Scribd
Upload
210 views13 pages

70+ Comprehensive Cybersecurity Tools

This

Uploaded by

ektepana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
210 views13 pages

70+ Comprehensive Cybersecurity Tools

This

Uploaded by

ektepana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Information Gathering Social Engineering Password Cracking Web Application Cloud Security

1. Nmap 1. GoPhish 1. Hashcat Assessment 1. AWS GuardDuty


2. Shodan 2. HiddenEye 2. John the Ripper 1. OWASP ZAP 2. Azure Security
3. Maltego 3. SocialFish 3. Hydra 2. Burp Suite Center
4. TheHarvester 4. EvilURL 4. Medusa 3. Nikto 3. Google Cloud
5. Recon-NG 5. Evilginx 5. Cain & Abel 4. WPScan Security Command
6. Amass 6. SET 6. Ophcrack 5. Acunetix Center
7. Censys (Social-Engineering Vulnerability Scanning 6. Arachni 4. Prisma Cloud
8. OSINT Framework Toolkit) 1. Nessus Network Defense 5. Lacework
9. Gobuster Exploitation 2. OpenVAS 1. Snort Threat Intelligence
10. Spiderfoot 1. Metasploit 3. Nexpose 2. Suricata 1. ThreatConnect
Framework 4. Qualys 3. pfSense 2. Recorded Future
Wireless Hacking 2. Burp Suite 5. Acunetix 4. Security Onion 3. AlienVault OTX
1. Aircrack-NG 3. SQL Map 6. Lynis 5. AlienVault OSSIM 4. IBM X-Force
2. Wifite 4. ExploitDB Forensics Endpoint Security Exchange
3. Kismet 5. Core Impact 1. Wireshark 1. CrowdStrike Falcon 5. MISP (Malware
4. TCPDump 6. Cobalt Strike 2. Autopsy 2. SentinelOne Information Sharing
5. Reaver 7. Empire 3. Volatility 3. Carbon Black Platform)
6. Wireshark 4. SleuthKit 4. Symantec Endpoint
5. Binwalk Protection
6. Foremost 5. Microsoft Defender
7. EnCase for Endpoint

in/harunseker/ 1
No Tool Explanation Example Usage URLs

Information Gathering
Network scanning and discovery tool
nmap -sV 192.168.1.0/24 to scan a network Nmap:
1 Nmap used to find open ports, services, and OS
for open ports and service versions https://nmap.org/
information

Search engine for Internet-connected


devices, allowing users to find specific Searching for "webcamxp country:US" to find Shodan:
2 Shodan
types of devices, vulnerabilities, or exposed webcams in the United States https://www.shodan.io/
services

Data mining and visual link analysis tool Creating a graph of an organization's online
Maltego:
3 Maltego for investigating relationships between presence, including domains, email
https://www.maltego.com/
pieces of information addresses, and social media accounts

Tool for gathering email addresses, theHarvester -d example.com -b all to gather


TheHarvester:
4 TheHarvester subdomains, hosts, and employee information about a domain using all
https://github.com/laramies/theHarvester
names from various public sources available data sources

Full-featured reconnaissance framework


Using the whois_pocs module to gather Recon-NG:
5 Recon-NG designed for web-based open source
contact information for a target domain https://github.com/lanmaster53/recon-ng
reconnaissance

Tool for in-depth DNS enumeration and amass enum -d example.com to enumerate Amass:
6 Amass
network mapping subdomains of a target domain https://github.com/OWASP/Amass

in/harunseker/ 2
Search engine that allows users to find
Searching for "80.http.get.headers.server: Censys:
7 Censys specific types of devices connected to
Apache" to find Apache web servers https://search.censys.io/
the internet

Collection of various OSINT tools and Using the framework to find social media OSINT Framework:
8 OSINT Framework
resources categorized by function profiles associated with an email address https://osintframework.com/

gobuster dir -u http://example.com -w


Tool used to brute-force URIs, DNS Gobuster:
9 Gobuster wordlist.txt to find hidden directories on a
subdomains, and virtual host names https://github.com/OJ/gobuster
website

