Exploitation Frameworks:

  1. Metaspolit
  2. Core Impact https://www.coresecurity.com/core-impact
  3. Canvas https://www.immunityinc.com/products/canvas/

SHEEP DIP Computer – isotalted from the network

  • www.sandboxie.com – can be used for malware analysis.
  • Process Explorer – https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Use in isolated lab to test virus/worms:

  • JPS Virus Maker
  • Internet worm maker thing
  • Ghost eye social media worm toolkit

Email Harvest:

  • theharvestor – pre-installed in Kali.

Zone Transfer:

  • Fierce – preinstalled in Kali

Foot printing:

– hackingforcharity Google hacking Database

Best Google Hack: ext:pdf jonny long google hack

People Search

  • whitepages.com/person
  • https://www.peoplesearchnow.com/
  • https://www.anywho.com/
  • www.spokeo.com

Website Copier

  • http://www.httrack.com/
  • http://visualwebripper.com/Product – web ripper 2
  • WinWSD – Website Downloader (search on google)

Saving Websites

  • wget –recursive –depth=20

Email Tracking

  • https://www.yesware.com/
  • https://www.hubspot.com/
  • https://bananatag.com/ -gmail and outlook
  • http://www.getnotify.com/ – completely free
  • https://www.readnotify.com/
  • http://whoreadme.com/
  • http://www.msgtag.com/home/
  • http://www.didtheyreadit.com/

Network Discovery

  • Find IP and subnets
  • Find OS – NMAP
  • Find routing information

NMAP Commands

  • nmap -sP ipaddress/24 (Ping Scan/ Ping Sweep)
  • nmap -sT ip-addr [ this is TCP OPEN scan]
  • nmap -sT -p 1-3000 -P0 ip-addr [ -p is used to specify range of port, -P0 is used to not send ping packets to hosts]

Regional Internet Registries (RIRs)

  • https://www.arin.net/
  • https://www.afrinic.net/
  • https://www.apnic.net/
  • https://www.ripe.net/
[abasu@localhost ~]$ host apple.com
apple.com has address
apple.com has address
apple.com has address

Network Scanners

  • nmap -sP — sP = Scan Type Ping
  • Angry IP Scanner – Cross Platform tool! http://angryip.org/download/
  • Colasoft Ping Scanner – http://www.colasoft.com/ping_tool/
  • PingInfoView – Windows OS only. Supports most newer versions of Windows including windows 10. http://www.nirsoft.net/utils/multiple_ping_tool.html
  • SolarWinds Engineering Tool-set – Pro https://www.solarwinds.com/engineers-toolset
  • Packet Trap remote monitoring and mangement – http://www.networkperspective.com/PacketTrap-MSP.asp
  • Pinkie Network Troubleshooting Tool – http://www.ipuptime.net/category/download/
  • What’s Up Gold Network Scanner – https://www.ipswitch.com/forms/free-trials/whatsup-gold
  • Serversniff: for networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware usersfor networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware users – http://www.serversniff.net/
  • PathAnalyzer Pro – has a free and a pro version. https://www.pathanalyzer.com/download.opp path discovery, whois, firewall detection, geolocation, network testing

Packet Crafting

  • HPing – now available from Github @ https://github.com/antirez/hping
  • Colasoft Packet Builder: http://www.colasoft.com/packet_builder/ [nables creating custom network packets; users can use this tool to check their network protection against attacks and intruders.]

Search Web

  • Search web by domain: https://searchdns.netcraft.com/ [Netcraft also publishes market research on web servers]
  • Shodan: Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. https://www.shodan.io/

Visual Traceroute

  • Open Visual Trace-route –  https://sourceforge.net/projects/openvisualtrace/ [Open source cross-platform (Windows/Linux/Mac) Java Visual Traceroute, packet sniffer and Whois. Data is displayed in a 3D or a 2D map component.]
  • Visual Route (not free) http://www.visualroute.com/
  • Or simply use traceroute in Linux or tracert in windows

Network Commands:

