Skip to content

Default tools

Jump to bottom
AlgoSecureAdmin edited this page Jul 6, 2020 · 1 revision

Tools recommendation

These are the first tools to install for a decent pentest discovery step.

It is highly recommended to not hardcode any path in the bash commands and instead use the PATH variable so that your coworkers can set their environments easier. Or to use one common worker only.

Table of Contents

Quick list of how to install those tools on a classic linux.

  1. Nmap
  2. WhatWeb
  3. TestSSL
  4. Nikto
  5. Dirsearch
  6. Knockpy
  7. SSH SCAN
  8. crtsh
  9. amap
  10. headercollector
  11. smbmap
  12. enum4linux
  13. IkeScan

Nmap

The most well-known port scanner.

If you use it, remember that udp scanning requires root privileges, so you must start your worker with root privileges. Celery will prevent you to do so unless you declare the C_FORCE_ROOT variable to true by doing export C_FORCE_ROOT="true".

See https://www.howtoforge.com/tutorial/nmap-on-linux/ to install.

Whatweb

A tool to get informations on a web serveur.

See https://github.com/urbanadventurer/WhatWeb/wiki/Installation to install.

TestSSL

A tool to get a SSL evaluation of an open ssl port.

See https://github.com/drwetter/testssl.sh to install.

Nikto

A web vulnerability scanner tool.

See https://github.com/sullo/nikto to install.

Dirsearch

A tool that tries to list all directories of a website.

See https://github.com/maurosoria/dirsearch to install.

Knockpy

A tool that tries to list all subdomains of a domain.

See https://github.com/guelfoweb/knock to install.

Sublist3r

A tool that tries to list all subdomains of a domain.

See https://github.com/aboul3la/Sublist3r to install.

SSH scan

Analyze an ssh configuration.

https://github.com/mozilla/ssh_scan

crtsh

Enumerate certificates associated with a given domain name

https://github.com/tdubs/crt.sh

## amap ##

Tries to guess the service running behind an open port

https://github.com/BlackArch/amap

Header Collector

Read header received from a website and print talkatives headers and missing security headers

https://dev.algosecure.fr/Louis/HeaderCollector

SmbMap

List files on samba shares

https://github.com/ShawnDEvans/smbmap

##  num4linux ##

Enumerate AD infos

https://github.com/portcullislabs/enum4linux

ikescan

Scan les échanges de clées des services isakmp

https://github.com/royhills/ike-scan

Home

Clone this wiki locally