Useful Tools List & Helpful Websites (self.hacking)
submitted by j2
I have been searching through /r/hacking for a few hours and I have gathered some of the tools up and made a list. I tried to break them out by category. I listed some other helpful links etc. I worked on this for about an hour and now I’m tired so this is as good as it is going to get. Additionally I’m not a hacker or pen tester by trade. I have used some of these tools in my home lab, but I am definitely a novice. If you have any other suggestions let me know and I’ll update the list so the next person that is searching can just find this big list. All input is also extremely helpful. If you don't think that some of the sites listed at the bottom are good sources, please let me know. Thanks.:::::::::::::::::::::::::::::::::::::::Information Gathering:::::::::::::::::::::::::::::::::::::::
1).The Harvester : The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
Download Link: https://code.google.com/p/theharvester/downloads/list
How To Link: https://www.youtube.com/watch?v=0iyT0NhNG6c
2).sslstrip : This tool will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links.
Download Link: http://www.thoughtcrime.org/software/sslstrip/
How To Link: https://www.youtube.com/watch?v=OtO92bL6pYE
3).Discover Scripts : For use with Kali Linux - custom bash scripts used to automate various portions of a pentest.
Download Link: https://github.com/leebaird/discover
4).FOCA : (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages, and can be downloaded and analyzed with FOCA. This is a WINDOWS only tool.
Download Link: https://www.elevenpaths.com/labstools/foca/index.html
How To Link: http://tipstrickshack.blogspot.de/2013/07/information-gathering-using-foca.html
5).Wireshark : A network protocol analyzer for Unix and Windows.
Download Link: https://www.wireshark.org/
How To Link: https://www.youtube.com/watch?v=NHLTa29iovU
6).Metagoofil : Information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.
Download Link: https://code.google.com/p/metagoofil/
How To Link: http://operatin5.blogspot.be/2014/07/extract-metadata-from-public-documents.html
7).Maltego : GUI based application that allows you to enumerate network and domain information.
Download Link: https://www.paterva.com/web6/products/download.php
How To Link: http://www.geekyshows.com/2013/07/how-to-use-maltego-in-kali-linux.html
8).nmap : Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing
Download Link: http://nmap.org/download.html
How To Link: https://www.youtube.com/watch?v=935g6vWcLfU
9).zenmap : nmap GUI frontend
Download Link: http://nmap.org/zenmap/
How To Link: http://searchsecurity.techtarget.com/video/Zenmap-tutorial-Mapping-networks-using-Zenmap-profiles
10).unicornscan : Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.
Download Link: http://www.unicornscan.org/
How To Link: http://www.unicornscan.org/text/Unicornscan-Getting_Started.pdf
:::::::::::::Info Gathering Commands:::::::::::
1).whois - Whois performs the registration record for the domain name or IP address that you specify.
2).Dig - (domain information groper) is a flexible tool for interrogating DNS name servers
3).Nslookup - program to query Internet domain name servers.Host - domain lookup for IP or Name
4).Iwlist <int> scan - builtin wifi scanner
5).Fping - ping sweep
::::Info Gathering Websites::::
2).http://www.domaintools.com/
3).https://www.robtex.com/
4).http://www.netcraft.com/
5).http://archive.org/web/
:::::::::::::::::::::::::::::::::::::::Vulnerability Analysis:::::::::::::::::::::::::::::::::::::::
Download Link: http://www.openvas.org/
How To Link: https://wiki.openvas.org/index.php/Main_Page
2).Nexpose : Vuln Scanner
Download Link: http://www.rapid7.com/products/nexpose/
3).Nessus : Vuln Scanner
Download Link: http://www.tenable.com/products/nessus
How To Link: http://www.tenable.com/blog/installing-and-using-nessus-on-kali-linux
:::::::::::::::::::::::::::::::::::::::Wireless Attacks:::::::::::::::::::::::::::::::::::::::
1).fern wifi cracker : Cracks WEP and WPA2 and session hijacking
Download Link: https://code.google.com/p/fern-wifi-cracker/
How To Link: https://www.youtube.com/watch?v=EZSaopzMqx0
2).Autocrack3.1.sh : script to automatically crack WEP and spits out the key. It automatically moves to the next AP after the first is complete, if you're in an area with multiple AP's.
Download Link: https://code.google.com/p/autocrack/downloads/detail name=autocrack3.1.sh
How To Link: Couldn’t easily find anything/lazy
3).wifitev2.py : automated wifi tool. Uses various tools to crack WPA/2 and WEP, including reaver.
Download Link: https://code.google.com/p/wifite/
How To Link: couldn’t easily find anything/lazy
:::::::::::::::::::::::::::::::::::::::Web Applications:::::::::::::::::::::::::::::::::::::::
1).Burpsuite : Burp Suite is an integrated platform for performing security testing of web applications.
