Sybex - Tools Flashcards
Be able to state the purpose and use case for all of the tools in this list
WHOIS
OSINT: gather info from public records about domain ownership
Nslookup
OSINT: Help identify IP address associated with an organization
theHarvester
OSINT: Scours search engines and other sources to find email addresses, employee names, and infrastructure details about an org
Recon-ng
OSINT: Modular web reconnaissance framework that organizes and manages OSINT work. (Need more info on this)
Censys
OSINT: web-based tool that probes IP addresses across the internet then provides pen testers with access to that info through a search engine
FOCA
OSINT: Fingerprinting Organizations with Collective Archives; Find Metadata in Office Documents, PDFs, and other common file formats
Shodan
OSINT: Specialized Search Engine for discovery of vulnerable IoT devices from public sources
Maltego
OSINT: commercial product that assists with visualization of data gathered via OSINT
NMAP
OSINT: Port Scanning and Network Mapping tool
Nessus
VulnScan: commercial tool used to scan wide variety of devices
OpenVAS
VulnScan: OSS network vuln scanner
SqlMap
VulnScan: automate Sql injection attacks against web apps with database back ends
Nikto, Wapiti, W3AF
VulnScan: OSS Web Application vuln scanners
WPScan
VulnScan: Web app testing tool designed to work with websites running WordPress
SCAP
VulnScan: (Security Content Automation Protocol) Set of tools designed to help orgs manage compliance and security standards
SET
SocialEngineer: (Social Engineering Toolkit) Framework for automating the social engineering process; sending spearphishing emails, hosting fake websites, collecting credentials
BeEF
SocialEngineer: (Browser Exploitation Framework) automated toolkit for using social engineering to take over a victim’s web browser
Hashcat
CredentialTest: password cracking and reverse-engineer hashed password tool
John the Ripper
CredentialTest: password cracking and reverse-engineer hashed password tool
Hydra
CredentialTest: password cracking and reverse-engineer hashed password tool
Medusa
CredentialTest: password cracking and reverse-engineer hashed password tool
Patator
CredentialTest: password cracking and reverse-engineer hashed password tool
Cain
CredentialTest: password cracking and reverse-engineer hashed password tool
CeWL
CredentialTest: custom wordlist generator that searched websites for keywords that may be used in password-guessing attacks
Mimikatz
CredentialTest: Retrieve creds from memory on Windows machines
DirBuster
CredentialTest: brute-forcing tool to enumerate files and directories on web server
Immunity Debugger
Debugger/SoftwareTest: supports pentesting and reverse engineering malware
GDB
Debugger/SoftwareTest: OSS debugger for Linux for use with many programming languages
OllyDbg
Debugger/SoftwareTest:Windows debugger that works on binary code at the assembly language level
WinDbg
Debugger/SoftwareTest:Windows Specific debug tool created by Microsoft
IDA
Debugger/SoftwareTest:commercial debugging tool for use on Windows/Mac/Linux
Brakeman
Debugger/SoftwareTest:static software analysis tool for scanning Ruby on Rails apps
Covenant
Debugger/SoftwareTest:software security testing tool for testing .NET apps
TruffleHog
Debugger/SoftwareTest: scans through code repos for accidentally published secrets
Wireshark
Network Testing: protocol analyzer, eavesdrop on network traffic
Hping
Network Testing: command line tool to artificially generate network traffic
Aircrack-ng
Network Testing: wireless network security testing tool
WiFite
Network Testing: wireless network security testing tool
mdk4
Network Testing: wireless network security testing tool
Fern
Network Testing: wireless network security testing toolK
Kismet
Network Testing: wireless network security testing tool
Rogue Wireless Access points
Network Testing: used to attract connections from people
EAPHammer
Network Testing: used to conduct evil twin attacks against WPA2-Enterprise wireless networks
Reaver
Network Testing: conduct attacks against networks that support WPS
Spooftooph
Network Testing: bluetooth attacks
Wireless Geographic Logging Engine (WiGLE)
Network Testing: open database of wireless network info collected by community and published for open access
Online SSL Checkers
Network Testing: determine if websites are susceptible to TLS/SSL vulnerabilities
SSH
Remote Access: secure encrypted communication
Ncat and Netcat
Remote Access: easy way to read and write data over network connections
ProxyChains
Remote Access: allows testers to force connections through a proxy server where they may be inspected and altered before being passed onto final destination
Metasploit
Exploitations: most popular exploitation framework that supports thousands of plug-ins
SearchSploit
Exploitations: command-line tool to search through db of known exploits
PowerSploit
Windows-centric sets of Powershell Scripts to automate penetration testing tasksWindows-centric sets of Powershell Scripts to automate penetration testing tasks
Empire
Exploitations:Windows-centric sets of Powershell Scripts to automate penetration testing tasks
Responder
Exploitations: toolkit used to answer NetBIOS queries from Windows Systems
Impacket
Exploitations: set of network tools that provide low-level access to network protocols
Mitm6
Exploitations: tool used to conduct attacks against IPv6 networks
CrackMapExec
Exploitations: set of tools to evaluate AD environment after gaining network access
OpenSteg
Steganography: general purpose tool to hide text within images and other binary files
Steghide
Steganography: general purpose tool to hide text within images and other binary files
Coagula
Steganography: used to embed text within audio files
Sonic Visualizer
Steganography: audio analysis tool to detect alterations that may have been made by steganography tools
Snow
Steganography: Uses white space and tabs in a document to hide information
TinEye
Steganography: reverse image search tool that allows researchers to identify the original image when they suspect steg is being used
Metagoofil
Steganography: extract metadata from a large variety of file types
ScoutSuite
CloudTools: Cloud Security and Auditing tool
CloudBrute
CloudTools: scanner used to identify cloud components used by organizations
Pacu
CloudTools: cloud exploitation framework used specifically for AWS environments
Cloud Custodian
CloudTools: rule enforcement engine to ensure consistent application of security rules across environments
ExifTool
OSINT: easily see metadata on a file
