Tools

Question 1

hping

Answer 1

port scanner that can send out any kind of TCP, UDP, or ICMP packet, or can receive packets from targets. hping3 is current.

Question 2

netcat

Answer 2

run with nc, very flexible tool. Can open any port on a local system, making the system act like a sandbox. Port scanner as well as port redirector.

Question 3

cURL

Answer 3

Linux terminal tool enables any form of file transfer. Supports a lot of protocols for file transfer

Question 4

theHarvester

Answer 4

a program designed to search OSINT for information about domains, with an emphasis on e-mail messages. Very good at finding where domain e-mail messages are used, uses many sources

Question 5

Sn1per

Answer 5

pen testing reconnaissance framework and automated attack tool. works with other popular tools like NMap, Metasploit to gather info about the target. Very powerful.

Question 6

scanless

Answer 6

a Python 3 command-line utility and library for using Web sites that can perform port scans on your behalf

Question 7

dnsenum

Answer 7

DNS enumeration - finds all the DNS servers for a specific domain - important step for many types of pen testing

Question 8

Cuckoo Sandbox

Answer 8

malware analyzer. Run it with a suspicious file, and the program will analyze it for malware. Very powerful and easy to use, is constantly updated for new forms of malware and often more aware than many anti-malware tools

Question 9

tcpreplay

Answer 9

pcap file type is the standard way to store and analyze packet captures. tcpreplay enables you to edit and replacy pcap files out to your network.

Question 10

libpcap

Answer 10

Linux packet sniffer, usually installed with the protocol or packet analyzer

Question 11

WinPcap

Answer 11

Windows packet sniffer

Question 12

Wireshark

Answer 12

most popular protocol analyzer software, works great and is free. Windows and Linux.

Question 13

nmap

Answer 13

most commonly used network scanner, available for many OS’s. Can detect non-secure hosts on the network, command line and GUI

Question 14

Nessus

Answer 14

network-based vulnerability scanner, can send specially crafted network traffic to a host, can show vulnerabilities like unsecure protocols, weak encryption, open file shares, etc.

Question 15

Metasploit

Answer 15

A platform for penetration testing by the “good guys”. The go-to tool for pen testing. Incredible powerful and dangerous toolset when used incorrectly.

Question 16

ping

Answer 16

query another system on a TCP/IP network to determine connectivity. Runs 4 times on Windows and stops automatically. Runs continuously in Linux until you press CTRL-C.
-a: Resolve addresses to hostnames
-t: run continuously
-f: Don’t Fragment flag in packet (IPv4)
-4: force using IPv4
-6: Force using IPv6

Question 17

ipconfig

Answer 17

Windows utility, show current status of the network settings for a host system.
/all Get exhaustive listing of every IP and Ethernet setting
/release release the DHCP IP address lease
/renew renew the DHCP IP address lease
/flushdns clear the host’s DNS cache
/displaydns Display host’s DNS cache

Question 18

ifconfig

Answer 18

UNIX/Linux and macOS utility. Show the current status of the network settings for a host system.

Question 19

ip

Answer 19

Linux utility. IP command replaces ifconfig, doing many of the same tasks like viewing IP info on a system, checking statuses of network connections, managing routing, starting or stopping an ethernet interface. Shorter switch names.

Question 20

arp

Answer 20

Observe and administer the mapped IPv4-to-Ethernet addresses for the local network. Windows and linux use the same switches. Only for IPv4!
Enables detection of ARP spoofing. provides the MAC address for the spoofing system.

Question 21

netstat

Answer 21

Windows, Linux tool for getting info needed on the host system’s TCP and UDP connections, status of all open and listening ports, and other items like the routing table.
Shows all active connections between a host and other hosts.
netstat -a adds listening ports. Finding hidden servers or malware on a host.
netstat -b displays executable file making the connection

Question 22

route

Answer 22

display and edit a host’s routing table. Enables you to find problems if packets leave your system but don’t get a response. Linux: route
Windows is route print.

Question 23

netcat (nc)

Answer 23

uses ‘nc’, Linux terminal program, enables you to make any type of connection and see the results from a command line. primitive tool but can be great for penetration testing or hacking if you know the right commands
Handy scanning command. Can make your system listen on a port number

Question 24

tracert/traceroute

Answer 24

Windows = tracert
Linux = traceroute
How packets are routed from a host to an endpoint. These commands send packets to each connection between the host and endpoint, checking the TTL (time to live) between connections.
Running it before there are any problems

Question 25

pathping

Answer 25

Windows-only utility. Combination of tracert and ping. Pathping runs a traceroute, then pings each hop 100 times, determines latency accurately, but is slower than tracert. Forces no DNS resolution and requires only IPv4 addresses.

