Big List of Tools Flashcards

1
Q

<p>AirSnort </p>

A

crack WEPs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

<p>Maltego </p>

A

Dossier builder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

<p>nmap</p>

A

port/vuln scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

<p>nessus</p>

A

vuln scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

<p>ToneLoc</p>

A

Wardialer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

<p>Netcraft </p>

A

suite of tools used to obtain web server version, IP address, subnet data, OS info, subdomain info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

<p>NIKSUN's PhoneSweep</p>

A

Wardialer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

<p>AirSnare </p>

A

alert when unapproved machine connects to ur wireless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

<p>NetStumbler </p>

A

wireless NW detector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

<p>Kismet</p>

A

linux, wireless NW detector, sniffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

<p>hping</p>

A

creating custom packets for testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

<p>inSSIDer </p>

A

wireless NW detector, mapper of access points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

<p>p0f </p>

A

banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

<p>whoreadme.com </p>

A

allows you to track emails & provides info on OS, browster type, location, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

<p>Nexpose</p>

A

vuln scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

<p>openVAS</p>

A

vuln scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

<p>Link Extractor </p>

A

this tool locates & extracts the internal and external URLs for a given location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

<p>THC-SCAN</p>

A

Wardialer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

<p>Retina</p>

A

vuln scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

<p>Archive.org</p>

A

(aka The Wayback Machine) allows you to find archived copies of websites form which you can extract information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

finger

A

finger username
—returns info about a user on a given system (i.e. user’s home directory, login time, idle times, office location, last time they both received or read mail)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

rpcinfo

A

—enumerates info over RPC (remote procedure call) protocol

Switches used:

  • m //displays list of stats for RPC on given host
  • s //displays list registered RPC apps on given host
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

showmount

A

—lists & identifies shared directories on given system; also displays list of all clients that have remotely mounted a file system

Switches used:

  • a //prints all remote mounts
  • d //lists directories that have been remotely mounted by clients
  • e //prints list of shared file systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

nbtstat

A

nbtstat -a
—-This returns the NetBIOS name table & mandatory access control (MAC) address of the address card the computer name specified

nbtstat -A
—-Lists the same info as -a but using IP

  • c (lists contents of the NetBIOS name cache)
  • n (displays names registered locally by NetBIOS)
  • r (displays count of all names resolved by broadcast)
  • s (lists sessions table & converts destination IP addresses to computer NetBIOS names)
  • S (lists the current NetBIOS sesssions & their statuses, along w/ IPs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

view shares from Windows

A

net view \hostnameorIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

view null session from Windows

A

net use \hostnameorIP\ipc$ “ \user:”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

SNScan

A

SNMP Scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

SMTP VRFY

A

command to check if specific user ID is present

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SMTP EXPN

A

returns all users on a distribution list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

SMTP RCPT TO

A

identifies the recipient of an email message (can be used multiple times per message)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

SuperScan

A

Windows tool for port & IP scanning + windows enumeration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

PsTools

A

Windows admin tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Enum4linux

A

allows for extraction of info where Samba is in use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

JXplorer

A

LDAP enumeration (java based)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

ntp-monlist

A

nse script to show last 600 clients to sync clocks over ntp

nmap -sU -pU:123 -Pn -n –script=ntp-monlist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

ntp commands (4)

A

1) ntpdate
2) ntptrace
3) ntpdc
4) ntpq

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

pwdump7

A

dumps hashes from windows SAM file

38
Q

winrtgen

A

generates rainbow tables

39
Q

Rainbow Crack

A

compares hashes with rainbow table

40
Q

cirt.net

A

default passwords

41
Q

w3dr.net

A

default passwords

42
Q

fortypoundhead.com

A

default passwords

43
Q

pspv.exe

A

Protected Storage PassView :

windows password grabber (from Outlook, IE, ec.)

44
Q

Ophcrack

A

cracking hashes

45
Q

L0phtcrack

A

cracking hashes

46
Q

pwdump

A

cracking hashes

47
Q

Active@ Password Changer

A

Windows password recovery

48
Q

Trinity REscue Kit

A

Windows/Linux password recovery

49
Q

ERD Commander

A

Windows password recovery

50
Q

Windows Recovery Environment (WinRE)

A

Windows password recovery

51
Q

PsExec

A

run remote command (Windows, part of PSTools)

52
Q

auditpol

A

disable auditing

auditpot \clead

53
Q

Dumpel

A

can be used to clear log files

54
Q

Elsave

A

can be used to clear log files

55
Q

WinZapper

A

can be used to clear log files

56
Q

CCleaner

A

can be used to clear log files

57
Q

Wipe

A

can be used to clear log files

58
Q

Tracks Erase Pro

A

can be used to clear log files

59
Q

Clear My History

A

can be used to clear log files

60
Q

MRU-Blaster

A

can be used to clear log files

61
Q

SFIND

A

Find ADS streamed files (Windows)

62
Q

LNS

A

Find ADS streamed files (Windows)

63
Q

Tripwire

A

detects files changes, including ADS streamed files. (Windows)

64
Q

Shark

A

creates botnet

65
Q

Plugbot

A

creates botnet

66
Q

Poison Ivy

A

creates botnet

67
Q

LOIC

A

Low Orbit Ion Cannon botnet/DDOS

68
Q

DoSHTTP

A

HTTP Flood

69
Q

UDP Flood

A

UDP DoS

70
Q

Jolt2

A

IP packet fragmentation DoS

71
Q

Targa

A

DoS multitool

72
Q

Trinoo

A

DDos (UDP Flooding)

73
Q

TFN2K

A

DDoS (UDP, SYN, UDP Flood)

74
Q

Stacheldraht

A

DDoS

75
Q

PacketCreator

A

MITM

76
Q

Ettercap

A

MITM

77
Q

Dsniff

A

MITM

78
Q

WebScarab

A

HTTP Proxy

79
Q

Paros Proxy

A

HTTP Proxy

80
Q

Burp Suite

A

HTTP Proxy

81
Q

ProxyFuzz

A

HTTP Proxy

82
Q

Odysseus Proxy

A

HTTP Proxy

83
Q

Fiddler (by Microsoft)

A

HTTP Proxy

84
Q

dnsspoof

A

spoofs dns

85
Q

Blue smacking

A

DoS attack that overflows bluetooth enabled devices with random packets

86
Q

Blue Jacking

A

Sending unsolicited messages via bluetooth

87
Q

Blue Snarfing

A

Theft of information over bluetooth

88
Q

Blue Sniff

A

Bluetooth wardriving

89
Q

Blue Bugging

A

Remotely accessing the bluetooth enabled device and using its features.

90
Q

Blue Printing

A

Collection information about bluetooth devices.