Difference between revisions of "Tools (Hacking)"

From SkullSecurity
Jump to: navigation, search
(Tools used by an unnamed organization)
 
(12 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
===General (uncategorized)===
 
===General (uncategorized)===
* nmap
+
* [http://www.insecure.org nmap]
* nessus
+
* [http://www.nessus.org nessus]
* metasploit
+
* [http://www.metasploit.com metasploit]
* hping3
+
* [http://www.hping.org/ hping3]
* netcat
+
* [http://netcat.sourceforge.net/ netcat]
* wireshark (ethereal)
+
* [http://www.wireshark.org wireshark] (ethereal)
* putty
+
* [http://www.chiark.greenend.org.uk/~sgtatham/putty/ putty]
* pstools
+
* [http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx pstools]
* regmon/filemon/procmon (from sysinternals)
+
* [http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx RegMon]/[http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx FileMon]/[http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx procmon] (from sysinternals)
* unix-privesc-check
+
* [http://pentestmonkey.net/tools/unix-privesc-check/ unix-privesc-check]
* amap
+
* [http://freeworld.thc.org/thc-amap/ amap]
* xprobe2
+
* [http://xprobe.sourceforge.net/ xprobe2]
* ettercap
+
* [http://ettercap.sourceforge.net/ ettercap]
* BiLE.pl
+
* [http://www.vulnerabilityassessment.co.uk/bile.htm BiLE.pl]
* LfT
+
* [http://www.askapache.com/tools/lft-traceroute-tool.html LfT]
* Wireshark SSL cracker (http://www.lucianobello.com.ar/exploiting_DSA-1571/)
+
* [http://www.lucianobello.com.ar/exploiting_DSA-1571/ Wireshark SSL cracker]
* gsecdump (http://www.truesec.com/PublicStore/catalog/categoryinfo.aspx?cid=223)
+
* [http://www.truesec.com/PublicStore/catalog/categoryinfo.aspx?cid=223 gsecdump]
* p0f
+
* [http://lcamtuf.coredump.cx/p0f.shtml p0f]
* nbtscan (http://www.inetcat.net/software/nbtscan.html)
+
* [http://www.inetcat.net/software/nbtscan.html nbtscan]
  
 
===Enumeration/Passwords===
 
===Enumeration/Passwords===
Line 37: Line 37:
 
** Slackware source: http://slackware.mirrors.tds.net/pub/slackware/slackware-12.1/source/n/samba/
 
** Slackware source: http://slackware.mirrors.tds.net/pub/slackware/slackware-12.1/source/n/samba/
 
** Patch: http://www.foofus.net/jmk/passhash.html
 
** Patch: http://www.foofus.net/jmk/passhash.html
 +
* [http://sqlhack.com/poc.html SQLHack] (to crack MySQL old_password entries)
  
 
===Web===
 
===Web===
Line 42: Line 43:
 
* nikto.pl
 
* nikto.pl
 
* paros
 
* paros
 +
* Malzilla (http://malzilla.sourceforge.net/)
  
 
==Stuff to investigate==
 
==Stuff to investigate==
Line 48: Line 50:
 
==Useful Non-metasploit Exploits==
 
==Useful Non-metasploit Exploits==
 
* vmsplice (http://www.milw0rm.com/exploits/5093)
 
* vmsplice (http://www.milw0rm.com/exploits/5093)
 +
** Works well against Fedora Core 8
  
 
==Firefox Addons==
 
==Firefox Addons==
 
I don't actually use all these on a regular basis, but I found some on another site.  
 
I don't actually use all these on a regular basis, but I found some on another site.  
* Add N Edit Cookies
+
* [https://addons.mozilla.org/en-US/firefox/addon/573 Add & Edit Cookies]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/1843 Firebug]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/2464 Foxy Proxy]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/722 Noscript]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/2036 Server Spy]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/966 Tamper Data]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/59 User Agent Switcher]
 +
* [https://addons.mozilla.org/en-US/firefox/addon/60 Web Developer]
 +
* [http://codefromthe70s.org/sslblacklist.aspx SSL Blacklist]
 
* Firebug
 
* Firebug
* Foxy Proxy
 
 
* Hackbar
 
* Hackbar
 
* Header Monitor
 
* Header Monitor
* Noscript
 
 
* Poster
 
* Poster
* Server Spy
 
 
* SQL Inject Me
 
* SQL Inject Me
* SSL Blacklist
+
 
* Tamper Data
+
 
* User Agent Switcher
+
  
 
This is cool enough that I had to link it from somewhere
 
This is cool enough that I had to link it from somewhere
Line 72: Line 79:
 
==Stuff I wrote==
 
==Stuff I wrote==
 
* See [[My Projects#Security|My Projects]]
 
* See [[My Projects#Security|My Projects]]
 +
 +
==Tools used by an unnamed organization==
 +
* Achilles Proxy
 +
* ActivePerl
 +
* Air Magnet
 +
* AirSnort
 +
* Algosec
 +
* amap
 +
* Appscan
 +
* ArCrack
 +
* Auditor
 +
* AutoIT
 +
* Brutus
 +
* Burp Proxy
 +
* Burp Suite
 +
* Cadaver
 +
* Cai & Abel
 +
* CAL9000
 +
* Canvas Framework
 +
* CIS RAT
 +
* ClearSight
 +
* Core Impact
 +
* cURL
 +
* Cygwin
 +
* DAVexplorer
 +
* DiG
 +
* Dmitry
 +
* Dsniff
 +
* Enum
 +
* Ettercap
 +
* Fortify
 +
* Fping
 +
* Hping2, Hping3
 +
* Hunt
 +
* Hydra
 +
* ikescan
 +
* Iptraf
 +
* Jad
 +
* JADE Proxy
 +
* JODE
 +
* John the Ripper
 +
* kismet
 +
* LdapMiner
 +
* MBSA
 +
* Metasploit
 +
* Nbtscan
 +
* Nemesis
 +
* Nessus
 +
* Netcat
 +
* Net-SNMP
 +
* NetStumbler
 +
* Nikto
 +
* Nmap
 +
* N-Stealth
 +
* OAT
 +
* OpenLDAP
 +
* OpenVAS
 +
* OpenVPN
 +
* Ophcrack
 +
* Paros
 +
* Pwdump
 +
* Python
 +
* Retina
 +
* Sandstorm
 +
* Scapy
 +
* ScreamingCSS
 +
* Sing
 +
* SiVuS
 +
* SmartProxy
 +
* Sniffit
 +
* Snmpscan
 +
* Solar Winds
 +
* Stunnel
 +
* SuperScan
 +
* Tcpdump
 +
* Telesweep
 +
* TSEnum
 +
* WebCracker
 +
* Webinspect
 +
* Wget
 +
* Wireshark

Latest revision as of 16:05, 6 April 2010

Useful tools

This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ...

General (uncategorized)

Enumeration/Passwords

Web

Stuff to investigate

Useful Non-metasploit Exploits

Firefox Addons

I don't actually use all these on a regular basis, but I found some on another site.


This is cool enough that I had to link it from somewhere

Wireless tools

TODO: learn to hack wireless. :)

Stuff I wrote

Tools used by an unnamed organization

  • Achilles Proxy
  • ActivePerl
  • Air Magnet
  • AirSnort
  • Algosec
  • amap
  • Appscan
  • ArCrack
  • Auditor
  • AutoIT
  • Brutus
  • Burp Proxy
  • Burp Suite
  • Cadaver
  • Cai & Abel
  • CAL9000
  • Canvas Framework
  • CIS RAT
  • ClearSight
  • Core Impact
  • cURL
  • Cygwin
  • DAVexplorer
  • DiG
  • Dmitry
  • Dsniff
  • Enum
  • Ettercap
  • Fortify
  • Fping
  • Hping2, Hping3
  • Hunt
  • Hydra
  • ikescan
  • Iptraf
  • Jad
  • JADE Proxy
  • JODE
  • John the Ripper
  • kismet
  • LdapMiner
  • MBSA
  • Metasploit
  • Nbtscan
  • Nemesis
  • Nessus
  • Netcat
  • Net-SNMP
  • NetStumbler
  • Nikto
  • Nmap
  • N-Stealth
  • OAT
  • OpenLDAP
  • OpenVAS
  • OpenVPN
  • Ophcrack
  • Paros
  • Pwdump
  • Python
  • Retina
  • Sandstorm
  • Scapy
  • ScreamingCSS
  • Sing
  • SiVuS
  • SmartProxy
  • Sniffit
  • Snmpscan
  • Solar Winds
  • Stunnel
  • SuperScan
  • Tcpdump
  • Telesweep
  • TSEnum
  • WebCracker
  • Webinspect
  • Wget
  • Wireshark