Survey on Security tools - archie-archana/Cyberlabs GitHub Wiki
Information Gathering Tools
Nmap Tool(Network Mapper)
High level Summary
Nmap is an open-source network scanner that is used to recon/scan networks. It is used to discover hosts, ports, and services along with their versions over a network. It sends packets to the host and then analyzes the responses in order to produce the desired results. It could even be used for host discovery, operating system detection, or scanning for open ports. It is one of the most popular reconnaissance tools.
Recommendations
This Tool is majorly used in port scanning and security auditing
Methodologies
Its free utility tool available in kali linux
Information Gathering
Discovers Hosts, Scanning order and port specification, The detection of service or version and operating system, Scanning Ports.
Service Enumeration
N.A
Penetration
We can get the information of open ports in that particular domain
Report – House Cleaning
Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
dmitry (Deepmagic Information Gathering Tool)
High-Level Summary
Dmitry is a free and open-source tool which is used for information gathering. Dmitry stands for DeepMagic Information Gathering Tool. It’s a command-line tool Using Dmitry tool You can collect information about the target, this information can be used for social engineering attacks. It can be used to gather a number of valuable pieces of information.
Recommendations
Information Gathering Tool through which we can get all basic required information of it
Methodologies
In Kali Linux only it is pre defined tool which can be used for Information Gathering Scope of this Tool is to scan possible subdomains, email addresses, tcp port scan of a host, lookup on the IP address of a host.
Service Enumeration
By this we can get to know which all are live application running on the system
Penetration
N.A
System Vulnerable:
dmitry -s domain
Report
House Cleaning Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
Maltego
High-Level Summary
Maltego is an open-source intelligence forensic application. Which will help you to get more accurate information and in a smarter way. In simple words, it is an information-gathering tool.
Recommendations
This Tool is majorly used in port scanning and security auditing.
Methodologies
Its free utility tool available in kali linux
Information Gathering
Discovers Hosts, Scanning order and port specification, The detection of service or version and operating system, Scanning Ports.
Service Enumeration
N.A.
Penetration
We can get the information of open ports in that particular domain
Report – House Cleaning
Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
Vulnerability Analysis Tools
##1. Nikto
High-Level Summary
Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items. You can use Nikto with any web servers like Apache, Nginx, IHS, OHS, Litespeed, and so on. Nikto can check for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Items and plugins scanned by Nikto are frequently updated and can be automatically updated.
Recommendations
This Tool is majorly used in port scanning and security auditing.
Methodologies
Its free utility tool available in kali linux
Information Gathering
Discovers Hosts, Scanning order and port specification, The detection of service or version and operating system, Scanning Ports.
Service Enumeration
N.A.
Penetration
We can get the information of open ports in that particular domain
Report – House Cleaning
Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
2. Legion
High-Level Summary
Legion tool is a super-extensible and semi-automated network penetration testing framework.GUI with panels and a long list of options that allow pentesters to quickly find and exploit attack vectors on hosts. It has the feature of real-time auto-saving of project results and tasks. Legion also provides services like Automatic recon and scanning with NMAP, whataweb, sslyzer, Vulners, webslayer, SMBenum, dirbuster, nikto, Hydra, and almost 100 auto-scheduled scripts are added to it. Modular functionality of Legion Tool allows users to easily customize Legion.
Recommendations
Automatic detection of CVEs (Common Vulnerabilities and Exposures and CPEs (Common Platform Enumeration).
Methodologies
Its free utility tool available in kali linux which is GUI Based and also we can customize it.
Information Gathering
We can conduct host discovery, custom port scanning, and custom discovery options.
Service Enumeration
N.A.
Penetration
We can get the information of open ports of host and many more options like auto detecting CVE
Report – House Cleaning
Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
3. Nmap Scripting Engine (NSE)
High-Level Summary
The Nmap Scripting Engine (NSE) is a powerful component of the Nmap (Network Mapper) tool that allows users to automate a variety of tasks during network exploration and security scanning. NSE is designed to extend the functionality of Nmap by enabling users to run scripts to perform tasks beyond traditional port scanning. These scripts can be used to gather additional information about target systems, detect vulnerabilities, or even automate exploitation. Nmap Scripts are written in Lua Language
Recommendations
Automatic detection of CVEs (Common Vulnerabilities and Exposures and CPEs (Common Platform Enumeration).
Information Gathering
We can conduct host discovery, custom port scanning, and custom discovery options.
Service Enumeration
N.A.
Penetration
We can get the information of open ports of host and many more options like auto detecting CVE
Report – House Cleaning
Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
Web Application Analysis Tools
1. Burp Suite
High-Level Summary Burp Suite is a cybersecurity tool designed for web application security testing. It is help in finds bugs in the websites and is gui based tool. There are 3 additions of burp suite
Burp suite community (Free) Burp suite professional Burp suite Enterprise
Recommendations
It is used to perform security testing in web application and also finding exploits in that surface.
