CEH v12 tools and uses

cewl

A Ruby app that crawls websites to generate word lists that can be used with password crackers such as John the Ripper. It is included with Kali Linux.

Zenmap

A Windows-based GUI version of nmap.

NLBrute

A backdoor virus and is brought in by hacking tools.

TCPDump

A common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

nmap

A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.

Nessus

A network-vulnerability scanner available from Tenable Network Security.

Mimikatz

A penetration testing tool used to automate the harvesting of hashes and conducting the Pass the Hash attack

Metasploit

A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.

Wireshark

A popular network analysis tool to capture network packets and display them at a granular level for real-time or offline analysis

Censys

A search engine that returns information about the types of devices connected to the Internet.

OpenVas

A security tool for conducting port scanning, OS identification, and vulnerability assessments. A client computer (*nix or Windows) must connect to the server to perform the tests.

anonymizer

An intermediary Web site that hides or disguises the IP address associated with the Internet user.Generally, these sites allow a person to engage in variousInternet activities without leaving an easily traceabledigital footprint.

NetScanTools Pro

An investigation tool that allows you to troubleshoot, monitor, discover, and detect devices on your network.

Agent Smith Attack

Carried out by luring victims into downloading and installing malicious apps designed and published by attackers in the form of games, photo editors, or other attractive tools from third-party app stores such as 9Apps

hping2/3

Command line network scanning and pkt crafting tool for TCP/IP protocol. Used for network security auditing, FW testing, advanced traceroute and more... pg 89

Hashcat

Command-line tool used to perform brute force and dictionary attacks against password hashes.

Reaver

Command-line tool used to perform brute force attacks against WPS-enabled access points.

KFSensor

Host-based IDS that acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and Trojans. By acting as a decoy server, it can divert attacks from critical systems and provide a higher level of information than that achieved using firewalls and NIDS alone

BillCipher

Python-based tool used for automating reconnaissance and information gathering during penetration testing and ethical hacking engagements. It provides various modules and functionalities to perform tasks such as DNS enumeration, subdomain discovery, port scanning, and data mining.

BetterCAP

Ruby framework is used to manipulate ARP mapping on targeted systems and gateways. Has the ability to manipulate TCP data on the fly.

Stinger

Stinger is a standalone utility developed by McAfee for detecting and removing specific types of malware, such as viruses, worms, and Trojans. It is designed for general malware removal purposes rather than being a specialized tool for ethical hacking activities.

Nikto

Vulnerability scanner that can be used to identify known web server vulnerabilities and misconfigurations, identify web applications running on a server, and identify potential known vulnerabilities in those web applications.

PsExec

__ is a light-weight telnet-replacement that lets you execute processes on other systems with full interactivity for console applications without having to manually install client software

THC Hydra

a Unix/Linux friendly password guessing tool. It supports dictionary based guessing but not full brute force guessing and can guess passwords for more than a dozen protocols

Qualsys

a cloud-based security and compliance solution that provides organizations with the ability to identify, prioritize, and manage vulnerability and compliance issues across their network and web assets.

Whonix

a desktop OS designed for advanced security and privacy. It mitigates the threat of common attack vectors while maintaining usability.

Saint

a robust vulnerability assessment and penetration testing suite that provides in-depth scanning and analysis capabilities to identify potential security risks in a network. It offers a comprehensive approach to network security by identifying potential vulnerabilities within hardware, software, and network configurations, and providing actionable remediation advice to eliminate such vulnerabilities.

Network Security Scanner

a software tool used to assess and identify potential vulnerabilities within a network. These tools scan the network for weaknesses such as open ports, insecure protocols, unpatched software, and misconfigurations that could potentially be exploited by malicious actors. They provide an overview of the network's security posture and generate reports detailing discovered vulnerabilities, often alongside remediation suggestions to address these vulnerabilities and improve the overall security of the network. Examples of network security scanners include Nessus, Qualys, and OpenVAS.

CVSS/NVD/CVE/CWE

a standardized framework used to assess and rate the severity of vulnerabilities, providing a numerical score to indicate their potential impact and exploitability.

Rootkit Buster

a tool that scans, detects, and removes rootkits, which are malicious software components designed to hide activities or gain unauthorized access to a computer system.

