Home

Awesome

<div align="center"> <h1 align="center">scoop-security</h1> <p align="center"> Scoop bucket for Penetration Testing and Cybersecurity related tools. </p> <p align="center"> <a href="README.md">English</a> | <a href="README-CN.md">简体中文</a> </p> </div>

Installation

Install Scoop

Installation

Install software from this bucket

After making sure you have Scoop environment, execute the following command in PowerShell to subscribe to this bucket:

scoop bucket add sec https://github.com/whoopscs/scoop-security

Once this is done, you can install any app from this bucket (check the list of files in the bucket/ directory). For instance, use the following command:

# Don't include the .json file extension in the app name
scoop install sec/x64dbg

Featured Apps

Apps

ManifestDescriptionInstall
afrogafrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具</br>A tool for finding vulnerabilitiesscoop install afrog
AntSwordAntSword 加载器scoop install AntSword
Behinder“冰蝎”动态二进制加密网站管理客户端scoop install Behinder
Godzilla哥斯拉scoop install Godzilla
BlueTeamTools蓝队分析研判工具箱,功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端口连接分析、各种编码/解码功能、蓝队分析常用网址、java反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索等。scoop install BlueTeamTools
BurpSuitescoop install BurpSuite
CobaltStrikescoop install CobaltStrike
commix一个开源渗透测试工具,可自动检测和利用命令注入漏洞scoop install commix
crawlergo一款功能强大的浏览器爬虫,用于扫描网页漏洞scoop install crawlergo
dddd一款高可拓展的指纹识别、供应链漏洞探测工具。支持从Hunter、Fofa批量拉取目标。scoop install dddd
dirmap一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑scoop install dirmap
Dirscan一款由go编写的高性能、高并发的目录扫描器,现在已经支持GET、HEAD、递归扫描、代理、爬虫等功能功能,后续努力实现更多功能。scoop install Dirscan
dirsearchweb路径扫描scoop install dirsearch
dnsx一个快速和多用途的DNS工具包,用于运行DNS查询scoop install dnsx
DudeSuiteDude Suite Web 渗透测试工具集scoop install DudeSuite
EHole红队重点攻击系统指纹探测工具scoop install EHole
ENScan一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。scoop install ENScan
ffuf用 Go 编写的快速 Web 模糊测试器scoop install ffuf
fofaviewer一个由WgpSec狼组安全团队开发的FoFa客户端数据查看工具,使用JavaFX编写,支持多标签查询、导出Excel文件等功能。scoop install fofaviewer
fscan一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。scoop install fscan
Fvuln一款自动化工具,主要适用于日常安全服务、渗透测试人员和RedTeam红队人员,它集合的功能包括:存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。scoop install Fvuln
GDA一个用C++实现的强大的Dalvik字节码反编译器,具有分析速度快,内存磁盘消耗低等优点,对apk、dex、odex、oat、jar、class、aar文件有较强的反编译能力scoop install GDA
ghauriAn advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.scoop install ghauri
goby新一代网络安全技术,通过为目标建立完整的资产数据库,实现快速的安全应急scoop install goby
gogo面向红队的, 高度可控可拓展的自动化引擎scoop install gogo
GooFuzzGooFuzz is a tool to perform fuzzing with an OSINT approach.scoop install GooFuzz
HackBrowserData一款可全平台运行的浏览器数据导出解密工具。scoop install HackBrowserData
httpxhttpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threadsscoop install httpx
interactshAn OOB interaction gathering server and client library.scoop install interactsh
JNDInjector一个高度可定制化的JNDI和Java反序列化利用工具scoop install JNDInjector
JYsoIt can be either a JNDIExploit or a ysoserial.scoop install JYso
katanaA next-generation crawling and spidering framework.scoop install katana
kscanKscan 是一款纯 go 开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议 1200+,协议指纹 10000+,应用指纹 2000+,暴力破解协议 10 余种。scoop install kscan
ksubdomainSubdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 secondscoop install ksubdomain
masscanTCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.scoop install masscan
MDUTMDUT - Multiple Database Utilization Toolsscoop install MDUT
mimikatzA little tool to play with Windows securityscoop install mimikatz
naabuprojectdiscovery/naabu: A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentestsscoop install naabu
Neo-reGeorgNeo-reGeorg is a project that seeks to aggressively refactor reGeorg.scoop install Neo-reGeorg
netspynetspy是一款快速探测内网可达网段工具(深信服深蓝实验室天威战队强力驱动)scoop install netspy
NimScanFast Port Scannerscoop install NimScan
nucleiFast and customizable vulnerability scanner based on simple YAML based DSLscoop install nuclei
observer_ward侦查守卫指纹识别工具scoop install observer_ward
OneForAllOneForAll是一款功能强大的子域收集工具scoop install OneForAll
pagodo自动执行 Google Hacking 数据库抓取和搜索scoop install pagodo
pocsuite3pocsuite3是知道创宇404团队开发的开源远程漏洞测试框架scoop install pocsuite3
quake_rsQuake Command-Line Applicationscoop install quake_rs
rad一款专为安全扫描而生的浏览器爬虫scoop install rad
rustcatThe modern Port listener and Reverse shell.scoop install rustcat
RustScanThe Modern Port Scanner.scoop install RustScan
scan4allVulnerabilities Scan;15000+PoC漏洞扫描;[ 23 ] 种应用弱口令爆破;7000+Web指纹;146种协议90000+规则Port扫描;Fuzz、HW打点、BugBounty神器...scoop install scan4all
sqlmapsqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL进行SQL注入scoop install sqlmap
subfinderSubfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.scoop install subfinder
suo5一款高性能 HTTP 代理隧道工具scoop install suo5
ToolsFx基于kotlin+tornadoFx的跨平台密码学工具箱.包含编解码,编码转换,加解密, 哈希,MAC,签名,大数运算,压缩,二维码功能,ctf等实用功能,支持插件.scoop install ToolsFx
TscanPlus综合性网络安全检测和运维工具,快速进行资产发现、识别、检测,发现存在的薄弱点和攻击面.scoop install TscanPlus
Webshell_Generate用于生成各类免杀webshellscoop install Webshell_Generate
woodpecker高危漏洞精准检测与深度利用框架scoop install woodpecker
xmapxmap 是一个用 JavaFX 编写的用户友好的 FOFA、Hunter 客户端scoop install xmap
xpocxpoc 为供应链漏洞扫描设计的快速应急响应工具scoop install xpoc
xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 pocscoop install xray
yakitCyber Security ALL-IN-ONE Platformscoop install yakit
jar-analyzer一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,命令行分析,使用简易RASP保护scoop install jar-analyzer
jar-obfuscator一个 JAR/CLASS 字节码混淆工具,支持包名/类名/方法名/字段名/参数名引用分析和重命名混淆方式,支持字符串加密/整型异或混淆/垃圾代码花指令混淆/等方式,支持方法和字段的隐藏,支持 NATIVE 层的 JVMTI 代码加密,配置简单,文档教程齐全,容易上手scoop install jar-obfuscator
java-echo-generator一款支持高度自定义的 Java 回显载荷生成工具scoop install java-echo-generator
java-memshell-generator一款支持高度自定义的 Java 内存马生成工具scoop install java-memshell-generator
proguardProGuard 是一个免费的 Java 字节码压缩器、优化器、混淆器和预验证器scoop install proguard
mitan密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集,文件扫描、密码字典等功能scoop install mitan
proxifyA versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go.scoop install proxify
xapp专注于web指纹识别的工具scoop install xapp
XiebroC2支持多人协作渗透测试图形框架。</br>Supports multi-person collaborative penetration testing graphical framework.scoop install XiebroC2
feroxbuster一个用 Rust 编写的快速,简单,递归的内容发现工具。</br>A fast, simple, recursive content discovery tool written in Rust.scoop install feroxbuster
SharpScanC#开发的内网资产扫描器,方便内网横向移动和域内信息收集。scoop install SharpScan
jadx一个从Android Dex到Java的反编译器</br>Dex to Java decompiler.scoop install jadx
ImHex十六进制编辑器</br>Hex editorscoop install ImHex
x64dbg一个开源的Windows动态反汇编调试器</br>An open-source x64/x32 debugger for windows.scoop install x64dbg
P1finger红队行动下的重点资产指纹识别工具scoop install P1finger
poc-runner基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎</br>Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rulescoop install poc-runner
qscan一个比Fscan更快,且免杀的内网扫描器scoop install qscan
.........