  • nmcli -p
  • dig any google.com
  • whois google.com

Digital Forensics

  • Maltego (not free)- Maltego is proprietary software[1] used for open-source intelligence and forensics. https://www.paterva.com/web7/downloads.php
  • https://domainpunch.com/dnapro/ (not free)- Domain Name Analyzer Professional is an advanced Windows software for finding, managing, maintaining multiple domain names.
  • http://www.webextractor.com/ (not free) – Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
  • Robtex – Robtex is used for various kinds of research of IP numbers, Domain names, etc – https://www.robtex.com/ – user this to gather a lot of domain related information without running command line tools.
  • DNS Digger – http://dnsdigger.com/
  • Sam Spade (Windows only) is a general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. Sam Spade fetures include:
    ping – nslookup – whois – IP block – dig – traceroute finger – SMTP VRFY – web browser keep-alive – DNS zone transfer – SMTP relay check – Usenet cancel check – website download – website search – email header analysis – Email blacklist – query Abuse address – And More. http://www.majorgeeks.com/files/details/sam_spade.html
  • http://blueinfy.com/ – has many tools, free to download. I need to explore them more!
  • Dig Web Interface – a web based UI for dig utility – https://www.digwebinterface.com/

Useful Resources:

  1. AES Crypt is a file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files. https://www.aescrypt.com/
  2. Most useful Caesar Cipher Decoder. http://www.dcode.fr/caesar-cipher
  3. A1Z26 Cipher coder/decoder: A1Z26 is very simple direct substitution cypher, where each alphabet letter is replaced by its number in the alphabet. https://planetcalc.com/4884/
  4. Best ASCII Converter: https://www.branah.com/ascii-converter
  5. Best Hash and Password Cracking online: https://crackstation.net/
  6. Always remember to check AtBash and Base32 deciphers. Base32 is not available at Rumkin. Use this url for additional deciphers that are not available on Rumkin. http://emn178.github.io/online-tools/
  7. Best Decipher library online: http://rumkin.com/tools/cipher/
  8. Check File Type Online: http://checkfiletype.com/
  9. URL Param Encoder/Decoder: https://www.urlencoder.org/
  10. Magic Bytes: https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/
  11. Recon tool based on URL: http://toolbar.netcraft.com/ and https://www.shodan.io/ – useful to find out OS of a server.
  12. Online Recon IP Scan: http://www.serversniff.net/tools/httpscipher.php
  13. Blowfish https://webnet77.net/cgi-bin/helpers/blowfish.pl

Recon command: host www.sitename.com (linux)

Vulnerability Research:

Number Converters – Cryptography:

  • Hex to ASCII. Do not convert 0x!!  http://www.rapidtables.com/convert/number/hex-to-ascii.htm
  • Base64Decode – common crypto problem: https://www.base64decode.org/
  • Binary 2 ASCII converter http://www.binaryhexconverter.com/binary-to-ascii-text-converter
  • tips: Some crypto problem involves multiple encoding. A very common method is to encode with base64 then encode with binary. For example, the word “supersecret” becomes “c3N1cGVyc2VjcmV0” after applying base64 encoding. We can then encode it to binary using the wensite “https://codebeautify.org/string-binary-converter. So, the final encoded value becomes 01100011 00110011 01001110 00110001 01100011 01000111 01010110 01111001 01100011 00110010 01010110 01101010 01100011 01101101 01010110 00110000. To solve such problems, we must run decoder twice to get to the original value.
  • Atbash Decoder: When nothing works, try using this decoder.  As a matter of fact, we should always try this one.
  • Vigenere Decoder: If you have a secret code (key) and an encrypted message, try http://rumkin.com/tools/cipher/vigenere.php


Digital Invisible Toolkit: http://diit.sourceforge.net/examples.html

Pcap Analysis:

Foot-printing – Routing path analysis –

DNS Information:

  • dig ANY ankanbasu.com
  • nslookup
  • whois www.sitename.com -> provides a lot of information.

Discover Open ports

  • nmap
  • hping

Ping and Ping Sweep

  • Ping tool for one host
  • Ping sweep for many hosts: nmap -sP

IP Scanners

Network Emulators:

Many excellent free Security tools:

750 CISSP Questions for Review on Youtube:

Check you password Strength:

Ethical Hacking Tools

  • Recon tool: people search pipl
  • Domain info research – nslookup. There are many options that can be passed to this command line tool that is available in windows, linux and mac. 
  • Path Analyzer pro – traceroute finally makes sense: https://www.pathanalyzer.com/download.opp

SSL Server Test: https://www.ssllabs.com/ssltest/   test the SSL certificate of any website of your choice.

AES Encryption Options: http://www.aeppro.com/download/latest.shtml  try out various encryption with this excellent windows utility. Windows 10 compatible.

Download Linux Distros: https://distrowatch.com/

Download Windows Software: https://technet.microsoft.com/en-us/

Google Hack: inurl *.microsoft.com -inurl:www -inurl:support*


Kali Linux

  • dmitry – deepmagic information gathering tool – good recon tool with some nice flags
  • goofile – another tool to search for specific file types
  • Maltego – most advanced recon tool! Just use the community edition!