Scranos

a trojanized rootkit that masquerades as cracked software or a legitimate application, such as anti-malware, a video player, or an ebook reader, to infect systems and perform data exfiltration that damages the reputation of the target and steals intellectual property.

LoJax

a type of UEFI rootkit that is widely used by attackers to perform cyber-attacks. Is created to inject malware into the system and is automatically executed whenever the system starts up.

DarkHorse

a version of a trojan horse

Proxy Switcher

allows you to surf anonymously on the Internet without disclosing your IP address

Vaporworm

has now emerged as the next evolution of malware. It combines the subtlety of fileless malware with the extensibility and adaptability of self-spreading worms.

CyberGhost VPN

hides the attacker's IP and replaces it with a selected IP, allowing him or her to surf anonymously and access blocked or censored content.

Low Orbit Cannon

is a DDoS tool similar to High Orbit Cannon but with a lower volume of requests. It aims to exhaust the target system's resources by flooding it with a continuous stream of traffic.

Tor's Hammer

is a DDoS tool specifically designed to launch DDoS attacks over the Tor network. It leverages the anonymity of Tor to make it difficult to trace the source of the attack.

Slowloris

is a DDoS tool that exploits the way web servers handle concurrent connections. It sends partial HTTP requests to keep connections open for as long as possible, effectively tying up server resources and potentially causing a denial of service.

High Orbit Cannon

is a DDoS tool that floods a target system with a high volume of HTTP GET or POST requests, overwhelming its resources and potentially causing a denial of service situation.

HULK

is a Python-based DDoS tool that generates a massive number of concurrent requests to a target web server, overwhelming its capacity and potentially causing it to become unresponsive.

Recon-NG

is a Web Reconnaissance framework with independent modules, database interaction, built in convenience functions, interactive help, and command completion, that provides an environment in which open source web-based reconnaissance can be conducted

Ekahau HeatMapper

is a Wi-Fi coverage mapping tool that visualizes wireless signal strength and coverage areas. While primarily used for Wi-Fi planning and optimization, it can provide insights into potential security vulnerabilities by identifying weak signal areas.

Acrylic

is a Wi-Fi network scanner and analyzer for Windows. It helps security professionals identify nearby wireless networks, analyze signal strength, and detect potential security issues, making it a useful tool for wireless security assessments.

Dig

is a command-line tool used for querying DNS (Domain Name System) servers to retrieve information about domain names, IP addresses, and DNS records. It typically uses port 53 for communication with DNS servers.

Spyic

is a commercial mobile monitoring and tracking tool that allows users to monitor and track mobile devices remotely. Similar to Spyzie, it can raise privacy concerns if used without the device owner's consent.

Spyzie

is a commercial mobile monitoring and tracking tool that allows users to monitor and track mobile devices remotely. While it has legitimate uses for parental control and device tracking, it raises privacy concerns if used without the device owner's consent.

InSSIDerPlus

is a commercial wireless network analyzer that helps identify nearby Wi-Fi networks, their signal strengths, channel interference, and encryption details. It aids in assessing the security and performance of wireless networks.

Air Suite

is a comprehensive suite of wireless security tools designed for auditing and assessing the security of wireless networks. It includes tools for network scanning, packet analysis, and wireless attack techniques, such as deauthentication attacks and wireless injection.

DVWA

is a deliberately vulnerable web application designed for security testing and training purposes. It contains multiple vulnerabilities, including SQL injection, allowing security professionals to practice and enhance their skills in identifying and exploiting web server vulnerabilities.

NFS

is a distributed file system protocol that allows remote file access and sharing between networked computers. It commonly uses port 2049 for communication between NFS client and server systems.

Tor

is a free and open-source software that enables anonymous communication by routing internet traffic through a network of volunteer-operated servers to hide a user's identity and location.

SPECTER

is a honeypot tool that specializes in detecting and mitigating attacks targeting Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. It emulates vulnerable ICS/SCADA components to lure attackers and collect information about their techniques and potential threats to critical infrastructure.

Yuxigon

is a jailbreak tool primarily used for iOS devices. It exploits vulnerabilities in the iOS operating system to remove restrictions imposed by Apple, enabling users to install unauthorized apps and modify the device's functionality. Attackers can use such tools to compromise iOS devices.

