2017黑帽大會兵工廠工具列表

眾所周知，黑帽大會的兵工廠秀是會議的一大亮點，目前2017黑帽大會兵工廠的大部分工具都已經上傳到了 Github 社區中，此文旨在把相關工具和作者信息進行整理並梳理如下。n

Android, iOS and Mobile Hacking

• Android Tamernhttps://github.com/AndroidTamernTwitter: @AndroidTamer ?nPresenter: Anant Shrivastava (@anantshri)
• BadIntent?—?Integrating Android with Burpnhttps://github.com/mateuszk87/BadIntentnPresenter: Mateusz Khalil (@mateuszk87)
• DiffDroidnhttps://github.com/antojoseph/diff-droidnPresenter: Anto Joseph (@antojosep007)
• Kwetzanhttps://github.com/sensepost/kwetzanPresenter: Chris Le Roy (@brompwnie)
• Needlenhttps://github.com/mwrlabs/needlenTwitter: @mwrneedlenPresenter: Marco Lancini (@lancinimarco)
• NoPE Proxy (Non-HTTP Proxy Extension)nhttps://github.com/summitt/Burp-Non-HTTP-ExtensionnPresenter: Josh H.S. (@null0perat0r)

Code Assessment

• Puma Scannhttps://github.com/pumasecurity/puma-scannTwitter: @puma_scannPresenter: Aaron Cure (@curea)
• Tintorera: Source Code Intelligence (Code not yet uploaded)nhttps://github.com/vulnex/TintoreranPresenter: Simon Roses Femerling (@simonroses)

Cryptography

• Hashviewnhttps://github.com/hashview/hashviewnPresenters: Casey Cammilleri (@CaseyCammilleri), Hans Lakhan (@jarsnah12)
• Gibber Sensenhttps://github.com/smxlabs/gibbersensenPresenter: Ajit Hatti (@ajithatti)

Data Forensics and Incident Response

• Answering When/Where/Who is my Insider?—?UserLinenhttps://github.com/THIBER-ORG/userlinenPresenter: Chema Garcia (@sch3m4)
• DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensicsnhttps://github.com/trendmicro/defplorexnPresenters: Federico Maggi (@phretor), Marco Balduzzi (@embyte), Lion Gu, Ryan Flores, Vincenzo Ciancaglini
• HoneyPinhttps://github.com/mattymcfatty/HoneyPinPresenter: Matt South (@mattymcfatty)
• PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrievalnhttps://github.com/dirtbags/pcapdbnPresenters: Paul Ferrell (@pflarr), Shannon Steinfadt
• SCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management Systemnhttps://github.com/sandialabs/scotnPresenters: Nick Georgieff , Todd Bruner (@toddbruner)
• Security Monkeynhttps://github.com/Netflix/security_monkeynPresenters: Mike Grima (@mikegrima) , Patrick Kelley (@MonkeySecurity)
• ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWSnhttps://github.com/ThreatResponsenPresenter: Andrew Krug (@andrewkrug)
• Volatile Memory Analysis at Scale?—?the Highest Performing and Forensic Platform for Windows x64nhttps://github.com/ShaneK2/inVtero.netnPresenter: Shane Macaulay (@ktwo_K2)
• Yalda?—?Automated Bulk Intelligence Collection (Code not yet uploaded)nhttps://github.com/gitaziabari/YaldanPresenter: Gita Ziabari (@gitaziabri)

Exploitation and Ethical Hacking

• AVET?—?AntiVirus Evasion Toolnhttps://github.com/govolution/avetnPresenter: Daniel Sauder (@DanielX4v3r)
• Building C2 Environments with Warhorsenhttps://github.com/war-horse/warhorsenPresenter: Ralph May (@ralphte1)
• umulus?—?A Cloud Exploitation Toolkitnhttps://github.com/godinezj/metasploit-framework/tree/cumulusnPresenter: Javier Godinez (@isomorphix)
• GDB Enhanced Features (GEF)nhttps://github.com/hugsy/gefnPresenter: Chris Alladoum (@_hugsy_)
• Leviathan Frameworknhttps://ithub.com/leviathan-framework/leviathannPresenters: Ozge Barbaros (@ozgebarbaros), Utku Sen (@utku1337)
• MailSnipernhttps://github.com/dafthack/MailSnipernPresenter: Beau Bullock (@dafthack)
• Rattlernhttps://github.com/sensepost/rattlernPresenter: Chris Le Roy (@brompwnie)
• Sethnhttps://github.com/SySS-Research/SethnPresenter: Adrian Vollmer (@AdrianVollmer)

Hardware/Embedded

• ChipWhisperernhttps://github.com/newaetech/chipwhisperernPresenter: Colin O』Flynn (@colinoflynn)
• DYODE, a DIY, Low-Cost Data Diode for ICSnhttps://github.com/arnaudsoullie/dyodenPresenters: Arnaud Soullié (@arnaudsoullie), Ary Kokos ()
• FTW: Framework for Testing WAFsnhttps://github.com/fastly/ftwnPresenters: Chaim Sanders, Zack Allen (@teachemtechy)
• The Bicho: An Advanced Car Backdoor Makernhttps://github.com/UnaPibaGeek/CBMnPresenters: Claudio Caracciolo (@holesec), Sheila Ayelen Berta (@UnaPibaGeek)

Human Factors

• IsThisLegitnhttps://github.com/duo-labs/isthislegitnPresenters: Jordan Wright (@jw_sec), Mikhail Davidov (@sirus)

Internet of Things

• Hacker Modenhttps://github.com/xssninja/Alexa-Hacker-ModenPresenter: David Cross (@10rdV4d3r)
• Universal Radio Hacker: Investigate Wireless Protocols Like a Bossnhttps://github.com/jopohl/urhnPresenter: Johannes Pohl (@jopohl)

Malware Defense

• Aktaion v2?—?Open Source Machine Learning and Active Defense Toolnhttps://github.com/jzadeh/AktaionnPresenters: Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)
• Cuckoodroidnhttps://github.com/idanr1986/cuckoo-droidnPresenter: Idan Revivo (@idanr86)
• Cuckoo Sandboxnhttps://github.com/cuckoosandbox/cuckoonTwitter: @cuckoosandboxnPresenter: Jurriaan Bremer (@skier_t)
• LimaCharlienhttps://github.com/refractionPOINT/limacharlienTwitter: @rp_limacharlienPresenter: Maxime Lamothe-Brassard (@_maximelb)
• Malboxesnhttps://github.com/GoSecure/malboxesnPresenter: Olivier Bilodeau (@obilodeau)

Malware Offense

• A New Take at Payload Generation: Empty-Nestnhttps://github.com/empty-nest/emptynestnPresenters: James Cook (@_jbcook), Tom Steele (@_tomsteele)

Network Attacks

• BloodHound 1.3 nhttps://github.com/BloodHoundAD/BloodHoundnPresenters: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus), Will Schroeder (@harmj0y)
• CrackMapExec v4nhttps://github.com/byt3bl33d3r/CrackMapExecnPresenter: Marcello Salvati (@byt3bl33d3r)
• DELTA: SDN Security Evaluation Frameworknhttps://github.com/OpenNetworkingFoundation/DELTAnPresenters: Jinwoo Kim, Seungsoo Lee, Seungwon Shin
• eaphammernhttps://github.com/s0lst1c3/eaphammernPresenter: Gabriel Ryan (@s0lst1c3)
• GoFetchnhttps://github.com/GoFetchAD/GoFetchnPresenter: Tal Maor (@talthemaor)
• gr-lora: An Open-Source SDR Implementation of the LoRa PHYnhttps://github.com/BastilleResearch/gr-loranPresenter: Matt Knight (@embeddedsec)
• Yasuonhttps://github.com/0xsauby/yasuonPresenter: Saurabh Harit (@0xsauby)

