Tools / Techniques

Various tools used.

This is by no means a comprehensive list.

Wireshark	 		            -	Packet Sniffer GUI
tcpdump		 		            -	Packet Sniffer CLI
theharvester	 		        - Find emails, usernames 
recon-ng		 		          -	Full-featured web reconnaissance framework. 
whois		 		              -	Client for the whois directory service
host			 		            -	DNS lookup utility
dig			 		              -	DNS lookup utility
dnsrecon		 		          -	DNS Enumeration and Scanning Tool
dnsenum		 		            -	DNS Enumeration
nmap		 		              -	Port Scanning
nbtscan		 		            -	Program for scanning networks for NetBIOS name information
smbclient	 			          -	FTP-like client to access SMB/CIFS resurces on servers
rpcclient		 		          -	Tool for executing client side MS-RPC functions
enum4linux	 		          -	Enumeration Tool values using SNMP GETNEXT requests
snmpwalk	 		            -	Retrieve a subtree of management
snmp-check	 		          -	SNMP Device enumeration
onesixtyone	 		          -	Easy SNMP Scanner

OpenVas		 		            -	Vulnerability Scanner
Nessus		 		            -	Vulnerability Scanner
dirbuster		 		          -	Directory Finder
dirb			 		            -	Directory Finder
gobuster		 		          -	Directory Finder
nikto		 		              -	Scan web server for known vulnerabilities

Immunity Debugger		      -	Debugger in Windows helping understand how a program executes and understanding low level programming.
Evans Linux Debugger	    -	Debugger in Linux 
msfvenom	 		            -	Generation of shellcode
tftp			 		            -	Transfer files with TFTP
FTP			 		              -	Transfer files with FTP
debug.exe 	 		          -	Assembler, disassembler and a hex dumping tool
upx			 		              -	PE compression tool, executable packer for Linux. 
exe2bat		 		            -	Conversion process
sqlmap		 		            -	Automatic SQL Injection tool
crunch		 		            -	Generate wordlists from a character set
fgdump.exe	 		          -	Get the hashes from a system (can only be used once admin)
pwdump.exe	 		          -	Get the hashes from a system (can only be used once admin)
wce.exe		 		            -	Attacks to obtain the passwords in clear text.  (can only be used once admin)
John the Ripper		        -	A tool to find weak passwords of your users.
pth-			 		            -	Pass the hash attacks. Use hash to login instead of a clear text password.
cewl		 			            -	Custom word list generator	
medusa		 		            -	Parallel Network Login Auditor
ncrack		 		            -	Network authentication cracking tool
hydra		 		              -	A very fast network logon cracker which support many different services.
hash-identifier 		      -	Guess the algorithm used on hashes
unshadow	 			          -	Combine password and shadow files

rinetd		 		            -	Simple Port-Forwarding tool
ssh			 		              -	SSH Tunneling
HTTPS		 		              -	HTTPS Tunneling
msfconsole	 		          -	MSF framework
Hyperion		 		          -	Packers/Crypters
oclHashcatPlus			      -	Hash cracker for salt passwords.
gpp-decrypt	 		          -	Decrypt hashes
wpscan                    - Wordpress Security Scanner

PreviousPort Forwarding NextGeneral Check List

Last updated 5 years ago

Was this helpful?

Wireshark - Packet Sniffer GUI tcpdump - Packet Sniffer CLI theharvester - Find emails, usernames recon-ng - Full-featured web reconnaissance framework. whois - Client for the whois directory service host - DNS lookup utility dig - DNS lookup utility dnsrecon - DNS Enumeration and Scanning Tool dnsenum - DNS Enumeration nmap - Port Scanning nbtscan - Program for scanning networks for NetBIOS name information smbclient - FTP-like client to access SMB/CIFS resurces on servers rpcclient - Tool for executing client side MS-RPC functions enum4linux - Enumeration Tool values using SNMP GETNEXT requests snmpwalk - Retrieve a subtree of management snmp-check - SNMP Device enumeration onesixtyone - Easy SNMP Scanner OpenVas - Vulnerability Scanner Nessus - Vulnerability Scanner dirbuster - Directory Finder dirb - Directory Finder gobuster - Directory Finder nikto - Scan web server for known vulnerabilities Immunity Debugger - Debugger in Windows helping understand how a program executes and understanding low level programming. Evans Linux Debugger - Debugger in Linux msfvenom - Generation of shellcode tftp - Transfer files with TFTP FTP - Transfer files with FTP debug.exe - Assembler, disassembler and a hex dumping tool upx - PE compression tool, executable packer for Linux. exe2bat - Conversion process sqlmap - Automatic SQL Injection tool crunch - Generate wordlists from a character set fgdump.exe - Get the hashes from a system (can only be used once admin) pwdump.exe - Get the hashes from a system (can only be used once admin) wce.exe - Attacks to obtain the passwords in clear text. (can only be used once admin) John the Ripper - A tool to find weak passwords of your users. pth- - Pass the hash attacks. Use hash to login instead of a clear text password. cewl - Custom word list generator medusa - Parallel Network Login Auditor ncrack - Network authentication cracking tool hydra - A very fast network logon cracker which support many different services. hash-identifier - Guess the algorithm used on hashes unshadow - Combine password and shadow files rinetd - Simple Port-Forwarding tool ssh - SSH Tunneling HTTPS - HTTPS Tunneling msfconsole - MSF framework Hyperion - Packers/Crypters oclHashcatPlus - Hash cracker for salt passwords. gpp-decrypt - Decrypt hashes wpscan - Wordpress Security Scanner