Awesome
hack-er-tools:应急响应工具包
USE AT YOUR OWN RISK!
工具/资源皆来源于网络
部分工具较大,只提供下载链接
欢迎大家补充和推荐!
pdf下载:https://github.com/theLSA/hack-er-tools/releases/download/1.0/hack-er-tools.pdf
应急响应指南:https://github.com/theLSA/emergency-response-checklist
目录
- AV(av/)
- 信息收集(getinfo/)
- 日志分析(log-check/)
- 进程分析(process-check/)
- webshell检测(webshell-check/)
- 挖矿检测(miner-check/)
- 勒索检测(ransomware-check/)
- RAT检测(rat-check/)
- EXP检测(exp-check/)
- 综合分析工具(synthesis/)
- misc(misc/)
- 病毒分析
- 威胁情报
- 勒索解密
- 病毒样本
- 动态
- 应急教程
- 相关项目
AV(av/)
clamav.tar.gz:linux下的杀毒软件<br/> hrsword.exe:火绒剑<br/> md_setup_en.exe:360的,类似火绒剑,只能32位win使用<br/> safedogwzApache.exe:安全狗apache版<br/> SfabAntiBot_x64(x86).7z:深信服的查杀软件<br/> 卡巴斯基:http://devbuilds.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe <br/> 大蜘蛛:http://free.drweb.ru/download+cureit+free <br/> 火绒安全软件:https://www.huorong.cn <br/> 360杀毒:http://sd.360.cn/download_center.html <br/> asiainfo-sec:http://support.asiainfo-sec.com/Anti-Virus/ <br/>
信息收集(getinfo/)
Emergency-master:应急响应信息收集的脚本<br/> GScan-master:实现主机侧Checklist的自动全面化检测<br/> LinEnum-master:Scripted Local Linux Enumeration & Privilege Escalation Checks <br/> LinuxCheck-master:一个linux信息搜集小脚本 主要用于应急响应<br/>
日志分析(log-check/)
Fastir_Collector_Linux-master:This tool collects different artefacts on live Linux and records the results in csv files<br/> logC<br/> LogViewer:一个通用的日志查看器<br/> LPSV2.D2<br/> OkCat:强大的日志处理组件<br/> misc:收集的一些杂项日志分析工具<br/> Request-log-analyzer:This is a simple command line tool to analyze request log files in various formats to produce a performance report<br/> SR_LogAnalyzer:辅助网络安全应急响应,自动化的分析日志,找出入侵行为<br/> USBLogView v1.25:USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system<br/> web/apache:一些apache日志分析工具<br/> web/iis:一些iis日志分析工具<br/> web/nginx:一些nginx日志分析工具<br/> web/tomcat:一些tomcat日志分析工具<br/> AWStats:AWStats (Advanced Web Statistics) is a powerful, full-featured web server<br/> logfile analyzer which shows you all your Web statistics<br/> GoAccess:real-time web log analyzer<br/> web-log-parser:开源的分析web日志工具,采用python语言开发,具有灵活的日志格式配置<br/> windows/:一些windows系统日志分析工具<br/> linux/:一些linux系统日志分析工具<br/> xingtu_full<br/> xlog:基于flex & bison的web日志扫描工具<br/>
进程分析(process-check/)
Process Hacker:a powerful free and open source process viewer<br/> processlassosetup64.exe<br/>
流量检测
wireshark<br/>
rootkit检测(rat-check/)
chkrootkit-m 0.2:a chkrootkit Python port for mobile phones<br/> rkhunter-1.4.6.tar.gz<br/> Tyton:Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+<br/>
webshell检测(webshell-check/)
d-dun/:d盾<br/> hm/:河马webshell扫描器<br/> PHP-Shell-Detector-master.zip:Web Shell Detector<br/> safedog/:安全狗<br/> WebShellKillerForLinux.tar.gz<br/> WebShellKillerTool.rar<br/> sangfor:http://edr.sangfor.com.cn/backdoor_detection.html <br/> Safe3<br/>
挖矿检测(miner-check/)
DDG_MalWare_Clean_Tool-master.zip<br/> whatMiner-master.zip:整理和收集遇见的各种恶意挖矿样本以供研究和学习之用<br/>
