Add Background Images Here
Download the Full CyberLabs VM
This comprehensive package also includes numerous well-designed labs for practice. Take advantage of the opportunity to easily download and engage with these valuable resources.
To utilize the CyberLabs platform, you will need to install VirtualBox on your machine. Once VirtualBox is installed, simply import the provided .ova file into the software.
List of Hands-on Labs in CyberLabs
Introduction to memory references beyond boundaries of C data structures.
bufoverflow
An example program vulnerable to a stack buffer overflow.
buf64
A 64-bit version of the bufoverflow lab
printf
Introduction to memory references made by printf, and the potential for exploitation.
formatstring
Explore C library printf function vulnerabilities.
format64
A 64-bit version of the formatstring lab
retlibc
Exploit a program using a buffer overflow and return-to-libc.
metasploit
Use metasploit on a Kali Linux system to attack a "metasploitable" host.
setuid-env
Risks of the setuid feature, including environment variables.
ghidra
Reverse engineer a simple vulnerable service to discover and demonstrate some of its properties.
cgc
Explore over 200 vulnerable services from the DARPA Cyber Grand Challenge.
telnetlab
The student uses telnet to access a remote computer, and employs the tcpdump tool to view plaintext passwords, and to observe how use of ssh mitigates that vulnerability.
nmap-discovery
The nmap utility is used to locate an ssh server on a network and to discover the port number being used by the service.
nmap-ssh
The nmap utility is utilized in combination with the tshark network traffic analysis utility to demonstrate a security problem with an ssh server.
network-basics
Basic networking including ARP, ping and an introduction to TCP/IP.
routing-basics
A simple routing example with two LANs and an internet connection via NAT
dns
An introduction to DNS fuctions and its protocol.
iptables
The iptables utility is used to configure a “firewall” component to only forward selected application service traffic between a client and a server.
tcpip
TCP/IP protocol vulnerabilities, including SYN flooding, RST attacks and session hijacking. arp-spoofUse of ARP spoofing for Man-in-the-middle attacks.
local-dns
DNS spoofing and cache poisoning on a local area network.
snort
Use of snort for network intrusion detection
dmz-lab
Set up a DMZ for an enterprise.
radius
Use a Radius authentication service to authenticate network devices.
ldap
Authenticate users of Linux servers using an LDAP service.
bird-bgp
Explore the Gateway Border Protocol and configure a BGP router.
bird-ospf
Explore the Open Shortest Path First router protocol and use it to create a spoofed website.
wireshark-intro
Introduction to the use of Wireshark analyze network traffic.
packet-introspection
Use Wireshark for more advanced analysis of network traffic
pcap-lib
Develop programs using the PCAP library to analyze an unknown packet capture.
netflow
Explore the NetFlow network traffic protocol and data record type using the CMU SiLK software suite.
macs-hash
Exploration of cryptographic hashes and the potential for hash collisions.
onewayhash
Introduction to generating cryptographic hashes using the openssl utility.
pubkey
Explore public key certificates from a variety of web sites
sshlab
Use of a public/private key pair to access a server via ssh.
ssh-agent
Use an SSH agent to manage your private key and avoid retyping your passphase
ssh-tunnel
Use ssh tunnels to access remote computers.
ssl
Use of SSL to authenticate both sides of a connection, includes creating and signing certificates
symkeylab
Exploration of symmetric key encryption modes.
vpnlab
Example use of OpenVPN to protect network traffic.
vpnlab2
Similar to vpnlab, but with the use of a vpn gateway.
webtrack
Illustrates web tracking techniques and the role of ad servers, derived from a SEED lab.
xforge
Cross Site Request Forgery with a vulnerable web site, derived from a SEED lab.
xsite
Cross site scripting attacks on a vulnerable web server, derived from a SEED lab.
sql-inject
SQL injection attacks and countermeasures, derived from a SEED lab.
gdblesson
Introduce use of GDB to debug a simple C program.
gdb-cpp
Expand on the use of GDB to debug a simple C++ program.
strace
Introduction to system call traces.
ida2
Illustrate the lossy nature of code compilation and underscores the challenges of reverse engineering a compiled binary.
acl
Acess Control Lists (ACLs) on Linux
db-access
Control sharing of information within an SQL database per an information security policy.
