Cyber Security

This page contains a list of tools and other random resources that I have used during my study for CEH exam. Tools are documented from various sources and in no way the most comprehensive list of tools that you can find. This page is mainly for my own personal reference and I hope some of you may find it useful. Please understand how to use the tools ethically when you have absolute permission to test a system. Please do not any any of the resources for any unethical use.

Metadata: Exif Tool https://www.sno.phy.queensu.ca/~phil/exiftool/

New Recon Tools:

  • SpiderFoot – https://github.com/smicallef/spiderfoot
  • Harvester – https://github.com/laramies/theHarvester
  • Discover – https://github.com/leebaird/discover
  • Recon-ng https://bitbucket.org/LaNMaSteR53/recon-ng

Source Code analyzers:

  • Flaw finder – https://sourceforge.net/projects/flawfinder/: Flawfinder is a program that examines C source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing some security problems before a program is widely released.
  • Rough Auditing Tool for Security – https://security.web.cern.ch/security/recommendations/en/codetools/rats.shtml – scans various languages, including C, C++, Perl, PHP and Python.
  • StackGuard – https://en.wikipedia.org/wiki/Buffer_overflow_protection: buffer overflow
  • Libsafe – buffer overflow protection.

Application Vulnerability Scanning Tools:

  • Whisker: Needs perl
  • N-Stelth: GUI Based – https://www.nstalker.com/products/editions/free/,  rates vulnerabilities as high, medium or low.
  • Nikito
  • ZAP

Exploitation Tools

  • metasploit
  • Exploitation Framework
  • CANVAS
  • Core Impact

System Vulnerability Scanner:

  • Nessus
  • Retina
  • OpenVAS
  • LAN Guard
  • SAINT

 

 Logging Tools:

  • Nlog-http://nlog-project.org/

SNMP Scanning Tools:

  • SNScan – http://securityalliance.mcafee.com/it/downloads/free-tools/snscan.aspx. SNScan is a Windows based SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network.
  • SNMP Util – http://search.cpan.org/~wmarq/SNMP-Util-1.8/Util.pm#DESCRIPTION

Immutable Infrastructure

  • read only containers
  • read only VMs

SpoofCard!

  • http://www.spoofcard.com

Proxies

  • Proxy Switcher (proxyswitcher.com) – Proxy Switcher – surf anonymously
  • Proxy Workbench (proxyworkbench.com) – Proxy Workbench is a proxy server unlike all others. It is unique because all of the data passing through it is displayed in real time, you can drill into particular TCP/IP connections, view their history, save the data to a file and view the socket connection diagram.
  • ProxyChains (http://proxychains.sourceforge.net/)
  • CyberGhost (cyberghostvpn.com)
  • Proxifier (www.proxifier.com)

Trace Route tools:

  • Visual Route / Neo Trace http://www.visualroute.com/
  • Trout
  • Magic NetTrace https://magic-nettrace.en.softonic.com/
  • Network Pinger http://www.brothersoft.com/download-network-pinger-482571.html – This tool has one of the coolest IP Calculator!
  • Geo Spider – GEO Spider helps you to trace, identify and monitor your network activity on world map. http://www.oreware.com/viewprogram.php?prog=22
  • Ping Plotter – PingPlotter helps solve network problems. https://www.pingplotter.com/

Useful Resources for Information Gathering

  1. EDGAR: https://www.sec.gov/edgar.shtml
  2. D&B Hoovers offers dynamic search and list-building capabilities, real-time trigger alerts, comprehensive company profiles, and valuable research and technology reports to help sellers get in the door first. http://www.hoovers.com/
  3. legal solutions, news & business insights. https://www.lexisnexis.com/en-us/gateway.page
  4. Business News: https://www.businesswire.com/portal/site/home/

LDAP Enumeration

  • Softerra (ldapadministrator.com)
  • JXplorer (jxplorer.com)
  • Lex (ldapexplorer.com)
  • LDAP Admin Tool (sourceforge.net)

NTP Enumeration Tools

  • NTP Server Scanner (bytefusion.com)
  • AtomSync (atomsync.com)

Data Breach Index:

  • https://breachlevelindex.com/

Company Plans and Financials:

  • SEC Info (www.secinfo.com)
  • Experian (www.experian.com)
  • Market Watch (www.marketwatch.com)
  • Wall Street Monitor (www.twst.com)
  • Euromonitor (www.euromonitor.com)
  • Site Stat: alexa.com
  • Stock performance: finance.google.com

Web Crawlers and Spiders:

