Category Archives: tools

John does one thing and does that very well:

It can find the corresponding password for a given hash.

John has different ways to do this – we are looking at the wordlist-mode here.

gobuster is actually quite a multitool: when you look at the help page there are modules to find subdomains, directories, files and more.

Most of the time you will use gobuster to find directories and files on a webserver by using a wordlist.

There is no shortage of OSINT social media tools these days.

We already talked about sherlock and its fork – maigret.

Her is another on: scylla.

scylla is different in that it allows you to do a bunch of different searches:

We talked about sherlock earlier – maigret is quite similar. It is infact a fork of sherlock.

So it searches for a username across a wide range of social media plattforms.

It claims to be a bit more soffisticated than sherlock. Giving you less false positives.

we already talked about sublist3r – theHarvester goes some steps further.

when you want to buteforce an online service – hydra is one of the go to tools.

It supports a wide spectrum of services: ssh, mysql, ftp http-forms and many more.

Burp suite is certainly one essential tool in your web application related toolbox.

It lets you intercept web traffice, alter, reply and compare it and much more.

So very useful and a bit complex at first. Lets look into it

Preperations

nmap is a portscanner.

nmap means “network mapper” so nmap can be used to map out networks

The amazing thing is the amount of features it provides to help you gather all kinds of information.

sherlock is another OSINT tool.