一 Change log
Change log
1.更新内置系统内核及工具版本
2.去除了部分工具及新增了部分工具
3.新增AI pentest方向,含工具及skills
4.暂时取消root的登陆,改成sudo机制
5.科学工具改为mihomo,需自定义配置文件
6.办公场景及调优与上一版本几乎一致
已知bug
1.安装完成后,需root权限运行/root/bugfix.sh
2.安装及安装过程中无网络
3.启动burpsuite: java21 -jar /usr/share/adds/burpsuite_desktop_v2026.4.3.jar
4.可能存在部分命令在普通用户中无法运行的情况,可考虑sudo无密码的配置
5.中文输入法可能在部分窗口无法输入,需安装几个fcitx的包即可
6.遇见bug不会修/显卡驱动不会装问AI:)
二 下载地址
https://cloud.189.cn/t/nQB7jiVZR73y(访问码:ros2)
三 AI pentest
3.1 AI基座
可自终端运行ollama及lm-studio(使用本机算力需确保显卡启动正确)
[fsec@fsec ~]$ ollama[fsec@fsec ~]$ lm-studio


3.2 AI pentest Tools
可自终端运行opencode/openclaw/cyberstrike/pentestswarm
(opencode已内置skills,且存在免费token,值得推荐!)

3.3 特别提醒
如果你处于新手阶段,并不建议你过度沉迷AI渗透,ta该是你的助手,而非你要去做那个不懂乱指挥的人!

四 其他工具清单
4.1 TopN
可自终端运行以下常用工具
burpsuiteyakitantSwordddddnucleixpocehole (指纹特定为github加量版)httpx2 (projectdiscovery.io)mihomo (科学工具,-f指定自定义配置文件)wechat (微信)/usr/share/addsnuclei-rules-0605 (加量版nuclei规则)
4.2 完整工具清单
## 1. 信息收集 & 侦察 (Reconnaissance)
amasssubfindersublist3rassetfinderfindomaindnsxdnsrecondnsenumfierceasnmapmapcidrhttpxaquatonegowitnesseyewitnesswhatwebwebanalyzewafw00ftheharvesterrecon-ngspiderfootsherlockholehemaigretsocial-analyzerh8mailghuntsubjacksubzynaaburustscanmasscanunicornscannucleiffufgobusterferoxbusterdirsearchgospidercmseektrufflehoggitdorkergitleaks
niktowpscanopenscapgrypesnykdependency-checkpython-vulnersnbtscanenum4linuxenum4linux-ngsmbmapsmbclientldapenumldeepsnmpcheckonesixtyoneike-scanexploitdbscoutsuiteprowlercloudsploit
## 3. Web 应用测试 (Web Application Testing)
caido-clisqlmapghaurixsstrikedalfoxxsserssrfmapsstimapcommixjwt-toollfisuiteysoserialgraphqlmapastraatlasdrupwnjoomscanpython-playwrighthakrawlerkatana-pdparamspider
## 4. 利用 (Exploitation)
metasploitimpacketbloodhoundbloodhound-pythoncertipykerbrutecoercerkrbrelayxaclpwnad-ldap-enumnetexecresponderevil-winrmweevelywebshellschiselligolo-ngsocat
## 5. 密码攻击 (Password Attacks)
hashcatjohnhydracrowbarmedusapatatorbrutespraycewlcrunchrsactftoolmimikatzmimipenguinsamdump2creddumpkerberoastcuppmentalistseclists
## 6. 无线网络 (Wireless)
aircrack-ngairgeddonwifitekismetreaverpixiewpsbullybettercaphostapd-wpeeaphammerhcxdumptoolhcxtoolsgqrxrtl-433urh
## 7. 嗅探 & 欺骗 (Sniffing & Spoofing)
wireshark-qtwireshark-cliettercapmitm6dnschefdsniffsslstripnet-credspcredzhoneycredsnetdiscover
## 8. 隧道 & C2 (Tunneling & C2)
proxychains-ngstowawayngrokdns2tcpicmptxneo-regeorgtunna
## 9. 后渗透 (Post-Exploitation)
powersploitpython-pywerviewpeasslinux-smart-enumerationlinenumelevatepspypwncatsliverhavoc-c2
## 10. 逆向 & 二进制 (Reverse Engineering & Binary)
ghidraradare2cuttergdbpwndbgpedapython-pwntoolsone_gadgetropgadgetdetect-it-easyliefdex2jarjadxandroid-apktoolbinwalkltracestraceangrangropx64dbgida-freehopper
## 11. 取证 (Forensics)
volatility3sleuthkitautopsyforemostscalpelbulk-extractordc3dddcflddguymagerafflibexiftoolpdf-parserpdfidpeepdfpython-oletoolsrifiuti2regripperreglookupanalyzemftusnparsermdbtoolsxplicoyara
## 12. 恶意软件分析 (Malware Analysis)
capaflare-flosspeframecuckooviperbox-jsoledumpnoribenmalcom
## 13. 隐写 (Steganography)
steghidestegsolvezstegstegseekstegoveritasstegcrackeroutguesspngcheck
## 14. 密码学工具 (Crypto)
xortoolhash-identifierciphertestfeatherdusterpython-chepypip3linedecodifysignsbd
## 15. 移动安全 (Mobile)
mobsffridapython-frida-toolsobjectionandroguardenjarifyandroid-sdkqarkdrozerappmonapkleaks
## 16. 社会工程学 (Social Engineering)
setgophishmuraenaevilginxcredsniperwifiphisher
## 17. 蓝牙 (Bluetooth)
bluezbluez-utilsbluelogblue-hydrabtscannerredfangspooftoophubertooth
## 18. 自动化 & 报告 (Automation & Reporting)
autoreconfaradaysecdradis-ce
## 19. 字典 (Wordlists)
assetnote-wordlistsfuzzdb
##20. 数据库与远程连接客户端
mariadb-clientspostgresqlredismongoshsqlitedbeaverfreerdprdesktopremminatigervncputtyautosshmoshsshfs
## 21. 基础工具
curlwgetjqjcyqgitneovimhtopbtopopenbsd-netcatpythonpython3python-pipgogcccmakeiproute2iptableswireguard-toolshashdeepfiletreebatripgrepfdfzfdockerdocker-composearkp7zipunrarunzipzipexfat-utilsrubyperlphpnodejsnpmyarntelegram-desktopfirefoxthunderbirdtypora-free-cnwps-officevirtualbox