Changes

218 bytes added , 20:19, 7 February 2020

m

→‎Examples

Line 1: Line 1:

[http://tools.kali.org/tools-listing Tools list]

−

== crunch==

+

==crunch==

Word list creation. Example:

crunch 6 6 + + + + -o 6charcapslowernumber.txt

Line 7: Line 7:

-o --> output file

−

== Examples ==

+

==Examples==

−

crunch 8 10 -f /usr/share/rainbowcrack/charset.txt mixalpha-numericdot -d 1@ -d 1, -d 1% | parallel -j6 python wallet_bruteforce_simple.py

+

+

crunch 8 8 -f /usr/share/rainbowcrack/charset.txt loweralpha-numeric -o loweralpha-numeric_8_8.lst

+

crunch 8 10 -f /usr/share/rainbowcrack/charset.txt mixalpha-numericdot -d 1@ -d 1, -d 1% | parallel -j6 python wallet_bruteforce_simple.py

+

</syntaxhighlight>

−

=== Charsets (-f) ===

+

===Charsets (-f)===

crunch 8 8 -f /usr/share/rainbowcrack/charset.txt mixalpha -o /root/alphawordlist.lst

charset.txt:

−

numeric = [0123456789]

+

numeric = [0123456789]

−

+

−

alpha = [ABCDEFGHIJKLMNOPQRSTUVWXYZ]

+

alpha = [ABCDEFGHIJKLMNOPQRSTUVWXYZ]

−

alpha-numeric = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

+

alpha-numeric = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

−

+

−

loweralpha = [abcdefghijklmnopqrstuvwxyz]

+

loweralpha = [abcdefghijklmnopqrstuvwxyz]

−

loweralpha-numeric = [abcdefghijklmnopqrstuvwxyz0123456789]

+

loweralpha-numeric = [abcdefghijklmnopqrstuvwxyz0123456789]

−

+

−

mixalpha = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]

+

mixalpha = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]

−

mixalpha-numeric = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

+

mixalpha-numeric = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]

−

+

−

ascii-32-95 = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~]

+

ascii-32-95 = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~]

−

ascii-32-65-123-4 = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`{|}~]

+

ascii-32-65-123-4 = [ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`{|}~]

−

alpha-numeric-symbol32-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]</nowiki>

+

alpha-numeric-symbol32-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]</nowiki>

Specifiying charsets on command line:

crunch 6 6 0123456789ABCDEF

Line 33: Line 38:

ABC\!\@\#\$

−

=== Patterns (-t) ===

+

===Patterns (-t)===

crunch 8 8 -t @@@@@@56 -o /root/birthdaywordlist.lst

-t <pattern> = Giving crunch the pattern @@@@@@56. This word generate passwords up to 8 characters (6 lower case variable and 4 fixed) long that all ended with 56.

−

@ -- lower case alpha characters

+

@ -- lower case alpha characters

−

, -- upper case alhpa characters

+

, -- upper case alhpa characters

−

% -- numeric characters

+

% -- numeric characters

−

^ -- special characters (including space)</nowiki>

+

^ -- special characters (including space)</nowiki>

To specify diferent character set for @ follow this example where @ can be one of [123abcDEF]:

crunch 8 8 123abcDEF -t TEST@@@@

Line 55: Line 60:

crunch 8 8 abcdef + 12345 + -t @@,,%%^^

−

=== Limits the number of duplicate characters (-d numbersymbol) ===

+

===Limits the number of duplicate characters (-d numbersymbol)===

Limits the number of duplicate characters. -d 2@ limits the lower case alphabet to output like aab and aac. aaa would not be generated as

that is 3 consecutive letters of a. The format is number then symbol where number is the maximum number of consecutive characters and sym‐

bol is the symbol of the the character set you want to limit i.e. @,%^ See examples 17-19.

