This article recommends dry goods, which may not be so friendly to novices, but if you are interested, you can come and have a look, it will definitely satisfy you! ! !
How to get it: Keyword Reply: stcs
Create a new set of virtual machine images, including:
Windows 7 x64
Windows 8 x64
Windows 10 x64
Windows Server 2008 x64
Windows Server 2012 x64
Windows Server 2016 x64
Windows Server 2019 x64
Ubuntu 20 x64
All virtual machine images are installed:
VMTools
7z
Microsoft Visual C++ 2008 -2022 Runtime library
key or activation tool activation can be used
for testing software, environment building, etc.
The virtual machine account password has been noted in the VMware description column, please check it carefully.
Software and tools introduction:
1. System environment:
- Directx
- Net Framework 3.5
- Net Framework 4.72
- Visual basic virtual machine
- Microsoft C runtime library
- Microsoft visual C++ 2005-2022
- Integrate common fonts
2. WindowsApp class:
- WSL kali linux
- Windows Terminal (default cmd has been replaced)
3. Other tools (C:\Softwares):
- aact: activation tool (one-click activation of windows & office)
- bandicam: video recording tool (registered version)
- bandizip: compression tool
- chrome: 99.0 green modified version
* Main integrated plug-ins:
- adblock: ad blocking tool
- adobe acrobat: pdf tool
- charset: modify web coding tool
- chrome cleanup master: chrome cleanup tool
- editthiscookie: cookie editing tool
- fofa pro view: fofa tool
- funnel search: google search tool
- hackbar: hackbar
- infinity: tab tool
- ip address and domain inf: ip&domain detection tool-
ip whois: whois detection
tool- neater bookmarks: bookmark management
tool- octotree: github resource tree viewing
tool- onetab: tag management
tool- postwoman: interface debugging
tool- proxy switchyomega: proxy switching
tool- seoquake : Web Statistics
- supercopy: super copy
-toolbox Common tools: integrate common
gadgets- wappalyzer: web page technical analysis
tool- whatruns: web page technical analysis tool-
yet another drag and go: hyperlink drag and drop new window
opens- contextmenumanager: right-click menu management
tool- dism++: system adjustment tool
- everything: search tool (windows built-in search has been disabled)
- fdm: download tool
- google earth: Google earth
- hackbgrt: modify windows startup icon
- honeyview: image viewing tool
- huorong: antivirus tool (c: \penetration is a whitelist)
- icon: third-party icon package
- iobit:
* uninstaller: uninstall tool (registered version)
* advanced systemcare: optimization cleaning tool (registered version)
* smart defrag: disk defragmentation tool (registered version)
- mactype : Font management tool (the default font of the system has been modified to Mac Pingfang)
- maye: quick start tool
- meitu: Meitu
Xiuxiu - oldnewexplorer: resource manager adjustment tool
- pcmaster: system adjustment tool
* Right-click shortcut menus have been created:
- open terminal
here - open kali linux terminal
here - open notepad here
- control panel
- calculator
- registry
- pdf: extremely fast pdf
- potplayer: video playback tool
- refresh : refresh icon cache
- snipaste: screenshot tool
- telegram: telegram client
- wps: wps go to advertising version
- youdaodict: Youdao dictionary (registered version) (offline translation library has been integrated)
4. Penetration test class (C:\Penetration) :
- Common python and csharp scripting tools are equipped with start.bat.
* Indicate the tool version and update time
* Indicate the dependent environment
* Indicate the main parameters
* Indicate the brief usage (those who give tools and do not give usage are hooligans)
[+] AndroidTools Android tools:
- apktool: apk decompilation tool
- dex2jar: dex packaging tool
- ldplayer: thunderbolt Android emulator
[+] AntivirusTools Antivirus tools:
- avevasion: https://github.com/1y0n/av_evasion_tool
- bypass-antivirus: avoid killing tutorial
- charlotte: https://github.com/9emin1/charlotte
- cool: https://github.com/ed1s0nz/cool
- crossnet: https://github.com/dr0op/crossnet-beta
- darkarmour: https://github.com/bats3c/darkarmour
- shellcodeloader: https://github.com/knownsec/shellcodeloader
- vmprotect: packer tool (Commercial packer, generates a large exe)
- vprotect: Packing tool (commercial packer, generates a large exe)
- zhetian: Zhetian shellcode loading tool (https://github.com/yqcs/ZheTian)
[+ ] ConnectTools connection tools:
- anydesk
- filezilla
- finalshell
- teamviewer
- xmanager
[+] CrackTools cracking tools:
- access password recovery: access password cracking
tool- archive password recovery: zip & rar password cracking
tool- office password recovery: office password cracking tool-
pdf password recovery: pdf password cracking tool
[+] DatabaseTools
- navicat premium: database connection management tool
- neo4j: neo4j database management tool
- sharp sql tools: mssql database utilization tool
- sqlite: sqlite database management tool
- sqlknife: mssql database utilization tool
- sqlmap: injection tool
- sylas: mssql & orcle & Postgresql database utilization tool
- toad: Oracle database management tool
[+] DictionaryTools Dictionary tool:
- mutoudic: wood dictionary generator (registered version)
- pentestdicts: https://github.com/ppbibo/pentesterspecialdict
- pwdbud: dictionary generator (https://github.com/ort4u/PwdBUD)
