Information Security (InfoSec) Software




Probably the number one of all the software out there Metasploit is one of the top exploit deployment and research tool. It helps you quickly deploy and expedite the exploiting process.

Armitage/Cobalt Strike are both tools to help leverage the Metasploit Framework to quickly and show examples of how to quickly and quietly leverage and suggest exploits to get access to network resources. All these resources require and are based off of the complexity of the metasploit framework. So if you know how to use metasploit very well you may find that these tools will just expedite your exploiting speed and help have a graphical place to work in. Though metasploit has its own Pro version that does close to the same thing.

Subterfuge Framework will help you leverage and run a Man In the Middle Attack with out needing to worry about configuring sslstrip, arp poisioning, harvesting credentials, blocking vpn tunnels, and much more. Subterfuge allows you to build plugins onto subterfuge just like Metasploit Framework does.

Maltego is there for helping you gather information on people and companies. This will help you gather information on what is out there in your corporation and you will find those that you can later try to exploit to get into the corporation. The program will help you make a threat picture of your company or another company.

Recon-ng is a recon tool to help you speed up finding information on the web. For instance there is a module to search the web on a email and compare it against the different dumps of password and email. some more basic uses of recon-ng can be found here.

 Nessus is a software that will help you do vulnerability scan your network computers. This will help you determine which security patches are missing, configuration, and compliance problems. There is a wide array of plugins that can help you find more exploits not patched in your network and avoid compliance problems and breaches later down the road.

Nexpose is just like Nessus and helps you know what your assets in your corporation have vulnerabilities. Nexpose proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks.

OpenVAS is a open source vulnerability scanner on the market. So if your looking for a free vulnerability scanner like that of nexpose or nessus then this would be your tool.

SET is a toolkit that will help you perform advanced attacks against the human element in an organization.

Both cryptohaze and oclhashcat are both great GPU based tools to help speed up the cracking process a lot. You can see what the difference is in our previous article on it.

Wireless auditing, Aircrack-ng, Pyrit, and reaver-wps are all great tools to help you get the edge on the wireless network. These allow you to do a wide variety of attacks on the wifi and the inherent trust of the different wifi systems. All these tools help you get into the network and from there you use other tools.


Wifite is an auditing suite for wep,wps, wpa and the likes. this tools is probably the easiest tool out there for auditing and automation. This tool is built into nethunter toolset.

sslstrip is a tool to help you when your doing a man in the middle attack on a client. After you have poisoned them and having their network connection going through you for internet. sslstrip helps strip all ssl for their connections and turns them into http requests allowing you to grab the information that they are sending be it passwords or other sensitive information.

sslscan is a tool that will go through a website and see what types of ssl/tls that the site accepts. this way you can see if there are weaknesses known to the web servers encryption.

Nmap you can't go into security with out hearing about nmap it is used in a lot of tools for port scanning and identifying OS of their computers. This is a very loud tool and can easily be identified on a network traffic and on host logs. so it is best to pipe the scans though a botnet so that they can not identify who is attacking them. Also it is useful to learn how to use the tool and not just do a full scan on everything. identify the OS then use the knowledge of your exploits to selectively scan the ports that they may have vulnerabilities in them.

Yersinia is a tool to attack the protocol layer to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

nikto2 is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers

Wapiti this framework is different than a lot of web vulnerability scanners as it does not look at the source code to find places to inject. it looks at the app it self and then tries to find places to inject. this just gives a different way of looking for places to inject.

Aircrack-ng is one of the top tools used for cracking wifi and doing attacks on wifi. This tool is used in many underlining script and programs that attack wifi. If you are going to attack a wifi you can't not know about aircrack-ng.

PwnSTAR is a tool developed by SilverFoxx/Vulpi. The tool speeds up the process of creating an evil maid attack and then doing a MiTM attack on the clients. some examples on how it can run on Kali linux can be found on the Kali Linux forum.

