5.3 Tools and Code Analysis

Question 1

What is nslookup?

Answer 1

Nslookup is a command-line tool in either Windows or Linux operating system (OS) that can be used to query a domain and specify various record types.

Question 2

What is Dig?

Answer 2

Dig is a utility widely used on a Linux OS that can perform reverse lookups to match an IP address to a domain name.

Question 3

What is the WHOIS protocol?

Answer 3

The WHOIS protocol provides the ability to search for data related to entities that register public domains and other internet resources.

Question 4

What is TinyEye?

Answer 4

TinyEye is a reverse image searcher that a team can use to scout a target to see if there is any actionable intel.

Question 5

What is Metagoofil?

Answer 5

Metagoofil is a Linux-based tool that can search for metadata from public documents located on the target website(s).

Question 6

What is Fingerprinting Organization with Collected Archives (FOCA)?

Answer 6

FOCA is a Windows-only GUI OSINT tool used to discover metadata that may be hidden within documents. It can scan search engines to find downloadable files, but you can also provide local files for FOCA to analyze.

Question 7

What is theHarvester?

Answer 7

theHarvester is data collecting tool that can search a company’s visible threat landscape, in order to gather the following information:
-Subdomain names
-Employee names
-Email addresses
-PGP key entries
-Open ports and service banners

Question 8

What is Recon-ng?

Answer 8

Recon-ng is another data gathering tool, using modules to customize the search . Some modules include:
-WHOIS query to identify points of contact
-PGP key search
-Social media profile associations
-File crawler
-DNS record enumerator

Question 9

What is Maltego?

Answer 9

Maltego is a full GUI tool, helping users visualize the gathered information. It features an extensive library of “transforms”, which automate the querying of public sources of data. Maltego then compares the data with other sets of information to provide commonalities among the sources.

Question 10

What is Shodan?

Answer 10

Shodan is a search engine designed to locate and index Internet of Things (IoT) devices that are connected to the internet, such as traffic lights, industrial control systems (ICSs) and other devices that have internet connectivity and are part of the IoT.

Question 11

What is the Social Engineering Toolkit (SET)?

Answer 11

The SET is a Python-based collection of tools that can be used when conducting a social engineering PenTest. It allows you to select from a number of different options that includes attacking websites, mass mailings and spearphishing attacks.

Question 12

What does the Open Vulnerability Assessment Scanner (OpenVAS) do?

Answer 12

When run, OpenVAS will list the vulnerabilities along with a risk rating that summarizes the overall state of the site that was tested, including CVSS values and CVE numbers.

Question 12

What is Nikto?

Answer 12

Nikto is an open-source web server scanner that can complete comprehensive testing on web servers for a variety of vulnerabilities, such as anticlickjacking X-Frame-options header, and dangerous files and CGIs.

Question 13

What is the Security Content Automation Protocol (SCAP)?

Answer 13

SCAP is a US standard use to ensure applications are in line with mandated security requirements. Scanning will use a predetermined security baseline that checks for vulnerabilities, either on-site or cloud based.

Question 14

What is the Wireless Geographic Logging Engine (WiGLE) ?

Answer 14

WiGLE is a site dedicated to mapping and indexing access points. It is considered an OSINT tool to help during the reconnaissance phase of PenTesting.

Question 15

What is Steghide?

Answer 15

Steghide is an open-source tool used to conceal a payload in either an image or audio file. It can compress, conceal, and encrypt data using images such as JPEG and BMP, and audio files using WAV and AU formats.

Question 16

What is OpenStego?

Answer 16

OpenStego is also an open source stenography tool, written in Java. In addition to standard stenography functions, you can embed a watermark - similar to a digital signature - which can prevent someone from making unauthorized changes to the file.

Question 17

What is Snow?

Answer 17

Snow is a CLI stenography tool that conceals a data payload within the whitespace of a text file that uses the ASCII format.

Question 18

What do Coagula and Sonic Visualizer do?

Answer 18

These tools synthesize images into a .wav file to conceal text. It can be revealed by converting the the text in a spectogram.

Question 19

What is ProxyChains?

Answer 19

ProxyChains is a command-line tool that enables PenTesters to mask their identity and/or source IP address by sending messages through intermediary or proxy servers, providing an extra layer of protection.

