Kali tools

Links

http://docs.kali.org/
Customizing Kali

https://github.com/offensive-security/kali-linux-recipes
Add Kali repositories to Debian or LMDE

This section explains how to add Kali repositories to Debian or LMDE and pin them.
All repackaged or new packages made in kali have “kali” in their version number (unless they are in the kali-bleeding-edge)
See also http://docs.kali.org/kali-policy/kali-linux-relationship-with-debian

Install their key:

gpg –keyserver pgpkeys.mit.edu –recv-key ED444FF07D8D0BF6
gpg -a –export ED444FF07D8D0BF6 | sudo apt-key add –
/etc/apt/sources.list.d/kali.list:

deb http://http.kali.org/kali kali main non-free contrib
deb-src http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main
deb-src http://repo.kali.org/kali kali-bleeding-edge main
# apt-get update
$ apt-cache policy
[…]
500 http://repo.kali.org/kali/ kali-bleeding-edge/main amd64 Packages
release o=Kali,n=kali-bleeding-edge,c=main
500 http://security.kali.org/kali-security/ kali/updates/main amd64 Packages
release o=Kali,n=kali,c=main
500 http://http.kali.org/kali/ kali/main amd64 Packages
release o=Kali,a=stable,n=kali,c=main
/etc/apt/preferences.d/kali-package-repositories.pref :

Package: *
Pin: release n=kali
Pin-Priority: 350

Package: *
Pin: release n=kali-bleeding-edge
Pin-Priority: 300
Then

apt-get update
And to use Kali repo e.g.:

apt-get install apktool
apt-get install libfreefare-bin/kali
Installing software

SDR-related

Security-related

Lists

See http://www.kali.org/news/kali-linux-metapackages/

kali-linux

apt-cache search kali-linux|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-all – Kali Linux – all packages
kali-linux-forensic – Kali Linux forensic tools
kali-linux-full – Kali Linux complete system
kali-linux-gpu – Kali Linux GPU tools
kali-linux-pwtools – Kali Linux password cracking tools
kali-linux-rfid – Kali Linux RFID tools
kali-linux-sdr – Kali Linux SDR tools
kali-linux-top10 – Kali Linux Top 10 tools
kali-linux-voip – Kali Linux VoIP tools
kali-linux-web – Kali Linux webapp assessment tools
kali-linux-wireless – Kali Linux wireless tools
kali-linux-all

apt-cache depends kali-linux-all|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux-forensic – Kali Linux forensic tools
kali-linux-full – Kali Linux complete system
kali-linux-gpu – Kali Linux GPU tools
kali-linux-pwtools – Kali Linux password cracking tools
kali-linux-rfid – Kali Linux RFID tools
kali-linux-sdr – Kali Linux SDR tools
kali-linux-top10 – Kali Linux Top 10 tools
kali-linux-voip – Kali Linux VoIP tools
kali-linux-web – Kali Linux webapp assessment tools
kali-linux-wireless – Kali Linux wireless tools
android-sdk – Android software development kit
backdoor-factory – Patch win32/64 binaries with shellcode
bing-ip2hosts – Enumerate hostnames for an IP using bing.com
device-pharmer – Search Shodan results and test credentials
doona – Network fuzzer forked from bed
freeradius – high-performance and highly configurable RADIUS server
hackersh – Shell-like wrapper of various security tools
htshells – Self contained htaccess shells and attacks
ismtp – SMTP user enumeration and testing tool
linux-exploit-suggester – Script to keep track of vulnerabilities and suggest possible exploits
masscan – Asynchronous TCP port scanner
sandi – Exploit search engine
shellnoob – Shellcode writing toolkit
teamsploit – Tools for group based penetration testing
veil-evasion – Generate payloads that bypass antivirus solutions
veil-catapult – Payload delivery tool that integrates with veil-evasion
kali-linux-top10

apt-cache depends kali-linux-top10|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
aircrack-ng – wireless WEP/WPA cracking utilities
burpsuite – platform for security testing of web applications
hydra – very fast network logon cracker
john – active password cracking tool
maltego – Open source intelligence and forensics application
maltego-teeth – Set of offensive Maltego transforms
metasploit – Penetration testing and exploit development tool with web-based interface
metasploit-framework – Framework for exploit development and vulnerability research
nmap – The Network Mapper
zaproxy – Testing tool for finding vulnerabilities in web applications.
sqlmap – automatic SQL injection tool
wireshark – network traffic analyzer – GTK+ version
kali-linux-forensic

