Last active
January 21, 2021 02:05
-
-
Save orangepeelbeef/0745beabdd8cafaac1260ab6b72ccc74 to your computer and use it in GitHub Desktop.
Hacking/CTF tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generic Tools: | |
CyberChef | |
This tool works in many categories, Encode/Decode, file detection, file carving, etc. Very very very handy | |
https://gchq.github.io/CyberChef/ | |
strings | |
extract all strings from a file | |
ex: strings myfile, or strings myfile -n 10 (get all strings with length at least 10) | |
file: | |
unix file command, determine file type | |
ex: file Templeton_Peck.jpg | |
Templeton_Peck.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 224x280, components 3 | |
hex editor: | |
there are a lot of good hex editors out there, and sometimes examining a file manually is enough to find the data you need | |
bless is pretty good, but 010 editor knows binary file signatures so it's pretty much the best | |
https://www.sweetscape.com/download/010editor/ | |
hexdump: | |
commandline hex dumper | |
ex: hexdump -C | |
xxd: | |
https://www.tutorialspoint.com/unix_commands/xxd.htm | |
# Image Metadata: | |
exiftool | |
ex: exiftool myfile | |
zsteg PNG & BMP | |
https://github.com/zed-0xff/zsteg | |
# File Carving: | |
foremost | |
ex: foremost myfile -o outputdir | |
binwalk | |
ex: binwalk -e myfile | |
# Password cracking: | |
john the ripper | |
john itself is pretty good at cracking although a bit slow, however it comes with a ton of great tools for getting hashes out of files | |
(office2john, pdf2john) | |
ex: john filename | |
hashcat | |
hashcat is generally much faster than john because it uses GPU instead of CPU, it is a lot more complicated and has a ton of modes and rules | |
hashcat can use the hashes gathered with office2john, etc | |
ex cracking word 2013 document pw: | |
hashcat -a 0 -m 9600 --username office_hash.txt rockyou.txt -O | |
ex usage of rules, you can use multiple | |
hashcat -a 0 -m 0 cracklist.db wordlist.txt -r /usr/share/hashcat/rules/best64.rule -O | |
ex combination attack left and right wordlists (change the order if you want to try them flipped) | |
hashcat -a 1 -m 0 cracklist.db biology rockyou.txt | |
ex incremental mask attack (adds digits and symbols to the end of everything in wordlist) | |
hashcat -a 6 -m 0 cracklist.db francais.txt -1 ?d?s ?1?1?1?1?1 -i | |
ex incremental mask attack (add digits and symbols to the front of everything in wordlist) | |
hashcat -a 7 -m 0 cracklist.db -1 ?d?s ?1?1?1?1?1 francais.txt -i | |
# Wordlists for pw cracking & fuzzing: | |
https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/big-list-of-naughty-strings.txt | |
rockyou | |
dirb (usually /usr/share/dirb/wordlists/) | |
CeWL takes a webpage and makes a wordlist out of it (seems buggy in testing, especially with unicode characters) | |
wyd takes a file and makes a wordlist | |
cupp gather osint data and make a wordlist, or expand an existing wordlit | |
crunch make wordlists from character sets | |
ex: crunch 3 3 ABCDEFGHIJKLMNOPQRSTUVWXYZ (all combinations of uppercase letters of length 3) | |
# Ports: | |
nmap | |
syn scan all tcp ports | |
ex: nmap -sS -p1:65535 somehost | |
scan all TCP & UDP ports | |
ex: nmap -sU -sT -p- somehost | |
# DNS tools: | |
dnsrecon | |
ex: dnsrecon -d somehost | |
dnsrecon bruteforce | |
ex: dnsrecon -d somehost -t brt wordlist.txt | |
fierce | |
ex: fierce somehost | |
dnsenum | |
# Web application tools: | |
Proxies: | |
burpsuite (usually runs on 8080) | |
fiddler (runs on 8888) | |
parosproxy (runs on 8080) | |
Crawlers: | |
gobuster | |
dirbuster | |
dirsearch | |
dirb | |
Specialized Tools | |
sqlmap (look for sql injection vulns when you find a vulnerable endpoint) | |
gitTools https://github.com/internetwache/GitTools (things for exposed .git dirs) | |
# Fuzzing | |
Hydra | |
Wfuzz | |
ex: wfuzz -z file,${WORDLIST} -b cookie=value -d "title=FUZZ&body=FUZZ" --sc 500 https://host/api/entry | |
# Vulnerability Scanners: | |
nessus | |
nikto (web app vuln scanner) | |
https://www.rapid7.com/info/nexpose-community/ | |
# Software Defined Radio/Audio signal stuff: | |
fldigi | |
you can get data straight from the sound card with fldigi | |
gqrx | |
reads from an SDR or recorded SDR files and can do a lot of things | |
can also output to a network stream for piping into multimon-ng | |
multimon-ng | |
decoders for a ton of different signal types, morse, pocsag, etc | |
very nice chained from gqrx via sox | |
https://www.bastibl.net/pocsag/ | |
# Cryptography/Encryption/Encoding | |
https://charcharbinks.com/post/ctf_crypto_for_beginners/ | |
# Useful Cheatsheets | |
usefull commands shell/exploits https://gtfobins.github.io/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment