Back Track 4 – Tools Overview

Information Gathering:

Dradis Client - open source framework for sharing information during security
assessments
Dradis Server - open source framework for sharing information during security
assessments
Paterva Maltego CE - open source intelligence and forensics application. It will offer
you timous mining and gathering of information as well as the representation of this
information

Archive
Metagoofill - Metagoofil is an information gathering tool designed for extracting metadata of
public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites.
SEAT - next generation information digging application geared toward the needs of security
professionals

DNS
DNS-Walk - is a DNS debugger. It performs zone transfers of specifieddomains
DNS Tracer - dnstracer determines where a given Domain Name Server (DNS) gets its information from, and
follows the chain of DNS servers back to the servers which know the data.
DNS Enum - The purpose of Dnsenum is to gather as much information as possible about a
domain. The program currently performs the following operations:

1) Get the host’s addresse (A record).

2) Get the namservers (threaded).
3) Get the MX record (threaded). 4) Perform axfr queries on nameservers (threaded).
5) Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
7) Calculate C class domain network ranges and perform whois queries on them (threaded).
8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
9) Write to domain_ips.txt file ip-blocks.
DNSMap - Dnsmap is a small C based tool that perform brute-forcing of domains. The tool
can use an internal wordlist, or work with an external dictionary file.
DNSMap-Bulk – (Self Explain)
DNSRecon - simple tool written for target enumeration during authorized penetration test engagements. This
tool provides different methods for enumerating targets via DNS service.
Fierce - production ready DNS enumeration tool.
LBD - (load balancing detector) detects if a given domain uses
DNS and/or HTTP Load-Balancing
Route
0Trace - allows you to perform a traceroute from within an established TCP connection such as HTTP
Dmitry - Deepmagic Information Gathering Tool is an all in one host information tool
 Ltrace - debugging program which runs a specified command until it exits. While the command is
executing, ltrace intercepts and records the dynamic library calls which are called by the executed process and the
signals received by that process.
Lanmap - Lanmap sits quietly on a network and builds a picture of what it sees and outputs it in svg,png or gif
format
Netenum - Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-
sweep tools, but it’s simple.
Netmask - simple tool which does one thing and that is, makes a ICMP netmask request. By determining the
netmasks of various computers on a network, you can better map your subnet structure and infer trust relationships.
Protos - a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to
sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable
messages.
TCPTraceRoute - By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is
able to bypass the most common firewall filters.
TCTrace - a brother to itrace and traceroute but it uses TCP SYN packets to trace. This makes it possible for you
to trace through firewalls if you know one TCP service that is allowed to pass from the outside

Search Engine
Googmail - a tool that automates queries against Google search appliances, but with a twist.
These particular queries are designed to find potential vulnerabilities on web pages.
Goohost - ?
Goorecon - technique to figure out sub-domains is to query google and check if it has found any sub-domains
during it’s web mining exercise on the target.
Gooscan – (Same as Googmail )(Java Version)
Metagoofill - Metagoofil is an information gathering tool designed for extracting metadata of public
documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites.
SEAT - next generation information digging application geared toward the needs of security
professionals
TheHarvester - open source intelligence tool (OSINT) for getting emails and user names
from public sources such as Google or Linkedin
WhatWeb - ?

Network Mapping:
Identify Live Hosts
0Trace
5nmp
Angry IP Scan
Arping
Autoscan
Fping
Genlist
Hping2
Hping3
Lanmap
Lanmap2
nbtscan
 Netifera
nmap
Nsat
OneSixtyOne
OutputPBNJ
SSTPScan
SSLScan
ScanPBNJ
TCPTraceRoute
UnicornScan
Zenmap

OS-Fingerprinting
5nmp
Autoscan
lanmap2
nmap
nsat
OneSixtyOne
P0f
Protos
SSLScan
UnicornScan
Xprobe2
Zenmap

Port Scanning
AngryIPScan
AutoScan
Genlist
Netifera
Nmap
Nsat
OuputPBNJ
Propecia
SCTPScan
ScanPBNJ
UnicornScan
Zenmap

Service Fingerprinting
Amap
 Dmitry
Httprint
Httprint_GUI
Httsquash
LetDown
ReverseRaider

VPN
Ike-scan
PSK-Crack

Vulnerability Identification:
OPENVAS
OpenVas AddUser
OpenVas CLI
OpenVas Client
OpenVas Make Cert
OpenVas NVT Sync
Start OpenVas Administrator
Start OpenVas Manager
Start OpenVas Scanner
Stop OpenVas Administrator
Stop OpenVas Manager
Stop OpenVas Scanner

CISCO
Cisco Auditing Tool
Cisco Global Exploiter
Cisco OCS Mass Scanner
Cisco PassWD Scanner
Copy Router Config
Merge Router Config

Fuzzers
Bed
Bf2
Bunny
Dkftpbench
Fuzzgrind
 Fuzzgrind GUI
Jbrofuzz
Peach
Spike
Voiper
Wsfuzzer
Zzuf

SMB Analysis
Impacket sumbrdump
Impacket smbclient
SMBClient
SMB4K

SNMP Analysis
ADMSnmp
Braa
SNMP Walk
SNMPCheck
snmp Enum

Web Application Analysis:

Database (Back end)
MsSQL
DBPwAudit
MSSQLScan
Metacoretex
Pblind
SA Exploiter
SQL Ninja
SQLMap
SQLBrute
SQLix

MySQL
DBPwAudit
Metacoretex
MySQLAudit
Pblind
SQLCheck
SQLData
 SQLMap
SQLix
Sqlsus
UDF
Oracle
DBPwAudit
Metacoretex
Opquery
Opwg
OSScanner
OSE
Otnsctl
Pblind
SQLMap
SQLBrute
SQLix
THC-OracleCrackert

Web (Front End)

ASP-Audit
Burpsuite
Burpsuite Msf
CSRFTester
Curl
DFF Scanner
DharmaEncoder
DirBuster
Fimap
Flare
Flasm
Grabber
Grendel Scan
HCraft
HttPrint
HttPrint_GUI
Jmeter
JoomScan
LBD
List-Urls
Lynx
Mini Mysqlat0r
Nikto2
OpenAcunetix
 Paros Proxy
Powerfuzzer
RatProxy
SWFIntruder
Skipfish
SoapUI
W3AF (Console)
W3AF (GUI)
Wbox
Wmat
WafW00f
Wapiti
Web Securify
WebScarab Lite
WebShag
Wfuzz
Xsss

Radio Network Analysis:

80211
Cracking
ASLeap
AirSnarf
AirSnort
AirBase-ng
AirCrack-ng
AirdeCap-ng
AirdeCloak-ng
AirDriver-ng
AirDrop-ng
AirePlay-ng
Airmon-ng
Airodump-ng
Airolib-ng
Airoscript
AirPwn-ng
AirServ-ng
Airun-ng
Buddy-ng
Cowpatty
Decrypt
Easside-ng
Gencases
GenPMK
Gerix-Wifi-Cracker-ng
GrimWepa
LvsTools
Kismet
Kstats
MDK3
Orinoco-Hopper
Packetforge-ng
Pyrit
TkipTun-ng
WEPCrack
WEPCrack IVGen
WEPCrack GetIV
WEPBuster
WEP_keygen
Wesside-ng
WifiZoo

Misc
APHopper
Airflood
Airgraph-ng
Airgraph-ng dump join
Airoupdate
Baffle
Baffle GUI
GISKismet
GPSMap-Expedia
KisGearth
Kmsapng
MacChanger
Mitmap
PcapDump
SSIDSniff
Schnappi-dhcp
Wavemon
WiSpy GTK
Xgps
Zulu
 Spoofing
Airsnarf
Airbase-ng
Aircrack-ng
Airdecap-ng
Airdecloack-ng
Airdriver-ng
Airdrop-ng
Aireplay-ng
Airmon-ng
Airodump-ng
Airolib-ng
Airpwn-ng
Airserv-ng
Airtun-ng
Buddy-ng
Easside-ng
FakeAP
Gerix-Wifi-Cracker-ng
Ivstools
Kstats
PacketForge-ng
Tkiptun-ng
Wep_keygen
Wesside-ng
Wifizoo
Wifitap
Wifitap-ARP
Wifitap-DNS
Wifitap-Ping

Bluetooth
BCCMD
BSS
BTAddr
BTAudit PSM
BTPinCrack
BlueMaho
BlueScan
BlueSnarfer
BlueSquirrel
BlueSquirrel-Pico
Braces
 CW-Tools
CarWhisperer
Frontline
GhettoTooth
GreenPlaque
HID-Attack
Obex Stress
Packet Replay
TBSearch
Tbear
Tanya
BlueSmash
BlueBugger
BluePrint
BtScanner
HCIDump
Minicom
ObexFTP
RedFang
Ussp-Push

