Category Archives: tools
John – everybody’s most favorite ripper
John does one thing and does that very well: It can find the corresponding password for a given hash. John has different ways to do this – we are looking at the wordlist-mode here. We will talk about hashes in a different article – for now we … Read more What is that?
Apr
gobuster – finding files, directories and subdomains
gobuster is actually quite a multitool: when you look at the help page there are modules to find subdomains, directories, files and more. Most of the time you will use gobuster to find directories and files on a webserver by using a wordlist. Secondly you can use … Read more What is it?
Apr
scylla – another OSINT social media tool
There is no shortage of OSINT social media tools these days. We already talked about sherlock and its fork – maigret. Her is another on: scylla. scylla is different in that it allows you to do a bunch of different searches: you can search for a credit … Read more What is it?
Apr
Maigret – the Sherlock fork
We talked about sherlock earlier – maigret is quite similar. It is infact a fork of sherlock. So it searches for a username across a wide range of social media plattforms. It claims to be a bit more soffisticated than sherlock. Giving you less false positives. What … Read more What is it?
Apr
theHarvester – looking for all there is
we already talked about sublist3r – theHarvester goes some steps further. you can find theHarvester on Github or install it through apt if you are on kali. It is also an OSINT tool but covers a broader area than sublist3r. theHarvester tries to find subdomains, email … Read more What is it for?
Mar
hydra – the multi-protocol online cracker
when you want to buteforce an online service – hydra is one of the go to tools. It supports a wide spectrum of services: ssh, mysql, ftp http-forms and many more. You can use wordlists for both usernames and passwords or you can use the bruteforce feature.… Read more What is it?
Mar
Burp Suite – owning the web traffic Part 1
Burp suite is certainly one essential tool in your web application related toolbox. It lets you intercept web traffice, alter, reply and compare it and much more. So very useful and a bit complex at first. Lets look into it Since you will be using Burp … Read more What is it?
Preperations
Mar
nmap – portscanning unleashed – the basics
nmap is a portscanner. nmap means “network mapper” so nmap can be used to map out networks The amazing thing is the amount of features it provides to help you gather all kinds of information. It is one of the tools that grows on you as you … Read more What is it?
Feb
sherlock – the social media stalker
sherlock is another OSINT tool. You can find it here on Github or install it through apt if you are on kali. Sherlock allows you to search a huge number of social networks for a username. Imagine you know someones username on facebook. You could assume … Read more What is it for?
Feb