apt-cache depends kali-linux-forensic|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
afflib-tools – support for Advanced Forensics format (utilities)
apktool – A tool for reverse engineering Android apk files
autopsy – graphical interface to SleuthKit
bulk-extractor – Extracts information without parsing filesystem
cabextract – Microsoft Cabinet file unpacker
capstone – Multi-platform, multi-architecture disassembly framework
chkrootkit – rootkit detector
creddump – Extracts credentials from Windows registry hives
cuckoo – Automated malware analysis system
dc3dd – patched version of GNU dd with forensic features
dcfldd – enhanced version of dd for forensics and security
ddrescue – Copies data from one file or block device to another.
dff – Powerful, efficient and modular digital forensic framework
dissy – graphical frontend for objdump
distorm3 – Powerful Disassembler Library For x86/AMD64
dumpzilla – Mozilla browser forensic tool
edb-debugger – Linux equivalent of OllyDbg
ewf-tools – collection of tools for reading and writing EWF files
exiv2 – EXIF/IPTC metadata manipulation tool
extundelete – utility to recover deleted files from ext3/ext4 partition
fcrackzip – password cracker for zip archives
firmware-mod-kit – Deconstruct and reconstruct firmware images
flasm – assembler and disassembler for Flash (SWF) bytecode
foremost – forensic program to recover lost files
galleta – An Internet Explorer cookie forensic analysis tool
gdb – GNU Debugger
gparted – GNOME partition editor
guymager – Forensic imaging tool based on Qt
inetsim – Software suite for simulating common internet services
iphone-backup-analyzer – iPhone backup decoder and analyzer
jad – Java decompiler
javasnoop – Intercept Java applications locally
libewf1 – library with support for Expert Witness Compression Format
libhivex-bin – utilities for reading and writing Windows Registry hives
lvm2 – Linux Logical Volume Manager
lynis – security auditing tool for Unix based systems
magicrescue – recovers files by looking for magic bytes
md5deep – Recursively compute hashsums or piecewise hashings
mdbtools – JET / MS Access database (MDB) tools
memdump – utility to dump memory contents to standard output
missidentify – a program to find win32 applications
nasm – General-purpose x86 assembler
ollydbg – 32-bit assembler level analysing debugger
p7zip-full – 7z and 7za file archivers with high compression ratio
parted – disk partition manipulator
pasco – An Internet Explorer cache forensic analysis tool
pdfid – Scans PDF files for certain PDF keywords
pdf-parser – Parses PDF files to identify fundamental elements
pdgmail – Extracts gmail artifacts from a pd dump
peepdf – PDF analysis tool
pev – text-based tool to analyze PE files
polenum – Extracts the password policy from a Windows system
radare2 – free and advanced command line hexadecimal editor
rdd – a forensic copy program
readpst – Converts Outlook PST files to mbox and others
recoverjpeg – tool to recover JPEG images from a filesystem image
reglookup – utility to read and query Windows NT/2000/XP registry
regripper – Windows registry forensics tool
rifiuti – A MS Windows recycle bin analysis tool
rifiuti2 – A MS Windows recycle bin analysis tool
safecopy – Copy utility ignoring errors
samdump2 – Dump Windows 2k/NT/XP password hashes
scalpel – A Frugal, High Performance File Carver
scrounge-ntfs – Data recovery program for NTFS filesystems
sleuthkit – collection of tools for forensics analysis on volume and file system data
smali – Assembler/disassembler for Android’s dex format
sqlitebrowser – GUI editor for SQLite databases
tcpdump – command-line network traffic analyzer
tcpflow – TCP flow recorder
tcpick – TCP stream sniffer and connection tracker
tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds
truecrack – Bruteforce password cracker for TrueCrypt volumes.
truecrypt – Cross-platform on-the-fly encryption
unrar – Unarchiver for .rar files (non-free version)
upx-ucl – efficient live-compressor for executables
vinetto – A forensics tool to examine Thumbs.db files
volafox – Memory analyzer for Mac OS X & BSD
volatility – advanced memory forensics framework
wce – Windows Credentials Editor
wireshark – network traffic analyzer – GTK+ version
xplico – Network Forensic Analysis Tool (NFAT)
kali-linux-gpu

apt-cache depends kali-linux-gpu|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
oclhashcat – GPU password cracker
pyrit – GPGPU-driven WPA/WPA2-PSK key cracker
multiforcer – GPU accelerated password cracking tool
oclgausscrack – Cracks verification hashes of the Gauss Virus
truecrack – Bruteforce password cracker for TrueCrypt volumes.
kali-linux-pwtools

apt-cache depends kali-linux-pwtools|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-gpu – Kali Linux GPU tools
chntpw – NT SAM password recovery utility
cmospwd – decrypt BIOS passwords from CMOS
crunch – Password wordlist generator
dbpwaudit – Does online password audits of DB engines
fcrackzip – password cracker for zip archives
findmyhash – Crack hashes with online services
gpp-decrypt – Group Policy Preferences decrypter
hash-identifier – Tool to identify hash types
hashcat – World’s fastest CPU-based password recovery tool
hashcat-utils – Set of small utilities for advanced password cracking
hydra – very fast network logon cracker
hydra-gtk – very fast network logon cracker – GTK+ based GUI
john – active password cracking tool
johnny – GUI for John the Ripper
keimpx – Check for valid credentials across a network over SMB
maskprocessor – High-performance word generator
medusa – fast, parallel, modular, login brute-forcer for network services
mimikatz – Uses admin rights on Windows to display passwords in plaintext
ncrack – High-speed network authentication cracking tool
ophcrack – Microsoft Windows password cracker using rainbow tables (gui)
ophcrack-cli – Microsoft Windows password cracker using rainbow tables (cmdline)
pack – Password analysis and cracking kit
passing-the-hash – Patched tools to use password hashes as authentication input
patator – Multi-purpose brute-forcer
phrasendrescher – Passphrase cracking tool
pipal – Statistical analysis on password dumps
polenum – Extracts the password policy from a Windows system
rainbowcrack – Rainbow table password cracker
rcracki-mt – Version of rcrack that supports hybrid and indexed tables
rsmangler – Wordlist mangling tool
samdump2 – Dump Windows 2k/NT/XP password hashes
seclists – Collection of multiple types of security lists
sipcrack – SIP login dumper/cracker
sipvicious – Tools for auditing SIP based VoIP systems
sqldict – Dictionary attack tool for SQL Server
statsprocessor – High-performance word-generator
sucrack – multithreaded su bruteforcer
thc-pptp-bruter – THC PPTP Brute Force
truecrack – Bruteforce password cracker for TrueCrypt volumes.
twofi – Twitter words of interest
wce – Windows Credentials Editor
wordlists – Contains the rockyou wordlist
kali-linux-rfid