[+] DiskTools :
- diskgenius: Professional Edition (recoverable hard drive data)
- ssdfresh: ssd optimization tool
[+] EditTools Editing tools:
- 010editor: hex editing tool (registered version)
- alldup: duplicate file search tool
- batchren: batch renaming tool
- beyond compare: file comparison tool
- ctfcrack: mist security team tool
- findstr: text retrieval tool
- jd-gui: java viewing and editing
tool- jsonview: json viewing and editing tool-
log parse: windows log analysis tool-
log parse lizard: windows log analysis tool (graphical)
- notepad++: editing tool
* add right-click menu: edit with
Notepad- pst converter: pst mail conversion tool
- rapid environment: environment variable editing tool
- sharp sword: csharp version word viewing tool
- sublime: editing tool (registered version)
* Add right-click menu: edit with Sublime
- xmind: mind map tool
[+ ] ExpolitTools exploit tools:
- cms hunter: https://github.com/SecWiki/CMS-Hunter
- exphub: https://github.com/zhzyker/exphub
- middleware-vulnerability-detection: https://github.com/mai-lang- chai... erability-detection
- system-vulnerability: https://github.com/mai-lang-chai/system-vulnerability
- vulmap: web leak verification tool (https://github.com/zhzyker/vulmap)
- Vulnerability: https://github.com/edgesecurityteam/vulnerability
- For more exploits, see c:\Penetration\ExpolitTools (there are many exploits, please use everything to search)
[+] IntranetTools Intranet tools:
- abptts: intranet penetration tool
- add user: add user tools
- ad explore: ldap tool
- blood hound: domain penetration analysis tool
- defeat defender: close defender tool
- dismap: intranet vulnerability scanning tool
- domain tools: domain penetration Tools
- earth worm: Intranet penetration tool - frp:
Intranet penetration tool (https://github.com/fatedier/frp)
- fscan: Intranet scanning tool (https://github.com/shadow1ng/fscan )
- homework of powershell: 3gstudent powershell tool
- hydra: password blasting tool
- impacket: intranet protocol tool (https://github.com/SecureAuthCorp/impacket)
- invoke-obfuscation: powershell tool (https://github.com /danielbohannon/Invoke-Obfuscation)
- kscan: intranet scanning tool (https://github.com/lcvvvv/kscan)
- ladon: intranet scanning tool (version 9.1.4)
- lcx: port forwarding
tool- ldap admin: ldap tool
- mimikatz: password grabbing tool (the following password grabbing tools are integrated in the folder)
* gosecretsdump
* hklm
* kekeo
* lazagne
* mimipenguin
* ntdsdumpex
* procdump
* pwdump
* quarkspw dump
- nc: listening tool
- neo-regeorg: regeorg modified version (https://github.com/L-codes/Neo-reGeorg)
- openrdp: open remote desktop tool
- pe: freeze pe iso image
- powershdll: powershell tool
- ps2exe: powershell to exe tool
- pstools: Microsoft official psexec tool
- reverseshell: reverse shell tool
- revsh: intranet penetration tool (https: //github.com/emptymonkey/revsh)
- scrun: k8 shellcode loading tool
- sharp tools:
* sharp adi dnsdump: domain dns enumeration tool
* sharp decrypt pwd: browser password decryption tool
* sharp event log: log analysis tool
* sharp hound: Domain Penetration Analysis Tool
* sharp net check: network detection tool
- socks over rdp: rdp protocol intranet penetration tool
- spp: intranet penetration tool (https://github.com/esrrhs/spp)
- stowaway: intranet penetration tool (https://github.com/ph4ntonn/Stowaway)
- wce: windows credential editing tool
- wget: download tool
- wmihacker: wmi penetration tool
- xray: scan tool (https://github.com/chaitin/xray)
- For more intranet tools, see C:\Penetration\IntranetTools
[+] OfficeTools Office tools:
- adobe acrobat dc 2020: PDF editing tools
- adobe audition 2020: audio editing tools
- adobe photoshop 2020: picture editing tools
- office: word + excel + powerpoint + access + onenote + outlook
- wps: word + excel + powerpoint
[+] ProgramTools programming tools:
- golang
- java:
* jre1.8.0: environment variables have been configured, the system calls java8 by default
* openjdk15.0.2: green version, if you need special software to run in java15 environment, you can directly call /bin/java.exe
- python:
* python2: python2 command start (python2 test.py)
* python3: python3 command start (python3 test.py)
* pip dependencies of all python3 tools have been integrated in this image
* use pip command to call python3 pip
- tdm gcc
- visual studio 2015
[ +] ReverseTools reverse tool:
- dnspy: csharp reverse tool
- exescope: exe editing tool
- green helper: exe greening tool
- olly debug: exe debugging tool
- peidtool: shell checking tool
- signtool: signature forgery tool
- upxshell: upx packing tool
- x64dbg: exe debugging Tools
[+] ScanTools Scan Tools:
- acunetix: web vulnerability scanner 14.7.220401065 (registered version) (can scan Log4j & spring core rce)
* user: [email protected]
* pass: [email protected]
- appscan: app scan 10.0.7 (registered version)
- nmap: port scanning tool
- router scan: C segment scanning tool
- snet cracker: weak password scanning tool
- scan box:
* avscan antivirus software detection tool:
- checkav
* leakscan sensitive file scanning tool:
- dirmap: https://github .com/H4ckForJob/dirmap
- dirsearch: https://github.com/maurosoria/dirsearch
- packerfuzzer: https://github.com/rtcatc/Packer-Fuzzer
- scantools: https://gitee.com/windyjxx/ScanTools
- yujian
- githack
- ...
