红队攻防
近两年免杀技术年鉴
Python免杀技术实录
AD域攻防系列微课程
免杀技术入门基础知识
深入理解CodeQL代审
开源安全项目二开计划
搞懂攻防内存马研究
深入理解SAST代审测试
C2的发展和技术分析
小迪安全知识库
-
+
首页
开源安全项目二开计划
开源安全项目二开计划
项目地址:https://github.com/Goqi/ErKai 本项目计划寻找100+个优秀的Go语言开源安全项目代码,深入分析学习后进行二次开发之后深度融合[Banli](https://github.com/Goqi/Banli)。项目包括优秀的安全工具代码或优秀的安全项目框架等。希望通过二开计划,能够站在优秀开发者的肩膀上看Go!更希望自己从1开始深入学习安全开发。非常感谢项目作者,如有侵权,请联系。作者:[0e0w](https://github.com/0e0w) 本项目创建于2021年3月7日,最近的一次更新时间为2025年4月5日。本项目会持续更新,直到海枯石烂! * [0x01-资产扫描](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x01-%E8%B5%84%E4%BA%A7%E6%89%AB%E6%8F%8F) * [0x02-漏洞扫描](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x02-%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F) * [0x03-被动扫描](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x03-%E8%A2%AB%E5%8A%A8%E6%89%AB%E6%8F%8F) * [0x04-远控隧道](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x04-%E8%BF%9C%E6%8E%A7%E9%9A%A7%E9%81%93) * [0x05-病毒免杀](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x05-%E7%97%85%E6%AF%92%E5%85%8D%E6%9D%80) * [0x06-代码扫描](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x06-%E4%BB%A3%E7%A0%81%E6%89%AB%E6%8F%8F) * [0x07-Web项目](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x07-web%E9%A1%B9%E7%9B%AE) * [0x08-钓鱼蜜罐](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x08-%E9%92%93%E9%B1%BC%E8%9C%9C%E7%BD%90) * [0x09-移动安全](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x09-%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8) * [0x10-其他项目](https://github.com/Goqi/ErKai?tab=readme-ov-file#0x10-%E5%85%B6%E4%BB%96%E9%A1%B9%E7%9B%AE) ## 0x01-资产扫描 [](https://github.com/Goqi/ErKai#0x01-%E8%B5%84%E4%BA%A7%E6%89%AB%E6%8F%8F) 本部分包括内网及互联网的资产扫描、端口扫描、域名扫描、资产测绘、信息收集等内容。 * [**Ernetspy**](https://github.com/Goqi/Ernetspy):[netspy](https://github.com/Goqi/ErKai/tree/main/0x03/netspy)@[shmilylty](https://github.com/shmilylty/netspy)#一款快速探测内网可达网段工具 * [**Erdismap**](https://github.com/Goqi/Erdismap):[dismap](https://github.com/Goqi/ErKai/tree/main/0x03/dismap)@[zhzyker](https://github.com/zhzyker/dismap)#快速识别指纹和资产信息 * [**ErEHole**](https://github.com/Goqi/ErEHole):[EHole](https://github.com/Goqi/ErKai/tree/main/0x03/EHole)@[shihuang](https://github.com/EdgeSecurityTeam/EHole)#红队重点攻击系统指纹探测工具 * [**ErTXPortMap**](https://github.com/Goqi/ErTXPortMap):[TXPortMap](https://github.com/Goqi/ErKai/tree/main/0x03/TXPortMap)@[4dogs-cn](https://github.com/4dogs-cn/TXPortMap)#端口扫描和Banner识别 * [**Erfofax**](https://github.com/Goqi/Erfofax):[fofax](https://github.com/Goqi/ErKai/tree/main/0x03/fofax)@[xiecat](https://github.com/xiecat/fofax)#fofaAPI查询信息收集探测工具 * [**Ergobuster**](https://github.com/Goqi/Ergobuster):[gobuster](https://github.com/Goqi/ErKai/tree/main/0x03/gobuster)@[OJ](https://github.com/OJ/gobuster)#路径扫描和域名爆破工具 * [**ErAmass**](https://github.com/Goqi/ErAmass):[Amass](https://github.com/Goqi/ErKai/tree/main/0x03/Amass)@[OWASP](https://github.com/OWASP/Amass)#深入的攻击面映射和资产发现工具 * [**Ersubfinder**](https://github.com/Goqi/Ersubfinder):[subfinder](https://github.com/Goqi/ErKai/tree/main/0x03/subfinder)@[projectdiscovery](https://github.com/projectdiscovery/subfinder)#一个子域发现工具 * [**Eruncover**](https://github.com/Goqi/Eruncover):[uncover](https://github.com/Goqi/ErKai/tree/main/0x03/uncover)@[projectdiscovery](https://github.com/projectdiscovery/uncover)#使用搜索引擎发现主机 * [**Erksubdomain**](https://github.com/Goqi/Erksubdomain):[ksubdomain](https://github.com/Goqi/ErKai/tree/main/0x03/ksubdomain)@[boy-hack](https://github.com/boy-hack/ksubdomain)#子域枚举工具 * [**ErCaesar**](https://github.com/Goqi/ErCaesar):[Caesar](https://github.com/Goqi/ErKai/tree/main/0x03/Caesar)@[thunderbarca](https://github.com/j5s/Caesar)#一个全新的敏感文件发现工具 * [**Erfuzzuli**](https://github.com/Goqi/Erfuzzuli):[fuzzuli](https://github.com/Goqi/ErKai/tree/main/0x03/fuzzuli)@[musana](https://github.com/musana/fuzzuli)#根据域名创建自带进行备份文件扫描 * [**Erones**](https://github.com/Goqi/Erones):[ones](https://github.com/Goqi/ErKai/tree/main/0x03/ones)@[ffffffff0x](https://github.com/ffffffff0x/ones)#多个网络资产测绘 API 命令行查询工具 * [**ErENScan**](https://github.com/Goqi/ErENScan):[ENScan\_GO](https://github.com/Goqi/ErKai/tree/main/0x03/ENScan_GO)@[wgpsec](https://github.com/wgpsec/ENScan_GO)#收集国内企业的各种信息 * [**ErSmap**](https://github.com/Goqi/ErSmap):[Smap](https://github.com/Goqi/ErKai/tree/main/0x03/Smap)@[s0md3v](https://github.com/s0md3v/Smap)#由shodan.io提供支持的Nmap的直接替代品 * [**Ermetabigor**](https://github.com/Goqi/Ermetabigor):[metabigor](https://github.com/Goqi/ErKai/tree/main/0x03/metabigor)@[j3ssie](https://github.com/j3ssie/metabigor)#不使用API密钥执行OSINT任务 * [**Erscilla**](https://github.com/Goqi/Erscilla):[scilla](https://github.com/Goqi/ErKai/tree/main/0x03/scilla)@[edoardottt](https://github.com/edoardottt/scilla)#信息收集工具 - DNS/子域/端口/目录枚举 * [**ErStarmap**](https://github.com/Goqi/ErStarmap):[Starmap](https://github.com/Goqi/ErKai/tree/main/0x03/Starmap)@[ZhuriLab](https://github.com/ZhuriLab/Starmap)#融合的子域名收集小工具 * [**Erassetscan**](https://github.com/Goqi/Erassetscan):[asset-scan](https://github.com/Goqi/ErKai/tree/main/0x03/asset-scan)@[ATpiu](https://github.com/ATpiu/asset-scan)#外网资产周期性扫描监控系统 * [**Ersx**](https://github.com/Goqi/Ersx):[v-byte-cpu](https://github.com/Goqi/ErKai/tree/main/0x03/sx)@[v-byte-cpu](https://github.com/v-byte-cpu/sx)#快速、现代、易于使用的网络扫描仪 * [**ErURLFinder**](https://github.com/Goqi/ErURLFinder):[URLFinder](https://github.com/Goqi/ErKai/tree/main/0x03/URLFinder)@[pingc0y](https://github.com/pingc0y/URLFinder)#提取检测页面中JS与URL的工具 * [**ErDirscan**](https://github.com/Goqi/ErDirscan):[Dirscan](https://github.com/Goqi/ErKai/tree/main/0x03/Dirscan)@[corunb](https://github.com/corunb/Dirscan)#Go编写的高并发的目录扫描器 * [**Erhttpx**](https://github.com/Goqi/Erhttpx):[httpx](https://github.com/Goqi/ErKai/tree/main/0x01/httpx)@[projectdiscovery](https://github.com/projectdiscovery/httpx)#快速且多功能的HTTP工具 * [**Ernaabu**](https://github.com/Goqi/Ernaabu):[naabu](https://github.com/Goqi/ErKai/tree/main/0x01/naabu)@[projectdiscovery](https://github.com/projectdiscovery/naabu)#快速进行端口扫描的工具 * [**Erfinger**](https://github.com/Goqi/Erfinger):[fingerprintx](https://github.com/Goqi/ErKai/tree/main/0x01/fingerprintx)@[praetorian-inc](https://github.com/praetorian-inc/fingerprintx)#一个端口指纹识别工具 * [https://github.com/projectdiscovery/asnmap](https://github.com/projectdiscovery/asnmap) ## 0x02-漏洞扫描 [](https://github.com/Goqi/ErKai#0x02-%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F) 本部分包括漏洞扫描、账号密码爆破、目录扫描等内容。 * **[Cell](https://github.com/Goqi/Cell):[nuclei](https://github.com/Goqi/ErKai/tree/main/0x01/nuclei)@[projectdiscovery](https://github.com/projectdiscovery/nuclei)#基于模板的漏洞扫描工具** * [**Erfscan**](https://github.com/Goqi/Erfscan):[fscan](https://github.com/Goqi/ErKai/tree/main/0x01/fscan)@[shadow1ng](https://github.com/shadow1ng/fscan)#一款内网综合漏洞扫描工具 * [**Erafrog**](https://github.com/Goqi/Erafrog):[afrog](https://github.com/Goqi/ErKai/tree/main/0x01/afrog)@[zan8in](https://github.com/zan8in/afrog)#性能卓越快速稳定PoC 可定制化的漏扫 * [**Erkscan**](https://github.com/Goqi/Erkscan):[kscan](https://github.com/Goqi/ErKai/tree/main/0x01/kscan)@[lcvvvv](https://github.com/lcvvvv/kscan)#一款轻量级的资产发现和漏洞扫描工具 * [**ErYasso**](https://github.com/Goqi/ErYasso):[Yasso](https://github.com/Goqi/ErKai/tree/main/0x01/Yasso)@[sairson](https://github.com/sairson/Yasso)#强大的内网渗透辅助工具集 * [**Erscaninfo**](https://github.com/Goqi/Erscaninfo):[scaninfo](https://github.com/Goqi/ErKai/tree/main/0x01/scaninfo)@[redtoolskobe](https://github.com/redtoolskobe/scaninfo)#红队内外网打点扫描器 * [**Erffuf**](https://github.com/Goqi/Erffuf):[ffuf](https://github.com/Goqi/ErKai/tree/main/0x01/ffuf)@[joohoi](https://github.com/ffuf/ffuf)#用Go语言编写的快速进行模糊测试工具 * [**Erjaeles**](https://github.com/Goqi/Erjaeles):[jaeles](https://github.com/Goqi/ErKai/tree/main/0x01/jaeles)@[j3ssie](https://github.com/jaeles-project/jaeles)#自动化 Web 应用程序安全测试 * [**Erscan4all**](https://github.com/Goqi/Erscan4all):[scan4all](https://github.com/Goqi/ErKai/tree/main/0x01/scan4all)@[hktalent](https://github.com/hktalent/scan4all)#漏洞扫描工具的集成 * [**ErLadon**](https://github.com/Goqi/ErLadon):[LadonGo](https://github.com/Goqi/ErKai/tree/main/0x01/LadonGo)@[k8gege](https://github.com/k8gege/LadonGo)#全平台渗透扫描器框架 * [**Ergopoc**](https://github.com/Goqi/Ergopoc):[gopoc](https://github.com/Goqi/ErKai/tree/main/0x01/gopoc)@[jjf012](https://github.com/jjf012/gopoc)#重现了xray的poc检测功能 * [**Ervscan**](https://github.com/Goqi/Ervscan):[vscan](https://github.com/Goqi/ErKai/tree/main/0x01/vscan)@[veo](https://github.com/veo/vscan)#开源轻量快速网站漏洞扫描工具 * [**Erwscan**](https://github.com/Goqi/Erwscan):[wscan](https://github.com/Goqi/ErKai/tree/main/0x01/wscan)@[chushuai](https://github.com/chushuai/wscan)#一款开源的安全评估工具 * [**Erzpscan**](https://github.com/Goqi/Erzpscan):[zpscan](https://github.com/Goqi/ErKai/tree/main/0x01/zpscan)@[niudaii](https://github.com/niudaii/zpscan)#一个有点好用的信息收集工具 * [**Ercube**](https://github.com/Goqi/Ercube):[cube](https://github.com/Goqi/ErKai/tree/main/0x01/cube)@[JKme](https://github.com/JKme/cube)#开源轻量快速网站漏洞扫描工具 * [**Ernacs**](https://github.com/Goqi/Ernacs):[nacs](https://github.com/Goqi/ErKai/tree/main/0x01/nacs)@[u21h2](https://github.com/u21h2/nacs)#事件驱动的渗透测试扫描器 * [**Erxcrack**](https://github.com/Goqi/Erxcrack):[x-crack](https://github.com/Goqi/ErKai/tree/main/0x01/x-crack)@[netxfly](https://github.com/netxfly/x-crack)#年轻人的第一款弱口令扫描器 * [**ErTaichi**](https://github.com/Goqi/ErTaichi):[Taichi](https://github.com/Goqi/ErKai/tree/main/0x01/Taichi)@[sulab999](https://github.com/sulab999/Taichi)#Go语言实现的交互式渗透测试框架 * [**Erdalfox**](https://github.com/Goqi/Erdalfox):[dalfox](https://github.com/Goqi/ErKai/tree/main/0x01/dalfox)@[hahwul](https://github.com/hahwul/dalfox)#强大的XSS扫描工具和参数分析器 * [**Erzgrab2**](https://github.com/Goqi/Erzgrab2):[zgrab2](https://github.com/Goqi/ErKai/tree/main/0x01/zgrab2)@[zmap](https://github.com/zmap/zgrab2)#快速Go 