Network Defense

• Assimilatornhttps://github.com/videlanicolas/assimilatornPresenter: Nicolas Videla (@jsusvidela)
• Noddosnhttps://github.com/noddos/noddosnPresenter: Steven Hessing
• SITCH: Distributed, Coordinated GSM Counter-Surveillancenhttps://github.com/sitch-io/sensornTwitter: @sitch_ionPresenter: Ash Wilson (@ashmastaflash)
• Sweet Securitynhttps://github.com/TravisFSmith/SweetSecuritynPresenter: Travis Smith (@MrTrav)

OSINT?—?Open Source Intelligence

• Datasploit?—?Automated Open Source Intelligence (OSINT) Toolnhttps://github.com/DataSploit/datasploitnTwitter: @datasploit nPresenter: Shubham Mittal (@upgoingstar)
• Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reportingnhttps://github.com/dradis/dradis-cenTwitter: @dradisfwnPresenter: Daniel Martin (@etdsoft)
• OSRFramework: Open Sources Research Frameworknhttps://github.com/i3visio/osrframeworknPresenters: Félix Brezo Fernández (@febrezo), Yaiza Rubio Vi?uela (@yrubiosec)

Reverse Engineering

• BinGrepnhttps://github.com/m4b/bingrepnPresenter: Hiroki Hada
• FLARE VMnhttps://github.com/fireeye/flare-vmnPresenter: Peter Kacherginsky (@_iphelix)

Vulnerability Assessment

• Aardvark and Repokidnhttps://github.com/Netflix-Skunkworks/aardvarknhttps://github.com/Netflix/repokidnPresenters: Patrick Kelley (@MonkeySecurity), Travis McPeak (@travismcpeak)
• Hack/400 and IBMiScanner Tooling for Checking Your IBM i (aka AS/400) Machines !nhttps://github.com/hackthelegacy/hack400toolnPresenter: Bart Kulach (@bartholozz)
• PowerSAP: Powershell Tool to Assess SAP Securitynhttps://github.com/airbus-seclab/powersapnPresenter: Joffrey Czarny (@Sn0rkY)
• SERPICOnhttps://github.com/SerpicoProject/SerpiconTwitter: @SerpicoProjectnPresenters: Peter Arzamendi (@thebokojan), Will Vandevanter (@0xRST)
• SimpleRisknhttps://github.com/simplerisk/codenTwitter: @simpleriskfreenPresenter: Josh Sokol (@joshsokol)

Web AppSec

• BurpSmartBuster: A Smart Way to Find Hidden Treasuresnhttps://github.com/pathetiq/BurpSmartBusternPresenter: Patrick Mathieu (@pathetiq)
• CSP Auditornhttps://github.com/GoSecure/csp-auditornPresenter: Philippe Arteau (@h3xstream)
• Easily Exploit Timing Attacks in Web Applications with the 『timing_attack』 Gemnhttps://github.com/ffleming/timing_attacknPresenter: Forrest Fleming (@ffleming)
• Fuzzapi?—?Fuzzing Your RESTAPIs Since Yesterdaynhttps://github.com/lalithr95/fuzzapinTwitter: @Fuzzapi0x00nPresenters: Abhijeth Dugginapeddi (@abhijeth), Lalith Rallabhandi (@lalithr95), Srinivas Rao (@srini0x00)
• Offensive Web Testing Framework (OWASP OWTF)nhttps://github.com/owtf/owtfnTwitter: @owtfpnPresenter: Viyat Bhalodia (@viyat)
• PyMultiTornhttps://github.com/realgam3/pymultitornPresenter: Tomer Zait (@realgam3)
• ThreadFix Web Application Attack Surface Calculationnhttps://github.com/denimgroup/threadfixnTwitter: @ThreadFixnPresenter: Dan Cornell (@danielcornell)
• WaToBo?—?The Web Application Toolboxnhttps://github.com/siberas/watobonPresenter: Andreas Schmidt (@_znow)
• WSSiP: A WebSocket Manipulation Proxynhttps://github.com/nccgroup/wssipnPresenter: Samantha Chalker (@itsisatis)

SecWiki 專註安全領域最新資訊、專題和導航，做高質量聚合與評論。

-----微信ID：SecWiki-----nSecWiki，5年來一直專註安全技術資訊分析！nSecWiki：https://www.sec-wiki.comn

推薦閱讀：