Cyber Tools

Cyber Tools
Thomas Gossweiler
Thomas Gossweiler

Created: 07/13/2020 3:28 PM - Updated: 01/10/2021 1:02 AM


Social Engineering

https://searchdns.netcraft.com/ Web-Information

http://web.archive.org/ Website Cache (View History)

https://www.shodan.io/ Explore the Internet of Things (Ports etc)

https://www.exploit-db.com/google-hacking-database

Default Password DB

 https://cirt.net/passwords

 https://www.routerpasswords.com/

Password Hacking

 http://project-rainbowcrack.com/

 https://hashkiller.io/verify

 https://github.com/SecLists

https://vulp3cula.gitbook.io/

https://www.outpost9.com/files/WordLists.html (WordList für Password Dictionary)

https://haveibeenpwned.com/ (Wurde dein Passwort schon gehackt?)


Open Web Application Security Project (OWASP)  

 https://owasp.org


Install Your Favorite Hacking Tools

Some versions of Kali are geared toward minimalist pentester's who prefer not to have hundreds of hacking tools preinstalled. This means we'll have to install our favorite tools manually. The types of tools we use vary based on our skill set and areas of expertise, but below are some popular hackings tools.


These tools can be installed using the below command.

apt-get install maltego metasploit-framework burpsuite wireshark aircrack-ng hydra nmap beef-xss nikto


Toolbox (Persönliche ToolBox)

 toolbox  IP / DNS /whois etc.

 CyberChef Encryption etc.



Web Tools

 TraceRoute


Domain Name 

.ch     Switch Whois   

.com  Netim

.net/.com  Whois


API Security Tools https://apisecurity.io/tools/audit/

Static source code analyser for vulnerabilities in PHP scripts http://rips-scanner.sourceforge.net/

https://www.hacker101.com/resources 


Password Hacking Tools

Authentication process  https://www.greycampus.com/

Metaspoit  https://www.metasploit.com/

    - Evade detection systems

    - Run security vulnerability scans

    - Execute remote attacks

    - Enumerate networks and hosts


Nmap  https://nmap.org/

    - Audit device security

    - Detect open ports on remote hosts

    - Network mapping and enumeration

    - Find vulnerabilities inside any network

    - Launch massive DNS queries against domains and subdomains

Flags
-sV             Attempts to determine the version of the services running
-p or -p-    Port scan for port or scan all ports
-Pn            Disable host discovery and just scan for open ports
-A              Enables OS and version detection, executes in-build scripts for further enumeration 
-sC            Scan with the default nmap scripts
-v              Verbose mode
-sU            UDP port scan
-sS            TCP SYN port scan


Wireshark https://www.wireshark.org/

    - Saves analysis for offline inspection

    - Packet browser

    - Powerful GUI

    - Rich VoIP analysis

    - Inspects and decompresses gzip files

    - Cisco Secure IDS iplog


Nikro https://cirt.net/Nikto2

    - Detects default installation files on any OS

    - Detects outdated software applications.

    - Runs XSS vulnerability tests

    - Launches dictionary-based brute force attacks

    - Exports results into plain text, CSV or HTML files


SQLninja  http://sqlninja.sourceforge.net/

    - Fingerprint remote database mode

    - Brute force attack with a word list

    - Direct shell & reverse shell

    - Scanner for outbound ports

    - Reverse ICMP Shell

    - DNS tunnelled shell


Maltego https://www.maltego.com/

    - Domain names

    - DNS servers

    - Netblocks

    - IP addresses

    - Files

    - Web Pages


Ettercap https://www.ettercap-project.org/

    - Data injection into established connections

    - SSH and HTTPS encryption-based protocols

    - Sniffs remote traffic over GRE tunnel

    - Determines OS name and version

    - Able to kill established LAN connections

    - DNS Hijacking


Open VAS http://openvas.org

Installation: Linux Kali

apt update  /  apt full -upgrade  / apt autoremove   /  apt insttall openvas   - apt autocan   -openvas-setup


Free IP and Network Tools https://hackertarget.com/ip-tools/

DNS & IP Tools provide tactical intelligence to Security Operations (SOCS). Penetration Testers use the tools to map the attack surface of a target. Blue teams benefit from quickly identifying areas of security weakness and during incident response. Collect information about IP Addresses, Networks, Web Pages and DNS records.


Metasploitable (download)

https://sourceforge.net/

Metasploit und NMAP - Kali Linux

https://darkstar7471.com/resources.html



 https://github.com/cyberguideme/Tools

 https://github.com/blueteam


Tilix can be installed manually from the Tilix Github releases section by downloading tilix.zip and following these instructions:

sudo unzip tilix.zip -d / sudo glib-compile-schemas /usr/share/glib-2.0/schemas/

Free Pentesting tools

  • Burp Suite – web applications pentesting
  • Wireshark – network protocol analyzer
  • Hydra – online brute-forcing of passwords
  • Owasp-zap – finds vulnerabilities in web applications
  • Nmap – a security scanner used for network scanning
  • Sqlmap – for exploiting SQL injection vulnerabilities

Kali Linux - Tool

GitHub Link   http://www.conzu.de/kali-linux-the-lazy-script/

apt-get update
apt-get upgrade
git clone https://github.com/arismelachroinos/lscript.git
cd lsscript
ls
chmod +x install.sh
./insatll.sh


Linux Script Install: git clone https://github.com/arismelachroinos/lscript.git

Hackersploit  https://www.youtube.com/watch?v=oBpo5sElrMY
sstec  https://www.youtube.com/watch?v=gSO7c2MN7TY


Was this article helpful?

0 Out of 0 Marked As Helpfull

Have more questions? Please Contact Us