Herramientas Kali Linux PDF

Preview

Summary

Herreamientas para Kali...

Description

Kali Linux Tools

39. 40. 41. 42.

Metagoofil Miranda nbtscan-unixwiz Nikto

43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67.

Nmap ntop OSRFramework p0f Parsero Recon-ng SET SMBMap smtp-user-enum snmp-check SPARTA sslcaudit SSLsplit sslstrip SSLyze Sublist3r THC-IPV6 theHarvester TLSSLed twofi Unicornscan URLCrazy Wireshark WOL-E Xplico

Information Gathering

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38.

ace-voip Amap APT2 arp-scan Automater bing-ip2hosts braa CaseFile CDPSnarf cisco-torch copy-router-config DMitry dnmap dnsenum dnsmap DNSRecon dnstracer dnswalk DotDotPwn enum4linux enumIAX EyeWitness Faraday Fierce Firewalk fragroute fragrouter Ghost Phisher GoLismero goofile hping3 ident-user-enum InSpy InTrace iSMTP lbd Maltego Teeth masscan

Vulnerability Analysis

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27.

BBQSQL BED cisco-auditing-tool cisco-global-exploiter cisco-ocs cisco-torch copy-router-config Doona DotDotPwn HexorBase jSQL Injection Lynis Nmap ohrwurm openvas Oscanner Powerfuzzer sfuzz SidGuesser SIPArmyKnife sqlmap Sqlninja sqlsus THC-IPV6 tnscmd10g unix-privesc-check Yersinia

Exploitation Tools

1. Armitage 2. Backdoor Factory 3. BeEF

4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21.

cisco-auditing-tool cisco-global-exploiter cisco-ocs cisco-torch Commix crackle exploitdb jboss-autopwn Linux Exploit Suggester Maltego Teeth Metasploit Framework MSFPC RouterSploit SET ShellNoob sqlmap THC-IPV6 Yersinia

Wireless Attacks

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36.

Airbase-ng Aircrack-ng Airdecap-ng and Airdecloak-ng Aireplay-ng airgraph-ng Airmon-ng Airodump-ng airodump-ng-oui-update Airolib-ng Airserv-ng Airtun-ng Asleap Besside-ng Bluelog BlueMaho Bluepot BlueRanger Bluesnarfer Bully coWPAtty crackle eapmd5pass Easside-ng Fern Wifi Cracker FreeRADIUS-WPE Ghost Phisher GISKismet Gqrx gr-scan hostapd-wpe ivstools kalibrate-rtl KillerBee Kismet makeivs-ng mdk3

37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54.

mfcuk mfoc mfterm Multimon-NG Packetforge-ng PixieWPS Pyrit Reaver redfang RTLSDR Scanner Spooftooph Tkiptun-ng Wesside-ng Wifi Honey wifiphisher Wifitap Wifite wpaclean

Forensics Tools

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23.

Binwalk bulk-extractor Capstone chntpw Cuckoo dc3dd ddrescue DFF diStorm3 Dumpzilla extundelete Foremost Galleta Guymager iPhone Backup Analyzer p0f pdf-parser pdfid pdgmail peepdf RegRipper Volatility Xplico

37. 38. 39. 40. 41. 42. 43.

WebSlayer WebSploit Wfuzz WhatWeb WPScan XSSer zaproxy

Web Applications Stress Testing

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36.

apache-users Arachni BBQSQL BlindElephant Burp Suite CutyCapt DAVTest deblaze DIRB DirBuster fimap FunkLoad Gobuster Grabber hURL jboss-autopwn joomscan jSQL Injection Maltego Teeth Nikto PadBuster Paros Parsero plecost Powerfuzzer ProxyStrike Recon-ng Skipfish sqlmap Sqlninja sqlsus ua-tester Uniscan w3af WebScarab Webshag

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14.

