Network Scanning and Exploitation Tools

These flashcards cover various tools and their purposes related to network scanning, exploitation, and security testing.

Nmap

A network scanning tool used for reconnaissance and enumeration, typically outputting open ports, services, and OS guesses.

Metasploit

A framework used for exploitation, focusing on exploit development and execution; it outputs shells, sessions, and exploit success.

Burp Suite

A web testing tool that intercepts and manipulates web traffic, showing HTTP requests and vulnerabilities.

BloodHound

A tool for Active Directory enumeration that identifies AD attack paths through graph-based relationships.

CrackMapExec

A tool for credential attacks in Active Directory exploitation, typically outputting authentication success or failure.

Mimikatz

A post-exploitation tool used for credential dumping, providing plaintext hashes or tickets.

Impacket

A collection of Python classes for working with network protocols, typically used for remote command execution.

Responder

A network attack tool that facilitates LLMNR/NBT-NS poisoning, capturing credentials.

sqlmap

An automated web exploitation tool designed for SQL injection, typically outputting database dumps.

Gobuster

A web enumeration tool for directory and DNS brute forcing that discovers paths.

OpenVAS

A vulnerability scanning tool used for network vulnerability assessment, producing severity reports.

Nessus

An enterprise-level vulnerability scanner that provides risk-ranked findings.

Nikto

A web scanning tool for discovering web server misconfigurations and outdated services.

Hydra

A password attack tool for performing online brute-force attacks to find valid credentials.

John the Ripper

An offline password cracking tool designed to recover passwords.

Hashcat

A password cracking tool that utilizes GPU acceleration to recover hashes.

Aircrack-ng

A suite for wireless security assessments, specifically for cracking WEP and WPA keys.

Wireshark

A network protocol analyzer used for packet capture and analysis of decoded traffic.

tcpdump

A command-line packet capture tool that outputs raw packets.

theHarvester

An OSINT tool used for email and domain harvesting, typically outputting emails and hosts.

Recon-ng

A modular framework for reconnaissance that correlates data.

Maltego

An OSINT tool focused on relationship mapping, producing visual graphs of data.

Amass

A DNS reconnaissance tool that enumerates subdomains and outputs domains and hosts.

Shodan

An OSINT search engine that finds Internet-exposed systems and provides service banners.

SpiderFoot

An automated intelligence gathering tool that produces entity reports.

Pacu

A tool for cloud attacks, specifically for AWS exploitation that identifies IAM weaknesses.

ScoutSuite

A cloud security posture assessment tool that identifies misconfigurations.

Prowler

A tool for security auditing in AWS, highlighting compliance gaps.

WPScan

A WordPress vulnerability scanning tool that identifies plugin issues.

ZAP

An automated web scanning tool that provides alerts for vulnerabilities.

Wfuzz

A web attack tool for fuzzing that validates endpoints.

SET

A social engineering toolkit designed for phishing attack frameworks, capturing credentials.

Gophish

A tool for managing phishing campaigns, providing user metrics.

Evilginx

A phishing tool that hijacks sessions via man-in-the-middle attacks, capturing session tokens.

Kismet

A wireless discovery tool that gathers access point/client data.

WiFi-Pumpkin

A rogue access point tool that captures traffic during attacks.

PsExec

A tool for lateral movement that enables remote command execution.

Netcat

A networking utility used for shell and data transfer, providing interactive shells.