应用程序扫描仪 * [**Erkunpeng**](https://github.com/Goqi/Erkunpeng):[kunpeng](https://github.com/Goqi/ErKai/tree/main/0x01/kunpeng)@[opensec-cn](https://github.com/opensec-cn/kunpeng)#Golang编写的开源POC框架/库 * [**ErCDK**](https://github.com/Goqi/ErCDK):[CDK](https://github.com/Goqi/ErKai/tree/main/0x01/CDK)@[opensec-cn](https://github.com/cdk-team/CDK)#简化 K8s/Docker和Containerd的安全测试 * [**Ercf**](https://github.com/Goqi/Ercf):[cf](https://github.com/Goqi/ErKai/tree/main/0x01/cf)@[teamssix](https://github.com/teamssix/cf)#一个云环境利用框架 * [**Erosmedeus**](https://github.com/Goqi/Erosmedeus):[osmedeus](https://github.com/Goqi/ErKai/tree/main/0x01/osmedeus)@[j3ssie](https://github.com/j3ssie/osmedeus)#自进攻性安全的工作流引擎 * [**Ervuls**](https://github.com/Goqi/Ervuls):[vuls](https://github.com/Goqi/ErKai/tree/main/0x01/vuls)@[future-architect](https://github.com/future-architect/vuls)#操作系统漏洞扫描器 * [**Ermonsoon**](https://github.com/Goqi/Ermonsoon):[monsoon](https://github.com/Goqi/ErKai/tree/main/0x01/monsoon)@[RedTeamPentesting](https://github.com/RedTeamPentesting/monsoon)#快速的HTTP枚举器目录扫描 * [**ErFlamiePaw**](https://github.com/Goqi/ErFlamiePaw):[FlamiePaw](https://github.com/Goqi/ErKai/tree/main/0x01/FlamiePaw)@[mumu0215](https://github.com/mumu0215/FlamiePaw)#crawlergo和xray等安全工具整合 * [**Ergodscan**](https://github.com/Goqi/Ergodscan):[godscan](https://github.com/Goqi/ErKai/tree/main/0x01/godscan)@[godspeedcurry](https://github.com/godspeedcurry/godscan)#指纹识别口令爆破漏洞扫描工具 * [**Ergogo**](https://github.com/Goqi/Ergogo):[gogo](https://github.com/Goqi/ErKai/tree/main/0x01/gogo)@[chainreactors](https://github.com/chainreactors/gogo)#高度可控可拓展的自动化的扫描引擎 * [**ErDarksteel**](https://github.com/Goqi/ErDarksteel):[Darksteel](https://github.com/Goqi/ErKai/tree/main/0x01/Darksteel)@[wjlab](https://github.com/wjlab/Darksteel)#Attack Domain Kerberos LDAP * [https://github.com/yhy0/Jie](https://github.com/yhy0/Jie) ## 0x03-被动扫描 [](https://github.com/Goqi/ErKai#0x03-%E8%A2%AB%E5%8A%A8%E6%89%AB%E6%8F%8F) 本部分包括资产爬虫及被动扫描等内容。 * [**Ercrawler**](https://github.com/Goqi/Ercrawler):[crawlergo](https://github.com/Goqi/ErKai/tree/main/0x07/crawlergo)@[Qianlitp](https://github.com/Qianlitp/crawlergo)#Web漏洞扫描的强大浏览器爬虫 * [**Erkatana**](https://github.com/Goqi/Erkatana):[katana](https://github.com/Goqi/ErKai/tree/main/0x07/katana)@[projectdiscovery](https://github.com/projectdiscovery/katana)#下一代爬行和爬虫框架 * [**Erhetty**](https://github.com/Goqi/Erhetty):[hetty](https://github.com/Goqi/ErKai/tree/main/0x07/hetty)@[dstotijn](https://github.com/dstotijn/hetty)#用于安全研究的 HTTP 工具包 * [**Ermitmproxy**](https://github.com/Goqi/Ermitmproxy):[go-mitmproxy](https://github.com/Goqi/ErKai/tree/main/0x07/go-mitmproxy)@[lqqyt2423](https://github.com/lqqyt2423/go-mitmproxy)#Go语言实现的中间人攻击 * [**ErModlishka**](https://github.com/Goqi/ErModlishka):[Modlishka](https://github.com/Goqi/ErKai/tree/main/0x07/Modlishka)@[drk1wi](https://github.com/drk1wi/Modlishka)#强大而灵活的 HTTP 反向代理 * [**Erglint**](https://github.com/Goqi/Erglint):[glint](https://github.com/Goqi/ErKai/tree/main/0x01/glint)@[wrenchonline](https://github.com/wrenchonline/glint)#基于浏览器爬虫的被动扫描器 * [**Ergospider**](https://github.com/Goqi/Ergospider):[gospider](https://github.com/Goqi/ErKai/tree/main/0x03/gospider)@[jaeles-project](https://github.com/jaeles-project/gospider)#快速网络爬虫工具 * [https://github.com/sairson/crawlergo-plus](https://github.com/sairson/crawlergo-plus) ## 0x04-远控隧道 [](https://github.com/Goqi/ErKai#0x04-%E8%BF%9C%E6%8E%A7%E9%9A%A7%E9%81%93) * **[Erfrp](https://github.com/Goqi/Erfrp):[frp](https://github.com/Goqi/ErKai/tree/main/0x04/frp)@[fatedier](https://github.com/fatedier/frp)#专注于内网穿透的高性能的反向代理** * [**ErVenom**](https://github.com/Goqi/ErVenom):[Venom](https://github.com/Goqi/ErKai/tree/main/0x04/Venom)@[Dliv3](https://github.com/Dliv3/Venom)#Go开发的多级代理工具 * [**Ernps**](https://github.com/Goqi/Ernps):[nps](https://github.com/Goqi/ErKai/tree/main/0x04/nps)@[ehang-io](https://github.com/ehang-io/nps)#功能强大的内网穿透代理服务器 * [**Ergost**](https://github.com/Goqi/Ergost):[gost](https://github.com/Goqi/ErKai/tree/main/0x04/gost)@[ginuerzh](https://github.com/ginuerzh/gost)#一个用Go语言编写的简单隧道 * [**Ersuo5**](https://github.com/Goqi/Ersuo5):[suo5](https://github.com/Goqi/ErKai/tree/main/0x04/suo5)@[zema1](https://github.com/zema1/suo5)#一款高性能 HTTP 代理隧道工具 * [**ErStowaway**](https://github.com/Goqi/ErStowaway):[Stowaway](https://github.com/Goqi/ErKai/tree/main/0x04/Stowaway)@[ph4ntonn](https://github.com/ph4ntonn/Stowaway)#渗透测试的多跳代理工具 * [**Ersliver**](https://github.com/Goqi/Ersliver):[sliver](https://github.com/Goqi/ErKai/tree/main/0x04/sliver)@[BishopFox](https://github.com/BishopFox/sliver)#开源的跨平台对手仿真/红队框架 * [**ErHavoc**](https://github.com/Goqi/ErHavoc):[Havoc](https://github.com/Goqi/ErKai/tree/main/0x04/Havoc)@[HavocFramework](https://github.com/HavocFramework/Havoc)#现代化可延展的C2框架 * [**Ermerlin**](https://github.com/Goqi/Ermerlin):[merlin](https://github.com/Goqi/ErKai/tree/main/0x04/merlin)@[Ne0nd0g](https://github.com/Ne0nd0g/merlin)#HTTP命令和控制服务器 * [**ErCHAOS**](https://github.com/Goqi/ErCHAOS):[CHAOS](https://github.com/Goqi/ErKai/tree/main/0x04/CHAOS)@[tiagorlampert](https://github.com/tiagorlampert/CHAOS)#开源的远程管理工具-Web * [**ErDeimosC2**](https://github.com/Goqi/ErDeimosC2):[DeimosC2](https://github.com/Goqi/ErKai/tree/main/0x04/DeimosC2)@[DeimosC2](https://github.com/DeimosC2/DeimosC2)#Go语言开发的命令和控制框架 * [**ErMeetC2**](https://github.com/Goqi/ErMeetC2):[MeetC2](https://github.com/Goqi/ErKai/tree/main/0x04/MeetC2)@[iammaguire](https://github.com/iammaguire/MeetC2)#Go语言开发的模块化C2框架 * [**ErKudzu**](https://github.com/Goqi/ErKudzu):[Kudzu](https://github.com/Goqi/ErKai/tree/main/0x04/Kudzu)@[TerminalJockey](https://github.com/TerminalJockey/Kudzu)#Go语言开发的可扩展性的C2平台 * [**ErOrcaC2**](https://github.com/Goqi/ErOrcaC2):[OrcaC2](https://github.com/Goqi/ErKai/tree/main/0x04/OrcaC2)@[Ptkatz](https://github.com/Ptkatz/OrcaC2)#基于Websocket加密通信的多功能C2框架 * [**Eremp3r0r**](https://github.com/Goqi/Eremp3r0r):[emp3r0r](https://github.com/Goqi/ErKai/tree/main/0x04/emp3r0r)@[jm33-m0](https://github.com/jm33-m0/emp3r0r)#Linux/Windows后渗透测试C2框架 * [**ErToRat**](https://github.com/Goqi/ErToRat):[ToRat](https://github.com/Goqi/ErKai/tree/main/0x04/ToRat)@[lu4p](https://github.com/lu4p/ToRat)#C2框架Tor作为传输机制和RPC进行通信 * [**Ernoterce**](https://github.com/Goqi/Ernoterce):[noterce](https://github.com/Goqi/ErKai/tree/main/0x04/noterce)@[xiao-zhu-zhu](https://github.com/xiao-zhu-zhu/noterce)#利用note.ms实现的免杀框架 * [**ErSpark**](https://github.com/Goqi/ErSpark):[Spark](https://github.com/Goqi/ErKai/tree/main/0x04/Spark)@[XZB-1248](https://github.com/XZB-1248/Spark)#远程控制和监控工具 * [**Ernatpass**](https://github.com/Goqi/Ernatpass):[natpass](https://github.com/Goqi/ErKai/tree/main/0x04/natpass)@[lwch](https://github.com/lwch/natpass)#居家办公,远程开发神器 * [**Erwsh**](https://github.com/Goqi/Erwsh):[wsh](https://github.com/Goqi/ErKai/tree/main/0x04/wsh)@[EatonChips](https://github.com/EatonChips/wsh)#Webshell的生成和管理 * [**Erwsm**](https://github.com/Goqi/Erwsm):[wsm](https://github.com/Goqi/ErKai/tree/main/0x04/wsm)@[xiecat](https://github.com/xiecat/wsm)#网站管理工具的示例库 * [**Ershellz**](https://github.com/Goqi/Ershellz):[shellz](https://github.com/Goqi/ErKai/tree/main/0x04/shellz)@[evilsocket](https://github.com/evilsocket/shellz)#管理ssh、telnet、k8s、winrm、web等shell * [**Eriox**](https://github.com/Goqi/Eriox):[iox](https://github.com/Goqi/ErKai/tree/main/0x04/iox)@[EddieIvan01](https://github.com/EddieIvan01/iox)#端口转发和内网代理工具 * [**Erchisel**](https://github.com/Goqi/Erchisel):[chisel](https://github.com/Goqi/ErKai/tree/main/0x04/chisel)@[jpillora](https://github.com/jpillora/chisel)#基于 HTTP 的快速 TCP/UDP 隧道 * [**Erligolo**](https://github.com/Goqi/Erligolo):[chisel](https://github.com/Goqi/ErKai/tree/main/0x04/ligolo)@[sysdream](https://github.com/sysdream/ligolo)#反向代理让渗透测试者变得容易 * [**ErBlueShell**](https://github.com/Goqi/ErBlueShell):[BlueShell](https://github.com/Goqi/ErKai/tree/main/0x04/BlueShell)@[whitehatnote](https://github.com/whitehatnote/BlueShell)#红蓝对抗跨平台远控工具 * [**Erproxify**](https://github.com/Goqi/Erproxify):[proxify](https://github.com/Goqi/ErKai/tree/main/0x04/proxify)@[projectdiscovery](https://github.com/projectdiscovery/proxify)#代理工具-捕获操作和重放HTTP流量 * [**Ergg**](https://github.com/Goqi/Ergg):[gg](https://github.com/Goqi/ErKai/tree/main/0x04/gg)@[mzz2017](https://github.com/mzz2017/gg)#一款Linux 命令行代理工具 * [**ErKitty**](https://github.com/Goqi/Ergg):[KittyStager](https://github.com/Goqi/ErKai/tree/main/0x04/KittyStager)@[Enelg52](https://github.com/Enelg52/KittyStager)#一个简单的 stage 0 C2 * [https://github.com/sensepost/godoh](https://github.com/sensepost/godoh) * [https://github.com/msoap/shell2http](https://github.com/msoap/shell2http) * [https://github.com/herwonowr/slackhell](https://github.com/herwonowr/slackhell) * [https://github.com/veo/vshell](https://github.com/veo/vshell) * [https://github.com/Phuong39/sabathe](https://github.com/Phuong39/sabathe) * [https://github.com/newbe3three/gotoexec](https://github.com/newbe3three/gotoexec) * [https://github.com/Mob2003/rakshasa](https://github.com/Mob2003/rakshasa) ## 0x05-病毒免杀 [](https://github.com/Goqi/ErKai#0x05-%E7%97%85%E6%AF%92%E5%85%8D%E6%9D%80) * **[AvHunt](https://github.com/Goqi/AvHunt):[EDRHunt](https://github.com/Goqi/ErKai/tree/main/0x05/EDRHunt)@[FourCoreLabs](https://github.com/FourCoreLabs/EDRHunt)#在Windows上扫描已安装的杀软** * [**ErCuiRi**](https://github.com/Goqi/ErCuiRi):[CuiRi](https://github.com/Goqi/ErKai/tree/main/0x05/CuiRi)@[NyDubh3](https://github.com/NyDubh3/CuiRi)#一款红队专用免杀木马生成器 * [**ErAniYa**](https://github.com/Goqi/ErAniYa):[AniYa](https://github.com/Goqi/ErKai/tree/main/0x05/AniYa)@[piiperxyz](https://github.com/piiperxyz/AniYa)#使用Go语言写的GUI免杀框架 * [**ErZheTian**](https://github.com/Goqi/ErZheTian):[ZheTian](https://github.com/Goqi/ErKai/tree/main/0x05/ZheTian)@[yqcs](https://github.com/yqcs/ZheTian)#强大的免杀生成工具Bypass