hacking learn and tools

Perl script which scans cisco routers for common vulnerabilities. cisco-auditing-tool Homepage | Kali cisco-auditing-tool Repo Author: g0ne License: GPLv2 Tools included in the cisco-auditing-tool package CAT – Scans cisco routers for common vulnerabilities root@kali:~# CAT Cisco Auditing Tool - g0ne [null0] Usage:     -h hostname (for scanning single hosts)     -f hostfile (for scanning multiple hosts)     -p port #   (default port is 23)     -w wordlist (wordlist for community name guessing)     -a passlist (wordlist for password guessing)     -i [ioshist]    (Check for IOS History bug)     -l logfile  (file to log to, default screen)     -q quiet mode   (no screen output) cisco-auditing-tool Usage Example Scan the host (-h 192.168.99.230) on port 23 (-p 23) , using a password dictionary file (-a /usr/share/wordlists/nmap.lst) : root@kali:~# CAT -...

BED Package Description BED stands for Bruteforce Exploit Detector. It is designed to check daemons for potential buffer overflows, format strings et. al. Kali BED Repo Author: mjm, eric License: GPLv2 Tools included in the bed package bed – A network protocol fuzzer root@kali:~# bed  BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )  Usage:  ./bed.pl -s <plugin> -t <target> -p <port> -o <timeout> [ depends on the plugin ]  <plugin>   = FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5  <target>   = Host to check (default: localhost)  <port>     = Port to connect to (default: standard port)  <timeout>  = seconds to wait after each test (default: 2 seconds)  use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.  Only -s is a mandatory switch. bed Usage Example Use the HTTP...

BBQSQL Package Description Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast. Similar to other SQL injection tools you provide certain request information. Must provide the usual information: URL HTTP Method Headers Cookies Encoding methods Redirect behavior Files HTTP Auth Proxies Then specify where the injection ...

Xplico Package Description The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, H323), FTP, TFTP, and so on. Xplico is not a network protocol analyzer. Source: http://sourceforge.net/projects/xplico/files/Xplico%20versions Xplico Homepage | Kali Xplico Repo Author: Gianluca Costa, Andre de Franceschi License: GPLv2 Tools included in the xplico package xplico – Network Forensic Analysis Tool (NFAT) root@kali:~# xplico -h xplico v1.2.1 Internet Traffic Decoder (NFAT). See http://www.xplico.org for more information. Copyright 2007-2017 Gianluca Costa & Andrea de Franceschi and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This product includes GeoLit...

WOL-E Package Description WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include: Bruteforcing the MAC address to wake up clients Sniffing WOL attempts on the network and saving them to disk Sniffing WOL passwords on the network and saving them to disk Waking up single clients (post sniffing attack) Scanning for Apple devices on the network for WOL enabling Sending bulk WOL requests to all detected Apple clients Source: https://code.google.com/p/wol-e/ WOL-E Homepage | Kali WOL-E Repo Author: Nathaniel Carew License: GPLv3 Tools included in the wol-e package wol-e – Wake on LAN Explorer root@kali:~# wol-e -h [*] WOL-E 1.0 [*] Wake on LAN Explorer - A collection a WOL tools. [*] by Nathaniel Carew     -m         Waking up single computers.         If a password is required use the -k 00...

urlcrazy Package Description Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Features Generates 15 types of domain variants Knows over 8000 common misspellings Supports cosmic ray induced bit flipping Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak) Checks if a domain variant is valid Test if domain variants are in use Estimate popularity of a domain variant Source: http://www.morningstarsecurity.com/research/urlcrazy URLCrazy Homepage | Kali URLCrazy Repo Author: Andrew Horton License: Non-commercial Tools included in the urlcrazy package urlcrazy – Domain typo generator root@kali:~# urlcrazy -h URLCrazy version 0.5 by Andrew Horton (urbanadventurer) http://www.morningstarsecurity.com/research/urlcrazy Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Supports the follo...

Unicornscan Package Description Overview : Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license. Benefits : Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include: Asynchronous stateless TCP scanning with all variations of TCP Flags. Asynchronous stateless TCP banner grabbing Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response). Active and Passive remote OS, application, and component identificati...

twofi Package Description When attempting to crack passwords custom word lists are very useful additions to standard dictionaries. An interesting idea originally released on the “7 Habits of Highly Effective Hackers” blog was to use Twitter to help generate those lists based on searches for keywords related to the list that is being cracked. This idea has been expanded into twofi which will take multiple search terms and return a word list sorted by most common first. Source: https://digi.ninja/projects/twofi.php twofi Homepage | Kali twofi Repo Author: Robin Wood License: Creative Commons Attribution-Share Alike 2.0 Tools included in the twofi package twofi – Twitter words of interest root@kali:~# twofi -h twoif 2.0-beta Robin Wood (robin@digininja.org) (www.digininja.org) twoif - Twitter Words of Interest Usage: twoif [OPTIONS]     --help, -h: show help     --config <file>: config file, default is twofi.yml     --count...

TLSSLed Package Description TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool. The current tests include checking if the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, and the current SSL/TLS renegotiation capabilities. Source: http://www.taddong.com/en/lab.html TLSSLed Homepage | Kali TLSSLed Repo Author: Raul Siles, Taddong SL License: GPLv3 Tools included in the tlssled package tlssled – Evaluates the security of a target SSL/TLS (HTTPS) server root@kali:~# tlssled ------------------------------------------------------  TLSSLed - (1.3) based on sslscan and openssl    ...

theharvester Package Description The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. This is a complete rewrite of the tool with new features like: Time delays between request All sources search Virtual host verifier Active enumeration (DNS enumeration, Reverse lookups, TLD expansion) Integration with SHODAN computer database, to get the open ports and banners Save to XML and HTML Basic graph with stats New sources Source: https://github.com/laramies/theHarvester/ theHarvester Homepage | Kali theHarvester Repo Author: Christian Martorella Li...

THC-IPV6 Package Description A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Source: https://www.thc.org/thc-ipv6/ THC-IPV6 Homepage | Kali THC-IPV6 Repo Author: The Hacker’s Choice License: AGPLv3 Tools included in the thc-ipv6 package 6to4test.sh – Tests if the IPv4 target has a dynamic 6to4 tunnel active root@kali:~# 6to4test.sh Syntax: /usr/bin/6to4test.sh interface ipv4address This little script tests if the IPv4 target has a dynamic 6to4 tunnel active Requires address6 and thcping6 from thc-ipv6 address6 – Converts a mac or ipv4 address to an ipv6 address root@kali:~# address6 address6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org Syntax:     address6 mac-address [ipv6-prefix]     address6 ipv4-address [ipv6-prefix]     address6 ipv6-address Converts a mac or ipv4 address to an ipv6 address (link lo...

sublist3r Package Description Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. Source: https://github.com/aboul3la/Sublist3r Sublist3r Homepage | Kali sublist3r Repo Author: Ahmed Aboul-Ela License: GPL-2+ Tools included in the sublist3r package sublist3r – Fast subdomains enumeration tool for penetration testers root@kali:~# sublist3r -h usage: sublist3r [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]]                  [-t THREADS] [-e ENGINES] [-o OUTPUT] OPTIONS:   -h, --help            show this help message and e...