Pentest+ Tool Round-Up

Question 1

WHOIS

Answer 1

OSINT TOOL: A query and response protocol that is widely used for querying databases that store the registered users or assignees of an internet resource

Question 2

Nslookup

Answer 2

OSINT TOOL: A network administration command-line tool for querying DNS to obtain the mapping between domain names and IP addresses, or other DNS records

Question 3

FOCA

Answer 3

OSINT TOOL: Used to find metadata and hidden information in collected documents from an organization

Question 4

theHarvester

Answer 4

OSINT TOOL: A program for gathering emails, subdomains, hosts, employee names, email addresses, PGP key entries, open ports, and service banners from servers

Question 5

Shodan

Answer 5

OSINT TOOL: A website search engine for web cameras, routers, servers, and other devices that are considered part of the internet of things

Question 6

Maltego

Answer 6

OSINT TOOL: A piece of commercial software used for conducting open-source intelligence that visually helps connect those relationships. It can automate the querying of public sources of data and then compare it with other info from various sources

Question 7

Recon-ng

Answer 7

OSINT TOOL: Uses a system of modules to add additional features and functions for your use. It is a cross-platform web recon framework.

Question 8

Censys

Answer 8

OSINT TOOL: A website search engine used for finding hosts and networks across the internet with data about their configuration

Question 9

Nikto

Answer 9

SCANNING TOOL: A web vulnerability scanner that is used to assess custom web applications that a company may have coded themselves

Question 10

OpenVAS

Answer 10

SCANNING TOOL: An open source vulnerability scanner that is used to identify vulnerabilities and assign a risk rating for the targeted assets

Question 11

Nessus

Answer 11

SCANNING TOOL: A proprietary vulnerability scanner that is used to conduct basic, advanced, and compliance vulnerability scans to measure the effectiveness of the system’s security controls

Question 12

SQLmap

Answer 12

SCANNING TOOL: An open source database scanner that searches for SQL injection vulnerabilities that can be exploited

Question 13

Open SCAP

Answer 13

SCANNING TOOL:A tool created by NIST that is used to create a predetermined security baseline that can be used to determine vulnerabilities or deviations in a system

Question 14

Wapiti

Answer 14

SCANNING TOOL: A web application vulnerability scanner which will automatically navigate a web app looking for areas where it can inject data to target different vulnerabilities

Question 15

WPScan

Answer 15

SCANNING TOOL: A WordPress site vulnerability scanner that identifies the plugins used by the website against a database of known vulnerabilities

Question 16

Brakeman

Answer 16

SCANNING TOOL: A static code analysis security tool that is used to identify vulnerabilities in applications written in Ruby on Rails

Question 17

ScoutSuite

Answer 17

SCANNING TOOL: An open source tool written in Python that can be used to audit instances and policies created on multi-cloud platforms by collecting data using API calls

Question 18

Wireshark

Answer 18

NETWORK TOOL: An open source protocol analysis tool that can conduct packet sniffing, decoding, and analysis

Question 19

Tcpdump

Answer 19

NETWORK TOOL: A command-line protocol analysis tool that can conduct packet sniffing, decoding, and analysis

Question 20

Hping

Answer 20

NETWORK TOOL: An open source packet crafting tool used to exploit vulnerable firewalls and IDS/IPS

Question 21

Aircrack-ng

Answer 21

WIRELESS TOOL: A powerful open source wireless exploitation tool kit consisting of airomon-ng, airodump-ng, aireplay-ng, and airocrack-ng

Question 22

Airomon-ng

Answer 22

WIRELESS TOOL: Used to monitor wireless frequencies to identify access points and clients

Question 23

Airodump-ng

Answer 23

WIRELESS TOOL: Used to capture network traffic and save it to a PCAP file

Question 24

Aireplay-ng

Answer 24

WIRELESS TOOL: Used to conduct a de-authentication attack by sending spoofed death requests to the access point

Question 25

Airocrack-ng

Answer 25

WIRELESS TOOL: Used to conduct protocol and password cracking of wireless encryption

Question 26

Kismet

Answer 26

WIRELESS TOOL: An open source tool that contains a wireless sniffer, a network detector, and an intrusion detection system

Question 27

Wifilite

Answer 27

WIRELESS TOOL: A wireless auditing tool that can be used to conduct a site survey to locate a rogue and hidden access points

