Difference between revisions of "Tools (Hacking)"

From SkullSecurity
Jump to: navigation, search
(Useful tools)
(Tools used by an unnamed organization)
 
(17 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ...
 
This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ...
  
* nmap
+
===General (uncategorized)===
* nessus
+
* [http://www.insecure.org nmap]
* metasploit
+
* [http://www.nessus.org nessus]
* hping3
+
* [http://www.metasploit.com metasploit]
* hydra
+
* [http://www.hping.org/ hping3]
** libssh2 0.11 (http://0xbadc0de.be/libssh/libssh-0.11.tgz)
+
* [http://netcat.sourceforge.net/ netcat]
* pshtoolkit (pass-the-hash toolkit)
+
* [http://www.wireshark.org wireshark] (ethereal)
* samba (w/ hash passing: http://www.foofus.net/jmk/passhash.html)
+
* [http://www.chiark.greenend.org.uk/~sgtatham/putty/ putty]
* nikto.pl
+
* [http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx pstools]
* paros
+
* [http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx RegMon]/[http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx FileMon]/[http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx procmon] (from sysinternals)
* fgdump
+
* [http://pentestmonkey.net/tools/unix-privesc-check/ unix-privesc-check]
* pwdump
+
* [http://freeworld.thc.org/thc-amap/ amap]
* netcat
+
* [http://xprobe.sourceforge.net/ xprobe2]
 +
* [http://ettercap.sourceforge.net/ ettercap]
 +
* [http://www.vulnerabilityassessment.co.uk/bile.htm BiLE.pl]
 +
* [http://www.askapache.com/tools/lft-traceroute-tool.html LfT]
 +
* [http://www.lucianobello.com.ar/exploiting_DSA-1571/ Wireshark SSL cracker]
 +
* [http://www.truesec.com/PublicStore/catalog/categoryinfo.aspx?cid=223 gsecdump]
 +
* [http://lcamtuf.coredump.cx/p0f.shtml p0f]
 +
* [http://www.inetcat.net/software/nbtscan.html nbtscan]
 +
 
 +
===Enumeration/Passwords===
 
* user2sid/sid2user
 
* user2sid/sid2user
 
* enum
 
* enum
 +
* fgdump
 +
* pwdump
 
* cain&able
 
* cain&able
 
* rcrack (+tables)
 
* rcrack (+tables)
 
* john
 
* john
* wireshark (ethereal)
+
* hydra
* putty
+
** libssh2 0.11 (http://0xbadc0de.be/libssh/libssh-0.11.tgz)
* pstools
+
* pshtoolkit (pass-the-hash toolkit)
* regmon/filemon/procmon (from sysinternals)
+
* samba (w/ hash passing)
* unix-privesc-check
+
** Slackware source: http://slackware.mirrors.tds.net/pub/slackware/slackware-12.1/source/n/samba/
* amap
+
** Patch: http://www.foofus.net/jmk/passhash.html
* xprobe2
+
* [http://sqlhack.com/poc.html SQLHack] (to crack MySQL old_password entries)
* ettercap
+
 
* BiLE.pl
+
===Web===
* LfT
+
* DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)
* Wireshark SSL cracker (http://www.lucianobello.com.ar/exploiting_DSA-1571/)
+
* nikto.pl
* gsecdump (http://www.truesec.com/PublicStore/catalog/categoryinfo.aspx?cid=223)
+
* paros
* p0f
+
* Malzilla (http://malzilla.sourceforge.net/)
  
 
==Stuff to investigate==
 
==Stuff to investigate==
Line 39: Line 50:
 
==Useful Non-metasploit Exploits==
 
==Useful Non-metasploit Exploits==
 
* vmsplice (http://www.milw0rm.com/exploits/5093)
 
* vmsplice (http://www.milw0rm.com/exploits/5093)
 +
** Works well against Fedora Core 8
  
 
==Firefox Addons==
 
==Firefox Addons==
 
I don't actually use all these on a regular basis, but I found some on another site.  
 
I don't actually use all these on a regular basis, but I found some on another site.  
 
+
* [https://addons.mozilla.org/en-US/firefox/addon/573 Add & Edit Cookies]
* Add N Edit Cookies
+
* [https://addons.mozilla.org/en-US/firefox/addon/1843 Firebug]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/2464 Foxy Proxy]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/722 Noscript]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/2036 Server Spy]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/966 Tamper Data]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/59 User Agent Switcher]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/60 Web Developer]
 +
* [http://codefromthe70s.org/sslblacklist.aspx SSL Blacklist]
 
* Firebug
 
* Firebug
* Foxy Proxy
 
 
* Hackbar
 
* Hackbar
 
* Header Monitor
 
* Header Monitor
* Noscript
 
 
* Poster
 
* Poster
* Server Spy
 
 
* SQL Inject Me
 
* SQL Inject Me
* SSL Blacklist
+
 
* Tamper Data
+
 
* User Agent Switcher
+
 
 +
This is cool enough that I had to link it from somewhere
 +
* Security Bookmarklets (http://ha.ckers.org/bookmarklets.html)
  
 
==Wireless tools==
 
==Wireless tools==
Line 61: Line 79:
 
==Stuff I wrote==
 
==Stuff I wrote==
 
* See [[My Projects#Security|My Projects]]
 
* See [[My Projects#Security|My Projects]]
 +
 +
==Tools used by an unnamed organization==
 +
* Achilles Proxy
 +
* ActivePerl
 +
* Air Magnet
 +
* AirSnort
 +
* Algosec
 +
* amap
 +
* Appscan
 +
* ArCrack
 +
* Auditor
 +
* AutoIT
 +
* Brutus
 +
* Burp Proxy
 +
* Burp Suite
 +
* Cadaver
 +
* Cai & Abel
 +
* CAL9000
 +
* Canvas Framework
 +
* CIS RAT
 +
* ClearSight
 +
* Core Impact
 +
* cURL
 +
* Cygwin
 +
* DAVexplorer
 +
* DiG
 +
* Dmitry
 +
* Dsniff
 +
* Enum
 +
* Ettercap
 +
* Fortify
 +
* Fping
 +
* Hping2, Hping3
 +
* Hunt
 +
* Hydra
 +
* ikescan
 +
* Iptraf
 +
* Jad
 +
* JADE Proxy
 +
* JODE
 +
* John the Ripper
 +
* kismet
 +
* LdapMiner
 +
* MBSA
 +
* Metasploit
 +
* Nbtscan
 +
* Nemesis
 +
* Nessus
 +
* Netcat
 +
* Net-SNMP
 +
* NetStumbler
 +
* Nikto
 +
* Nmap
 +
* N-Stealth
 +
* OAT
 +
* OpenLDAP
 +
* OpenVAS
 +
* OpenVPN
 +
* Ophcrack
 +
* Paros
 +
* Pwdump
 +
* Python
 +
* Retina
 +
* Sandstorm
 +
* Scapy
 +
* ScreamingCSS
 +
* Sing
 +
* SiVuS
 +
* SmartProxy
 +
* Sniffit
 +
* Snmpscan
 +
* Solar Winds
 +
* Stunnel
 +
* SuperScan
 +
* Tcpdump
 +
* Telesweep
 +
* TSEnum
 +
* WebCracker
 +
* Webinspect
 +
* Wget
 +
* Wireshark

Latest revision as of 16:05, 6 April 2010

Useful tools

This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ...

General (uncategorized)

Enumeration/Passwords

Web

Stuff to investigate

Useful Non-metasploit Exploits

Firefox Addons

I don't actually use all these on a regular basis, but I found some on another site.


This is cool enough that I had to link it from somewhere

Wireless tools

TODO: learn to hack wireless. :)

Stuff I wrote

Tools used by an unnamed organization

  • Achilles Proxy
  • ActivePerl
  • Air Magnet
  • AirSnort
  • Algosec
  • amap
  • Appscan
  • ArCrack
  • Auditor
  • AutoIT
  • Brutus
  • Burp Proxy
  • Burp Suite
  • Cadaver
  • Cai & Abel
  • CAL9000
  • Canvas Framework
  • CIS RAT
  • ClearSight
  • Core Impact
  • cURL
  • Cygwin
  • DAVexplorer
  • DiG
  • Dmitry
  • Dsniff
  • Enum
  • Ettercap
  • Fortify
  • Fping
  • Hping2, Hping3
  • Hunt
  • Hydra
  • ikescan
  • Iptraf
  • Jad
  • JADE Proxy
  • JODE
  • John the Ripper
  • kismet
  • LdapMiner
  • MBSA
  • Metasploit
  • Nbtscan
  • Nemesis
  • Nessus
  • Netcat
  • Net-SNMP
  • NetStumbler
  • Nikto
  • Nmap
  • N-Stealth
  • OAT
  • OpenLDAP
  • OpenVAS
  • OpenVPN
  • Ophcrack
  • Paros
  • Pwdump
  • Python
  • Retina
  • Sandstorm
  • Scapy
  • ScreamingCSS
  • Sing
  • SiVuS
  • SmartProxy
  • Sniffit
  • Snmpscan
  • Solar Winds
  • Stunnel
  • SuperScan
  • Tcpdump
  • Telesweep
  • TSEnum
  • WebCracker
  • Webinspect
  • Wget
  • Wireshark