After making sure you have Scoop environment, execute the following command in PowerShell to subscribe to this bucket:
scoop bucket add sec https://github.com/whoopscs/scoop-security
Once this is done, you can install any app from this bucket (check the list of files in the bucket/
directory). For instance, use the following command:
# Don't include the .json file extension in the app name
scoop install sec/x64dbg
Manifest | Description | Install |
---|---|---|
afrog | afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 A tool for finding vulnerabilities |
scoop install afrog |
AntSword | AntSword 加载器 | scoop install AntSword |
Behinder | “冰蝎”动态二进制加密网站管理客户端 | scoop install Behinder |
Godzilla | 哥斯拉 | scoop install Godzilla |
BlueTeamTools | 蓝队分析研判工具箱,功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端口连接分析、各种编码/解码功能、蓝队分析常用网址、java反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索等。 | scoop install BlueTeamTools |
BurpSuite | scoop install BurpSuite | |
CobaltStrike | scoop install CobaltStrike | |
commix | 一个开源渗透测试工具,可自动检测和利用命令注入漏洞 | scoop install commix |
crawlergo | 一款功能强大的浏览器爬虫,用于扫描网页漏洞 | scoop install crawlergo |
dddd | 一款高可拓展的指纹识别、供应链漏洞探测工具。支持从Hunter、Fofa批量拉取目标。 | scoop install dddd |
dirmap | 一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑 | scoop install dirmap |
Dirscan | 一款由go编写的高性能、高并发的目录扫描器,现在已经支持GET、HEAD、递归扫描、代理、爬虫等功能功能,后续努力实现更多功能。 | scoop install Dirscan |
dirsearch | web路径扫描 | scoop install dirsearch |
dnsx | 一个快速和多用途的DNS工具包,用于运行DNS查询 | scoop install dnsx |
DudeSuite | Dude Suite Web 渗透测试工具集 | scoop install DudeSuite |
EHole | 红队重点攻击系统指纹探测工具 | scoop install EHole |
ENScan | 一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。 | scoop install ENScan |
ffuf | 用 Go 编写的快速 Web 模糊测试器 | scoop install ffuf |
fofaviewer | 一个由WgpSec狼组安全团队开发的FoFa客户端数据查看工具,使用JavaFX编写,支持多标签查询、导出Excel文件等功能。 | scoop install fofaviewer |
fscan | 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。 | scoop install fscan |
Fvuln | 一款自动化工具,主要适用于日常安全服务、渗透测试人员和RedTeam红队人员,它集合的功能包括:存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。 | scoop install Fvuln |
GDA | 一个用C++实现的强大的Dalvik字节码反编译器,具有分析速度快,内存磁盘消耗低等优点,对apk、dex、odex、oat、jar、class、aar文件有较强的反编译能力 | scoop install GDA |
ghauri | An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. | scoop install ghauri |
goby | 新一代网络安全技术,通过为目标建立完整的资产数据库,实现快速的安全应急 | scoop install goby |
gogo | 面向红队的, 高度可控可拓展的自动化引擎 | scoop install gogo |
GooFuzz | GooFuzz is a tool to perform fuzzing with an OSINT approach. | scoop install GooFuzz |
HackBrowserData | 一款可全平台运行的浏览器数据导出解密工具。 | scoop install HackBrowserData |
httpx | httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads | scoop install httpx |
interactsh | An OOB interaction gathering server and client library. | scoop install interactsh |
JNDInjector | 一个高度可定制化的JNDI和Java反序列化利用工具 | scoop install JNDInjector |
JYso | It can be either a JNDIExploit or a ysoserial. | scoop install JYso |
katana | A next-generation crawling and spidering framework. | scoop install katana |
kscan | Kscan 是一款纯 go 开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议 1200+,协议指纹 10000+,应用指纹 2000+,暴力破解协议 10 余种。 | scoop install kscan |
