tools/one-gadget.yaml b/tools/one-gadget.yaml new file mode 100644 index 00000000..d9eabb10 --- /dev/null +++ b/tools/one-gadget.yaml @@ -0,0 +1,36 @@ +name: "one-gadget" +command: "one_gadget" +enabled: true + +short_description: "在libc中查找one-shot RCE gadget的工具" + +description: | + One-gadget是一个用于在libc中查找one-shot RCE gadget的工具。 + + **主要功能:** + - One-shot gadget搜索 + - 约束级别检查 + - 多种libc支持 + + **使用场景:** + - CTF挑战 + - 漏洞利用开发 + - ROP链简化 + - 安全研究 + +parameters: + - name: "libc_path" + type: "string" + description: "libc二进制文件路径" + required: true + position: 0 + format: "positional" + + - name: "level" + type: "int" + description: "约束级别(0, 1, 2)" + required: false + flag: "-l" + format: "flag" + default: 1 + diff --git a/tools/pacu.yaml b/tools/pacu.yaml new file mode 100644 index 00000000..0938cda1 --- /dev/null +++ b/tools/pacu.yaml @@ -0,0 +1,44 @@ +name: "pacu" +command: "pacu" +enabled: true + +short_description: "AWS渗透测试框架" + +description: | + Pacu是一个AWS渗透测试框架,用于测试AWS环境的安全性。 + + **主要功能:** + - AWS渗透测试 + - 权限提升 + - 数据访问 + - 模块化架构 + + **使用场景:** + - AWS安全测试 + - 渗透测试 + - 权限测试 + - 安全评估 + +parameters: + - name: "session_name" + type: "string" + description: "Pacu会话名称" + required: false + flag: "--session" + format: "flag" + default: "hexstrike_session" + + - name: "modules" + type: "string" + description: "要运行的模块(逗号分隔)" + required: false + flag: "--modules" + format: "flag" + + - name: "regions" + type: "string" + description: "AWS区域(逗号分隔)" + required: false + flag: "--regions" + format: "flag" + diff --git a/tools/paramspider.yaml b/tools/paramspider.yaml new file mode 100644 index 00000000..75f302fa --- /dev/null +++ b/tools/paramspider.yaml @@ -0,0 +1,51 @@ +name: "paramspider" +command: "paramspider" +enabled: true + +short_description: "从Web档案中挖掘参数" + +description: | + ParamSpider从Web档案中挖掘参数,用于发现隐藏的参数。 + + **主要功能:** + - 参数挖掘 + - Web档案查询 + - 多级深度支持 + - 扩展名过滤 + + **使用场景:** + - 参数发现 + - Bug bounty侦察 + - Web应用安全测试 + - 安全测试 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + flag: "-d" + format: "flag" + + - name: "level" + type: "int" + description: "挖掘深度级别" + required: false + flag: "-l" + format: "flag" + default: 2 + + - name: "exclude" + type: "string" + description: "要排除的文件扩展名" + required: false + flag: "-e" + format: "flag" + + - name: "output" + type: "string" + description: "输出文件路径" + required: false + flag: "-o" + format: "flag" + diff --git a/tools/prowler.yaml b/tools/prowler.yaml new file mode 100644 index 00000000..7a05e463 --- /dev/null +++ b/tools/prowler.yaml @@ -0,0 +1,60 @@ +name: "prowler" +command: "prowler" +enabled: true + +short_description: "云安全评估工具(AWS, Azure, GCP)" + +description: | + Prowler是一个全面的云安全评估工具,支持AWS、Azure和GCP。 + + **主要功能:** + - 云安全评估 + - 合规性检查 + - 安全最佳实践检查 + - 多种输出格式 + + **使用场景:** + - 云安全审计 + - 合规性检查 + - 安全评估 + - 云配置审计 + +parameters: + - name: "provider" + type: "string" + description: "云提供商(aws, azure, gcp)" + required: false + flag: "-p" + format: "flag" + default: "aws" + + - name: "profile" + type: "string" + description: "AWS配置文件" + required: false + flag: "-p" + format: "flag" + default: "default" + + - name: "region" + type: "string" + description: "要扫描的特定区域" + required: false + flag: "-r" + format: "flag" + + - name: "checks" + type: "string" + description: "要运行的特定检查" + required: false + flag: "-c" + format: "flag" + + - name: "output_format" + type: "string" + description: "输出格式(json, csv, html)" + required: false + flag: "-M" + format: "flag" + default: "json" + diff --git a/tools/pwninit.yaml b/tools/pwninit.yaml new file mode 100644 index 00000000..03b2824d --- /dev/null +++ b/tools/pwninit.yaml @@ -0,0 +1,51 @@ +name: "pwninit" +command: "pwninit" +enabled: true + +short_description: "CTF二进制漏洞利用设置工具" + +description: | + Pwninit是一个用于CTF二进制漏洞利用设置的工具,自动配置libc和loader。 + + **主要功能:** + - 自动libc识别 + - Loader配置 + - 模板生成 + - 环境设置 + + **使用场景:** + - CTF挑战 + - 漏洞利用开发 + - 环境配置 + - 安全研究 + +parameters: + - name: "binary" + type: "string" + description: "二进制文件路径" + required: true + position: 0 + format: "positional" + + - name: "libc" + type: "string" + description: "libc文件路径" + required: false + flag: "--libc" + format: "flag" + + - name: "ld" + type: "string" + description: "Loader文件路径" + required: false + flag: "--ld" + format: "flag" + + - name: "template_type" + type: "string" + description: "模板类型(python, c)" + required: false + flag: "--template" + format: "flag" + default: "python" + diff --git a/tools/pwntools.yaml b/tools/pwntools.yaml new file mode 100644 index 00000000..ad4e5608 --- /dev/null +++ b/tools/pwntools.yaml @@ -0,0 +1,48 @@ +name: "pwntools" +command: "python3" +enabled: true + +short_description: "CTF和漏洞利用开发框架" + +description: | + Pwntools是一个CTF和漏洞利用开发框架,用于快速开发漏洞利用程序。 + + **主要功能:** + - 漏洞利用开发 + - 自动化脚本 + - 网络交互 + - 二进制分析辅助 + + **使用场景:** + - CTF挑战 + - 漏洞利用开发 + - 二进制分析 + - 安全研究 + +parameters: + - name: "script_content" + type: "string" + description: "Python脚本内容(使用pwntools)" + required: true + + - name: "target_binary" + type: "string" + description: "本地二进制文件路径" + required: false + + - name: "target_host" + type: "string" + description: "远程主机地址" + required: false + + - name: "target_port" + type: "int" + description: "远程端口" + required: false + + - name: "exploit_type" + type: "string" + description: "漏洞利用类型(local, remote, format_string, rop)" + required: false + default: "local" + diff --git a/tools/qsreplace.yaml b/tools/qsreplace.yaml new file mode 100644 index 00000000..c5ab353c --- /dev/null +++ b/tools/qsreplace.yaml @@ -0,0 +1,33 @@ +name: "qsreplace" +command: "qsreplace" +enabled: true + +short_description: "查询字符串参数替换工具" + +description: | + Qsreplace是一个用于替换URL中查询字符串参数的工具,常用于模糊测试。 + + **主要功能:** + - 参数替换 + - 批量处理 + - 多种替换模式 + - 快速处理 + + **使用场景:** + - 参数模糊测试 + - URL处理 + - 工具链集成 + - 安全测试 + +parameters: + - name: "urls" + type: "string" + description: "要处理的URL(每行一个)" + required: true + + - name: "replacement" + type: "string" + description: "替换字符串" + required: false + default: "FUZZ" + diff --git a/tools/radare2.yaml b/tools/radare2.yaml new file mode 100644 index 00000000..3e8d843b --- /dev/null +++ b/tools/radare2.yaml @@ -0,0 +1,36 @@ +name: "radare2" +command: "r2" +enabled: true + +short_description: "二进制分析和逆向工程框架" + +description: | + Radare2是一个完整的二进制分析和逆向工程框架。 + + **主要功能:** + - 反汇编和反编译 + - 调试支持 + - 脚本支持 + - 多种架构支持 + + **使用场景:** + - 二进制分析 + - 逆向工程 + - 漏洞研究 + - 恶意软件分析 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + position: 0 + format: "positional" + + - name: "commands" + type: "string" + description: "要执行的Radare2命令(分号分隔)" + required: false + flag: "-c" + format: "flag" + diff --git a/tools/responder.yaml b/tools/responder.yaml new file mode 100644 index 00000000..5ff7ac23 --- /dev/null +++ b/tools/responder.yaml @@ -0,0 +1,60 @@ +name: "responder" +command: "responder" +enabled: true + +short_description: "LLMNR/NBT-NS/MDNS投毒和凭据收集工具" + +description: | + Responder是一个LLMNR/NBT-NS/MDNS投毒工具,用于收集网络凭据。 + + **主要功能:** + - LLMNR/NBT-NS投毒 + - 凭据收集 + - WPAD代理 + - 指纹识别 + + **使用场景:** + - 网络渗透测试 + - 凭据收集 + - 横向移动 + - 安全测试 + +parameters: + - name: "interface" + type: "string" + description: "网络接口" + required: false + flag: "-I" + format: "flag" + default: "eth0" + + - name: "analyze" + type: "bool" + description: "仅分析模式" + required: false + flag: "-A" + format: "flag" + default: false + + - name: "wpad" + type: "bool" + description: "启用WPAD恶意代理" + required: false + flag: "-w" + format: "flag" + default: true + + - name: "fingerprint" + type: "bool" + description: "指纹识别模式" + required: false + flag: "-f" + format: "flag" + default: false + + - name: "duration" + type: "int" + description: "运行持续时间(秒)" + required: false + default: 300 + diff --git a/tools/ropgadget.yaml b/tools/ropgadget.yaml new file mode 100644 index 00000000..62db66fe --- /dev/null +++ b/tools/ropgadget.yaml @@ -0,0 +1,36 @@ +name: "ropgadget" +command: "ROPgadget" +enabled: true + +short_description: "ROP gadget搜索工具" + +description: | + ROPgadget是一个用于在二进制文件中搜索ROP gadget的工具。 + + **主要功能:** + - ROP gadget搜索 + - 多种架构支持 + - Gadget分类 + - 利用链生成 + + **使用场景:** + - 二进制分析 + - 漏洞利用开发 + - ROP链构建 + - 安全研究 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + position: 0 + format: "positional" + + - name: "gadget_type" + type: "string" + description: "要搜索的gadget类型" + required: false + flag: "--gadgets" + format: "flag" + diff --git a/tools/ropper.yaml b/tools/ropper.yaml new file mode 100644 index 00000000..e60d5967 --- /dev/null +++ b/tools/ropper.yaml @@ -0,0 +1,59 @@ +name: "ropper" +command: "ropper" +enabled: true + +short_description: "高级ROP/JOP gadget搜索工具" + +description: | + Ropper是一个高级ROP/JOP gadget搜索工具,用于漏洞利用开发。 + + **主要功能:** + - ROP/JOP gadget搜索 + - Gadget质量评估 + - 多种架构支持 + - 利用链生成 + + **使用场景:** + - 漏洞利用开发 + - ROP链构建 + - 二进制分析 + - 安全研究 + +parameters: + - name: "binary" + type: "string" + description: "要分析的二进制文件路径" + required: true + flag: "--file" + format: "flag" + + - name: "gadget_type" + type: "string" + description: "Gadget类型(rop, jop, sys, all)" + required: false + flag: "--type" + format: "flag" + default: "rop" + + - name: "quality" + type: "int" + description: "Gadget质量级别(1-5)" + required: false + flag: "--quality" + format: "flag" + default: 1 + + - name: "arch" + type: "string" + description: "目标架构(x86, x86_64, arm等)" + required: false + flag: "--arch" + format: "flag" + + - name: "search_string" + type: "string" + description: "要搜索的特定gadget模式" + required: false + flag: "--search" + format: "flag" + diff --git a/tools/rpcclient.yaml b/tools/rpcclient.yaml new file mode 100644 index 00000000..5a6b645e --- /dev/null +++ b/tools/rpcclient.yaml @@ -0,0 +1,56 @@ +name: "rpcclient" +command: "rpcclient" +enabled: true + +short_description: "RPC枚举工具" + +description: | + Rpcclient是一个RPC客户端工具,用于枚举Windows/Samba系统信息。 + + **主要功能:** + - RPC枚举 + - 用户和组枚举 + - 域信息查询 + - 系统信息收集 + + **使用场景:** + - Windows系统渗透测试 + - Samba枚举 + - 域环境侦察 + - 安全测试 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址" + required: true + position: 0 + format: "positional" + + - name: "username" + type: "string" + description: "用户名" + required: false + flag: "-U" + format: "flag" + + - name: "password" + type: "string" + description: "密码" + required: false + flag: "-N" + format: "flag" + + - name: "domain" + type: "string" + description: "域名" + required: false + flag: "-W" + format: "flag" + + - name: "commands" + type: "string" + description: "RPC命令(分号分隔)" + required: false + default: "enumdomusers;enumdomgroups;querydominfo" + diff --git a/tools/rustscan.yaml b/tools/rustscan.yaml new file mode 100644 index 00000000..f2c15f95 --- /dev/null +++ b/tools/rustscan.yaml @@ -0,0 +1,51 @@ +name: "rustscan" +command: "rustscan" +enabled: true + +short_description: "超快速端口扫描工具,使用Rust编写" + +description: | + Rustscan是一个用Rust编写的超快速端口扫描工具,可以快速扫描大量端口。 + + **主要功能:** + - 超快速端口扫描 + - 可配置的扫描速度 + - 支持Nmap脚本集成 + - 批量扫描支持 + + **使用场景:** + - 快速端口扫描 + - 大规模网络扫描 + - 渗透测试信息收集 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址或主机名" + required: true + flag: "-a" + format: "flag" + + - name: "ports" + type: "string" + description: "要扫描的端口(如:22,80,443或1-1000)" + required: false + flag: "-p" + format: "flag" + + - name: "ulimit" + type: "int" + description: "文件描述符限制" + required: false + flag: "-u" + format: "flag" + default: 5000 + + - name: "scripts" + type: "bool" + description: "在发现的端口上运行Nmap脚本" + required: false + flag: "--scripts" + format: "flag" + default: false + diff --git a/tools/scout-suite.yaml b/tools/scout-suite.yaml new file mode 100644 index 00000000..588dcde0 --- /dev/null +++ b/tools/scout-suite.yaml @@ -0,0 +1,53 @@ +name: "scout-suite" +command: "scout" +enabled: true + +short_description: "多云安全评估工具" + +description: | + Scout Suite是一个多云安全评估工具,支持AWS、Azure、GCP、Aliyun和OCI。 + + **主要功能:** + - 多云安全评估 + - 配置审计 + - 安全最佳实践检查 + - 详细报告生成 + + **使用场景:** + - 云安全审计 + - 合规性检查 + - 安全评估 + - 云配置审计 + +parameters: + - name: "provider" + type: "string" + description: "云提供商(aws, azure, gcp, aliyun, oci)" + required: false + flag: "--provider" + format: "flag" + default: "aws" + + - name: "profile" + type: "string" + description: "AWS配置文件" + required: false + flag: "--profile" + format: "flag" + default: "default" + + - name: "report_dir" + type: "string" + description: "报告保存目录" + required: false + flag: "--report-dir" + format: "flag" + default: "/tmp/scout-suite" + + - name: "services" + type: "string" + description: "要评估的特定服务" + required: false + flag: "--services" + format: "flag" + diff --git a/tools/smbmap.yaml b/tools/smbmap.yaml new file mode 100644 index 00000000..e7f1fe17 --- /dev/null +++ b/tools/smbmap.yaml @@ -0,0 +1,55 @@ +name: "smbmap" +command: "smbmap" +enabled: true + +short_description: "SMB共享枚举和访问工具" + +description: | + SMBMap是一个用于枚举SMB共享并提供文件访问功能的工具。 + + **主要功能:** + - SMB共享枚举 + - 文件列表和下载 + - 权限检查 + - 支持多种认证方式 + + **使用场景:** + - SMB安全测试 + - 文件共享审计 + - 渗透测试 + - 网络侦察 + +parameters: + - name: "target" + type: "string" + description: "目标IP地址" + required: true + flag: "-H" + format: "flag" + + - name: "username" + type: "string" + description: "用户名" + required: false + flag: "-u" + format: "flag" + + - name: "password" + type: "string" + description: "密码" + required: false + flag: "-p" + format: "flag" + + - name: "domain" + type: "string" + description: "域名" + required: false + flag: "-d" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的SMBMap参数" + required: false + diff --git a/tools/steghide.yaml b/tools/steghide.yaml new file mode 100644 index 00000000..650a33f3 --- /dev/null +++ b/tools/steghide.yaml @@ -0,0 +1,57 @@ +name: "steghide" +command: "steghide" +enabled: true + +short_description: "隐写术分析工具" + +description: | + Steghide是一个隐写术工具,用于在图像和音频文件中隐藏数据。 + + **主要功能:** + - 数据隐藏 + - 数据提取 + - 信息查看 + - 密码保护 + + **使用场景:** + - 隐写术分析 + - 数据隐藏检测 + - 取证分析 + - CTF挑战 + +parameters: + - name: "action" + type: "string" + description: "操作类型(extract, embed, info)" + required: true + position: 0 + format: "positional" + + - name: "cover_file" + type: "string" + description: "载体文件路径" + required: true + position: 1 + format: "positional" + + - name: "embed_file" + type: "string" + description: "要嵌入的文件(embed操作时)" + required: false + flag: "-ef" + format: "flag" + + - name: "passphrase" + type: "string" + description: "密码" + required: false + flag: "-p" + format: "flag" + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + flag: "-sf" + format: "flag" + diff --git a/tools/strings.yaml b/tools/strings.yaml new file mode 100644 index 00000000..5017420f --- /dev/null +++ b/tools/strings.yaml @@ -0,0 +1,36 @@ +name: "strings" +command: "strings" +enabled: true + +short_description: "从二进制文件中提取字符串" + +description: | + Strings工具用于从二进制文件中提取可打印字符串。 + + **主要功能:** + - 字符串提取 + - 可配置最小长度 + - 支持多种文件格式 + + **使用场景:** + - 二进制分析 + - 恶意软件分析 + - 取证分析 + - 逆向工程 + +parameters: + - name: "file_path" + type: "string" + description: "要分析的文件路径" + required: true + position: 0 + format: "positional" + + - name: "min_len" + type: "int" + description: "最小字符串长度" + required: false + flag: "-n" + format: "flag" + default: 4 + diff --git a/tools/subfinder.yaml b/tools/subfinder.yaml new file mode 100644 index 00000000..f2a6f7c2 --- /dev/null +++ b/tools/subfinder.yaml @@ -0,0 +1,50 @@ +name: "subfinder" +command: "subfinder" +enabled: true + +short_description: "被动子域名发现工具,使用多个数据源" + +description: | + Subfinder是一个被动子域名发现工具,通过查询多个数据源来发现子域名。 + + **主要功能:** + - 被动子域名发现 + - 多个数据源集成 + - 快速扫描 + - 支持API密钥配置 + + **使用场景:** + - 子域名枚举 + - 资产发现 + - Bug bounty侦察 + - 渗透测试信息收集 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + flag: "-d" + format: "flag" + + - name: "silent" + type: "bool" + description: "静默模式" + required: false + default: true + flag: "-silent" + format: "flag" + + - name: "all_sources" + type: "bool" + description: "使用所有数据源" + required: false + default: false + flag: "-all" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的Subfinder参数" + required: false + diff --git a/tools/terrascan.yaml b/tools/terrascan.yaml new file mode 100644 index 00000000..dd726591 --- /dev/null +++ b/tools/terrascan.yaml @@ -0,0 +1,60 @@ +name: "terrascan" +command: "terrascan" +enabled: true + +short_description: "基础设施即代码安全扫描工具" + +description: | + Terrascan是一个基础设施即代码安全扫描工具,用于检测IaC配置中的安全问题。 + + **主要功能:** + - IaC安全扫描 + - 多种框架支持 + - 策略检查 + - 合规性验证 + + **使用场景:** + - IaC安全扫描 + - 云配置审计 + - 安全策略检查 + - 合规性检查 + +parameters: + - name: "scan_type" + type: "string" + description: "扫描类型(all, terraform, k8s等)" + required: false + flag: "--scan-type" + format: "flag" + default: "all" + + - name: "iac_dir" + type: "string" + description: "IaC目录" + required: false + flag: "-d" + format: "flag" + default: "." + + - name: "policy_type" + type: "string" + description: "要使用的策略类型" + required: false + flag: "--policy-type" + format: "flag" + + - name: "output_format" + type: "string" + description: "输出格式(json, yaml, xml)" + required: false + flag: "--output" + format: "flag" + default: "json" + + - name: "severity" + type: "string" + description: "严重程度过滤(high, medium, low)" + required: false + flag: "--severity" + format: "flag" + diff --git a/tools/trivy.yaml b/tools/trivy.yaml new file mode 100644 index 00000000..4107c939 --- /dev/null +++ b/tools/trivy.yaml @@ -0,0 +1,50 @@ +name: "trivy" +command: "trivy" +enabled: true + +short_description: "容器和文件系统漏洞扫描器" + +description: | + Trivy是一个简单而全面的容器和文件系统漏洞扫描器。 + + **主要功能:** + - 容器镜像扫描 + - 文件系统扫描 + - 代码仓库扫描 + - 配置文件扫描 + + **使用场景:** + - 容器安全扫描 + - CI/CD集成 + - 漏洞检测 + - 安全审计 + +parameters: + - name: "scan_type" + type: "string" + description: "扫描类型(image, fs, repo, config)" + required: false + default: "image" + + - name: "target" + type: "string" + description: "扫描目标(镜像名、目录、仓库)" + required: true + position: 0 + format: "positional" + + - name: "severity" + type: "string" + description: "严重程度过滤(UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)" + required: false + flag: "--severity" + format: "flag" + + - name: "output_format" + type: "string" + description: "输出格式(json, table, sarif)" + required: false + flag: "--format" + format: "flag" + default: "json" + diff --git a/tools/uro.yaml b/tools/uro.yaml new file mode 100644 index 00000000..c4e24040 --- /dev/null +++ b/tools/uro.yaml @@ -0,0 +1,37 @@ +name: "uro" +command: "uro" +enabled: true + +short_description: "URL过滤工具,用于过滤相似的URL" + +description: | + Uro是一个URL过滤工具,用于过滤掉相似的URL,去除重复项。 + + **主要功能:** + - URL去重 + - 相似URL过滤 + - 白名单/黑名单支持 + - 快速处理 + + **使用场景:** + - URL去重 + - 结果过滤 + - 数据清理 + - 工具链集成 + +parameters: + - name: "urls" + type: "string" + description: "要过滤的URL(每行一个)" + required: true + + - name: "whitelist" + type: "string" + description: "白名单模式" + required: false + + - name: "blacklist" + type: "string" + description: "黑名单模式" + required: false + diff --git a/tools/volatility.yaml b/tools/volatility.yaml new file mode 100644 index 00000000..b52c48b6 --- /dev/null +++ b/tools/volatility.yaml @@ -0,0 +1,43 @@ +name: "volatility" +command: "volatility" +enabled: true + +short_description: "内存取证分析工具" + +description: | + Volatility是一个内存取证框架,用于从内存转储中提取数字证据。 + + **主要功能:** + - 内存转储分析 + - 进程列表提取 + - 网络连接分析 + - 文件系统重建 + + **使用场景:** + - 内存取证 + - 恶意软件分析 + - 事件响应 + - 数字取证 + +parameters: + - name: "memory_file" + type: "string" + description: "内存转储文件路径" + required: true + flag: "-f" + format: "flag" + + - name: "plugin" + type: "string" + description: "要使用的Volatility插件" + required: true + position: 0 + format: "positional" + + - name: "profile" + type: "string" + description: "内存配置文件" + required: false + flag: "--profile" + format: "flag" + diff --git a/tools/volatility3.yaml b/tools/volatility3.yaml new file mode 100644 index 00000000..c444ea2c --- /dev/null +++ b/tools/volatility3.yaml @@ -0,0 +1,43 @@ +name: "volatility3" +command: "volatility" +enabled: true + +short_description: "Volatility3内存取证分析工具" + +description: | + Volatility3是Volatility框架的下一代版本,用于内存取证分析。 + + **主要功能:** + - 内存转储分析 + - 高级插件系统 + - 改进的性能 + - 更好的文档 + + **使用场景:** + - 内存取证 + - 恶意软件分析 + - 事件响应 + - 数字取证 + +parameters: + - name: "memory_file" + type: "string" + description: "内存转储文件路径" + required: true + flag: "-f" + format: "flag" + + - name: "plugin" + type: "string" + description: "要执行的Volatility3插件" + required: true + position: 0 + format: "positional" + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + flag: "-o" + format: "flag" + diff --git a/tools/wafw00f.yaml b/tools/wafw00f.yaml new file mode 100644 index 00000000..58f33797 --- /dev/null +++ b/tools/wafw00f.yaml @@ -0,0 +1,29 @@ +name: "wafw00f" +command: "wafw00f" +enabled: true + +short_description: "WAF识别和指纹识别工具" + +description: | + Wafw00f是一个Web应用防火墙(WAF)识别和指纹识别工具。 + + **主要功能:** + - WAF检测 + - WAF指纹识别 + - 多种WAF支持 + - 绕过技术检测 + + **使用场景:** + - WAF识别 + - 安全测试 + - 渗透测试 + - 安全评估 + +parameters: + - name: "target" + type: "string" + description: "目标URL或IP" + required: true + position: 0 + format: "positional" + diff --git a/tools/waybackurls.yaml b/tools/waybackurls.yaml new file mode 100644 index 00000000..b5110179 --- /dev/null +++ b/tools/waybackurls.yaml @@ -0,0 +1,44 @@ +name: "waybackurls" +command: "waybackurls" +enabled: true + +short_description: "从Wayback Machine获取历史URL" + +description: | + Waybackurls从Wayback Machine获取目标域名的历史URL。 + + **主要功能:** + - 历史URL发现 + - 版本获取 + - 子域名支持 + + **使用场景:** + - 历史URL收集 + - Bug bounty侦察 + - 安全测试 + - 内容发现 + +parameters: + - name: "domain" + type: "string" + description: "目标域名" + required: true + position: 0 + format: "positional" + + - name: "get_versions" + type: "bool" + description: "获取所有版本的URL" + required: false + flag: "-get-versions" + format: "flag" + default: false + + - name: "no_subs" + type: "bool" + description: "不包含子域名" + required: false + flag: "-no-subs" + format: "flag" + default: false + diff --git a/tools/wfuzz.yaml b/tools/wfuzz.yaml new file mode 100644 index 00000000..a04dbc90 --- /dev/null +++ b/tools/wfuzz.yaml @@ -0,0 +1,36 @@ +name: "wfuzz" +command: "wfuzz" +enabled: true + +short_description: "Web应用模糊测试工具" + +description: | + Wfuzz是一个Web应用模糊测试工具,用于发现Web应用中的漏洞。 + + **主要功能:** + - Web应用模糊测试 + - 参数发现 + - 目录发现 + - 多种过滤器 + + **使用场景:** + - Web应用安全测试 + - 参数模糊测试 + - 目录枚举 + - 漏洞发现 + +parameters: + - name: "url" + type: "string" + description: "目标URL(使用FUZZ作为占位符)" + required: true + flag: "-u" + format: "flag" + + - name: "wordlist" + type: "string" + description: "字典文件路径" + required: false + flag: "-w" + format: "flag" + diff --git a/tools/wpscan.yaml b/tools/wpscan.yaml new file mode 100644 index 00000000..bc0e1db7 --- /dev/null +++ b/tools/wpscan.yaml @@ -0,0 +1,35 @@ +name: "wpscan" +command: "wpscan" +enabled: true + +short_description: "WordPress安全扫描器,用于检测WordPress漏洞" + +description: | + WPScan是专门用于WordPress安全扫描的工具,可以检测主题、插件和核心漏洞。 + + **主要功能:** + - WordPress核心漏洞检测 + - 主题和插件漏洞扫描 + - 用户枚举 + - 密码暴力破解 + - 安全配置检查 + + **使用场景:** + - WordPress安全评估 + - 漏洞扫描 + - 渗透测试 + - 安全审计 + +parameters: + - name: "url" + type: "string" + description: "WordPress站点URL" + required: true + flag: "--url" + format: "flag" + + - name: "additional_args" + type: "string" + description: "额外的WPScan参数" + required: false + diff --git a/tools/x8.yaml b/tools/x8.yaml new file mode 100644 index 00000000..3028cb7d --- /dev/null +++ b/tools/x8.yaml @@ -0,0 +1,59 @@ +name: "x8" +command: "x8" +enabled: true + +short_description: "隐藏参数发现工具" + +description: | + X8是一个用于发现Web应用中隐藏参数的工具。 + + **主要功能:** + - 隐藏参数发现 + - 多种HTTP方法支持 + - 自定义字典 + - 快速扫描 + + **使用场景:** + - 参数发现 + - Web应用安全测试 + - Bug bounty侦察 + - 安全测试 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "--url" + format: "flag" + + - name: "wordlist" + type: "string" + description: "参数字典" + required: false + flag: "--wordlist" + format: "flag" + default: "/usr/share/wordlists/x8/params.txt" + + - name: "method" + type: "string" + description: "HTTP方法" + required: false + flag: "--method" + format: "flag" + default: "GET" + + - name: "body" + type: "string" + description: "请求体" + required: false + flag: "--body" + format: "flag" + + - name: "headers" + type: "string" + description: "自定义请求头" + required: false + flag: "--headers" + format: "flag" + diff --git a/tools/xsser.yaml b/tools/xsser.yaml new file mode 100644 index 00000000..c2102dd6 --- /dev/null +++ b/tools/xsser.yaml @@ -0,0 +1,36 @@ +name: "xsser" +command: "xsser" +enabled: true + +short_description: "XSS漏洞测试工具" + +description: | + XSSer是一个自动化XSS漏洞测试工具。 + + **主要功能:** + - XSS漏洞检测 + - 多种XSS技术 + - 自动化测试 + - 报告生成 + + **使用场景:** + - XSS漏洞测试 + - Web应用安全测试 + - 渗透测试 + - 漏洞验证 + +parameters: + - name: "url" + type: "string" + description: "目标URL" + required: true + flag: "--url" + format: "flag" + + - name: "params" + type: "string" + description: "要测试的参数" + required: false + flag: "--Fp" + format: "flag" + diff --git a/tools/xxd.yaml b/tools/xxd.yaml new file mode 100644 index 00000000..22354397 --- /dev/null +++ b/tools/xxd.yaml @@ -0,0 +1,44 @@ +name: "xxd" +command: "xxd" +enabled: true + +short_description: "十六进制转储工具" + +description: | + Xxd是一个十六进制转储工具,用于以十六进制格式显示文件内容。 + + **主要功能:** + - 十六进制转储 + - 可配置偏移和长度 + - 反向转换 + - 多种输出格式 + + **使用场景:** + - 二进制分析 + - 文件检查 + - 数据提取 + - 取证分析 + +parameters: + - name: "file_path" + type: "string" + description: "要转储的文件路径" + required: true + position: 0 + format: "positional" + + - name: "offset" + type: "string" + description: "开始读取的偏移量" + required: false + flag: "-s" + format: "flag" + default: "0" + + - name: "length" + type: "string" + description: "要读取的字节数" + required: false + flag: "-l" + format: "flag" + diff --git a/tools/zap.yaml b/tools/zap.yaml new file mode 100644 index 00000000..eb237330 --- /dev/null +++ b/tools/zap.yaml @@ -0,0 +1,75 @@ +name: "zap" +command: "zap-cli" +enabled: true + +short_description: "OWASP ZAP Web应用安全扫描器" + +description: | + OWASP ZAP是一个Web应用安全扫描器,用于发现Web应用中的安全漏洞。 + + **主要功能:** + - Web应用安全扫描 + - 主动和被动扫描 + - API测试 + - 详细报告 + + **使用场景:** + - Web应用安全测试 + - 漏洞扫描 + - 安全评估 + - 渗透测试 + +parameters: + - name: "target" + type: "string" + description: "目标URL" + required: true + flag: "-t" + format: "flag" + + - name: "scan_type" + type: "string" + description: "扫描类型(baseline, full, api)" + required: false + flag: "--scan-type" + format: "flag" + default: "baseline" + + - name: "api_key" + type: "string" + description: "ZAP API密钥" + required: false + flag: "--api-key" + format: "flag" + + - name: "daemon" + type: "bool" + description: "以守护进程模式运行" + required: false + flag: "--daemon" + format: "flag" + default: false + + - name: "port" + type: "string" + description: "ZAP守护进程端口" + required: false + flag: "--port" + format: "flag" + default: "8090" + + - name: "format_type" + type: "string" + description: "输出格式(xml, json, html)" + required: false + flag: "--format" + format: "flag" + default: "xml" + + - name: "output_file" + type: "string" + description: "输出文件路径" + required: false + flag: "--output" + format: "flag" +