backups2
Using tar and dump/restore for file backups, including remote backups.
capabilities
Use of Linux capabilites to limit program privileges.
sys-log
System log basic usage and configuration on an Ubuntu system.
centos-log
System log basic usage and configuration on a CentOS system.
file-deletion
Data recovery from deleted files within EXT2 and NTFS file systems.
file-integrity
File integrity checking and intrusion detection with AIDE
pass-crack
Introduction to passwords and elementary cracking schemes.
denyhost
Use of the denyhost utility to block brute force attacks on SSH
ossec
Host-based IDS with OSSEC.
users
Introduction to managing users and groups and file permissions.
Unix-commands
Introduction to Linux and shell commands.
softplc
Program a software-based programmable logic controller (PLC)
plc-forensics
Forensic analysis of a PLC session from a rouge client.
plc-forensics-adv
Forensic analysis of a PLC session from a rouge client, including CIP & EtherNet/IP protocols.
plc
Simulated example of a vulnerable Programmable Logic Controller system.
plc-app
Application firewall and whitelisting to protect a PLC.
iptables-ics
Use iptables to limit traffic destined for a PLC through a firewall.
grassmarlin
Introduction to the GrassMarlin SCADA/ICS network discovery tool.
plc-traffic
Use the GrassMarlin tool to view traffic you generate interacting with a PLC.
gdblesson
Introduce use of GDB to debug a simple C program.
gdb-cpp
Expand on the use of GDB to debug a simple C++ program.
quantum
Explores quantum algorithms: (1) teleportation; and, (2) Grover's algorithm.
parallel
Explores parallel computing by compiling and running MPI programs.
web-brokenaccess
Explore broken access control, which happens when the application allows a user to perform unauthorized actions.
web-brokenauth
This lab covers how to reset password using a GET request, how to bypass multifactor authentication, and how decode session tokens.
web-inject
Explore SQL/NoSQL injections along with Web based injections using PUT/POST/PATCH.
web-insdes
Explore insecure deserialization, which happens when the developer doesn’t check serialized data that a user sends to the application.
web-inslog
Use logging and monitoring to detect system infiltration by looking for traffic which usually doesn’t correspond to the normal traffic.
web-sde
Explores the disclosure of data which is not meant to be publicly accessible, known as sensitive data exposure (SDE).
web-secmis
Web server security misconfigurations which result in vulnerabilities.
web-vulcom
Explore using components with known vulnerabilities. You might have totally secured your own code, but what about the dependencies you are using?
web-xss
Cross-site scripting (XSS), which is a type of vulnerability commonly found in web applications.
web-xxe
An XML External Entity attack is a type of attack against an application that parses XML input.
Hacking Tools Covered in CyberLabs
1. aircrack-ng A suite of tools used for wireless network security assessment, including monitoring, attacking, and cracking.
2. airgeddon A Wi-Fi security suite, featuring multiple functionalities for attacking, auditing, and monitoring Wi-Fi networks.
3. airgraph-ng A tool that generates visual graphs of captured wireless data, providing insights into network traffic patterns.
4. amass A domain mapping and vulnerability identification tool that gathers information about an organization’s internet assets.
5. arjun A script enumeration tool that identifies and exploits potentially insecure parameters in web applications.
6. arpwatch A utility for monitoring Address Resolution Protocol (ARP) tables and alerting when new devices are detected on the network.
7. asset finder A reconnaissance tool used for discovering subdomains and related assets of a target domain.
8. autopsy A digital forensics tool that helps analyze and recover data from hard drives and other storage devices.
9. beef-xss A browser exploitation framework designed to exploit browser vulnerabilities and run various payloads.
10. bettercap A network reconnaissance and attack utility supporting a wide range of protocols and features.
11. btscanner A Bluetooth device scanner used to extract information from Bluetooth-enabled devices within range.
12. burpsuite A powerful web application security testing tool that includes a range of features for scanning and intercepting HTTP requests.
13. chntpw A utility for resetting passwords on Windows NT/2000/XP/2003/Vista/7 systems by modifying the Security Account Manager (SAM) files.
14. cisco-torch A tool designed for discovering and exploiting vulnerabilities in Cisco routers and network devices.
