Difference between revisions of "Kali tools"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) |
Rafahsolis (talk | contribs) |
||
| Line 123: | Line 123: | ||
vega (GUI) | vega (GUI) | ||
| + | == Rebind == | ||
| + | IP rebind attack for routers | ||
| + | <nowiki> | ||
| + | Rebind v0.3.4 | ||
| + | |||
| + | Usage: rebind [OPTIONS] | ||
| + | |||
| + | -i <interface> Specify the network interface to bind to | ||
| + | -d <fqdn> Specify your registered domain name | ||
| + | -u <user> Specify the Basic Authentication user name [admin] | ||
| + | -a <pass> Specify the Basic Authentication password [admin] | ||
| + | -r <path> Specify the initial URL request path [/] | ||
| + | -t <ip> Specify a comma separated list of target IP addresses [client IP] | ||
| + | -n <time> Specify the callback interval in milliseconds [2000] | ||
| + | -p <port> Specify the target port [80] | ||
| + | -c <port> Specify the callback port [81] | ||
| + | -C <value> Specify a cookie to set for the client | ||
| + | -H <file> Specify a file of HTTP headers for the client to send to the target</nowiki> | ||
Revision as of 11:59, 17 April 2015
crunch
Word list creation. Example:
crunch 6 6 + + + -o 6charcapslowernumber.txt
generates: 6 char pwd list, lowercase, uppercase and numbers
Hydra
SSH bruteforce
hidra -s 22 -v -V -l root -P <path_to_wordlist> -e -ns -t 16 192.168.0.101 ssh
patator
Patator v0.5 (http://code.google.com/p/patator/) Usage: patator.py module --help Available modules: + ftp_login : Brute-force FTP + ssh_login : Brute-force SSH + telnet_login : Brute-force Telnet + smtp_login : Brute-force SMTP + smtp_vrfy : Enumerate valid users using SMTP VRFY + smtp_rcpt : Enumerate valid users using SMTP RCPT TO + finger_lookup : Enumerate valid users using Finger + http_fuzz : Brute-force HTTP + pop_login : Brute-force POP3 + pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/) + imap_login : Brute-force IMAP4 + ldap_login : Brute-force LDAP + smb_login : Brute-force SMB + smb_lookupsid : Brute-force SMB SID-lookup + vmauthd_login : Brute-force VMware Authentication Daemon + mssql_login : Brute-force MSSQL + oracle_login : Brute-force Oracle + mysql_login : Brute-force MySQL + mysql_query : Brute-force MySQL queries + pgsql_login : Brute-force PostgreSQL + vnc_login : Brute-force VNC + dns_forward : Forward lookup names + dns_reverse : Reverse lookup subnets + snmp_login : Brute-force SNMP v1/2/3 + unzip_pass : Brute-force the password of encrypted ZIP files + keystore_pass : Brute-force the password of Java keystore files + tcp_fuzz : Fuzz TCP services + dummy_test : Testing module
webscarab
smali
usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*
assembles a set of smali files into a dex file
-?,--help prints the help message then exits. Specify twice for debug options
-a,--api-level <API_LEVEL> The numeric api-level of the file to generate, e.g. 14 for ICS. If not
specified, it defaults to 14 (ICS).
-o,--output <FILE> the name of the dex file that will be written. The default is out.dex
-v,--version prints the version then exits
-x,--allow-odex-instructions allow odex instructions to be compiled into the dex file. Only a few
instructions are supported - the ones that can exist in a dead code path and
not cause dalvik to reject the class
paros
Gui crawler
oscanner
Oracle Scanner 1.0.6 by patrik@cqure.net -------------------------------------- OracleScanner -s <ip> -r <repfile> [options] -s <servername> -f <serverlist> -P <portnr> -v be verbose
dirbuster
another bruteforce application
dbpwaudit
DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net> ---------------------------------------------------- DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options] -s - Server name or address. -p - Port of database server/instance. -d - Database/Instance name to audit. -D - The alias of the driver to use (-L for aliases) -U - File containing usernames to guess. -P - File containing passwords to guess. -L - List driver aliases.
casefile
Vulnerability Scan uniscan
#################################### # Uniscan project # # http://uniscan.sourceforge.net/ # #################################### V. 6.2 OPTIONS: -h help -u <url> example: https://www.example.com/ -f <file> list of url's -b Uniscan go to background -q Enable Directory checks -w Enable File checks -e Enable robots.txt and sitemap.xml check -d Enable Dynamic checks -s Enable Static checks -r Enable Stress checks -i <dork> Bing search -o <dork> Google search -g Web fingerprint -j Server fingerprint usage: [1] perl ./uniscan.pl -u http://www.example.com/ -qweds [2] perl ./uniscan.pl -f sites.txt -bqweds [3] perl ./uniscan.pl -i uniscan [4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx" [5] perl ./uniscan.pl -o "inurl:test" [6] perl ./uniscan.pl -u https://www.example.com/ -r report saved to: /usr/share/uniscan/report/www.example.com.html
vega (GUI)
Rebind
IP rebind attack for routers
Rebind v0.3.4 Usage: rebind [OPTIONS] -i <interface> Specify the network interface to bind to -d <fqdn> Specify your registered domain name -u <user> Specify the Basic Authentication user name [admin] -a <pass> Specify the Basic Authentication password [admin] -r <path> Specify the initial URL request path [/] -t <ip> Specify a comma separated list of target IP addresses [client IP] -n <time> Specify the callback interval in milliseconds [2000] -p <port> Specify the target port [80] -c <port> Specify the callback port [81] -C <value> Specify a cookie to set for the client -H <file> Specify a file of HTTP headers for the client to send to the target