Tools for Information Gathering, Web Application Testing, Infrastructure Testing, Exploit Helpers and Utils

Information Gathering

Google Hacking : Allows you to find juicy information indexed by Google about a target website (ex. directory listing, sensitive files, error messages, login pages, etc).

Find Subdomains : Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.

Find Virtual Hosts : Attempts to discover virtual hosts that are configured on a given IP address. This is helpful to find multiple websites hosted on the same server.

Website Recon : This tool allows you to discover the technologies used by a target web application - server-side and client-side. It can also scan multiple virtual hosts on the same IP.

Metadata Extractor : Extracts metadata from public documents such as: pdf, doc, xls, ppt, docx, pptx, xlsx. The metadata may contain: author name, username, company name, software version, document path, creation date, etc.

Subdomain Takeover : Allows you to discover subdomains of a target organization which point to external services (ex. Amazon S3, Heroku, Github, etc) and are not claimed - leaving them vulnerable to hostile takeover.

Web Application Testing

URL Fuzzer : Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.

Web Server Scan : Finds common vulnerabilities which affect web applications: SQL injection, XSS, OS Comand Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

WordPress Scan : This tool helps you to discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

SharePoint Scan : Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

Drupal Scan : Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

Joomla Scan : Perform a Joomla security assessment by finding vulnerabilities in Joomla core, components, modules and templates.

Infrastructure Testing

Ping Sweep : Enables you to see which IPs are 'live' within a given network range. Behind a 'live' IP there is a running server or workstation.

TCP Port Scan : Allows you to discover which TCP ports are open on your target host and also to detect service information, operating system version and to do traceroute.

UDP Port Scan : Allows you to discover which UDP ports are open on your target host, identify the service versions and detect the operating system.

Network Scan OpenVAS : This is a comprehensive scanner which allows you to detect a wide range of vulnerabilities mosty related to network services and operating systems but also includes web server configuration tests.

DNS Zone Transfer : Check if the name servers of the target domain are vulnerable to DNS Zone Transfer and attempt to retrieve the full DNS Zone file.

SSL Heartbleed Scan : This tool attempts to identify servers vulnerable to the OpenSSL Heartbleed vulnerability (CVE-2014-0160). When such a server is discovered, the tool also provides a memory dump from the affected server.

SSL POODLE Scan : The SSLv3 POODLE vulnerability scanner attempts to find SSL servers vulnerable to CVE-2014-3566, also known as POODLE (Padding Oracle On Downgraded Legacy) vulnerability.

SSL DROWN Scan : The DROWN vulnerability scanner tests a range of IP addresses (or just a single host) for the DROWN vulnerability in OpenSSL.

ROBOT Attack Scan : Allows you to discover vulnerable TLS servers (Web, Email, FTP) which are affected by the ROBOT vulnerability.

Exploit Helpers

HTTP Request Logger : This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.

Utils

ICMP Ping : Check if a server is live and responds to ICMP Echo requests. This tool can also be used to find the IP address of a hostname.

Whois Lookup : This tool allows you to perform Whois lookups online and extract information about domain names and IP addresses.

That's It !!! 

if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA

Keep Visiting... Enjoy !!! :)

Portable Hardware Devices for Penetration Testing

All of us at some point or the other think of a possibility of “remoting” a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and much more. This is an attempt to do just that – compile a list of portable hardware devices for penetration testing, which you can plug into the “targeted” network and run your tests from else where. Some of them are commercial and the rest are open source.

List of Portable Hardware Devices for Penetration Testing :

1). Raspberry Pi / BeagleBone Black / Hardkernel ODROID : I am a bit biased towards the Raspberry Pi model 3 as it has the hardware required to be a good tool. You do not need a WiFi dongle, or even a bluetooth chip. Just plug it in, install a good OS like the Kali Linux and you are done! These come pretty cheap and are pretty low profile. They run an awesome Quad Core 1.2GHz Broadcom BCM2837 64bit CPU with 1GB RAM and the BCM43438 wireless LAN and Bluetooth Low Energy (BLE) on board. You can even use them for other purposes. Order them online at Amazon or the official store here. If you want to be extra stealthy, get their RASPBERRY PI ZERO W which offers a single-board computer with wireless and Bluetooth connectivity. An awesome article by the guys at BlackHills Information Security detailing their drop box can be found Here.

2). VIA ARTiGO A900 : I do not know how many of you have heard about this, but they are pretty cool too. These devices run a decent 1.0GHz VIA Elite E1000 Cortex-A9 dual-core SoC along with 2GB DDR3 of onboard SDRAM. It has a Realtek RTL8111G PCIe Gigabit Ethernet controller, and no wireless access. (Get It Here)

3). MiniPwner : The MiniPwner is a penetration testing “drop box”. It is designed as a small, simple but powerful device that can be inconspicuously plugged into a network and provide the penetration tester remote access to that network. It runs a portable TP-Link MR3040 running OpenWRT with a 2000 mAh built-in battery. Multiple penetration testing tools such as aircrack-ng, elinks, ettercap-ng, karma, kismet, nbtscan, netcat, nmap, openvpn, perl 5, samba client, snort, tar, tcpdump, tmux, yafc, and wget all come pre-installed. Two versions are available : MiniPwner Community Edition and a pre-built setup. (Get It Here)

4). DreamPlug / SmilePlug / GuruPlug / SheevaPlug : These come from GlobalScale Technologies and are plug computing devices that run network-based software services. These make a worthy addition to the list of portable hardware devices for penetration testing. (Get Them Here)

5). #r00tabaga : The Ace r00tabaga is similar to the MiniPwner, but has some more features. It can be used as a penetration testing drop box or even as a Hot-Spot honeypot, inconspicuously intercepting WiFi probe requests from every target device. #r00tabaga also runs the running OpenWRT platform with a 2000 mAh built-in battery. This is un-available for order as of now, but sure is a good addition to the list of portable hardware devices for penetration testing. (Get It Here)

6). PWN PLUG R3 / PWN PLUG R4 : If you are lazy and want a fully customized solution for your needs, and you have the money, get these from the guys are Pwnie Express. These are the standard penetration testing devices in a portable form factor with onboard high-gain 802.11a/b/g/n/ac wireless antenna and Bluetooth. These also run Kali Linux and run over 100 OSS-based penetration testing tools including Metasploit, SET, Kismet, Aircrack-NG, SSLstrip, Nmap, Hydra, W3af, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools! (Get It Here) 

7). LG Nexus 5 : this monster android device officially support some best pentesting rom such as pwn phone & kali nethunter... you can flash these roms in your nexus 5 and convert your android device into a hacking machine..

That’s all from me for now. This list is arranged with no preference to any make or model. I will keep on updating this list of portable hardware devices for penetration testing as I find more devices. If you know of any, let me know.

and if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA

Keep Visiting... Enjoy !!! :)