−

=== Divided output (-b | -c) ===

+

===Divided output (-b | -c)===

crunch 6 6 0123456789 -b 1mb -o START

Creates 1mb files

Line 69: Line 74:

Divide into files with no more than 200000 lines

−

=== Stop at certain word (-e) ===

+

===Stop at certain word (-e)===

crunch 6 6 -t %%%%%% -e 333333

Creates 6 char numeric wordlist until 333333

−

=== Invert direction from left->wright to wright->left (-i) ===

+

===Invert direction from left->wright to wright->left (-i)===

−

=== Words/Characters permutations (-p | -q) ===

+

===Words/Characters permutations (-p | -q)===

-p: command line

-q: file

Line 87: Line 92:

being test.txt a word list (1 word per line)

−

=== Stop/Resume Wordlist creation (ctrl+c/... -r) ===

+

===Stop/Resume Wordlist creation (ctrl+c/... -r)===

crunch 8 8 0123456789 -o test.txt

Stop the creation with a Ctrl C, then restart with ;

Line 93: Line 98:

Note: if -s was used it must be removed at the resume line

−

=== Start from specific position (-s) ===

+

===Start from specific position (-s)===

crunch 7 7 0123456789 -s 9670549 -o test.txt

Will start at 9670549

−

=== Piping Crunch ===

+

===Piping Crunch===

use: -u |

crunch 8 8 -t %%%%%%%% -u | aircrack-ng -e SSID -w - /pathto/capfile.cap

Line 103: Line 108:

crunch 8 8 -t %%%%%%%% -u | pyrit -i - -r /pathto/capfile.cap -e ESSID attack_passthrough

−

=== Compressing (-z) ===

+

===Compressing (-z)===

−

* gzip (quick)

+

−

* bzip

+

*gzip (quick)

−

* lzma (smallest)

+

*bzip

+

*lzma (smallest)

+

crunch 6 6 -f charset.lst lalpha -o test.txt -z gzip

crunch 6 6 -f charset.lst lalpha -o test.txt -z bzip2

crunch 6 6 -f charset.lst lalpha -o test.txt -z lzma

−

== Hydra ==

+

==Hydra==

−

=== Website Bruteforce ===

+

===Website Bruteforce===

hydra www.example.com -L /usr/share/wordlists/users.txt -P /usr/share/wordlists/passwords.txt -V -f http-get /members

−

=== SSH bruteforce ===

+

===SSH bruteforce===

hydra -s 22 -v -V -l root -P <path_to_wordlist> -e -ns -t 16 192.168.0.101 ssh

−

=== RDP Bruteforce (Port: 3389)===

+

===RDP Bruteforce (Port: 3389)===

hydra -t 2 -V -f -l administrator -P rockyou.txt rdp://10.28.0.196

With ncrack

ncrack -vv -U common.usr -P top50000.pwd -T 4 10.28.0.161:3389

−

== metagoofil ==

+

==metagoofil==

python metagoofil.py –d www.victima.com –l 20 –f pdf –o out.html –t out-files”

Line 135: Line 142:

-t = directorio que contendrá los archivos descargado

−

== patator ==

+

==patator==

<nowiki>Patator v0.5 (http://code.google.com/p/patator/)

−

Usage: patator.py module --help

+

Usage: patator.py module --help

−

+

−

Available modules:

+

Available modules:

−

+ ftp_login : Brute-force FTP

+

+ ftp_login : Brute-force FTP

−

+ ssh_login : Brute-force SSH

+

+ ssh_login : Brute-force SSH

−

+ telnet_login : Brute-force Telnet

+

+ telnet_login : Brute-force Telnet

−

+ smtp_login : Brute-force SMTP

+

+ smtp_login : Brute-force SMTP

−

+ smtp_vrfy : Enumerate valid users using SMTP VRFY

+

+ smtp_vrfy : Enumerate valid users using SMTP VRFY

−

+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO

+

+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO

−

+ finger_lookup : Enumerate valid users using Finger

+

+ finger_lookup : Enumerate valid users using Finger

−

+ http_fuzz : Brute-force HTTP

+

+ http_fuzz : Brute-force HTTP

−

+ pop_login : Brute-force POP3

+

+ pop_login : Brute-force POP3

−

+ pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)

+

+ pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)

