Pentest+ terms
What is CeWL?
A Ruby app that crawls websites to generate wordlists that can be used with password crackers.
What is an XSD file?
A document that defines the structure and data types for an XML schema.
What is Responder?
A fake server and relay tool. It responds to LLMNR, NBT-NS, POP, IMAP, SMTP, and SQL queries in order to possibly recover sensitive information.
What is a SOAP project file?
A file that enables you to test SOAP-based web services. These files are created from the information in a WSDL file or service.
What is THC-Hydra?
A free network login password cracking tool.
What is hping?
A free packet generator and analyzer for TCP/IP networks.
What is Cain & Abel?
A free password recovery tool available for Windows. Sometimes classified as malware by some antivirus software.
What is John the Ripper?
A free password recovery tool.
What is HashCat?
A free password recovery tool. Includes a wide array of hashing algorithms and password cracking methods. Purports itself to be the fastest recovery tool available.
What is Burp Suite?
A local proxy that allows attackers to capture, analyze, and manipulate HTTP traffic.
What is Maltego?
A proprietary software tool that assists with gathering OSINT and with forensics by analyzing relationships between people, groups, websites, domains, networks, and applications.
What is Nessus?
A proprietary vulnerability scanner developed by Tenable. Scans for vulnerabilities, misconfigurations, default passwords, and susceptibility to DoS attacks.
What is WhoIS?
A protocol that queries databases that store registered user or assignees of an Internet resource.
What is OLLYDBG?
A reverse-engineering tool that analyzes binary code found in 32-bit Windows applications.
What is Immunity Debugger?
A reverse-engineering tool that includes a command-line and GUI. Can load and modify Python scripts during runtime.
What is WiFi-Pumpkin?
A rogue wireless access point and MITM tool used to snoop traffic and harvest credentials.
What is Censys?
A search engine that returns information about the types of devices connected to the Internet.
What is Shodan?
A search engine that returns information about the types of devices connected to the Internet.
What is Drozer?
A security testing framework for Android apps and devices.
What is PowerSploit?
A series of Microsoft PowerShell scripts that pen testers can use in post-exploit scenarios.
What is Aircrack-ng?
A suite of wireless tools that can sniff and attack wireless connections.
What is SearchSploit?
A tool that enables you to search the Exploit Database archive.
What is Parameter Pollution?
A web app attack where the attacker supplies multiple instances of the same parameter name in an HTTP request.
What is Recon-ng?
A web reconnaissance tool that is written in Python. Uses over 80 modules to automate OSINT.
What is WiFite?
A wireless auditing tool that can attack multiple WEP, WPA, and WPS encrypted networks in a row.
What is URL Hijacking?
AKA typosquatting. A social engineering attack in which an attacker exploits the typing mistakes that users make when attempting to navigate to a website.
What is Packet Crafting?
Altering the normal IP packet before transmitting it on a network. Common use cases include: testing FW rules, evading IDSs, and causing DOS.
What is AFL?
American Fuzzy Loop. An open-source DAST tool that feed input to a program to test for bugs and possible security vulnerabilities.
What is Kismet?
An 802.11 Layer 2 network detector, sniffer, and IDS. Can be used to monitor wireless activity, identify device types, and capture raw packets.
What is SonarQube?
An open-source SAST platform that continuously inspects code quality to help discover bugs and security vulnerabilities.
What is NCat?
An open-source command-line tool for reading, writing, redirecting, and encrypting data across a network. Developed as an improved version of NetCat.
What is WireShark?
An open-source network protocol analyzer. Can be used to sniff traffic, re-create entire TCP sessions, and capture copies of files transmitted on the network.
What is NetCat?
An open-source networking utility for debugging and investigating that network.
What is FindSecBugs?
An open-source plugin that detects security issues in Java web applications.
What is FindBugs?
An open-source static code analyzer tool that detects possible bugs in Java programs.
What is Mimikatz?
An open-source tool that enables you to view credential information stored on Microsoft Windows computers.
What is Nikto?
An open-source web server scanner that searches for potentially harmful files, checks for outdated web server software, and looks for problems that occur with some web server software versions.
What is APKX?
Android Package Kit. A Python wrapper for dex converters and Java decompilers.
What does the command "nmap -d" do?
Enables nmap debugging output. Lists every step that nmap is taking.
What does the command "nmap -sA <target IP address>" do?
Find out if a host/network is firewall protected. "Filtered" results indicate a firewall is on. "Unfiltered" results indicate a port is accessible, but might be open or closed.
What is FOCA?
Fingerprinting and Organization with Collected Archives. A network infrastructure mapping tool that analyzes metadata from many file types to enumerate users, folders, software and OS information.
What is GDB?
GNU Project Debugger. An open-source reverse-engineering tool that works on most Unix and Windows versions, along with MacOS.
What are ICSs?
Industrial Control Systems. Networked systems that control critical infrastructure such as water, electrical, transportation, and telecommunication services.
What is IDA?
Interactive Disassembler. A reverse-engineering tool that generates source code from machine code for Windows, Mac OS X, and Linux applications.
What does the command "nmap -sL <target IP address>" do?
Lists the targets that are to be scanned.
What does the command "nmap -V" do?
