一款Windows渗透测试工具仓库

科技   2024-10-09 09:11   重庆  

SCOOP介绍

Scoop是一款适用于Windows平台的命令行软件(包)管理工具。简单来说,就是可以通过命令行工具(PowerShell、CMD等)实现软件(包)的安装管理等需求,通过简单的一行代码实现软件的下载、安装、卸载、更新等操作。

Scoop bucket 就是一个软件仓库,本项目旨在服务于项目Pentest-Windows,提供windows渗透测试环境工具进行快捷安装、管理和自动更新。

scoop基础使用

官网安装说明书: ScoopInstaller

  1. 1. 先决条件

  • • PowerShell最新版本或Windows PowerShell 5.1

  • 2. PowerShell执行策略:Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

  • 3. 下载安装脚本,在Powershell中执行以下命令irm get.scoop.sh -outfile 'install.ps1'

  • 4. 管理员执行安装脚本.\install.ps1 -RunAsAdmin -ScoopDir 'D:\Base' -ScoopGlobalDir 'D:\Global' -NoProxy其中-RunAsAdmin是使用管理员角色执行脚本,-ScoopDir指定scoop安装目录,软件默认安装在此。-ScoopGlobalDir指定全局程序安装到自定义目录。

  • 5. 安装应用程序scoop install xxxxx -gxxxx 为所要安装的软件名称,-g指定程序安装到自定义目录,不加-g选项则安装到默认目录-g

  • 安装该软件仓库中的软件

    确保你已经有 Scoop 环境后,执行以下命令订阅本软件仓库:

    scoop bucket add ar https://github.com/arch3rPro/PST-Bucket

    执行以下命令安装本仓库中的软件:

    scoop install ar/<软件名> -g

    例如

    scoop install ar/xray -g
    scoop install ar/windterm -g
    scoop install ar/nuclei -g
    scoop install ar/afrog -g
    scoop install ar/antsword -g
    .......

    大多数情况下,是可以省略 ar/,只需要执行类似 scoop install nuclei -g 的命令

    软件自动更新

    这个仓库已经添加 github ci 自动化,每隔几个小时会自动更新所有软件到最新版本

    使用者可以自行在系统中加个定时任务,这样就能自动更新 scoop 软件了,当然也可以手工更新

    scoop update *

    单个软件的更新可以使用下列命令,大多数情况下软件名不重复的话,可以省略 ar/,只需要执行类似 scoop update xray 的命令

    scoop update ar/xray
    scoop update ar/windterm
    scoop update ar/screentogif
    .......