Burp Suite Extensions

Add some Burp Suite extensions. When adding extension to Burp Suite, please select the programs under current folder in the extension directory to avoid the problem of adding extension repeatedly after version update.

ManifestDescriptionInstall
BurpShiroPassiveScan一款基于BurpSuite的被动式shiro检测插件scoop install BurpShiroPassiveScan
BurpFastJsonScan一款基于BurpSuite的被动式FastJson检测插件scoop install BurpFastJsonScan
sqlmap4burp-plus-plusburp联动sqlmap插件scoop install sqlmap4burp-plus-plus
HaEHighlighter and Extractor, Empower ethical hacker for efficient operationsscoop install HaE
CaACaA是一个基于BurpSuite Java插件API开发的流量收集和分析插件scoop install CaA
RouteVulScan递归式被动检测脆弱路径的burp插件</br>Route Vulnerable scanningscoop install RouteVulScan
TsojanScan一个集成的BurpSuite漏洞探测插件</br>An integrated BurpSuite vulnerability detection plug-in.scoop install TsojanScan
OneScanOneScan是递归目录扫描的BurpSuite插件scoop install OneScan
BypassPro对权限绕过自动化bypass的burpsuite插件scoop install BypassPro
HopLa一个自动添加,填充测试片段的BurpSuite插件。</br>Adds autocompletion support and useful payloads in Burp Suite.scoop install HopLa
.........

Other Apps

ManifestDescriptionInstall
openjdk解决部分软件在高版本JAVA运行时缺少javafx依赖的问题scoop install openjdk
notify辅助多个工具的输出并通知到受支持的平台scoop install notify
npcap专为 Windows 开发的一款网络抓包 SDKscoop install npcap
winscp一个Windows环境下使用SSH的开源图形化SFTP客户端scoop install winscp
HashCalculator文件哈希值批量计算器scoop install HashCalculator
RevokeMsgPatcherPC版微信/QQ/TIM防撤回补丁scoop install RevokeMsgPatcher
Everything文件搜索工具,基于名称快速定位文件和文件夹。</br>Locate files and folders by name instantly.scoop install Everything
RustDesk一个用 Rust 语言编写专为自托管而设计的开源远程桌面软件。</br>An open-source remote desktop application designed for self-hosting.scoop install RustDesk
SublimeText一个文本编辑器。</br>A text editor.scoop install SublimeText
TinyRDM一款现代轻量级跨平台 Redis 桌面管理器。</br>A modern lightweight cross-platform Redis Desktop Manager.scoop install TinyRDM
.........

Question

1. I want some other apps!

Please open new app request issue.

2. Some apps are outdated, please update it!

Be a contributor! Fork it, update the outdated apps app manifest, and file pull-request.

Thanks