Index
A
- access credentials, Weevely
- getting / Getting access credentials
- Aircrack-ng tool / Wireless Analysis
- Anonymous menu, BackBox
- about / Anonymous
- Armitage tool / Exploitation
- Arp-scan tool / Information Gathering
- arp command / An SSL MITM attack using sslstrip
- Arping tool / Information Gathering
- Auditing menu, BackBox / The organization of tools in BackBox
- Information Gathering / Information Gathering
- Vulnerability Assessment / Vulnerability Assessment
- Exploitation / Exploitation
- Privilege Escalation / Privilege Escalation
- Maintaining Access / Maintaining Access
- Documentation & Reporting / Documentation
- Reverse Engineering / Reverse Engineering
- Social Engineering / Social Engineering
- Stress Testing / Stress Testing
- Stress Testing menu / Stress Testing
- Forensic Analysis / Forensic Analysis
- Forensic Analysis menu / Forensic Analysis
- VoIP Analysis / VoIP Analysis
- Wireless Analysis / Wireless Analysis
- Miscellaneous / Miscellaneous
- Automater
- about / Automater
- Automater tool / Information Gathering
B
- BackBox
- about / A flexible penetration testing distribution
- requirements / A flexible penetration testing distribution
- Auditing menu / The organization of tools in BackBox
- Services menu / Services
- Update menu / Update
- Anonymous menu / Anonymous
- privacy-protection tools / Extras
- completeness / Completeness, accuracy, and support
- accuracy / Completeness, accuracy, and support
- support / Completeness, accuracy, and support
- URL / Links and contacts
- BackBox 3.13 / Anonymous
- Backfuzz tool / Stress Testing
- BeEF tool / Social Engineering
- Bokken tool / Reverse Engineering
- Bugzilla
C
- Chntpw tool / Privilege Escalation
- common vulnerabilities exposure (CVE) / An example of vulnerability verification
- common vulnerability environment (CVE) / Vulnerability Assessment
- common vulnerability scoring system (CVSS) / False positives
- config files
- enumerating / Enumerating config files
- content management system (CMS) / Automater
- content management systems (CMS) / Information Gathering
- Creepy tool / Information Gathering
- Crunch tool / Privilege Escalation
- Cryptcat tool / Miscellaneous
- CVE-2007-1036
- URL / Scanning
- Cvechecker tool / Vulnerability Assessment
D
- Dcfldd tool / Forensic Analysis
- Ddrescue tool / Forensic Analysis
- DFF tool / Forensic Analysis
- Dictstat tool / Privilege Escalation
- Dissy tool / Reverse Engineering
- Dnsmasq Version 2.62 / An example of vulnerability verification
- Documentation & Reporting
- Dradis tool / Documentation
- MagicTree tool / Documentation
- Dradis tool / Documentation
- Driftnet tool / Privilege Escalation
- Dsniff tool / Privilege Escalation
- Dumpzilla tool / Forensic Analysis
E
- encrypted password
- searching / Finding the encrypted password
- encrypted SSL/TLS traffic
- sniffing / Sniffing encrypted SSL/TLS traffic
- MITM attack, with sslstrip / An SSL MITM attack using sslstrip
- ettercap command / An SSL MITM attack using sslstrip
- Ettercap tool / Privilege Escalation
- Exploitation
- Sqlmap tool / Exploitation
- MSF tool / Exploitation
- Armitage tool / Exploitation
- Fimap tool / Exploitation
- Htexploit tool / Exploitation
- Joomscan tool / Exploitation
- W3af tool / Exploitation
- Wpscan tool / Exploitation
- about / Exploitation
F
- false positives
- about / False positives
- Fang tool / Privilege Escalation
- Fcrackzip tool / Privilege Escalation
- file
- editing / Editing files
- Fimap tool / Exploitation
- Flasm tool / Reverse Engineering
- Foremost tool / Forensic Analysis
- Forensic Analysis
- Dcfldd tool / Forensic Analysis
- Ddrescue tool / Forensic Analysis
- Guymager tool / Forensic Analysis
- DFF tool / Forensic Analysis
- Foremost tool / Forensic Analysis
- Photorec tool / Forensic Analysis
- Scalpel tool / Forensic Analysis
- Testdisk tool / Forensic Analysis
- Ntfs-3g tool / Forensic Analysis
- Dumpzilla tool / Forensic Analysis
- Steghide tool / Forensic Analysis
- Vinetto tool / Forensic Analysis
- Xplico tool / Forensic Analysis
G
- Ghex tool / Reverse Engineering
- graphical user interface (GUI) / A flexible penetration testing distribution
- Guymager tool / Forensic Analysis
H
- Hashcat tool / Privilege Escalation
- Honeyd tool / Social Engineering
- host command / Information gathering
- Hping3 tool / Miscellaneous
- Htexploit tool / Exploitation
- Httpfs tool / Miscellaneous
- Hydra
- used, for remote password cracking / Remote password cracking with Hydra and xHydra
I
- Information Gathering
- about / Information Gathering, Information gathering
- Arping tool / Information Gathering
- Arp-scan tool / Information Gathering
- Automater tool / Information Gathering
- Knock tool / Information Gathering
- Nbtscan tool / Information Gathering
- Sslyze tool / Information Gathering
- theHarvester tool / Information Gathering
- Zenmap tool / Information Gathering
- Recon-ng tool / Information Gathering
- WhatWeb tool / Information Gathering
- Creepy tool / Information Gathering
- from unknown system / Starting with an unknown system
- from unknown system, Automater used / Automater
- from unknown system, Whatweb used / Whatweb
- from unknown system, Recon-ng used / Recon-ng
- from known system / Proceeding with a known system
- from known system, Nmap used / Nmap
- scanning / Scanning
- Exploitation / Exploitation
- Inundator tool / Miscellaneous
- Iodine tool / Maintaining Access
J
- JBoss
- about / Scanning
- John the Ripper
- used, for offline password cracking / Offline password cracking using John the Ripper
- John tool / Privilege Escalation
- Joomscan tool / Exploitation
K
- Kismet tool / Wireless Analysis
- Knock tool / Information Gathering
M
- MagicTree
- about / MagicTree – the auditing productivity tool
- URL, for documentation / MagicTree – the auditing productivity tool
- templates / MagicTree – the auditing productivity tool
- MagicTree tool / Documentation
- Maintaining Access
- Iodine tool / Maintaining Access
- Ptunnel tool / Maintaining Access
- Weevely tool / Maintaining Access
- Maskgen tool / Privilege Escalation
- MD5 decrypter
- Mdk3 tool / Wireless Analysis
- Medusa tool / Privilege Escalation
- Miscellaneous
- Cryptcat tool / Miscellaneous
- Hping3 tool / Miscellaneous
- Httpfs tool / Miscellaneous
- Inundator tool / Miscellaneous
- Ncat tool / Miscellaneous
- Ndiff tool / Miscellaneous
- Netcat tool / Miscellaneous
- Nping tool / Miscellaneous
- Proxychanins tool / Miscellaneous
- Shred tool / Miscellaneous
- Thc-ipv6 tool / Miscellaneous
- Wipe tool / Miscellaneous
- MITM attack
- about / Sniffing encrypted SSL/TLS traffic
- with sslstrip / An SSL MITM attack using sslstrip
- MSF
- about / Exploitation
- MSF tool / Exploitation
N
- Nasm tool / Reverse Engineering
- Nbtscan tool / Information Gathering
- Ncat tool / Miscellaneous
- Ndiff tool / Miscellaneous
- Ndisasm tool / Reverse Engineering
- Netcat tool / Miscellaneous
- Ngrep tool / Privilege Escalation
- Nikto tool / Vulnerability Assessment
- Nmap
- Nping tool / Miscellaneous
- Ntfs-3g tool / Forensic Analysis
O
- offline password cracking
- with John the Ripper / Offline password cracking using John the Ripper
- OpenVAS
- about / Setting up the environment
- vulnerability scan, executing with / Running the scan with OpenVAS
- OpenVAS tool / Vulnerability Assessment
- Ophcrack tool / Privilege Escalation
P
- password cracking
- about / Password cracking
- offline password cracking / Offline password cracking using John the Ripper
- remote password cracking / Remote password cracking with Hydra and xHydra
- Pdfcrack tool / Privilege Escalation
- Penetration Testing
- Information Gathering / Information gathering
- Photorec tool / Forensic Analysis
- Policygen tool / Privilege Escalation
- privacy-protection tools / Extras
- Privilege Escalation
- Dictstat tool / Privilege Escalation
- Maskgen tool / Privilege Escalation
- Policygen tool / Privilege Escalation
- Rulegen tool / Privilege Escalation
- Hashcat tool / Privilege Escalation
- Chntpw tool / Privilege Escalation
- Crunch tool / Privilege Escalation
- Fcrackzip tool / Privilege Escalation
- John tool / Privilege Escalation
- Ophcrack tool / Privilege Escalation
- Pdfcrack tool / Privilege Escalation
- Truecrack tool / Privilege Escalation
- Fang tool / Privilege Escalation
- Medusa tool / Privilege Escalation
- Xhydra tool / Privilege Escalation
- Driftnet tool / Privilege Escalation
- Dsniff tool / Privilege Escalation
- Ettercap tool / Privilege Escalation
- Ngrep tool / Privilege Escalation
- Sslsniff tool / Privilege Escalation
- Sslstrip tool / Privilege Escalation
- Tcpdump tool / Privilege Escalation
- Wireshark tool / Privilege Escalation
- Proxychanins tool / Miscellaneous
- Ptunnel tool / Maintaining Access
- Pyrit tool / Wireless Analysis
R
- Reaver tool / Wireless Analysis
- Recon-ng
- about / Recon-ng
- Recon-ng tool / Information Gathering
- remote password cracking
- with Hydra / Remote password cracking with Hydra and xHydra
- with xHydra / Remote password cracking with Hydra and xHydra
- Reverse Engineering
- Bokken tool / Reverse Engineering
- Dissy tool / Reverse Engineering
- Flasm tool / Reverse Engineering
- Ghex tool / Reverse Engineering
- Nasm tool / Reverse Engineering
- Ndisasm tool / Reverse Engineering
- RIPS tool / Vulnerability Assessment
- Rulegen tool / Privilege Escalation
S
- --show command / Offline password cracking using John the Ripper
- Scalpel tool / Forensic Analysis
- scanning
- about / Scanning
- Securityfocus
- URL / An example of vulnerability verification
- about / An example of vulnerability verification
- Discussion section / An example of vulnerability verification
- Exploit section / An example of vulnerability verification
- Solution section / An example of vulnerability verification
- References section / An example of vulnerability verification
- Services menu, BackBox
- about / Services
- SET tool / Social Engineering
- Shred tool / Miscellaneous
- Siege tool / Stress Testing
- Sipcrack tool / VoIP Analysis
- Skipfish tool / Vulnerability Assessment
- Slowhttptest tool / Stress Testing
- Social Engineering
- Honeyd tool / Social Engineering
- Thpot tool / Social Engineering
- SET tool / Social Engineering
- BeEF tool / Social Engineering
- Websploit tool / Social Engineering
- sql.console command / Getting access credentials
- SQL injection
- exploiting / Exploitation of a SQL injection on a database
- exploiting, Sqlmap used / Sqlmap usage and vulnerability exploitation
- Sqlmap
- used, for exploiting SQL injection / Sqlmap usage and vulnerability exploitation
- Sqlmap tool / Exploitation
- SqlmSQL injection
- encrypted password, searching / Finding the encrypted password
- Sslsniff tool / Privilege Escalation
- sslstrip
- used, for MITM attack / An SSL MITM attack using sslstrip
- sslstrip.log file / An SSL MITM attack using sslstrip
- Sslstrip tool / Privilege Escalation
- Sslyze tool / Information Gathering
- Steghide tool / Forensic Analysis
- Stress Testing
- Siege tool / Stress Testing
- Slowhttptest tool / Stress Testing
- Thc-ssl-dos tool / Stress Testing
- Backfuzz tool / Stress Testing
- Tcpjunk tool / Stress Testing
- system commands, Weevely
- performing / Performing system commands
- system information
- gathering / Gathering full system information
T
- Tcpdump tool / Privilege Escalation
- Tcpjunk tool / Stress Testing
- Testdisk tool / Forensic Analysis
- Thc-ipv6 tool / Miscellaneous
- Thc-ssl-dos tool / Stress Testing
- theHarvester tool / Information Gathering
- Thpot tool / Social Engineering
- Truecrack tool / Privilege Escalation
U
- Update menu, BackBox
- about / Update
V
- Vinetto tool / Forensic Analysis
- VoIP Analysis
- Sipcrack tool / VoIP Analysis
- Vulnerability Assessment
- about / Vulnerability Assessment
- Cvechecker tool / Vulnerability Assessment
- RIPS tool / Vulnerability Assessment
- OpenVAS tool / Vulnerability Assessment
- Nikto tool / Vulnerability Assessment
- Skipfish tool / Vulnerability Assessment
- ZAP tool / Vulnerability Assessment
- vulnerability scan
- performing / Vulnerability scanning
- setting up / Setting up the environment
- executing, with OpenVAS / Running the scan with OpenVAS
- vulnerability scan report
- classifying, for false positives / False positives
- high-level vulnerability / False positives
- medium-level vulnerability / False positives
- verification example / An example of vulnerability verification
W
- W3af
- used, for web application exploitation / Exploiting web applications with W3af
- W3af tool / Exploitation
- web application exploitation
- performing, with W3af / Exploiting web applications with W3af
- Websploit tool / Social Engineering
- Weevely
- about / Backdoor Weevely
- functions / Backdoor Weevely
- using / Weevely in URL
- system commands, performing / Performing system commands
- config files, enumerating / Enumerating config files
- access credentials, getting / Getting access credentials
- file, editing / Editing files
- full system information, gathering / Gathering full system information
- Weevely tool / Maintaining Access
- Whatweb
- about / Whatweb
- WhatWeb tool / Information Gathering
- Wi-Fi Protected Setup (WPS) / Wireless Analysis
- Wifite tool / Wireless Analysis
- Wipe tool / Miscellaneous
- Wireless Analysis
- Aircrack-ng tool / Wireless Analysis
- Mdk3 tool / Wireless Analysis
- Pyrit tool / Wireless Analysis
- Reaver tool / Wireless Analysis
- Wifite tool / Wireless Analysis
- Wirouterkeyrec tool / Wireless Analysis
- Kismet tool / Wireless Analysis
- Wireshark tool / Privilege Escalation
- Wirouterkeyrec tool / Wireless Analysis
- Wpscan tool / Exploitation
X
- xHydra
- used, for remote password cracking / Remote password cracking with Hydra and xHydra
- Xhydra tool / Privilege Escalation
Z
- ZAP tool / Vulnerability Assessment
- Zenmap tool / Information Gathering