Lists your nmap version
What is Peach?
Peach Tech offers several dynamic application security testing products.
What is Empire?
PowerShell Empire. A post-exploitation framework for Windows devices. Allows the attacker to run PowerShell agents without need powershell.exe.
What does the command "nmap -sV <target IP address>" do?
Probes open ports to determine service version
What is SSH?
Secure Shell. A program that enables a user or application to log on to another device over an encrypted connection.
What does the command "nmap -sA <target IP address> do?
Sends a TCP ACK. Used to map out FW rulesets, determine which ports are filtered, and if the FW is stateful or not.
What does the command "nmap -sF <target IP address> do?
Sends a TCP FIN. Used to sneak through a non-stateful FW.
What does the command "nmap -sN <target IP address> do?
Sends a TCP segment with no flag raised. Used to sneak through a non-stateful FW.
What does the command "nmap -h" do?
Shows the nmap help screen
What is SET?
Social Engineer Toolkit. An open-source pen testing framework that supports the use of social engineering to penetrate a network or system.
What does the command "nmap -f <target IP address> do?
Split packets into 8-byte fragments. Making it harder for packet filtering FWs and IDSs to detect the purpose of the packet.
What is a Swagger document?
The REST API equivalent to a WSDL document.
What does the command "nmap -sS <target IP address> do?
The original stealth scan. Send a TCP SYN. If a response of SYN ACK is returned, then send a RST. This is less likely to be logged by FWs
What is a Discovery Scan?
Used to find live IP on a network. Traditionally, a ping sweep.
What is W3AF?
Web Application and Audit Framework. A Python tool that tries to identify and exploit any web app vulnerabilities.
What are WSDL/WADL?
Web Services Description Language and Web Application Description Language. XML files that describe SOAP-based or RESTful web services.
What is theHarvester?
What is FOCA? Fingerprinting and Organization with Collected Archives. A network infrastructure mapping tool that analyzes metadata from many file types to enumerate users, folders, software and OS information. What is theHarvester? A tool that gathers information from publicly available sources.
What is WinDBG?
Windows Debugger. A free debugging tool created and distributed by Microsoft for Windows Operating Systems.
What is YASCA?
Yet Another Source Code Analyzer. An open-source SAST program that inspects source code for security vulns, code quality, and performance.
What nmap option would you use to exclude certain hosts?
nmap --exclude <IP address>
What nmap comand would you use to scan IPv6 addresses?
nmap -6 <IPv6 address or domain name>
What nmap command would you use to enable OS detection?
nmap -O <IP address>
What nmap command would you use to send an ARP request?
nmap -PR <IP address>
What namp command would you use to send TCP SYN packets to a port?
nmap -PS <port list>
What nmap command would you use to resolve names use reverse DNS lookup?
nmap -R <IP address>
What nmap command would you use to scan hosts listed in a file?
nmap -iL <input file name>.
What nmap command would you use to not resolve names?
nmap -n <IP address>
What nmap command would you use for the following: specifying ports? Specifying UDP ports? Specifying TCP ports? Specifying all ports? Scan ports consecutively? Scan the top 200 ports?
nmap -p <ports>. nmap -p -U: <ports>. nmap -p -T: <ports>. nmap -p-. nmap -r <network subnet or address>. nmap --top-ports 200.
What is nslookup?
A Windows command line utility that queries DNS and displays domain names or IP address mappings.
What is Patator?
A brute force password cracking tool.
What is DirBuster?
A brute force tool that exposes directories and file names on web and application servers.
What is a null byte?
A character with a value of zero that is used in most programming languages to indicate the termination of a string.
What is the MetaSploit Framework?
A command-line based pen testing framework developed by Rapid7. Enables you to find, exploit, and validate vulnerabilities.
What are ProxyChains?
A command-line tool that enables pen testers to mask their identity and/or source IP address by sending messages through intermediary or proxy servers.
What is Medusa?
A command-line-based free password cracking tool that is often used in Brute Force attacks on remote authentication servers. Specializes in parallel attacks, with the ability to locally 2000 passwords per minute.
What is APK Studio?
A cross-platform IDE for reverse engineering Android applications.
What is BeEF?
Browser Exploitation Framework. A pen test tool that focuses on web browsers and can be used to XSS and injection attacks against a website.
What is Cross-Compiled Code?
Code that has been compiled into an executable on one platform, but designed to run on a different platform.
What does the command "nmap -sU <target IP address>" do?
Conducts a UDP scan. Ports that send a response are considered to be Open, while ports that send no response are Closed.
What is OpenVAS?
Open Vulnerability Assessment System. An open-source software framework for vulnerability scanning and management.
What is OWASP ZAP?
Open Web Application Security Project Zed Attack Proxy. An open-source web application security scanner.
What are SCADA systems?
Supervisory Control and Data Acquisition. ICSs that send and receive remote-control signals to and from embedded systems.
What does the command "nmap -sT <target IP address> do?
TCP Connect Scan. Completes the 3-way handshake. Asks the target OS to establish a connection on the specified port.
What does the command "nmap -sS <target IP address>" do?
TCP SYN Scan. Sends a TCP SYN to see if a port is open or closed. Also known as a half-scan due to it not finishing the 3-way handshake.