  • Pavuk is a multifunctional open source web grabber – http://www.pavuk.org/
  • Black Widow
  • NCollector Studio: download content from the web to your computer. http://www.calluna-software.com/
  • GSA Email Spider: Collect and extract emails, phone and fax numbers from the websites around the world using the keywords you enter for! https://gsa-email-spider.soft112.com/
  • GNU WGet
  • Webripper 2

The Robin Sage Saga

  • https://en.wikipedia.org/wiki/Robin_Sage

The Curious Case of David Ritz

  • Punishment for WHOIS and DNS queries! https://www.theregister.co.uk/2008/01/17/anti_spam_activist_lawsuit/

Google Hacking Masterlist

  • https://it.toolbox.com/blogs/rmorril/google-hacking-master-list-111408

Exploitation Frameworks:

  1. Metaspolit
  2. Core Impact https://www.coresecurity.com/core-impact
  3. Canvas https://www.immunityinc.com/products/canvas/

SHEEP DIP Computer – isotalted from the network

  • www.sandboxie.com – can be used for malware analysis.
  • Process Explorer – https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Use in isolated lab to test virus/worms:

  • JPS Virus Maker
  • Internet worm maker thing
  • Ghost eye social media worm toolkit

Email Harvest:

  • theharvestor – pre-installed in Kali.

Zone Transfer:

  • Fierce – preinstalled in Kali

Foot printing:

– hackingforcharity Google hacking Database

Best Google Hack: ext:pdf jonny long google hack

People Search

  • whitepages.com/person
  • https://www.peoplesearchnow.com/
  • https://www.anywho.com/
  • www.spokeo.com
  • http://www.zabasearch.com/
  • https://www.intelius.com

Website Copier

  • http://www.httrack.com/
  • http://visualwebripper.com/Product – web ripper 2
  • WinWSD – Website Downloader (search on google)

Saving Websites

  • wget –recursive –depth=20

Email Tracking

  • https://www.yesware.com/
  • https://www.hubspot.com/
  • https://bananatag.com/ -gmail and outlook
  • http://www.getnotify.com/ – completely free
  • https://www.readnotify.com/
  • http://whoreadme.com/
  • http://www.msgtag.com/home/
  • http://www.didtheyreadit.com/

Network Discovery

  • Find IP and subnets
  • Find OS – NMAP
  • Find routing information

NMAP Commands

  • nmap -sP ipaddress/24 (Ping Scan/ Ping Sweep)
  • nmap -sT ip-addr [ this is TCP OPEN scan]
  • nmap -sT -p 1-3000 -P0 ip-addr [ -p is used to specify range of port, -P0 is used to not send ping packets to hosts]

PING using different utilities
=========================================
ping www.ankanbasu.com –f –l 1300
nmap –sP –v www.ananbasu.com
hping3 -1 www.ankanbasu.com

Firewall in between?
hping3 -c 1 -V -p 80 -s 5050 -A www.ankanbasu.com

Send an ACK Packet to a designated port
hping3 -A www.ankanbasu.com -p 80

Create a SYS Scan
hping3 -8 50-560 –s www.ankanbasu.com -v

nmap -sP -PE -PA21,23,80,3389 192.168.0.1-50

Create a packet with FIN, URG, and PSH flags set and send it to port 80 on the victim
hping3 –F –P -U 192.168.0.17 -p 80

Nmap Full Open Scan (Connect Scan)
nmap –sT <ip address or range>

Nmap Half open scan
nmap -sS ip

Nmap Xmas SCAN
nmap -sX ip

Packet fragment in nmap:
nmap –sS –T4 –A –f –v <target IP address>

Results of UDP scanning against closed and open portsPort statusResultOpenNo responseClosedICMP “Port Unreachable” message returned

Common Fingerprinting techniques
Common techniques are based on analyzing the following:
IP TTL values
IP ID values
TCP Window size
TCP options (generally, in TCP SYN and SYN+ACK packets)
DHCP requests
ICMP requests
HTTP packets (generally, the User-Agent field)
Running services
Open port patterns

Active Fingerprinting:
nmap -O <ip address>

One Linux-based tool for passive fingerprinting is p0f

Wireshark:
To detect ICMP ping sweep in Wireshark: icmp.type==8 or icmp.type==0
TCP ping sweep: tcp.dstport==7
UDP ping sweep: udp.dstport==7

To get SYN, SYN+ACK, RST & RST+ACK tcp.flags==0x002 or tcp.flags==0x012 or tcp.flags==0x004 or tcp.flags==0x014
To get ICMP type 3 Packet with Code 1,2,3,9,10, or 13 Packet
icmp.type==3 and (icmp.code==1 or icmp.code==2 or icmp.code==3 or icmp.code==9 or icmp.code==10 or icmp.code==13)

Xprobe: Linux utility to retrieve information about a system.
p0f: Another Linux utility that analyzes the realtime traffic passing back and forth from client to server.