Question 20

What is Responder?

Answer 20

Responder is a man-in-the-middle type tool that can be used to exploit name resolution on a Windows network. It is designed to intercept and poison LLMNR and NBT-NS requests. Once a request is intercepted, Responder will return the attacker’s host IP as the name record, causing the querying host to establish a session with the attacker.

Question 21

What is Metasploit?

Answer 21

Metasploit is a multi-purpose computer security and PenTesting framework that is used worldwide for both legitimate security analysis and unauthorized activities. It is intentionally modular, as it allows the attacker to mix and match scanners, exploits, and payloads into a single attack.

Question 22

What is Impacket tools?

Answer 22

Impacket tools is an open-source collection of tools used when PenTesting in a Windows environment. The Impacket library provides methods for several attacks such as NTLM and Kerberos authentication attacks, PtH, credential dumping, and packet sniffing.

Question 23

What is mitm6?

Answer 23

mitm6 is an IPv6 DNS hijacking tool that works by first replying to DHCPv6 messages that set the malicious actor as DNS server. It will then reply to DNS queries with bogus IP addresses that redirect the victim to another malicious host.

Question 24

What is ScoutSuite?

Answer 24

ScoutSuite is an open-source tool written in Python that can be used to audit instances and policies created on multicloud platforms. It collects data from the cloud using API calls and then compiles a report of all the object discovered.

Question 25

What is Pacu?

Answer 25

Pacu is designed as an exploitation framework focusing on the post-compromise phase in order to escalate privileges, launch additional attacks or install a backdoor.

Question 26

What is Cloud Custodian?

Answer 26

Cloud Custodian is an open-source cloud security, governance and management tool designed to help the administrator create policies based on resource types.

Question 27

What is Reaver?

Answer 27

Reaver is a tool included in Kali Linux, used to brute force WPS PIN by sending numerous PINS to the access points that are using WPS. This can take quite a while and many manufacturers have built-in defense mechanisms to defend against this type of attack.

Question 28

What is Kismet?

Answer 28

Kismet is a wireless sniffer, network detector and intrusion detection system and is standard included in Kali Linux.

Question 29

What is Wifite2?

Answer 29

Wifite2 is a wireless auditing tool you can use to assess the WLAN. Once launched, Wifite2 can begin a site survey, identifying any active targets and displaying a list of known targets and hidden AP’s along with the type of encryption used. Wifite2 can also launch a variety of attacks to retrieve the password of a WAP.

Question 30

What is Spooftooph?

Answer 30

Spooftooph is a tool able to either spoof or clone a Bluetooth device. By spoofing the device, name, class and address, the device will blend into the background and hide in plain sight whenever someone scans for Bluetooth devices.

Question 31

What is Fern?

Answer 31

Fern is a Python-based program used to test wireless networks. It is able to recover WEP/WPS/WPA keys using a variety of methods, including bruteforce, dictionairy, session hijacking, replay and MITM attacks.

Question 32

What is EAPHammer?

Answer 32

EAPHammer is a Python-based toolkit with a wide range of features. Included in Kali Linux, it provides several options that the team can use to launch an attack on a WPA2-Enterprise 802.11a or 802.11n network.

Question 33

What is MDK4?

Answer 33

MDK4 is a powerful Linux based tool that features a wide range of attacks. It supports 2.4 to 5GHz and has 9 different attack modules, such as for a deauth, a DoS or a bruteforce.

Question 34

What is GoBuster?

Answer 34

GoBuster can discover subdomains, directories and files by brute-forcing from a list of common names. This can provide information that was otherwise not available.

Question 35

What is Wapiti?

Answer 35

Wapiti is a web application vulnerability scanner which will automatically navigate a webapp looking for areas where it can inject data. Several modules can be enabled/disabled to target different vulnerabilities.

Question 36

What is WordPress Security Scanner (WPSCAN)?

Answer 36

WPScan automatically gathers data about a WordPress site and compares findings such as plugins against a database of known vulnerabilities. It provides useful information on findings, including plugin version and references to the vulnerability such as CVE number and link.

Question 37

What is Brakeman?

Answer 37

Brakeman is a static code analysis security tool for Ruby on Rails applications. It checks for vulnerabilities and provides confidence level of finding (high, medium, weak).