    现有适配软件

    关注持续更新, 有问题提 issue


    软件描述官网地址
    scoop install afrogafrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 - A tool for finding vulnerabilitieshttps://github.com/zan8in/afrog
    scoop install antsword中国蚁剑加载器,安装完成后需要初始化https://github.com/AntSwordProject/AntSword-Loader
    scoop install av_evasion_tool掩日 - 免杀执行器生成工具https://github.com/1y0n/AV_Evasion_Tool
    scoop install bantamA PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.shttps://github.com/gellin/bantam
    scoop install behinder“冰蝎”动态二进制加密网站管理客户端https://github.com/rebeyond/Behinder
    scoop install beroot本地提权辅助工具 - Privilege Escalation Project - Windows / Linux / Machttps://github.com/AlessandroZ/BeRoot
    scoop install broxyGO编写的HTTP协议代理抓包工具 -An HTTP/HTTPS intercept proxy written in Go.https://github.com/rhaidiz/broxy
    scoop install burpsuiteBurpsuite 吾爱破解版,需自行检测后门,安装后需注册https://www.52pojie.cn/thread-1544866-1-1.html
    scoop install burpsuite-npBurpsuite 官方版,安装后需注册https://portswigger.net/
    scoop install cobaltstrikecobaltstrike 雨苁大佬版https://www.ddosi.org/?s=cobalt+strike
    scoop install ctct 是一款性简单易用的域名爆破工具https://github.com/knownsec/ct
    scoop install dalfox🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.https://github.com/hahwul/dalfox
    scoop install DeimosC2DeimosC2 is a Golang command and control framework for post-exploitation.https://github.com/DeimosC2/DeimosC2
    scoop install digdig (domain information groper) is a flexible tool for interrogating DNS name servershttps://www.isc.org/bind/
    scoop install dirbusterDirBuster是一个多线程的基于Java的应用程序设计用于暴力破解Web 应用服务器上的目录名和文件名的工具https://sourceforge.net/projects/dirbuster/
    scoop install dnsxA fast and multi-purpose DNS toolkit allow to run multiple DNS querieshttps://github.com/projectdiscovery/dnsx
    scoop install eholeEHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具https://github.com/EdgeSecurityTeam/EHole
    scoop install feroxbuster用 Rust 编写的快速、简单、递归的内容发现工具https://github.com/epi052/feroxbuster
    scoop install ffufFast web fuzzer written in Gohttps://github.com/ffuf/ffuf
    scoop install finalshell国产软件 FinalShell SSH 工具,服务器管理,远程桌面加速软件,支持 Windows,macOS,Linuxhttps://www.hostbuf.com/t/988.html
    scoop install fluentsearch支持工作流的高颜值 Windows 搜索启动器https://www.fluentsearch.net/
    scoop install fscan一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描https://github.com/shadow1ng/fscan
    scoop install girshAutomatically spawn a reverse shell fully interactive for Linux or Windows victimhttps://github.com/nodauf/Girsh
    scoop install gitrobReconnaissance tool for GitHub organizationshttps://github.com/michenriksen/gitrob
    scoop install goby新一代网络安全技术,通过为目标建立完整的资产数据库,实现快速的安全应急https://gobysec.net/
    scoop install godzilla哥斯拉WebShell管理工具https://github.com/BeichenDream/Godzilla
    scoop install goproxy🔥 Proxy是一个高性能的http代理、https代理、socks5代理、内网穿透代理服务器https://github.com/snail007/goproxy/
    scoop install govenomGenerate MSFVenom shells in command line :) 作者自己写的辣鸡工具https://github.com/arch3rPro/Govenom
    scoop install hettyAn HTTP toolkit for security research.https://hetty.xyz
    scoop install hackbrowserdata一款可全平台运行的浏览器数据导出解密工具https://github.com/moonD4rk/HackBrowserData
    scoop install httpxhttpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threadshttps://projectdiscovery.io
    scoop install hydra著名的密码爆破工具windows版本https://github.com/maaaaz/thc-hydra-windows
    scoop install interactshAn OOB interaction gathering server and client libraryhttps://app.interactsh.com
    scoop install jar-analyzer一个用于分析 Jar 包的 GUI 工具,可以用多种方式搜索你想要的信息,自动构建方法调用关系,支持分析 Spring 框架(A Java GUI Tool for Analyzing Jar)https://github.com/4ra1n/jar-analyzer