Automated OSINT framework that Running a scan on a domain to automatically Spiderfoot:


10 Spiderfoot integrates with multiple data sources for gather associated IP addresses, email https://intel471.com/attack-surface-docum
gathering intelligence addresses, and social media profiles entation

Wireless Hacking
Suite of tools for auditing wireless aircrack-ng -w wordlist.txt
Aircrack-NG:
1 Aircrack-NG networks, capable of cracking WEP and capture.cap to crack a WPA handshake
https://www.aircrack-ng.org/
WPA/WPA2-PSK keys captured in capture.cap file

wifite --dict wordlist.txt to


Automated wireless attack tool that can Wifite:
2 Wifite automatically attack nearby networks using a
crack multiple networks simultaneously https://github.com/derv82/wifite2
wordlist

Wireless network detector, sniffer, and Running Kismet to passively detect hidden Kismet:
3 Kismet
intrusion detection system wireless networks and capture packets https://www.kismetwireless.net/

in/harunseker/ 3
tcpdump -i wlan0 -w
TCPDump:
4 TCPDump Command-line packet analyzer capture.pcap to capture wireless traffic
https://www.tcpdump.org/
on wlan0 interface

reaver -i wlan0 -b
Tool specifically designed to attack WPS
00:11:22:33:44:55 -vv to attempt Reaver:
5 Reaver (Wi-Fi Protected Setup) enabled wireless
a WPS PIN brute-force attack on a specific https://github.com/t6x/reaver-wps-fork-t6x
routers
access point

Using Wireshark to capture and analyze Wi-Fi


Network protocol analyzer with Wireshark:
6 Wireshark traffic, including decrypting WPA2 traffic with
capabilities for wireless packet analysis https://www.wireshark.org/
the correct key

Social Engineering
Setting up a simulated phishing campaign to
Open-source phishing toolkit for creating
1 GoPhish test employee awareness by sending fake GoPhish: https://getgophish.com/
and managing phishing campaigns
login pages

HiddenEye:
Advanced phishing tool with multiple Creating a fake login page for a popular social
2 HiddenEye https://github.com/DarkSecDevelopers/Hid
attack vectors media platform to capture credentials
denEye

Generating a clone of a social networking site


Educational tool for social media SocialFish:
3 SocialFish to demonstrate how easily users can be
phishing https://github.com/UndeadSec/SocialFish
tricked

Tool for generating unicode domains for Creating a domain like "аррӏе.com" that EvilURL:
4 EvilURL
phishing attacks looks like "apple.com" to fool users https://github.com/UndeadSec/EvilURL

in/harunseker/ 4
Man-in-the-middle attack framework for Setting up a proxy to intercept login attempts
Evilginx:
5 Evilginx phishing login credentials and session to a target website, bypassing two-factor
https://github.com/kgretzky/evilginx2
cookies authentication

SET Using the "Spear-Phishing Attack Vector" to SET:


Framework for creating and executing
6 (Social-Engineering send targeted emails with malicious https://github.com/trustedsec/social-engin
social engineering attacks
Toolkit) attachments to specific individuals eer-toolkit

Exploitation
Using the
Metasploit Open-source penetration testing and exploit/windows/smb/ms17_010_e Metasploit Framework:
1
Framework exploitation framework ternalblue module to exploit the https://www.metasploit.com/
EternalBlue vulnerability

Web application security testing Intercepting and modifying HTTP requests to Burp Suite:
2 Burp Suite
platform test for SQL injection vulnerabilities https://portswigger.net/burp

sqlmap -u
Automated SQL injection and database "http://example.com/page.php?i SQL Map:
3 SQL Map
takeover tool d=1" --dbs to enumerate databases on a https://sqlmap.org/
vulnerable website

Searching for "Apache Struts" to find


Archive of public exploits and ExploitDB:
4 ExploitDB known exploits for the Apache Struts
corresponding vulnerable software https://www.exploit-db.com/
framework