DHCPig FunkLoad iaxflood Inundator inviteflood ipv6-toolkit mdk3 Reaver rtpflood SlowHTTPTest t50 Termineter THC-IPV6 THC-SSL-DOS

5 servidores web hackeables legalmente 1. Web Security Dojo – WSD is a VM which holds many tools (like Burp Suite, w3af, Ratproxy and SQLmap.) and target machines (WebGoat and Hacme Casino, among others) in itself. It is an open-source training environment based on Xubuntu 12.04. It also holds training materials and user guides for some targets. To use it, you don’t need to run other tools, just this VM. You first need to install and run VirtualBox 5 (or later), or you can also run it on VMware. After that, import the ova file to VirtualBox/VMware and there you go. It will feel like any other Ubuntu OS. 2. Mutillidae II – An open-source and free application developed by OWASP itself, Mutillidae II contains various vulnerabilities and hints to help the user to exploit them. Many security enthusiasts have used it because it provides easy-to-use web hacking environment. If penetration testing or hacking is your hobby, then this web application is for you to brush up your skills. It has vulnerabilities to test like XSS, SQL injection, HTML injection, clickjacking, authentication bypass and many other vulnerabilities. It also has subcategories in its vulnerabilities section which provides further options. 3. DVWA – It stands for Damn Vulnerable Web App. It is based on PHP and runs on MySQL database server, which is indeed damn vulnerable. It has three levels of security: Low, Medium, and High. Each level of security demands different skills. Developers have decided to share its source code, too, so that security researchers can see what is going on at the backend. DVWA has vulnerabilities like XSS, CSRF, SQL injection, file injection, upload flaws and more, which is great for researchers to learn and help others learn about these flaws. Researchers can also use their various tools to capture packets, brute force, and other such tactics on DVWA. 4. PentesterLab - The Exercises (ISO & PDF): https://www.pentesterlab.com/exercises/ 5. Samurai WTF http://www.samurai-wtf.org/

10 sitios web vulnerables 1. Stanford Securibench (Java) & Micro: http://suif.stanford.edu/~livshits/securibench/ (download) 2. Try2Hack is one of the oldest challenge sites around and there are numerous security challenges on offer here. Each of the levels are sorted by difficulty and created so that you can practice hacking for fun. There's a community on the IRC channel where you can ask for help and a full walkthrough on GitHub. 3. Vicnum. This is an OWASP project developed by developed by Mordecai Kraushar consisting of vulnerable web applications based on games " commonly used to kill time". In each application are common security problems such as cross site scripting, SQL injections and session management issues. 4. Hackademic. Hackademic is another OWASP open source project and offers 10 realistic scenarios which are full of vulnerabilities including those in the OWASP Top 10. It is perfect for use in a classroom or workplace environment for educational purposes and developers are encouraged to contribute by adding new scenarios and vulnerabilities. 5. SlaveHack. This is actually an hacking simulation game where the goal is to manage your hardware and software and make the computers you hack or defend your 'slaves'. Although this isn't a website to hack per se, I have included as it does help security people to see their systems in the way malicious hackers do. You can also connect with other players in the forum and help each other when you get stuck. 6. ExploitMe Mobile Android Labs is designed for developers and security professionals with a slant on the Android operating system. There are ten vulnerabilities to find in total which are found in Android applications. The lessons include password lock screens, insecure logging, file system access permission and more. 7. HackingLab. Hacking-Lab provides the CTF (Capture The Flag) challenges for the European Cyber Security Challenge but host challenges on their own platform which anyone can take part in once you have registered. 8. Google Gruyere (Python): http://google-gruyere.appspot.com (download) 9. RingZer0 Team Online CTF offers over 200 challenges in 13 different categories including Cryptography, Jail Escaping, Malware Analysis, SQL Injection, Shellcoding and more and are designed to test and improve your hacking skills. After you complete a challenge, you can do a write up on it and submit your solution to the RingZer0 team. If your solution is accepted you can earn RingZer0Gold which can be exchanged for hints in future challenges and there's even a score board of the top players. 10. IBM/Watchfire AltoroMutual Yet another vulnerable online banking website designed to test IBM AppScan products. It's a simple application written in .NET. Instructions are available here to logon to the application with links to more complex web applications and vulnerable web services....