CEH_Useful_Applications - yenbohuang/techNotes GitHub Wiki
General
| OS | URL | Note |
|---|---|---|
| Linux | Parrot Security | OS for hackers. |
| Linux | Kali Linux | OS for hackers. |
| Windows | DVWA | Damn Vulnerable Web Application (DVWA) is a PHP/MariaDB web application that is damn vulnerable. |
| Multi-Platform | WireShark | Network protocol analyzer. |
| Multi-Platform | ZAP | Web App scanner. |
| Multi-Platform | Burp Suite | Web application security testing software. |
Information Gathering
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Multi-Platform | Angry IP Scanner | Z:\CEHv12 Module 03 Scanning Networks\Ping Sweep Tools\Angry IP Scanner |
Fast and friendly network scanner. |
| Multi-Platform | HTTracker Website Copier | Z:\CEHv12 Module 02 Footprinting and Reconnaissance\Website Mirroring Tools\HTTrack Web Site Copier |
Easy-to-use offline browser utility. |
| Windows | FOCA (Fingerprinting Organizations with Collected Archives) | Z:\CEHv12 Module 02 Footprinting and Reconnaissance\Footprinting Tools\FOCA |
Find metadata and hidden information in the documents it scans. |
Enumeration
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Multi-Platform | SoftPerfect Network Scanner | Z:\CEHv12 Module 04 Enumeration\SNMP Enumeration Tools\SoftPerfect Network Scanner |
Ping computers, scan ports, discover shared folders, and retrieve practically any information about network devices via WMI, SNMP, HTTP, SSH, and PowerShell. |
| Windows | ADExplorer | Z:\CEHv12 Module 04 Enumeration\LDAP Enumeration Tools\Active Directory Explorer |
Advanced Active Directory (AD) viewer and editor. |
Vulnerability Analysis
| OS | URL | Note |
|---|---|---|
| Linux | Greenbone OpenVAS | Full-featured vulnerability scanner. |
System Hacking
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | l0phtcrack | Z:\CEHv12 Module 06 System Hacking\Password Cracking Tools\L0phtCrack |
Audit passwords and recover applications. |
| Windows | Power Spy | Z:\CEHv12 Module 06 System Hacking\Spyware\General Spyware\Power Spy |
Secretly log all users on a PC while they are unaware. |
| Windows | Spytech SpyAgent | Z:\CEHv12 Module 06 System Hacking\Spyware\General Spyware\Spytech SpyAgent |
Monitor everything users do on a computer in complete stealth mode. |
| Windows | OpenStego | E:\CEH-Tools\CEHv12 Module 06 System Hacking\Steganography Tools\Image Steganography Tools\OpenStego |
Image Steganography: hide information in image. |
| Windows | CCleaner | E:\CEH-Tools\CEHv12 Module 06 System Hacking\Covering Tracks Tools\CCleaner |
System optimization, privacy, and cleaning tool. |
| Linux | armitage | Metasploit GUI tool. |
Malware Threats
For bad guys
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Trojans Types\Remote Access Trojans (RAT)\njRAT |
Gain Control over a Victim Machine using the njRAT RAT Trojan. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Crypters\SwayzCryptor |
Hide a Trojan using SwayzCryptor and Make it Undetectable to Various Anti-Virus Programs. | |
| Windows | Z:\CEHv12 Module 07 Malware Threats\Trojans Types\Remote Access Trojans (RAT)\Theef |
Create a Trojan Server using Theef RAT Trojan. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Virus Maker\JPS Virus Maker |
Create a Virus using the JPS Virus Maker Tool and Infect the Target System. |
For good guys
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\String Searching Tools\BinText |
Extract embedded strings from executable files. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\Packaging and Obfuscation Tools\PEid |
Identify signatures associated with over 600 different packers and compilers. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\PE Extraction Tools\PE Explorer |
Open, view, and edit a variety of different 32-bit Windows executable file types. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\File Dependency Checking Tools\Dependency Walker |
Identify the file dependencies of an executable file. | |
| Windows | IDA | Preinstalled on Windows 11. | Decompiler. |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\Disassembling and Debugging Tools\OllyDbg |
OllyDbg is a debugger that emphasizes binary code analysis. | |
| Windows | Z:\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Port Monitoring Tools\TCPView |
Shows the detailed listings of all the TCP and UDP endpoints on the system. | |
| Windows | Z:\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Port Monitoring Tools\CurrPorts |
Displays a list of all the currently open TCP/IP and UDP ports on a local computer. | |
