Big List of Tools Flashcards
<p>AirSnort </p>
crack WEPs
<p>Maltego </p>
Dossier builder
<p>nmap</p>
port/vuln scanner
<p>nessus</p>
vuln scanner
<p>ToneLoc</p>
Wardialer
<p>Netcraft </p>
suite of tools used to obtain web server version, IP address, subnet data, OS info, subdomain info
<p>NIKSUN's PhoneSweep</p>
Wardialer
<p>AirSnare </p>
alert when unapproved machine connects to ur wireless
<p>NetStumbler </p>
wireless NW detector
<p>Kismet</p>
linux, wireless NW detector, sniffer
<p>hping</p>
creating custom packets for testing
<p>inSSIDer </p>
wireless NW detector, mapper of access points
<p>p0f </p>
banner grabbing
<p>whoreadme.com </p>
allows you to track emails & provides info on OS, browster type, location, etc
<p>Nexpose</p>
vuln scanner
<p>openVAS</p>
vuln scanner
<p>Link Extractor </p>
this tool locates & extracts the internal and external URLs for a given location
<p>THC-SCAN</p>
Wardialer
<p>Retina</p>
vuln scanner
<p>Archive.org</p>
(aka The Wayback Machine) allows you to find archived copies of websites form which you can extract information
finger
finger username
—returns info about a user on a given system (i.e. user’s home directory, login time, idle times, office location, last time they both received or read mail)
rpcinfo
—enumerates info over RPC (remote procedure call) protocol
Switches used:
- m //displays list of stats for RPC on given host
- s //displays list registered RPC apps on given host
showmount
—lists & identifies shared directories on given system; also displays list of all clients that have remotely mounted a file system
Switches used:
- a //prints all remote mounts
- d //lists directories that have been remotely mounted by clients
- e //prints list of shared file systems
nbtstat
nbtstat -a
—-This returns the NetBIOS name table & mandatory access control (MAC) address of the address card the computer name specified
nbtstat -A
—-Lists the same info as -a but using IP
- c (lists contents of the NetBIOS name cache)
- n (displays names registered locally by NetBIOS)
- r (displays count of all names resolved by broadcast)
- s (lists sessions table & converts destination IP addresses to computer NetBIOS names)
- S (lists the current NetBIOS sesssions & their statuses, along w/ IPs)
view shares from Windows
net view \hostnameorIP
view null session from Windows
net use \hostnameorIP\ipc$ “ \user:”
SNScan
SNMP Scan
SMTP VRFY
command to check if specific user ID is present
SMTP EXPN
returns all users on a distribution list
SMTP RCPT TO
identifies the recipient of an email message (can be used multiple times per message)
SuperScan
Windows tool for port & IP scanning + windows enumeration
PsTools
Windows admin tools
Enum4linux
allows for extraction of info where Samba is in use
JXplorer
LDAP enumeration (java based)
ntp-monlist
nse script to show last 600 clients to sync clocks over ntp
nmap -sU -pU:123 -Pn -n –script=ntp-monlist
ntp commands (4)
1) ntpdate
2) ntptrace
3) ntpdc
4) ntpq
pwdump7
dumps hashes from windows SAM file
winrtgen
generates rainbow tables
Rainbow Crack
compares hashes with rainbow table
cirt.net
default passwords
w3dr.net
default passwords
fortypoundhead.com
default passwords
pspv.exe
Protected Storage PassView :
windows password grabber (from Outlook, IE, ec.)
Ophcrack
cracking hashes
L0phtcrack
cracking hashes
pwdump
cracking hashes
Active@ Password Changer
Windows password recovery
Trinity REscue Kit
Windows/Linux password recovery
ERD Commander
Windows password recovery
Windows Recovery Environment (WinRE)
Windows password recovery
PsExec
run remote command (Windows, part of PSTools)
auditpol
disable auditing
auditpot \clead
Dumpel
can be used to clear log files
Elsave
can be used to clear log files
WinZapper
can be used to clear log files
CCleaner
can be used to clear log files
Wipe
can be used to clear log files
Tracks Erase Pro
can be used to clear log files
Clear My History
can be used to clear log files
MRU-Blaster
can be used to clear log files
SFIND
Find ADS streamed files (Windows)
LNS
Find ADS streamed files (Windows)
Tripwire
detects files changes, including ADS streamed files. (Windows)
Shark
creates botnet
Plugbot
creates botnet
Poison Ivy
creates botnet
LOIC
Low Orbit Ion Cannon botnet/DDOS
DoSHTTP
HTTP Flood
UDP Flood
UDP DoS
Jolt2
IP packet fragmentation DoS
Targa
DoS multitool
Trinoo
DDos (UDP Flooding)
TFN2K
DDoS (UDP, SYN, UDP Flood)
Stacheldraht
DDoS
PacketCreator
MITM
Ettercap
MITM
Dsniff
MITM
WebScarab
HTTP Proxy
Paros Proxy
HTTP Proxy
Burp Suite
HTTP Proxy
ProxyFuzz
HTTP Proxy
Odysseus Proxy
HTTP Proxy
Fiddler (by Microsoft)
HTTP Proxy
dnsspoof
spoofs dns
Blue smacking
DoS attack that overflows bluetooth enabled devices with random packets
Blue Jacking
Sending unsolicited messages via bluetooth
Blue Snarfing
Theft of information over bluetooth
Blue Sniff
Bluetooth wardriving
Blue Bugging
Remotely accessing the bluetooth enabled device and using its features.
Blue Printing
Collection information about bluetooth devices.
