Sybex - Tools

Question 1

WHOIS

Answer 1

OSINT: gather info from public records about domain ownership

Question 2

Nslookup

Answer 2

OSINT: Help identify IP address associated with an organization

Question 3

theHarvester

Answer 3

OSINT: Scours search engines and other sources to find email addresses, employee names, and infrastructure details about an org

Question 4

Recon-ng

Answer 4

OSINT: Modular web reconnaissance framework that organizes and manages OSINT work. (Need more info on this)

Question 5

Censys

Answer 5

OSINT: web-based tool that probes IP addresses across the internet then provides pen testers with access to that info through a search engine

Question 6

FOCA

Answer 6

OSINT: Fingerprinting Organizations with Collective Archives; Find Metadata in Office Documents, PDFs, and other common file formats

Question 7

Shodan

Answer 7

OSINT: Specialized Search Engine for discovery of vulnerable IoT devices from public sources

Question 8

Maltego

Answer 8

OSINT: commercial product that assists with visualization of data gathered via OSINT

Question 9

NMAP

Answer 9

OSINT: Port Scanning and Network Mapping tool

Question 10

Nessus

Answer 10

VulnScan: commercial tool used to scan wide variety of devices

Question 11

OpenVAS

Answer 11

VulnScan: OSS network vuln scanner

Question 12

SqlMap

Answer 12

VulnScan: automate Sql injection attacks against web apps with database back ends

Question 13

Nikto, Wapiti, W3AF

Answer 13

VulnScan: OSS Web Application vuln scanners

Question 14

WPScan

Answer 14

VulnScan: Web app testing tool designed to work with websites running WordPress

Question 15

SCAP

Answer 15

VulnScan: (Security Content Automation Protocol) Set of tools designed to help orgs manage compliance and security standards

Question 16

SET

Answer 16

SocialEngineer: (Social Engineering Toolkit) Framework for automating the social engineering process; sending spearphishing emails, hosting fake websites, collecting credentials

Question 17

BeEF

Answer 17

SocialEngineer: (Browser Exploitation Framework) automated toolkit for using social engineering to take over a victim’s web browser

Question 18

Hashcat

Answer 18

CredentialTest: password cracking and reverse-engineer hashed password tool

Question 19

John the Ripper

Answer 19

CredentialTest: password cracking and reverse-engineer hashed password tool

Question 20

Hydra

Answer 20

CredentialTest: password cracking and reverse-engineer hashed password tool

Question 21

Medusa

Answer 21

CredentialTest: password cracking and reverse-engineer hashed password tool

Question 22

Patator

Answer 22

CredentialTest: password cracking and reverse-engineer hashed password tool

Question 23

Cain

Answer 23

CredentialTest: password cracking and reverse-engineer hashed password tool

Question 24

CeWL

Answer 24

CredentialTest: custom wordlist generator that searched websites for keywords that may be used in password-guessing attacks

Question 25

Mimikatz

Answer 25

CredentialTest: Retrieve creds from memory on Windows machines

Question 26

DirBuster

Answer 26

CredentialTest: brute-forcing tool to enumerate files and directories on web server

Question 27

Immunity Debugger

Answer 27

Debugger/SoftwareTest: supports pentesting and reverse engineering malware

Question 28

GDB

Answer 28

Debugger/SoftwareTest: OSS debugger for Linux for use with many programming languages

Question 29

OllyDbg

Answer 29

Debugger/SoftwareTest:Windows debugger that works on binary code at the assembly language level

Question 30

WinDbg

Answer 30

Debugger/SoftwareTest:Windows Specific debug tool created by Microsoft

Question 31

IDA

Answer 31

Debugger/SoftwareTest:commercial debugging tool for use on Windows/Mac/Linux

Question 32

Brakeman

Answer 32

Debugger/SoftwareTest:static software analysis tool for scanning Ruby on Rails apps