15. commix A tool aimed at detecting and exploiting command injection vulnerabilities in web applications.
16. crunch A wordlist generation tool that creates custom dictionaries for password-cracking activities.
17. cryptsetup A utility for creating and managing encrypted filesystems based on the Linux Unified Key Setup (LUKS) specification.
18. cryptsetup-suspend A wrapper for cryptsetup that suspends and resumes LUKS-encrypted filesystems during system hibernation.
19. dirbuster A multi-threaded directory and file enumeration tool used to discover hidden directories and files within a web server.
20. dirsearch A simple script for brute-forcing directories and files on web servers.
21. dmitry A network security scanner that performs a wide range of information gathering tasks, such as banner grabbing and email address harvesting.
22. dnsenum A DNS enumeration tool that extracts domain information, such as DNS records and zone transfers.
23. dnsrecon A tool for performing DNS reconnaissance, including enumeration, record lookups, and reverse lookups.
24. driftnet A utility for intercepting and displaying images from network traffic.
25. dvwa A web application designed for practicing web application security testing techniques in a legal environment.
26. ettercap A network sniffer and man-in-the-middle attack tool supporting various protocols and offering various plugins for additional functionality.
27. evil-winrm A Windows Remote Management (WinRM) shell for easily connecting and executing commands on remote Windows systems.
28. fern-wifi-cracker An auditing and attack tool for Wi-Fi networks, featuring an easy-to-use GUI and automation options.
29. ffuf A fast web fuzzer used to discover resources, directories, and vulnerabilities in web applications.
30. fierce A DNS reconnaissance tool that quickly identifies non-contiguous IP address spaces and hostnames for a given domain.
31. foremost A data carving tool for recovering deleted data based on file headers, footers, and internal data structures.
32. ghidra A reverse engineering tool for analyzing binary files, including disassembly, decompilation, and scripting capabilities.
33. gobuster A directory, file, and DNS subdomain bruteforcing tool written in Go.
34. goldeneye An HTTP denial of service (DoS) attack tool that targets web servers.
35. guymager A disk imaging tool used for forensic acquisition and recovery of data from storage devices.
36. hakrawler A web crawler and reconnaissance tool for discovering information about web applications, such as subdomains and URL paths.
37. hashcat A fast and advanced password recovery tool that supports various hashing algorithms.
38. hping3 A network tool for crafting custom packets, scanning, testing firewalls, and performing traceroutes.
39. httrack A website mirroring and offline browser utility that downloads entire websites for offline browsing.
40. jadx A reverse engineering tool that decompiles Android APK files to Java source code.
41. john A powerful and flexible password-cracking tool, also known as John the Ripper, designed for detecting weak passwords.
42. hashcat A powerful and versatile password recovery tool that supports various hashing algorithms and can be used for cracking hashes in an efficient manner.
43. hping3 A network tool that can generate custom packets, identify open ports, test firewalls, and perform traceroutes, among other functions.
44. httrack A website downloader that can mirror whole websites and make them available for offline browsing.
45. jadx A reverse engineering tool that can decompile Android APK files into Java source code, making it easier to analyze and understand the application.
46. john Also known as John the Ripper, it is a popular password-cracking tool that can identify weak passwords across various hashing algorithms.
47. johnny A graphical interface for John the Ripper, making it user-friendly and easy to manage the password cracking process.
48. king-phisher A phishing campaign toolkit that allows security researchers and penetration testers to create and manage realistic phishing simulations.
49. kismet A wireless network detection, monitoring, and intrusion detection system that can sniff 802.11a/b/g/n networks and offer various insights.
50. legion An automated network reconnaissance tool that discovers potential vulnerabilities and weaknesses in a network infrastructure.
51. libcryptsetup-dev A development library for cryptsetup, which is used for creating and managing encrypted filesystems based on the Linux Unified Key Setup (LUKS) specification.
52. libcryptsetup12 A runtime library for cryptsetup, providing the necessary support to interact with encrypted filesystems.
53. libregfi-dev A development library for interacting with Windows Registry File (REGF) format files.
54. libregfi1 A runtime library for interacting with Windows Registry File (REGF) format files.