Core Impact:
Commercial penetration testing Conducting a network scan and automatically
5 Core Impact https://www.coresecurity.com/products/co
software exploiting discovered vulnerabilities
re-impact

in/harunseker/ 5
Adversary simulation and red team Using its beacon payload for post-exploitation Cobalt Strike:
6 Cobalt Strike
operations software activities and lateral movement https://www.cobaltstrike.com/

Executing a PowerShell script on a


PowerShell and Python post-exploitation Empire:
7 Empire compromised Windows machine for privilege
framework https://github.com/BC-SECURITY/Empire
escalation

Password Cracking
hashcat -m 0 -a 0 hash.txt
Advanced password recovery tool that Hashcat:
1 Hashcat wordlist.txt to crack MD5 hashes using
supports hundreds of hashing algorithms https://hashcat.net/
a wordlist

Versatile password cracker that john --format=raw-md5 hash.txt John The Ripper:
2 John the Ripper
combines multiple cracking modes to crack MD5 hashes using default settings https://www.openwall.com/john/

hydra -l user -P pass.txt Hydra:


Online password cracking tool for
3 Hydra ftp://192.168.1.1 to brute force FTP https://github.com/vanhauser-thc/thc-hydr
various network protocols and services
login a

medusa -h 192.168.1.1 -u admin Medusa:


Parallel network login brute-forcer
4 Medusa -P passwords.txt -M http to attack http://foofus.net/goons/jmk/medusa/med
supporting multiple protocols
HTTP basic auth usa.html

Windows-based password recovery tool Using the GUI to capture and crack network Cain & Abel:
5 Cain & Abel
with multiple functions passwords or dump hashes http://www.oxid.it/cain.html

Cross-platform tool specializing in


Loading a Windows SAM file and cracking Ophcrack:
6 Ophcrack Windows password cracking using
passwords using pre-computed tables https://ophcrack.sourceforge.io/
rainbow tables

in/harunseker/ 6
Vulnerability Scanning
Commercial vulnerability scanner with a
large plugin database. Detects Scanning a network for known vulnerabilities: Nessus:
1 Nessus
vulnerabilities, misconfigurations, and nessus scan -t 192.168.1.0/24 https://www.tenable.com/products/nessus
compliance issues.

Running a full scan on a web server:


omp -u admin -w password
Open-source vulnerability scanner and
--create-target="Web Server"
manager. Performs
2 OpenVAS --hosts=192.168.1.100 OpenVAS: https://www.openvas.org/
authenticated/unauthenticated testing
--create-task="Web Server
and supports various protocols.
Scan" --config="Full and fast"
--start-task

Commercial vulnerability management Creating a site and running a scan:


Nexpose:
software. Provides risk-based nexpose_cli.rb -r CreateSite
3 Nexpose https://www.rapid7.com/products/nexpose
prioritization and integration with -n "TestSite" -H 192.168.1.100
/
Metasploit. -S

Cloud-based vulnerability management


Scheduling a weekly scan of critical assets
4 Qualys platform. Offers continuous monitoring Qualys: https://www.qualys.com/
through the Qualys web interface
and asset discovery.

Specialized web application security


Scanning a web application:
scanner. Detects over 7000 web
5 Acunetix acunetix_console --scan Acunetix: https://www.acunetix.com/
vulnerabilities including XSS and SQL
http://example.com
injection.

in/harunseker/ 7
Open-source security auditing tool for
Unix/Linux systems. Performs system Running a system audit:
6 Lynis Lynis: https://cisofy.com/lynis/
hardening, compliance testing, and lynis audit system
vulnerability scanning.

