Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Personal Toolkit

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default Personal Toolkit

    What do you use for your pen tests? Why?

    I use:
    G++, I use C/C++ as my scripting language
    KlocWork, Code Auditing, fast, awesome, need I say more?
    IDA Pro, For when automated scanning and fuzzing fail.
    NASM, Assembler, Nice Syntax, great for rapidly making Shellcode
    Firefox, With all the addons, it serves as a great preliminary tool for attacking Web apps.
    Nmap, The OS Scanning, oh and the fact that im to lazy to write my own
    Nessus, scans alot, fast, way more than I can manually.
    Maltego, Information gathering has never been easier, seriously
    Wireshark, Some things I really dont wanna do in the terminal, sifling through 5000 packets is one of them.
    BurpSuite, Web applications are fun sometimes.
    Metasploit, meterpreter, end of.
    Aircrack-ng, to lazy to rewrite this stuff.

    Now for my personal tools:
    InjecTi: A packet injector that i use in scripts that can ALMOST replace any tool imaginable, is modular as well.
    Crackit: A modular Password cracker, only over tcp atm, but could be run over almost anything else. Uses keyword such as DEC, SEND,REC, ADD, CUT, TRY to control the flow of the program in a dynamic fashion.
    Kat: A remake of netcat, with banner grabbing and other goodies buld in.
    Snarfit: A modular data snarfer that you feed input into and it feeds out what you want, used for things such as parse large logs for IP's, and spitting the exif data out of hundreds of photos at once/
    HarDoS: A Collection of DoS tools including ones to defeat syn cookies, DoS wireless connections, and use well known attacks such as the Smurf attack.
    Cubbyhole: Two rootkits to rule them, one man to bind them. One for *dows and one for *nix.

  2. #2
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    now, if any of these tools are written by you, would be nice if you could share them. Otherwise, as with all reviews of tools online, it's a good practice to link to the originals.

  3. #3
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    5

    Default

    Quote Originally Posted by xorred View Post
    now, if any of these tools are written by you, would be nice if you could share them. Otherwise, as with all reviews of tools online, it's a good practice to link to the originals.
    Quote Originally Posted by HitThemLow
    Now for my personal tools:
    InjecTi: A packet injector that i use in scripts that can ALMOST replace any tool imaginable, is modular as well.
    Crackit: A modular Password cracker, only over tcp atm, but could be run over almost anything else. Uses keyword such as DEC, SEND,REC, ADD, CUT, TRY to control the flow of the program in a dynamic fashion.
    Kat: A remake of netcat, with banner grabbing and other goodies buld in.
    Snarfit: A modular data snarfer that you feed input into and it feeds out what you want, used for things such as parse large logs for IP's, and spitting the exif data out of hundreds of photos at once/
    HarDoS: A Collection of DoS tools including ones to defeat syn cookies, DoS wireless connections, and use well known attacks such as the Smurf attack.
    Cubbyhole: Two rootkits to rule them, one man to bind them. One for *dows and one for *nix.
    I did a quick google for the tools listed above, and didn't find anything. I didn't look that hard, so you might want to give it a try, but all the others except Klocwork should be in the Synaptic Package Manager. Klocwork appears to cost money, but they offer a free 30 day trial for their Eclipse plug-in.

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Im very sorry, I have a strict, if it takes longer than a few ours to code, dont share with everyone rule D:

    And yes im fully aware they are in synaptic, I was asking what everyone else uses

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by HitThemLow View Post
    Im very sorry, I have a strict, if it takes longer than a few ours to code, dont share with everyone rule D:
    Why is that? The majority of tools that infosec people use have taken longer than a few hours to code and are given away for free, including most of the tools you mention in your list, as well as BackTrack.

    I wouldnt be able to do most of what I do at work without free security tools, Im grateful for those who put the effort in to create them.

    Although most of the stuff that I write is quick and nasty and designed to quickly get a particular job done I'll make it available to people who ask for it.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by HitThemLow View Post
    Im very sorry, I have a strict, if it takes longer than a few ours to code, dont share with everyone rule D:
    If everyone followed your strict rule, we would have no open source software.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by lupin View Post
    Why is that? The majority of tools that infosec people use have taken longer than a few hours to code and are given away for free, including most of the tools you mention in your list, as well as BackTrack.

    I wouldnt be able to do most of what I do at work without free security tools, Im grateful for those who put the effort in to create them.

    Although most of the stuff that I write is quick and nasty and designed to quickly get a particular job done I'll make it available to people who ask for it.
    Well, yes, most of them on my list ARE open source, only two are closed, they happen to be the ones I paid for D:

    See, but the way I see it is, there are enough open source things out there as it is, do we really need to be handing out two rootkits that work on almost everything ive tested, from Windows ME to 7 and 2.4 and 2.6 kernel... Or a tool that can take down a webserver on a line of about... 1 mb/s :\

    Quote Originally Posted by theprez98 View Post
    If everyone followed your strict rule, we would have no open source software.
    Good thing i dont push it on others

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    HitThemLow leans way farther towards the darkside of hacking from what I have seen of him on other forums so it only makes sense that he would be against full disclosure.

  9. #9
    prowl3r
    Guest

    Default

    Amazing

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by pureh@te View Post
    HitThemLow leans way farther towards the darkside of hacking from what I have seen of him on other forums so it only makes sense that he would be against full disclosure.
    /me hopes that doesnt mean hes gonna get autobanned from remote exploit...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •