Difference between revisions of "Tools (Hacking)"
Jump to navigation
Jump to search
(New page: * Dead-Simple Relay) |
|||
(30 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
* [[ | ==Useful tools== | ||
This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ... | |||
===General (uncategorized)=== | |||
* [http://www.insecure.org nmap] | |||
* [http://www.nessus.org nessus] | |||
* [http://www.metasploit.com metasploit] | |||
* [http://www.hping.org/ hping3] | |||
* [http://netcat.sourceforge.net/ netcat] | |||
* [http://www.wireshark.org wireshark] (ethereal) | |||
* [http://www.chiark.greenend.org.uk/~sgtatham/putty/ putty] | |||
* [http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx pstools] | |||
* [http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx RegMon]/[http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx FileMon]/[http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx procmon] (from sysinternals) | |||
* [http://pentestmonkey.net/tools/unix-privesc-check/ unix-privesc-check] | |||
* [http://freeworld.thc.org/thc-amap/ amap] | |||
* [http://xprobe.sourceforge.net/ xprobe2] | |||
* [http://ettercap.sourceforge.net/ ettercap] | |||
* [http://www.vulnerabilityassessment.co.uk/bile.htm BiLE.pl] | |||
* [http://www.askapache.com/tools/lft-traceroute-tool.html LfT] | |||
* [http://www.lucianobello.com.ar/exploiting_DSA-1571/ Wireshark SSL cracker] | |||
* [http://www.truesec.com/PublicStore/catalog/categoryinfo.aspx?cid=223 gsecdump] | |||
* [http://lcamtuf.coredump.cx/p0f.shtml p0f] | |||
* [http://www.inetcat.net/software/nbtscan.html nbtscan] | |||
===Enumeration/Passwords=== | |||
* user2sid/sid2user | |||
* enum | |||
* fgdump | |||
* pwdump | |||
* cain&able | |||
* rcrack (+tables) | |||
* john | |||
* hydra | |||
** libssh2 0.11 (http://0xbadc0de.be/libssh/libssh-0.11.tgz) | |||
* pshtoolkit (pass-the-hash toolkit) | |||
* samba (w/ hash passing) | |||
** Slackware source: http://slackware.mirrors.tds.net/pub/slackware/slackware-12.1/source/n/samba/ | |||
** Patch: http://www.foofus.net/jmk/passhash.html | |||
* [http://sqlhack.com/poc.html SQLHack] (to crack MySQL old_password entries) | |||
===Web=== | |||
* DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project) | |||
* nikto.pl | |||
* paros | |||
* Malzilla (http://malzilla.sourceforge.net/) | |||
==Stuff to investigate== | |||
* SMBProxy (http://www.cqure.net/wp/11/) | |||
==Useful Non-metasploit Exploits== | |||
* vmsplice (http://www.milw0rm.com/exploits/5093) | |||
** Works well against Fedora Core 8 | |||
==Firefox Addons== | |||
I don't actually use all these on a regular basis, but I found some on another site. | |||
* [https://addons.mozilla.org/en-US/firefox/addon/573 Add & Edit Cookies] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/1843 Firebug] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/2464 Foxy Proxy] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/722 Noscript] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/2036 Server Spy] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/966 Tamper Data] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/59 User Agent Switcher] | |||
* [https://addons.mozilla.org/en-US/firefox/addon/60 Web Developer] | |||
* [http://codefromthe70s.org/sslblacklist.aspx SSL Blacklist] | |||
* Firebug | |||
* Hackbar | |||
* Header Monitor | |||
* Poster | |||
* SQL Inject Me | |||
This is cool enough that I had to link it from somewhere | |||
* Security Bookmarklets (http://ha.ckers.org/bookmarklets.html) | |||
==Wireless tools== | |||
TODO: learn to hack wireless. :) | |||
==Stuff I wrote== | |||
* See [[My Projects#Security|My Projects]] | |||
