hacking learn and tools

Copies configuration files from Cisco devices running SNMP. copy-router-config Homepage | Kali copy-router-config Repo Author: muts License: GPLv2 Tools included in the copy-router-config package copy-router-config.pl – Copies Cisco configs via SNMP root@kali:~# copy-router-config.pl ###################################################### # Copy Cisco Router config  - Using SNMP # Hacked up by muts - muts@offensive-security.com ####################################################### Usage : ./copy-copy-config.pl <router-ip> <tftp-serverip> <community> Make sure a TFTP server is set up, preferably running from /tmp ! [/toggle] [toggle title=”merge-router-config.pl – Merges Cisco configs via SNMP” variation=”deepblue”] root@kali:~# merge-router-config.pl ###################################################### # Merge Cisco Router config  - Using SNMP # Hacked up by muts - muts@offensive-security.com ###############################...

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs. The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered. Source: http://www.hackingciscoexposed.com/?link=tools cisco-torch Homepage | Kali cisco-torch Repo Author: Born by Arhont Team License: LGPL-2.1 Tools included in the cisco-torch package cisco-torch – Cisco device scanner root@kali:~# cisco-torch Using config file torch.conf... Loading include and plu...

A mass Cisco scanning tool. cisco-ocs Homepage | Kali cisco-ocs Repo Author: OverIP License: GPLv2 Tools included in the cisco-ocs package cisco-ocs – A mass Cisco scanning tool root@kali:~# cisco-ocs ********************************* OCS v 0.2 ********************************** ****                                                                      **** ****                           coded by OverIP                            **** ****                           overip@gmail.com                           **** ****     ...

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool. cisco-global-exploiter Homepage | Kali cisco-global-exploiter Repo Author: Nemesis, E4m License: GPLv2 Tools included in the cisco-global-exploiter package cge.pl – Simple and fast security testing tool root@kali:~# cge.pl Usage : perl cge.pl <target> <vulnerability number> Vulnerabilities list : [1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability [2] - Cisco IOS Router Denial of Service Vulnerability [3] - Cisco IOS HTTP Auth Vulnerability [4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability [5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability [6] - Cisco 675 Web Administration Denial of Service Vulnerability [7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability [8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability [9] - Cisco 514 UDP Flood Denial of Service Vulnerability [10] ...

Perl script which scans cisco routers for common vulnerabilities. cisco-auditing-tool Homepage | Kali cisco-auditing-tool Repo Author: g0ne License: GPLv2 Tools included in the cisco-auditing-tool package CAT – Scans cisco routers for common vulnerabilities root@kali:~# CAT Cisco Auditing Tool - g0ne [null0] Usage:     -h hostname (for scanning single hosts)     -f hostfile (for scanning multiple hosts)     -p port #   (default port is 23)     -w wordlist (wordlist for community name guessing)     -a passlist (wordlist for password guessing)     -i [ioshist]    (Check for IOS History bug)     -l logfile  (file to log to, default screen)     -q quiet mode   (no screen output) cisco-auditing-tool Usage Example Scan the host (-h 192.168.99.230) on port 23 (-p 23) , using a password dictionary file (-a /usr/share/wordlists/nmap.lst) : root@kali:~# CAT -...

BED Package Description BED stands for Bruteforce Exploit Detector. It is designed to check daemons for potential buffer overflows, format strings et. al. Kali BED Repo Author: mjm, eric License: GPLv2 Tools included in the bed package bed – A network protocol fuzzer root@kali:~# bed  BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )  Usage:  ./bed.pl -s <plugin> -t <target> -p <port> -o <timeout> [ depends on the plugin ]  <plugin>   = FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5  <target>   = Host to check (default: localhost)  <port>     = Port to connect to (default: standard port)  <timeout>  = seconds to wait after each test (default: 2 seconds)  use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.  Only -s is a mandatory switch. bed Usage Example Use the HTTP...

BBQSQL Package Description Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast. Similar to other SQL injection tools you provide certain request information. Must provide the usual information: URL HTTP Method Headers Cookies Encoding methods Redirect behavior Files HTTP Auth Proxies Then specify where the injection ...

Xplico Package Description The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, H323), FTP, TFTP, and so on. Xplico is not a network protocol analyzer. Source: http://sourceforge.net/projects/xplico/files/Xplico%20versions Xplico Homepage | Kali Xplico Repo Author: Gianluca Costa, Andre de Franceschi License: GPLv2 Tools included in the xplico package xplico – Network Forensic Analysis Tool (NFAT) root@kali:~# xplico -h xplico v1.2.1 Internet Traffic Decoder (NFAT). See http://www.xplico.org for more information. Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This product includes GeoLit...