Download Link: http://portswigger.net/burp/
How To Link: http://portswigger.net/burp/help/suite_usingburp.html
2).SqlNinja : SQL injection tool
Download Link: http://sqlninja.sourceforge.net/
How To Link: http://sqlninja.sourceforge.net/sqlninja-howto.html#ss1.2
:::::::::::::::::::::::::::::::::::::::Exploitation Tools:::::::::::::::::::::::::::::::::::::::
1).Dsploit : Android version of metasploit
Download Link: http://dsploit.net/
How To Link: https://www.youtube.com/watch?v=fTBmD2t3p90
2).Metasploit : exploitation framework
Download Link: http://www.metasploit.com/
How To Link: http://www.offensive-security.com/metasploit-unleashed/Msfconsole
3).Armitage : GUI frontend for Metasploit
Download Link: http://www.fastandeasyhacking.com/
How To Link: http://www.fastandeasyhacking.com/manual
4).Autosploit : Perl script that basically replaces metasploit autopwn. Scans the subnet, tries to find a vulnerability, then tries to exploit it.
Download Link: https://code.google.com/p/autosploit/downloads/detail?name=autosploit.pl&can=2&q= How To Link: couldn’t find anything.
:::::::::::::::::::::::::::::::::::::::Sniffing & Spoofing:::::::::::::::::::::::::::::::::::::::
1).Subterfuge : Automated GUI MITM tool
Download Link: https://code.google.com/p/subterfuge/
How To Link: https://www.youtube.com/watch?v=x-L80d1USn4
2).Cookiecadger : session hijacking tool
Download Link: https://www.cookiecadger.com/?page_id=19
How to Link: https://www.youtube.com/watch?v=0h5qIkV-bFs
:::::::::::::::::::::::::::::::::::::::Forensic Tools:::::::::::::::::::::::::::::::::::::::
1).Digital Forensics Framework : Platform dedicated to digital forensics
Download Link: http://www.digital-forensic.org/
How to Link: http://www.digital-forensic.org/support/
2).Open Computer Forensics Architecture : Framework dedicated to digital forensics
Download Link: http://sourceforge.net/projects/ocfa/
How To Link: http://ocfa.sourceforge.net/files/PracticalUseOCFA.pdf
:::::::::::::::::::::::::::::::::::::::Password Attacks:::::::::::::::::::::::::::::::::::::::
1).Hydra : Password Cracker
Download Link: https://github.com/vanhauser-thc/thc-hydra
How to Link: https://github.com/vanhauser-thc/thc-hydra
2).Medusa : Password Cracker
Download Link: ?
How to Link: ?
3).John the Ripper : Password Cracker
Download Link: http://www.openwall.com/john/
How to Link: https://www.youtube.com/watch?v=8Yma_vLFcMI
:::::::::::::::::::::::::::::::::::::::Other:::::::::::::::::::::::::::::::::::::::
1).Macchanger.sh : randomly changes MAC address
Download Link: http://evilzone.org/scripting-languages/mactool-sh-linux-mac-changer
2).Pentest.sh :Automated pentest script for BT5
Download Link: http://www.phillips321.co.uk/pentest-sh/
How to Link: http://www.phillips321.co.uk/pentest-sh/
:::::::::::::::::::::::::::::::::::::::Digital Forensics:::::::::::::::::::::::::::::::::::::::
1).Digital Forensics Framework : This is a Forensics Framework
Download Link: http://www.digital-forensic.org/
How to Link: http://www.digital-forensic.org/support/
2).Plaso : Used to create a timeline
Download Link: http://plaso.kiddaland.net/ How to Link: http://plaso.kiddaland.net/usage
3).Volatility & Rekall : Memory Forensics using winpmem
Download Link: http://www.rekall-forensic.com/
How to Link: http://www.rekall-forensic.com/docs/Manual/tutorial.html
4).FTK : Forensic Toolkit with various tools
Download Link: http://accessdata.com/product-download
How To Link: I can't find anything
5).Encase : Commercial tool.
Download Link : https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx
How to Link: Same site.
6).Grr : Incident Response Handling Framework for remote live incident management.
Download Link: https://github.com/google/grr
How to Link: https://github.com/google/grr-doc/blob/master/user_manual.adoc
:::::::::::::::::::::::::::::::::::::::USEFUL LINKS:::::::::::::::::::::::::::::::::::::::
1).http://resources.infosecinstitute.com/computer-forensics-tools/.
2).http://comax.fr/scripts.php - awesome dictionary tool! Also check out YAMAS, and the various other scripts at that link! Very useful and fun little scripts.
3).http://em3rgency.com/category/scripts/ for a few more scripts
4).http://em3rgency.com/network-and-security-cheat-sheets/
5).http://www.toolswatch.org/
6).https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
7).www.securitytube.net
8).www.enigmagroup.org
9).http://hackaday.io/hackers
10).https://www.hackthissite.org/user/online/
11).http://hak5.org/
12).http://rumkin.com/tools/ Web based tools for people that don't have time to script it themselves. I’m not responsible for what anyone does with these tools.
0 Comments:
Post a Comment