55. lynis A security and system auditing tool that helps in hardening Linux and Unix systems by identifying potential misconfigurations and security weaknesses.
56. macchanger A utility for changing a network device's MAC address, useful in bypassing network filters and enhancing privacy.
57. maltego A data analysis and link analysis tool that provides insight into the relationships and real-world connections between data points.
58. masscan A fast and flexible port scanning utility used for identifying open network services and analyzing network security.
59. medusa A parallelized and modular login brute-forcing tool, supporting a wide range of protocols, including FTP, HTTP, SMB, and more.
60. metagoofil An information gathering and metadata extraction tool that can search and download documents from public websites.
61. metasploit-framework A popular penetration testing framework that simplifies the process of exploiting known vulnerabilities in networks and systems.
62. mimikatz A credential harvesting tool that can extract plaintext passwords and Kerberos tickets from Windows systems.
63. nbtscan A tool for scanning NetBIOS networks and extracting information about hosts and their services.
64. ncat A modern incarnation of the classic netcat tool, offering enhanced functionality and support for various protocols.
65. ndiff A utility that compares the results of two Nmap scans to identify differences in network configuration or security.
66. netcat A versatile networking tool used for reading and writing data across network connections with support for various protocols.
67. netdiscover A network scanning tool that uses ARP requests to identify live hosts and devices on a network.
68. nmap A widely used network scanning and auditing tool used for discovering hosts, services, and vulnerabilities on a network.
69. nuclei A fast and configurable template-based vulnerability scanner for web applications, APIs, and infrastructure.
70. ollydbg A Windows-based debugger used for reverse engineering and analyzing binary files, including malware and executables.
71. parsero A web server log parsing tool that can identify potential vulnerabilities and information leaks from incorrectly configured servers.
72. pipal A password analysis tool that can generate statistics and insight into the strength and patterns of user passwords.
73. powershell A scripting language and automation framework developed by Microsoft for managing and automating tasks on Windows systems.
74. python3-pyregfi A Python library for interacting with and parsing Windows Registry File (REGF) format files.
75. rainbowcrack A password hashing and time-memory tradeoff tool that uses precomputed tables (rainbow tables) to speed up the password cracking process.
76. recon-ng A powerful web reconnaissance framework that can discover and analyze data about hosts, domains, and IP addresses.
77. redeye A command-line tool used for automating the process of discovering subdomains by leveraging certificate transparency logs.
78. reglookup A command-line tool for investigating the contents of Windows Registry files by providing structured query support.
79. ruzle An advanced wordlist generator and manipulation tool that can create custom dictionary files for password cracking and brute-forcing tasks.
80. responder A network analysis tool that can intercept and respond to different authentication protocols, effectively helping in LAN-based penetration testing and credential harvesting.
81. rkhunter A rootkit scanning tool that checks Linux and Unix systems for the presence of known rootkits, backdoors, and suspicious files.
82. scalpel A file carving tool used for recovering deleted data from various filesystems by scanning for identifiable file signatures.
83. set Short for Social-Engineer Toolkit, it is a collection of tools and techniques designed to target human behavior through phishing, spear phishing, and other social engineering attacks.
84. sherlock A tool that searches for usernames across multiple social networks, which aids in uncovering the digital footprint of a target user.
85. skipfish A web application scanning tool that can analyze websites for potential vulnerabilities, misconfigurations, and security weaknesses.
86. socat A versatile network utility that can create bidirectional data transfers between two addresses and supports a wide range of protocols.
87. sqlmap A popular tool for detecting and exploiting SQL injection vulnerabilities in web applications, allowing attackers to interact with the targeted database.
88. sslstrip A man-in-the-middle (MITM) attack tool that can intercept and modify HTTPS requests, effectively downgrading them to HTTP and allowing the capture of sensitive information.
89. steghide A steganography utility that can hide sensitive data within images or audio files without visibly altering the file structure.
90. subfinder A subdomain discovery tool that uses a combination of passive sources, web scraping, and other techniques to identify subdomains related to a target domain.
91. sublist3r A Python-based tool used for enumerating subdomains of a given domain by leveraging OSINT and search engine data.
92. tcpdump A widely used network packet sniffer that can capture and display live network traffic, allowing for protocol analysis and troubleshooting.
