Tools Flashcards
Framework for developing and executing exploit code against remote targets
Metasploit
Browser Exploitation Framework for web-based client-side attacks
BeEF
Web application security testing and analysis suite
Burp Suite
Packet manipulation tool for network discovery and attacks
Scapy
Networking utility for reading and writing across network connections
NetCat
Windows-based debugger for kernel and user mode debugging
WinDbg
Search engine for finding devices connected to the internet
Shodan
Network security tool for man-in-the-middle attacks on LAN
Ettercap
Dynamic instrumentation toolkit for developers and researchers. Injection tool using JavaScript.
Frida
Password cracking tool supporting numerous algorithms
John the Ripper
Password recovery tool for Windows operating systems
Cain and Abel
Cloud security auditing tool supporting multiple cloud providers
Scout Suite
network software suite for WiFi network security testing
Aircrack-ng
Web recon framework with database integration
Recon-ng
Vulnerability scanner designed to identify software flaws
Nessus
Tool for redirecting TCP traffic through proxy servers
ProxyChains
Automated tool for SQL injection and database takeover
SQLMap
Credential gathering tool targeting Windows authentication
Mimikatz
Vulnerability assessment system for network-level scanning
OpenVAS
Network discovery and security auditing tool
nmap
network tool for packet generation and response analysis
Hping
Security scanner for WordPress websites, detecting vulnerabilities
WPScan
Web server scanner detecting outdated software and misconfigurations
Nikto
API development and testing tool for sending HTTP requests
Postman
Social Engineering Toolkit for crafting attacks against humans
SET
Reverse engineering tool for analyzing Android applications
APK Studio
Open source web application security scanner
OWASP ZAP
Debugger for debugging and profiling Unix-like systems
GNU Debugger (GDB)
Network protocol analyzer for network troubleshooting and analysis
Wireshark
Wireless network detector, sniffer, and intrusion detection system
Kismet
A security audit tool and attack framework for Android devices and apps
Drozer
Automated Android/iOS and Windows pentest, security assessment, and malware analysis framework that can perform both SAST and DAST and supports wide range of application binaries
MobSF
Automates scanning web servers for thousands of common URLs
DirBuster
Provides a searchable database of exploits sorted by type, platform, and CVE information
Exploit DB
Includes news as well as exploit information and code
Packet Storm
Used to determine if a load balancer is in place
lbd
CLI tool to automate the audit of web applications
Wapiti
CLI tool that analyzes the source code of Ruby on Rails applications to find potential security vulnerabilities
Brakeman
Password-cracking utility that uses GPUs to crack passwords at a very high speed
Hashcat
Brute-force login attack tool that supports variety of protocols and services
Medusa
Brute-force dictionary attack tool that is designed to work against a variety of protocols and services like SSH, http/https, SMB and databases
Hydra
Ruby application that allows you to spider a website based on a URL and depth setting and then generate a wordlist from the files and web pages it finds
CeWL
Tool in same class as Hydra and Medusa, but is more difficult to use
Patator
Open source web application security scanner that includes directory and filename brute-forcing
W3af
Windows debugger that works on binary code at the assembly language level
OllyDbg
Designed specifically to support penetration testing and reverse engineering of malware
Immunity Debugger
Commercial debugging tool that works on Windows, Mac, and Linux
IDA
Windows-specific command and control framework for .NET applications and includes a debugging tool
Covenant
tool used mainly to find metadata and hidden information in the documents it scans. OSINT
FOCA
CLI tool included in Kali that acts as a wrapper for variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports/banners, and employee names related to a domain from different public sources. OSINT
theHarvester
Offers real-time data mining and information gathering as well as the representation of this info on a node-based graph. OSINT
Maltego
Discover, monitor, and analyze devices that are accessible from the Internet. OSINT
Censys
Wireless network auditing tool including WPA handshake capture capabilities, support for pixie dust attacks, support for identification of hidden access points, and WPA handshake cracking
Wifite
Toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks
EAPHammer
Tool designed to exploit 802.11 protocol weaknesses and flaws includes SSID probing and brute forcing, flooding, fuzzing, deauth, and disassociation tools
mdk4
Automates spoofing or cloning Bluetooth device Name, Class, Address
Spooftooph
Performs brute-force attack against an access point’s WPS PIN
Reaver
Website for collecting info about different wireless hotspots around the world - GPS coords, SSID, MAC address, encryption, etc
WiGLE
WiFi cracking tool that includes WPA2 dictionary attack functions, session hijacking functions, geolocation abilities, on-path attack support, brute-force functions for common services like HTTP, Telnet, and FTP
Fern
Tool used to brute-force URIs including directories and files as well as DNS subdomains
Gobuster
CLI tool that allows search and browse all exploits in Exploit DB
SearchSploit
Collection of MS PS modules that can be used to aid penetration testers during all phases of an assessment
PowerSploit
Python tool capable of harvesting credentials through on-path attacks within Windows networks via LLMNR, NBT-NS, and MDNS
Responder
Collection of Python classes for working with network protocols focused on providing low-level programmatic access to the packets and for some protocols (SMB and MSRPC)
Impacket Tools
Post-exploitation tool similar to Metasploit that works well with PS, though it also supports tools written in Python and C#
Empire
Exploits default configuration of windows to take over the default DNS server
mitm6
Post-exploitation tool developed in Python and designed for pen testing against networks - collects AD information to conduct lateral movement through targeted networks
CrackMapExec
Scans code respositories for vulnerabilities related to secret keys, such as private encryption keys and passwords
TruffleHog
Provides data hiding within a cover file and watermarking with an invisible signature - can be used to detect unauthorized file copying
Open Steg
Able to hide data in various kinds of image and audio files
Steghide
Whitespace steg tool used to embed hidden messages in ASCII format by extending the whitespace to the end of lines
Snow
Image synth meaning it is both a simple image editor and a program from making sound from those images
Coagula
Reverse image search engine
TinEye
info gathering tool designed for extracting metadata of public documents belonging to a target company - will perform a search in Google to identify and download the documents to local disk
Metagoofil
Cloud enumeration tool designed to identify applications and storage in multiple cloud provider environments will run without creds
CloudBrute
AWS-specific exploit framework that users multiple modules to perform actions like testing for priv escalation or disrupting monitoring efforts. Can also implant backdoors via IAM user account modifications
Pacu