    scoop install jndinjector一个高度可定制化的 JNDI 和 Java 反序列化利用工具https://github.com/rebeyond/JNDInjector
    scoop install johnnyGUI frontend to John the Ripper password crackerhttps://openwall.info/wiki/john/johnny
    scoop install john-the-ripperJohn the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAshttps://www.openwall.com/john/
    scoop install katanaA next-generation crawling and spidering frameworkhttps://github.com/projectdiscovery/katana
    scoop install kscanKscan 是一款纯 go 开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议 1200+,协议指纹 10000+,应用指纹 2000+,暴力破解协议 10 余种。https://github.com/lcvvvv/kscan
    scoop install ksubdomainSubdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 secondhttps://github.com/boy-hack/ksubdomain
    scoop install layerdomainfinderLayer子域名挖掘机是一款域名查询工具,可提供网站子域名查询服务https://github.com/euphrat1ca/LayerDomainFinder
    scoop install masscanMass IP port scanner 快速端口扫描工具https://github.com/robertdavidgraham/masscan
    scoop install mateuszexbypass AV生成工具https://github.com/sairson/MateuszEx
    scoop install mayeMaye 一个简洁小巧的快速启动工具https://blog.arae.cc/post/25830.html
    scoop install mdutMDUT - Multiple Database Utilization Toolshttps://github.com/SafeGroceryStore/MDUT
    scoop install mimikatz一款功能强大的轻量级调试神器,通常用来获取系统账号密码https://github.com/gentilkiwi/mimikatz
    scoop install myexploit一款扩展性高的渗透测试框架渗透测试框架端https://github.com/achuna33/MYExploit
    scoop install naabuprojectdiscovery/naabu: A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentestshttps://github.com/projectdiscovery/naabu/
    scoop install natpass🔥居家办公,远程开发神器https://github.com/lwch/natpass
    scoop install netsparker综合型的web应用安全漏洞扫描工具https://www.invicti.com/
    scoop install nimscan一款快速端口扫描器https://github.com/elddy/NimScan
    scoop install nps十分强大的内网穿透代理工具,自带WebUI管理端https://github.com/ehang-io/nps
    scoop install nuclei基于简单的基于 YAML 的 DSL 的快速且可定制的漏洞扫描器https://nuclei.projectdiscovery.io
    scoop install observerward跨平台社区网页指纹识别工具https://0x727.github.io/ObserverWard/
    scoop install oneforallOneForAll是一款功能强大的子域收集工具https://github.com/shmilylty/OneForAll
    scoop install pagodopagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searchinghttps://github.com/opsdisk/pagodo
    scoop install peass-ngPEASS - 非常牛逼的特权升级查询工具https://github.com/carlospolop/PEASS-ng
    scoop install phpenv专业优雅强大的PHP集成环境https://www.phpenv.cn/
    scoop install platypus🔨用 go 编写的现代多反向 shell 会话管理器https://github.com/WangYihang/Platypus
    scoop install portforwardGolang开发的端口转发工具,解决某些场景下内外网无法互通的问题https://github.com/knownsec/PortForward
    scoop install postman-cnPostman中文版, Complete API development environmenthttps://github.com/hlmd/postman-cn
    scoop install PowerRunPowerRun (Run with highest privileges) 可以使用 TrustedInstaller/System 的权限来启动一些程序https://www.sordum.org/downloads/?power-run
    scoop install PrintNotifyPotato又一个土豆,使用PrintNotify COM服务进行提权https://github.com/BeichenDream/PrintNotifyPotatog
    scoop install proguardProGuard, Java optimizer and obfuscatorhttps://github.com/Guardsquare/proguard
    scoop install pyxispyxis可以自动识别http和https请求,并获取响应头、状态码、响应大小、响应时间、指纹识别工具(favicon has、service、CMS、framework等)https://github.com/zan8in/pyxis
    scoop install quake_rsQuake搜索引擎-命令行工具https://quake.360.cn
    scoop install quasarWindows远程管理工具-RAThttps://github.com/quasar/Quasar
    scoop install rad一款专为安全扫描而生的浏览器爬虫https://github.com/chaitin/rad
    scoop install rakshasa基于go编写的跨平台、稳定、隐秘的多级代理内网穿透工具https://github.com/Mob2003/rakshasa
    scoop install RegConverterReg Converter is a portable freeware utility to convert .reg data to .bat, .vbs, or .au3. (RegConverter 可以将.reg 文件转换为.bat,.vbs 或.au3。这对于需要管理员权限才能合并到注册表中的文件或无人参与的自动化安装时特别有用。)https://www.sordum.org/downloads/?reg-converter