勒索检测(ransomware-check/)
banlangen:一个基于注册表,用于免疫WannaCrypt勒索蠕虫的小脚本<br/> BDGandCrabDecryptTool.exe<br/> clear_seasame.sh<br/>
RAT检测(rat-check/)
rat-check/<br/>
EXP检测(exp-check/)
linux-exploit-suggester-master.zip<br/> Windows-Exploit-Suggester-master.zip<br/>
综合分析工具(synthesis/)
EmergencyResponse-master.zip<br/> LinuxEmergency:Linux下的应急工具,支持CentOS系统和RedHat系统<br/> linux:linux安全检查<br/> Loki:Simple IOC Scanner<br/> Lynis:Security auditing and hardening tool, for UNIX-based systems.<br/> PCHunter_free.zip<br/> PowerTool_2.0_PortableSoft.7z<br/> security_check:收集各类安全检查脚本<br/> SysinternalsSuite.zip:microsoft的工具包<br/> VirusCheckTools:基于行为特征进行快速匹配病毒专杀工具<br/> windows-emergency-servicetools-master.zip:windows下一款可视化,一键检测辅助应急工具,生成数据采集、关联报告<br/> Windowsxtaqjcjb_bat_jb51.rar:windows系统安全检查<br/> yingji-master.zip<br/> 应急工具集<br/>
misc(misc/)
autorun:启动项分析<br/>
danderspritz-evtx:Parse evtx files and detect use of the DanderSpritz eventlogedit
module<br/>
dfirtriage:Digital forensic acquisition tool for Windows-based incident response.<br/>
LogonTracer:Investigate malicious logon by visualizing and analyzing Windows active directory event logs.<br/>
radare2-master.zip:r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files<br/>
SafetyDump:SafetyDump is an in-memory process memory dumper<br/>
skpd:Process dump to executable ELF for linux<br/>
Volatility:Volatile memory extraction utility framework<br/>
autopsy:kali自带的取证工具 https://github.com/sleuthkit/autopsy/releases/download/autopsy-4.14.0/autopsy-4.14.0.zip <br/>
病毒分析
https://www.virustotal.com/zh-cn/
http://www.virscan.org/language/zh-cn/about
威胁情报
https://redqueen.tj-un.com/IntelHome.html
https://exchange.xforce.ibmcloud.com/
勒索解密
https://www.osslab.com.tw/nomoreransom/
http://lesuobingdu.360.cn/ http://www.mottoin.com/tools/96226.html
https://ransomwaretracker.abuse.ch/
https://noransom.kaspersky.com/
https://www.botfrei.de/de/ransomware/galerie.html
https://id-ransomware.malwarehunterteam.com/
https://www.avast.com/zh-cn/ransomware-decryption-tools
http://support.asiainfo-sec.com/Anti-Virus/Clean-Tool/Tools/RansomwareFileDecryptor/
https://www.emsisoft.com/decrypter/
病毒样本
卡饭论坛:http://bbs.kafan.cn/
吾爱破解论坛:http://www.52pojie.cn/
霏凡论坛:http://bbs.crsky.com/ 要邀请码
爱毒霸社区:http://bbs.duba.net/forum-3252-1.html
瑞星卡卡安全论坛:http://bbs.ikaka.com/showforum-20002.aspx 要邀请码
伞饭论坛:http://bbs.sanfans.com/forum.php 要发贴5
剑盟:http://bbs.janmeng.com/forum-109-1.htmlhttp://bbs.janmeng.com/forum-109-1.html
精睿论坛样本测试:http://bbs.vc52.cn/forum-63-1.html
动态
CVERC-国家计算机病毒应急处理中心:http://www.cverc.org.cn
微步在线威胁情报社区:https://x.threatbook.cn
火绒安全论坛:http://bbs.huorong.cn/forum-59-1.html
爱毒霸社区:http://bbs.duba.net
腾讯电脑管家:http://bbs.guanjia.qq.com/forum-2-1.html
应急教程
https://github.com/theLSA/emergency-response-checklist
https://github.com/Bypass007/Emergency-Response-Notes
相关项目
https://github.com/hslatman/awesome-threat-intelligence