cisco-torch – Cisco device scanner

Tool Description

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Tool Source: http://www.hackingciscoexposed.com/?link=tools

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-torch.git;a=summary

Video Tutorial: Coming Soon!

CDPSnarf – Network sniffer to extract CDP information

Tool Description

CDPSnarf is a network sniffer exclusively written to extract information from CDP packets.
It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

A feature list follows:

  • Time intervals between CDP advertisements
  • Source MAC address
  • CDP Version
  • TTL
  • Checksum
  • Device ID
  • Software version
  • Platform
  • Addresses
  • Port ID
  • Capabilities
  • Duplex
  • Save packets in PCAP dump file format
  • Read packets from PCAP dump files
  • Debugging information (using the “-d” flag)
  • Tested with IPv4 and IPv6

Tool Source: https://github.com/Zapotek/cdpsnarf

Kali Repo: http://git.kali.org/gitweb/?p=packages/cdpsnarf.git;a=summary

Video Tutorial: Coming Soon!

 

braa – Mass SNMP scanner

Tool Description

Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultaneously, and in a single process. Thus, it consumes very few system resources and does the scanning VERY fast.

Braa implements its OWN snmp stack, so it does NOT need any SNMP libraries like net-snmp. The implementation is very dirty, supports only several data types, and in any case cannot be stated ‘standard-conforming’! It was designed to be fast, and it is fast. For this reason (well, and also because of my laziness ;), there is no ASN.1 parser in braa – you HAVE to know the numerical values of OID’s (for instance .1.3.6.1.2.1.1.5.0 instead of system.sysName.0).

Tool Source: http://s-tech.elsat.net.pl/

Kali Repo: http://git.kali.org/gitweb/?p=packages/braa.git;a=summary

Video Tutorial: Coming Soon!

bing-ip2hosts – Enumerate hostnames for an IP using bing.com

Tool Description

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required.

Tool Source: http://www.morningstarsecurity.com/research/bing-ip2hosts

Kali Repo: http://git.kali.org/gitweb/?p=packages/bing-ip2hosts.git;a=summary

Video Tutorial: Coming Soon!

Automater – A IP and URL analysis tool

Tool Description

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

Tool Source: http://www.tekdefense.com/automater/

Kali Repo: http://git.kali.org/gitweb/?p=packages/automater.git;a=summary

Video Tutorial: Coming Soon!

aMap – Application MAPper: next-generation scanning tool for pentesters

Tool Description

Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.

Tool Source: https://www.thc.org/thc-amap/

Kali Repo: http://git.kali.org/gitweb/?p=packages/amap.git;a=summary

Tools Included:

  • amapcrap – sends random data to a UDP, TCP or SSL’ed port to illicit a response

Video Tutorial: Coming Soon!

 

CaseFile – Offline intelligence tool

Tool Description

CaseFile is the little brother to Maltego. It targets a unique market of ‘offline’ analysts whose primary sources of information are not gained from the open-source intelligence side or can be programmatically queried. We see these people as investigators and analysts who are working ‘on the ground’, getting intelligence from other people in the team and building up an information map of their investigation.

CaseFile gives you the ability to quickly add, link and analyze data having the same graphing flexibility and performance as Maltego without the use of transforms. CaseFile is roughly a third of the price of Maltego.

What does CaseFile do?

CaseFile is a visual intelligence application that can be used to determine the relationships and real world links between hundreds of different types of information.
It gives you the ability to quickly view second, third and n-th order relationships and find links otherwise undiscoverable with other types of intelligence tools.
CaseFile comes bundled with many different types of entities that are commonly used in investigations allowing you to act quickly and efficiently. CaseFile also has the ability to add custom entity types allowing you to extend the product to your own data sets.

What can CaseFile do for me?

CaseFile can be used for the information gathering, analytics and intelligence phases of almost all types of investigates, from IT Security, Law enforcement and any data driven work. It will save you time and will allow you to work more accurately and smarter.
CaseFile has the ability to visualise datasets stored in CSV, XLS and XLSX spreadsheet formats.
We are not marketing people. Sorry.
CaseFile aids you in your thinking process by visually demonstrating interconnected links between searched items.
If access to “hidden” information determines your success, CaseFile can help you discover it.

Tool Source: http://paterva.com/web6/products/casefile.php

Kali Repo: http://git.kali.org/gitweb/?p=packages/casefile.git;a=summary

Video Tutorial: Coming Soon!

APACHE-USERS

Tool Description

This Perl script will enumerate the usernames on any system that uses Apache with the UserDir module.

Tool Source: https://labs.portcullis.co.uk/

Kali Repo: http://git.kali.org/gitweb/?p=packages/apache-users.git;a=summary

Example:

root@kali:~# apache-users -h 192.168.1.202 -l /usr/share/wordlists/metasploit/unix_users.txt -p 80 -s 0 -e 403 -t 10

Video Tutorial: Coming Soon!

ACCCHECK – Password dictionary attack tool for SMB

Tool Description

The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.

Tool Source: https://labs.portcullis.co.uk/tools/acccheck/

Kali Repo: http://git.kali.org/gitweb/?p=packages/acccheck.git;a=summary

General Details

root@kali:~# acccheck

acccheck v0.2.1 - By Faiz

Description:
Attempts to connect to the IPC$ and ADMIN$ shares depending on which flags have been
chosen, and tries a combination of usernames and passwords in the hope to identify
the password to a given account via a dictionary password guessing attack.

Usage = ./acccheck [optional]

 -t [single host IP address]
 OR
 -T [file containing target ip address(es)]

Optional:
 -p [single password]
 -P [file containing passwords]
 -u [single user]
 -U [file containing usernames]
 -v [verbose mode]

Examples
Attempt the 'Administrator' account with a [BLANK] password.
    acccheck -t 10.10.10.1
Attempt all passwords in 'password.txt' against the 'Administrator' account.
    acccheck -t 10.10.10.1 -P password.txt
Attempt all password in 'password.txt' against all users in 'users.txt'.
    acccehck -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
    acccheck -t 10.10.10.1 -u administrator -p password

Usage Example

root@kali:~# acccheck.pl -T smb-ips.txt -v
Host:192.168.1.201, Username:Administrator, Password:BLANK

Video Tutorial: Coming Soon!