Security Tools Flashcards
What is tracert used for and what is it’s linux counterpart
Tracert is a network diagnostic tool for displaying possible routes and measuring transit delays of packets across an IP network
The Linux cmd is “trace route”
What is nslookup and its linux counterpart
Used to determine the IP address associated with a domain name. Can be used to obtain the mail server settings for a domain and other DNS information.
The Linux cmd is “dig”
What is ipconfig used for and what is its linux computerpart
displays network configuration of the currently connected network devices and can modify DHCP and DNS settings
The Linux cmd is “ifconfig”
what is Nmap
opensource network scanner that is used to discover hosts and services on a computer network by sending packets and analyzing their responses
What is ping used for and its linux counterpart
utility used to determine if a host is reachable on an IP network
The Linux cmd is “path ping”
What is Hping
open source packet generator and analyzer for the TCP/IP protocol used for security auditing and listing of firewalls and networks
NMAP makes use of this
What is netstat
utility that displays network connections for TCP , routing tables, and a number of network interfaces and network protocol statistics
What is netcat
Used for reading from and writing to a network connection using TCP or UDP. Dependable back end that can be used directly or easily driven by other programs and scripts
What is netcat used for
Banner grabbing of webservers
Shell connections and remote control of machines.
Blocked by most security policies
What is ARP
Utility for viewing and modifying the local address resolution protocol cache on a given host or server.
Layer 2 protocol, ARP messages and Mac address
ARP cache contains the Mac>IP Table
What is the route command used for
used to view and manipulate the IP routing tables on a host or server
Every PC has an embedded router, and route allows you to interact with it
What is Curl
A tool used to transfer data to or from a server using any of the supported protocols including
(SCP, SMTP, TFTP, Telnet, LDAP, File)
Used by analysts when testing protocols over a network or server
What is the harvester
Python script that is used to gather emails, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines, and PGP key servers
What is Sn1per
automated scanner that scan be used during pentest to enumerate vulnerabilities across a network
what is scanless
utility that is used to create an exploitation websites that can perform open port scans in a more stealth manor.
What is DNSenum
utility that is used for DNS enumeration to locate all DNS servers and DNS entries for a targeted organization
What is Nessus used for
Proprietary vulnerability scanner thatn can remotley scan a comptuter or network for vulnerablites
Infrastructure scanner for routers switches, hosts
What is Cuckoo
open source sosftware for automating the analysis of suspicious files
program that allows files to be placed in a sandbox to see how they act when executed or acted upon
Describe the head, tail and cat linux commands
head - will display first 10 lines of a file to the screen
Tail - will display the last 10 lines of a file to the screen
cat - will display the entire file to the screen
What is grep and how is it used
CLI for searching plaintext datasets for lines that match a regular expression or pattern
What is chmod used for
Changing access permissions of file system objects
What is logger
CLI that is an easy wat to add messages to the /var/log/syslog file from the CLI
what is SSH
Secure Shell - supporst encrypted data transfer between 2 pcs for secure logon, file transfers, and general purpose connections
What is OpenSSL
software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
allows for SSL/TLS tunneling for services
What is tcpdump
CLI that captures and analyzes network traffic going through your system
What is TCPreplay
Suite of free open-source utilities for editing and replaying previously captured network traffic
What is dd used for
CLI utility used to copy disk images using a bit-by-bit copying process
What is FTK Imager used for
Data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with forensic tools are needed.
What is memdump
linux command that dumps system memory to the standed output stream by skipping over holes in memory map
what is winhex
Commercial disk editor and universal hexadecimal editor used for data recover and digital forensics
What is autopsy
digital forensics platform and gui to the sleuthkit and other digital forensic tool
what is metasploit
computer security tool that offers info about software vulnerabilities , ID signatures development and improves pen testing
What is Beef
Browser exploitation framework - Tool that can hook one or more browsers and can use them as a beach head for launching various direct commands and further attacks against the system from within the browser context
What is cain and abel
Password recovery tool that can be used through sniffing the network, cracking passwords through brute force, dictionary and cryptoanalysis attacks, record VOIP conversations, decode scrambled passwords, reveal PWs and analyze routing protocols
What is jack the ripper
open source auditing and password recovery tool for many OSes, allows for the brute force and dictionary attacks