Tools Flashcards
WHOIS
a query and response protocol used for querying databases that store registered users or assignees of an internet resource
Nslookup
Command-line tool for querying DNS to obtain mapping between domain names and IP addresses
Fingerprinting Organizations with Collected Archives (FOCA)
Used to find metadata and hidden information in collected documents from an organization
theHarvester
Program for gathering emails, subdomains, hosts, employee names, PGP key entries, open ports and service banners from servers
Shodan
Website search engine for web cameras, routers, servers and other devices that considered part of the Internet of Things
Maltego
Commercial software for conducting OSINT that visually helps connect those relationships
Recon-ng
Cross platform web reconnaissance framework that uses a system of modules to add additional features and functions for your use
Censys
Website search engine used for finding hosts and networks across the internet with data and their configuration
Nikto
Web vulnerability scanner that is used to assess custom web applications that a company may have coded themselves
OpenVAS
Open source vulnerability scanner that is used to identify vulnerabilities and assign a risk rating for those targeted assets
Nessus
A proprietary vulnerability scanner that is used to conduct basic, advanced and compliance vulnerability scans to measure the effectiveness of the systems security controls
SQLmap
An open-source database scanner that searches for SQL injection vulnerabilities that can be exploited
Open SCAP (Security Content Automation Protocol)
A tool created by NIST that is used to create a predetermined security baseline to determine vulnerabilities or deviations in a system
Wapiti
Web Application vulnerability scanner which will automatically navigate a web app looking for areas where it can inject data to target different vulnerabilities
WPScan
A WordPress site vulnerability scanner that identifies the plugins used by the website against a database of known vulnerabilities
Brakeman
Static code analysis security tool that is used to identify vulnerabilities in applications written in Ruby on Rails
ScoutSuite
Open-source tool written in Python that can be used to audit instances and policies created on multicloud platforms by collecting data using API calls
Wireshark
An open-source protocol analysis tool that can conduct packet sniffing, decoding, and analysis
Tcpdump
A command-line protocol analysis tool that cna conduct packet sniffing, decoding, and analysis
Hping
An open-source packet crafting tool used to exploit vulnerable firewalls and IDS/IPS
Aircrack-ng
Open-source wireless exploitation tool kit consisting of airomon-ng, airodump-ng, aireplay-ng, and airocrack-ng
Airomon-NG
User to monitor wireless frequencies to identify access points and clients
Airodump-NG
Used to capture network traffic and save it to a PCAP file
Airocrack-NG
Used to conduct protocol and password cracking of wireless encryption
Kismet
Open-source tool that contains a wireless sniffer, network detector, and IDS
Wifite
Wireless auditing tool that can be used to conduct a site survey to locate rogue and hidden access points
EAPHammer
Python-based toolkit that can be used to steal EAP authentication credentials used in a WPA2-Enterprise network
mdk4
Wireless vulnerability exploitation toolkit that can conduct 10 different types of 802.11 exploitation techniques
Spooftooph
Automates the spoofing or cloning of a Bluetooth device’s name, class, and address.
Reaver
A tool that conducts a brute-force attack against an access point’s Wi-Fi Protected Setup (WPS) PIN to recover the WPA PSK
Wireless Geographic Logging Engine (WiGLE)
Wireless OSINT tool that consists of a website and database dedicated to mapping and indexing all known wireless access points
Fern
Tests wireless networks by conducting password recovery through brute force and dictionary attacks, as well as session hijacking, replay and on-path attacks
Social Engineering Toolkit (SET)
Python-based collection of tools and scripts that are used to conduct social engineering during a penetration test
Browser Exploitation Framework (BeEF)
Used to assess the security posture of a target environment using cross-site attack vectors
Netcat (nc)
Command-line utility used to read from or write to TCP, UDP, or Unix domain socket network connections
Ncat
Improved version of Netcat which can also act as a proxy, launch executable, transfer files, and encrypt all communications to and from the victim machine
ProxyChains
Command-line tool that enables pen testers to mask their identity and/or source IP address by sending messages through proxy servers or intermediaries
Hashcat
Modern password and hash cracking tool that supports the use of GPUs for parallel processing when conducting dictionary, brute force, and hybrid attacks
Medusa
Parallel brute-force tool that is used against network logins to attack services that support remote authentication
Hydra
Parallel brute-force tool that also supports a pw-inspect module to only attempt passwords from a dictionary that meets the minimum password requirements for a given system
CeWL
Used to generate word lists based on the automatic crawling of a website to collect words and metadata from the site
John the Ripper
A password cracking tool that supports large sets of hashes and dictionary and brute-force attacks
Cain
Legacy password cracking and hash dumping tool that can conduct network sniffing to identify hashes that may be vulnerable to cracking
Patator
Multipurpose brute-force tool that supports several different methods, including ftp, ssh,smb,vnc, and zip password cracking
Mimikatz
Tool that gathers credentials by extracting key elements from the memory of a system such as clear text passwords, hashes, and PIN codes
DirBuster
Brute-force tool run against a web application or server to identify unlisted directories and file names that maybe accessed
Web Application Attack and Audit Framework (w3af)
Tool used to identify and exploit a large set of web-based vulnerabilites, such as SQL injection and cross-site scripting
OWASP ZAP (Zed Attack Proxy)
Open-source web application security scanner and attack proxy used in automated and manual testing and identification of web application vulnerabilities
Burp Suite
Used in raw traffic interception inspection, and modification during automated testing, manual request modification and passive web application analysis
Gobuster
Brute-force dictionary, file, and DNS identification tool used to identify unlisted resources in a web application
CloudBrute
Used to find a target’s infrastructure, files, and apps across the top cloud service providers, including Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, and Linode
Pacu
Exploitation framework used to assess the security configuration of an Amazon Web Services (AWS) account
Cloud Custodian
Open-Source cloud security, governance, and management tool designed to help admins create policies based on different resource types.
OpenStego
Free steganography solution to conduct data hiding within a file and watermarking of files with invisible signatures to detect unauthorized file copying
Steghide
Open-source stenography tool used to conceal a payload by compressing, concealing and encrypting its data in an image or audio file
Snow
command-line steganography tool that conceals a payload withing the whitespace of ans ASCII formatted text file in plaintext or encrypted format
Coagula
Image synthesizer tool that can be used to create a sound file from a given image
Sonic Visualizer
An open-source application for viewing and analyzing the contents of music audio files
Metagoofil
Python-based tool that can search for metadata from public documents located on a target’s website
