sqlmap

Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables. SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web… Continue reading sqlmap

hashcat

Hashcat is a password recovery tool, one of the fastest because it also uses the power of the GPU as well as that of the classic CPU. With hashcat you can do brute-force or dictionary attacks to an encrypted password. Dictionary attack Once you get a password’s hash, you can start a dictionary attack with following command: hashcat  –force -m 1800… Continue reading hashcat

john the ripper

John the Ripper is the main tool for cracking encrypted password. John offers different operating modes. It is possible to perform dictionary or brute force attacks. It also automatically detects the type of encryption used by the hash. Basic command For use john we must have password hash saved in a file. John’s basic command is:… Continue reading john the ripper

hydra

Hydra is the tool for excellence to perform password and brute force attacks. It is very powerful and supports various protocols, including: FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, POP3, POSTGRES, RDP, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Telnet, VMware-Auth, VNC eXMPP… Continue reading hydra

burp-suite

Burp-Suite is a IT security tool usefull for testing web applications. Its feature is capturing packets and analize them with many tools… from Proxy to Repeater, for example. How can it capture the traffic? Burp is a proxy server and all requests to a site pass through it. You have to setup proxy in your… Continue reading burp-suite

nmap

​​Nmap is a very helpful tool for scanning and mapping network, finding active hosts and services. But it also is used for discover hosts in a network and find relatives OS. Another feature of Nmap is that it can do a vulnerability scan. For these reasons it is used in the Information Gathering phase of a… Continue reading nmap