Forensics
Capturing HTTP traffic to analyze a potential
Network protocol analyzer for capturing Wireshark:
1 Wireshark data exfiltration attempt: wireshark -i eth0 -f
and analyzing network traffic https://www.wireshark.org/
"port 80"

Digital forensics platform for disk image Analyzing a disk image to recover deleted Autopsy:
2 Autopsy
analysis files: autopsy disk_image.dd https://www.autopsy.com/

Extracting running processes from a memory


Memory forensics framework for dump: Volatility:
3 Volatility
analyzing RAM dumps volatility -f memory.dmp --profile=Win10x64 https://www.volatilityfoundation.org/
pslist

Collection of command-line tools for Extracting file system information: SleuthKit:


4 SleuthKit
investigating disk images fls -r disk_image.dd https://www.sleuthkit.org/

Tool for analyzing and extracting Identifying embedded files in firmware: Binwalk:
5 Binwalk
firmware images binwalk router_firmware.bin https://github.com/ReFirmLabs/binwalk

Recovering JPEGs from a disk image:


Data carving tool for recovering files Foremost:
6 Foremost foremost -t jpeg -i
based on headers and footers http://foremost.sourceforge.net/
disk_image.dd

in/harunseker/ 8
Creating a forensic image of a hard drive: EnCase:
Commercial forensic software suite for
7 EnCase encase -e /dev/sda https://www.guidancesoftware.com/encas
evidence acquisition and analysis
evidence.E01 e-forensic

Web Application Assessment


Running an automated scan: zap-cli
Open-source web application security quick-scan --self-contained
OWASP ZAP:
1 OWASP ZAP scanner. Performs automated scanning --start-options "-config
https://www.zaproxy.org/
and allows manual testing. api.disablekey=true"
https://example.com

Integrated platform for web application Using Burp Proxy to intercept and modify
security testing. Includes tools for HTTP requests: Configure browser to use Burp Suite:
2 Burp Suite
mapping, analyzing, and exploiting web Burp as proxy, then intercept and modify https://portswigger.net/burp
applications. requests in Burp

Open-source web server scanner that


Scanning a web server: Nikto:
3 Nikto performs comprehensive tests against
nikto -h http://example.com https://cirt.net/Nikto2
web servers for multiple items.

Scanning a WordPress site: wpscan --url


Black box WordPress vulnerability WPScan:
4 WPScan http://example.com --enumerate
scanner. https://wpscan.org/
vp,u,tt,t

Automated web application security


Scheduling a weekly scan of critical assets Acunetix:
5 Acunetix testing tool. Detects over 7000 web
through the Acunetix web interface https://www.acunetix.com/
vulnerabilities.

in/harunseker/ 9
Web application security scanner Running a scan: Arachni:
6 Arachni
framework. arachni http://example.com https://www.arachni-scanner.com/

Network Defense
Configuring Snort rules to detect and alert on
Open-source intrusion detection and suspicious network traffic: alert tcp any any
prevention system (IDS/IPS) that -> $HOME_NET 22 (msg:"SSH brute force Snort:
1 Snort
performs real-time traffic analysis and attempt"; flow:to_server; threshold:type https://www.snort.org/
packet logging both, track by_src, count 5, seconds 60;
sid:1000001;)

Setting up Suricata to monitor network traffic


High-performance network IDS, IPS, and Suricata:
2 Suricata and generate alerts: suricata -c
network security monitoring engine https://suricata-ids.org/
/etc/suricata/suricata.yaml -i eth0

Configuring a pfSense firewall rule to allow


Open-source firewall and router pfSense:
3 pfSense inbound HTTPS traffic: pass in on wan proto
platform based on FreeBSD https://www.pfsense.org/
tcp from any to (wan) port 443

Linux distribution for intrusion Deploying Security Onion to collect and


Security Onion:
4 Security Onion detection, network security monitoring, analyze network traffic: sudo so-setup to
https://securityonion.net/
and log management initiate the setup wizard

Using OSSIM to correlate security events


AlienVault OSSIM:
Open-source security information and from multiple sources: Configure log sources
5 AlienVault OSSIM https://cybersecurity.att.com/products/ossi
event management (SIEM) system in the web interface and create correlation
m
rules to detect complex attack patterns

