火眼Windows渗透测试平台-commando Vmware版

HACK学习

发布于 2019-08-06 12:08:00

2.9K0

发布于 2019-08-06 12:08:00

Kali Linux 已成为攻击型安全专家的标配工具，但对需要原生Windows功能的渗透测试员来说，维护良好的类似工具集却是不存在的

安全服务公司火眼就是要改变这一现状。3月28日，该公司发布了一个包含超过140个开源Windows工具的大礼包，红队渗透测试员和蓝队防御人员均拥有了顶级侦察与漏洞利用程序集。该工具集名为“曼迪安特完全攻击虚拟机(CommandoVM)”，为安全研究人员执行攻击操作准备了即时可用的Windows环境

CommandoVM基于火眼供恶意软件分析和应用逆向工程使用的 FLARE VM 平台，包含攻击性安全测试员常用的一系列工具，比如Python和Go编程语言，Nmap和Wirshark网络扫描器，BurpSuit之类的网络安全测试框架，以及Sysinternals、Mimikatz等Windows安全工具

工具列表：

Active Directory Tools

Remote Server Administration Tools (RSAT)
SQL Server Command Line Utilities
Sysinternals

Command & Control

Covenant
PoshC2
WMImplant
WMIOps

Developer Tools

Dep
Git
Go
Java
Python 2
Python 3 (default)
Visual Studio 2017 Build Tools (Windows 10)
Visual Studio Code
Evasion
CheckPlease
Demiguise
DotNetToJScript
Invoke-CradleCrafter
Invoke-DOSfuscation
Invoke-Obfuscation
Invoke-Phant0m
Not PowerShell (nps)
PS>Attack
PSAmsi
Pafishmacro
PowerLessShell
PowerShdll
StarFighters

Exploitation

ADAPE-Script
API Monitor
CrackMapExec
CrackMapExecWin
DAMP
Exchange-AD-Privesc
FuzzySec's PowerShell-Suite
FuzzySec's Sharp-Suite
Generate-Macro
GhostPack
Rubeus
SafetyKatz
Seatbelt
SharpDPAPI
SharpDump
SharpRoast
SharpUp
SharpWMI
GoFetch
Impacket
Invoke-ACLPwn
Invoke-DCOM
Invoke-PSImage
Invoke-PowerThIEf
Kali Binaries for Windows
LuckyStrike
MetaTwin
Metasploit
Mr. Unikod3r's RedTeamPowershellScripts
NetshHelperBeacon
Nishang
Orca
PSReflect
PowerLurk
PowerPriv
PowerSploit
PowerUpSQL
PrivExchange
Ruler
SharpExchangePriv
SpoolSample
UACME
impacket-examples-windows
vssown

Information Gathering

ADACLScanner
ADExplorer
ADOffline
ADRecon
BloodHound
Get-ReconInfo
GoWitness
Nmap
PowerView
Dev branch included
SharpHound
SharpView
SpoolerScanner

Networking Tools

Citrix Receiver
OpenV**
Proxycap
PuTTY
Telnet
VMWare Horizon Client
VMWare vSphere Client
VNC-Viewer
WinSCP
Windump
Wireshark

Password Attacks

ASREPRoast
CredNinja
DSInternals
Get-LAPSPasswords
Hashcat
Internal-Monologue
Inveigh
Invoke-TheHash
KeeFarce
KeeThief
LAPSToolkit
MailSniper
Mimikatz
Mimikittenz
RiskySPN
SessionGopher

Reverse Engineering

DNSpy
Flare-Floss
ILSpy
PEview
Windbg
x64dbg

Utilities

7zip
Adobe Reader
AutoIT
Cmder
CyberChef
Gimp
Greenshot
Hashcheck
Hexchat
HxD
Keepass
MobaXterm
Mozilla Thunderbird
Neo4j Community Edition
Pidgin
Process Hacker 2
SQLite DB Browser
Screentogif
Shellcode Launcher
Sublime Text 3
TortoiseSVN
VLC Media Player
Winrar
yEd Graph Tool

Vulnerability Analysis

Egress-Assess
Grouper2
zBang

Web Applications

Burp Suite
Fiddler
Firefox
OWASP Zap

Wordlists

FuzzDB
PayloadsAllTheThings
SecLists