黑客所谓的秘籍（2）？

《The hacker playbook》2th 中文版已出，有兴趣的朋友可以买回来看看，这里记录下我对这本书中提到的工具积累：不喜勿喷、希望各位斧正

这本书在第一版的基础上，加了很多顺应时代的新东西，物联网设备破解，大数据nosql库渗透等都有呢，整整比第一版厚了一倍多。这里还是跟之前那篇黑客所谓的秘籍（1）？一样，介绍下需要安装的工具。

前景提要

• 换源：https://www.jianshu.com/p/59c231ad4c37
• 设置ssh：
  • apt-get install openssh-server -y
  • 修改/etc/ssh/sshd_config文件:PermitRootLogin 设置为yes
  • service ssh restart
  • update-rc.d ssh enable
• 更新镜像：apt-get update && apt-get dist-upgrade
• 启动metasploit的数据库service postgresql start
• 让postgresql开机自启：update-rc.d postgresql enable
• 启动或停止metasploit服务:

  • 首次打开请使用图形界面打开，让其初始化数据库.yml文件

    
    

---

工具安装

List
1.探测扫描工具
● Discover
● EyeWitness
● HTTPScreenShot
● WMAP
● SpiderFoot
● Masscan
● Gitrob
● CMSmap
● Recon-ng
● SPARTA
● WPScan
● Password Lists
2.漏洞利用工具
● Burp Suite Pro
● ZAP Proxy Pro
● NoSQLMap
● SQLMap
● SQLNinja
● BeEF Exploitation Framework
● Responder
● Printer Exploits
● Veil
● WIFIPhisher
● Wifite
● SET
3.后渗透测试
● 本书自定义脚本
● SMBexec
● Veil
● WCE
● Mimikatz
● PowerSploit
● Nishang
● 后门制造工厂
● DSHashes
● Net-Creds

Begin Installation

后门制造工厂
● Patch PE, ELF, Mach-O 二进制文件注入shellcode

git clone https://github.com/secretsquirrel/the-backdoor-factory /opt/the-backdoorfactory
cd /opt/the-backdoorfactory/
./install.sh
#若编译失败，请安装依赖
apt-get install gcc-multilib 
apt --fix-broken install

---

HTTPScreenShot
● HTTPScreenshot 实现屏幕截图和大型网页抓取

pip install selenium
git clone https://github.com/breenmachine/httpscreenshot.git /opt/httpscreenshot
cd /opt/httpscreenshot
chmod +x install-dependencies.sh && ./install-dependencies.sh

---

SMBExec
● 使用samba工具的一种快速psexec 类型攻击

git clone https://github.com/pentestgeek/smbexec.git /opt/smbexec
cd /opt/smbexec && ./install.sh

● 选择1 - Debian/Ubuntu and derivatives
● 选择所有默认值
● ./install.sh
● 选择 4 编译 smbexec 二进制文件
● 编译完成后，选择5退出

---

Masscan
● 这是最快速的互联网端口扫描工具，比nmap更加牛逼不知道多少.，它能够在6分钟内扫描整个互联网。

apt-get install git gcc make libpcap-dev
git clone https://github.com/robertdavidgraham/masscan.git /opt/masscan
cd /opt/masscan
make
make install

---

Gitrob
● 一种针对github组织的探测工具

git clone https://github.com/michenriksen/gitrob.git /opt/gitrob
gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/
gem install bundler
service postgresql start
su postgres
createuser -s gitrob --pwprompt
createdb -O gitrob gitrob
exit
apt-get install libpq-dev -y
apt-get install build-essential patch ruby-dev zlib1g-dev liblzma-dev -y
cd /opt/gitrob/bin
gem install gitrob

---

CMSmap
● CMSmap 是基于Python开发的开源内容管理系统扫描工具，实现对安全漏洞的自动扫描

git clone https://github.com/Dionach/CMSmap /opt/CMSmap

---

WPScan
● WordPress 漏洞扫描工具和暴力破解工具

git clone https://github.com/wpscanteam/wpscan.git /opt/wpscan
cd /opt/wpscan && ./wpscan.rb --update

---

Eyewitness
● EyeWitness 工具实现网站截图，搜集服务器报头信息和判断网站是否采用默认口令

git clone https://github.com/ChrisTruncer/EyeWitness.git /opt/EyeWitness

---

Printer Exploits
● 打印机漏洞利用工具 Contains a number of commonly found printer exploits

git clone https://github.com/MooseDojo/praedasploit /opt/praedasploit

---

SQL MAP&&Recon-ng&&BeEF Exploitation Framework
● 内置不赘述

---

Discover Scripts
● 定制bash脚本，自动化处理各种渗透任务

git clone https://github.com/leebaird/discover.git /opt/discover
cd /opt/discover && ./setup.sh