WOL-E Package Description WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include: Bruteforcing the MAC address to wake up clients Sniffing WOL attempts on the network and saving them to disk Sniffing WOL passwords on the network and saving them to disk Waking up single clients (post sniffing attack) Scanning for Apple devices on the network for WOL enabling Sending bulk WOL requests to all detected Apple clients Source: https://code.google.com/p/wol-e/ WOL-E Homepage | Kali WOL-E Repo Author: Nathaniel Carew License: GPLv3 Tools included in the wol-e package wol-e – Wake on LAN Explorer root@kali:~# wol-e -h [*] WOL-E 1.0 [*] Wake on LAN Explorer - A collection a WOL tools. [*] by Nathaniel Carew     -m         Waking up single computers.         If a password is required use the -k 00...

wireshark Package Description Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Wireshark has a rich feature set which includes the following: Deep inspection of hundreds of protocols, with more being added all the time Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility The most powerful display filters in the industry Rich VoIP analysis Capture files compressed with gzip can be decompressed on the fly Live data can be read from Eth...

urlcrazy Package Description Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Features Generates 15 types of domain variants Knows over 8000 common misspellings Supports cosmic ray induced bit flipping Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak) Checks if a domain variant is valid Test if domain variants are in use Estimate popularity of a domain variant Source: http://www.morningstarsecurity.com/research/urlcrazy URLCrazy Homepage | Kali URLCrazy Repo Author: Andrew Horton License: Non-commercial Tools included in the urlcrazy package urlcrazy – Domain typo generator root@kali:~# urlcrazy -h URLCrazy version 0.5 by Andrew Horton (urbanadventurer) http://www.morningstarsecurity.com/research/urlcrazy Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Supports the follo...

Unicornscan Package Description Overview : Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license. Benefits : Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include: Asynchronous stateless TCP scanning with all variations of TCP Flags. Asynchronous stateless TCP banner grabbing Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response). Active and Passive remote OS, application, and component identificati...

twofi Package Description When attempting to crack passwords custom word lists are very useful additions to standard dictionaries. An interesting idea originally released on the “7 Habits of Highly Effective Hackers” blog was to use Twitter to help generate those lists based on searches for keywords related to the list that is being cracked. This idea has been expanded into twofi which will take multiple search terms and return a word list sorted by most common first. Source: https://digi.ninja/projects/twofi.php twofi Homepage | Kali twofi Repo Author: Robin Wood License: Creative Commons Attribution-Share Alike 2.0 Tools included in the twofi package twofi – Twitter words of interest root@kali:~# twofi -h twoif 2.0-beta Robin Wood (robin@digininja.org) (www.digininja.org) twoif - Twitter Words of Interest Usage: twoif [OPTIONS]     --help, -h: show help     --config <file>: config file, default is twofi.yml     --count...

TLSSLed Package Description TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities. Source: http://www.taddong.com/en/lab.html TLSSLed Homepage | Kali TLSSLed Repo Author: Raul Siles, Taddong SL License: GPLv3 Tools included in the tlssled package tlssled – Evaluates the security of a target SSL/TLS (HTTPS) server root@kali:~# tlssled ------------------------------------------------------  TLSSLed - (1.3) based on sslscan and openssl    ...

theharvester Package Description The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. This is a complete rewrite of the tool with new features like: Time delays between request All sources search Virtual host verifier Active enumeration (DNS enumeration, Reverse lookups, TLD expansion) Integration with SHODAN computer database, to get the open ports and banners Save to XML and HTML Basic graph with stats New sources Source: https://github.com/laramies/theHarvester/ theHarvester Homepage | Kali theHarvester Repo Author: Christian Martorella Li...

THC-IPV6 Package Description A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Source: https://www.thc.org/thc-ipv6/ THC-IPV6 Homepage | Kali THC-IPV6 Repo Author: The Hacker’s Choice License: AGPLv3 Tools included in the thc-ipv6 package 6to4test.sh – Tests if the IPv4 target has a dynamic 6to4 tunnel active root@kali:~# 6to4test.sh Syntax: /usr/bin/6to4test.sh interface ipv4address This little script tests if the IPv4 target has a dynamic 6to4 tunnel active Requires address6 and thcping6 from thc-ipv6 address6 – Converts a mac or ipv4 address to an ipv6 address root@kali:~# address6 address6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org Syntax:     address6 mac-address [ipv6-prefix]     address6 ipv4-address [ipv6-prefix]     address6 ipv6-address Converts a mac or ipv4 address to an ipv6 address (link lo...