==Tools used by an unnamed organization== | |||
* Achilles Proxy | |||
* ActivePerl | |||
* Air Magnet | |||
* AirSnort | |||
* Algosec | |||
* amap | |||
* Appscan | |||
* ArCrack | |||
* Auditor | |||
* AutoIT | |||
* Brutus | |||
* Burp Proxy | |||
* Burp Suite | |||
* Cadaver | |||
* Cai & Abel | |||
* CAL9000 | |||
* Canvas Framework | |||
* CIS RAT | |||
* ClearSight | |||
* Core Impact | |||
* cURL | |||
* Cygwin | |||
* DAVexplorer | |||
* DiG | |||
* Dmitry | |||
* Dsniff | |||
* Enum | |||
* Ettercap | |||
* Fortify | |||
* Fping | |||
* Hping2, Hping3 | |||
* Hunt | |||
* Hydra | |||
* ikescan | |||
* Iptraf | |||
* Jad | |||
* JADE Proxy | |||
* JODE | |||
* John the Ripper | |||
* kismet | |||
* LdapMiner | |||
* MBSA | |||
* Metasploit | |||
* Nbtscan | |||
* Nemesis | |||
* Nessus | |||
* Netcat | |||
* Net-SNMP | |||
* NetStumbler | |||
* Nikto | |||
* Nmap | |||
* N-Stealth | |||
* OAT | |||
* OpenLDAP | |||
* OpenVAS | |||
* OpenVPN | |||
* Ophcrack | |||
* Paros | |||
* Pwdump | |||
* Python | |||
* Retina | |||
* Sandstorm | |||
* Scapy | |||
* ScreamingCSS | |||
* Sing | |||
* SiVuS | |||
* SmartProxy | |||
* Sniffit | |||
* Snmpscan | |||
* Solar Winds | |||
* Stunnel | |||
* SuperScan | |||
* Tcpdump | |||
* Telesweep | |||
* TSEnum | |||
* WebCracker | |||
* Webinspect | |||
* Wget | |||
* Wireshark |
Latest revision as of 16:05, 6 April 2010
Useful tools
This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ...
General (uncategorized)
- nmap
- nessus
- metasploit
- hping3
- netcat
- wireshark (ethereal)
- putty
- pstools
- RegMon/FileMon/procmon (from sysinternals)
- unix-privesc-check
- amap
- xprobe2
- ettercap
- BiLE.pl
- LfT
- Wireshark SSL cracker
- gsecdump
- p0f
- nbtscan
Enumeration/Passwords
- user2sid/sid2user
- enum
- fgdump
- pwdump
- cain&able
- rcrack (+tables)
- john
- hydra
- libssh2 0.11 (http://0xbadc0de.be/libssh/libssh-0.11.tgz)
- pshtoolkit (pass-the-hash toolkit)
- samba (w/ hash passing)
- SQLHack (to crack MySQL old_password entries)
Web
- DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)
- nikto.pl
- paros
- Malzilla (http://malzilla.sourceforge.net/)
Stuff to investigate
- SMBProxy (http://www.cqure.net/wp/11/)
Useful Non-metasploit Exploits
- vmsplice (http://www.milw0rm.com/exploits/5093)
- Works well against Fedora Core 8
Firefox Addons
I don't actually use all these on a regular basis, but I found some on another site.
- Add & Edit Cookies
- Firebug
- Foxy Proxy
- Noscript
- Server Spy
- Tamper Data
- User Agent Switcher
- Web Developer
- SSL Blacklist
- Firebug
- Hackbar
- Header Monitor
- Poster
- SQL Inject Me
This is cool enough that I had to link it from somewhere
- Security Bookmarklets (http://ha.ckers.org/bookmarklets.html)
Wireless tools
TODO: learn to hack wireless. :)
Stuff I wrote
- See My Projects
Tools used by an unnamed organization
- Achilles Proxy
- ActivePerl
- Air Magnet
- AirSnort
- Algosec
- amap
- Appscan
- ArCrack
- Auditor
- AutoIT
- Brutus
- Burp Proxy
- Burp Suite
- Cadaver
- Cai & Abel
- CAL9000
- Canvas Framework
- CIS RAT
- ClearSight
- Core Impact
- cURL
- Cygwin
- DAVexplorer
- DiG
- Dmitry
- Dsniff
- Enum
- Ettercap
- Fortify
- Fping
- Hping2, Hping3
- Hunt
- Hydra
- ikescan
- Iptraf
- Jad
- JADE Proxy
- JODE
- John the Ripper
- kismet
- LdapMiner
- MBSA
- Metasploit
- Nbtscan
- Nemesis
- Nessus
- Netcat
- Net-SNMP
- NetStumbler
- Nikto
- Nmap
- N-Stealth
- OAT
- OpenLDAP
- OpenVAS
- OpenVPN
- Ophcrack
- Paros
- Pwdump
- Python
- Retina
- Sandstorm
- Scapy
- ScreamingCSS
- Sing
- SiVuS
- SmartProxy
- Sniffit
- Snmpscan
- Solar Winds
- Stunnel
- SuperScan
- Tcpdump
- Telesweep
- TSEnum
- WebCracker
- Webinspect
- Wget
- Wireshark