ksubdomain | Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second | scoop install ksubdomain |
masscan | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | scoop install masscan |
MDUT | MDUT - Multiple Database Utilization Tools | scoop install MDUT |
mimikatz | A little tool to play with Windows security | scoop install mimikatz |
naabu | projectdiscovery/naabu: A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | scoop install naabu |
Neo-reGeorg | Neo-reGeorg is a project that seeks to aggressively refactor reGeorg. | scoop install Neo-reGeorg |
netspy | netspy是一款快速探测内网可达网段工具(深信服深蓝实验室天威战队强力驱动) | scoop install netspy |
NimScan | Fast Port Scanner | scoop install NimScan |
nuclei | Fast and customizable vulnerability scanner based on simple YAML based DSL | scoop install nuclei |
observer_ward | 侦查守卫指纹识别工具 | scoop install observer_ward |
OneForAll | OneForAll是一款功能强大的子域收集工具 | scoop install OneForAll |
pagodo | 自动执行 Google Hacking 数据库抓取和搜索 | scoop install pagodo |
pocsuite3 | pocsuite3是知道创宇404团队开发的开源远程漏洞测试框架 | scoop install pocsuite3 |
quake_rs | Quake Command-Line Application | scoop install quake_rs |
rad | 一款专为安全扫描而生的浏览器爬虫 | scoop install rad |
rustcat | The modern Port listener and Reverse shell. | scoop install rustcat |
RustScan | The Modern Port Scanner. | scoop install RustScan |
scan4all | Vulnerabilities Scan;15000+PoC漏洞扫描;[ 23 ] 种应用弱口令爆破;7000+Web指纹;146种协议90000+规则Port扫描;Fuzz、HW打点、BugBounty神器... | scoop install scan4all |
sqlmap | sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL进行SQL注入 | scoop install sqlmap |
subfinder | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. | scoop install subfinder |
suo5 | 一款高性能 HTTP 代理隧道工具 | scoop install suo5 |
ToolsFx | 基于kotlin+tornadoFx的跨平台密码学工具箱.包含编解码,编码转换,加解密, 哈希,MAC,签名,大数运算,压缩,二维码功能,ctf等实用功能,支持插件. | scoop install ToolsFx |
TscanPlus | 综合性网络安全检测和运维工具,快速进行资产发现、识别、检测,发现存在的薄弱点和攻击面. | scoop install TscanPlus |
Webshell_Generate | 用于生成各类免杀webshell | scoop install Webshell_Generate |
woodpecker | 高危漏洞精准检测与深度利用框架 | scoop install woodpecker |
xmap | xmap 是一个用 JavaFX 编写的用户友好的 FOFA、Hunter 客户端 | scoop install xmap |
xpoc | xpoc 为供应链漏洞扫描设计的快速应急响应工具 | scoop install xpoc |
xray | 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | scoop install xray |
yakit | Cyber Security ALL-IN-ONE Platform | scoop install yakit |
jar-analyzer | 一个JAR包分析工具,批量分析搜索,方法调用关系搜索,字符串搜索,Spring分析,CFG分析,JVM Stack Frame分析,远程分析Tomcat,进阶表达式搜索,自定义SQL查询,字节码查看,命令行分析,使用简易RASP保护 | scoop install jar-analyzer |
jar-obfuscator | 一个 JAR/CLASS 字节码混淆工具,支持包名/类名/方法名/字段名/参数名引用分析和重命名混淆方式,支持字符串加密/整型异或混淆/垃圾代码花指令混淆/等方式,支持方法和字段的隐藏,支持 NATIVE 层的 JVMTI 代码加密,配置简单,文档教程齐全,容易上手 | scoop install jar-obfuscator |
java-echo-generator | 一款支持高度自定义的 Java 回显载荷生成工具 | scoop install java-echo-generator |
java-memshell-generator | 一款支持高度自定义的 Java 内存马生成工具 | scoop install java-memshell-generator |
proguard | ProGuard 是一个免费的 Java 字节码压缩器、优化器、混淆器和预验证器 | scoop install proguard |
mitan | 密探渗透测试工具包含资产信息收集,子域名爆破,搜索语法,资产测绘(FOFA,Hunter,quake, ZoomEye),指纹识别,敏感信息采集,文件扫描、密码字典等功能 | scoop install mitan |
proxify | A versatile and portable proxy for capturing, manipulating, and replaying HTTP/HTTPS traffic on the go. | scoop install proxify |
