Pentesting Tools: MISC - Paiet/SEC-335 GitHub Wiki

MISC
- Metasploit framework
  - CLI-based attack framework
  - Allows you to...
    - Enumerate targets
    - Exploit targets
    - Validate vulnerabilities
  - DEMO: Metasploit vs vsftpd 2.3.4
- Searchsploit
  - Local copy of exploit-db
  - DEMO: Searchsploit against metasploitable
- Powersploit
  - Powershell scripts used during POST-Exploit
- Responder
  - Fake server and relay tool
    - Start Analyze mode
      - responder -I eth0 -A
    - Basic Auth and WPAD
      1. responder -I ens34 -wbF
      2. Victim browses to a site. Browser is using proxy
      3. WAIT for creds
      4. Copy creds to file
      5. Crack with Hashcat
  - Responds to...
    - LLMNR
    - NBT-NS
    - POP
    - IMAP
    - SMTP
    - SQL
  - Used to discover items like usernames, passwords, and other sensitive data
- Impacket
  - Python classes
  - Provide low-level access to...
    - Packets
    - Protocols
  - https://www.coresecurity.com/corelabs-research/open-source-tools/impacket
- Empire
  - PowerShell Empire
  - POST-Exploit attack framework
  - Allows you to run PowerShell scripts with access to powershell.exe
  - Used to...
    - Priv esc
    - Capture data
    - Extract passwords
    - Install backdoors
  - https://www.powershellempire.com/