Question 28

Rogue Access Point

Answer 28

WIRELESS TOOL: Any wireless access point that has been installed on a secure network without explicit authorization from a local network administrator

Question 29

EAPHammer

Answer 29

WIRELESS TOOL: A python-based toolkit that can be used to steal EAP authentication credentials used in a WPA2-Enterprise network

Question 30

mdk4

Answer 30

WIRELESS TOOL: A wireless vulnerability exploitation toolkit that can conduct 10 different types of 801.11 exploitation techniques

Question 31

Spooftooph

Answer 31

WIRELESS TOOL: Automates the spoofing or cloning of a Bluetooth device’s name, class, and address

Question 32

Reaver

Answer 32

WIRELESS TOOL: A tool that conducts a brute force attack against an access point’s Wi-Fi Protected Setup (WPS) Pin to recover the WPA PSK

Question 33

WiGLE

Answer 33

WIRELESS TOOL: Wireless Geographic Logging Engine… A wireless OSINT tool that consists of a website and database dedicated to mapping and indexing all known wireless access point

Question 34

Fern

Answer 34

WIRELESS TOOL: Tests wireless networks by conducting password recovery through brute force and dictionary attacks, as well as session hijacking, replay, and on-path attacks

Question 35

SET

Answer 35

SOCIAL ENGINEERING TOOL: Social Engineering Toolkit… A python based collection of tools and scripts that are used to conduct social engineering during a penetration test

Question 36

BeEF

Answer 36

SOCIAL ENGINEERING TOOL: Browser Exploitation Framework… Used to assess the security posture of a target environment using cross-site attack vectors. Great tool for testing browsers and associated web servers and applications

Question 37

SSH

Answer 37

REMOTE ACCESS TOOL: Secure Shell… A command line tool that is used to remotely control another workstation over a LAN or WAN

Question 38

Netcat

Answer 38

REMOTE ACCESS TOOL: A command line utility used to read from or write to TCP, UDP, or Unix domain socket network connections

Question 39

ProxyChains

Answer 39

REMOTE ACCESS TOOL: A command line tool that enables penetration testers to mask their identity and/or source IP addresses by sending messages through proxy servers or other intermediaries

Question 40

Hashcat

Answer 40

CREDENTIAL TESTING TOOL: A modern password and hash cracking tool that supports the use of GPUs for parallel processing when conducting dictionary, brute force, and hybrid attacks

Question 41

Medusa

Answer 41

CREDENTIAL TESTING TOOL: A parallel brute-force tool that is used against network logins to attack services that support remote authentication

Question 42

Hydra

Answer 42

CREDENTIAL TESTING TOOL: A parallel brute-force tool that also supports a pw-inspect module to only attempt passwords from a dictionary that meets the minimum password requirements for a given system

Question 43

CeWL

Answer 43

CREDENTIAL TESTING TOOL: Used to generate word lists based on the automatic crawling of a website to collect worda and metadata from the site

Question 44

John the Ripper

Answer 44

CREDENTIAL TESTING TOOL: Password cracking tool that supports large sets of hashes and dictionary and brute force attacks

Question 45

Cain

Answer 45

CREDENTIAL TESTING TOOL: A legacy password cracking and hash dumping that can conduct network sniffing to identify hashes that may be vulnerable to cracking

Question 46

Patator

Answer 46

CREDENTIAL TESTING TOOL: A multi-purpose brute force tool that supports several different methods, including ftp, ssh, smb, vnc, and zip password cracking

Question 47

DirBuster

Answer 47

CREDENTIAL TESTING TOOL: A brute force tool run against a web application or server to identify unlisted directories and file names that may be accessed

Question 48

w3af

Answer 48

CREDENTIAL TESTING TOOL: Web Application Attack and Audit Framework… used to identify and exploit a large set of web-based vulnerabilities such as SQL injection and cross site scripting

Question 49

OWASP ZAP

Answer 49

WEB APPLICATION TOOL: open source web application security scanner and attack proxy used in automated and manual testing and identification of web application vulnerabilities

Question 50

Burp Suite

Answer 50

WEB APPLICATION TOOL: Used in raw traffic interception, inspection, and modification during automated testing, manual request modification, and passive web application analysis

