PT0-003 Tools

Metasploit

Metasploit

a comprehensive penetration testing framework used for identifying vulnerabilities and exploiting them.

Netcat

a versatile networking utility that facilitates reading from and writing to network connections.

Nmap and NSE

a network scanner equipped with a scripting engine for network discovery and security auditing.

Impacket

a Python library designed for crafting and manipulating network packets at the protocol level.

CrackMapExec (CME)

a post-exploitation tool developed in Python and designed for penetration testing against networks. It can collect Active Directory information and conduct lateral movement through targeted networks.

Wireshark/tcpdump

network protocol analyzers used for capturing and inspecting packets to troubleshoot networks and security issues.

msfvenom

a tool within the Metasploit framework used for generating payloads for penetration testing.

Responder

inbuilt Kali tool for Link-Local Multicast name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) that responds to specific NetBIOS queries based on the file server request. By doing this, it can send out broadcast messages to a selected network.

hashcat

a tool for recovering passwords by brute-forcing hashes.

John the Ripper

a well-known password-cracking software used for dictionary attacks.

Hydra

a tool known for its capabilities in password cracking across multiple protocols and services.

BloodHound

a graphical tool for mapping out attack paths in Active Directory environments.

Medusa

a robust password cracking tool designed to test network authentication services.

Burp Suite

a suite of tools for web application testing that can proxy the flow of packets to allow for packet inspection and editing among other capabilities.

Mimikatz

a popular tool used for stealing passwords from windows devices.

Rubeus

a tool focused on the abuse and exploitation of Kerberos tickets in Active Directory environments.

Certify

a tool for managing and monitoring SSL certificates and related security aspects. It can be used to enumerate and abuse misconfigurations in Active Directory Certificate Services.

Seatbelt

a PowerShell script for offensive operations like credential harvesting and privilege escalation (system enumeration).

PowerShell/PowerShell Integrated Scripting Environment (ISE)

a command-line shell and scripting language for task automation and configuration management within a windows environment.

PsExec

a command-line tool that allows executing processes remotely on Windows systems without installing client software.

Evil-WinRM

a remote command execution tool designed specifically for Windows environments. Leverages the weaknesses WinRM to establish a foothold on a target system.

Living off the land binaries (LOLbins)

legitimate system binaries that can be repurposed for malicious activities.

TruffleHog

a tool used to search Git repositories for secrets and sensitive information that may have been committed inadvertently (such as secret keys).

Zed Attack Proxy (ZAP)

a penetration testing tool used to find vulnerabilities in web applications during development and testing.

Postman

a collaboration platform for API development that simplifies designing

sqlmap

an automated tool for detecting and exploiting SQL injection vulnerabilities in web applications.

Gobuster/DirBuster

tools used for brute-forcing directories and files on web servers.

Wfuzz

a tool designed for brute-forcing web applications. It can be used in various applications such as finding resources not in linked directories and fuzzing.

WPScan

a WordPress vulnerability scanner that checks for security vulnerabilities in WordPress installations.

Pacu

an open-source AWS exploitation framework, designed for offensive security testing against cloud environments

Docker Bench

a security assessment tool designed to evaluate Docker container environments against best security practices.

Kube-hunter

a Kubernetes security testing tool used to discover security issues and vulnerabilities in Kubernetes clusters.

Prowler

an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure.

ScoutSuite

a multi-cloud security auditing tool that assesses the security posture of cloud environments across various providers. Provides a snapshot of a cloud account at a given time.

WPAD

Web Proxy Auto-Discovery Protocol used for automatic proxy configuration in web browsers.

WiFi-Pumpkin

a framework for creating rogue Wi-Fi access points to perform man-in-the-middle attacks.

Aircrack-ng

a comprehensive suite of tools for assessing Wi-Fi network security.

WiGLE.net

a wireless network mapping service that collects and visualizes information about wireless networks worldwide.

InSSIDer

a Wi-Fi network scanner available for Windows and macOS to visualize and analyze Wi-Fi environments.

Kismet

a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs

Social Engineering Toolkit (SET)

a toolkit for simulating social engineering attacks to assess organizational vulnerabilities.

Gophish

an open-source phishing toolkit designed for performing simulated phishing attacks and security awareness training.

Evilginx

a man-in-the-middle attack framework designed to steal credentials and session cookies in phishing attacks.

theHarvester

an information-gathering tool used for discovering email addresses, sub-domains, hosts, employee names, and more

Maltego

an OSINT tool used for link analysis and visualization of relationships between entities from various sources by gathering and analyzing data on the internet.

Recon-ng

a web reconnaissance framework for information gathering and reconnaissance.

Browser Exploitation Framework (BeEF)

a penetration testing tool focused on targeting and exploiting web browsers.

Scapy

a powerful Python library used for packet manipulation and network analysis.

tcprelay

a suite of open-source utilities for editing and replaying previously captured network traffic.

MobSF

Mobile Security Framework for automated security analysis of mobile apps.

Frida

an open-source toolkit that allows developers and security professionals to inject code into running applications to monitor and change their behavior

Drozer

an Android security assessment framework for finding and exploiting security vulnerabilities in Android applications and devices.

Android Debug Bridge (ADB)

a command-line tool that allows communication with an Android device for debugging and development.

Bluecrack

a Bluetooth protocol stack security assessment tool.

Empire

an open-source post-exploitation framework and command and control (C2) tool that allows adversaries to expand their access in a victim's environment. It's designed for Windows environments.

PowerView

a PowerShell tool used for reconnaissance and data collection in Active Directory environments.

PowerUpSQL

a PowerShell toolkit designed for SQL Server attack and reconnaissance.

Bash

a Unix shell and command language interpreter.

Python

a high-level programming language known for its versatility and ease of use.

Breach and attack simulation (BAS)

provides an automated method to simulate, test, and validate the effectiveness of cybersecurity controls against potential threats.

Caldera

an automated adversary emulation system created by Mitre designed to simulate sophisticated cyber attacks.

Infection Monkey

an open-source security tool for testing network resilience and identifying potential attack vectors. Simulates cyber attacks on data centers and clouds.

Atomic Red Team

a library of adversary emulation plans and techniques used for testing and validating security defenses.

Netstat

a command-line tool used for displaying network connections and ports.

msbuild

the Microsoft Build Engine used for building .NET applications.

route

a command-line tool used for viewing and manipulating the IP routing table.

Covenant

a command and control framework for Red Team operations. uses just-in-time, in-memory, .NET compilation , and dynamic profiles to fool defensive detections.

sshuttle

a VPN-like tool that uses SSH to create a transparent proxy server between the local and remote networks.

Proxychains

a tool for routing TCP connections through proxy servers like TOR or any other.

PowerSploit

an open-source framework of PowerShell scripts and modules used by hackers to perform penetration testing and post-exploitation tasks