Skip to content

shchypylov/pentesting_tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Tools

recong-ng

Launch with recong-ng from terminal

Using for finding vulnerabilities in web

knockpy

Launch with cd knockpy && knockpy testdomain.com

Using for finding domains

nmap

Launch with nmap -sV -oN results.txt testdomain.com

Using for finding open ports on the hosting server

Nice guide: click me

  • -sSV - Makes nmap carry out a SYN Scan meaning that it only sends a syn command to the target if the server responds with a SYN/ACK (synchronization acknowledged) packet from a particular port, it means the port is open. The V flag means carry out a version scan of the open ports that nmap discovers.
  • -p- - Instructs nmap to scan all 65535 ports (1-65535), you can also use -p 0-65535 to include port 0, which in very rare cases will return as open however nothing runs on it by default.
  • -iL - This flag allows nmap to take an input file containing either domains or IP addresses.
  • -oA - Outputs the scan results to the three available formats: .xml, .nmap, .gnmap.
  • --min-parallelism 64 - Specifies the minimum amount of parallel processes at one time. This combined with --min-hostgroup 96 are both performance flags59 for nmap.
  • --min-hostgroup 96 - Specifies the minimum amount of hosts to scan in a group.
  • -T4 - Specifies a more specific form of timing performance which tunes up more of the flags for timeouts and more.
  • --version-all - Sends additional probes in order to identify a more specific version of the service running on an open port.
  • --reason - Forces nmap to print out the reason as to why a port was determined as open, all going well this should be SYN/ACK as the reason.
  • --open - Selects to only show open ports, I use this on and off depending on what I am scanning.

Metasploit

Launch with cd /opt/metasploit-framework/bin && ./msfconsole

Pentesting framework

ssh

How was I supposed to know

You covered creaky door

arp-scan

Launch with arp -a

Mapping MACs to IP

Nikto

Full documentation and installation guide here

Tool for descovering vulnerabilities in application. Best knows for fidnding interesting dirs' names.

About

Set of pentesting tools for web apps

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published