Tools

Question 1

WHOIS

Answer 1

a query and response protocol used for querying databases that store registered users or assignees of an internet resource

Question 2

Nslookup

Answer 2

Command-line tool for querying DNS to obtain mapping between domain names and IP addresses

Question 3

Fingerprinting Organizations with Collected Archives (FOCA)

Answer 3

Used to find metadata and hidden information in collected documents from an organization

Question 4

theHarvester

Answer 4

Program for gathering emails, subdomains, hosts, employee names, PGP key entries, open ports and service banners from servers

Question 5

Shodan

Answer 5

Website search engine for web cameras, routers, servers and other devices that considered part of the Internet of Things

Question 6

Maltego

Answer 6

Commercial software for conducting OSINT that visually helps connect those relationships

Question 7

Recon-ng

Answer 7

Cross platform web reconnaissance framework that uses a system of modules to add additional features and functions for your use

Question 8

Censys

Answer 8

Website search engine used for finding hosts and networks across the internet with data and their configuration

Question 9

Nikto

Answer 9

Web vulnerability scanner that is used to assess custom web applications that a company may have coded themselves

Question 10

OpenVAS

Answer 10

Open source vulnerability scanner that is used to identify vulnerabilities and assign a risk rating for those targeted assets

Question 11

Nessus

Answer 11

A proprietary vulnerability scanner that is used to conduct basic, advanced and compliance vulnerability scans to measure the effectiveness of the systems security controls

Question 12

SQLmap

Answer 12

An open-source database scanner that searches for SQL injection vulnerabilities that can be exploited

Question 13

Open SCAP (Security Content Automation Protocol)

Answer 13

A tool created by NIST that is used to create a predetermined security baseline to determine vulnerabilities or deviations in a system

Question 14

Wapiti

Answer 14

Web Application vulnerability scanner which will automatically navigate a web app looking for areas where it can inject data to target different vulnerabilities

Question 15

WPScan

Answer 15

A WordPress site vulnerability scanner that identifies the plugins used by the website against a database of known vulnerabilities

Question 16

Brakeman

Answer 16

Static code analysis security tool that is used to identify vulnerabilities in applications written in Ruby on Rails

Question 17

ScoutSuite

Answer 17

Open-source tool written in Python that can be used to audit instances and policies created on multicloud platforms by collecting data using API calls

Question 18

Wireshark

Answer 18

An open-source protocol analysis tool that can conduct packet sniffing, decoding, and analysis

Question 19

Tcpdump

Answer 19

A command-line protocol analysis tool that cna conduct packet sniffing, decoding, and analysis

Question 20

Hping

Answer 20

An open-source packet crafting tool used to exploit vulnerable firewalls and IDS/IPS

Question 21

Aircrack-ng

Answer 21

Open-source wireless exploitation tool kit consisting of airomon-ng, airodump-ng, aireplay-ng, and airocrack-ng

Question 22

Airomon-NG

Answer 22

User to monitor wireless frequencies to identify access points and clients

Question 23

Airodump-NG

Answer 23

Used to capture network traffic and save it to a PCAP file

Question 24

Airocrack-NG

Answer 24

Used to conduct protocol and password cracking of wireless encryption

Question 25

Kismet

Answer 25

Open-source tool that contains a wireless sniffer, network detector, and IDS

Question 26

Wifite

Answer 26

Wireless auditing tool that can be used to conduct a site survey to locate rogue and hidden access points

Question 27

EAPHammer

Answer 27

Python-based toolkit that can be used to steal EAP authentication credentials used in a WPA2-Enterprise network

Question 28

mdk4

Answer 28

Wireless vulnerability exploitation toolkit that can conduct 10 different types of 802.11 exploitation techniques

Question 29

Spooftooph

Answer 29

Automates the spoofing or cloning of a Bluetooth device’s name, class, and address.