| Windows | Z:\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Process Monitoring Tools\ProcessMonitor |
Process monitor from sysinternal. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Registry Monitoring Tools\Reg Organizer |
Edit keys and parameters, as well as to delete the content of .reg files. |
|
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Windows Services Monitoring Tools\Windows Service Manager (SrvMan)\x64 |
Detect changes in services and scan for suspicious Windows services. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Windows Startup Programs Monitoring Tools\Autoruns for Windows |
Auto-start the location of any startup monitor, display which programs are configured to run during system bootup or login, and show the entries in the order Windows processes them. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Windows Startup Programs Monitoring Tools\WinPatrol |
Provides the user with 14 different tabs to help in monitoring the system and its files. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Installation Monitoring Tools\Mirekusoft Install Monitor |
Automatically monitors what gets placed on your system and allows you to uninstall it completely. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Files and Folder Monitoring Tools\PA File Sight |
Detect any malware installed and any system file modifications. It detects ransomware attacks coming from a network and stops them. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Device Drivers Monitoring Tools\DriverView |
The DriverView utility displays a list of all device drivers currently loaded on the system. | |
| Windows | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\Device Drivers Monitoring Tools\Driver Reviver |
Driver Reviver provides an effective way of scanning your PC to identify out of date drivers. | |
| Windows | Z:\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Dynamic Malware Analysis Tools\DNS Monitoring Tools\DNSQuerySniffer |
DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. | |
| Windows/Linux | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\Packaging and Obfuscation Tools\DIE |
Detects a file’s compiler, linker, packer, etc. using a signature-based detection method. | |
| Windows/Linux | E:\CEH-Tools\CEHv12 Module 07 Malware Threats\Malware Analysis Tools\Static Malware Analysis Tools\Disassembling and Debugging Tools\Ghidra |
Software reverse engineering (SRE) framework that includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, MacOS, and Linux. |
Sniffing
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | Cain & Abel | Preinstalled on Windows server 2019. | Password recovery tool that allows the recovery of passwords by sniffing the network and cracking encrypted passwords. The ARP poisoning feature of the Cain & Abel tool involves sending free spoofed ARPs to the network’s host victims. This spoofed ARP can make it easier to attack a middleman. |
| Windows | TMAC (Technitium MAC Address Changer) | Preinstalled on Windows 11. | Perform MAC spoofing. |
| Windows | SMAC | Preinstalled on Windows 11. | Perform MAC spoofing. |
| Windows | omnipeek | Download from website. | Provides real-time visibility and expert analysis of each part of the target network. |
| Windows | SteelCentral Packet Analyzer | Download from website. | Provides a graphical console for high-speed packet analysis. |
| Windows | Capsa Network Analyzer | Download from website. | Detecting ARP poisoning and ARP flooding attack and in locating attack source. |
Social Engineering
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Linux | The Social-Engineer Toolkit (SET) | /home/attacker/social-engineer-toolkit |
Although many kinds of attacks can be carried out using SET, it is also a must-have tool for penetration testers to check for vulnerabilities. |
| Windows | Netcraft | Download from website. | The Netcraft Extension provides updated and extensive information about sites that users visit regularly; it also blocks dangerous sites. |
Denial-of-Service
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 10 Denial-of-Service\DoS and DDoS Attack Tools\High Orbit Ion Cannon (HOIC) |
Network stress and DoS/DDoS attack application. |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 10 Denial-of-Service\DoS and DDoS Attack Tools\Low Orbit Ion Cannon (LOIC) |
Network stress testing and DoS attack application. |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 10 Denial-of-Service\DoS and DDoS Protection Tools\Anti DDoS Guardian |
