Nmap

Installation:

SYN scan plus version detection and default NSE scripts:

Official website: nmap.org

John the Ripper

Installation:

Use rockyou wordlist to brute-force Linux /etc/shadow hashes

Official website: openwall.com/john

Hydra

Installation:

Attempt SSH logins using users.txt and pass.txt

Official website: github.com/vanhauser-thc/thc-hydra

Gobuster

Installation:

Discover hidden directories on a web server with a wordlist

Official website: github.com/OJ/gobuster

ffuf

Installation:

Fuzz URL paths or parameters to find hidden endpoints

Official website: github.com/ffuf/ffuf

dCode: Caesar Cipher Online Encoder/Decoder

What it does:

– Sends your plaintext “HELLO” with a shift of 3 to the dCode

– Returns the encoded result “KHOOR”

Official website: dcode.fr/caesar-cipher

CyberChef: Web-Based Data “Recipe” Tool

Browser-based tool for on-the-fly encoding, decoding, encryption, hashing, and data analysis via a drag-and-drop “recipe” interface.

Official website: gchq.github.io/CyberChef

Upgrade Reverse Shell to Full PTY

Spawn an interactive Bash shell with proper TTY support with python3

SSH: Interactive Shell & SOCKS Proxy

Default port 22

Remote shell session over SSH

FTP: Connect & List Directory

Default port 21

FTP session (anonymous)

DNS: Query A Record

Default port 53 (UDP/TCP)

Retrieve DNS A record for a domain

Simple lookup via nslookup (port 53)

pentestmonkey/php-reverse-shell

Link for the script:

Official GitHub: github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php

Create a local file with python

Codes to use on your machine to create a local server

Access the server from the target machine

sudo informations

Find the commands that can be executed as sudo user:

Get information about the permissions of the current user:

File locations with interest

Logs from the computer

GTFOBins

Tool where you can find different ways to privilege escalation

Official website: gtfobins.github.io