Question 30

Reaver

Answer 30

A tool that conducts a brute-force attack against an access point’s Wi-Fi Protected Setup (WPS) PIN to recover the WPA PSK

Question 31

Wireless Geographic Logging Engine (WiGLE)

Answer 31

Wireless OSINT tool that consists of a website and database dedicated to mapping and indexing all known wireless access points

Question 32

Fern

Answer 32

Tests wireless networks by conducting password recovery through brute force and dictionary attacks, as well as session hijacking, replay and on-path attacks

Question 33

Social Engineering Toolkit (SET)

Answer 33

Python-based collection of tools and scripts that are used to conduct social engineering during a penetration test

Question 34

Browser Exploitation Framework (BeEF)

Answer 34

Used to assess the security posture of a target environment using cross-site attack vectors

Question 35

Netcat (nc)

Answer 35

Command-line utility used to read from or write to TCP, UDP, or Unix domain socket network connections

Question 36

Ncat

Answer 36

Improved version of Netcat which can also act as a proxy, launch executable, transfer files, and encrypt all communications to and from the victim machine

Question 37

ProxyChains

Answer 37

Command-line tool that enables pen testers to mask their identity and/or source IP address by sending messages through proxy servers or intermediaries

Question 38

Hashcat

Answer 38

Modern password and hash cracking tool that supports the use of GPUs for parallel processing when conducting dictionary, brute force, and hybrid attacks

Question 39

Medusa

Answer 39

Parallel brute-force tool that is used against network logins to attack services that support remote authentication

Question 40

Hydra

Answer 40

Parallel brute-force tool that also supports a pw-inspect module to only attempt passwords from a dictionary that meets the minimum password requirements for a given system

Question 41

CeWL

Answer 41

Used to generate word lists based on the automatic crawling of a website to collect words and metadata from the site

Question 42

John the Ripper

Answer 42

A password cracking tool that supports large sets of hashes and dictionary and brute-force attacks

Question 43

Cain

Answer 43

Legacy password cracking and hash dumping tool that can conduct network sniffing to identify hashes that may be vulnerable to cracking

Question 44

Patator

Answer 44

Multipurpose brute-force tool that supports several different methods, including ftp, ssh,smb,vnc, and zip password cracking

Question 44

Mimikatz

Answer 44

Tool that gathers credentials by extracting key elements from the memory of a system such as clear text passwords, hashes, and PIN codes

Question 45

DirBuster

Answer 45

Brute-force tool run against a web application or server to identify unlisted directories and file names that maybe accessed

Question 46

Web Application Attack and Audit Framework (w3af)

Answer 46

Tool used to identify and exploit a large set of web-based vulnerabilites, such as SQL injection and cross-site scripting

Question 47

OWASP ZAP (Zed Attack Proxy)

Answer 47

Open-source web application security scanner and attack proxy used in automated and manual testing and identification of web application vulnerabilities

Question 48

Burp Suite

Answer 48

Used in raw traffic interception inspection, and modification during automated testing, manual request modification and passive web application analysis

Question 49

Gobuster

Answer 49

Brute-force dictionary, file, and DNS identification tool used to identify unlisted resources in a web application

Question 50

CloudBrute

Answer 50

Used to find a target’s infrastructure, files, and apps across the top cloud service providers, including Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, and Linode

Question 51

Pacu

Answer 51

Exploitation framework used to assess the security configuration of an Amazon Web Services (AWS) account

Question 52

Cloud Custodian

Answer 52

Open-Source cloud security, governance, and management tool designed to help admins create policies based on different resource types.

Question 53

OpenStego

Answer 53

Free steganography solution to conduct data hiding within a file and watermarking of files with invisible signatures to detect unauthorized file copying

Question 54

Steghide

Answer 54

Open-source stenography tool used to conceal a payload by compressing, concealing and encrypting its data in an image or audio file

Question 55

Snow

Answer 55

command-line steganography tool that conceals a payload withing the whitespace of ans ASCII formatted text file in plaintext or encrypted format

Question 56

Coagula

Answer 56

Image synthesizer tool that can be used to create a sound file from a given image

Question 57

Sonic Visualizer

Answer 57

An open-source application for viewing and analyzing the contents of music audio files

Question 58

Metagoofil

Answer 58

Python-based tool that can search for metadata from public documents located on a target’s website