Tools Flashcards
What is WhatWeb?
WhatWeb is a Ruby-based web scanner. WhatWeb can fingerprint websites and their application stack by using its database of known application signatures. WhatWeb can also identify particular content management systems and blogging platforms (such as WordPress), web cameras and web application firewalls.
Verify that WhatWeb is installed by running ‘whatweb -h’ on the command line.
What is RustScan?
RustScan is a lightning-fast port scanner written in the Rust
programming language. It sends requests to ports on a target system and then listens for a response. The port scanner can then determine if the port is open, closed, or filtered
RustScan is faster than Nmap
What is Nuclei?
Nuclei is a vulnerability scanner written in the Go programming language. Nuclei works by sending requests to targets defined by a YAML template file.
The first time you run Nuclei, it automatically creates a nuclei-templates directory in the user’s home folder and downloads all the publicly available Nuclei templates.
What is dirsearch?
dirsearch is a multithreaded tool used to find common paths
on web servers.
What is Linux Exploit Suggester 2?
The Linux Exploit Suggester 2 is a next-generation tool based
on the original Linux Exploit Suggester. Written in Perl, it includes several exploits you can use to potentially compromise vulnerable Linux kernel versions.
What is Gitjacker?
Gitjacker is a data-extraction tool that targets web applications whose .git directory has been mistakenly uploaded.
What is pwncat?
pwncat is a Python-based command-and-control library for
capturing and interacting with remote shells. Once pwncat receives a shell connection from a remote compromised host, it acts as an exploitation platform from which commands can be sent and attacks can be launched.
What is LinEnum?
LinEnum is a bash script for enumerating local information on a Linux host. It’s used for finding system misconfigurations.
What is unix-privesc-check?
The unix-privesc-check shell script collects information from a host in an attempt to find misconfigurations and ways to escalate privileges.
The script does not require any dependencies, which makes it convenient to run.
What is arp-scan?
arp-scan sends Address Resolution Protocol (ARP) packets to hosts on a network and displays any responses it gets back.
ARP only operates on the local network, and cannot be routed.
arp-scan requires root privileges to run; this is because it uses functions to read and write packets that require elevated privileges.
What is Nikto?
Nikto is a web scanning tool that performs banner grabbing and runs a few basic checks to determine if the web server uses security headers to mitigate known webvulnerabilities (such as cross-site scripting and UI redressing /clickjacking).
Nikto also sends requests to possible endpoints on the server by using its builtin wordlist of common paths.
Security headers indicate to browsers what to do when loading certain resources and opening URLs, protecting the user from falling victim to an attack.
What are fuzzers and for what are they used?
Fuzzers generate semi-random data to use as part of a payload. When sent to an application, these payloads can trigger anomalous behavior or reveal covert information. You can use fuzzers against web servers to find hidden paths or against local binaries to find vulnerabilities such as buffer overflows or DoS.
