hacking learn and tools

Perl script which scans cisco routers for common vulnerabilities. cisco-auditing-tool Homepage | Kali cisco-auditing-tool Repo Author: g0ne License: GPLv2 Tools included in the cisco-auditing-tool package CAT – Scans cisco routers for common vulnerabilities root@kali:~# CAT Cisco Auditing Tool - g0ne [null0] Usage:     -h hostname (for scanning single hosts)     -f hostfile (for scanning multiple hosts)     -p port #   (default port is 23)     -w wordlist (wordlist for community name guessing)     -a passlist (wordlist for password guessing)     -i [ioshist]    (Check for IOS History bug)     -l logfile  (file to log to, default screen)     -q quiet mode   (no screen output) cisco-auditing-tool Usage Example Scan the host (-h 192.168.99.230) on port 23 (-p 23) , using a password dictionary file (-a /usr/share/wordlists/nmap.lst) : root@kali:~# CAT -...

THC-IPV6 Package Description A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Source: https://www.thc.org/thc-ipv6/ THC-IPV6 Homepage | Kali THC-IPV6 Repo Author: The Hacker’s Choice License: AGPLv3 Tools included in the thc-ipv6 package 6to4test.sh – Tests if the IPv4 target has a dynamic 6to4 tunnel active root@kali:~# 6to4test.sh Syntax: /usr/bin/6to4test.sh interface ipv4address This little script tests if the IPv4 target has a dynamic 6to4 tunnel active Requires address6 and thcping6 from thc-ipv6 address6 – Converts a mac or ipv4 address to an ipv6 address root@kali:~# address6 address6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org Syntax:     address6 mac-address [ipv6-prefix]     address6 ipv4-address [ipv6-prefix]     address6 ipv6-address Converts a mac or ipv4 address to an ipv6 address (link lo...

sublist3r Package Description Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. Source: https://github.com/aboul3la/Sublist3r Sublist3r Homepage | Kali sublist3r Repo Author: Ahmed Aboul-Ela License: GPL-2+ Tools included in the sublist3r package sublist3r – Fast subdomains enumeration tool for penetration testers root@kali:~# sublist3r -h usage: sublist3r [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]]                  [-t THREADS] [-e ENGINES] [-o OUTPUT] OPTIONS:   -h, --help            show this help message and e...

SSLyze Package Description SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. Key features include: Multi-processed and multi-threaded scanning (it’s fast) SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility Performance testing: session resumption and TLS tickets support Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more Server certificate validation and revocation checking through OCSP stapling Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP and FTP Support for client certificates when scanning servers that perform mutual authentication XML output to further process the scan results Source: https://github.com/iSECPartners/sslyze SSLyze Homepage | Kali SSLyze Repo Author: iSECPartners License: GPLv2 Tools included in th...

SSLsplit Package Description SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing. SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged o...

sslcaudit Package Description The goal of sslcaudit project is to develop a utility to automate testing SSL/TLS clients for resistance against MITM attacks. It might be useful for testing a thick client, a mobile application, an appliance, pretty much anything communicating over SSL/TLS over TCP. Source: http://www.gremwell.com/sites/default/files/sslcaudit/doc/sslcaudit-user-guide-1.0.pdf sslcaudit Homepage | Kali sslcaudit Repo Author: Gremwell License: GPLv3 Tools included in the sslcaudit package sslcaudit – Tests SSL/TLS clients susceptibility to MITM attacks root@kali:~# sslcaudit -h Usage: sslcaudit [OPTIONS] Options:   --version             show program's version number and exit   -h, --help            show this help message and exit   -l LISTEN_ON          Specify IP address and TCP PORT to listen on, in          ...

Nikto Package Description Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system). Not every check is a security problem, though most are. There are some items that are “info only” type checks that look for thing...