93. testdisk A powerful data recovery tool used for restoring lost partitions, recovering deleted files, and repairing damaged filesystems.
94. theharvester An information-gathering tool for discovering email addresses, subdomains, IP addresses, and other data related to a target domain.
95. webhttrack The web-based version of the popular HTTrack website mirroring tool, enabling users to download entire websites for offline browsing.
96. wfuzz A web application vulnerability scanner and fuzzer that can discover security issues and vulnerabilities in web applications by testing various input parameters.
97. whatweb A website fingerprinting tool that identifies web technologies and versions, web server platforms, CMS software, and other relevant information about a target website.
98. wifiphisher A Wi-Fi phishing tool used for capturing WPA/WPA2 passwords, creating rogue access points, and performing man-in-the-middle attacks.
99. wifite An automated tool for attacking, auditing, and cracking Wi-Fi networks to test and improve wireless network security.
100. wireshark A popular network protocol analyzer that can capture and analyze live network traffic, allowing deeper insights into network communication and performance.
101. wordlists Collections of strings and phrases commonly used for password cracking, brute-force attacks, and dictionary attacks against authentication mechanisms.
102. wpscan A WordPress vulnerability scanning tool designed to identify security issues, outdated plugins, and other potential weak spots in a WordPress website.
103. xsser An automated tool for detecting and exploiting cross-site scripting (XSS) vulnerabilities in web applications.
2. airgeddon A Wi-Fi security suite, featuring multiple functionalities for attacking, auditing, and monitoring Wi-Fi networks.
3. airgraph-ng A tool that generates visual graphs of captured wireless data, providing insights into network traffic patterns.
4. amass A domain mapping and vulnerability identification tool that gathers information about an organization’s internet assets.
5. arjun A script enumeration tool that identifies and exploits potentially insecure parameters in web applications.
6. arpwatch A utility for monitoring Address Resolution Protocol (ARP) tables and alerting when new devices are detected on the network.
7. asset finder A reconnaissance tool used for discovering subdomains and related assets of a target domain.
8. autopsy A digital forensics tool that helps analyze and recover data from hard drives and other storage devices.
9. beef-xss A browser exploitation framework designed to exploit browser vulnerabilities and run various payloads.
10. bettercap A network reconnaissance and attack utility supporting a wide range of protocols and features.
11. btscanner A Bluetooth device scanner used to extract information from Bluetooth-enabled devices within range.
12. burpsuite A powerful web application security testing tool that includes a range of features for scanning and intercepting HTTP requests.
13. chntpw A utility for resetting passwords on Windows NT/2000/XP/2003/Vista/7 systems by modifying the Security Account Manager (SAM) files.
14. cisco-torch A tool designed for discovering and exploiting vulnerabilities in Cisco routers and network devices.
15. commix A tool aimed at detecting and exploiting command injection vulnerabilities in web applications.
16. crunch A wordlist generation tool that creates custom dictionaries for password-cracking activities.
17. cryptsetup A utility for creating and managing encrypted filesystems based on the Linux Unified Key Setup (LUKS) specification.
18. cryptsetup-suspend A wrapper for cryptsetup that suspends and resumes LUKS-encrypted filesystems during system hibernation.
19. dirbuster A multi-threaded directory and file enumeration tool used to discover hidden directories and files within a web server.
20. dirsearch A simple script for brute-forcing directories and files on web servers.
21. dmitry A network security scanner that performs a wide range of information gathering tasks, such as banner grabbing and email address harvesting.
22. dnsenum A DNS enumeration tool that extracts domain information, such as DNS records and zone transfers.
23. dnsrecon A tool for performing DNS reconnaissance, including enumeration, record lookups, and reverse lookups.
24. driftnet A utility for intercepting and displaying images from network traffic.
25. dvwa A web application designed for practicing web application security testing techniques in a legal environment.
26. ettercap A network sniffer and man-in-the-middle attack tool supporting various protocols and offering various plugins for additional functionality.
27. evil-winrm A Windows Remote Management (WinRM) shell for easily connecting and executing commands on remote Windows systems.
28. fern-wifi-cracker An auditing and attack tool for Wi-Fi networks, featuring an easy-to-use GUI and automation options.
