Back Track 4 – Tools Overview

Information Gathering:

Dradis Client - open source framework for sharing information during security assessments Dradis Server - open source framework for sharing information during security assessments Paterva Maltego CE - open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information

Archive Metagoofill - Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. SEAT - next generation information digging application geared toward the needs of security professionals

DNS DNS-Walk - is a DNS debugger. It performs zone transfers of specifieddomains DNS Tracer - dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data. DNS Enum - The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:

1) Get the host’s addresse (A record). 2) Get the namservers (threaded). 3) Get the MX record (threaded). 4) Perform axfr queries on nameservers (threaded). 5) Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”). 6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded). 7) Calculate class domain network ranges and perform whois queries on them (threaded). 8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded). 9) Write to domain_ips.txt file ip-blocks. DNSMap - Dnsmap is a small C based tool that perform brute-forcing of domains. The tool can use an internal wordlist, or work with an external dictionary file. DNSMap-Bulk – (Self Explain) DNSRecon - simple tool written for target enumeration during authorized penetration test engagements. This tool provides different methods for enumerating targets via DNS service. Fierce - production ready DNS enumeration tool. LBD - (load balancing detector) detects if a given domain uses DNS and/or HTTP Load-Balancing Route 0Trace - allows you to perform a traceroute from within an established TCP connection such as HTTP Dmitry - Deepmagic Information Gathering Tool is an all in one host information tool Ltrace - debugging program which runs a specified command until it exits. While the command is executing, ltrace intercepts and records the dynamic library calls which are called by the executed process and the signals received by that process. Lanmap - Lanmap sits quietly on a network and builds a picture of what it sees and outputs it in svg,png or gif format Netenum - Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping- sweep tools, but it’s simple. Netmask - simple tool which does one thing and that is, makes a ICMP netmask request. By determining the netmasks of various computers on a network, you can better map your subnet structure and infer trust relationships. Protos - a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages. TCPTraceRoute - By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters. TCTrace - a brother to itrace and traceroute but it uses TCP SYN packets to trace. This makes it possible for you to trace through firewalls if you know one TCP service that is allowed to pass from the outside

Search Engine Googmail - a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Goohost - ? Goorecon - technique to figure out sub-domains is to query google and check if it has found any sub-domains during it’s web mining exercise on the target. Gooscan – (Same as Googmail )(Java Version) Metagoofill - Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites. SEAT - next generation information digging application geared toward the needs of security professionals TheHarvester - open source intelligence tool (OSINT) for getting emails and user names from public sources such as Google or Linkedin WhatWeb - ?

Network Mapping: Identify Live Hosts 0Trace 5nmp Angry IP Scan Arping Autoscan Fping Genlist Hping2 Hping3 Lanmap Lanmap2 nbtscan Netifera nmap Nsat OneSixtyOne OutputPBNJ SSTPScan SSLScan ScanPBNJ TCPTraceRoute UnicornScan Zenmap

OS-Fingerprinting 5nmp Autoscan lanmap2 nmap nsat OneSixtyOne P0f Protos SSLScan UnicornScan Xprobe2 Zenmap

Port Scanning AngryIPScan AutoScan Genlist Netifera Nmap Nsat OuputPBNJ Propecia SCTPScan ScanPBNJ UnicornScan Zenmap

Service Fingerprinting Amap Dmitry Httprint Httprint_GUI Httsquash LetDown ReverseRaider

VPN Ike-scan PSK-Crack

Vulnerability Identification: OPENVAS OpenVas AddUser OpenVas CLI OpenVas Client OpenVas Make Cert OpenVas NVT Sync Start OpenVas Administrator Start OpenVas Manager Start OpenVas Scanner Stop OpenVas Administrator Stop OpenVas Manager Stop OpenVas Scanner

CISCO Cisco Auditing Tool Cisco Global Exploiter Cisco OCS Mass Scanner Cisco PassWD Scanner Copy Router Config Merge Router Config