Question 38

What is the Web Application Attack and Audit Framework (w3af)?

Answer 38

w3af allows you to identify and exploit a large set of web-based vulnerabilities, such as SQLi and XSS.

Question 39

What is truffleHog?

Answer 39

truffleHog is a Git secrets search tool. It can automatically crawl through a repository looking for accidental commits of secrets. GitHub secrets allow code commits, which will allow an attacker to modify code in a repository.

Question 40

What is CrackMapExec?

Answer 40

CrackMapExec is a post-exploitation tool to identify vulnerabilities in active directory environments.

Question 41

What is Empire?

Answer 41

Empire is a Command and Control (C2) framework that makes use of PowerShell for common post-exploitation tasks on Windows. It also has a Python component for Linux. It implements the ability to run PowerShell agents without needing powershell.exe and has modules ranging from key loggers to Mimikatz.

Question 42

What is Secure Shell (SSH)?

Answer 42

SSH is a modern answer to Telnet’s lack of encryption and other security mechanisms. Some systems, particularly Linux, have SSH enabled by default. If you know the credentials of an account on the system you are trying to access, you can use them to authenticate. However, some configurations require the use of a digital certificate and keypair for authentication.

Question 43

What is Netcat?

Answer 43

Netcat is a command-line utility used to read from or write to TCP, UDP or Unix domain socket network connections. Highly versatile but does not use encryption.

Question 44

What is Ncat?

Answer 44

Ncat is a tool developed for Nmap as an improvement over Netcat, not only retaining most of the functionality, bud also adding more, of which an important one is support for SSL encryption.

Question 45

What is OllyDbg?

Answer 45

OllyDbg is a debugger included with Kali Linux that analyzes binary code found in 32-bit Windows applications.

Question 46

What is Immunity Debugger?

Answer 46

Immunity Debugger is a debugger that includes both CLIs and GUIs and that can load and modify Python scripts during runtime.

Question 47

What is GNU Debugger (GDB)?

Answer 47

GDB is an open-source debugger that works on most Unix and Windows versions, along with MacOS.

Question 48

What is WinDbg?

Answer 48

WinDbg is a free debugging tool created and distributed by Microsoft for Windows OS.

Question 49

What is Interactive Disassembler (IDA)?

Answer 49

IDA is a commercial disassembler and debugging tool with support for numerous processors and file formats.

Question 50

What is Ghidra?

Answer 50

Ghidra is an open-source reverse engineering tool developed by the NSA. It has a disassembler and decompiler component and can make use of GDB and WinDbg for debugging.

Question 51

What is Covenant?

Answer 51

Covenant is an open-source .NET framework with a focus on penetration testing but has a development and debugging component.

Question 52

What is Cain?

Answer 52

Cain is a cracking and dumping tool that was successfully used for many years. Today, replaced by tools like hashcat nor John the Ripper for cracking and tools like mimikatz for dumping.

Question 53

What is mimikatz?

Answer 53

Mimikatz is a tool that gathers credentials by extracting key elements from memory such as cleartext passwords, hashes and PIN codes.

Question 54

What is hashcat?

Answer 54

Hashcat is a modern password and hash cracking tool that can speed up the process by using different attack methods (dictionary, mask, hybrid) to add complexity and variability. Also supports the use of GPU for parallel cracking.

Question 55

What is medusa?

Answer 55

Medusa is a parallel brute-forcer for network logins. Its focus is to support numerous network services that allow remote authentication.

Question 56

What is hydra?

Answer 56

Similar to medusa, it supports parallel testing of several network authentications. It comes bundled with a tool called pw-inspect that allows for analyzing a dictionary and printing only the ones that match password requirements.

Question 57

What is CeWL?

Answer 57

CeWL generates word lists based on automatically navigating a website and collecting words from text as well as author/creator metadata from files that are found.

Question 58

What is John the Ripper?

Answer 58

John the Ripper is a cracking tool, which is highly optimized, can identify a large set of hashed with its community edition (“Jumbo”) and can run on multiple platforms.

Question 59

What is Patator?

Answer 59

Patator is a multi-purpose brute-forcer which supports several different methods, including ftp, ssh, smb, vnc and zip passwords.

Question 60

What is Nessus?

Answer 60

Nessus is a well-established vulnerability scanner.