29. ffuf A fast web fuzzer used to discover resources, directories, and vulnerabilities in web applications.
30. fierce A DNS reconnaissance tool that quickly identifies non-contiguous IP address spaces and hostnames for a given domain.
31. foremost A data carving tool for recovering deleted data based on file headers, footers, and internal data structures.
32. ghidra A reverse engineering tool for analyzing binary files, including disassembly, decompilation, and scripting capabilities.
33. gobuster A directory, file, and DNS subdomain bruteforcing tool written in Go.
34. goldeneye An HTTP denial of service (DoS) attack tool that targets web servers.
35. guymager A disk imaging tool used for forensic acquisition and recovery of data from storage devices.
36. hakrawler A web crawler and reconnaissance tool for discovering information about web applications, such as subdomains and URL paths.
37. hashcat A fast and advanced password recovery tool that supports various hashing algorithms.
38. hping3 A network tool for crafting custom packets, scanning, testing firewalls, and performing traceroutes.
39. httrack A website mirroring and offline browser utility that downloads entire websites for offline browsing.
40. jadx A reverse engineering tool that decompiles Android APK files to Java source code.
41. john A powerful and flexible password-cracking tool, also known as John the Ripper, designed for detecting weak passwords.
42. hashcat A powerful and versatile password recovery tool that supports various hashing algorithms and can be used for cracking hashes in an efficient manner.
43. hping3 A network tool that can generate custom packets, identify open ports, test firewalls, and perform traceroutes, among other functions.
44. httrack A website downloader that can mirror whole websites and make them available for offline browsing.
45. jadx A reverse engineering tool that can decompile Android APK files into Java source code, making it easier to analyze and understand the application.
46. john Also known as John the Ripper, it is a popular password-cracking tool that can identify weak passwords across various hashing algorithms.
47. johnny A graphical interface for John the Ripper, making it user-friendly and easy to manage the password cracking process.
48. king-phisher A phishing campaign toolkit that allows security researchers and penetration testers to create and manage realistic phishing simulations.
49. kismet A wireless network detection, monitoring, and intrusion detection system that can sniff 802.11a/b/g/n networks and offer various insights.
50. legion An automated network reconnaissance tool that discovers potential vulnerabilities and weaknesses in a network infrastructure.
51. libcryptsetup-dev A development library for cryptsetup, which is used for creating and managing encrypted filesystems based on the Linux Unified Key Setup (LUKS) specification.
52. libcryptsetup12 A runtime library for cryptsetup, providing the necessary support to interact with encrypted filesystems.
53. libregfi-dev A development library for interacting with Windows Registry File (REGF) format files.
54. libregfi1 A runtime library for interacting with Windows Registry File (REGF) format files.
55. lynis A security and system auditing tool that helps in hardening Linux and Unix systems by identifying potential misconfigurations and security weaknesses.
56. macchanger A utility for changing a network device's MAC address, useful in bypassing network filters and enhancing privacy.
57. maltego A data analysis and link analysis tool that provides insight into the relationships and real-world connections between data points.
58. masscan A fast and flexible port scanning utility used for identifying open network services and analyzing network security.
59. medusa A parallelized and modular login brute-forcing tool, supporting a wide range of protocols, including FTP, HTTP, SMB, and more.
60. metagoofil An information gathering and metadata extraction tool that can search and download documents from public websites.
61. metasploit-framework A popular penetration testing framework that simplifies the process of exploiting known vulnerabilities in networks and systems.
62. mimikatz A credential harvesting tool that can extract plaintext passwords and Kerberos tickets from Windows systems.
63. nbtscan A tool for scanning NetBIOS networks and extracting information about hosts and their services.
64. ncat A modern incarnation of the classic netcat tool, offering enhanced functionality and support for various protocols.
65. ndiff A utility that compares the results of two Nmap scans to identify differences in network configuration or security.
66. netcat A versatile networking tool used for reading and writing data across network connections with support for various protocols.
67. netdiscover A network scanning tool that uses ARP requests to identify live hosts and devices on a network.
68. nmap A widely used network scanning and auditing tool used for discovering hosts, services, and vulnerabilities on a network.
