weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8 from pwnwiki/giga1699

Browse Source 
IDS/IPS and Live Host Identification
This commit is contained in:
Giga Murphy 2014-02-08 18:05:42 -05:00
commit 1007bc8a98
23 changed files with 843 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

298
infogathering/index.md
View File

@ -13,6 +13,8 @@ DNS Analysis
* [fierce](../tools/fierce.md)
* [maltego](../tools/maltego.md)
* [nmap](../tools/nmap.md)
* [urlcrazy](../tools/urlcrazy.md)
* [zenmap](../tools/zenmap.md)
IDS / IPS Identification
------------
@ -45,20 +47,26 @@ Live Host Identification
* [thcping6](../tools/tchping6.md)
* [wol-e](../tools/wol-e.md)
* [xprobe2](../tools/xprobe2.md)
* [zenmap](../tools/zenmap.md)
Network Scanners
------------
* [first]()
* [second]()
* [third]()
* [dmitry](../tools/dmitry.md)
* [dnmap-client](../tools/dnmap-client.md)
* [dnmap-server](../tools/dnmap-server.md)
* [netdiscover](../tools/netdiscover.md)
* [nmap](../tools/nmap.md)
* [zenmap](../tools/zenmap.md)
OS Fingerprinting
------------
* [first]()
* [second]()
* [third]()
* [dnmap-client](../tools/dnmap-client.md)
* [dnmap-server](../tools/dnmap-server.md)
* [miranda](../tools/miranda.md)
* [nmap](../tools/nmap.md)
* [zenmap](../tools/zenmap.md)
OSINT Analysis
------------
@ -136,281 +144,3 @@ VPN Analysis
* [first]()
* [second]()
* [third]()
### dnsenum
### dnsmap
### dnsrecon
### dnsrevenum6
### dnstracer
### dnswalk
### fierce
### maltego
### nmap
[include](infogathering/nmap.md)
### urlcrazy
### zenmap
IDS/IPS Identification
### fragroute
### fragrouter
### ftest
### lbd
### wafw00f
Live Host Identification
### alive6
### arping
### cdpsnarf
### detect-new-ip6
### detect_sniffer6
### dmitry
### dnmap-client
### dnmap-server
### fping
### hping3
### inverse_lookup6
### miranda
### ncat
### netdiscover
### nmap
[include](infogathering/nmap.md)
### passive_discovery6
### thcping6
### wol-e
### xprobe2
### zenmap
Network Scanners
### dmitry
### dnmap-client
### dnmap-server
### netdiscover
### nmap
[include](infogathering/nmap.md)
### zenmap
OS Fingerprinting
### dnmap-client
### dnmap-server
### miranda
### nmap
[include](infogathering/nmap.md)
### zenmap
OSINT Analysis
### casefile
### creepy
### jigsaw
### maltego
### metagoofil
### theharvester
### twofi
### urlcrazy
Route Analysis
### 0trace
### dnmap-client
### dnmap-server
### intrace
### netmask
### trace6
Service Fingerprinting
### dnmap-client
### dnmap-server
### implementation6
### implementation6d
### ncat
### nmap
[include](infogathering/nmap.md)
### sslscan
### sslyze
### tlssled
### zenmap
SMB Analysis
### acccheck
### nbtscan
### nmap
[include](infogathering/nmap.md)
### zenmap
SMTP Analysis
### nmap
[include](infogathering/nmap.md)
### smtp-user-enum
### swaks
### zenmap
SNMP Analysis
### braa
### cisco-auditing-tool
### cisco-torch
### copy-router-config
### merge-router-config
### nmap
[include](infogathering/nmap.md)
### onesixtyone
###snmpcheck
### zenmap
SSL Analysis
### sslcaudit
### ssldump
### sslh
### sslscan
### sslsniff
### sslsniff
### sslsplit
### sslstrip
### sslyze
### stunnel4
### tlssled
Telephony Analysis
### ace
Traffic Analysis
### 0trace
### cdpsnarf
### ftest
### intrace
### irpas-ass
### irpass-cdp
### p0f
### tcpflow
### wireshark
VoIP Analysis
### ace
### enumiax
VPN Analysis
### ike-scan