Capsa

is a network analyzer tool developed by Colasoft. While Capsa can be used as part of network monitoring and troubleshooting activities

WebSploit Framework

is a penetration testing tool that provides various modules and techniques for testing web application security. It includes features for session hijacking, allowing the tester to exploit vulnerabilities and gain control over user sessions.

BetterCAP

is a powerful and modular network attack framework that enables security professionals to perform various network-based attacks, including ARP poisoning, network sniffing, and session hijacking, for testing and assessment purposes.

Maltego

is a powerful data visualization and intelligence tool used for conducting online investigations and link analysis. It helps users gather information from various sources, analyze relationships between entities, and generate visualizations to uncover insights and patterns.

BeEF

is a powerful framework for exploiting web browsers. It allows security professionals to test the security of web servers by leveraging vulnerabilities in web browsers, performing various attacks such as XSS (Cross-Site Scripting) and other web-based exploits.

Powershell

is a powerful scripting and automation framework developed by Microsoft. Can be used for malicious purposes.

Malwarebytes Anti-Rootkit

is a powerful tool that can be utilized by Certified Ethical Hackers (CEH) as part of their cybersecurity assessments and ethical hacking activities. It is specifically designed to detect and remove rootkits, which are malicious software that can compromise the security of a system.

LDAP

is a protocol used for accessing and managing directory services, such as user authentication and directory information. It operates over TCP/IP and commonly uses port 389 for unencrypted communication or port 636 for encrypted communication

SNMP

is a protocol used for managing and monitoring network devices, such as routers, switches, and servers, by gathering and exchanging information about their performance and status. commonly uses UDP port 161 for communication between the management station and the managed devices.

Root Genius

is a rooting tool designed for Android devices. It exploits vulnerabilities in the device's software to gain root access, providing users with elevated privileges. However, it can also be misused by attackers to gain unauthorized control over the device.

Ufasoft

is a software company that provides tools and solutions related to network security and cryptography, including capabilities that can be used to counter ARP poisoning and network sniffing techniques. Their software offerings aim to enhance network security by providing cryptographic functionalities, secure communications protocols, and blockchain-related tools, helping organizations protect against malicious activities such as ARP poisoning and unauthorized network sniffing.

MIB

is a structured database that defines the objects and variables that can be managed and monitored using SNMP. It provides a standardized way to organize and access information about network devices.

Exodus

is a surveillance and spyware tool that targets both Android and iOS devices. It can be used to gain unauthorized access to sensitive information on compromised devices, including call logs, messages, location data, and more.

sslstrip

is a tool that performs a man-in-the-middle attack to downgrade HTTPS connections to HTTP, making it easier for an attacker to intercept and manipulate network traffic. It can be used for session hijacking by capturing and modifying session-related information, potentially compromising user sessions and privileges.

Trimgo

is a tool used for jailbreaking iOS devices, allowing users to bypass restrictions and install unauthorized applications. While it is used by enthusiasts, it can be misused by attackers to gain unauthorized access to iOS devices and perform malicious activities.

Wifphisher

is a tool used for wireless phishing attacks. It leverages social engineering techniques to trick users into connecting to a malicious access point and capturing sensitive information, highlighting the risks associated with wireless network security.

Cain & Abel

is a versatile password recovery and network analysis tool that can be used for various security testing purposes, including network sniffing, password cracking, and ARP poisoning.

snort

is a widely used open-source intrusion detection and prevention system (IDS/IPS) that analyzes network traffic in real-time to detect and prevent suspicious or malicious activity. It employs signature-based detection as well as behavioral analysis techniques to identify and alert on potential security threats, including network intrusions, malware, and other unauthorized activities

Airgeddon

is a wireless auditing framework that combines various wireless security tools into a unified interface. It allows security professionals to perform a wide range of wireless attacks, including capturing handshakes, conducting deauthentication attacks, and performing WEP/WPA/WPA2 cracking.

NetSurveyor

is a wireless network discovery and analysis tool that provides detailed information about nearby wireless networks, including signal strength, channel utilization, and encryption type. While primarily used for network analysis, it can assist in identifying potential security vulnerabilities.

Vistumbler

is a wireless network scanning tool for Windows that displays information about nearby Wi-Fi networks, including signal strength, channel, and encryption type. It assists in discovering and analyzing wireless networks for security assessment purposes.

