User:Maffblaster/Drafts/Gentoo for hackers
From Gentoo Wiki
< User:Maffblaster | Drafts
Jump to:navigation
Jump to:search
This article showcases technology available for ethical hacking, and related activities, on Gentoo-based systems. If the software package is not available in Gentoo, then it will likely be available via the Pentoo ebuild repository. If it's not available in Pentoo, then I'll probably try to write an ebuild for it...
Ideas
Red team
Search engines.
Google:
- Google Advanced Search Operators: The Complete List (44 Advanced Operators)
- See Google Hacking Database (GHDB) at https://www.exploit-db.com/google-hacking-database.
- Fast Google Dorks Scan GitHub
Username search:
- xlek.com
- namechk.com
- whatsmyname.com
Crawlers
- shodan.io
Blue team
Risk measurement metrics
Measure risk with timers and updates... if a software project has not been updated in N number of days, increase the risk rating. If the software has an existing CVE for the targeted version, increase risk rating. If the image is 'stale', increase risk rating. Be dynamic.
Available software
Password guessing
- THC Hydra net-analyzer/hydra
OSINT
- SpiderFoot - A FOSS OSINT data collection and analysis tool Available via app-forensics/spiderfoot in pentoo.
Website recon
- Custom Wordlist Generator - A tool written in ruby that collects useful information from a website for later consumption. Available via app-text/cewl in pentoo.
Possible FOSS options include:
- smbeagle GitHub - Not (yet) available within an ebuild repo.
Search tools
- Recoll Homepage GitWeb app-misc/recoll - Could integrate for scanning accessible SMB shares as an FOSS alternative to something like Copernic Desktop Search. Missing OCR search.
- Xapian Homepage GitWeb - Same as Recoll.
Misc
- net-analyzer/hydra
- Metasploit — provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
- EyeWitness - A tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. Useful for creating reports.
- tls-scan - An Internet scale, blazing fast SSL/TLS scanner (non-blocking, event-driven).
- app-forensics/spiderfoot - An OSINT data collection tool and analysis tool written in Python. Available in the Pentoo overlay.
- freq.py - Mark Baggett's freq.py is used to DGA (Domain Generation Algorithm) hostnames often used by malware.
- volatility3 - An open source memory forensics tool written in Python.
- ChitChatter (GitHub)
- BurnerNote (GitHub)
- https://github.com/punk-security/writehat - "A pentest reporting tool written in Python. Free yourself from Microsoft Word."
- https://github.com/punk-security/pwnspoof - A tool that "generates realistic spoofed log files for common web servers with customisable attack scenarios."
- https://github.com/punk-security/dnsReaper - A sub-domain takeover tool.
Data transformation
- CyberChef [GitHub] - A data encoder/decoder utility for transforming encoded data between forms. Most useful for returning encoded data to its natural form. Available via pentoo
OpSec
Anonymity
Data sharing
Tools that may require Windows
- Get-NetShare PowerShell script Homepage
It would be nice to have these available on Gentoo...
- Velociraptor - An endpoint visibility and collection tool used for advanced digital forensics and incident response Docs.