All * [https://github.com/Ne0nd0g/go-shellcode](https://github.com/Ne0nd0g/go-shellcode) * [https://github.com/TideSec/GoBypassAV](https://github.com/TideSec/GoBypassAV) ## 0x06-代码扫描 [](https://github.com/Goqi/ErKai#0x06-%E4%BB%A3%E7%A0%81%E6%89%AB%E6%8F%8F) * [**Erinsider**](https://github.com/Goqi/Erinsider):[insider](https://github.com/Goqi/ErKai/tree/main/0x02/insider)@[insidersec](https://github.com/insidersec/insider)#SAST专注于挖掘OWASPTop10漏洞 * [**Errinjani**](https://github.com/Goqi/Errinjani):[rinjani](https://github.com/Goqi/ErKai/tree/main/0x02/rinjani)@[wahyuhadi](https://github.com/wahyuhadi/rinjani)#简单的 SAST 工具 * [**Ergokart**](https://github.com/Goqi/Ergokart):[gokart](https://github.com/Goqi/ErKai/tree/main/0x02/gokart)@[praetorian-inc](https://github.com/praetorian-inc/gokart)#Go代码的静态分析工具 * [**Ergosec**](https://github.com/Goqi/Ergosec):[gosec](https://github.com/Goqi/ErKai/tree/main/0x02/gosec)@[securego](https://github.com/securego/gosec)#Go代码安全扫描工具 * [**ErYi**](https://github.com/Goqi/ErYi):[Yi](https://github.com/Goqi/ErKai/tree/main/0x02/Yi)@[ZhuriLab](https://github.com/ZhuriLab/Yi)#项目监控工具以及Codeql自动运行 * [https://github.com/ZupIT/horusec](https://github.com/ZupIT/horusec) * [https://github.com/aquasecurity/tfsec](https://github.com/aquasecurity/tfsec) * [https://github.com/anchore/grype](https://github.com/anchore/grype) * [https://github.com/ofabry/go-callvis](https://github.com/ofabry/go-callvis) * [https://github.com/mgechev/revive](https://github.com/mgechev/revive) * [https://github.com/anchore/syft](https://github.com/anchore/syft) * [https://github.com/quasilyte/go-ruleguard](https://github.com/quasilyte/go-ruleguard) * [https://github.com/globocom/huskyCI](https://github.com/globocom/huskyCI) * [https://github.com/VKCOM/noverify](https://github.com/VKCOM/noverify) * [https://github.com/tenable/terrascan](https://github.com/tenable/terrascan) * [https://github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) * [https://github.com/golang/vuln](https://github.com/golang/vuln) ## 0x07-Web项目 [](https://github.com/Goqi/ErKai#0x07-web%E9%A1%B9%E7%9B%AE) * [**ErGoScan**](https://github.com/Goqi/ErGoScan):[GoScan](https://github.com/Goqi/ErKai/tree/main/0x06/GoScan)@[CTF-MissFeng](https://github.com/CTF-MissFeng/GoScan)#渗透测试报告管理系统 * [**Erreport**](https://github.com/Goqi/Erreport):[report](https://github.com/Goqi/ErKai/tree/main/0x06/report)@[CTF-MissFeng](https://github.com/CTF-MissFeng/report)#渗透测试报告管理系统 * [**Erlinglong**](https://github.com/Goqi/Erlinglong):[linglong](https://github.com/Goqi/ErKai/tree/main/0x06/linglong)@[awake1t](https://github.com/awake1t/linglong)#一款甲方资产巡航扫描系统 * [**Erpocassist**](https://github.com/Goqi/Erpocassist):[pocassist](https://github.com/Goqi/ErKai/tree/main/0x06/pocassist)@[jweny](https://github.com/jweny/pocassist)#一款全新的开源漏洞测试框架 * [**EreDefender**](https://github.com/Goqi/EreDefender):[eDefender](https://github.com/Goqi/ErKai/tree/main/0x06/eDefender)@[cjphaha](https://github.com/cjphaha/eDefender)#常见安全漏洞检测工具 * [**Ernemo**](https://github.com/Goqi/Ernemo):[nemo\_go](https://github.com/Goqi/ErKai/tree/main/0x06/nemo_go)@[hanc00l](https://github.com/hanc00l/nemo_go)#一个简单的自动化信息收集平台 * [**ErBeeScan**](https://github.com/Goqi/ErBeeScan):[BeeScan](https://github.com/Goqi/ErKai/tree/main/0x06/BeeScan)@[jiaocoll](https://github.com/jiaocoll/BeeScan-scan)#分布式网络空间资产探测扫描平台 * [**Erxpatrol**](https://github.com/Goqi/Erxpatrol):[x-patrol](https://github.com/Goqi/ErKai/tree/main/0x06/x-patrol)@[MiSecurity](https://github.com/MiSecurity/x-patrol)#Github泄露扫描系统 ## 0x08-钓鱼蜜罐 [](https://github.com/Goqi/ErKai#0x08-%E9%92%93%E9%B1%BC%E8%9C%9C%E7%BD%90) * [**Ergophish**](https://github.com/Goqi/Ergophish):[gophish](https://github.com/Goqi/ErKai/tree/main/0x08/gophish)@[gophish](https://github.com/gophish/gophish)#开源网络钓鱼工具包 * [**ErEhoney**](https://github.com/Goqi/ErEhoney):[Ehoney](https://github.com/Goqi/ErKai/tree/main/0x08/Ehoney)@[seccome](https://github.com/seccome/Ehoney)#企业级的蜜罐管理系统 * [**ErHFish**](https://github.com/Goqi/ErHFish):[HFish](https://github.com/Goqi/ErKai/tree/main/0x08/HFish)@[Gowabby](https://github.com/Gowabby/HFish)#主动攻击型蜜罐钓鱼框架系统 * [**Erhoneytrap**](https://github.com/Goqi/Erhoneytrap):[honeytrap](https://github.com/Goqi/ErKai/tree/main/0x08/honeytrap)@[honeytrap](https://github.com/honeytrap/honeytrap)#高级蜜罐框架 * [**ErJuggler**](https://github.com/Goqi/ErJuggler):[Juggler](https://github.com/Goqi/ErKai/tree/main/0x08/Juggler)@[C4o](https://github.com/C4o/Juggler)#针对黑客的拟态欺骗系统 * [**Ergoblin**](https://github.com/Goqi/Ergoblin):[goblin](https://github.com/Goqi/ErKai/tree/main/0x08/goblin)@[xiecat](https://github.com/xiecat/goblin)#红蓝对抗中的仿真钓鱼系统 ## 0x09-移动安全 [](https://github.com/Goqi/ErKai#0x09-%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8) * [**Eripsw**](https://github.com/Goqi/Eripsw):[ipsw](https://github.com/Goqi/ErKai/tree/main/0x09/ipsw)@[blacktop](https://github.com/blacktop/ipsw)#研究iOS的瑞士军刀 * [**Erapkurlgrep**](https://github.com/Goqi/Erapkurlgrep):[apkurlgrep](https://github.com/Goqi/ErKai/tree/main/0x09/apkurlgrep)@[ndelphit](https://github.com/ndelphit/apkurlgrep)#从APK文件中提取网址 * [https://github.com/c0618/iOSSniffer](https://github.com/c0618/iOSSniffer) * [https://github.com/majd/ipatool](https://github.com/majd/ipatool) ## 0x10-其他项目 [](https://github.com/Goqi/ErKai#0x10-%E5%85%B6%E4%BB%96%E9%A1%B9%E7%9B%AE) * [Ernotify](https://github.com/Goqi/Ernotify):[notify](https://github.com/Goqi/ErKai/tree/main/0x10/notify)@[projectdiscovery](https://github.com/projectdiscovery/notify)#全面的消息通知框架 * [https://github.com/moonD4rk/HackBrowserData](https://github.com/moonD4rk/HackBrowserData) * [https://github.com/murphysecurity/murphysec](https://github.com/murphysecurity/murphysec) * [https://github.com/liamg/traitor](https://github.com/liamg/traitor) * [https://github.com/burrowers/garble](https://github.com/burrowers/garble) * [https://github.com/saferwall/saferwall](https://github.com/saferwall/saferwall) * [https://github.com/neuvector/neuvector](https://github.com/neuvector/neuvector) * [https://github.com/vidar-team/Cardinal](https://github.com/vidar-team/Cardinal) * [https://github.com/CTF-go/CTFgo](https://github.com/CTF-go/CTFgo) * [https://github.com/activecm/rita](https://github.com/activecm/rita) * [https://github.com/heartshare/go-wafw00f](https://github.com/heartshare/go-wafw00f)
xiaodi
2026年4月30日 16:05
0 条评论
转发
收藏文档
上一篇
下一篇
手机扫码
复制链接
手机扫一扫转发分享
复制链接
分享
链接
类型
密码
更新密码
有效期
Markdown文件
Word文件
PDF文档
PDF文档(打印)