xapp | 专注于web指纹识别的工具 | scoop install xapp |
XiebroC2 | 支持多人协作渗透测试图形框架。 Supports multi-person collaborative penetration testing graphical framework. |
scoop install XiebroC2 |
feroxbuster | 一个用 Rust 编写的快速,简单,递归的内容发现工具。 A fast, simple, recursive content discovery tool written in Rust. |
scoop install feroxbuster |
SharpScan | C#开发的内网资产扫描器,方便内网横向移动和域内信息收集。 | scoop install SharpScan |
jadx | 一个从Android Dex到Java的反编译器 Dex to Java decompiler. |
scoop install jadx |
ImHex | 十六进制编辑器 Hex editor |
scoop install ImHex |
x64dbg | 一个开源的Windows动态反汇编调试器 An open-source x64/x32 debugger for windows. |
scoop install x64dbg |
P1finger | 红队行动下的重点资产指纹识别工具 | scoop install P1finger |
poc-runner | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule |
scoop install poc-runner |
qscan | 一个比Fscan更快,且免杀的内网扫描器 | scoop install qscan |
... | ... | ... |
Add some Burp Suite extensions. When adding extension to Burp Suite, please select the programs under
current
folder in the extension directory to avoid the problem of adding extension repeatedly after version update.
Manifest | Description | Install |
---|---|---|
BurpShiroPassiveScan | 一款基于BurpSuite的被动式shiro检测插件 | scoop install BurpShiroPassiveScan |
BurpFastJsonScan | 一款基于BurpSuite的被动式FastJson检测插件 | scoop install BurpFastJsonScan |
sqlmap4burp-plus-plus | burp联动sqlmap插件 | scoop install sqlmap4burp-plus-plus |
HaE | Highlighter and Extractor, Empower ethical hacker for efficient operations | scoop install HaE |
CaA | CaA是一个基于BurpSuite Java插件API开发的流量收集和分析插件 | scoop install CaA |
RouteVulScan | 递归式被动检测脆弱路径的burp插件 Route Vulnerable scanning |
scoop install RouteVulScan |
TsojanScan | 一个集成的BurpSuite漏洞探测插件 An integrated BurpSuite vulnerability detection plug-in. |
scoop install TsojanScan |
OneScan | OneScan是递归目录扫描的BurpSuite插件 | scoop install OneScan |
BypassPro | 对权限绕过自动化bypass的burpsuite插件 | scoop install BypassPro |
HopLa | 一个自动添加,填充测试片段的BurpSuite插件。 Adds autocompletion support and useful payloads in Burp Suite. |
scoop install HopLa |
... | ... | ... |
Manifest | Description | Install |
---|---|---|
openjdk | 解决部分软件在高版本JAVA运行时缺少javafx依赖的问题 | scoop install openjdk |
notify | 辅助多个工具的输出并通知到受支持的平台 | scoop install notify |
npcap | 专为 Windows 开发的一款网络抓包 SDK | scoop install npcap |
winscp | 一个Windows环境下使用SSH的开源图形化SFTP客户端 | scoop install winscp |
HashCalculator | 文件哈希值批量计算器 | scoop install HashCalculator |
RevokeMsgPatcher | PC版微信/QQ/TIM防撤回补丁 | scoop install RevokeMsgPatcher |
Everything | 文件搜索工具,基于名称快速定位文件和文件夹。 Locate files and folders by name instantly. |
scoop install Everything |
RustDesk | 一个用 Rust 语言编写专为自托管而设计的开源远程桌面软件。 An open-source remote desktop application designed for self-hosting. |
scoop install RustDesk |
SublimeText | 一个文本编辑器。 A text editor. |
scoop install SublimeText |
TinyRDM | 一款现代轻量级跨平台 Redis 桌面管理器。 A modern lightweight cross-platform Redis Desktop Manager. |
scoop install TinyRDM |
... | ... | ... |
1. I want some other apps!
Please open new app request issue.
2. Some apps are outdated, please update it!
Be a contributor! Fork it, update the outdated apps app manifest, and file pull-request.