Anti DDoS Guardian monitors each incoming and outgoing packet in Real-Time. |
Session Hijacking
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 11 Session Hijacking\Hetty |
Perform MITM attack, manually create/edit requests, and replay proxied requests for HTTP clients and further intercept requests and responses for manual review. |
Evading IDS, Firewalls, and Honeypots
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | ?? | Z:\CEHv12 Module 12 Evading IDS, Firewalls, and Honeypots\Intrusion Detection Tools\Snort |
Perform protocol analysis and content searching/matching and is used to detect a variety of attacks and probes such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. CEH_Snort |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 12 Evading IDS, Firewalls, and Honeypots\Firewalls\ZoneAlarm FREE FIREWALL |
Free (not open sourced) firewall. |
| Windows | ?? | Z:\CEHv12 Module 12 Evading IDS, Firewalls, and Honeypots\Honeypot Tools\HoneyBOT |
Creates a safe environment to capture and interact with unsolicited traffic on a network. |
| Windows | ?? | Z:\CEHv12 Module 12 Evading IDS, Firewalls, and Honeypots\HTTP Tunneling Tools\HTTPort |
HTTPort performs tunneling using one of two modes: SSL/CONNECT mode and a remote host. |
| Windows | ?? | Z:\CEHv12 Module 12 Evading IDS, Firewalls, and Honeypots\HTTP Tunneling Tools\HTTHost |
HTTPort uses a special server software called HTTHost, which is installed outside the proxy-blocked network. It is a web server, and thus when HTTPort is tunneling, it sends a series of HTTP requests to the HTTHost. |
Hacking Web Servers
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | E:\CEH-Tools\CEHv12 Module 13 Hacking Web Servers\Web Server Footprinting Tools\httprecon |
Performs banner-grabbing attacks, status code enumeration, and header ordering analysis on its target web server. Need admin permission. |
Hacking Web Applications
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | Subgraph Vega | Preinstalled on Windows 11. | Discover vulnerabilities in the target web application. |
IoT and OT Hacking
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | ?? | Z:\CEH-Tools\CEHv12 Module 18 IoT and OT Hacking\Bevywise IoT Simulator/Bevywise_MQTTRoute_Win_64.exe |
MQTT broker |
| Windows | ?? | Z:\CEH-Tools\CEHv12 Module 18 IoT and OT Hacking\Bevywise IoT Simulator\Bevywise_IoTSimulator_Win_64.exe |
MQTT client. Run by C:\Bevywise\IotSimulator\bin\runsimulator.bat. |
Cryptography
| OS | URL | Shared Drive | Note |
|---|---|---|---|
| Windows | ?? | Preinstalled as "HashCalc". | HashCalc enables you to compute multiple hashes, checksums, and HMACs for files, text, and hex strings. |
| Windows | ?? | Preinstalled as "MD5 Calculator". | MD5 Calculator is a simple application that calculates the MD5 hash of a given file, and it can be used with large files (e.g., multiple gigabytes). |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 20 Cryptography\MD5 and MD6 Hash Calculators\HashMyFiles |
HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 20 Cryptography\Cryptography Tools\CryptoForge |
CryptoForge is a file encryption software. Integrated in context menu as "Encrypt". Preinstalled as "CryptoForge Text". |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 20 Cryptography\Cryptography Tools\BCTextEncoder |
BCTextEncoder simplifies encoding and decoding text data. |
| Windows | ?? | Preinstalled as "VeraCrypt ". | VeraCrypt is a software used for establishing and maintaining an on-the-fly-encrypted volume (data storage device). |
| Windows | ?? | Part of "Control Panel" as "Manage Bitlocker". | BitLocker provides offline-data and OS protection for your computer, and helps to ensure that data stored on a computer that is running Windows® is not revealed if the computer is tampered with when the installed OS is offline. |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 20 Cryptography\Disk Encryption Tools\Rohos Disk Encryption |
Rohos Disk Encryption creates hidden and password-protected partitions on a computer or USB flash drive, and password protects/locks access to your Internet applications. |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 20 Cryptography\Cryptanalysis Tools\CrypTool |
CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms. Preinstalled as "CrypTool". |
| Windows | ?? | E:\CEH-Tools\CEHv12 Module 20 Cryptography\Cryptanalysis Tools\AlphaPeeler |
Use the AlphaPeeler tool to perform cryptanalysis. Preinstalled as "AlphaPeeler". |