Zeroday Ai, Hacking Assistant: 0Dai

This article provides a comprehensive list of hacking tools and resources for various tasks such as phishing, OSINT, payload generation, wireless attacks, SQL injections, and more, specifically designed for contextual CTF competitions.

---

zeroday ai, hacking assistant: 0dai

---

免杀 av evasion

https://github.com/fdx-xdf/darkPulse

https://www.shellterproject.com/

---

别动不动就想日站 收集信息 熟悉工具 做好能做到的 把一路学到的经验总结下来

trufflehug find credentials from open sources

stryker: wifi hacking tool includes dust attack, pin attack

found multiple websites on lonely planet tourist guide of america (all over the place!)

oneforall subdomain finder

hack in one including:

Anonymously Hiding Tools
Information gathering tools
Wordlist Generator
Wireless attack tools
SQL Injection Tools
Phishing attack tools
Web Attack tools
Post exploitation tools
Forensic tools
Payload creation tools
Exploit framework
Reverse engineering tools
DDOS Attack Tools
Remote Administrator Tools (RAT)
XSS Attack Tools
Steganograhy tools
Vulnerablities Scanner
IOT Tools
Other tools

all defense tool: 半/全自动化利用工具, 信息收集工具, 漏洞利用工具, 内网渗透工具, 运维&甲方&防守方工具, 安全资料整理

botnet ips are detected by some websites like URLHaus. there’s a tendency to use common passwords to bruteforce the credential for such botnets, such as inori miral cnc scraper, l4tt/Botnet-Reaper. setting botnets by yourself has advantage of connecting to machines without public ip.

MHDDoS best ddos tool (someone may make living on that), providing multiple WAF bypass techniques (what about Akamai?)

although sqlmap is somehow out-of-date (wracked by WAF, unable to exploit latest nodedb library), there is a tendency to combine subdirectory/url collector like subfinder with it like codewatchorg/sqlipy and zt2/sqli-hunter, automate the exploitation. search for sql injection (deep/machine learning) in github for latest tools and wiki.

undetectable credential stealer created by psauxxx. is it coincidence?

psauxx (twitter) created multiple accounts on github. the original one （in archive) is deactivated, now named as l4tt. vulnnr (auto exploiter) has some tutorials from geekforgeeks and xploitlab (linked to other interesting tools), and is renamed as uscan. search for vulnnr in github and there is a favourite hack tool collection

socialfish clone website and collect credentials (phishing) with web controller interfaces

sploitus search for latest sploits and POC-code (usually after patching is done)

bearSG 符合国人习惯的社工密码生成器 java开发 自带GUI

cupper 社工密码生成器

社会工程工具列表 是security list的一部分 其中推荐独立开发者怎么赚钱 (有免费API接口介绍 但是有的站已经没了) -> 国内独立开发者项目列表 -> bufpay 免签支付 (需要按月交费)

内容包括：

虚拟身份
钓鱼框架
网站克隆
邮件伪造
服务密码爆破
测试字典集
密码破解还原
在线密码破解

mosint email osint

payloadallthethings (40k stars!) by swisskyrepo

openai written phishing and directory bruteforcing

ghunt google osint

scarecrow payload generator targeting win 10-11

scarecrow cobalt strike plugin

cryptographic related python libraries gmpy2 pycryptodome libnum yafu rsa-wiener-attack RsaCtfTool

ciphery auto decryption

pwntools used by fmyy and more doc

angr to reverse engineer binaries, mostly in ctf? docs

angr ctf use cases: case 1 case 2

angr ctf reverse binaries and print “good job”

angr ctf build binaries from source

defcon ctf quals 2021 ooo

factordb.com find prime numbers, decomposition for rsa

reverse shell generator while shellcode cannot have null bytes, you need to xor your things with tool or assembly.

挖0day 或者利用现成漏洞 fuzzers for kali

kali tools

blackarch tools

all in one hacking tool

villainbackdoorgenerator

don’t aim big, aim small. things like bilibili password database dump, or some Intel internal data leak, are done by professional hackers on professional hardware. some corp will even attempt to retaliate like nvidia. you have been warned.

To exploit zerodays, you need rasp, aka ‘is my application doing something undefined/unexpected?’

