Pentest Tools Flashcards
OpenVAS
vulnerability scanner
assigns risk rating
Nessus
commercial vuln scanner
assigns risk rating
W3AF
web app attack and audit framework
identifies and exploits large set of web based vulnerabilities
mimikatz
gathers credentials by extracting elements from system such as cleartext passwords, hashes and pin codes.
common for pass the hash (NTLM relay and kerberos attacks
hashcat
password and hash cracking tool
one of the fastest pw recovery tools
medusa
parallel brute force tool for network logins that support remote login
hydra
parallel brute force tool that only attempts passwords from dictionary that meet the minimum pw requirements for that site
CeWL
creates custom word list and dictionary by collecting words and metadata from the site
Patator
multipurpose brute force tool that supports several different methods of PW cracking
DirBuster
brute force tool to identify unlisted directories and file names that may be accessed
Ollydbg
linux debugger to analyze binary on 32 bit windows apps
helpful if you don’t have access to source code
IDA
interactive disassembler
commercial disassembly and debug tool
Immunity debugger
debugger built specifically for pen testers to write exploits, analyze malware, and reverse engineer binary files using python scripts and APIs
AFL
american fuzzy lop
fuzzing tool
findsecbugs
used to do security audits of java apps
sonarqube
performs automatic static code reviews
YASCA
yet another source code analyzer
software code scanner using plug ins
censys
website search engine for finding hosts and networks across the internet with data about their config. can find cloud services
similar to shodan
shodan
search engine to find IoT devices
FOCA
fingerprinting organizations with collected archives
finds metadata
WINDOWS ONLY
kismet
wireless exploitation suite that can scan, sniff, and defend as an IDS
WiFite
wireless auditing tool that can locate rogue and hidden access points
Airomon-NG
monitor wireless frequencies to identify access points and clients
Airodump-ng
capture network traffic and save to PCAP file
aireplay-ng
conducts deauthentication attacks by sending spoofed deauth requests to access point
airocrack-ng
conducts protocol and PW cracking of wireless encryption
OWASP ZAP
web app security scanner and attack proxy for web app vulnerabilities
Burp suite
graphical tool for web app scanning
BeEF
browser exploitation framework
social engineering tool focused on the web browser
ncat
CL tool for reading, writing, redirecting, and encrypting data on a network
new version of net cat
netcat
swiss army knife
CL tool for reading, writing, redirecting, and encrypting data on a network
proxychains
CL tool that allows you to mask your identity and/or source IP address by sending messages through proxy servers or other intermediaries
drozer
complete security audit and attack framework for android
powersploit
collection of powershell modules for pentesting, post exploitation
searchsploit
tool used to find exploits available in exploit-DB
responder
CL tool in Kali used to poison netbios, LLMNR, and MDNS name resolution requests
impacket
collection of python classes for working with network protocols and the exploitation of windows systems
Route
evasion tool
hopper
used for decompilation
foremost
FTK
Encase
Tableau
forensics tools
bloodhound
explores active directory trust relationships and abuse rights on AD objects
metagoofil
search metadata associated with public documents on target’s website
open SCAP
vuln scanner created by NIST that is used to create a predetermined baseline for finding vulnerabilities and deviations in a system
Wapiti
web app vuln scanner that automatically navigates a web app looking for areas to inject data
brakeman
static code analysis for ruby on rails
tcpdump
conducts packet sniffing, decoding, and analysis
EAPHammer
used to steal EAP authentication credentials using WPA2-enterprise network
wireless tool
mdk4
wireless vuln exploit toolkit that can conduct 10 types of 802.11 exploit techniques
reaver
brute force tool for WPS pin to recover wpa psk
empire
c2 framework that uses powershell for common post exploit task on windows and python for post exploit tasks on linux
easily identifies
fern
tests wireless networks by conducting PW recovery through brute force and dictionary attacks as well as hijacking, replay and on path attacks
GUI
go buster
brute force dictionary, file and DNA id tool to identify unlisted resources on web app
openstego
stego tool to hide data in a file and watermark file with invisible signature to detect unauthorized copying
steghide
conceals payload into image or audio file
sonic visualizer
app for viewing and analyzing contents of music audio files
tineye
website used to reverse image searches
covenant
.net framework focused on pen testing that also has a development and debugging component
also used as a c2 platform
mitm6
ipv6 dns hacking tool. replies to DHCPv6 messages and redirects the victim to another malicious host
crack map exec
post exploit tool to identify vulnerabilities in AD environments
trufflehog
git secrets search tool that crawls through repositories looking for accidental commits of secrets to git repositories.