Fuzzers Bed Bf2 Bunny Dkftpbench Fuzzgrind Fuzzgrind GUI Jbrofuzz Peach Spike Voiper Wsfuzzer Zzuf

SMB Analysis Impacket sumbrdump Impacket smbclient SMBClient SMB4K

SNMP Analysis ADMSnmp Braa SNMP Walk SNMPCheck snmp Enum

Web Application Analysis: Database (Back end) MsSQL DBPwAudit MSSQLScan Metacoretex Pblind SA Exploiter SQL Ninja SQLMap SQLBrute SQLix

MySQL DBPwAudit Metacoretex MySQLAudit Pblind SQLCheck SQLData SQLMap SQLix Sqlsus UDF Oracle DBPwAudit Metacoretex Opquery Opwg OSScanner OSE Otnsctl Pblind SQLMap SQLBrute SQLix THC-OracleCrackert

Web (Front End) ASP-Audit Burpsuite Burpsuite Msf CSRFTester Curl DFF Scanner DharmaEncoder DirBuster Fimap Flare Flasm Grabber Grendel Scan HCraft HttPrint HttPrint_GUI Jmeter JoomScan LBD List-Urls Lynx Mini Mysqlat0r Nikto2 OpenAcunetix Paros Proxy Powerfuzzer RatProxy SWFIntruder Skipfish SoapUI W3AF (Console) W3AF (GUI) Wbox Wmat WafW00f Wapiti Web Securify WebScarab Lite WebShag Wfuzz Xsss

Radio Network Analysis: 80211 Cracking ASLeap AirSnarf AirSnort AirBase-ng AirCrack-ng AirdeCap-ng AirdeCloak-ng AirDriver-ng AirDrop-ng AirePlay-ng Airmon-ng Airodump-ng Airolib-ng Airoscript AirPwn-ng AirServ-ng Airun-ng Buddy-ng Cowpatty Decrypt Easside-ng Gencases GenPMK Gerix-Wifi-Cracker-ng GrimWepa LvsTools Kismet Kstats MDK3 Orinoco-Hopper Packetforge-ng Pyrit TkipTun-ng WEPCrack WEPCrack IVGen WEPCrack GetIV WEPBuster WEP_keygen Wesside-ng WifiZoo

Misc APHopper Airflood Airgraph-ng Airgraph-ng dump join Airoupdate Baffle Baffle GUI GISKismet GPSMap-Expedia KisGearth Kmsapng MacChanger Mitmap PcapDump SSIDSniff Schnappi-dhcp Wavemon WiSpy GTK Xgps Zulu Spoofing Airsnarf Airbase-ng Aircrack-ng Airdecap-ng Airdecloack-ng Airdriver-ng Airdrop-ng Aireplay-ng Airmon-ng Airodump-ng Airolib-ng Airpwn-ng Airserv-ng Airtun-ng Buddy-ng Easside-ng FakeAP Gerix-Wifi-Cracker-ng Ivstools Kstats PacketForge-ng Tkiptun-ng Wep_keygen Wesside-ng Wifizoo Wifitap Wifitap-ARP Wifitap-DNS Wifitap-Ping

Bluetooth BCCMD BSS BTAddr BTAudit PSM BTPinCrack BlueMaho BlueScan BlueSnarfer BlueSquirrel BlueSquirrel-Pico Braces CW-Tools CarWhisperer Frontline GhettoTooth GreenPlaque HID-Attack Obex Stress Packet Replay TBSearch Tbear Tanya BlueSmash BlueBugger BluePrint BtScanner HCIDump Minicom ObexFTP RedFang Ussp-Push

