Skip to content

Instantly share code, notes, and snippets.

@orangepeelbeef
Last active January 21, 2021 02:05
Show Gist options
  • Save orangepeelbeef/0745beabdd8cafaac1260ab6b72ccc74 to your computer and use it in GitHub Desktop.
Save orangepeelbeef/0745beabdd8cafaac1260ab6b72ccc74 to your computer and use it in GitHub Desktop.
Hacking/CTF tools
# Generic Tools:
CyberChef
This tool works in many categories, Encode/Decode, file detection, file carving, etc. Very very very handy
https://gchq.github.io/CyberChef/
strings
extract all strings from a file
ex: strings myfile, or strings myfile -n 10 (get all strings with length at least 10)
file:
unix file command, determine file type
ex: file Templeton_Peck.jpg
Templeton_Peck.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 224x280, components 3
hex editor:
there are a lot of good hex editors out there, and sometimes examining a file manually is enough to find the data you need
bless is pretty good, but 010 editor knows binary file signatures so it's pretty much the best
https://www.sweetscape.com/download/010editor/
hexdump:
commandline hex dumper
ex: hexdump -C
xxd:
https://www.tutorialspoint.com/unix_commands/xxd.htm
# Image Metadata:
exiftool
ex: exiftool myfile
zsteg PNG & BMP
https://github.com/zed-0xff/zsteg
# File Carving:
foremost
ex: foremost myfile -o outputdir
binwalk
ex: binwalk -e myfile
# Password cracking:
john the ripper
john itself is pretty good at cracking although a bit slow, however it comes with a ton of great tools for getting hashes out of files
(office2john, pdf2john)
ex: john filename
hashcat
hashcat is generally much faster than john because it uses GPU instead of CPU, it is a lot more complicated and has a ton of modes and rules
hashcat can use the hashes gathered with office2john, etc
ex cracking word 2013 document pw:
hashcat -a 0 -m 9600 --username office_hash.txt rockyou.txt -O
ex usage of rules, you can use multiple
hashcat -a 0 -m 0 cracklist.db wordlist.txt -r /usr/share/hashcat/rules/best64.rule -O
ex combination attack left and right wordlists (change the order if you want to try them flipped)
hashcat -a 1 -m 0 cracklist.db biology rockyou.txt
ex incremental mask attack (adds digits and symbols to the end of everything in wordlist)
hashcat -a 6 -m 0 cracklist.db francais.txt -1 ?d?s ?1?1?1?1?1 -i
ex incremental mask attack (add digits and symbols to the front of everything in wordlist)
hashcat -a 7 -m 0 cracklist.db -1 ?d?s ?1?1?1?1?1 francais.txt -i
# Wordlists for pw cracking & fuzzing:
https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/big-list-of-naughty-strings.txt
rockyou
dirb (usually /usr/share/dirb/wordlists/)
CeWL takes a webpage and makes a wordlist out of it (seems buggy in testing, especially with unicode characters)
wyd takes a file and makes a wordlist
cupp gather osint data and make a wordlist, or expand an existing wordlit
crunch make wordlists from character sets
ex: crunch 3 3 ABCDEFGHIJKLMNOPQRSTUVWXYZ (all combinations of uppercase letters of length 3)
# Ports:
nmap
syn scan all tcp ports
ex: nmap -sS -p1:65535 somehost
scan all TCP & UDP ports
ex: nmap -sU -sT -p- somehost
# DNS tools:
dnsrecon
ex: dnsrecon -d somehost
dnsrecon bruteforce
ex: dnsrecon -d somehost -t brt wordlist.txt
fierce
ex: fierce somehost
dnsenum
# Web application tools:
Proxies:
burpsuite (usually runs on 8080)
fiddler (runs on 8888)
parosproxy (runs on 8080)
Crawlers:
gobuster
dirbuster
dirsearch
dirb
Specialized Tools
sqlmap (look for sql injection vulns when you find a vulnerable endpoint)
gitTools https://github.com/internetwache/GitTools (things for exposed .git dirs)
# Fuzzing
Hydra
Wfuzz
ex: wfuzz -z file,${WORDLIST} -b cookie=value -d "title=FUZZ&body=FUZZ" --sc 500 https://host/api/entry
# Vulnerability Scanners:
nessus
nikto (web app vuln scanner)
https://www.rapid7.com/info/nexpose-community/
# Software Defined Radio/Audio signal stuff:
fldigi
you can get data straight from the sound card with fldigi
gqrx
reads from an SDR or recorded SDR files and can do a lot of things
can also output to a network stream for piping into multimon-ng
multimon-ng
decoders for a ton of different signal types, morse, pocsag, etc
very nice chained from gqrx via sox
https://www.bastibl.net/pocsag/
# Cryptography/Encryption/Encoding
https://charcharbinks.com/post/ctf_crypto_for_beginners/
# Useful Cheatsheets
usefull commands shell/exploits https://gtfobins.github.io/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment