5.0 Tools Flashcards
FOCA
Fingerprinting Organizations with Collected Archives is a OSINT software that finds metadata and hidden information in documents from an organization
theHarvester also dns
A OSINT is program for gathering subdomains, hosts, employee names, email addresses, PGP key entries, open ports, and service banners from servers * DNS recon
Shodan
Website search engine for devices that are considered part of the Internet of things
*Accessed through https://www.shodan.io OR CLI: ~ $shodan stats –facets port:100 country:US
Maltego
A OSINT commercial software used to visually help connect relationships and automate the querying of data and compare it with other sources.
Recon-ng think cross platform/ framework
OSINT cross-platform web reconnaissance framework with a system of modules
*To run > # recon-ng
Censys
A OSINT website search engine used for finding hosts and networks with data about their configuration.
SET
Social Engineering Toolkit - collection of tools and scripts, to conduct social engineering
BeEF think posture
Browser Exploitation Framework - used to assess the security posture of a target environment using cross-site attack vectors
Nikto
A web vulnerability scanner used to assess custom web applications *perl nikto.pl -h <IP></IP>
OpenVAS
An Open-Source Vulnerability Scanner - with the ability to assign a risk rating for targeted assets.
Nessus
Used to conduct basic, advanced and compliance vulnerability scans (such as PCI DSS audit) to measure the effectiveness of the system’s security controls
SQLmap
open-source web application database scanner that searches for SQL injection vulnerabilities
*syntax # sqlmap -u “http://<ip>/cat.php?<pram></pram></ip>
Open SCAP
Security Content Automation Protocol - creates a predetermined security baseline (by NIST)
Wapiti
A web application vulnerability scanner that searches for areas where it can inject data
WPScan
WordPress site vulnerability scanner identifies plugins used by the website against a database of known vulnerabilities
Brakeman think rubies
Static code analysis security tool, used to identify vulnerabilities in applications written in Ruby on Rails
ScoutSuite think how ?
Used to audit instances and policies created on multi-cloud platforms by collecting data using API calls
OWASP ZAP
Zed Attack Proxy - free open-source application scanner
Tcpdump
CLI protocol analysis tool that conducts packet sniffing and decoding
Hping
Open-source packet crafting tool used to exploit vulnerable firewalls and IDS/IPS * TCP,UDP,ICMP,RAW-IP
Aircrack-ng
Open-source wireless exploitation tool kit. Consist of:
*Airomon-NG (monitor wireless frequencies to identify access points and clients) *Airodump-NG - (capture network traffic and save it to a PCAP file) *Aireplay-NG (deauthentication attack by sending spoofed deauth requests to the access point) *Airocrack-NG (conduct protocol and password cracking of wireless encryption)
Kismet
An open-source tool that contains a wireless sniffer, a network detector, and IDS
Wifite
Wireless auditing tool that conducts a site survey to locate rogue and hidden access points
EAPHammer
A Python-based toolkit that can steal EAP authentication credentials used in a WPA2-Enterprise network
mdk4
Wireless vulnerability exploitation toolkit that can conduct 10 different types of 802.11 exploitation techniques
Spooftooph
Automates the spoofing or cloning of a Bluetooth device’s name, class, and address
Reaver
A tool that conducts a brute-force attack against Wi-Fi Protected Setup (WPS) PIN
WiGLE
Wireless Geographic Logging Engine - tool that maps and index known wireless AP (consists of a website and database)
Fern think recovery
Tests wireless networks by conducting password recovery (through brute force , dictionary attacks, as well as session hijacking, replay, and on-path attacks)
Hashcat
Modern password and hash cracking tool that supports parallel processing (GPU)
Medusa
A parallel brute-force tool. Used against network logins to attack services that support remote authentication
Hydra
A parallel brute-force tool that attempts passwords from a dictionary that meets the minimum password requirements (supports pw-inspect module)
CeWL
Automatically crawls a website to collect words and metadata to generate word lists
John the Ripper
A password cracking tool that supports large sets of hashes and dictionary and brute-force attacks
Cain
Cain and Abel , a legacy password cracking and hash dumping
Mimikatz
A tool that gathers credentials by extracting key elements from the memory *use case: Pass-the-hash, Pass-the-ticket, Golden ticket
Patator
A multi-purpose brute-force tool (methods: ftp, ssh, smb, vnc, and zip password cracking)
DirBuster
A brute-force tool to identify unlisted directories and file names that may be accessed on a web application or server
W3af
Web Application Attack and Audit Framework - used to identify and exploit vulnerabilities
Burp Suite
Used for raw traffic interception and modification. Use case: automated testing, manual request modification, and passive web application analysis
Gobuster
Used to identify unlisted resources in a web application
CloudBrute
Used to find a target’s infrastructure, files, and apps across the top cloud service providers
Pacu
Exploitation framework used to assess the security configuration of an AWS account
CloudCustodian
Open-source cloud security, governance, and management tool to help admins create policies based on resource types
Snow
CLI steganography tool that conceals a payload within the whitespace of an ASCII formatted text file
Coagula
An image synthesizer tool - used to create a sound file (.wav) from image
Sonic Visualiser
Open-source application for viewing and analyzing the contents of music audio files
TinEye
A website that can be used to conduct reverse image searches using image recognition
Metagoofil
Python-based tool that can search for metadata from public documents located on a target’s website
Online SSL Checkers
Web application used to test the validity, strength, and security of an SSL or TLS digital certificate
OllyDbg
Linux debugger used to analyze binary code found in 32-bit Windows applications
Immunity Debugger
Uses Python scripts and APIs to write exploits, analyze malware, and reverse engineer binary files (*Debugger built for penetration testers ).
GDB
GNU Debugger is a open-source, cross-platform debugger
WinDbg
Free debugging tool that is distributed by Microsoft for use in the Windows operating system
IDA
Interactive Disassembler is a commercial disassembler and cross-platform debugging tool (generates assembly language source code from machine-executable code)
Covenant
An open-source .NET framework focused on penetration testing that also has a development and debugging component
SearchSploit
A tool used to find exploits available in the Exploit-DB
*install: https://www.exploit-db.com/searchsploit
*CLI: # searchsploit <target> such as # searchsploit vsftp</target>
PowerSploit
A collection of PowerShell modules that create an exploitation framework
Responder
A Kali Linux CLI tool used to poison NetBIOS, LLMNR, and MDNS name resolution requests
Impacket Tools
An open-source collection of python classes for working with network protocols and the exploitation of Windows systems * Remote Execution, Kerberos, Windows Secrets, MiTM Attacks, WMI, SMB/MSRPC
Empire
A C2 framework for common post-exploitation tasks can uses PowerShell or Python depending on the system * common use: lateral movement, escalate privileges, capture data, extract passwords, install persistent backdoors
Metasploit
A multi-purpose (computer security /penetration testing) framework that uses modularized attacks to exploit systems
mitm6
An IPv6 DNS hijacking tool - sets the malicious actor as the DNS server by replying to DHCPv6 messages and redirecting the victim to another malicious host
CrackMapExec
A post-exploitation tool to identify vulnerabilities in Active Directory environments
TruffleHog
A Git search tool that crawls through a repository looking for accidental commits