apt-cache depends kali-linux-rfid|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
libfreefare-bin – MIFARE card manipulations binaries
libnfc-bin – Near Field Communication (NFC) binaries
mfcuk – MFCUK – MiFare Classic Universal toolKit
mfoc – MIFARE Classic offline cracker
mfterm – Terminal for working with Mifare Classic 1-4k Tags
python-rfidiot – Python library to explore RFID devices
kali-linux-sdr

apt-cache depends kali-linux-sdr|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
gnuradio – GNU Radio Software Radio Toolkit
chirp – Configuration tool for amateur radios
hackrf-tools – Hardware driver and tools for HackRF Jawbreaker
kalibrate-rtl – Calculate local oscillator frequency offset using GSM base stations
rtlsdr-scanner – Python frequency scanning GUI for the OsmoSDR rtl-sdr library
gr-scan – Scans a range of frequencies and prints a list of discovered signals
gqrx – Software defined radio receiver powered by GNU Radio
multimon-ng – Digital radio transmission decoder
uhd-host – universal hardware driver for Ettus Research products
uhd-images – Various UHD Images
libgnuradio-grextras – Advanced GNU Radio Blocks
libgnuradio-baz – gnuradio new functionality blocks
libgnuradio-osmosdr – GNU Radio osmosdr block
libgnuradio-osmosdr-apps – GNU Radio osmosdr applications
libgnuradio-iqbalance – I/Q balancing block
kali-linux-voip

apt-cache depends kali-linux-voip|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
ace-voip – A simple VoIP corporate directory enumeration tool
dnmap – Distributed nmap framework
enumiax – IAX protocol username enumerator
iaxflood – VoIP flooder tool
inviteflood – SIP/SDP INVITE message flooding over UDP/IP
libfindrtp – Library required by multiple VoIP tools
nmap – The Network Mapper
ohrwurm – RTP fuzzer
pjproject – A multimedia communication library for SIP
protos-sip – SIP test suite
rtpbreak – Detects, reconstructs, and analyzes RTP sessions
rtpflood – Tool to flood any RTP device
rtpinsertsound – Inserts audio into a specified stream
rtpmixsound – Mixes pre-recorded audio in real-time
sctpscan – SCTP network scanner for discovery and security
siparmyknife – SIP fuzzing tool
sipcrack – SIP login dumper/cracker
sipp – Traffic generator for the SIP protocol
sipvicious – Tools for auditing SIP based VoIP systems
voiphopper – Runs a VLAN hop security test
wireshark – network traffic analyzer – GTK+ version
kali-linux-web

apt-cache depends kali-linux-web|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
apache2 – Apache HTTP Server
apache2-mpm-event – transitional event MPM package for apache2
apache2-mpm-itk – transitional itk MPM package for apache2
apache2-mpm-prefork – transitional prefork MPM package for apache2
apache2-mpm-worker – transitional worker MPM package for apache2
apache-users – Enumerate usernames on systems with Apache UserDir module
arachni – Web Application Security Scanner Framework
automater – A IP and URL analysis tool.
bbqsql – SQL Injection Exploitation Tool
beef-xss – Browser Exploitation Framework (BeEF)
blindelephant – A generic web application fingerprinter
burpsuite – platform for security testing of web applications
cadaver – command-line WebDAV client
clusterd – Application server attack toolkit
cookie-cadger – Cookie auditing tool for wired and wireless networks
cutycapt – utility to capture WebKit’s rendering of a web page
davtest – Testing tool for WebDAV servers
dbpwaudit – Does online password audits of DB engines
dirb – URL bruteforcing tool
dirbuster – Web server directory brute-forcer
dnmap – Distributed nmap framework
dotdotpwn – DotDotPwn – The Directory Traversal Fuzzer.
eyewitness – Rapid web application triage tool
fimap – LFI and RFI exploitation tool
ftester – The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.
funkload – web testing tool
golismero – Web application mapper
grabber – Web application vulnerability scanner
hamster-sidejack – Sidejacking tool
hexorbase – Multiple database management and audit application
http-tunnel – Tunneling software to tunnel through restrictive HTTP proxies
httprint – Web server fingerprinting tool
hydra – very fast network logon cracker
hydra-gtk – very fast network logon cracker – GTK+ based GUI
ikat – Interactive Kiosk Attack Tool
inundator – Multi-threaded IDS false positive generator
jboss-autopwn – JBoss script for obtaining remote shell access
jd-gui – GUI Java .class decompiler
joomscan – OWASP Joomla Vulnerability Scanner Project
jsql – Java tool for automatic database injection
laudanum – Collection of injectable web files
lbd – Load balancer detector
maltego – Open source intelligence and forensics application
maltego-teeth – Set of offensive Maltego transforms
medusa – fast, parallel, modular, login brute-forcer for network services
mitmproxy – SSL-capable man-in-the-middle HTTP proxy
mysql-server – MySQL database server (metapackage depending on the latest version)
ncrack – High-speed network authentication cracking tool
nikto – web server security scanner
nmap – The Network Mapper
oscanner – Oracle assessment framework
owasp-mantra-ff – Web application security testing framework built on top of Firefox
padbuster – Script for performing Padding Oracle attacks
paros – Web application proxy
patator – Multi-purpose brute-forcer
php5 – server-side, HTML-embedded scripting language (metapackage)
php5-mysql – MySQL module for php5
plecost – WordPress fingerprinting tool
powerfuzzer – Highly automated and fully customizable web fuzzer
proxychains – proxy chains – redirect connections through proxy servers
proxystrike – Active web application proxy
proxytunnel – Create tcp tunnels trough HTTPS proxies, for using with SSH
ratproxy – passive web application security assessment tool
recon-ng – Web Reconnaissance framework written in Python
redsocks – arbitrary TCP connection redirector to a SOCKS or HTTPS proxy server
sidguesser – Guesses sids against an Oracle database
siege – HTTP regression testing and benchmarking utility
skipfish – fully automated, active web application security reconnaissance tool
sqldict – Dictionary attack tool for SQL Server
sqlitebrowser – GUI editor for SQLite databases
sqlmap – automatic SQL injection tool
sqlninja – SQL server injection and takeover tool
sqlsus – MySQL injection tool
sslcaudit – Tests SSL/TLS clients susceptibility to MITM attacks
ssldump – An SSLv3/TLS network protocol analyzer
sslh – ssl/ssh multiplexer
sslscan – Fast SSL scanner
sslsniff – SSL/TLS man-in-the-middle attack tool
sslstrip – SSL/TLS man-in-the-middle attack tool
sslsplit – Transparent and scalable SSL/TLS interception
sslyze – Fast and full-featured SSL scanner
stunnel4 – Universal SSL tunnel for network daemons
thc-ssl-dos – Stress tester for the SSL handshake
tlssled – Evaluates the security of a target SSL/TLS (HTTPS) server
tnscmd10g – Tool to prod the oracle tnslsnr process
ua-tester – User agent string tester
uniscan – LFI, RFI, and RCE vulnerability scanner
vega – Platform to test the security of web applications
waffit – WAF auditing tool
wapiti – web application vulnerability scanner
webacoo – Web backdoor cookie script kit
webhandler – Bash simulator to control a server using PHP system functions
webscarab – Web application review tool
webshag – Multi-threaded web server audit tool
webshells – Collection of webshells
webslayer – Web application bruteforcer
websploit – Web exploitation framework
weevely – Stealth tiny web shell
wfuzz – Web application bruteforcer
whatweb – Next generation web scanner
wireshark – network traffic analyzer – GTK+ version
wpscan – Black box WordPress vulnerability scanner
xsser – XSS testing framework
zaproxy – Testing tool for finding vulnerabilities in web applications.
kali-linux-wireless

