Hashcat (Credential Harvesting Tools)
- A free password recovery tool that is included with Kali Linux and is available for Linux, OS X, and Windows. It includes a very wide range of hashing algorithms and password cracking methods. Hashcat purports itself to be the fastest recovery tool available.
- *Relies on GPU/CPU
Hydra (Credential Harvesting Tools)
*A free network login password cracking tool that is included with Kali Linux. It supports a number of authentication protocols, repeated attempts
Medusa (Credential Harvesting Tools)
*A command-line-based free password cracking tool that is often used in brute force password attacks on remote authentication servers. It purports itself to specialize in parallel attacks, with the ability to locally test 2,000 passwords per minut
CeWL (Credential Harvesting Tools)
*A Ruby app that crawls websites to generate word lists that can be used with password crackers such as John the Ripper. It is included with Kali Linux.
John the Ripper (Credential Harvesting Tools)
*A free password recovery tool available for Linux, 11 versions of Unix, DOS, Win32, BeOS, and OpenVMS. It is included with Kali Linux.
Cain and Abel (Credential Harvesting Tools)
- A free password recovery tool available for Windows that is sometimes classified as malware by some antivirus software.
- Windows password cracker, conducts network sniffing and task cracking
Mimikatz (Credential Harvesting Tools)
- targets windows machines to extract plaintext passwords, hashes, PIN codes, and Kerberos tickets from the machines memory
- can be used for pass the hash, pass the ticket, and creating golden tickets
- *An open source tool that enables you to view credential information stored on Microsoft Windows computers. It is also included with Kali Linux.
Patator (Credential Harvesting Tools)
- multi purpose brute force attack, supports modules for different target services
Dirbuster (Credential Harvesting Tools)
- brute force tool for directories and file names on web/application servers
W3AF (Credential Harvesting Tools)
*Web Application Attack and Audit Framework, Python, tool to find and exploit any web app vulnerabilities
-
PenTest Methodologies3
-
Rules of Engagement5
-
White Box Support Resources8
-
Types of Assessments6
-
Open Source Intelligence (OSINT7
-
Vulnerability Scans5
-
Common Attack Techniques7
-
Physical Security Attacks7
-
Network Based Vulnerabilities18
-
Wireless Based Vulnerabilities10
-
Application Based Vulnerabilities12
-
Privilege Escalation (Linux)4
-
Privilege Escalation (Windows)11
-
Privilege Escalation (General)7
-
Lateral Movement9
-
Persistence5
-
Covering Your Tracks4
-
Use Cases For Tools11
-
Scanning Tools5
-
Credential Testing Tools10
-
Debugging Tools5
-
Software Assurance Tools5
-
OSINT Tools8
-
Wireless Tools4
-
Web Proxy Tools2
-
Social Engineering Tools2
-
Remote Access Tools4
-
Networking Tools2
-
Mobile Tools3
-
Miscellaneous Tools6