−

+ imap_login : Brute-force IMAP4

+

+ imap_login : Brute-force IMAP4

−

+ ldap_login : Brute-force LDAP

+

+ ldap_login : Brute-force LDAP

−

+ smb_login : Brute-force SMB

+

+ smb_login : Brute-force SMB

−

+ smb_lookupsid : Brute-force SMB SID-lookup

+

+ smb_lookupsid : Brute-force SMB SID-lookup

−

+ vmauthd_login : Brute-force VMware Authentication Daemon

+

+ vmauthd_login : Brute-force VMware Authentication Daemon

−

+ mssql_login : Brute-force MSSQL

+

+ mssql_login : Brute-force MSSQL

−

+ oracle_login : Brute-force Oracle

+

+ oracle_login : Brute-force Oracle

−

+ mysql_login : Brute-force MySQL

+

+ mysql_login : Brute-force MySQL

−

+ mysql_query : Brute-force MySQL queries

+

+ mysql_query : Brute-force MySQL queries

−

+ pgsql_login : Brute-force PostgreSQL

+

+ pgsql_login : Brute-force PostgreSQL

−

+ vnc_login : Brute-force VNC

+

+ vnc_login : Brute-force VNC

−

+ dns_forward : Forward lookup names

+

+ dns_forward : Forward lookup names

−

+ dns_reverse : Reverse lookup subnets

+

+ dns_reverse : Reverse lookup subnets

−

+ snmp_login : Brute-force SNMP v1/2/3

+

+ snmp_login : Brute-force SNMP v1/2/3

−

+ unzip_pass : Brute-force the password of encrypted ZIP files

+

+ unzip_pass : Brute-force the password of encrypted ZIP files

−

+ keystore_pass : Brute-force the password of Java keystore files

+

+ keystore_pass : Brute-force the password of Java keystore files

−

+ tcp_fuzz : Fuzz TCP services

+

+ tcp_fuzz : Fuzz TCP services

−

+ dummy_test : Testing module

+

+ dummy_test : Testing module

−

</nowiki>

+

</nowiki>

−

== webscarab ==

+

==webscarab==

−

== smali ==

+

==smali==

−

usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*

+

usage: java -jar smali.jar [options] [--] [<smali-file>|folder]*

−

assembles a set of smali files into a dex file

+

assembles a set of smali files into a dex file

−

-?,--help prints the help message then exits. Specify twice for debug options

+

-?,--help prints the help message then exits. Specify twice for debug options

−

-a,--api-level <API_LEVEL> The numeric api-level of the file to generate, e.g. 14 for ICS. If not

+

-a,--api-level <API_LEVEL> The numeric api-level of the file to generate, e.g. 14 for ICS. If not

−

specified, it defaults to 14 (ICS).

+

specified, it defaults to 14 (ICS).

−

-o,--output <FILE> the name of the dex file that will be written. The default is out.dex

+

-o,--output <FILE> the name of the dex file that will be written. The default is out.dex

−

-v,--version prints the version then exits

+

-v,--version prints the version then exits

−

-x,--allow-odex-instructions allow odex instructions to be compiled into the dex file. Only a few

+

-x,--allow-odex-instructions allow odex instructions to be compiled into the dex file. Only a few

−

instructions are supported - the ones that can exist in a dead code path and

+

instructions are supported - the ones that can exist in a dead code path and

−

not cause dalvik to reject the class

+

not cause dalvik to reject the class

−

</nowiki>

+

</nowiki>

−

== paros ==

+

==paros==

Gui crawler

−

== oscanner ==

+

==oscanner==

−

Oracle Scanner 1.0.6 by patrik@cqure.net

+

Oracle Scanner 1.0.6 by patrik@cqure.net

−

--------------------------------------

+

--------------------------------------

−

OracleScanner -s <ip> -r <repfile> [options]

+

OracleScanner -s <ip> -r <repfile> [options]

−

-s <servername>

+

-s <servername>

−

-f <serverlist>

+

-f <serverlist>

−

-P <portnr>

+

-P <portnr>

−

-v be verbose

+

-v be verbose

−

</nowiki>

+

</nowiki>

−

== dirbuster ==

+

==dirbuster==

another bruteforce application

−

== dirb ==

+

==dirb==

Bruteforce URL's with wordlist

dirb http://10.28.0.161/

−

== hash-identifier ==

+

==hash-identifier==

−

== dbpwaudit ==

+

==dbpwaudit==

<nowiki> DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net>

−

----------------------------------------------------

+

----------------------------------------------------

−

DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

+

DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

−

+

−

-s - Server name or address.

+

-s - Server name or address.

−

-p - Port of database server/instance.

+

-p - Port of database server/instance.

−

-d - Database/Instance name to audit.

+

-d - Database/Instance name to audit.

−

-D - The alias of the driver to use (-L for aliases)

+

-D - The alias of the driver to use (-L for aliases)

−

-U - File containing usernames to guess.

+

-U - File containing usernames to guess.

−

-P - File containing passwords to guess.

+

-P - File containing passwords to guess.

−

-L - List driver aliases.

+

-L - List driver aliases.

