Hack$Notes
Search…
⌃K

Tools / Techniques

Various tools used.
This is by no means a comprehensive list.
Wireshark - Packet Sniffer GUI
tcpdump - Packet Sniffer CLI
theharvester - Find emails, usernames
recon-ng - Full-featured web reconnaissance framework.
whois - Client for the whois directory service
host - DNS lookup utility
dig - DNS lookup utility
dnsrecon - DNS Enumeration and Scanning Tool
dnsenum - DNS Enumeration
nmap - Port Scanning
nbtscan - Program for scanning networks for NetBIOS name information
smbclient - FTP-like client to access SMB/CIFS resurces on servers
rpcclient - Tool for executing client side MS-RPC functions
enum4linux - Enumeration Tool values using SNMP GETNEXT requests
snmpwalk - Retrieve a subtree of management
snmp-check - SNMP Device enumeration
onesixtyone - Easy SNMP Scanner
OpenVas - Vulnerability Scanner
Nessus - Vulnerability Scanner
dirbuster - Directory Finder
dirb - Directory Finder
gobuster - Directory Finder
nikto - Scan web server for known vulnerabilities
Immunity Debugger - Debugger in Windows helping understand how a program executes and understanding low level programming.
Evans Linux Debugger - Debugger in Linux
msfvenom - Generation of shellcode
tftp - Transfer files with TFTP
FTP - Transfer files with FTP
debug.exe - Assembler, disassembler and a hex dumping tool
upx - PE compression tool, executable packer for Linux.
exe2bat - Conversion process
sqlmap - Automatic SQL Injection tool
crunch - Generate wordlists from a character set
fgdump.exe - Get the hashes from a system (can only be used once admin)
pwdump.exe - Get the hashes from a system (can only be used once admin)
wce.exe - Attacks to obtain the passwords in clear text. (can only be used once admin)
John the Ripper - A tool to find weak passwords of your users.
pth- - Pass the hash attacks. Use hash to login instead of a clear text password.
cewl - Custom word list generator
medusa - Parallel Network Login Auditor
ncrack - Network authentication cracking tool
hydra - A very fast network logon cracker which support many different services.
hash-identifier - Guess the algorithm used on hashes
unshadow - Combine password and shadow files
rinetd - Simple Port-Forwarding tool
ssh - SSH Tunneling
HTTPS - HTTPS Tunneling
msfconsole - MSF framework
Hyperion - Packers/Crypters
oclHashcatPlus - Hash cracker for salt passwords.
gpp-decrypt - Decrypt hashes
wpscan - Wordpress Security Scanner