apt-cache depends kali-linux-wireless|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-sdr – Kali Linux SDR tools
aircrack-ng – wireless WEP/WPA cracking utilities
pyrit – GPGPU-driven WPA/WPA2-PSK key cracker
asleap – A tool for exploiting Cisco LEAP networks
bluelog – Bluetooth scanner and logger
bluemaho – GUI interface for testing Bluetooth devices
bluepot – Bluetooth honeypot
blueranger – Simple Bash script to locate Bluetooth devices
bluesnarfer – A Bluesnarfing Utility
bluez – Bluetooth tools and daemons
bluez-hcidump – Analyses Bluetooth HCI packets
btscanner – ncurses-based scanner for Bluetooth devices
bully – Bully is a new implementation of the WPS brute force attack, written in C.
cowpatty – Brute-force WPA dictionary attack
crackle – Crack and decrypt BLE encryption
eapmd5pass – Tool for extracting and cracking EAP-MD5
fern-wifi-cracker – Automated wifi cracker
giskismet – Wireless recon visualization tool
iw – tool for configuring Linux wireless devices
killerbee – Framwork for ZigBee exploitation
kismet – wireless sniffer and monitor – core
libfreefare-bin – MIFARE card manipulations binaries
libnfc-bin – Near Field Communication (NFC) binaries
macchanger – utility for manipulating the MAC address of network interfaces
mdk3 – Wireless attack tool for IEEE 802.11 networks
mfcuk – MFCUK – MiFare Classic Universal toolKit
mfoc – MIFARE Classic offline cracker
mfterm – Terminal for working with Mifare Classic 1-4k Tags
oclhashcat – GPU password cracker
python-rfidiot – Python library to explore RFID devices
reaver – brute force attack tool against Wifi Protected Setup PIN number
redfang – Locates non-discoverable bluetooth devices
rfcat – The swiss army knife of sub-GHz radio.
rfkill – tool for enabling and disabling wireless devices
sakis3g – Tool for establishing 3G connections
spectools – Utilities for using the Wi-Spy USB spectrum analyzer hardware
spooftooph – Automates spoofing or cloning Bluetooth devices
ubertooth – An open source 2.4 GHz wireless development platform.
wifi-honey – Wi-Fi honeypot
wifitap – WiFi injection via a tun/tap device
wifite – Python script to automate wireless auditing using aircrack-ng tools
wireshark – network traffic analyzer – GTK+ version
kali-linux-full

Does not overlap completely the other lists, but still contains things not available in the other lists…