Mask the server information:

  • IIS Lockdown, ServerMask,

Enumeration
Footprinting: IP address ranges, Namespaces, Employee information, Phone numbers, Facility information, Job information

  • Scanning: Pings, Ping sweeps, Port scans, Tracert

PsTools https://docs.microsoft.com/en-us/sysinternals/downloads/pstools

PsExec – execute processes remotely
PsFile – shows files opened remotely
PsGetSid – display the SID of a computer or a user
PsInfo – list information about a system
PsPing – measure network performance
PsKill – kill processes by name or process ID
PsList – list detailed information about processes
PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
PsLogList – dump event log records
PsPasswd – changes account passwords
PsService – view and control services
PsShutdown – shuts down and optionally reboots a computer
PsSuspend – suspends processes
PsUptime – shows you how long a system has been running since its last reboot

System Hacking

Man In The Middle (MITM) Tool examples

  • SSL Strip
  • Burp Suite
  • Browser Exploitation Framework (BeEF)

Regional Internet Registries (RIRs)

  • https://www.arin.net/
  • https://www.afrinic.net/
  • https://www.apnic.net/
  • https://www.ripe.net/
  • LACNIC

Network Scanners

  • nmap -sP 10.2.2.0/28 — sP = Scan Type Ping
  • Angry IP Scanner – Cross Platform tool! http://angryip.org/download/
  • Colasoft Ping Scanner – http://www.colasoft.com/ping_tool/
  • PingInfoView – Windows OS only. Supports most newer versions of Windows including windows 10. http://www.nirsoft.net/utils/multiple_ping_tool.html
  • SolarWinds Engineering Tool-set – Pro https://www.solarwinds.com/engineers-toolset
  • Packet Trap remote monitoring and management – http://www.networkperspective.com/PacketTrap-MSP.asp
  • Pinkie Network Troubleshooting Tool – http://www.ipuptime.net/category/download/
  • What’s Up Gold Network Scanner – https://www.ipswitch.com/forms/free-trials/whatsup-gold
  • Serversniff: for networking, server checks and routing with many many little toys and tools for administrators, webmasters, developers, power users and security-aware users for networking, server checks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware users – http://www.serversniff.net/
  • PathAnalyzer Pro – has a free and a pro version. https://www.pathanalyzer.com/download.opp path discovery, whois, firewall detection, geolocation, network testing
  • Curr Ports: https://www.nirsoft.net/utils/cports.html#DownloadLinks

Packet Crafting

  • HPing – now available from Github @ https://github.com/antirez/hping
  • Colasoft Packet Builder: http://www.colasoft.com/packet_builder/ [nables creating custom network packets; users can use this tool to check their network protection against attacks and intruders.]

Search Web

  • Search web by domain: https://searchdns.netcraft.com/ [Netcraft also publishes market research on web servers]
  • Shodan: Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. https://www.shodan.io/

Visual Traceroute

  • Open Visual Trace-route –  https://sourceforge.net/projects/openvisualtrace/ [Open source cross-platform (Windows/Linux/Mac) Java Visual Traceroute, packet sniffer and Whois. Data is displayed in a 3D or a 2D map component.]
  • Visual Route (not free) http://www.visualroute.com/
  • Or simply use traceroute in Linux or tracert in windows

Network Commands:

  • nmcli -p
  • dig any google.com
  • whois google.com

War Dialing:

  • Toneloc – https://github.com/steeve/ToneLoc
  • NIKSUN’s PhoneSweep – https://www.niksun.com/product.php?id=17; audit telephone system

Digital Forensics

  • Maltego (not free)- Maltego is proprietary software[1] used for open-source intelligence and forensics. https://www.paterva.com/web7/downloads.php
  • https://domainpunch.com/dnapro/ (not free)- Domain Name Analyzer Professional is an advanced Windows software for finding, managing, maintaining multiple domain names.
  • http://www.webextractor.com/ (not free) – Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.
  • Robtex – Robtex is used for various kinds of research of IP numbers, Domain names, etc – https://www.robtex.com/ – user this to gather a lot of domain related information without running command line tools.
  • DNS Digger – http://dnsdigger.com/
  • Sam Spade (Windows only) is a general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment. Sam Spade fetures include:
    ping – nslookup – whois – IP block – dig – traceroute finger – SMTP VRFY – web browser keep-alive – DNS zone transfer – SMTP relay check – Usenet cancel check – website download – website search – email header analysis – Email blacklist – query Abuse address – And More. http://www.majorgeeks.com/files/details/sam_spade.html
  • http://blueinfy.com/ – has many tools, free to download. I need to explore them more!
  • Dig Web Interface – a web based UI for dig utility – https://www.digwebinterface.com/