41
tools/alive6.md Normal file
View File

@ -0,0 +1,41 @@
# alive6
Notes
-------
Help Text
-------
```
alive6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: alive6 [-I srcip6] [-i file] [-o file] [-DM] [-p] [-F] [-e opt] [-s port,..] [-a port,..] [-u port,..] [-W TIME] [-dlrvS] interface [unicast-or-multicast-address [remote-router]]
Shows alive addresses in the segment. If you specify a remote router, the
packets are sent with a routing header prefixed by fragmentation
Options:
-i file check systems from input file
-o file write results to output file
-M enumerate hardware addresses (MAC) from input addresses (slow!)
-D enumerate DHCP address space from input addresses
-p send a ping packet for alive check (default)
-e dst,hop send an errornous packets: destination (default), hop-by-hop
-s port,port,.. TCP-SYN packet to ports for alive check
-a port,port,.. TCP-ACK packet to ports for alive check
-u port,port,.. UDP packet to ports for alive check
-d DNS resolve alive ipv6 addresses
-n number how often to send each packet (default: local 1, remote 2)
-W time time in ms to wait after sending a packet (default: 1)
-S slow mode, get best router for each remote target or when proxy-NA
-I srcip6 use the specified IPv6 address as source
-l use link-local address instead of global address
-v verbose (twice: detailed information, thrice: dumping all packets)
Target address on command line or in input file can include ranges in the form
of 2001:db8::1-fff or 2001:db8::1-2:0-ffff:0:0-ffff, etc.
Returns -1 on errors, 0 if a system was found alive or 1 if nothing was found.
```
Example Usage
-------
Links
-------

20
tools/arping.md Normal file
View File

@ -0,0 +1,20 @@
# arping
Notes
-------
Help Text
-------
```
ARPing 2.11, by Thomas Habets <thomas@habets.se>
usage: arping [ -0aAbdDeFpqrRuv ] [ -w <us> ] [ -S <host/ip> ]
[ -T <host/ip ] [ -s <MAC> ] [ -t <MAC> ] [ -c <count> ]
[ -i <interface> ] <host/ip/MAC | -B>
For complete usage info, use --help or check the manpage.
```
Example Usage
-------
Links
-------

28
tools/cdpsnarf.md Normal file
View File

@ -0,0 +1,28 @@
# cdpsnarf
Notes
-------
Help Text
-------
```
CDPSnarf v0.1.6 [$Rev: 797 $] initiated.
Author: Tasos "Zapotek" Laskos
<tasos.laskos@gmail.com>
<zapotek@segfault.gr>
Website: http://github.com/Zapotek/cdpsnarf
cdpsnarf -i <dev> [-h] [-w savefile] [-r dumpfile] [-d]
-i define the interface to sniff on
-w write packets to PCAP dump file
-r read packets from PCAP dump file
-d show debugging information
-h show help message and exit
```
Example Usage
-------
Links
-------

22
tools/detect-new-ipv6.md Normal file
View File

@ -0,0 +1,22 @@
# detect-new-ipv6
Notes
-------
Help Text
-------
```
detect-new-ip6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: detect-new-ip6 interface [script]
This tools detects new ipv6 addresses joining the local network.
If script is supplied, it is executed with the detected IPv6 address as first
and the interface as second command line option.
```
Example Usage
-------
Links
-------

23
tools/detect_sniffer6.md Normal file
View File

@ -0,0 +1,23 @@
# detect_sniffer6
Notes
-------
Help Text
-------
```
detect_sniffer6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: detect_sniffer6 interface [target6]
Tests if systems on the local LAN are sniffing.
Works against Windows, Linux, OS/X and *BSD
If no target is given, the link-local-all-nodes address is used, which
however rarely works.
```
Example Usage
-------
Links
-------

