Big List of Tools Flashcards
<p>AirSnort </p>
crack WEPs
<p>Maltego </p>
Dossier builder
<p>nmap</p>
port/vuln scanner
<p>nessus</p>
vuln scanner
<p>ToneLoc</p>
Wardialer
<p>Netcraft </p>
suite of tools used to obtain web server version, IP address, subnet data, OS info, subdomain info
<p>NIKSUN's PhoneSweep</p>
Wardialer
<p>AirSnare </p>
alert when unapproved machine connects to ur wireless
<p>NetStumbler </p>
wireless NW detector
<p>Kismet</p>
linux, wireless NW detector, sniffer
<p>hping</p>
creating custom packets for testing
<p>inSSIDer </p>
wireless NW detector, mapper of access points
<p>p0f </p>
banner grabbing
<p>whoreadme.com </p>
allows you to track emails & provides info on OS, browster type, location, etc
<p>Nexpose</p>
vuln scanner
<p>openVAS</p>
vuln scanner
<p>Link Extractor </p>
this tool locates & extracts the internal and external URLs for a given location
<p>THC-SCAN</p>
Wardialer
<p>Retina</p>
vuln scanner
<p>Archive.org</p>
(aka The Wayback Machine) allows you to find archived copies of websites form which you can extract information
finger
finger username
—returns info about a user on a given system (i.e. user’s home directory, login time, idle times, office location, last time they both received or read mail)
rpcinfo
—enumerates info over RPC (remote procedure call) protocol
Switches used:
- m //displays list of stats for RPC on given host
- s //displays list registered RPC apps on given host
showmount
—lists & identifies shared directories on given system; also displays list of all clients that have remotely mounted a file system
Switches used:
- a //prints all remote mounts
- d //lists directories that have been remotely mounted by clients
- e //prints list of shared file systems
nbtstat
nbtstat -a
—-This returns the NetBIOS name table & mandatory access control (MAC) address of the address card the computer name specified
nbtstat -A
—-Lists the same info as -a but using IP
- c (lists contents of the NetBIOS name cache)
- n (displays names registered locally by NetBIOS)
- r (displays count of all names resolved by broadcast)
- s (lists sessions table & converts destination IP addresses to computer NetBIOS names)
- S (lists the current NetBIOS sesssions & their statuses, along w/ IPs)
view shares from Windows
net view \hostnameorIP
view null session from Windows
net use \hostnameorIP\ipc$ “ \user:”
SNScan
SNMP Scan
SMTP VRFY
command to check if specific user ID is present
SMTP EXPN
returns all users on a distribution list
SMTP RCPT TO
identifies the recipient of an email message (can be used multiple times per message)
SuperScan
Windows tool for port & IP scanning + windows enumeration
PsTools
Windows admin tools
Enum4linux
allows for extraction of info where Samba is in use
JXplorer
LDAP enumeration (java based)
ntp-monlist
nse script to show last 600 clients to sync clocks over ntp
nmap -sU -pU:123 -Pn -n –script=ntp-monlist
ntp commands (4)
1) ntpdate
2) ntptrace
3) ntpdc
4) ntpq