−

</nowiki>

+

</nowiki>

−

== casefile ==

+

==casefile==

−

== Vulnerability Scan uniscan ==

+

==Vulnerability Scan uniscan==

−

####################################

+

####################################

−

# Uniscan project #

+

# Uniscan project #

−

# http://uniscan.sourceforge.net/ #

+

# http://uniscan.sourceforge.net/ #

−

####################################

+

####################################

−

V. 6.2

+

V. 6.2

−

+

−

+

−

OPTIONS:

+

OPTIONS:

−

-h help

+

-h help

−

-u <url> example: https://www.example.com/

+

-u <url> example: https://www.example.com/

−

-f <file> list of url's

+

-f <file> list of url's

−

-b Uniscan go to background

+

-b Uniscan go to background

−

-q Enable Directory checks

+

-q Enable Directory checks

−

-w Enable File checks

+

-w Enable File checks

−

-e Enable robots.txt and sitemap.xml check

+

-e Enable robots.txt and sitemap.xml check

−

-d Enable Dynamic checks

+

-d Enable Dynamic checks

−

-s Enable Static checks

+

-s Enable Static checks

−

-r Enable Stress checks

+

-r Enable Stress checks

−

-i <dork> Bing search

+

-i <dork> Bing search

−

-o <dork> Google search

+

-o <dork> Google search

−

-g Web fingerprint

+

-g Web fingerprint

−

-j Server fingerprint

+

-j Server fingerprint

+

usage:

+

[1] perl ./uniscan.pl -u http://www.example.com/ -qweds

+

[2] perl ./uniscan.pl -f sites.txt -bqweds

+

[3] perl ./uniscan.pl -i uniscan

+

[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"

+

[5] perl ./uniscan.pl -o "inurl:test"

+

[6] perl ./uniscan.pl -u https://www.example.com/ -r

−

~~usage:~~

+

report saved to: /usr/share/uniscan/report/www.example.com.html</nowiki>

−

~~[1] perl ./uniscan.pl -u http://www.example.com/ -qweds~~

−

~~[2] perl ./uniscan.pl -f sites.txt -bqweds~~

−

~~[3] perl ./uniscan.pl -i uniscan~~

−

~~[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"~~

−

~~[5] perl ./uniscan.pl -o "inurl:test"~~

−

~~[6] perl ./uniscan.pl -u https://www.example.com/ -r~~

−

report saved to: /usr/share/uniscan/report/www.example.com.html</nowiki>

vega (GUI)

−

== Rebind ==

+

==Rebind==

IP rebind attack for routers

https://www.youtube.com/watch?v=0duYxPIx8gU

http://rebind.googlecode.com

−

Rebind v0.3.4

+

Rebind v0.3.4

−

+

−

Usage: rebind [OPTIONS]

+

Usage: rebind [OPTIONS]

−

+

−

-i <interface> Specify the network interface to bind to

+

-i <interface> Specify the network interface to bind to

−

-d <fqdn> Specify your registered domain name

+

-d <fqdn> Specify your registered domain name

−

-u <user> Specify the Basic Authentication user name [admin]

+

-u <user> Specify the Basic Authentication user name [admin]

−

-a <pass> Specify the Basic Authentication password [admin]

+

-a <pass> Specify the Basic Authentication password [admin]

−

-r <path> Specify the initial URL request path [/]

+

-r <path> Specify the initial URL request path [/]

−

-t <ip> Specify a comma separated list of target IP addresses [client IP]

+

-t <ip> Specify a comma separated list of target IP addresses [client IP]

−

-n <time> Specify the callback interval in milliseconds [2000]

+

-n <time> Specify the callback interval in milliseconds [2000]

−

-p <port> Specify the target port [80]

+

-p <port> Specify the target port [80]

−

-c <port> Specify the callback port [81]

+

-c <port> Specify the callback port [81]

−

-C <value> Specify a cookie to set for the client

+

-C <value> Specify a cookie to set for the client

−

-H <file> Specify a file of HTTP headers for the client to send to the target</nowiki>

+

-H <file> Specify a file of HTTP headers for the client to send to the target</nowiki>

−

== websploit ==

+

==websploit==

[[Kali_Linux:_Wifi_Jamming|Wifi Jamming]]

Rafahsolis

Bureaucrats, Administrators

2,306

edits

Changes

Kali tools (view source)

Revision as of 20:19, 7 February 2020

Navigation menu

Search