* subdomain subdomain detection tool:
- fofa view: fofa query tool
- oneforall: https://github.com/shmilylty/OneForAll
- securitytrails
- sublist3r: https://github.com/aboul3la/Sublist3r
- subfinder: https://github.com/projectdiscovery/subfinder
- webtitle
- domaininfo
- webbatchrequest
- ...
- For more scanning tools, see C:\Penetration\ScanTools\ScanBox (where the scanbox project is https://github.com/we5ter/scanners-box)
[+] ShellTools permission tools:
- antsword: Ant Sword (plug-in integrated) (https://github.com/AntSwordProject/AntSword-Loader)
- behinder: Ice Scorpion (the shell password is unified as cmd) (https://github.com/rebeyond/Behinder)
* behinder 2.0.1
* behinder 3.0 beta11
* behinder 3.3.2 modified version (https://github.com/angels520/rebeyond-Mode)
- cobaltstrike: 4.4 Chinese version
* Use csagent Chinese (https://github.com/ Twi1ight/CSAgent)
* remove cobaltstrike feature (modify port + re-sign certificate + random.profile)
* vps start teamserver: ./teamserver ip password random.profile
* integrate plugin: (C:\Penetration\ShellTools\CobaltStrike\scripts)
- adcollection
-bypassav
-erebus
-eval
-eventlogmaster
-ladon
-mikasa
-taowu
- gbbypass: jsp kill-free tool (https://github.com/czz1233/GBByPass)
- godzilla: Godzilla (password is default pass + key) (https://github.com/BeichenDream/Godzilla)
- kali: wsl kali linux 2022.1
* User:
- user: kali pass: kali
- user: root pass: root
* Modify the software source to Alibaba Cloud + Tsinghua University
* Completely install all software packages of kali linux
* Install xrdp service, you can use rdp client to open kali linux graphical mode
- run /home/kali/xrdp-restart.sh in kali command line mode to open the xrdp service, you can use rdp to log in to kali
- rdp configuration: 127.0.0.1:3390
- run /home/ in kali command line mode kali/xrdp-stop.sh closes the xrdp service
- if you don't need to use the graphical mode, it is recommended to close the xrdp service (very resource-intensive)
- pyshell: python version shell management tool (https://github.com/JoelGMSec/PyShell)
- skyscorpion: Scorpio (the shell password is unified as cmd) (https://github.com/shack2/skyscorpion)
- shell: One sentence Trojan without killing (the password is unified as cmd)
- webshell: webshell collection project (https://github.com/tennc/webshell)
[+] StegaTools steganography tools:
- beyond compare: comparison tool
- binwalk: decomposition tool
- blind-watermark: blind watermark tool
- crc calculator: verification tool
- f5: f5 steganography tool
* f5-steganography
* lsb-steganography
* steganography
- foremost: separation tool
- giftools :gif tool
- gnuplot:
- jphs: jpeg tool
- mp3steno: mp3 tool
- namo gif animator: gif tool
- openhashtab: hash tool
- outguess: picture tool
- pixrecovery:
- pngcheck: png tool
- qr_research: QR code tool
- stegdetect :
- steghide: bundling tool
- stegsolve: separation tool
- tweakpng: png tool
- wbstego:
- ctf cryptography knowledge point summary
- ctf reverse knowledge point summary
- ctf steganography knowledge point summary
[+] TrafficTools traffic tools:
- burpsuite:
* burpsuite 2022.1.1 Chinese version (https://github.com/funkyoummp/burpsuitecn)
* Integrated plugin:
- vulners scanner
- changeu - chunked
coding converter
- domain hunter
- fake ip
- hackbar
- sqlmap4burp
- turbo intruder
- fiddler: traffic capture tool (Chinese version)
- ftpservers: ftp open tool
- hack firefox: firefox 49.0 (integrated plug-in version)
- ipchanger: ip proxy tool
- phpstudy: integrated environment * integrated thinkphp3.1.3 —
5.0.24 all versions-
proxifier: traffic proxy
tool- shadowsocks: socks proxy
tool- torbrowser: onion browser-
wireshark: traffic capture analysis tool