Question 33

Covenant

Answer 33

Debugger/SoftwareTest:software security testing tool for testing .NET apps

Question 34

TruffleHog

Answer 34

Debugger/SoftwareTest: scans through code repos for accidentally published secrets

Question 35

Wireshark

Answer 35

Network Testing: protocol analyzer, eavesdrop on network traffic

Question 36

Hping

Answer 36

Network Testing: command line tool to artificially generate network traffic

Question 37

Aircrack-ng

Answer 37

Network Testing: wireless network security testing tool

Question 38

WiFite

Answer 38

Network Testing: wireless network security testing tool

Question 39

mdk4

Answer 39

Network Testing: wireless network security testing tool

Question 40

Fern

Answer 40

Network Testing: wireless network security testing toolK

Question 41

Kismet

Answer 41

Network Testing: wireless network security testing tool

Question 42

Rogue Wireless Access points

Answer 42

Network Testing: used to attract connections from people

Question 43

EAPHammer

Answer 43

Network Testing: used to conduct evil twin attacks against WPA2-Enterprise wireless networks

Question 44

Reaver

Answer 44

Network Testing: conduct attacks against networks that support WPS

Question 45

Spooftooph

Answer 45

Network Testing: bluetooth attacks

Question 46

Wireless Geographic Logging Engine (WiGLE)

Answer 46

Network Testing: open database of wireless network info collected by community and published for open access

Question 47

Online SSL Checkers

Answer 47

Network Testing: determine if websites are susceptible to TLS/SSL vulnerabilities

Question 48

SSH

Answer 48

Remote Access: secure encrypted communication

Question 49

Ncat and Netcat

Answer 49

Remote Access: easy way to read and write data over network connections

Question 50

ProxyChains

Answer 50

Remote Access: allows testers to force connections through a proxy server where they may be inspected and altered before being passed onto final destination

Question 51

Metasploit

Answer 51

Exploitations: most popular exploitation framework that supports thousands of plug-ins

Question 52

SearchSploit

Answer 52

Exploitations: command-line tool to search through db of known exploits

Question 53

PowerSploit

Answer 53

Windows-centric sets of Powershell Scripts to automate penetration testing tasksWindows-centric sets of Powershell Scripts to automate penetration testing tasks

Question 54

Empire

Answer 54

Exploitations:Windows-centric sets of Powershell Scripts to automate penetration testing tasks

Question 55

Responder

Answer 55

Exploitations: toolkit used to answer NetBIOS queries from Windows Systems

Question 56

Impacket

Answer 56

Exploitations: set of network tools that provide low-level access to network protocols

Question 57

Mitm6

Answer 57

Exploitations: tool used to conduct attacks against IPv6 networks

Question 58

CrackMapExec

Answer 58

Exploitations: set of tools to evaluate AD environment after gaining network access

Question 59

OpenSteg

Answer 59

Steganography: general purpose tool to hide text within images and other binary files

Question 60

Steghide

Answer 60

Steganography: general purpose tool to hide text within images and other binary files

Question 61

Coagula

Answer 61

Steganography: used to embed text within audio files

Question 62

Sonic Visualizer

Answer 62

Steganography: audio analysis tool to detect alterations that may have been made by steganography tools

Question 63

Snow

Answer 63

Steganography: Uses white space and tabs in a document to hide information

Question 64

TinEye

Answer 64

Steganography: reverse image search tool that allows researchers to identify the original image when they suspect steg is being used

Question 65

Metagoofil

Answer 65

Steganography: extract metadata from a large variety of file types

Question 66

ScoutSuite

Answer 66

CloudTools: Cloud Security and Auditing tool

Question 67

CloudBrute

Answer 67

CloudTools: scanner used to identify cloud components used by organizations

Question 68

Pacu

Answer 68

CloudTools: cloud exploitation framework used specifically for AWS environments

Question 69

Cloud Custodian

Answer 69

CloudTools: rule enforcement engine to ensure consistent application of security rules across environments

Question 70

ExifTool

Answer 70

OSINT: easily see metadata on a file