    scoop install reverse_ssh基于SSH的反弹shell工具https://github.com/NHAS/reverse_ssh
    scoop install rport适用于 Windows、macOS 和 Linux 的自托管开源远程管理解决方案https://github.com/realvnc-labs/rport
    scoop install rubick基于 electron 的开源工具箱,自由集成丰富插件(类uTools工具)https://rubickcenter.github.io/rubick/
    scoop install rustcat现代端口侦听器和反向shell,用Rust编写的类netcat工具https://github.com/robiot/rustcat
    scoop install scan4all官方仓库vuls扫描:15000+PoC;23种应用密码破解;7000+网页指标;146个协议和90000+条规则端口扫描;Fuzz, HW,很棒的BugBounty(͡°͜ʖ͡°)...https://github.com/hktalent/scan4all
    scoop install scaninfo红队快速漏洞扫描工具https://github.com/redtoolskobe/scaninfo
    scoop install screentogifScreen, webcam and sketchboard recorder with an integrated editor.https://www.screentogif.com/
    scoop install searchdiggityGoogle Hacking Diggity是一个利用搜索引擎(如 Google、Bing)快速识别系统弱点和敏感数据的工具集项目https://resources.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/
    scoop install shellcodeloadershellcode加载器https://github.com/knownsec/shellcodeloader
    scoop install skyscorpion基于冰蝎加密流量进行WebShell通信管理客户端https://github.com/shack2/skyscorpion
    scoop install sliverAdversary Emulation Frameworkhttps://github.com/BishopFox/sliver
    scoop install socatSocat 是Linux 下的一个多功能的网络工具,此处为非官方的windows版本https://github.com/StudioEtrange/socat-windows
    scoop install stowaway渗透测试多层网络代理、跳板工具https://github.com/ph4ntonn/Stowaways
    scoop install subfinderSubfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testinghttps://projectdiscovery.io
    scoop install suo5一款高性能 HTTP 代理隧道工具A high-performance http proxy tunneling tool
    scoop install super-xrayXRAY GUI Starter (Web Vulnerability Scanner)https://github.com/4ra1n/super-xray
    scoop install termiteTool for tunnel (Version 2)https://github.com/rootkiter/Termite
    scoop install tidefingerTideFinger——指纹识别小工具,汲取整合了多个web指纹库,结合了多种指纹检测方法,让指纹检测更快捷、准确https://github.com/TideSec/TideFinger
    scoop install transfer集合多个 API 的大文件传输工具https://github.com/Mikubill/transfer
    scoop install txportmap端口扫描、指纹识别工具https://github.com/4dogs-cn/TXPortMap
    scoop install venom渗透测试多层网络代理、跳板工具https://github.com/Dliv3/Venom
    scoop install verycapture支持长截图,矩形截图,延时截图,任意区域截图,gif 录制,录屏,ocr 翻译等功能https://verycapture.com/cn/download.html
    scoop install vscan开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)https://github.com/veo/vscan
    scoop install w3cschoolw3cschool 离线版,包含 HTML,CSS,Javascript,jQuery,C,PHP,Java,Python,Sql,Mysql 等编程语言和开源技术的在线教程及使用手册https://www.w3cschool.cn
    scoop install webpathbrute7kbscan-WebPathBrute Web路径暴力探测工具https://github.com/7kbstorm/7kbscan-WebPathBrute
    scoop install webshell_generate用于生成各类免杀 webshellhttps://github.com/cseroad/Webshell_Generate
    scoop install websocatA command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions.https://github.com/vi/websocat
    scoop install windtermA professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.https://github.com/kingToolbox/WindTerm
    scoop install windynamicdesktopPort of macOS Mojave Dynamic Desktop feature to Windows 10https://github.com/t1m0thyj/WinDynamicDesktop
    scoop install wubwub 彻底关闭 Win10 自动更新工具(Windows Update Blocker)https://www.sordum.org/downloads/?st-windows-update-blocker
    scoop install xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 pochttps://github.com/chaitin/xray
    scoop install yakit交互式应用安全测试平台,安装成功后需手动启动并初始化本地引擎https://github.com/yaklang/yakit
    scoop install ysomapJava反序列化利用工具-很棒https://github.com/wh1t3p1g/ysomap
    scoop install yujianportscan一个基于VB.NET + IOCP模型开发的高效端口扫描工具,支持IP区间合并,端口区间合并,端口指纹深度探测。https://github.com/foryujian/yujianportscan

    项目地址

    https://github.com/arch3rPro/PST-Bucket

    推荐关注

    乌雲安全
    乌雲安全,致力于网络安全攻防、内网渗透、代码审计、安卓逆向、CTF比赛、应急响应、安全运维、安全架构、linux技巧等技术干货分享。
     最新文章