# Tools / Techniques This is by no means a comprehensive list. ``` Wireshark - Packet Sniffer GUI tcpdump - Packet Sniffer CLI theharvester - Find emails, usernames recon-ng - Full-featured web reconnaissance framework. whois - Client for the whois directory service host - DNS lookup utility dig - DNS lookup utility dnsrecon - DNS Enumeration and Scanning Tool dnsenum - DNS Enumeration nmap - Port Scanning nbtscan - Program for scanning networks for NetBIOS name information smbclient - FTP-like client to access SMB/CIFS resurces on servers rpcclient - Tool for executing client side MS-RPC functions enum4linux - Enumeration Tool values using SNMP GETNEXT requests snmpwalk - Retrieve a subtree of management snmp-check - SNMP Device enumeration onesixtyone - Easy SNMP Scanner OpenVas - Vulnerability Scanner Nessus - Vulnerability Scanner dirbuster - Directory Finder dirb - Directory Finder gobuster - Directory Finder nikto - Scan web server for known vulnerabilities Immunity Debugger - Debugger in Windows helping understand how a program executes and understanding low level programming. Evans Linux Debugger - Debugger in Linux msfvenom - Generation of shellcode tftp - Transfer files with TFTP FTP - Transfer files with FTP debug.exe - Assembler, disassembler and a hex dumping tool upx - PE compression tool, executable packer for Linux. exe2bat - Conversion process sqlmap - Automatic SQL Injection tool crunch - Generate wordlists from a character set fgdump.exe - Get the hashes from a system (can only be used once admin) pwdump.exe - Get the hashes from a system (can only be used once admin) wce.exe - Attacks to obtain the passwords in clear text. (can only be used once admin) John the Ripper - A tool to find weak passwords of your users. pth- - Pass the hash attacks. Use hash to login instead of a clear text password. cewl - Custom word list generator medusa - Parallel Network Login Auditor ncrack - Network authentication cracking tool hydra - A very fast network logon cracker which support many different services. hash-identifier - Guess the algorithm used on hashes unshadow - Combine password and shadow files rinetd - Simple Port-Forwarding tool ssh - SSH Tunneling HTTPS - HTTPS Tunneling msfconsole - MSF framework Hyperion - Packers/Crypters oclHashcatPlus - Hash cracker for salt passwords. gpp-decrypt - Decrypt hashes wpscan - Wordpress Security Scanner ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ed4m4s.blog/tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.