πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • Terminology
  • Master list of Tools
  • Exploitation Framework
  • Post Exploitation
  • WiFi
  • Enumeration
  • Hash Cracking
  • Vulnerability Scanners
  • Web App
  • Brute Force
  • Credential Dumping
  • MitM
  • Payload Generation
  • Process Injection/Shellcode Loaders
  • Wordlists
  • Exploits Databases
  • Vulnerability Databases
  • Other
Edit on GitHub

Tools

Last updated 8 months ago

This section will cover various attack tools, vectors, methods, and how we can use them, as well as what to look for to defend against them.

Many tools can be used both offensively and defensively, so seeing one being used should not immediately indicate malicious intent. For example, , is a vulnerability scanner and it can be used offensively to see what services are running, what version they are running on, and if they have any immediate known vulnerabilities and how they can be exploited. In the same, this can be used defensively to know what is vulnerable in your network and can tell you how to patch the vulnerability so it may not be exploited in that manor.

No one tool is a end all be all. There is no "One Tool to Rule Them All". Use multiple tools for the job. They can all do things differently and give information in various ways.

Terminology

APT is an acronym for Advanced Persistent Threat. This can be considered a team/group (threat group), or even country (nation-state group), that engages in long-term attacks against organizations and/or countries. FireEye's current list of APT groups can be found .

TTP is an acronym for Tactics, Techniques, and Procedures:

  • The Tactic is the adversary's goal or objective.

  • The Technique is how the adversary achieves the goal or objective.

  • The Procedure is how the technique is executed.

Master list of Tools

Exploitation Framework

  • - C2/Exploitation Framework

  • - C2/Exploitation Framework

  • - C2/Exploitation Framework

  • - malleable post-exploitation command and control framework

Post Exploitation

WiFi

Enumeration

  • Dirb/Dirbuster - Busting Tool for Web Directories

Hash Cracking

Vulnerability Scanners

Web App

Brute Force

Credential Dumping

MitM

Payload Generation

Process Injection/Shellcode Loaders

Wordlists

Exploits Databases

Vulnerability Databases

Other

- Post-exploitation toolset for interacting with the Microsoft Graph API

- post-exploitation tool

- Another CrackMapExec

- WiFi penetration testing

- wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework

- , , wireless and networks reconnaissance and MITM attacks.

- capture packets from wlan devices and to discover potential weak points within WiFi networks

- WiFi penetration testing

- Directory/File, DNS and VHost busting tool written in Go

- Enumerating information from Windows and Samba systems

- Enumerates valid OneDrive accounts

- Active Directory Attacks

- Runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

- ldap enumeration utility

- Queries Microsoft for a list of domains associated with an Office 365 tenant

- Tool for Active Directory Certificate Services enumeration and abuse

- A multiprotocol credentials bruteforcer / password sprayer and enumerator.

- Fast web fuzzer written in Go

- Subdomain Enumeration

- Open-source hash cracking tool

- Open-source hash cracking tool

- Vulnerability Scanner

- Vulnerability Scanner

- WebApp Pentesting Framework

- WebApp Pentesting Framework

- Parallelized login cracker

- BruteForce site login pages

- A multiprotocol credentials bruteforcer / password sprayer and enumerator.

- Post Exploitation Credential Dump

- Extracts hashes from a pcap or live interface

- Dumps DPAPI Creds

- Active Directory information dumper via LDAP

- LLMNR, NBT-NS and MDNS poisoner

- RDP MiTM Tool

- Replys to DHCPv6

- SpoolSample -> NetNTLMv1 -> NTLM -> Silver Ticket

- Payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST

- Payload creation framework designed around EDR bypass

- Payload generation

- Combination of payload generation and encoding

- manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

- Go Shellcode loader using Windows API

- Syscall Shellcode Loader

- PowerShell downgrade attack and inject shellcode straight into memory

- Process Injection

- Indirect syscalls for AV/EDR evasion in Go assembly

- A small x64 library to load dll's into memory.

- A collection of Python classes for working with network protocols

- Open-source penetration testing framework designed for social engineering

-

- Original C Implementation of the Hell's Gate VX Technique

- Querying certificate transparency logs

- Trace Labs OSINT VM

- CLI tool to query the DeHashed API

- automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat

- Monitor linux processes without root permissions

- A collection of Azure AD tools for offensive and defensive security purposes

- LSASS memory dumper using direct system calls and API unhooking.

πŸ› οΈ
Nessus
here
A list of OSINT Tools can be found here
Metasploit
Sliver
Mythic
Cobalt Strike
Havoc
GraphRunner
Intro to GraphRunner by BHIS
Crackmapexec
NetExec
Aircrack
Kismet
Bettercap
WiFi
Bluetooth Low Energy
HID hijacking
IPv4 and IPv6
HCXDumptool
WiFite
GoBuster
Enum4Linux
OneDrive UserEnum
Bloodhound
Cypheroth
Ldeep
SUCC
Certipy
Legba
FFUF
Dome
Hashcat
JohnTheRipper
Nessus
OpenVAS
BurpSuite
OWASP Zap
Hydra
BruteMap
Legba
Mimikatz
Pcredz
DonPapi
ldapdomaindump
Responder
SETH
MiTM6
NetNTLMtoSilverTicket
Freeze.rs
Scarecrow
URU
MSFVenom
Mangle
Bankai
ShhhLoader
Unicorn
TikiTorch
Archeron
Win11-OneDrive-DLL-Injection
LdrLibraryEx
VX-Underground
Hashmob
Seclists
ExploitDB
IntelligentExploit
Shodan
PacksetStormSec
MITRE CVE
CVE Details
NIST
CERT/CC Vulnerability Notes Database
LWN security vulnerabilities database
VulnLab
SecDocs
Impacket
Social-Engineer Toolkit(SET)
WolfPack
HellsGate
QuickCert
TLOSINT
DeHashed API Tool
autoNTDS
PSPY
ROADtools
Dumpert