利用公共WiFi 比如用WiFi炮连接远处的WiFi 控制云端的攻击服务器

黑客第一步是找目标 （CTF可能不会教你怎么找目标 白帽也不会 因为目标很单一）不管漏洞存不存在 目标究竟是个啥目标 是人（联系方式？）还是机器（URL？）还是AI （验证码？）怎么交互（可能）是什么漏洞 以及采取什么攻击措施 都得先把目标罗列清楚 可以借助搜索引擎 fofa漏洞搜索 邮箱信息 社交软件的信息 木马跟踪他人的信息 大多数人访问的信息 爬虫信息 监控本地软件访问网络的记录 或者直接随便扫描 存到数据库里面

第二步就是交互 利用漏洞 装后门 控制目标 比如挖矿 继续收集网站信息 密码信息 cookies 继续散播病毒 拓展攻击面

第三步持久作战 持续提高反侦查意识 学习收集信息工具 提高黑客能力 利用各种方法 比如社会工程学 利用匿名账号或者免费邮箱账号 传播带木马的免费应用程序 病毒邮件 坚持就是胜利

https://github.com/mikaelkall/HackingAllTheThings

https://github.com/akenofu/HackAllTheThings

memory editing, game hacking:

https://github.com/qb-0/pyMeow

https://github.com/srounet/Pymem

mirai botnet

defcon for news, intro, wiki

infocon for software, code, wordlists

mec mass exploiting

notes

pc微信hook 获取二维码

pc微信逆向

几个觉得还不错的靶场

封神台：https://hack.zkaq.cn/index

Hack The Box ：https://www.hackthebox.com/

htb邀请码获取方法：https://www.mad-coding.cn/2019/11/11/hackthebox%E5%88%9D%E6%8E%A2%E4%B9%8B%E8%8E%B7%E5%8F%96%E9%82%80%E8%AF%B7%E7%A0%81/#0x00-%E5%89%8D%E8%A8%80

Vulhub：https://www.vulnhub.com/

Pikachu：https://github.com/zhuifengshaonianhanlu/pikachu

search engines

youcode search engine for coders, enter coding question to get result

self-hosted recon intelligence tool: osint

ivre network recon framework

publicwww: search for html/css/js source code in website

searchpedia: search engine collection

top 5 recon/intelligence/information gathering tools

search engine hacking, manual and automation

best hacker search engines

scripting

writing nmap scripts

information gathering

uncover quickly discover hosts using multiple search engines

dirsearch scan web paths

pip3 install dirsearch

virus, botnet

botnet with super escalation system for linux and windows, automatically spread the virus out

webshell 免杀

Hacking tutorials

maybe you should follow kali/parrot/blackarch tutorials first?

暗网 社工库 数据库 暗网黑客教学

暗网自由社区，中文社区，无下限讨论

zuw2gvomnfx5mt6g626srambeqo2yxmac5jpoccttq54z7se36svmlyd.onion

the payload, dedicated tutorial

https://github.com/swisskyrepo/PayloadsAllTheThings

sure it needs everything to hack. the assembly, the tools, the experience, the examples, the automation, the persistence, the vision.

all in one hack tool:

https://github.com/Z4nzu/hackingtool

awesome hacking:

https://github.com/Hack-with-Github/Awesome-Hacking

hacking tutorials and tools:

https://github.com/carpedm20/awesome-hacking

https://github.com/sundowndev/hacker-roadmap

https://github.com/jekil/awesome-hacking

https://github.com/carlospolop/hacktrick

ctf tutorials and tools:

https://github.com/xtiankisutsa/awesome-mobile-CTF

https://github.com/Naetw/CTF-pwn-tips

https://github.com/firmianay/CTF-All-In-One

https://github.com/taviso/ctftool

https://github.com/UnaPibaGeek/ctfr

https://github.com/RsaCtfTool/RsaCtfTool

https://github.com/Gallopsled/pwntools

https://github.com/0Chencc/CTFCrackTools

https://github.com/google/google-ctf

https://github.com/ctf-wiki/ctf-wiki

https://github.com/apsdehal/awesome-ctf

https://github.com/p4-team/ctf

https://github.com/zardus/ctf-tools

some other tools and resources

https://github.com/jopohl/urh

https://github.com/sundowndev/hacker-roadmap

all in one hacking tool for kali linux

https://github.com/edoardottt/awesome-hacker-search-engines

hacker pro hacktool for termux and linux, maybe macos?

sql/xxs scanner, dos, bruteforce ftp/ssh/mail accounts

https://github.com/hacktoolspack/hack-tools

https://github.com/hahwul/WebHackersWeapons

https://github.com/jekil/awesome-hacking