Posts

Showing posts from 2018

Nikto - The powerful WEBSERVER Scanner

Image
Nikto is an Open Source (GPL) web server scanner. It can perform comprehensive tests against web servers for multiple items, for over 6700 potentially dangerous files/programs and can check for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It will also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated or it can be automatically updated. Nikto is not a stealthy tool. It will test a web server in the quickest time possible, and will generate logs in in log files or an IPS/IDS. Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropr

PDFCrack - Password Cracking Tool for PDF-files

Image
PDFcrack is a GNU/Linux tool for cracking password protected PDF files. It is a very small command line application. It is not preinstalled in kali linux. We can install through command line. For installing pdfcrack open a terminal and enter apt install pdfcrack Syntax and options Usage: pdfcrack -f filename [OPTIONS]           : pdfcrack -f filenmae -w passwordfile.txt OPTIONS : -b, --bench perform benchmark and exit -c, --charset=STRING Use the characters in STRING as charset -w, --wordlist=FILE Use FILE as source of passwords to try -n, --minpw=INTEGER Skip trying passwords shorter than this -m, --maxpw=INTEGER Stop when reaching this passwordlength -l, --loadState=FILE Continue from the state saved in FILENAME -o, --owner Work with the ownerpassword -u, --user Work with the userpassword (default) -p, --password=STRING Give userpassword to speed up breaking ownerpassword (implies -o) -q, --quiet Run quietly -s,

HYDRA - The Password Bruteforce tool

Image
Hydra is a login cracker which supports varoius protocols to attack. This tool makes it easy for an attacker or security researcher to gain unauthorized access to a system or web application remotely. To open Hydra Goto Kali >> Applications >> Password Attacks >> Online Attacks >> Hydra Hydra  Syntax and options Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]] Options: -R              restore a previous aborted/crashed session -I               ignore an existing restore file (don't wait 10 seconds) -S              perform an SSL connect -s PORT    if the service is on a different default port, define it here -l  LOGIN or -L FILE login with LOGIN name, or load several logins from FILE -p PASS or -P FI

Nmap - Network Scanning Tool

Image
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and

SPARTA - Network scanning and Penetration Testing Tool

Image
SPARTA is a python GUI application that simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to their toolkit and by displaying all tool output in a convenient way. If less time is spent setting up commands and tools, more time can be spent focusing on analysing results. Features – Run nmap from SPARTA or import nmap XML output. – Transparent staged nmap: get results quickly and achieve thorough coverage. – Configurable context menu for each service. You can configure what to run on discovered services. Any tool that can be run from a terminal, can be run from SPARTA. – You can run any script or tool on a service across all the hosts in scope, just with a click of the mouse. – Define automated tasks for services (ie. Run nikto on every HTTP service, or sslscan on every ssl service). – Default credentials check for most common ser