Pentest Tools

Question 1

OpenVAS

Answer 1

vulnerability scanner
assigns risk rating

Question 2

Nessus

Answer 2

commercial vuln scanner
assigns risk rating

Question 3

W3AF

Answer 3

web app attack and audit framework
identifies and exploits large set of web based vulnerabilities

Question 4

mimikatz

Answer 4

gathers credentials by extracting elements from system such as cleartext passwords, hashes and pin codes.
common for pass the hash (NTLM relay and kerberos attacks

Question 5

hashcat

Answer 5

password and hash cracking tool
one of the fastest pw recovery tools

Question 6

medusa

Answer 6

parallel brute force tool for network logins that support remote login

Question 7

hydra

Answer 7

parallel brute force tool that only attempts passwords from dictionary that meet the minimum pw requirements for that site

Question 8

CeWL

Answer 8

creates custom word list and dictionary by collecting words and metadata from the site

Question 9

Patator

Answer 9

multipurpose brute force tool that supports several different methods of PW cracking

Question 10

DirBuster

Answer 10

brute force tool to identify unlisted directories and file names that may be accessed

Question 11

Ollydbg

Answer 11

linux debugger to analyze binary on 32 bit windows apps
helpful if you don’t have access to source code

Question 12

IDA

Answer 12

interactive disassembler
commercial disassembly and debug tool

Question 13

Immunity debugger

Answer 13

debugger built specifically for pen testers to write exploits, analyze malware, and reverse engineer binary files using python scripts and APIs

Question 14

AFL

Answer 14

american fuzzy lop
fuzzing tool

Question 15

findsecbugs

Answer 15

used to do security audits of java apps

Question 16

sonarqube

Answer 16

performs automatic static code reviews

Question 17

YASCA

Answer 17

yet another source code analyzer
software code scanner using plug ins

Question 18

censys

Answer 18

website search engine for finding hosts and networks across the internet with data about their config. can find cloud services
similar to shodan

Question 19

shodan

Answer 19

search engine to find IoT devices

Question 20

FOCA

Answer 20

fingerprinting organizations with collected archives
finds metadata
WINDOWS ONLY

Question 21

kismet

Answer 21

wireless exploitation suite that can scan, sniff, and defend as an IDS

Question 22

WiFite

Answer 22

wireless auditing tool that can locate rogue and hidden access points

Question 23

Airomon-NG

Answer 23

monitor wireless frequencies to identify access points and clients

Question 24

Airodump-ng

Answer 24

capture network traffic and save to PCAP file

Question 25

aireplay-ng

Answer 25

conducts deauthentication attacks by sending spoofed deauth requests to access point

Question 26

airocrack-ng

Answer 26

conducts protocol and PW cracking of wireless encryption

Question 27

OWASP ZAP

Answer 27

web app security scanner and attack proxy for web app vulnerabilities

Question 28

Burp suite

Answer 28

graphical tool for web app scanning

Question 29

BeEF

Answer 29

browser exploitation framework
social engineering tool focused on the web browser

Question 30

ncat

Answer 30

CL tool for reading, writing, redirecting, and encrypting data on a network
new version of net cat

Question 31

netcat

Answer 31

swiss army knife
CL tool for reading, writing, redirecting, and encrypting data on a network

Question 32

proxychains

Answer 32

CL tool that allows you to mask your identity and/or source IP address by sending messages through proxy servers or other intermediaries

Question 33

drozer

Answer 33

complete security audit and attack framework for android

Question 34

powersploit

Answer 34

collection of powershell modules for pentesting, post exploitation

Question 35

searchsploit

Answer 35

tool used to find exploits available in exploit-DB

Question 36

responder

Answer 36

CL tool in Kali used to poison netbios, LLMNR, and MDNS name resolution requests

Question 37

impacket

Answer 37

collection of python classes for working with network protocols and the exploitation of windows systems

Question 38

Route

Answer 38

evasion tool

Question 39

hopper

Answer 39

used for decompilation

Question 40

foremost
FTK
Encase
Tableau

Answer 40

forensics tools

Question 41

bloodhound

Answer 41

explores active directory trust relationships and abuse rights on AD objects

Question 42

metagoofil

Answer 42

search metadata associated with public documents on target’s website

Question 43

open SCAP

Answer 43

vuln scanner created by NIST that is used to create a predetermined baseline for finding vulnerabilities and deviations in a system

Question 44

Wapiti

Answer 44

web app vuln scanner that automatically navigates a web app looking for areas to inject data

Question 45

brakeman

Answer 45

static code analysis for ruby on rails

Question 46

tcpdump

Answer 46

conducts packet sniffing, decoding, and analysis

Question 47

EAPHammer

Answer 47

used to steal EAP authentication credentials using WPA2-enterprise network
wireless tool

Question 48

mdk4

Answer 48

wireless vuln exploit toolkit that can conduct 10 types of 802.11 exploit techniques

Question 49

reaver

Answer 49

brute force tool for WPS pin to recover wpa psk

Question 50

empire

Answer 50

c2 framework that uses powershell for common post exploit task on windows and python for post exploit tasks on linux
easily identifies

Question 51

fern

Answer 51

tests wireless networks by conducting PW recovery through brute force and dictionary attacks as well as hijacking, replay and on path attacks
GUI

Question 52

go buster

Answer 52

brute force dictionary, file and DNA id tool to identify unlisted resources on web app

Question 53

openstego

Answer 53

stego tool to hide data in a file and watermark file with invisible signature to detect unauthorized copying

Question 54

steghide

Answer 54

conceals payload into image or audio file

Question 55

sonic visualizer

Answer 55

app for viewing and analyzing contents of music audio files

Question 56

tineye

Answer 56

website used to reverse image searches

Question 57

covenant

Answer 57

.net framework focused on pen testing that also has a development and debugging component
also used as a c2 platform

Question 58

mitm6

Answer 58

ipv6 dns hacking tool. replies to DHCPv6 messages and redirects the victim to another malicious host

Question 59

crack map exec

Answer 59

post exploit tool to identify vulnerabilities in AD environments

Question 60

trufflehog

Answer 60

git secrets search tool that crawls through repositories looking for accidental commits of secrets to git repositories.