Tools (Hacking)

Useful tools

This is my attempt to maintain a list of tools. I might eventually sort it by OS or purpose or whatever, but eh? Note that I'm not including wireless tools in this list. So, in no particular order, ...

General (uncategorized)

• nmap
• nessus
• metasploit
• hping3
• netcat
• wireshark (ethereal)
• putty
• pstools
• RegMon/FileMon/procmon (from sysinternals)
• unix-privesc-check
• amap
• xprobe2
• ettercap
• BiLE.pl
• LfT
• Wireshark SSL cracker
• gsecdump
• p0f
• nbtscan

Enumeration/Passwords

• user2sid/sid2user
• enum
• fgdump
• pwdump
• cain&able
• rcrack (+tables)
• john
• hydra
  • libssh2 0.11 (http://0xbadc0de.be/libssh/libssh-0.11.tgz)
• pshtoolkit (pass-the-hash toolkit)
• samba (w/ hash passing)
  • Slackware source: http://slackware.mirrors.tds.net/pub/slackware/slackware-12.1/source/n/samba/
  • Patch: http://www.foofus.net/jmk/passhash.html
• SQLHack (to crack MySQL old_password entries)

Web

• DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)
• nikto.pl
• paros
• Malzilla (http://malzilla.sourceforge.net/)

Stuff to investigate

• SMBProxy (http://www.cqure.net/wp/11/)

Useful Non-metasploit Exploits

• vmsplice (http://www.milw0rm.com/exploits/5093)
  • Works well against Fedora Core 8

Firefox Addons

I don't actually use all these on a regular basis, but I found some on another site.

• Add & Edit Cookies
• Firebug
• Foxy Proxy
• Noscript
• Server Spy
• Tamper Data
• User Agent Switcher
• Web Developer
• SSL Blacklist
• Firebug
• Hackbar
• Header Monitor
• Poster
• SQL Inject Me

This is cool enough that I had to link it from somewhere

• Security Bookmarklets (http://ha.ckers.org/bookmarklets.html)

Wireless tools

TODO: learn to hack wireless. :)

Stuff I wrote

• See My Projects

Tools used by an unnamed organization

• Achilles Proxy
• ActivePerl
• Air Magnet
• AirSnort
• Algosec
• amap
• Appscan
• ArCrack
• Auditor
• AutoIT
• Brutus
• Burp Proxy
• Burp Suite
• Cadaver
• Cai & Abel
• CAL9000
• Canvas Framework
• CIS RAT
• ClearSight
• Core Impact
• cURL
• Cygwin
• DAVexplorer
• DiG
• Dmitry
• Dsniff
• Enum
• Ettercap
• Fortify
• Fping
• Hping2, Hping3
• Hunt
• Hydra
• ikescan
• Iptraf
• Jad
• JADE Proxy
• JODE
• John the Ripper
• kismet
• LdapMiner
• MBSA
• Metasploit
• Nbtscan
• Nemesis
• Nessus
• Netcat
• Net-SNMP
• NetStumbler
• Nikto
• Nmap
• N-Stealth
• OAT
• OpenLDAP
• OpenVAS
• OpenVPN
• Ophcrack
• Paros
• Pwdump
• Python
• Retina
• Sandstorm
• Scapy
• ScreamingCSS
• Sing
• SiVuS
• SmartProxy
• Sniffit
• Snmpscan
• Solar Winds
• Stunnel
• SuperScan
• Tcpdump
• Telesweep
• TSEnum
• WebCracker
• Webinspect
• Wget
• Wireshark