apt-cache depends kali-linux-full|awk ‘/Depends:/{print $2}’|xargs -n 1 -I XX apt-cache search -n ^XX$|awk ‘{n=$1;$1=””;printf (“%-30s%s\n”,n,$0)}’
kali-linux – Kali Linux base system
kali-linux-sdr – Kali Linux SDR tools
0trace – A traceroute tool that can run within an existing TCP connection.
acccheck – Password dictionary attack tool for SMB
ace-voip – A simple VoIP corporate directory enumeration tool
afflib-tools – support for Advanced Forensics format (utilities)
aircrack-ng – wireless WEP/WPA cracking utilities
amap – next-generation scanning tool for pentesters
apache-users – Enumerate usernames on systems with Apache UserDir module
apktool – A tool for reverse engineering Android apk files
arduino – AVR development board IDE and built-in libraries
arping – sends IP and/or ARP pings (to the MAC address)
arpwatch – Ethernet/FDDI station activity monitor
arp-scan – arp scanning and fingerprinting tool
asleap – A tool for exploiting Cisco LEAP networks
automater – A IP and URL analysis tool.
autopsy – graphical interface to SleuthKit
bbqsql – SQL Injection Exploitation Tool
bed – A network protocol fuzzer
beef-xss – Browser Exploitation Framework (BeEF)
binwalk – tool for searching binary images for embedded files and executable code
blindelephant – A generic web application fingerprinter
bluelog – Bluetooth scanner and logger
bluemaho – GUI interface for testing Bluetooth devices
bluepot – Bluetooth honeypot
blueranger – Simple Bash script to locate Bluetooth devices
bluesnarfer – A Bluesnarfing Utility
bluez – Bluetooth tools and daemons
bluez-hcidump – Analyses Bluetooth HCI packets
braa – Mass SNMP scanner
btscanner – ncurses-based scanner for Bluetooth devices
bully – Bully is a new implementation of the WPS brute force attack, written in C.
bulk-extractor – Extracts information without parsing filesystem
burpsuite – platform for security testing of web applications
cabextract – Microsoft Cabinet file unpacker
cadaver – command-line WebDAV client
casefile – Offline intelligence tool
cdpsnarf – Network sniffer to extract CDP information
cewl – Custom wordlist generator
cgpt – GPT manipulation tool with support for Chromium OS extensions
chirp – Configuration tool for amateur radios
chkrootkit – rootkit detector
chntpw – NT SAM password recovery utility
cisco-auditing-tool – Scans Cisco routers for vulnerabilities
cisco-global-exploiter – Simple and fast Cisco exploitation tool
cisco-ocs – Mass Cisco scanner
cisco-torch – Cisco device scanner
clang – C, C++ and Objective-C compiler (LLVM based)
cmospwd – decrypt BIOS passwords from CMOS
copy-router-config – Copies Cisco configs via SNMP
cowpatty – Brute-force WPA dictionary attack
creddump – Extracts credentials from Windows registry hives
creepy – geolocation information aggregator
cryptsetup – disk encryption support – startup scripts
crunch – Password wordlist generator
cryptcat – A lightweight version netcat extended with twofish encryption
curlftpfs – filesystem to access FTP hosts based on FUSE and cURL
cutycapt – utility to capture WebKit’s rendering of a web page
cymothoa – Stealth backdooring tool
darkstat – network traffic analyzer
davtest – Testing tool for WebDAV servers
dbd – Netcat clone with encryption
dbpwaudit – Does online password audits of DB engines
dc3dd – patched version of GNU dd with forensic features
dcfldd – enhanced version of dd for forensics and security
ddrescue – Copies data from one file or block device to another.
deblaze – Performs testing against flash remoting endpoints
dex2jar – Tools to work with android .dex and java .class files
dff – Powerful, efficient and modular digital forensic framework
dhcpig – DHCP exhaustion script
dirb – URL bruteforcing tool
dirbuster – Web server directory brute-forcer
dissy – graphical frontend for objdump
dmitry – Deepmagic Information Gathering Tool
dnmap – Distributed nmap framework
dns2tcp – TCP over DNS tunnel client and server
dnschef – DNS proxy for penetration testers
dnsenum – Tool to enumerate domain DNS information
dnsmap – DNS domain name brute forcing tool
dnsrecon – A powerful DNS enumeration script
dnstracer – trace DNS queries to the source
dnswalk – Checks dns zone information using nameserver lookups
dos2unix – convert text file line endings between CRLF and LF
dotdotpwn – DotDotPwn – The Directory Traversal Fuzzer.
dradis – Collaboration tools for penetration testing
driftnet – picks out and displays images from network traffic
dsniff – Various tools to sniff network traffic for cleartext insecurities
dumpzilla – Mozilla browser forensic tool
eapmd5pass – Tool for extracting and cracking EAP-MD5
edb-debugger – Linux equivalent of OllyDbg
enum4linux – Enumerates info from Windows and Samba systems
enumiax – IAX protocol username enumerator
ethtool – display or change Ethernet device settings
ettercap-graphical – Ettercap GUI-enabled executable
ewf-tools – collection of tools for reading and writing EWF files
exiv2 – EXIF/IPTC metadata manipulation tool
exploitdb – Searchable Exploit Database archive
extundelete – utility to recover deleted files from ext3/ext4 partition
fcrackzip – password cracker for zip archives
fern-wifi-cracker – Automated wifi cracker
fierce – Domain DNS scanner
fiked – Cisco VPN attack tool
fimap – LFI and RFI exploitation tool
findmyhash – Crack hashes with online services
flasm – assembler and disassembler for Flash (SWF) bytecode
foremost – forensic program to recover lost files
fping – sends ICMP ECHO_REQUEST packets to network hosts
fragroute – Test a NIDS by attempting to evade using fragmented packets
fragrouter – IDS evasion toolkit
framework2 – Metasploit Framework 2
ftester – The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.
funkload – web testing tool
galleta – An Internet Explorer cookie forensic analysis tool
gdb – GNU Debugger
ghost-phisher – GUI suite for phishing and penetration attacks
giskismet – Wireless recon visualization tool
golismero – Web application mapper
goofile – Command line filetype search
gpp-decrypt – Group Policy Preferences decrypter
grabber – Web application vulnerability scanner
guymager – Forensic imaging tool based on Qt
hackrf-tools – Hardware driver and tools for HackRF Jawbreaker
hamster-sidejack – Sidejacking tool
hash-identifier – Tool to identify hash types
hashcat – World’s fastest CPU-based password recovery tool
hashcat-utils – Set of small utilities for advanced password cracking
hexinject – Versatile packet injector and sniffer
hexorbase – Multiple database management and audit application
hotpatch – Hot patches Linux executables with .so file injection
hping3 – Active Network Smashing Tool
hydra – very fast network logon cracker
hydra-gtk – very fast network logon cracker – GTK+ based GUI
i2c-tools – heterogeneous set of I2C tools for Linux
iaxflood – VoIP flooder tool
ifenslave – configure network interfaces for parallel routing (bonding)
ifenslave-2.6 – Attach and detach slave interfaces to a bonding device
ikat – Interactive Kiosk Attack Tool
ike-scan – discover and fingerprint IKE hosts (IPsec VPN Servers)
inetsim – Software suite for simulating common internet services
intersect – Post-exploitation framework
intrace – Traceroute-like application piggybacking on existing TCP connections
inundator – Multi-threaded IDS false positive generator
inviteflood – SIP/SDP INVITE message flooding over UDP/IP
iodine – tool for tunneling IPv4 data through a DNS server
irpas – Internetwork Routing Protocol Attack Suite
isr-evilgrade – Evilgrade framework
jad – Java decompiler
javasnoop – Intercept Java applications locally
jboss-autopwn – JBoss script for obtaining remote shell access
john – active password cracking tool
johnny – GUI for John the Ripper
joomscan – OWASP Joomla Vulnerability Scanner Project
jsql – Java tool for automatic database injection
keepnote – cross-platform note-taking and organization application
keimpx – Check for valid credentials across a network over SMB
killerbee – Framwork for ZigBee exploitation
kismet – wireless sniffer and monitor – core
laudanum – Collection of injectable web files
lbd – Load balancer detector
leafpad – GTK+ based simple text editor
libcrafter – Library to generate and sniff network packets
libewf1 – library with support for Expert Witness Compression Format
libfindrtp – Library required by multiple VoIP tools
libfreefare-bin – MIFARE card manipulations binaries
libhivex-bin – utilities for reading and writing Windows Registry hives
libnfc-bin – Near Field Communication (NFC) binaries
lynis – security auditing tool for Unix based systems
macchanger – utility for manipulating the MAC address of network interfaces
magicrescue – recovers files by looking for magic bytes
magictree – Penetration tester productivity tool
maltego – Open source intelligence and forensics application
maltego-teeth – Set of offensive Maltego transforms
maskprocessor – High-performance word generator
mc – Midnight Commander – a powerful file manager
md5deep – Recursively compute hashsums or piecewise hashings
mdbtools – JET / MS Access database (MDB) tools
mdk3 – Wireless attack tool for IEEE 802.11 networks
medusa – fast, parallel, modular, login brute-forcer for network services
memdump – utility to dump memory contents to standard output
metagoofil – Tool designed for extracting metadata of public documents
metasploit – Penetration testing and exploit development tool with web-based interface
metasploit-framework – Framework for exploit development and vulnerability research
armitage – Cyber attack management for Metasploit
mfcuk – MFCUK – MiFare Classic Universal toolKit
mfoc – MIFARE Classic offline cracker
mfterm – Terminal for working with Mifare Classic 1-4k Tags
mimikatz – Uses admin rights on Windows to display passwords in plaintext
minicom – friendly menu driven serial communication program
miranda – UPNP administration tool
miredo – Teredo IPv6 tunneling through NATs
missidentify – a program to find win32 applications
mitmproxy – SSL-capable man-in-the-middle HTTP proxy
multiforcer – GPU accelerated password cracking tool
multimac – Create multiple MACs on an adapter
nasm – General-purpose x86 assembler
nbtscan – A program for scanning networks for NetBIOS name information
ncat-w32 – Netcat for the 21st century
ncrack – High-speed network authentication cracking tool
ncurses-hexedit – Edit files/disks in hex, ASCII and EBCDIC
netdiscover – active/passive network address scanner using arp requests
netmask – helps determine network masks
netsed – network packet-altering stream editor
netsniff-ng – packet sniffing beast
netwag – graphical frontend for netwox
nfspy – ID-spoofing NFS client
ngrep – grep for network traffic
nikto – web server security scanner
nipper-ng – Device security configuration review tool
nmap – The Network Mapper
ohrwurm – RTP fuzzer
ollydbg – 32-bit assembler level analysing debugger
onesixtyone – fast and simple SNMP scanner
openvas – Openvas dummy package.
ophcrack – Microsoft Windows password cracker using rainbow tables (gui)
ophcrack-cli – Microsoft Windows password cracker using rainbow tables (cmdline)
oscanner – Oracle assessment framework
p0f – Passive OS fingerprinting tool
pack – Password analysis and cracking kit
padbuster – Script for performing Padding Oracle attacks
paros – Web application proxy
pasco – An Internet Explorer cache forensic analysis tool
passing-the-hash – Patched tools to use password hashes as authentication input
patator – Multi-purpose brute-forcer
pdfid – Scans PDF files for certain PDF keywords
pdf-parser – Parses PDF files to identify fundamental elements
pdgmail – Extracts gmail artifacts from a pd dump
peepdf – PDF analysis tool
perl-cisco-copyconfig – Provides methods for manipulating Cisco devices
pev – text-based tool to analyze PE files
phrasendrescher – Passphrase cracking tool
pipal – Statistical analysis on password dumps
pjproject – A multimedia communication library for SIP
plecost – WordPress fingerprinting tool
polenum – Extracts the password policy from a Windows system
powerfuzzer – Highly automated and fully customizable web fuzzer
powersploit – PowerShell Post-Exploitation Framework
protos-sip – SIP test suite
proxychains – proxy chains – redirect connections through proxy servers
proxystrike – Active web application proxy
proxytunnel – Create tcp tunnels trough HTTPS proxies, for using with SSH
ptunnel – Tunnel TCP connections over ICMP packets
pwnat – NAT to NAT client-server communication
pyrit – GPGPU-driven WPA/WPA2-PSK key cracker
python-impacket – Python module to easily build and dissect network protocols
python-impacket-doc – Python module to easily build and dissect network protocols
python-rfidiot – Python library to explore RFID devices
python-scapy – Packet generator/sniffer and network scanner/discovery
rainbowcrack – Rainbow table password cracker
radare2 – free and advanced command line hexadecimal editor
rake – ruby make-like utility
ratproxy – passive web application security assessment tool
