Tools Flashcards

1
Q

Framework for developing and executing exploit code against remote targets

A

Metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Browser Exploitation Framework for web-based client-side attacks

A

BeEF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Web application security testing and analysis suite

A

Burp Suite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Packet manipulation tool for network discovery and attacks

A

Scapy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Networking utility for reading and writing across network connections

A

NetCat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Windows-based debugger for kernel and user mode debugging

A

WinDbg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Search engine for finding devices connected to the internet

A

Shodan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Network security tool for man-in-the-middle attacks on LAN

A

Ettercap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Dynamic instrumentation toolkit for developers and researchers. Injection tool using JavaScript.

A

Frida

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Password cracking tool supporting numerous algorithms

A

John the Ripper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Password recovery tool for Windows operating systems

A

Cain and Abel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cloud security auditing tool supporting multiple cloud providers

A

Scout Suite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

network software suite for WiFi network security testing

A

Aircrack-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Web recon framework with database integration

A

Recon-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vulnerability scanner designed to identify software flaws

A

Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Tool for redirecting TCP traffic through proxy servers

A

ProxyChains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Automated tool for SQL injection and database takeover

A

SQLMap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Credential gathering tool targeting Windows authentication

A

Mimikatz

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Vulnerability assessment system for network-level scanning

A

OpenVAS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Network discovery and security auditing tool

A

nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

network tool for packet generation and response analysis

A

Hping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Security scanner for WordPress websites, detecting vulnerabilities

A

WPScan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Web server scanner detecting outdated software and misconfigurations

A

Nikto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

API development and testing tool for sending HTTP requests

A

Postman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Social Engineering Toolkit for crafting attacks against humans

A

SET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Reverse engineering tool for analyzing Android applications

A

APK Studio

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Open source web application security scanner

A

OWASP ZAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Debugger for debugging and profiling Unix-like systems

A

GNU Debugger (GDB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Network protocol analyzer for network troubleshooting and analysis

A

Wireshark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Wireless network detector, sniffer, and intrusion detection system

A

Kismet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A security audit tool and attack framework for Android devices and apps

A

Drozer

32
Q

Automated Android/iOS and Windows pentest, security assessment, and malware analysis framework that can perform both SAST and DAST and supports wide range of application binaries

A

MobSF

33
Q

Automates scanning web servers for thousands of common URLs

A

DirBuster

34
Q

Provides a searchable database of exploits sorted by type, platform, and CVE information

A

Exploit DB

35
Q

Includes news as well as exploit information and code

A

Packet Storm

36
Q

Used to determine if a load balancer is in place

A

lbd

37
Q

CLI tool to automate the audit of web applications

A

Wapiti

38
Q

CLI tool that analyzes the source code of Ruby on Rails applications to find potential security vulnerabilities

A

Brakeman

39
Q

Password-cracking utility that uses GPUs to crack passwords at a very high speed

A

Hashcat

40
Q

Brute-force login attack tool that supports variety of protocols and services

A

Medusa

41
Q

Brute-force dictionary attack tool that is designed to work against a variety of protocols and services like SSH, http/https, SMB and databases

A

Hydra

42
Q

Ruby application that allows you to spider a website based on a URL and depth setting and then generate a wordlist from the files and web pages it finds

A

CeWL

43
Q

Tool in same class as Hydra and Medusa, but is more difficult to use

A

Patator

44
Q

Open source web application security scanner that includes directory and filename brute-forcing

A

W3af

45
Q

Windows debugger that works on binary code at the assembly language level

A

OllyDbg

46
Q

Designed specifically to support penetration testing and reverse engineering of malware

A

Immunity Debugger

47
Q

Commercial debugging tool that works on Windows, Mac, and Linux

A

IDA

48
Q

Windows-specific command and control framework for .NET applications and includes a debugging tool

A

Covenant

49
Q

tool used mainly to find metadata and hidden information in the documents it scans. OSINT

A

FOCA

50
Q

CLI tool included in Kali that acts as a wrapper for variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports/banners, and employee names related to a domain from different public sources. OSINT

A

theHarvester

51
Q

Offers real-time data mining and information gathering as well as the representation of this info on a node-based graph. OSINT

A

Maltego

52
Q

Discover, monitor, and analyze devices that are accessible from the Internet. OSINT

A

Censys

53
Q

Wireless network auditing tool including WPA handshake capture capabilities, support for pixie dust attacks, support for identification of hidden access points, and WPA handshake cracking

A

Wifite

54
Q

Toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks

A

EAPHammer

55
Q

Tool designed to exploit 802.11 protocol weaknesses and flaws includes SSID probing and brute forcing, flooding, fuzzing, deauth, and disassociation tools

A

mdk4

56
Q

Automates spoofing or cloning Bluetooth device Name, Class, Address

A

Spooftooph

57
Q

Performs brute-force attack against an access point’s WPS PIN

A

Reaver

58
Q

Website for collecting info about different wireless hotspots around the world - GPS coords, SSID, MAC address, encryption, etc

A

WiGLE

59
Q

WiFi cracking tool that includes WPA2 dictionary attack functions, session hijacking functions, geolocation abilities, on-path attack support, brute-force functions for common services like HTTP, Telnet, and FTP

A

Fern

60
Q

Tool used to brute-force URIs including directories and files as well as DNS subdomains

A

Gobuster

61
Q

CLI tool that allows search and browse all exploits in Exploit DB

A

SearchSploit

62
Q

Collection of MS PS modules that can be used to aid penetration testers during all phases of an assessment

A

PowerSploit

63
Q

Python tool capable of harvesting credentials through on-path attacks within Windows networks via LLMNR, NBT-NS, and MDNS

A

Responder

64
Q

Collection of Python classes for working with network protocols focused on providing low-level programmatic access to the packets and for some protocols (SMB and MSRPC)

A

Impacket Tools

65
Q

Post-exploitation tool similar to Metasploit that works well with PS, though it also supports tools written in Python and C#

A

Empire

66
Q

Exploits default configuration of windows to take over the default DNS server

A

mitm6

67
Q

Post-exploitation tool developed in Python and designed for pen testing against networks - collects AD information to conduct lateral movement through targeted networks

A

CrackMapExec

68
Q

Scans code respositories for vulnerabilities related to secret keys, such as private encryption keys and passwords

A

TruffleHog

69
Q

Provides data hiding within a cover file and watermarking with an invisible signature - can be used to detect unauthorized file copying

A

Open Steg

70
Q

Able to hide data in various kinds of image and audio files

A

Steghide

71
Q

Whitespace steg tool used to embed hidden messages in ASCII format by extending the whitespace to the end of lines

A

Snow

72
Q

Image synth meaning it is both a simple image editor and a program from making sound from those images

A

Coagula

73
Q

Reverse image search engine

A

TinEye

74
Q

info gathering tool designed for extracting metadata of public documents belonging to a target company - will perform a search in Google to identify and download the documents to local disk

A

Metagoofil

75
Q

Cloud enumeration tool designed to identify applications and storage in multiple cloud provider environments will run without creds

A

CloudBrute

76
Q

AWS-specific exploit framework that users multiple modules to perform actions like testing for priv escalation or disrupting monitoring efforts. Can also implant backdoors via IAM user account modifications

A

Pacu

77
Q
A