Pineapple Tetra/Nano

is a wireless penetration testing tool developed by Hak5. It is used for various wireless attacks, including rogue access point creation, man-in-the-middle attacks, and capturing network traffic, making it a versatile tool for assessing wireless network security.

WifiManager

is an Android application that allows users to manage and analyze wireless networks. It provides features for scanning nearby Wi-Fi networks, evaluating signal strength, and assessing security configurations.

XArp

is an advanced ARP anti-spoofing tool that helps detect and prevent ARP-based attacks, such as ARP poisoning, by monitoring and protecting network devices from unauthorized network traffic.

webproxyserver

is an anonymizer tool that acts as an intermediary between a user's device and the websites they want to access. It allows users to browse the internet anonymously by hiding their IP address and other identifiable information, providing an additional layer of privacy and security.

Boomproxy

is an anonymizer tool that functions as a proxy server, allowing users to access websites anonymously by hiding their IP address and other personally identifiable information. It acts as an intermediary between the user and the target website, providing a layer of privacy and anonymity.

zendproxy

is an anonymizer tool that operates as a web proxy, enabling users to browse websites anonymously. By routing traffic through its servers, zendproxy masks the user's IP address and other identifying information, helping to preserve privacy and bypass certain restrictions or filters imposed by networks or websites.

ZAP

is an open-source web application security tool that helps identify vulnerabilities in web applications. It includes features for both web server hacking and detecting SQL injection vulnerabilities, allowing security professionals to assess and enhance the security of web applications.

OWASP ZAP

is an open-source web application security tool that includes session management features. It can be used to test for vulnerabilities related to session handling, such as session hijacking, by simulating attacks and providing insights for remediation.

Z4root

is another rooting application for Android devices that provides users with root access privileges. However, it can also be misused by attackers to gain unauthorized access to compromised devices, potentially leading to unauthorized actions and data theft.

KeyRaider

is iOS-focused malware that targets jailbroken devices. It steals Apple ID credentials, certificates, and private keys, allowing attackers to perform unauthorized actions on compromised devices and gain access to personal information.

OSR Framework

known as the Open Source Risk Management Framework, is a structured approach to assess and manage risks associated with open source software usage in organizations. It provides a comprehensive methodology for identifying, evaluating, and mitigating risks throughout the software development lifecycle.

SteelCentral

l is a suite of network performance management and monitoring solutions offered by Riverbed Technology. While SteelCentral provides robust capabilities for network performance monitoring, diagnostics, and analysis.

Angler

main distinguishing characteristic is the use of encrypted URL routes. It encrypts and decrypts the data using basic transposition-based encryption (in layman's terms: scrambling the letters). The exploit kit's obfuscated portion contains the decryption function.

GFI LanGuard

offers quality vulnerability and compliance scanning, as well as built-in patch management.

pwdump

password cracker that is Microsoft based

John the Ripper

password-cracking program -runs automated dictionary attacks -takes large dictionary file, runs an enc function on them, then looks for matches

Recon-Dog

powerful information gathering tool designed for reconnaissance and OSINT (Open Source Intelligence) purposes. It helps in automating the process of collecting information about targets, including domains, subdomains, IP addresses, email addresses, and more.

Yalu

semi-untethered jailbreak tool for iOS devices that exploits vulnerabilities to bypass Apple's restrictions. It allows users to install unauthorized apps and modify the system, but it can also be exploited by attackers to compromise iOS devices.

Tails

short for The Amnesic Incognito Live System, is a privacy-focused operating system that aims to preserve anonymity and security while using computers. It includes various built-in security tools and features, such as Tor integration, encryption, and data wiping.

Divergent

similar to a metamorphic virus and does the same thing.

SuperSU Root

t is a popular rooting tool for Android devices that allows users to gain root access and control over their device's operating system. While it is a legitimate tool used by enthusiasts, attackers can abuse it to gain unauthorized access and control over compromised devices

FOCA

tool used for extracting metadata and hidden information from various file types, such as documents and images, to gather intelligence about organizations.

metagoofil

Information gathering/harvesting tool for extracting metadata from public documents (pdf,doc,xls,ppt, etc)

L0phtCrack

Is a password auditing and recovery application. It uses multiple assessment methods to assist administrators in reducing security risks.

BurpSuite

Java based software platform of tools for performing security testing of web applications. Used for Proxy as well.