RFID
RFIDIOT ACG
BruteForce
Brute Force Hitag2
BruteForce MIFARE
Calculate JCOP MIFARE
Continous Select Tag
Copy ISO15693 Tag
Epassport READ WRITE CLONE
Format MIFARE 1k Value Blocks
Identify HF Tag Type
Identify LF Tag Type
JCOP Info
JCOP MIFARE READ WRITE
JCOP Set ATR Historical Bytes
READ WRITE CLONE unique (EM4x02)
Read ACG Reader EEPROM
Read LF Tag
Read MIFARE
Read Tag
Reset Q5 Tag
Select Tag
 Set FDX-B ID
Test ACG LAHF

RFIDIOT Frosch
READ WRITE CLONE unique (EM4x02)
Reset Hitag2 Tag
Set FDX-B ID
Test Frosch Reader

RFIDIOT DSCS
/Identify HF Tag Type
Bruteforce MIFARE
Calculate JCOP MIFARE Keys
Chip & PIN Info
Continous Select TAG
Epassport Read/Write/Clone
Install ATR Historical Byte applet to JCOP
Install MIFARE Applet to JCOP
Install VonJeek Epassport emulator to JCOP
Install VonJeek Epassport emulator to Nokia
JCOP Info
JCOP MIFARE Read/Write
JCOP Set Historical Bytes
Read MIFARE
Read Tag
Select Tag

Penetration:
Sapyto
Social Engineering Toolkit

ExploitDB

Fast Track
Fast-Track Interactive
Fast-Track WebGUI
Fast-Track Command Line
Inguma
Inguma
 IngumaGUI

Metasploit Exploitation Framework

Privilege Escalation:
Password Attacks
Chntpw
Offline Attacks
BKHive
CUPP
CeWl
Crunch
Hashcat
John
OclHashCat
Ophcrack
Ophcrack GUI
Pw-Inspector
Pyrit
RTDump
RTGen
RTSort
Rainbowcrack
Rarcrack
Saltymd5
SamDump2
Wyd
Rainbow Crack
RTDump
RTGen
RTSort
Rainbowcrack

Online Attacks
BruteSSh
DNSBruteForce
Hydra
LodoWep
Medusa
Ncrack
RWW-Attack
 SSHater
TFTP-Bruteforce
VNCrack
Xhydra
Sniffers
Arpalert
Dsniff
Driftnet
Etherape
Ettercap
Ettercap-GTK
Ferret
Hamster
Ntop
SMBRelay3
SSLDump
SSLStrip
TcPick
Wireshark
Xplico
Xspy
XWatchwin

Spoofing
ADM-DNS Tools
Etherape
Ettercap
Ettercap-GTK
ICMP Redirect
IRDP Responder
ISP
IGRP Route Injection
Inundator
Middler
Nemesis
NetSed
Netenum
PackETH
Packit
SSLDump
SSLStrip
Scapy
Sing
 TCPReplay
THC-IPv6

Maintain Access:
Backdoors & Rootkits
Web Backdoors Compilation
Tunneling
3Proxy
CryptCat
DNS2TCP
Miredo
Miredo-Server
Nstx
ProxyTunnel
ProxyChains
ProxyResolv
Ptunnel
SBD
SoCat
Stunnel4
TinyProxy
UDPTunnel

Digital Forensics:
Anti-Forensics
Scrub
Wipe

File Carving
Foremost
MagicRescue

Forensic Analysis
Allin1
Autopsy
ExifTool
Fatback
MboxGrep
MemDump
PhotoRec
 Scalpel
TestDisk
TrID
Vinetto
Volatility
Xplico

Image Acquiring
AirImager
AfCat
AfCompare
AfConvert
Affix
AfInfo
AfStats
AfXML
Aimage
ChRootkit
ClamScan
DCFLDD
DD_Rescue
Galleta

Reverse Engineering:
Evans Debugger
GDB GNU Debugger
IDA Pro Free
OllyDBG

Voice Over IP:

VOIP Analysis
Signaling
ACE
Add_Registrations
EnumIAX
Erase_Registrations
Iwar
IaxFlood
InviteFlood
OhrWurm
 PCAPSipDump
Protos-Sip
RTPFlood
RTP InsertSound
RTP MixSound
RTPInject
RTPBreak
Redirect Poison
SIPP
SipSak
SipCrack
SipDump
SipVicious
Sip-Scan
Sip_Rogue
Smap
TearDown
UCSniff
Vnak
Voiper
ViopHopper
Viopong
Vomit
Warvox

Miscellaneous:
DkftpBench
Dragon
IPCalc
Icommander
Icommander-Client
KmsaPng
Leo
MacChanger
Mitmap
NetActView
NetSed
Packet-O-Matic
SchNappi-DHCP
SendEmail
TpCat
USBview
Utilman
ValGrind
Wavemon
WGetPaste