Section 24: Tools Flashcards
Wapiti
A web application vulnerability scanner which will automatically navigate a web app looking for areas where it can inject data to target different vulnerabilities
WPScan
A WordPress site vulnerability scanner that identifies the plugins used by the website against a database of known vulnerabilities
Brakeman
A static code analysis security tool that is used to identify vulnerabilities in applications written in Ruby on Rails
Kismet
An open-source tool that contains a wireless sniffer, a network detector, and an intrusion detection system
Wifite
A wireless auditing tool that can be used to conduct a site survey to locate rogue and hidden access points
mdk4
A wireless vulnerability exploitation toolkit that can conduct 10 different types of 802.11 exploitation techniques
Fern
Tests wireless networks by conducting password recovery through brute force and dictionary attacks, as well as session hijacking, replay, and onpath attacks
ProxyChains
▪ A command-line tool that enables penetration testers to mask their identity and/or source IP address by sending messages through proxy servers or other intermediaries
Patator
A multi-purpose brute-force tool that that supports several different methods, including ftp, ssh, smb, vnc, and zip password cracking
Patator
A multi-purpose brute-force tool that that supports several different methods, including ftp, ssh, smb, vnc, and zip password cracking
Snow
A command-line steganography tool that conceals a payload within the whitespace of an ASCII formatted text file in plaintext or encrypted format
Coagula
An image synthesizer tool that can be used to create a sound file (.wav) from a given image
OllyDbg
▪ A Linux debugger that can be used to analyze binary code found in 32-bit
Windows applications
GNU Debugger (GDB)
An open-source, cross-platform debugger for Unix, Windows, and MacOS
CrackMapExec
A post-exploitation tool to identify vulnerabilities in Active Directory environments
