cisco-torch – Cisco device scanner

Tool Description

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Tool Source: http://www.hackingciscoexposed.com/?link=tools

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-torch.git;a=summary

Video Tutorial: Coming Soon!

CDPSnarf – Network sniffer to extract CDP information

Tool Description

CDPSnarf is a network sniffer exclusively written to extract information from CDP packets.
It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

A feature list follows:

  • Time intervals between CDP advertisements
  • Source MAC address
  • CDP Version
  • TTL
  • Checksum
  • Device ID
  • Software version
  • Platform
  • Addresses
  • Port ID
  • Capabilities
  • Duplex
  • Save packets in PCAP dump file format
  • Read packets from PCAP dump files
  • Debugging information (using the “-d” flag)
  • Tested with IPv4 and IPv6

Tool Source: https://github.com/Zapotek/cdpsnarf

Kali Repo: http://git.kali.org/gitweb/?p=packages/cdpsnarf.git;a=summary

Video Tutorial: Coming Soon!

 

braa – Mass SNMP scanner

Tool Description

Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultaneously, and in a single process. Thus, it consumes very few system resources and does the scanning VERY fast.

Braa implements its OWN snmp stack, so it does NOT need any SNMP libraries like net-snmp. The implementation is very dirty, supports only several data types, and in any case cannot be stated ‘standard-conforming’! It was designed to be fast, and it is fast. For this reason (well, and also because of my laziness ;), there is no ASN.1 parser in braa – you HAVE to know the numerical values of OID’s (for instance .1.3.6.1.2.1.1.5.0 instead of system.sysName.0).

Tool Source: http://s-tech.elsat.net.pl/

Kali Repo: http://git.kali.org/gitweb/?p=packages/braa.git;a=summary

Video Tutorial: Coming Soon!

bing-ip2hosts – Enumerate hostnames for an IP using bing.com

Tool Description

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required.

Tool Source: http://www.morningstarsecurity.com/research/bing-ip2hosts

Kali Repo: http://git.kali.org/gitweb/?p=packages/bing-ip2hosts.git;a=summary

Video Tutorial: Coming Soon!

Automater – A IP and URL analysis tool

Tool Description

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

Tool Source: http://www.tekdefense.com/automater/

Kali Repo: http://git.kali.org/gitweb/?p=packages/automater.git;a=summary

Video Tutorial: Coming Soon!

aMap – Application MAPper: next-generation scanning tool for pentesters

Tool Description

Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.

Tool Source: https://www.thc.org/thc-amap/

Kali Repo: http://git.kali.org/gitweb/?p=packages/amap.git;a=summary

Tools Included:

  • amapcrap – sends random data to a UDP, TCP or SSL’ed port to illicit a response

Video Tutorial: Coming Soon!

 

ace-voip – A simple VoIP corporate directory enumeration tool

Tool Description

ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behaviour of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the “corporate directory” feature of VoIP headphones enables users to easily dial by name via their VoIP handsets, ACE was developed as a research idea born from “VoIP Hopper” to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools.

Tool Source: http://ucsniff.sourceforge.net/ace.html

Kali Repo: http://git.kali.org/gitweb/?p=packages/ace-voip.git;a=summary

Video Tutorial: Coming Soon!

APACHE-USERS

Tool Description

This Perl script will enumerate the usernames on any system that uses Apache with the UserDir module.

Tool Source: https://labs.portcullis.co.uk/

Kali Repo: http://git.kali.org/gitweb/?p=packages/apache-users.git;a=summary

Example:

[email protected]:~# apache-users -h 192.168.1.202 -l /usr/share/wordlists/metasploit/unix_users.txt -p 80 -s 0 -e 403 -t 10

Video Tutorial: Coming Soon!

AIRCRACK-NG

Tool Description

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Tool Source: http://aircrack-ng.org/

Kali Repo: http://git.kali.org/gitweb/?p=packages/aircrack-ng.git;a=summary

Included Tools:

  • airbase-ng – Configure fake access points
  • aircrack-ng – Wireless password cracker
  • airdecap-ng – Decrypt WEP/WPA/WPA2 capture files
  • airdecloak-ng – Removes WEP cloaking from a pcap file
  • airdriver-ng – Provides status information about the wireless drivers on your system
  • aireplay-ng –  Primary function is to generate traffic for later use in aircrack-ng
  • airmon-ng – This script can be used to enable monitor mode on wireless interfaces
  • airmon-zc – This script can be used to enable monitor mode on wireless interfaces
  • airodump-ng – Used for packet capturing of raw 802.11 frames
  • airodump-ng-oui-update – Downloads and parses IEEE OUI list
  • airolib-ng – Designed to store and manage essid and password lists
  • airserv-ng – A wireless card server
  • airtun-ng – Virtual tunnel interface creator
  • besside-ng -Automatically crack WEP and WPA networks
  • buddy-ng
  • easside-ng – An auto-magic tool which allows you to communicate via an WEP-encrypted access point
  • ivstools – This tool handle .ivs files. You can either merge or convert them
  • kstats
  • makeivs-ng – Generates initialization vectors
  • packetforge-ng – Create encrypted packets that can subsequently be used for injection
  • tkiptun-ng – This tool is able to inject a few frames into a WPA TKIP network with QoS
  • wesside-ng – Auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key
  • wpaclean – Remove excess data from a pcap file

Video Tutorial: Coming Soon!