Difference between revisions of "Kali tools"

Tools list

crunch

Word list creation. Example:

crunch 6 6 + + + -o 6charcapslowernumber.txt

generates: 6 char pwd list, lowercase, uppercase and numbers

Hydra

SSH bruteforce

hidra -s 22 -v -V -l root -P <path_to_wordlist> -e -ns -t 16 192.168.0.101 ssh

patator

Patator v0.5 (http://code.google.com/p/patator/)
Usage: patator.py module --help

Available modules:
  + ftp_login     : Brute-force FTP
  + ssh_login     : Brute-force SSH
  + telnet_login  : Brute-force Telnet
  + smtp_login    : Brute-force SMTP
  + smtp_vrfy     : Enumerate valid users using SMTP VRFY
  + smtp_rcpt     : Enumerate valid users using SMTP RCPT TO
  + finger_lookup : Enumerate valid users using Finger
  + http_fuzz     : Brute-force HTTP
  + pop_login     : Brute-force POP3
  + pop_passd     : Brute-force poppassd (http://netwinsite.com/poppassd/)
  + imap_login    : Brute-force IMAP4
  + ldap_login    : Brute-force LDAP
  + smb_login     : Brute-force SMB
  + smb_lookupsid : Brute-force SMB SID-lookup
  + vmauthd_login : Brute-force VMware Authentication Daemon
  + mssql_login   : Brute-force MSSQL
  + oracle_login  : Brute-force Oracle
  + mysql_login   : Brute-force MySQL
  + mysql_query   : Brute-force MySQL queries
  + pgsql_login   : Brute-force PostgreSQL
  + vnc_login     : Brute-force VNC
  + dns_forward   : Forward lookup names
  + dns_reverse   : Reverse lookup subnets
  + snmp_login    : Brute-force SNMP v1/2/3
  + unzip_pass    : Brute-force the password of encrypted ZIP files
  + keystore_pass : Brute-force the password of Java keystore files
  + tcp_fuzz      : Fuzz TCP services
  + dummy_test    : Testing module

webscarab

smali

usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*
assembles a set of smali files into a dex file
 -?,--help                      prints the help message then exits. Specify twice for debug options
 -a,--api-level <API_LEVEL>     The numeric api-level of the file to generate, e.g. 14 for ICS. If not
                                specified, it defaults to 14 (ICS).
 -o,--output <FILE>             the name of the dex file that will be written. The default is out.dex
 -v,--version                   prints the version then exits
 -x,--allow-odex-instructions   allow odex instructions to be compiled into the dex file. Only a few
                                instructions are supported - the ones that can exist in a dead code path and
                                not cause dalvik to reject the class

paros

Gui crawler

oscanner

 
	Oracle Scanner 1.0.6 by patrik@cqure.net
	--------------------------------------
	OracleScanner -s <ip> -r <repfile> [options]
		-s	<servername>
		-f	<serverlist>
		-P	<portnr>
		-v	be verbose

dirbuster

another bruteforce application

dbpwaudit

 DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net>
----------------------------------------------------
DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

	-s - Server name or address.
	-p - Port of database server/instance.
	-d - Database/Instance name to audit.
	-D - The alias of the driver to use (-L for aliases)
	-U - File containing usernames to guess.
	-P - File containing passwords to guess.
	-L - List driver aliases.

casefile

Vulnerability Scan uniscan

2. Uniscan project #
3. http://uniscan.sourceforge.net/ #

V. 6.2

OPTIONS: -h help -u <url> example: https://www.example.com/ -f <file> list of url's -b Uniscan go to background -q Enable Directory checks -w Enable File checks -e Enable robots.txt and sitemap.xml check -d Enable Dynamic checks -s Enable Static checks -r Enable Stress checks -i <dork> Bing search -o <dork> Google search -g Web fingerprint -j Server fingerprint

usage: [1] perl ./uniscan.pl -u http://www.example.com/ -qweds [2] perl ./uniscan.pl -f sites.txt -bqweds [3] perl ./uniscan.pl -i uniscan [4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx" [5] perl ./uniscan.pl -o "inurl:test" [6] perl ./uniscan.pl -u https://www.example.com/ -r