rcracki-mt – Version of rcrack that supports hybrid and indexed tables
rdd – a forensic copy program
readpst – Converts Outlook PST files to mbox and others
reaver – brute force attack tool against Wifi Protected Setup PIN number
rebind – DNS rebinding tool
recon-ng – Web Reconnaissance framework written in Python
recordmydesktop – Captures audio-video data of a Linux desktop session
recoverjpeg – tool to recover JPEG images from a filesystem image
redfang – Locates non-discoverable bluetooth devices
redsocks – arbitrary TCP connection redirector to a SOCKS or HTTPS proxy server
reglookup – utility to read and query Windows NT/2000/XP registry
regripper – Windows registry forensics tool
responder – NBT-NS/LLMNR Responder
rifiuti – A MS Windows recycle bin analysis tool
rifiuti2 – A MS Windows recycle bin analysis tool
rsmangler – Wordlist mangling tool
rtpbreak – Detects, reconstructs, and analyzes RTP sessions
rtpflood – Tool to flood any RTP device
rtpinsertsound – Inserts audio into a specified stream
rtpmixsound – Mixes pre-recorded audio in real-time
safecopy – Copy utility ignoring errors
sakis3g – Tool for establishing 3G connections
samdump2 – Dump Windows 2k/NT/XP password hashes
sbd – Secure backdoor for linux and windows
scalpel – A Frugal, High Performance File Carver
scrounge-ntfs – Data recovery program for NTFS filesystems
sctpscan – SCTP network scanner for discovery and security
sendemail – lightweight, command line SMTP email client
set – Social-Engineer Toolkit
sfuzz – Black Box testing utilities
sidguesser – Guesses sids against an Oracle database
siege – HTTP regression testing and benchmarking utility
siparmyknife – SIP fuzzing tool
sipcrack – SIP login dumper/cracker
sipp – Traffic generator for the SIP protocol
sipvicious – Tools for auditing SIP based VoIP systems
skipfish – fully automated, active web application security reconnaissance tool
sleuthkit – collection of tools for forensics analysis on volume and file system data
smali – Assembler/disassembler for Android’s dex format
smtp-user-enum – Username guessing tool primarily for the SMTP service.
sniffjoke – Transparent TCP connection scrambler
snmpcheck – SNMP service enumeration tool
socat – multipurpose relay for bidirectional data transfer
spectools – Utilities for using the Wi-Spy USB spectrum analyzer hardware
spidermonkey-bin – standalone JavaScript/ECMAScript (ECMA-262) interpreter
spike – Network protocol fuzzer
spooftooph – Automates spoofing or cloning Bluetooth devices
sqldict – Dictionary attack tool for SQL Server
sqlitebrowser – GUI editor for SQLite databases
sqlmap – automatic SQL injection tool
sqlninja – SQL server injection and takeover tool
sqlsus – MySQL injection tool
sslcaudit – Tests SSL/TLS clients susceptibility to MITM attacks
ssldump – An SSLv3/TLS network protocol analyzer
sslh – ssl/ssh multiplexer
sslscan – Fast SSL scanner
sslsniff – SSL/TLS man-in-the-middle attack tool
sslstrip – SSL/TLS man-in-the-middle attack tool
sslsplit – Transparent and scalable SSL/TLS interception
sslyze – Fast and full-featured SSL scanner
statsprocessor – High-performance word-generator
stunnel4 – Universal SSL tunnel for network daemons
suckless-tools – simple commands for minimalistic window managers
sucrack – multithreaded su bruteforcer
swaks – SMTP command-line test tool
t50 – Multi-protocol packet injector tool
tcpflow – TCP flow recorder
tcpick – TCP stream sniffer and connection tracker
tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds
termineter – Smart meter testing framework
tftpd32 – Open source ipv6-ready TFTP server for Windows
thc-ipv6 – The Hacker Choice’s IPv6 Attack Toolkit
thc-pptp-bruter – THC PPTP Brute Force
thc-ssl-dos – Stress tester for the SSL handshake
theharvester – theHarvester is a tool for gathering e-mail accounts and subdomain names from public sources.
tlssled – Evaluates the security of a target SSL/TLS (HTTPS) server
tnscmd10g – Tool to prod the oracle tnslsnr process
truecrack – Bruteforce password cracker for TrueCrypt volumes.
truecrypt – Cross-platform on-the-fly encryption
twofi – Twitter words of interest
u3-pwn – Injects executables onto U3 USB devices
ua-tester – User agent string tester
udptunnel – tunnel UDP packets over a TCP connection
unetbootin – installer of Linux/BSD distributions to a partition or USB drive
uniscan – LFI, RFI, and RCE vulnerability scanner
unicornscan – Userland distributed TCP/IP stack
unix-privesc-check – Script to check for simple privilege escalation vectors
urlcrazy – Domain typo generator
vboot-kernel-utils – Chrome OS verified boot utils required to sign kernels
vboot-utils – Chrome OS verified boot utils
vega – Platform to test the security of web applications
vim-gtk – Vi IMproved – enhanced vi editor – with GTK2 GUI
vinetto – A forensics tool to examine Thumbs.db files
vlan – user mode programs to enable VLANs on your ethernet devices
voiphopper – Runs a VLAN hop security test
volafox – Memory analyzer for Mac OS X & BSD
volatility – advanced memory forensics framework
vpnc – Cisco-compatible VPN client
w3af – framework to find and exploit web application vulnerabilities
waffit – WAF auditing tool
wapiti – web application vulnerability scanner
wce – Windows Credentials Editor
webacoo – Web backdoor cookie script kit
webscarab – Web application review tool
webshag – Multi-threaded web server audit tool
webshells – Collection of webshells
webslayer – Web application bruteforcer
websploit – Web exploitation framework
weevely – Stealth tiny web shell
winexe – Remote Windows-command executor
wfuzz – Web application bruteforcer
whatweb – Next generation web scanner
wifi-honey – Wi-Fi honeypot
wifitap – WiFi injection via a tun/tap device
wifite – Python script to automate wireless auditing using aircrack-ng tools
windows-binaries – Various pentesting Windows binaries
wireshark – network traffic analyzer – GTK+ version
wol-e – Wake on LAN Explorer
wordlists – Contains the rockyou wordlist
wpscan – Black box WordPress vulnerability scanner
wvdial – intelligent Point-to-Point Protocol dialer
xpdf – Portable Document Format (PDF) reader
xprobe – Remote OS identification
xspy – X server sniffer
xsser – XSS testing framework
xtightvncviewer – virtual network computing client software for X
yersinia – Network vulnerabilities check software
zaproxy – Testing tool for finding vulnerabilities in web applications.
zenmap – The Network Mapper Front End
zim – graphical text editor based on wiki technologies

