💾
kurare
  • 🤸Welcome!
  • 🔤Alphabet Soup
  • Training
    • CTFs & Labs
  • Directory Traver
  • Reporting
  • Toolbox
  • Rando Links
  • GRC (The box-checkers)
  • Common Software Repository
  • Social Networking
  • Penetration Testing Frameworks
  • Playbooks
    • Playbook: Figuring out software versions
    • Playbook: web applications
    • Playbook: Finding exploits
    • Playbook: Cloud Environments
  • Testing out credentials
  • Active Directory
  • Checklists
    • Pretest phase
    • Host Discovery
    • Website (external)
    • Black-box External Test
    • Host Enumeration
    • SMB enumeration
    • Page
  • Reporting
  • Services
    • VOIP / SIP
Powered by GitBook
On this page

Toolbox

PreviousReportingNextRando Links

Last updated 1 year ago

Here's a list of my favorite penetration testing tools, in no order or organization.

Distros

  • Windows Commando

  • Kali Linux

  • SecurityOnion

  • REMNux - great for forensics or reverse engineering.

Network

  • nmap - the ultimate network infrastructure mapping tool.

  • amap - offers a little extra information on which services are tied to protocols.

  • masscan - an alternative to nmap, better geared toward scanning large subnets.

  • unicornscan - an alternative to nmap, also better performing, and I like that it has the word "unicorn" in it.

  • Wireshark - free tool for viewing what's going on on the wire.

OSINT (Open Source Intelligence)

  • shodan.io - a website that regularly enumerates and organizes IP addresses across the net.

  • github - people frequently put their corporate projects on Github, which can be used for recon.

  • pastebin - data leaks sometimes pop up on pastebin

  • DeHashed - compromised password / PII database (sometimes we check for pre-compromised credentials to see if they still work)

  • DNS Dumpster can provide an accessible dump and visualization of information provided in DNS records.

  • has a list of useful search engines.

Web Security

  • subfinder - finds subdomains

  • W3AF - web application vulnerability framework

  • nikto - simple web vulnerability scanner, sometimes turns up interesting results

  • Burp - Community Edition is great . If you can afford the $, the premium version is worth it.

  • sqlmap - checks for SQL injection

  • Eyewitness - takes screenshots and offers fingerprinting and some default usernames and passwords for web servers. Great time saver if you have a large subset of web servers to check.

  • OWASP ZAP - I prefer Burp, but this is another proxy you can use.

  • Wayback Machine - for looking for abandoned and unpublished pages.

  • FavFreak - checks favicon (the little icon in your tab) to identify other subdomains or domains and do other vulnerability analysis.

  • Brute force browsing: There are lots of tools for this. It doesn't really matter which one you use as long as you like it. Examples include feroxbuster, dirb, dirbuster, gobuster, dirsearch.

Microsoft Active Directory Environments

  • Responder

  • Rubeus

  • Mimikatz

  • Crackmapexec

  • enum4linux

  • kerbrute

  • BloodHound - helps find paths to domain admin from pre-compromised user credentials.

Cloud Environments

Password Cracking

  • hashcat

Other References:

WitnessMe - also takes screenshots of websites

linkfinder - finds links in Javascript files.

- A list of wordlists, web directory lists, just a great source of lists for you to run your tools against.

https://dnsdumpster.com/
https://github.com/edoardottt/awesome-hacker-search-engines
https://github.com/byt3bl33d3r/WitnessMe
https://github.com/GerbenJavado/LinkFinder
https://github.com/danielmiessler/SecLists
GitHub - Z4nzu/hackingtool: ALL IN ONE Hacking Tool For HackersGitHub
Logo