69. nuclei A fast and configurable template-based vulnerability scanner for web applications, APIs, and infrastructure.
70. ollydbg A Windows-based debugger used for reverse engineering and analyzing binary files, including malware and executables.
71. parsero A web server log parsing tool that can identify potential vulnerabilities and information leaks from incorrectly configured servers.
72. pipal A password analysis tool that can generate statistics and insight into the strength and patterns of user passwords.
73. powershell A scripting language and automation framework developed by Microsoft for managing and automating tasks on Windows systems.
74. python3-pyregfi A Python library for interacting with and parsing Windows Registry File (REGF) format files.
75. rainbowcrack A password hashing and time-memory tradeoff tool that uses precomputed tables (rainbow tables) to speed up the password cracking process.
76. recon-ng A powerful web reconnaissance framework that can discover and analyze data about hosts, domains, and IP addresses.
77. redeye A command-line tool used for automating the process of discovering subdomains by leveraging certificate transparency logs.
78. reglookup A command-line tool for investigating the contents of Windows Registry files by providing structured query support.
79. ruzle An advanced wordlist generator and manipulation tool that can create custom dictionary files for password cracking and brute-forcing tasks.
80. responder A network analysis tool that can intercept and respond to different authentication protocols, effectively helping in LAN-based penetration testing and credential harvesting.
81. rkhunter A rootkit scanning tool that checks Linux and Unix systems for the presence of known rootkits, backdoors, and suspicious files.
82. scalpel A file carving tool used for recovering deleted data from various filesystems by scanning for identifiable file signatures.
83. set Short for Social-Engineer Toolkit, it is a collection of tools and techniques designed to target human behavior through phishing, spear phishing, and other social engineering attacks.
84. sherlock A tool that searches for usernames across multiple social networks, which aids in uncovering the digital footprint of a target user.
85. skipfish A web application scanning tool that can analyze websites for potential vulnerabilities, misconfigurations, and security weaknesses.
86. socat A versatile network utility that can create bidirectional data transfers between two addresses and supports a wide range of protocols.
87. sqlmap A popular tool for detecting and exploiting SQL injection vulnerabilities in web applications, allowing attackers to interact with the targeted database.
88. sslstrip A man-in-the-middle (MITM) attack tool that can intercept and modify HTTPS requests, effectively downgrading them to HTTP and allowing the capture of sensitive information.
89. steghide A steganography utility that can hide sensitive data within images or audio files without visibly altering the file structure.
90. subfinder A subdomain discovery tool that uses a combination of passive sources, web scraping, and other techniques to identify subdomains related to a target domain.
91. sublist3r A Python-based tool used for enumerating subdomains of a given domain by leveraging OSINT and search engine data.
92. tcpdump A widely used network packet sniffer that can capture and display live network traffic, allowing for protocol analysis and troubleshooting.
93. testdisk A powerful data recovery tool used for restoring lost partitions, recovering deleted files, and repairing damaged filesystems.
94. theharvester An information-gathering tool for discovering email addresses, subdomains, IP addresses, and other data related to a target domain.
95. webhttrack The web-based version of the popular HTTrack website mirroring tool, enabling users to download entire websites for offline browsing.
96. wfuzz A web application vulnerability scanner and fuzzer that can discover security issues and vulnerabilities in web applications by testing various input parameters.
97. whatweb A website fingerprinting tool that identifies web technologies and versions, web server platforms, CMS software, and other relevant information about a target website.
98. wifiphisher A Wi-Fi phishing tool used for capturing WPA/WPA2 passwords, creating rogue access points, and performing man-in-the-middle attacks.
99. wifite An automated tool for attacking, auditing, and cracking Wi-Fi networks to test and improve wireless network security.
100. wireshark A popular network protocol analyzer that can capture and analyze live network traffic, allowing deeper insights into network communication and performance.
101. wordlists Collections of strings and phrases commonly used for password cracking, brute-force attacks, and dictionary attacks against authentication mechanisms.
102. wpscan A WordPress vulnerability scanning tool designed to identify security issues, outdated plugins, and other potential weak spots in a WordPress website.
103. xsser An automated tool for detecting and exploiting cross-site scripting (XSS) vulnerabilities in web applications.
Copyright 2023 Rocheston