 

@firebitsbr

Compilando debugger edb (visual debugger open source) no fedora 20 x86-64

Segue:

dependências pré-reqs para instalação:
yum install qt qt-config qt-devel -y

baixando os sources codes:
wget http://codef00.com/projects/debugger-0.9.20.tgz

extraindo:
tar -xvvf debugger-0.9.20.tgz

compilando  e instalando:
cd debugger/
qmake-qt4
make
make install

executando o debbuger
edb

screenshoot:

f20x86_64-devel-edb

f20x86_64-devel-edb-lightdm

referências:

http://codef00.com/projects
http://www.mentebinaria.com.br/artigos/0x1f/0x1f-maqengrevlnx.html

@firebitsbr

Solucionando problemas com “go get” para import packages de terceiros

Você está contente e feliz com golang e sabe que há outros “imports” de outros desenvolvedores/terceiros que podem ser interessantes para seu projeto.

Então quando você tentar importar esse côdigo para seu projeto, por exemplo:

# go get github.com/astaxie/beego

Dá um erro, falando que está faltando o comando para obter o repositório de source code, no caso, para este projeto Beego, que usaram o Git:

[root@localhost github.com]# go get github.com/astaxie/beego
go: missing Git command. See http://golang.org/s/gogetcmd
package github.com/astaxie/beego: exec: “git”: executable file not found in $PATH

Então para resolvermos este problemas e outros similares, devemos instalar o git, mas já vamos instalar outras comandos de outros projetos de repositórios de source codes, pois a experiência que já tive anteriormente é que estes são os mais usados (no caso do fedora, será como o comando abaixo, mas em outras distros, deve-se verificar antes como fazer):

yum install git mercurial subversion bzr -y

Geralmente ao clonar o código de uma área remota (ex: github) para um área local (seu filesystem), todo código clonado irá para este path:

/usr/lib64/golang/src/
/usr/lib64/golang/pkg/linux_amd64/

Sendo criado os paths acima + github.com/astaxie/beego baseado em go get github.com/astaxie/beego

Por exemplo:

/usr/lib64/golang/src/github.com/astaxie/beego
/usr/lib64/golang/pkg/linux_amd64/github.com/astaxie/beego

Agora funciona!

@firebitsbr

Setar variável persistente do $GOPATH no Fedora 20

É sempre chato ter que setar a variável de ambiente ($GOPATH) para trabalhar com Golang, no Fedora 20 a cada vez que se abre um shell.

Então para tornar essa variável persistente (export GOPATH=/usr/lib64/golang), é só setar nos arquivos:

.bashrc
.bash_profile

Exemplo abaixo:

[root@localhost test]# cat .bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# Uncomment the following line if you don’t like systemctl’s auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

export GOPATH=/usr/lib64/golang

[root@localhost test]# cat .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/.local/bin:$HOME/bin

export PATH

export GOPATH=/usr/lib64/golang

Fechar todos os terminais (no caso de estar usando X11) ou efetuar logoff em caso de um server sem X11.

Depois, para testar é só digitar no shell:

[root@localhost test]# $GOPATH
bash: /usr/lib64/golang: Is a directory

se retornar “Is a directory” está setado corretamente.

@firebitsbr

OpenVAS7 for OpenSUSE13.1.x x86_64 via OBS

OpenVAS for openSUSE via OBS

Step 1: Configure OBS Repository
(as user root, only once, you can replace “13.1.x” with other release names)

zypper ar -f  http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v7/openSUSE_13.1/ openvas

Step 2: Quick-Install OpenVAS
(as user root, only once)

zypper ref && zypper in -t pattern openvas

Step 3: Quick-Start OpenVAS
(as user root, only once, during first time you will be asked to set a password for user “admin”)

openvas-setup

Step 4: Log into OpenVAS as “admin”

Open https://localhost:9392/.

OBS: Modificado da fonte, apenas para atualizar a release do OpenSuSE 13.1.x x86_64

fonte:http://openvas.org/install-packages-v6.html#openvas_opensuse_obs

@firebitsbr