Question 26

TCPView/PingPlotter

Answer 26

Graphical tools for things like netstat, ping/traceroute

Question 27

nslookup

Answer 27

DNS tool in both Windows and Linux: queries DNS servers (assuming the DNS server is configured to respond) and returns detailed information about any DNS domain. You can run nslookup to ask a DNS server for all the NS (name server) records for any domain. Can be used for evil purposes.

Question 28

dig

Answer 28

Linux-based DNS querying tool, many advantages over nslookup. Works with the host’s DNS settings, as opposed to nslookup which ignores the host’s DNS settings. Works well with scripting tools.

Question 29

cat

Answer 29

Linux utility that combines (concatenates) files, create files, or view the contents of any text file.

Question 30

chmod

Answer 30

enables you to change permissions on Linux for a file or directory.

Question 31

grep

Answer 31

looks for search terms, strings, inside text files and returns any line of that text file containing the string you requested.

Question 32

head/tail

Answer 32

beginning and ends of text files. First ten lines, last ten lines

Question 33

logger

Answer 33

add text to log files manually

Question 34

Powershell

Answer 34

Shell environment introduced by Microsoft in 2006, best combination of shell and scripting language, for Windows. Built-in scripting language. Supports Javascript, Python

Question 35

Python

Answer 35

go-to scripting language for anything cross-platform

Question 36

SSH

Answer 36

Secure Shell protocol, can manifest a terminal to a remote machine, assuming you have a username and password on that remote machine (and its running an SSH-compatible server). Runs on TCP port 22. SSH servers and clients must first create an encrypted connection. SSH server must generate SSH keys, a traditional RSA asymmetric key pair. OpenSSH

Question 37

Angry IP Scanner

Answer 37

simple network scanner, uses simple protocols, mainly ping, to query a single IPv4 address or an address range. Good for a single network ID and does some basic port scanning

Question 38

IP Scanner

Answer 38

macOS - simple network scanner, uses simplest protocols to query a local network

Question 39

NMap

Answer 39

powerful network scanner - the gold standard for TCP/IP network scanners early on, had retained its prominence, updating.
Command-line tool with a powerful and complex number of switches and options.
By default, scans the 1000 most common port numbers by default. can scan an entire network ID. -v increases “verbosity”, more info. Works fine for any public-facing server.

Question 40

Zenmap

Answer 40

graphical tool for Zenmap, great GUI.

Question 41

Wireshark

Answer 41

protocol analyzer/packet sniffer, developed in 1998, powerful and free and works on all major OSes. default GUI very common. Enables an application programming interface (API) to enable a Network Interface Card (NIC) to ingest all traffic passing by, using the libpcap API in Linux or WinPcap API on Windows.

Question 42

tcpdump

Answer 42

Linux protocol analyzer/packet sniffer, older than Wireshark

Question 43

journalctl

Answer 43

Linux, displays all logs in a system in a single format. logger

Question 44

syslog

Answer 44

complete protocol for the transmission and storage of Linux logs into a single syslog server. once theyre all stored in a single location, can use tools like journalctl to monitor the entire network

Question 45

Simple Network Management Protocol (SNMP)

Answer 45

enables proactice monitoring of networkhosts in real time. Is a bandwidth monitor. have an agent isntalled on them that can report certain types of data back to a centralizer monitoring server. Agent is configured with a Management Information Base (MIB)

Question 46

NetFlow/sflow

Answer 46

Cisco-based utility that provides real-time information about all the IP traffic in a system. sFlow provides similar info but runs in hardware. NetFlow is software.

Question 47

IPFIX (internet protocol flow information export)

Answer 47

spawned from NetFlow version 9, has more flexibility in the types of information that can be combined and saved for analysis. IPFIX is an Internet Engineering Task Force (IETF) specification

Question 48

dig

Answer 48

Domain Info Groper - command-line tool in non-Windows systems used to diagnose DNS problems

Question 49

FTK Imager

Answer 49

a free tool that can image both systems and memory, can be used on Windows systems… Commercial software suite for analyzing system images and other digital evidence

Question 50

dd

Answer 50

Linux and macOS terminal command used to create full disk images