– hackingforcharity Google hacking Database
Best Google Hack: ext:pdf jonny long google hack
- http://visualwebripper.com/Product – web ripper 2
- WinWSD – Website Downloader (search on google)
- wget –recursive –depth=20
- https://bananatag.com/ -gmail and outlook
- http://www.getnotify.com/ – completely free
- Find IP and subnets
- Find OS – NMAP
- Find routing information
- nmap -sP ipaddress/24 (Ping Scan/ Ping Sweep)
- nmap -sT ip-addr [ this is TCP OPEN scan]
- nmap -sT -p 1-3000 -P0 ip-addr [ -p is used to specify range of port, -P0 is used to not send ping packets to hosts]
Regional Internet Registries (RIRs)
apple.com has address 22.214.171.124
apple.com has address 126.96.36.199
apple.com has address 188.8.131.52
- nmap -sP 10.2.2.0/28 — sP = Scan Type Ping
- Angry IP Scanner – Cross Platform tool! http://angryip.org/download/
- Colasoft Ping Scanner – http://www.colasoft.com/ping_tool/
- PingInfoView – Windows OS only. Supports most newer versions of Windows including windows 10. http://www.nirsoft.net/utils/multiple_ping_tool.html
- SolarWinds Engineering Tool-set – Pro https://www.solarwinds.com/engineers-toolset
- Packet Trap remote monitoring and mangement – http://www.networkperspective.com/PacketTrap-MSP.asp
- Pinkie Network Troubleshooting Tool – http://www.ipuptime.net/category/download/
- What’s Up Gold Network Scanner – https://www.ipswitch.com/forms/free-trials/whatsup-gold
- Serversniff: for networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware usersfor networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware users – http://www.serversniff.net/
- HPing – now available from Github @ https://github.com/antirez/hping
- Colasoft Packet Builder: http://www.colasoft.com/packet_builder/ [nables creating custom network packets; users can use this tool to check their network protection against attacks and intruders.]
- Search web by domain: https://searchdns.netcraft.com/ [Netcraft also publishes market research on web servers]
- Shodan: Shodan is a search engine that lets the user find specific types of computers (
webcams, routers, servers, etc.) connected to the internet using a variety of filters. https://www.shodan.io/
- Open Visual Trace-route – https://sourceforge.net/projects/openvisualtrace/ [Open source cross-platform (Windows/Linux/Mac) Java Visual Traceroute, packet sniffer and Whois. Data is displayed in a 3D or a 2D map component.]
- Visual Route (not free) http://www.visualroute.com/
- Or simply use traceroute in Linux or tracert in windows
- nmcli -p
- dig any google.com
- whois google.com
- Maltego (not free)- Maltego is proprietary software used for open-source intelligence and forensics. https://www.paterva.com/web7/downloads.php
- https://domainpunch.com/dnapro/ (not free)- Domain Name Analyzer Professional is an advanced Windows software for finding, managing, maintaining multiple domain names.
- http://www.webextractor.com/ (not free) – Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
- Robtex – Robtex is used for various kinds of research of IP numbers, Domain names, etc – https://www.robtex.com/ – user this to gather a lot of domain related information without running command line tools.
- DNS Digger – http://dnsdigger.com/
- Sam Spade (Windows only) is a general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. Sam Spade fetures include:
ping – nslookup – whois – IP block – dig – traceroute finger – SMTP VRFY – web browser keep-alive – DNS zone transfer – SMTP relay check – Usenet cancel check – website download – website search – email header analysis – Email blacklist – query Abuse address – And More. http://www.majorgeeks.com/files/details/sam_spade.html
- http://blueinfy.com/ – has many tools, free to download. I need to explore them more!
