Dara Security

Tools Used in Testing

Dara Security utilizes a variety of tools for network and application penetration testing, as well as wireless assessments and social engineering exercises. Below are basic tools categories and a list of the tools that Dara utilizes in assessments. Note that many tools and scripts are utilized as needed, depending on the type of assessment and the services detected.

 

Exploit Tools and Kits

Konboot - Used to bypass Windows and MacOS logins

Metasploit - A project developed by Rapid7 to scan and exploit known vulnerabilities

Smbexec - Used to grab hashes out of a Domain Controller and reverse shells

Veil - Used to create python based Meterpreter executables

 

Forensic Tools (Pentesting)

Windows Credential Editor - Used to pull passwords from memory

Mimikatz - Used to pull passwords from memory

 

General Purpose

Amap - An application scanner and identifier

cUrl - A command line tool for transferring data with URL syntax with support for many protocols

dns2tcp - A network tool designed to relay TCP connections through DNS traffic whereby encapsulation is done on the TCP level

Eyewiteness - A tool for capturing screenshots of websites, providing header info, and identifing default credentials

HTTPScreenshot - Used to take snapshots of http and https webpages

Netcat - A networking utility which reads and writes data across TCP/IP connections

Nmap - A powerful open source port scanning tool

Peepingtom - Used to take snapshots of webpages

p0f - Used for purely passive traffic fingerprinting

Wireshark - A network protocol analyzer using for sniffing and analysis of traffic

 

Man in the Middle

Cain & Abel - A windows application for man in the middle attacks, password cracking and more

Ettercap - A comprehensive suite for man in the middle attacks including sniffing, content filtering and injection

Responder - Used to gain NTLM challenge/response hashes by exploiting LLMNR and NetBIOS

tcpdump - Prints out a description of the contents of packets on a network interface

Wireshark - A network protocol analyzer using for sniffing and analysis of traffic

 

Password Attacks

Aircrack-ng - A 802.11 WEP and WPA-PSK key cracking program that can recover keys once enough data packets have been captured

Hydra - A password cracker and brute forcing tool used for many known protocols

John The Ripper - A password and hash cracker known for its speed

Medusa - A speedy, parallel and modular login brute-forcer

Ophcrack - A free Windows password cracker based on rainbow tables

RainbowCrack - A general propose implementation of Philippe Oechslin's faster time-memory trade-off technique for password cracking

Wordhound - A tool to gather words from online documents and social media to create custom password lists

 

Post-Exploitation

bypassuac - A script used for bypassing Windows UAC in post exploitation

Netcat - A networking utility which reads and writes data across TCP/IP connections

Metasploit - A project developed by Rapid7 to scan and exploit known vulnerabilities

Meterpreter - An advanced backdoor that uses a dynamically extensible payload

 

Reconnaissance

dnsrecon - Used for enumeration through DNS

dnssy.com - A website with various DNS tools and reports

ewhois - An enhanced WhoIs lookup used to find out what other websites belong to the same owner

goofile - A script for searching for a specific file type in a given domain

goog-mail - A small Python script that gathers email addresses from Google results on a given domain

goohost - A shell script that extracts hosts, subdomains, IPs or emails for a specific domain with Google

Metasploit - Includes auxiliary modules used for email and user collection

myipneighbors.net - Used to find other virtual hosts hosted on a given web server

Recon-ng - A suite of tools and scripts for passive and active discovery

Spiderfoot - A script that combines many passive analysis techniques to gather hosts and user data

SHODAN - A search engine for computers and devices on the Internet

theHarvester - A tool that gathers emails, subdomains, hosts, employee names, open ports and banners from different public sources

URLCrazy - Used to generate and test domain typos and variations to detect and perform typo squatting

urlvoid.com - A free service that analyzes a website through multiple blacklist engines and online reputation tools

whois - A common tool for domain name searches

 

Social Engineering

BeEF (The Browser Exploitation Framework) - A tool that focuses on the web browser

Social Engineering Toolkit - Used on social engineering campaigns to manipulate and deceive end users

 

Vulnerability Scanners

Angry IP Scanner - A fast network scanner used to identify open ports

Nessus - The most popular commercial vulnerability tool available to detect known threats

Nmap - Includes the Nmap Scripting Engine (NSE) which is used to detect and verify known vulnerabilities and misconfigurations

OpenVAS - The open vulnerabilities assessment system used for vulnerability scanning

QualysGuard - A commercial vulnerability scanner known for up to date plugins and reliability

 

Wireless

Aircrack-ng - A 802.11 WEP and WPA-PSK key cracking program that can recover keys once enough data packets have been captured

inSSIDer - A wireless network scanner

KisMAC - A powerful wireless assessment tool

Kismet - An 802.11 Layer 2 wireless network detector, sniffer, and intrusion detection system

NetStumbler - A widely used wireless hacking tools on Windows

wardrive - An Android application used for collecting information about access points

 

Web Applications

BurpSuite - An intercepting proxy with many tools including a scanner to audit web applications

DirBuster - A multi-threaded application designed to brute force directories and files names on web application servers

Nikto - A scanner that scans web servers and applications for a variety of vulnerabilities

RAFT - A testing tool for the identification of vulnerabilities in web applications

Skipfish - An active web application security reconnaissance tool

Sqlmap - An open source scanner for detecting and exploiting SQL injection

Sqlninja - An open source scanner for exploiting SQL injection

W3af - An open source web application attack and audit framework

Wapiti - A framework for scanning and detecting hundreds of possible web vulnerabilities

Wfuzz - Designed for bruteforcing web applications

wpscan - A vulnerability scanner for WordPress sites

Zed Attack Proxy (ZAP) - An intercepting proxy, scanner and vulnerability finder for web applications