THC Hydra is a great tool if you need to run a dictionary attack on platforms from over 30 different protocals. THC Hydra is extremely fast at attacking telnet, smb, databases, ftp and much more.

wireshark is a go to default for me when it comes to packet sniffing of network and analysis of packets on a network. wireshark is a must have tool to learn if your wanting to know what is going across the wire and there are many plugins to it to help you do many other things. Though wireshark does have its own vulnerabilities so best only run it on networks that you trust or on machines you don't care about.

sqlmap tool will help you when trying to find exploits in web applications and getting access to the back end database. Though this does not mean that if will find the exploit for you all the time so best to learn how to do the sql injection your first and use this tool to help speed up the exploit development for the web site.

sqlninja another tool for website injections and penetration testing. This also is not the solve all solution to finding exploits on web applications but this greatly increases speed of penetration testing and also gaining access to the database server. So once you have discovered a sql injection in your web application you can use the sqlninja tool to help you exploit it and gain access.

BBQSQL this ds another automated sql testing tool. Haven't used it yet to here is explanation from kali group"It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast."

Veil-Framework is a anti virus bypassing framework. This allows you to install and run a virus on a computer with out being detected by the anti virus vendors. This gives you different methods of injection into ram so that you can get a reverse shell and then disable AV and others.

powersploit using powersploit to speedup your pentest. this is a great way to bypass some ways if the domain administrators lock down other areas of the OS but leave powershell open to be used.

PowerView another powershell tool to help survey the network and help you gain lateral movement.

Burp Suite or Zed Attack Proxy both allow you to audit packets before they are sent and modify them on the fly.

WebScarab is another proxy web application testing tool this is a little more useful if your a programmer and want to test more items directly with the application.

w3af is the www attack framework. so another great tool in the bunch for web test.

ws attacker framework is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.

Smartphone Pentest Framework is a framework to make it easier to launch attacks against smartphones. Think it as SET for smartphones.

Overpass the Hash/Mimikatz is a method for getting the hash dump on a domain controller and then creating a Golden Ticket so that you can privileged escalate to a different user

Incagnito if your needing to get the tokens for the accounts on the computer.

BeEF: is a penetration testing tool that focuses on the web browser. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

Dradis: is a tool to help effectively manage information that you gather. parses a lot of the output for lots of different security tools so that you get the information you need quickly and managing multiple pen tests at one time.

MagicTree MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation.

Comments

Post a Comment

Popular posts from this blog

How to become a hacker

Image
Nowadays, every other college or school student wants to be a hacker. Due to media hype, the term hacker is considered both cool and criminal at the same time. Now, since my blog is basically about my journey into hacking, I receive many emails on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. In this article I will attempt to answer these and more. I will give detailed technical instructions on how to get started as a beginner and how to evolve as you gain more knowledge and expertise in the domain. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. "Being a ...
Read more

Becoming an I.T. Professional

Image
As an I.T. professional with over 8 years of experience in the field, I sometimes get asked the question, “How’d  YOU  get started in I.T?”  I figured that the answers that I give could become a good article on breaking into the field, so I thought I would suggest 8 things that I did in order to increase my knowledge and my skill set to become a Systems Engineer in the Information Technology field.  I tried to make them general enough so that it encompasses more than just network and systems engineering.  Enjoy!!! 1. Hang with the geeks. By this, I mean seek out others who are also interested and passionate about I.T.  Don’t be afraid to engage with others just because they may seem “geeky.”  The term “geek” is overstated nowadays anyhow. We are not the pocket protector wearing, high water pants, never interacting with members of the opposite sex people that we are portrayed as being in movies.  There are “geeks” everywhere. Y...
Read more

Android Codes

Image
If we talk about an Android operating system, the reason why i choose Android over other mobile OS is that this platform has different kind of features for every particular purpose. i have managed to collect some of the useful codes for Android users which will help those who’re worried about being tracked. Code 1: *#21# This code will let you find out whether your messages, calls, and other data are being diverted. You can find details about call forwarding. You can even find out where your data, voice, fax, SMS, sync, async, Packet access, and pad access call forwarding enabled or disabled. Code 2: *#62# If your friend tells you, that your number is saying no-service or no-answer, then you need to dial this code on your smartphone to find out where your calls, messages, and data are being redirected. There are possibilities that your calls are being redirected to one of your cell phone operator’s numbers. Code 3: ##002# This is a universal code to deactivate all call forwa...
Read more