- Dig Web Interface – a web based UI for dig utility – https://www.digwebinterface.com/
- AES Crypt is a file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files. https://www.aescrypt.com/
- Most useful Caesar Cipher Decoder. http://www.dcode.fr/caesar-cipher
- A1Z26 Cipher coder/decoder: A1Z26 is very simple direct substitution cypher, where each alphabet letter is replaced by its number in the alphabet. https://planetcalc.com/4884/
- Best ASCII Converter: https://www.branah.com/ascii-converter
- Best Hash and Password Cracking online: https://crackstation.net/
- Always remember to check AtBash and Base32 deciphers. Base32 is not available at Rumkin. Use this url for additional deciphers that are not available on Rumkin. http://emn178.github.io/online-tools/
- Best Decipher library online: http://rumkin.com/tools/cipher/
- Check File Type Online: http://checkfiletype.com/
- URL Param Encoder/Decoder: https://www.urlencoder.org/
- Magic Bytes: https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/
- Recon tool based on URL: http://toolbar.netcraft.com/ and https://www.shodan.io/ – useful to find out OS of a server.
- Online Recon IP Scan: http://www.serversniff.net/tools/httpscipher.php
- Blowfish https://webnet77.net/cgi-bin/helpers/blowfish.pl
Recon command: host www.sitename.com (linux)
Number Converters – Cryptography:
- Hex to ASCII. Do not convert 0x!! http://www.rapidtables.com/convert/number/hex-to-ascii.htm
- Base64Decode – common crypto problem: https://www.base64decode.org/
- Binary 2 ASCII converter http://www.binaryhexconverter.com/binary-to-ascii-text-converter
- tips: Some crypto problem involves multiple encoding. A very common method is to encode with base64 then encode with binary. For example, the word “supersecret” becomes “c3N1cGVyc2VjcmV0” after applying base64 encoding. We can then encode it to binary using the wensite “https://codebeautify.org/string-binary-converter. So, the final encoded value becomes 01100011 00110011 01001110 00110001 01100011 01000111 01010110 01111001 01100011 00110010 01010110 01101010 01100011 01101101 01010110 00110000. To solve such problems, we must run decoder twice to get to the original value.
- Atbash Decoder: When nothing works, try using this decoder. As a matter of fact, we should always try this one.
- Vigenere Decoder: If you have a secret code (key) and an encrypted message, try http://rumkin.com/tools/cipher/vigenere.php
Digital Invisible Toolkit: http://diit.sourceforge.net/examples.html
- This is a very special tool and i love running this tool in linux. It has options to check hidden message created with various algorithms such as BlindHide, Hide and Seek etc,
- Futurama : http://www.gotfuturama.com/Interactive/AlienCodec/
- Hyeroglyph: https://discoveringegypt.com/egyptian-hieroglyphic-writing/hieroglyphic-typewriter/
Foot-printing – Routing path analysis –
- Visual Traceroute for Linux: http://visualtraceroute.net/installation
- dig ANY ankanbasu.com
- whois www.sitename.com -> provides a lot of information.
Discover Open ports
Ping and Ping Sweep
- Ping tool for one host
- Ping sweep for many hosts: nmap -sP 10.5.5.1/28
- Angry IP Scanner: http://angryip.org/
- Colasoft Ping Tool (Windows Only): http://www.colasoft.com/ping_tool/
- PingInfo View (Windows) : http://www.nirsoft.net/utils/multiple_ping_tool.html
- GNS3 (windows): http://www.solarwinds.com/free-tools/gns3-network-emulator
- CIsco Packet Tracer: https://www.netacad.com/courses/packet-tracer-download/
Many excellent free Security tools:
750 CISSP Questions for Review on Youtube:
Check you password Strength:
Ethical Hacking Tools
- Recon tool: people search pipl
- Domain info research – nslookup. There are many options that can be passed to this command line tool that is available in windows, linux and mac.
- Path Analyzer pro – traceroute finally makes sense: https://www.pathanalyzer.com/download.opp
SSL Server Test: https://www.ssllabs.com/ssltest/ test the SSL certificate of any website of your choice.
AES Encryption Options: http://www.aeppro.com/download/latest.shtml try out various encryption with this excellent windows utility. Windows 10 compatible.
Download Linux Distros: https://distrowatch.com/
Download Windows Software: https://technet.microsoft.com/en-us/
Google Hack: inurl *.microsoft.com -inurl:www -inurl:support*
- dmitry – deepmagic information gathering tool – good recon tool with some nice flags
- goofile – another tool to search for specific file types
- Maltego – most advanced recon tool! Just use the community edition!