Tools Flashcards
hping
port scanner that can send out any kind of TCP, UDP, or ICMP packet, or can receive packets from targets. hping3 is current.
netcat
run with nc, very flexible tool. Can open any port on a local system, making the system act like a sandbox. Port scanner as well as port redirector.
cURL
Linux terminal tool enables any form of file transfer. Supports a lot of protocols for file transfer
theHarvester
a program designed to search OSINT for information about domains, with an emphasis on e-mail messages. Very good at finding where domain e-mail messages are used, uses many sources
Sn1per
pen testing reconnaissance framework and automated attack tool. works with other popular tools like NMap, Metasploit to gather info about the target. Very powerful.
scanless
a Python 3 command-line utility and library for using Web sites that can perform port scans on your behalf
dnsenum
DNS enumeration - finds all the DNS servers for a specific domain - important step for many types of pen testing
Cuckoo Sandbox
malware analyzer. Run it with a suspicious file, and the program will analyze it for malware. Very powerful and easy to use, is constantly updated for new forms of malware and often more aware than many anti-malware tools
tcpreplay
pcap file type is the standard way to store and analyze packet captures. tcpreplay enables you to edit and replacy pcap files out to your network.
libpcap
Linux packet sniffer, usually installed with the protocol or packet analyzer
WinPcap
Windows packet sniffer
Wireshark
most popular protocol analyzer software, works great and is free. Windows and Linux.
nmap
most commonly used network scanner, available for many OS’s. Can detect non-secure hosts on the network, command line and GUI
Nessus
network-based vulnerability scanner, can send specially crafted network traffic to a host, can show vulnerabilities like unsecure protocols, weak encryption, open file shares, etc.
Metasploit
A platform for penetration testing by the “good guys”. The go-to tool for pen testing. Incredible powerful and dangerous toolset when used incorrectly.
ping
query another system on a TCP/IP network to determine connectivity. Runs 4 times on Windows and stops automatically. Runs continuously in Linux until you press CTRL-C.
-a: Resolve addresses to hostnames
-t: run continuously
-f: Don’t Fragment flag in packet (IPv4)
-4: force using IPv4
-6: Force using IPv6
ipconfig
Windows utility, show current status of the network settings for a host system.
/all Get exhaustive listing of every IP and Ethernet setting
/release release the DHCP IP address lease
/renew renew the DHCP IP address lease
/flushdns clear the host’s DNS cache
/displaydns Display host’s DNS cache
ifconfig
UNIX/Linux and macOS utility. Show the current status of the network settings for a host system.
ip
Linux utility. IP command replaces ifconfig, doing many of the same tasks like viewing IP info on a system, checking statuses of network connections, managing routing, starting or stopping an ethernet interface. Shorter switch names.
arp
Observe and administer the mapped IPv4-to-Ethernet addresses for the local network. Windows and linux use the same switches. Only for IPv4!
Enables detection of ARP spoofing. provides the MAC address for the spoofing system.
netstat
Windows, Linux tool for getting info needed on the host system’s TCP and UDP connections, status of all open and listening ports, and other items like the routing table.
Shows all active connections between a host and other hosts.
netstat -a adds listening ports. Finding hidden servers or malware on a host.
netstat -b displays executable file making the connection
route
display and edit a host’s routing table. Enables you to find problems if packets leave your system but don’t get a response. Linux: route
Windows is route print.
netcat (nc)
uses ‘nc’, Linux terminal program, enables you to make any type of connection and see the results from a command line. primitive tool but can be great for penetration testing or hacking if you know the right commands
Handy scanning command. Can make your system listen on a port number
tracert/traceroute
Windows = tracert
Linux = traceroute
How packets are routed from a host to an endpoint. These commands send packets to each connection between the host and endpoint, checking the TTL (time to live) between connections.
Running it before there are any problems
pathping
Windows-only utility. Combination of tracert and ping. Pathping runs a traceroute, then pings each hop 100 times, determines latency accurately, but is slower than tracert. Forces no DNS resolution and requires only IPv4 addresses.
TCPView/PingPlotter
Graphical tools for things like netstat, ping/traceroute
nslookup
DNS tool in both Windows and Linux: queries DNS servers (assuming the DNS server is configured to respond) and returns detailed information about any DNS domain. You can run nslookup to ask a DNS server for all the NS (name server) records for any domain. Can be used for evil purposes.
dig
Linux-based DNS querying tool, many advantages over nslookup. Works with the host’s DNS settings, as opposed to nslookup which ignores the host’s DNS settings. Works well with scripting tools.
cat
Linux utility that combines (concatenates) files, create files, or view the contents of any text file.
chmod
enables you to change permissions on Linux for a file or directory.
grep
looks for search terms, strings, inside text files and returns any line of that text file containing the string you requested.
head/tail
beginning and ends of text files. First ten lines, last ten lines
logger
add text to log files manually
Powershell
Shell environment introduced by Microsoft in 2006, best combination of shell and scripting language, for Windows. Built-in scripting language. Supports Javascript, Python
Python
go-to scripting language for anything cross-platform
SSH
Secure Shell protocol, can manifest a terminal to a remote machine, assuming you have a username and password on that remote machine (and its running an SSH-compatible server). Runs on TCP port 22. SSH servers and clients must first create an encrypted connection. SSH server must generate SSH keys, a traditional RSA asymmetric key pair. OpenSSH
Angry IP Scanner
simple network scanner, uses simple protocols, mainly ping, to query a single IPv4 address or an address range. Good for a single network ID and does some basic port scanning
IP Scanner
macOS - simple network scanner, uses simplest protocols to query a local network
NMap
powerful network scanner - the gold standard for TCP/IP network scanners early on, had retained its prominence, updating.
Command-line tool with a powerful and complex number of switches and options.
By default, scans the 1000 most common port numbers by default. can scan an entire network ID. -v increases “verbosity”, more info. Works fine for any public-facing server.
Zenmap
graphical tool for Zenmap, great GUI.
Wireshark
protocol analyzer/packet sniffer, developed in 1998, powerful and free and works on all major OSes. default GUI very common. Enables an application programming interface (API) to enable a Network Interface Card (NIC) to ingest all traffic passing by, using the libpcap API in Linux or WinPcap API on Windows.
tcpdump
Linux protocol analyzer/packet sniffer, older than Wireshark
journalctl
Linux, displays all logs in a system in a single format. logger
syslog
complete protocol for the transmission and storage of Linux logs into a single syslog server. once theyre all stored in a single location, can use tools like journalctl to monitor the entire network
Simple Network Management Protocol (SNMP)
enables proactice monitoring of networkhosts in real time. Is a bandwidth monitor. have an agent isntalled on them that can report certain types of data back to a centralizer monitoring server. Agent is configured with a Management Information Base (MIB)
NetFlow/sflow
Cisco-based utility that provides real-time information about all the IP traffic in a system. sFlow provides similar info but runs in hardware. NetFlow is software.
IPFIX (internet protocol flow information export)
spawned from NetFlow version 9, has more flexibility in the types of information that can be combined and saved for analysis. IPFIX is an Internet Engineering Task Force (IETF) specification
dig
Domain Info Groper - command-line tool in non-Windows systems used to diagnose DNS problems
FTK Imager
a free tool that can image both systems and memory, can be used on Windows systems… Commercial software suite for analyzing system images and other digital evidence
dd
Linux and macOS terminal command used to create full disk images