---

Responder
● 一个LLMNR, NBT-NS and MDNS 协议攻击工具, 包括
HTTP/SMB/MSSQL/FTP/LDAP 诱骗认证方法，支持
NTLMv1/NTLMv2/LMv2, 扩展的 NTLMSSP and 基本HTTP认证协议。 Responder 用于获取 NTLM challenge/response 哈希值。

git clone https://github.com/SpiderLabs/Responder.git /opt/Responder

---

黑客秘籍2-自定义脚本
● 针对《the hacker playbook2》大量自定义脚本

git clone https://github.com/cheetz/Easy-P.git /opt/Easy-P
git clone https://github.com/cheetz/Password_Plus_One /opt/Password_Plus_One
git clone https://github.com/cheetz/PowerShell_Popup /opt/PowerShell_Popup
git clone https://github.com/cheetz/icmpshock /opt/icmpshock
git clone https://github.com/cheetz/brutescrape /opt/brutescrape
git clone https://www.github.com/cheetz/reddit_xss /opt/reddit_xss

---

The Hacker Playbook 2 代码副本

git clone https://github.com/cheetz/PowerSploit /opt/HP_PowerSploit
git clone https://github.com/cheetz/PowerTools /opt/HP_PowerTools
git clone https://github.com/cheetz/nishang /opt/nishang

---

DSHashes:
● 从 NTDSXtract 中提取用户易于理解的哈希值

wget http://ptscripts.googlecode.com/svn/trunk/dshashes.py -O
/opt/NTDSXtract/dshashes.py

---

SPARTA:
基于py的图形化程序，用于辅助渗透人员简化网站架构的渗透测试工作

git clone https://github.com/secforce/sparta.git /opt/sparta
apt-get install python-elixir
apt-get install ldap-utils rwho rsh-client x11-apps finger

---

NoSQLMap
● 用于MongoDB数据库和网站应用程序的自动化渗透测试工具集

git clone https://github.com/tcstool/NoSQLMap.git /opt/NoSQLMap

---

Spiderfoot
● 开源的指纹检测工具

mkdir /opt/spiderfoot/ && cd /opt/spiderfoot
wget http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.3.0-
src.tar.gz/download
tar xzvf download
pip install lxml
pip install netaddr
pip install M2Crypto
pip install cherrypy
pip install mako

---

WCE
● windows凭证编辑器 (WCE)用于从内存中获取密码
● 下载地址: http://www.ampliasecurity.com/research/windows-credentialseditor/ and save to /opt/. For example:

wget
www.ampliasecurity.com/research/wce_v1_4beta_universal.zip
mkdir /opt/wce && unzip wce_v1* -d /opt/wce && rm wce_v1*.zip

---

Mimikatz
● 用于从内存中获取明文密码，票据和万能钥匙等

● 下载地址：https://github.com/gentilkiwi/mimikatz/releases/latest

cd /opt/ && wget
http://blog.gentilkiwi.com/downloads/mimikatz_trunk.zip
unzip -d ./mimikatz mimikatz_trunk.zip

---

Social Engineering Toolkit (SET)
内置不赘述.

---

PowerSploit (PowerShell)
● PowerShell scripts 用于用户后渗透测试

git clone https://github.com/mattifestation/PowerSploit.git /opt/PowerSploit
cd /opt/PowerSploit && wget
https://raw.githubusercontent.com/obscuresec/random/master/StartListener.py &&
wget
https://raw.githubusercontent.com/darkoperator/powershell_scripts/master/ps_encoder.

---

Nishang (PowerShell)
● Powershell漏洞利用和后渗透测试脚本汇总

git clone https://github.com/samratashok/nishang /opt/nishang

---

Veil-Framework
● 用于规避杀毒软件检测.

git clone https://github.com/Veil-Framework/Veil /opt/Veil
cd /opt/Veil/ && ./Install.sh -c

---

Burp Suite Pro&&ZAP Proxy Pro
内置不赘述.

---

Fuzzing Lists (SecLists)
● 用于配置burp渗透测试参数

git clone https://github.com/danielmiessler/SecLists.git /opt/SecLists

---

Net-Creds Network Parsing
● 分析pcap文件，获取用户名密码

git clone https://github.com/DanMcInerney/net-creds.git /opt/net-creds

---

推荐firefox安装的插件
● Web Developer Add-on: https://addons.mozilla.org/en-US/firefox/addon/webdeveloper/
● Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
● Foxy Proxy: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
● User Agent Switcher: https://addons.mozilla.org/en-US/firefox/addon/user-agentswitcher/

---

Wifite
● WiFi网络攻击工具

git clone https://github.com/derv82/wifite /opt/wifite

---

WIFIPhisher
● WiFi网络自动化钓鱼攻击

git clone https://github.com/sophron/wifiphisher.git /opt/wifiphisher

---

Phishing (可选):
● Phishing-Frenzy

git clone https://github.com/pentestgeek/phishing-frenzy.git
/var/www/phishing-frenzy

● 其他自定义列表

git clone https://github.com/macubergeek/gitlist.git /opt/gitlist

---

有机会可以访问 http://thehackerplaybook.com/updates/ 获取最新资料

工具好等于成功了一半，还需要深厚的基础知识才能练就秘籍之奥秘

文章潦草，不喜勿喷，如有勘误，恳请斧正.