Question 51

Gobuster

Answer 51

WEB APPLICATION TOOL: Brute force dictionary, file, and DNS identification tool used to identify unlisted resources in a web application

Question 52

Scout Suite

Answer 52

CLOUD TOOL: Open source tool written in Python that can be used to audit instances and policies created on multi-cloud platforms by collecting data using API calls

Question 53

CloudBrute

Answer 53

CLOUD TOOL: Used to find a target’s infrastructure, files, and apps across the top cloud service providers, including Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, and Linode

Question 54

Pacu

Answer 54

CLOUD TOOL: Exploitation framework used to assess the security configuration of an AWS account

Question 55

Cloud Custodian

Answer 55

CLOUD TOOL: Open source cloud security, governance, and management tool designed to help admins create policies based on different resource types

Question 56

OpenStego

Answer 56

STEGANOGRAPHY TOOL: Free steganography solution to conduct data hiding within a file and watermarking of files with invisible signatures to detect unauthorized file copying

Question 57

Steghide

Answer 57

STEGANOGRAPHY TOOL: Open source steganography tool used to conceal a payload by compressing, concealing, and encrypting its data in an image or audio file

Question 58

Snow

Answer 58

STEGANOGRAPHY TOOL: Command line tool that conceals a payload within the whitespace of an ASCII formatted text file in plaintext or encrypted format

Question 59

Coagula

Answer 59

STEGANOGRAPHY TOOL: Image synthesizer tool that can be used to create a sound file from a given image

Question 60

Sonic Visualizer

Answer 60

STEGANOGRAPHY TOOL: Open source application for viewing and analyzing the contents of music audio files

Question 61

TinEye

Answer 61

STEGANOGRAPHY TOOL: Website that can be used to conduct reverse image searches using image recognition

Question 62

Metagoofil

Answer 62

STEGANOGRAPHY TOOL: Python based tool that can search for metadata from public documents located on a target’s website

Question 63

Online SSL Checkers

Answer 63

STEGANOGRAPHY TOOL: Web application that can be used to test the validity, strength, and security of an SSL or TLS digital certificate for a given website

Question 64

OllyDBG

Answer 64

DEBUGGING TOOL: Linus debugger that can be used to analyze binary code found in 32-bit Windows applications

Question 65

Immunity Debugger

Answer 65

DEBUGGING TOOL: Built specifically for penetration testers to write exploits, analyze malware, and reverse engineer binary files using Python scripts and APIs

Question 66

GNU Debugger (GDB)

Answer 66

DEBUGGING TOOL: Open source cross-platform debugger for Unix, Windows, and MacOS

Question 67

WinDbg

Answer 67

DEBUGGING TOOL: Free debugging tool that is distributed by Microsoft for use in the Windows operating system

Question 68

Interactive Disassembler (IDA)

Answer 68

DEBUGGING TOOL: Commercial disassembler and debugging tool that generates assembly language source code from machine-executable code

Question 69

Covenant

Answer 69

DEBUGGING TOOL: Open source .NET framework focused on penetration testing that also has a development and debugging component

Question 70

SearchSploit

Answer 70

Tool used to find exploits available in Exploit-DB

Question 71

PowerSploit

Answer 71

A collection of PowerShell modules that create an extensive exploitation framework for use against Windows systems

Question 72

Responder

Answer 72

Command line tool in Kali Linux that is used to poison NetBIOS, LLMNR, and MDNS name resolution requests

Question 73

Empire

Answer 73

C2 framework that uses PowerShell for common post-exploitation tasks on Windows systems and Python for post-exploitation tasks on Linux systems

Question 74

Metasploit

Answer 74

Multi-purpose computer security and penetration testing framework that uses modularized attacks on known vulnerabilities

Question 75

mitm6

Answer 75

IPv6 DNS hijacking tool that attempts to set the malicious actor as the DNS server by replying to the DHCPv6 messages and then redirecting the victim to another malicious host

Question 76

CrackMapExec

Answer 76

Post exploitation tool to identify vulnerabilities in Active Directory environments

Question 77

TruffleHog

Answer 77

A Git secrets search tool that automatically crawls through a repository looking for accidental commits of secrets to the Git repository

Question 78

Censys

Answer 78

Website search engine tool used for finding hosts and networks across the internet with data about their configuration