Methodologies
It contain many features some them are
Proxy: Burp Suite acts as a proxy server between the user's browser and the target web application. It allows the user to intercept and modify the communication between the two, enabling the analysis and manipulation of HTTP requests and responses. Intruder: Burp Intruder is a powerful tool for performing automated attacks against web applications. It can be used to test the susceptibility of an application to different types of attacks, such as brute force and parameter tampering.
Information Gathering
We can conduct host discovery, custom port scanning, and custom discovery options.
Service Enumeration
N.A
Penetration
We can get the information of open ports of host and many more options like auto detecting CVE
Report – House Cleaning
Clean up was conducted after assessment of each target to remove any artifacts from the penetration test. The removals included any user accounts created and any files uploaded to the targets. Additionally, any configuration changes made were reverted to their original state.
2. WPScan-(WordPress Scan)
High-Level Summary
WordPress is known to have many flaws and vulnerabilities. WPScan will scan the WordPress website for its version, plugins, users and also has an in-built password cracker
Recommendations
This is used specifically for Websites hosted on WordPress.
Methodologies
Checking the version of WordPress used and associated vulnerabilities for that version. Checks for database dumps that may be openly accessible.
Information Gathering
We can conduct host discovery, custom port scanning, and custom discovery options.
Service Enumeration
N.A.
Penetration
We can get the information of open ports of host and many more options like auto detecting CVE
Report – House Cleaning
Same as above
3. WhatWeb
High-Level Summary
WhatWeb identifies websites. It recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
Recommendations
It scans website with aggression level set to 1 -v is for more readablility
Methodologies
This tool can identify and recognize all the web technologies available on the target website. This tool can identify technologies used by websites such as blogging, content management system, all JavaScript libraries. .
Information Gathering
We can conduct host discovery, custom port scanning, and custom discovery options.
Service Enumeration
N.A.
Penetration
WhatWeb is responsible for grabbing particular information from the target website. Whatweb works as an information-gathering tool and can identify all the email addresses, SQL errors, technology used in the website.
Report – House Cleaning
Same as above
Database Management Tools
1. SqlMap
High-Level Summary
Sqlmap is a python based tool; therefore it should operate on any system that supports Python. The purpose of sqlmap is to find and take benefit of SQL injection vulnerabilities in web applications.
Recommendations
It includes a robust detection engine, numerous specialist features for the ultimate penetration tester, and a wide range of switches that span database fingerprinting, data retrieval from databases, access to the underlying file system, and executing commands on the operating system via out-of-band connections.
Methodologies
When it detects one or more SQL injections on the target host, the user can choose from a number of options, including performing an extensive back-end database management system fingerprint, retrieving DBMS session user and database, enumerating users, password hashes, privileges, databases, dumping entire or user-specific DBMS table/columns, running his own SQL statement, reading particular files on the file system and more.
Information Gathering
The purpose of sqlmap is to find and take benefit of SQL injection vulnerabilities in web applications.
Service Enumeration
N.A.
Penetration
By giving DBMS credentials, IP address, port, and a database name, it is possible to connect to the database directly without using SQL injection.
Report – House Cleaning
Same as above
Password Attacks Tools
1. Medussa
High-Level Summary
Medusa is a modular, speedy, and parallel, login brute-forcer. It is a very powerful and lightweight tool. Medusa tool is used to brute-force credentials in as many protocols as possible which eventually lead to remote code execution. It currently has over 21 modules, some of which are: PcAnywhere, POP3, CVS, FTP etc.
Recommendations
N.A.
Methodologies
It works on bruteforce method
Information Gathering
Service Enumeration
N.A.
Penetration
It uses the wordlist which is available on kali linux and apply brute force method
Report – House Cleaning
Same as above
2. Crunch
High-Level Summary
In order to hack a password, we have to try a lot of passwords to get the right one. When an attacker uses thousands or millions of words or character combinations to crack a password there is no surety that any one of those millions of combinations will work or not
Recommendations
This collection of a different combination of characters is called a wordlist. And in order to crack a password or a hash, we need to have a good wordlist which could break the password. So to do so we have a tool in Kali Linux called crunch.
Information Gathering
Methodologies
crunch is a wordlist generating tool that comes pre-installed with Kali Linux. It is used to generate custom keywords based on wordlists. It generates a wordlist with permutation and combination. We could use some specific patterns and symbols to generate a wordlist.
Service Enumeration
N.A.
Penetration
It uses the wordlist which is available on kali linux and apply brute force method
Report – House Cleaning
Same as above
3. Hash Identifier
High-Level Summary
As the name is it used to identify the type of hashes that is given as input further based on the hash information we can crack hash using any other tools.
