Hack Tools

Docker Images

• https://hub.docker.com/r/szalek/pentest-tools/
• https://hub.docker.com/r/kalilinux/kali-linux-docker/

Kali Linux

• https://www.kali.org/news/official-kali-linux-docker-images/
• https://www.kali.org/downloads/

VirtualBox

• https://www.virtualbox.org/wiki/Linux_Downloads

Linux

• https://techincidents.com/important-penetration-testing-cheat-sheet/

Tails Linux

• https://tails.boum.org

Shodan

• https://www.shodan.io

Burp Suite Scanner

• https://portswigger.net/burp

OWASP Zed Attack Proxy Project

• https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

dirb & gobuster

• https://blog.michalszalkowski.com/security/brute-force-directories-and-files-names-on-web-application-servers/

searchsploit

• https://www.exploit-db.com/searchsploit/#installlinux
• searchsploit -u
• searchsploit -h
• searchsploit ProFTPD
• searchsploit afd windows local

(Subdomain Enumeration) Sublist3r

• https://github.com/aboul3la/Sublist3r
• https://hub.docker.com/r/szalek/pentest-tools/

(Subdomain Enumeration) knock

• https://github.com/guelfoweb/knock
• https://hub.docker.com/r/szalek/pentest-tools/

(Subdomain Enumeration) brutesubs

• https://github.com/anshumanbh/brutesubs

(Subdomain Enumeration)

• https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6
• https://gist.github.com/yamakira/2a36d3ae077558ac446e4a89143c69ab
• Google dorks
• VirusTotal
• DNSdumpster
• Sublist3r
• Certificate Transparency
• dnsrecon.py
• altdns.py
• Finding Autonomous System
• Zone transfer
• ldns-walk

nmap

• nmap -sSV -Pn 127.0.0.1

nslookup

• nslookup example.com

sqlmap

• http://sqlmap.org/
• sqlmap -u {URL}.php?username=adrian --dbs
• sqlmap -u {URL}.php?username=adrian -D {DB_NAME}--tables
• sqlmap -u {URL}.php?username=adrian -T {TABLE-NAME} --columns
• sqlmap -u {URL}.php?username=adrian -T {TABLE_NAME} --dump

nikto

• https://cirt.net/Nikto2
• nikto -host {URL}/ -output /tmp/test.html
• nikto -host {URL}/ -output /tmp/test.csv

whois

• whois --help
• whois www.{URL}

dnsenum

• https://github.com/fwaeytens/dnsenum
• dnsenum --help
• dnsenum {URL}

digbit

• digbit {URL}

sn1per

• http://www.kitploit.com/2017/07/sn1per-automated-pentest-recon-scanner.html
• sniper {URL}

knock

• http://www.kitploit.com/2017/08/knockpy-enumerate-subdomain-scanner.html
• https://github.com/guelfoweb/knock
• knockpy {URL}

webcomment

• https://github.com/szalek/webcomment/tree/master
• webcomment -m url -t http://www.blog.btbw.pl

haveibeenpwned

• api form https://haveibeenpwned.com
• https://github.com/szalek/haveibeenpwned
• haveibeenpwned emails.txt
• haveibeenpwned test@example.com
• haveibeenpwned noexist@btbw.pl

paskto

• http://www.kitploit.com/2017/11/paskto-passive-web-scanner.html
• https://github.com/cloudtracer/paskto
• https://github.com/szalek/paskto (Fork)
• paskto --help

shred

• https://www.hackers-arise.com/single-post/2017/10/17/Mr-Robot-Hacks-Season-3-How-Elliot-Covered-his-Tracks
• shred -f -n 3 test.txt

netdiscover

• sudo apt install netdiscover
• sudo netdiscover -r 192.168.0.1/24

DAVtest (Kali Linux)

• https://tools.kali.org/web-applications/davtest
• davtest --url blog.michalszalkowski.com

EyeWitness

• https://github.com/ChrisTruncer/EyeWitness

WAFW00F

• wafw00f {URL}