Domain 4-Tools

Question 1

Aircrack-ng

Answer 1

Suite for cracking Wi-Fi passwords and analyzing 802.11 wireless traffic.

Question 2

Android Debug Bridge (ADB)

Answer 2

Command-line tool to interact with and debug Android devices.

Question 3

Atomic Red Team

Answer 3

Library of adversary simulation tests mapped to MITRE ATT&CK.

Question 4

BeEF (Browser Exploitation Framework)

Answer 4

Tool for client-side attacks via web browsers.

Question 5

BloodHound

Answer 5

Graph-based tool for analyzing Active Directory trust relationships.

Question 6

Bluestrike

Answer 6

Framework for assessing Bluetooth vulnerabilities and attacks.

Question 7

Burp Suite

Answer 7

Web vulnerability scanner and proxy for testing web apps.

Question 8

Caldera

Answer 8

Automated adversary emulation platform from MITRE.

Question 9

Certify

Answer 9

Tool for attacking and abusing Active Directory Certificate Services (AD CS).

Question 10

Cloud-native vendor tools

Answer 10

Security assessment utilities built into cloud providers (e.g., AWS CLI, Azure Security Center).

Question 11

CrackMapExec (CME)

Answer 11

Swiss army knife for pentesting Active Directory and SMB environments.

Question 12

DirBuster / Gobuster

Answer 12

Tools for brute-forcing directories/files on web servers.

Question 13

Docker Bench

Answer 13

Security scanner for Docker container configurations.

Question 14

Drozer

Answer 14

Android security testing framework for assessing mobile applications.

Question 15

Evil-WinRM

Answer 15

Remote management tool for exploiting and administering Windows systems.

Question 16

Evilginx

Answer 16

Reverse proxy tool for phishing and man-in-the-middle attacks against authentication flows.

Question 17

Gophish

Answer 17

Phishing framework for creating and running phishing campaigns.

Question 18

hashcat

Answer 18

Advanced GPU-based password cracking tool.

Question 19

Hydra

Answer 19

Fast brute-force login cracker for multiple protocols.

Question 20

Impacket

Answer 20

Python library for crafting and executing network protocols (often used for AD attacks).

Question 21

Infection Monkey

Answer 21

Breach and attack simulation (BAS) tool to test lateral movement.

Question 22

InSSIDer

Answer 22

Wi-Fi scanner for analyzing wireless signals and networks.

Question 23

John the Ripper

Answer 23

Popular open-source password cracking tool.

Question 24

Kismet

Answer 24

Wireless network detector and packet sniffer.

Question 25

Kube-hunter

Answer 25

Tool for hunting Kubernetes cluster vulnerabilities.

Question 26

Living off the Land Binaries (LOLbins)

Answer 26

Native system binaries abused by attackers to avoid detection (e.g., PowerShell, certutil).

Question 27

Maltego

Answer 27

OSINT and data-link analysis tool for reconnaissance.

Question 28

Medusa

Answer 28

Parallel, fast password brute-forcing tool.

Question 29

Metasploit

Answer 29

Exploitation framework for developing, testing, and executing exploits.

Question 30

Mimikatz

Answer 30

Credential dumping and Windows authentication attack tool.

Question 31

MobSF (Mobile Security Framework)

Answer 31

Automated testing framework for mobile application security.

Question 32

msfvenom

Answer 32

Payload generator bundled with Metasploit.

Question 33

Netcat

Answer 33

Network utility for reading/writing to network connections (“Swiss army knife of networking”).

Question 34

Nmap (NSE)

Answer 34

Network scanner with scripting engine for service enumeration and vulnerability detection.

Question 35

Pacu

Answer 35

AWS exploitation framework for cloud penetration testing.

Question 36

Postman

Answer 36

API testing and exploitation tool.

Question 37

PowerShell / PowerShell ISE

Answer 37

Scripting environment often used for automation and attacks in Windows.

Question 38

PowerSploit

Answer 38

PowerShell scripts for offensive security (privilege escalation, AV evasion).

Question 39

PowerUpSQL

Answer 39

Tool for attacking SQL Server environments with PowerShell.

Question 40

PowerView

Answer 40

PowerShell toolkit for Active Directory reconnaissance.

Question 41

Prowler

Answer 41

AWS security assessment tool for compliance and misconfiguration detection.

Question 42

PsExec

Answer 42

Windows Sysinternals tool for executing processes on remote systems.

Question 43

Recon-ng

Answer 43

Web reconnaissance framework similar to Metasploit for OSINT.

Question 44

Responder

Answer 44

Tool for LLMNR/NBNS poisoning to capture hashes on networks.

Question 45

Rubeus

Answer 45

Tool for Kerberos ticket attacks in Windows domains.

Question 46

Scapy

Answer 46

Python library for packet crafting, sniffing, and network attack scripting.

Question 47

ScoutSuite

Answer 47

Multi-cloud security auditing tool.

Question 48

Seatbelt

Answer 48

Windows enumeration tool for privilege escalation and situational awareness.

Question 49

SET (Social Engineering Toolkit)

Answer 49

Toolkit for social engineering attacks (phishing, credential harvesting, etc.).

Question 50

sqlmap

Answer 50

Automated SQL injection and database takeover tool.

Question 51

tcprelay

Answer 51

Tool for relaying TCP connections (used in iOS testing).

Question 52

theHarvester

Answer 52

OSINT tool for gathering emails, domains, and subdomains.

Question 53

TruffleHog

Answer 53

Tool for detecting secrets (API keys, credentials) in code repositories.

Question 54

WiFi-Pumpkin

Answer 54

Framework for rogue Wi-Fi AP and man-in-the-middle attacks.

Question 55

WiGLE.net

Answer 55

Wireless network mapping platform/database.

Question 56

Wireshark / tcpdump

Answer 56

Packet analyzers for deep inspection of network traffic.

Question 57

WPAD

Answer 57

Protocol and attack vector for proxy auto-discovery hijacking.

Question 58

WPScan

Answer 58

WordPress vulnerability scanner.

Question 59

Wfuzz

Answer 59

Web application brute-forcer and fuzzing tool.

Question 60

Zed Attack Proxy (ZAP)

Answer 60

Open-source web app security scanner (OWASP).