Recommendations
This collection of a different combination of characters is called a wordlist. And in order to crack a password or a hash, we need to have a good wordlist which could break the password. So to do so we have a tool in Kali Linux called crunch.
Methodologies
It simply suggests type of hash whether its of MD5 or hash
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Wireless attacks Tools
1.Wifite
High-Level Summary
Wifite is a tool to audit WEP or WPA encrypted wireless networks. It uses aircrack-ng, pyrit, reaver, tshark tools to perform the audit.
Recommendations
This collection of a different combination of characters is called a wordlist. And in order to crack a password or a hash, we need to have a good wordlist which could break the password. So to do so we have a tool in Kali Linux called crunch.
Methodologies
When cracking the passwords for multiple networks it sorts them based on their signal strength. Packed with a lot of customizing options to improve the effectiveness of the attack. Changes mac address while attacking to make the attacker anonymous.
Information Gathering
If an attacker finds any target not appropriate to be attacked, so it allows the attacker to block the attack for the specific network. It saves all passwords to a separate file.
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
2. Revear
High-Level Summary
Reaver is a package that is a handy and effective tool to implement a brute force attack against Wifi Protected Setup (WPS) registrar PINs to recover WPA/WPA2 passphrases. It is depicted to be a robust and practical attack against WPS, and it has been tested against a wide variety of access points and WPS implementations. In today’s time hacking WPA/WPA2 is exceptionally a tedious job.
Recommendations
Normal Dictionary attack could take days, and still will not succeed. On average Reaver will take 4-10 hours to recover the target AP’s plain text WPA/WPA2 passphrase, depending on the AP. Generally, it takes around half of this time to guess the correct WPS pin and recover the passphrase.
Methodologies
First we can scan the available networks with airodump-ng and selected one network and we will take the bssid of that network and we will give the input to the reaver and try to brutteforce the password.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
3. Aircrack Ng
High-Level Summary
Aircrack-ng is a popular open-source tool suite used for penetration testing and network security assessments. It is specifically designed for assessing the security of Wi-Fi networks.
Recommendations
Normal Dictionary attack could take days, and still will not succeed. On average Reaver will take 4-10 hours to recover the target AP’s plain text WPA/WPA2 passphrase, depending on the AP. Generally, it takes around half of this time to guess the correct WPS pin and recover the passphrase.
Methodologies
First we can scan the available networks with airodump-ng and selected one network and we will take the bssid of that network and we will give the input to the reaver and try to brutteforce the password.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Reverse Engineering Tools
1. Nasm
High-Level Summary
NASM stands for Netwide Assembler. It's a popular assembler for the x86 architecture used in many Unix-like operating systems, including Linux.
Recommendations
This tool Nasm very useful when we have understand the machine level language and what it does.
Methodologies
NASM take assembly language code, which is a low-level programming language that closely maps to machine code, and convert it into machine code or object code that a computer's processor can understand and execute.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
2. Radare2
High-Level Summary
Radare2 is an open-source framework for reverse engineering and binary analysis. It provides a comprehensive set of tools for examining, analyzing, and understanding binary files.
Recommendations
Radare2 is used by a diverse group of individuals, including security professionals, researchers, and hobbyists. It is particularly useful for reverse engineers, who rely on tools like r2 to understand and analyze code at a low level. This article will introduce you to radare2 and explore its key features and benefits.
Methodologies
Disassembling and analyzing code, Debugging with Radare2 is also possible
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Exploitation tools
1. Metasploit
High-Level Summary
Metasploit is an open-source platform that supports vulnerability research, exploit development, and the creation of custom security tools.It contains many exploits and we can get exploit to many well known vulnerabilities. And it also supports some scanners to.
Recommendations
N.A.
Methodologies
Disassembling and analyzing code, Debugging with Radare2 is also possible
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
2. Searchsploit
High-Level Summary
SearchSploit is a command-line search tool for Exploit-DB that allows you to take a copy of the Exploit Database with you.
Recommendations
SearchSploit is very useful for security assessments when you don’t have Internet access because it gives you the power to perform detailed offline searches for exploits in the saved Exploit-DB.
Methodologies
suppose we are taking the vulnerable machine here i.e 192.168.219.129 we get some info about the services that are running on the port here take port 21 so the service running on the port 21 is vsftpd 2.3.4 if try check for the possible exploit in searchsploit we can get the result.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Sniffing and Spoofing tools
1. Wireshark
High-Level Summary
Wireshark is a free and open-source packet analyzer tool used for network troubleshooting, analysis, and communication protocol development and education.
Recommendations
It captures network traffic from ethernet, Bluetooth, wireless (IEEE.802.11), and frame relay connections, among others, and stores that data for offline analysis.
Methodologies
This image shows the main page of the wireshark it contains many options for capturing the traffic the we select interface eg eth0 for etherenet we can see that some traffic going through eth0 we can select the interface and start the capture.