30
tools/dmitry.md Normal file
View File

@ -0,0 +1,30 @@
# dmitry
Notes
-------
Help Text
-------
```
Deepmagic Information Gathering Tool
"There be some deep magic going on"
Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
-o Save output to %host.txt or to file specified by -o file
-i Perform a whois lookup on the IP address of a host
-w Perform a whois lookup on the domain name of a host
-n Retrieve Netcraft.com information on a host
-s Perform a search for possible subdomains
-e Perform a search for possible email addresses
-p Perform a TCP port scan on a host
* -f Perform a TCP port scan on a host showing output reporting filtered ports
* -b Read in the banner received from the scanned port
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
*Requires the -p flagged to be passed
```
Example Usage
-------
Links
-------

33
tools/dnmap_client.md Normal file
View File

@ -0,0 +1,33 @@
# dnmap_client
Notes
-------
Help Text
-------
```
+----------------------------------------------------------------------+
| dnmap Client Version 0.6 |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2 of the License, or |
| (at your option) any later version. |
| |
| Author: Garcia Sebastian, eldraco@gmail.com |
| www.mateslab.com.ar |
+----------------------------------------------------------------------+
usage: /usr/bin/dnmap_client <options>
options:
-s, --server-ip IP address of dnmap server.
-p, --server-port Port of dnmap server. Dnmap port defaults to 46001
-a, --alias Your name alias so we can give credit to you for your help. Optional
-d, --debug Debuging.
-m, --max-rate Force nmaps commands to use at most this rate. Useful to slow nmap down. Adds the --max-rate parameter.
```
Example Usage
-------
Links
-------

39
tools/dnmap_server.md Normal file
View File

@ -0,0 +1,39 @@
# dnmap_server
Notes
-------
Help Text
-------
```
+----------------------------------------------------------------------+
| dnmap_server Version 0.6 |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2 of the License, or |
| (at your option) any later version. |
| |
| Author: Garcia Sebastian, eldraco@gmail.com |
| www.mateslab.com.ar |
+----------------------------------------------------------------------+
usage: /usr/bin/dnmap_server <options>
options:
-f, --nmap-commands Nmap commands file
-p, --port TCP port where we listen for connections.
-L, --log-file Log file. Defaults to /var/log/dnmap_server.conf.
-l, --log-level Log level. Defaults to info.
-v, --verbose_level Verbose level. Give a number between 1 and 5. Defaults to 1. Level 0 means be quiet.
-t, --client-timeout How many time should we wait before marking a client Offline. We still remember its values just in case it cames back.
-s, --sort Field to sort the statical value. You can choose from: Alias, #Commands, UpTime, RunCmdXMin, AvrCmdXMin, Status
-P, --pem-file pem file to use for TLS connection. By default we use the server.pem file provided with the server in the current directory.
dnmap_server uses a '<nmap-commands-file-name>.dnmaptrace' file to know where it must continue reading the nmap commands file. If you want to start over again,
just delete the '<nmap-commands-file-name>.dnmaptrace' file
```
Example Usage
-------
Links
-------

46
tools/fping.md Normal file
View File

@ -0,0 +1,46 @@
# fping
Notes
-------
Help Text
-------
```
Usage: fping [options] [targets...]
-a show targets that are alive
-A show targets by address
-b n amount of ping data to send, in bytes (default 68)
-B f set exponential backoff factor to f
-c n count of pings to send to each target (default 1)
-C n same as -c, report results in verbose format
-e show elapsed time on return packets
-f file read list of targets from a file ( - means stdin) (only if no -g specified)
-g generate target list (only if no -f specified)
(specify the start and end IP in the target list, or supply a IP netmask)
(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)
-H n Set the IP TTL value (Time To Live hops)
-i n interval between sending ping packets (in millisec) (default 25)
-l loop sending pings forever
-m ping multiple interfaces on target host
-n show targets by name (-d is equivalent)
-p n interval between ping packets to one target (in millisec)
(in looping and counting modes, default 1000)
-q quiet (don't show per-target/per-ping results)
-Q n same as -q, but show summary every n seconds
-r n number of retries (default 3)
-s print final stats
-I if bind to a particular interface
-S addr set source address
-t n individual target initial timeout (in millisec) (default 500)
-T n ignored (for compatibility with fping 2.4)
-u show targets that are unreachable
-O n set the type of service (tos) flag on the ICMP packets
-v show version
targets list of targets to check (if no -f specified)
```
Example Usage
-------
Links
-------