Useful Resources:

  1. AES Crypt is a file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files. https://www.aescrypt.com/
  2. Most useful Caesar Cipher Decoder. http://www.dcode.fr/caesar-cipher
  3. A1Z26 Cipher coder/decoder: A1Z26 is very simple direct substitution cypher, where each alphabet letter is replaced by its number in the alphabet. https://planetcalc.com/4884/
  4. Best ASCII Converter: https://www.branah.com/ascii-converter
  5. Best Hash and Password Cracking online: https://crackstation.net/
  6. Always remember to check AtBash and Base32 deciphers. Base32 is not available at Rumkin. Use this url for additional deciphers that are not available on Rumkin. http://emn178.github.io/online-tools/
  7. Best Decipher library online: http://rumkin.com/tools/cipher/
  8. Check File Type Online: http://checkfiletype.com/
  9. URL Param Encoder/Decoder: https://www.urlencoder.org/
  10. Magic Bytes: https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/
  11. Recon tool based on URL: http://toolbar.netcraft.com/ and https://www.shodan.io/ – useful to find out OS of a server.
  12. Online Recon IP Scan: http://www.serversniff.net/tools/httpscipher.php
  13. Blowfish https://webnet77.net/cgi-bin/helpers/blowfish.pl

Recon command: host www.sitename.com (linux)

Vulnerability Research:

Number Converters – Cryptography:

  • Hex to ASCII. Do not convert 0x!!  http://www.rapidtables.com/convert/number/hex-to-ascii.htm
  • Base64Decode – common crypto problem: https://www.base64decode.org/
  • Binary 2 ASCII converter http://www.binaryhexconverter.com/binary-to-ascii-text-converter
  • tips: Some crypto problem involves multiple encoding. A very common method is to encode with base64 then encode with binary. For example, the word “supersecret” becomes “c3N1cGVyc2VjcmV0” after applying base64 encoding. We can then encode it to binary using the wensite “https://codebeautify.org/string-binary-converter. So, the final encoded value becomes 01100011 00110011 01001110 00110001 01100011 01000111 01010110 01111001 01100011 00110010 01010110 01101010 01100011 01101101 01010110 00110000. To solve such problems, we must run decoder twice to get to the original value.
  • Atbash Decoder: When nothing works, try using this decoder.  As a matter of fact, we should always try this one.
  • Vigenere Decoder: If you have a secret code (key) and an encrypted message, try http://rumkin.com/tools/cipher/vigenere.php

Steganography:

Digital Invisible Toolkit: http://diit.sourceforge.net/examples.html

Pcap Analysis:

Foot-printing – Routing path analysis –

DNS Information:

  • dig ANY ankanbasu.com
  • nslookup
  • whois www.sitename.com -> provides a lot of information.

Discover Open ports

  • nmap
  • hping

Ping and Ping Sweep

  • Ping tool for one host
  • Ping sweep for many hosts: nmap -sP 10.5.5.1/28

IP Scanners

Network Emulators:

Many excellent free Security tools:

750 CISSP Questions for Review on Youtube:

Check you password Strength:

Ethical Hacking Tools

  • Recon tool: people search pipl
  • Domain info research – nslookup. There are many options that can be passed to this command line tool that is available in windows, linux and mac.
  • Path Analyzer pro – traceroute finally makes sense: https://www.pathanalyzer.com/download.opp

SSL Server Test: https://www.ssllabs.com/ssltest/   test the SSL certificate of any website of your choice.

AES Encryption Options: http://www.aeppro.com/download/latest.shtml  try out various encryption with this excellent windows utility. Windows 10 compatible.

Download Linux Distros: https://distrowatch.com/

Download Windows Software: https://technet.microsoft.com/en-us/

Google Hack: inurl *.microsoft.com -inurl:www -inurl:support*

 

Kali Linux

  • dmitry – deepmagic information gathering tool – good recon tool with some nice flags
  • goofile – another tool to search for specific file types
  • Maltego – most advanced recon tool! Just use the community edition!