Information Gathering
Service Enumeration
N.A.
Penetration
We can filter as per our requirement which we need.
Report – House Cleaning
Same as above
2. TcpDump
High-Level Summary
This program allows you to dump the traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet types.
Recommendations
It can be used to print out the headers of packets on a network interface, filter packets that match a certain expression. You can use this tool to track down network problems, to detect attacks or to monitor network activities.
Methodologies
we use tcpdump command to run tcpdump -i to specify interface here we are using eth0 interface that is ethernet -v increase the verbosity are make the output more readable.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A.
Report – House Cleaning
Same as above
3. Macchanger
High-Level Summary
GNU MAC Changer is an utility that makes the maniputation of MAC addresses of network interfaces easier. MAC addresses are unique identifiers on networks, they only need to be unique, they can be changed on most network hardware.
Recommendations
Kali linux comes pre installed with a tool called macchanger which allows us to change mac address on a temporary basis.
Methodologies
If you have prior experience with Kali Linux then you would understand that eth0 is the name of the system’s networking interface card or NIC.Always remember to specify the name of the interface whenever working with macchanger. Let us now change into a particular mac address,If you observe the help option then you can see that in order to that we need to use the -m argument.Use the help option well if you want to get proficient in using professional tools.
Information Gathering
Service Enumeration
N.A.
Penetration
Sometimes to manipulate the mac address we have to change the device Mac Address
Report – House Cleaning
Same as above
Post Exploitation Tool
1. Netcat
High-Level Summary
A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts
Recommendations
At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Methodologies
suppose when generated and ran the payload in the target machine we got the reverse shell using netcat
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
2. Weevely
High-Level Summary
Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Recommendations
At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Methodologies
suppose when generated and ran the payload in the target machine we got the reverse shell using netcat
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
3. mimikatz
High-Level Summary
Mimikatz is also capable of assisting in lateral movements and privilege escalations. Attacks like Pass-the-Hash, Pass-the-Ticket, Over-Pass-the-Hash, Kerberoasting etc. can also be achieved with Mimikatz.
Recommendations
Mimikatz abuses and exploits the Single Sign-On functionality of Windows Authentication that allows the user to authenticate himself only once in order to use various Windows services.
Methodologies
After a user logs into Windows, a set of credentials is generated and stored in the Local Security Authority Subsystem Service (LSASS) in the memory. As the LSASS is loaded in memory, when invoked mimikatz loads its dynamic link library (dll) into the library from where it can extract the credential hashes and dumps them onto the attacking system, and might even give us cleartext passwords.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Social Engineering Tools
1. SET(Social Engineering Tool kit)
High-Level Summary
The Social-Engineer Toolkit (SET) is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.It can be used to perform various social engineering attacks like email phisphing, site phisphing etc.
Recommendations
The Spear-phishing module allows you to specially craft email messages and send them to your targeted victims with attached FileFormatmalicious payloads. For example, sending malicious PDF document which if the victim opens, it will compromise the system.
Methodologies
The web attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim. This module is used by performing phishing attacks against the victim if they click the link. There is a wide variety of attacks that can occur once they click a link.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Forensic Tools
1. BinWalk
High-Level Summary
Binwalk is a great tool when we have a binary image and have to extract embedded files and executable codes out of them.
Recommendations
It is even used to identify the files and codes which are embedded inside the firmware images. Binwalk is compatible with magic signatures for UNIX file utility as it uses libmagic library.
Methodologies
binwalk supports a variety of command-line options that allow you to customize the analysis and extraction process, such as the signature database to use, the output format, or the extraction options. You can use these options to fine-tune the analysis and extraction to suit your needs.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
2. Autopsy
High-Level Summary
Autopsy is a digital forensics tool that is used to gather the information form forensics. Or in other words, this tool is used to investigate files or logs to learn about what exactly was done with the system.
Recommendations
It could even be used as a recovery software to recover files from a memory card or a pen drive.
Methodologies
Autopsy comes pre-installed in Kali Linux Just type “autopsy” in the terminal.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
Reporting Tools
1. Cherry tree
High Level summary
CherryTree is a hierarchical note taking application, featuring rich text, syntax highlighting, images handling, hyperlinks, import/export with support for multiple formats, support for multiple languages, and more.\
Recommendation
It is recommended use for affective note and report making
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
2. Pipal
High Level summary
Pipal is a password analysis and research tool used to analyze password lists and patterns, providing insights into password security and helping identify common or weak passwords.
Recommendation
It is recommended to use when we have analyze certain wordlist that is manually created and test it's efficiency.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above
3. Cutycapt
High Level summary
CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP.
Recommendation
Cutycapt is recommended for use when there is a need to capture screenshots of web pages from the command line.
Information Gathering
Service Enumeration
N.A.
Penetration
N.A
Report – House Cleaning
Same as above