Kali Top 10: Difference between revisions
From charlesreid1
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This page contains a list of notes related to Kali's Top 10 software packages: | This page contains a list of notes related to Kali's Top 10 software packages: | ||
* aircrack-ng | * aircrack-ng - [[Aircrack]] | ||
* burpsuite | * burpsuite - [[Burp Suite]] | ||
* hydra | * hydra - [[Hydra]] | ||
* john | * john - [[John the Ripper]] | ||
* maltego | * maltego | ||
* metasploit | * metasploit - [[MSF]] | ||
* nmap | * nmap - [[Nmap]] | ||
* owasp-zap | * owasp-zap - [[OWASP]] | ||
* sqlmap | * sqlmap - [[Sqlmap]] | ||
* wireshark | * wireshark - [[Wireshark]] | ||
=Aircrack= | =Aircrack= | ||
| Line 16: | Line 16: | ||
See [[Aircrack]] page. | See [[Aircrack]] page. | ||
{{AircrackFlag}} | |||
=Hydra= | |||
Hydra is a tool for brute-forcing SSH connections. It is much slower than offline password-guessing with (e.g.) [[John the Ripper]], but sometimes this is your only option. | |||
See the [[Hydra]] page for more info. | |||
Also see [[Metasploitable/SSH/Brute Force]] | |||
=John the Ripper= | |||
John the Ripper is a software suite for password testing. It provides many different functions that make it a good complement to any program. | |||
See [[John the Ripper]] page. | |||
{{JohnFlag}} | |||
=Metasploit= | |||
Notes on the (huuuuuge) metasploit framework are here: [[MSF]] | |||
Applying Metasploit to the Metasploitable Virtual Box: [[Metasploitable]] | |||
{{MSFlag}} | |||
=Nmap= | |||
What's a hacker without nmap? | |||
See [[Nmap]] | |||
{{NmapFlag}} | |||
=Wireshark= | |||
The ubiquitous packet capture and analysis tool, wireshark is a nice tool for seeing what's happening on a network. | |||
See [[Wireshark]] page | |||
{{WiresharkFlag}} | |||
=Flags= | |||
{{KaliFlag}} | |||
Latest revision as of 06:30, 27 July 2016
This page contains a list of notes related to Kali's Top 10 software packages:
- aircrack-ng - Aircrack
- burpsuite - Burp Suite
- hydra - Hydra
- john - John the Ripper
- maltego
- metasploit - MSF
- nmap - Nmap
- owasp-zap - OWASP
- sqlmap - Sqlmap
- wireshark - Wireshark
Aircrack
Aircrack is a software suite designed to crack WPA and WEP by gathering a large enough number of packets.
See Aircrack page.
 |
aircrack-ng a suite of tools for wireless cracking.
aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information
airodump-ng Basic Usage of Airodump
Category:Security · Category:Wireless · Category:Passwords
|
Hydra
Hydra is a tool for brute-forcing SSH connections. It is much slower than offline password-guessing with (e.g.) John the Ripper, but sometimes this is your only option.
See the Hydra page for more info.
Also see Metasploitable/SSH/Brute Force
John the Ripper
John the Ripper is a software suite for password testing. It provides many different functions that make it a good complement to any program.
See John the Ripper page.
|
john the ripper password generator and all-around cracking tool.
Testing John: John the Ripper/Benchmarking Using John on Password generation using rules and modes: John the Ripper/Password Generation Installing some useful password rules: John the Ripper/Rules Using John to feed password guesses to Aircrack: Aircrack and John the Ripper John the Ripper on AWS: Ubuntu/Barebones to JtR Getting Passwords from John: John the Ripper/Password Recovery
|
Metasploit
Notes on the (huuuuuge) metasploit framework are here: MSF
Applying Metasploit to the Metasploitable Virtual Box: Metasploitable
|
Metasploit any and all resources related to metasploit on this wiki
Category:Metasploit - pages labeled with the "Metasploit" category label MSF/Wordlists - wordlists that come bundled with Metasploit MSFVenom - msfvenom is used to craft payloads Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.
Category:Security · Category:Metasploit · Category:Kali
|
|
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|
Nmap
What's a hacker without nmap?
See Nmap
Wireshark
The ubiquitous packet capture and analysis tool, wireshark is a nice tool for seeing what's happening on a network.
See Wireshark page
|
Wireshark a Swiss-army knife for analyzing networks, network traffic, and pcap files.
Wireshark · Category:Wireshark Packet Analysis · Wireshark/Advanced Wireshark/HTTPS · Wireshark/Traffic Analysis · Wireshark/Conversation Analysis · Wireshark/Protocol Analysis Working with SSL/TLS/HTTPS: MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info · MITM Labs/Decrypting HTTPS Traffic with Private Key File
|
Flags