RFID RFIDIOT ACG BruteForce Brute Force Hitag2 BruteForce MIFARE Calculate JCOP MIFARE Continous Select Tag Copy ISO15693 Tag Epassport READ WRITE CLONE Format MIFARE 1k Value Blocks Identify HF Tag Type Identify LF Tag Type JCOP Info JCOP MIFARE READ WRITE JCOP Set ATR Historical Bytes READ WRITE CLONE unique (EM4x02) Read ACG Reader EEPROM Read LF Tag Read MIFARE Read Tag Reset Q5 Tag Select Tag Set FDX-B ID Test ACG LAHF

RFIDIOT Frosch READ WRITE CLONE unique (EM4x02) Reset Hitag2 Tag Set FDX-B ID Test Frosch Reader

RFIDIOT DSCS /Identify HF Tag Type Bruteforce MIFARE Calculate JCOP MIFARE Keys Chip & PIN Info Continous Select TAG Epassport Read/Write/Clone Install ATR Historical Byte applet to JCOP Install MIFARE Applet to JCOP Install VonJeek Epassport emulator to JCOP Install VonJeek Epassport emulator to Nokia JCOP Info JCOP MIFARE Read/Write JCOP Set Historical Bytes Read MIFARE Read Tag Select Tag

Penetration:

Sapyto Social Engineering Toolkit

ExploitDB

Fast Track Fast-Track Interactive Fast-Track WebGUI Fast-Track Command Line Inguma Inguma IngumaGUI

Metasploit Exploitation Framework

Privilege Escalation: Password Attacks Chntpw Offline Attacks BKHive CUPP CeWl Crunch Hashcat John OclHashCat Ophcrack Ophcrack GUI Pw-Inspector Pyrit RTDump RTGen RTSort Rainbowcrack Rarcrack Saltymd5 SamDump2 Wyd Rainbow Crack RTDump RTGen RTSort Rainbowcrack

Online Attacks BruteSSh DNSBruteForce Hydra LodoWep Medusa Ncrack RWW-Attack SSHater TFTP-Bruteforce VNCrack Xhydra Sniffers Arpalert Dsniff Driftnet Ettercap Ettercap-GTK Ferret Hamster Ntop SMBRelay3 SSLDump SSLStrip TcPick Xspy XWatchwin

Spoofing ADM-DNS Tools Etherape Ettercap Ettercap-GTK ICMP Redirect IRDP Responder ISP IGRP Route Injection Inundator Middler Nemesis NetSed Netenum PackETH Packit SSLDump SSLStrip Scapy Sing TCPReplay THC-IPv6

Maintain Access: Backdoors & Rootkits Web Backdoors Compilation Tunneling 3Proxy CryptCat DNS2TCP Miredo Miredo-Server Nstx ProxyTunnel ProxyChains ProxyResolv Ptunnel SBD SoCat Stunnel4 TinyProxy UDPTunnel

Digital Forensics: Anti-Forensics Scrub Wipe

File Carving MagicRescue

Forensic Analysis Allin1 Autopsy ExifTool Fatback MboxGrep MemDump PhotoRec Scalpel TestDisk TrID Vinetto Volatility Xplico

Image Acquiring AirImager AfCat AfCompare AfConvert Affix AfInfo AfStats AfXML Aimage ChRootkit ClamScan DCFLDD DD_Rescue Galleta

Reverse Engineering:

Evans Debugger GDB GNU Debugger IDA Pro Free OllyDBG

Voice Over IP: VOIP Analysis Signaling ACE Add_Registrations EnumIAX Erase_Registrations Iwar IaxFlood InviteFlood OhrWurm PCAPSipDump Protos-Sip RTPFlood RTP InsertSound RTP MixSound RTPInject RTPBreak Redirect Poison SIPP SipSak SipCrack SipDump SipVicious Sip-Scan Sip_Rogue Smap TearDown UCSniff Vnak Voiper ViopHopper Viopong Vomit Warvox

Miscellaneous: DkftpBench Dragon IPCalc Icommander Icommander-Client KmsaPng Leo MacChanger Mitmap NetActView NetSed Packet-O-Matic SchNappi-DHCP SendEmail TpCat USBview Utilman ValGrind Wavemon WGetPaste