Endpoint Security

in/harunseker/ 10
Cloud-native endpoint protection
Detecting and preventing a zero-day malware CrowdStrike Falcon:
1 CrowdStrike Falcon platform using AI and behavioral
attack in real-time on an employee's laptop https://www.crowdstrike.com/
analytics

Automatically isolating an infected


AI-powered endpoint security platform SentinelOne:
2 SentinelOne workstation and rolling back malicious
with autonomous response capabilities https://www.sentinelone.com/
changes

Endpoint detection and response (EDR) Investigating the root cause of a security Carbon Black:
3 Carbon Black
solution with threat hunting capabilities incident across multiple endpoints https://www.carbonblack.com/

Symantec Endpoint Protection:


Symantec Endpoint Traditional antivirus combined with Blocking a ransomware attack attempt on a
4 https://www.broadcom.com/products/cyb
Protection advanced threat protection corporate server
er-security/endpoint

Microsoft Defender for Endpoint:


Microsoft Defender Built-in endpoint security for Windows Identifying and remediating a vulnerability
5 https://www.microsoft.com/en-us/microso
for Endpoint with cloud-powered protection across all Windows devices in an organization
ft-365/security/endpoint-defender

Cloud Security
Intelligent threat detection service that Detecting a potential data exfiltration
AWS GuardDuty:
1 AWS GuardDuty continuously monitors AWS accounts attempt by identifying unusual API calls from
https://aws.amazon.com/guardduty/
and workloads a compromised EC2 instance

Using Security Center to assess the security


Unified infrastructure security Azure Security Center:
Azure Security state of all Azure resources and receive
2 management system that strengthens https://azure.microsoft.com/en-us/services
Center actionable recommendations to remediate
the security posture of data centers /security-center/
vulnerabilities

in/harunseker/ 11
Google Cloud Centralized security and risk Utilizing the Security Health Analytics feature Google Cloud Security Command Center:
3 Security Command management platform for Google Cloud to detect misconfigurations in Google Cloud https://cloud.google.com/security-comman
Center resources Platform (GCP) services d-center

Implementing Prisma Cloud to enforce


Cloud-native security platform providing Prisma Cloud:
compliance policies across multi-cloud
4 Prisma Cloud visibility and threat protection across https://www.paloaltonetworks.com/prisma
environments and detect anomalous user
public clouds /cloud
activities

Automated cloud security platform that Using Lacework's behavioral anomaly


5 Lacework provides threat detection, compliance, detection to identify and alert on unusual Lacework: https://www.lacework.com/
and vulnerability management container activities in a Kubernetes cluster

Threat Intelligence
A threat intelligence platform that Using ThreatConnect to correlate indicators
ThreatConnect:
1 ThreatConnect aggregates, analyzes, and acts on threat of compromise (IoCs) across different threat
https://threatconnect.com/
data from multiple sources feeds and internal data sources

Leveraging Recorded Future's browser


A security intelligence platform that
extension to get instant risk scores for IP Recorded Future:
2 Recorded Future provides real-time threat intelligence
addresses, domains, and vulnerabilities while https://www.recordedfuture.com/
from a wide range of sources
browsing

Subscribing to OTX pulses to receive real-time


Open Threat Exchange (OTX) is an open
updates on emerging threats and AlienVault OTX:
3 AlienVault OTX threat intelligence community that
incorporating this data into your security https://otx.alienvault.com/
allows sharing of threat data
tools

in/harunseker/ 12
Using X-Force Exchange to research a
A cloud-based threat intelligence sharing
IBM X-Force suspicious IP address and view its associated IBM X-Force Exchange:
4 platform that provides detailed
Exchange malware, vulnerabilities, and threat actor https://exchange.xforce.ibmcloud.com/
information about threats
information

Setting up a MISP instance to share threat


MISP (Malware An open-source threat intelligence
intelligence within your organization or with MISP:
5 Information platform for sharing, storing, and
trusted partners, and automating the import https://www.misp-project.org/
Sharing Platform) correlating IoCs
of this data into your security tools.

in/harunseker/ 13

You might also like