31
tools/fragroute.md Normal file
View File

@ -0,0 +1,31 @@
# fragroute
Notes
-------
Help Text
-------
```
Usage: fragroute [-f file] dst
Rules:
delay first|last|random <ms>
drop first|last|random <prob-%>
dup first|last|random <prob-%>
echo <string> ...
ip_chaff dup|opt|<ttl>
ip_frag <size> [old|new]
ip_opt lsrr|ssrr <ptr> <ip-addr> ...
ip_ttl <ttl>
ip_tos <tos>
order random|reverse
print
tcp_chaff cksum|null|paws|rexmit|seq|syn|<ttl>
tcp_opt mss|wscale <size>
tcp_seg <size> [old|new]
```
Example Usage
-------
Links
-------

42
tools/fragrouter.md Normal file
View File

@ -0,0 +1,42 @@
# fragrouter
Notes
-------
Help Text
-------
```
Version 1.6
Usage: fragrouter [-i interface] [-p] [-g hop] [-G hopcount] ATTACK
where ATTACK is one of the following:
-B1: base-1: normal IP forwarding
-F1: frag-1: ordered 8-byte IP fragments
-F2: frag-2: ordered 24-byte IP fragments
-F3: frag-3: ordered 8-byte IP fragments, one out of order
-F4: frag-4: ordered 8-byte IP fragments, one duplicate
-F5: frag-5: out of order 8-byte fragments, one duplicate
-F6: frag-6: ordered 8-byte fragments, marked last frag first
-F7: frag-7: ordered 16-byte fragments, fwd-overwriting
-T1: tcp-1: 3-whs, bad TCP checksum FIN/RST, ordered 1-byte segments
-T3: tcp-3: 3-whs, ordered 1-byte segments, one duplicate
-T4: tcp-4: 3-whs, ordered 1-byte segments, one overwriting
-T5: tcp-5: 3-whs, ordered 2-byte segments, fwd-overwriting
-T7: tcp-7: 3-whs, ordered 1-byte segments, interleaved null segments
-T8: tcp-8: 3-whs, ordered 1-byte segments, one out of order
-T9: tcp-9: 3-whs, out of order 1-byte segments
-C2: tcbc-2: 3-whs, ordered 1-byte segments, interleaved SYNs
-C3: tcbc-3: ordered 1-byte null segments, 3-whs, ordered 1-byte segments
-R1: tcbt-1: 3-whs, RST, 3-whs, ordered 1-byte segments
-I2: ins-2: 3-whs, ordered 1-byte segments, bad TCP checksums
-I3: ins-3: 3-whs, ordered 1-byte segments, no ACK set
-M1: misc-1: Windows NT 4 SP2 - http://www.dataprotect.com/ntfrag/
-M2: misc-2: Linux IP chains - http://www.dataprotect.com/ipchains/
```
Example Usage
-------
Links
-------

38
tools/ftest.md Normal file
View File

@ -0,0 +1,38 @@
# ftest
Notes
-------
Help Text
-------
```
FTester client v1.0
Copyright (C) 2001-2006 Andrea Barisani <andrea@inversepath.com>
Configuration options:
-f <conf_file>
-c <source_ip>:<source_port>:<dest_ip>:<dest_port>:<flags>:<protocol>:<tos>
-v <verbose>
Timing options:
-d <delay, 0.25 = 250 ms>
-s <sleep time, 1 = 1 s>
Evasion options:
-e <evasion method>
-t <ids_ttl>
Connection options:
-r <reset connection>
-F <end connection>
-g <IP fragments number, es. 4|IP fragments size, es. 16b>
-p <TCP segments number, es. 4|TCP segments size, es 6b>
-k <cksum value, es. 60000>
-m <marker>
```
Example Usage
-------
Links
-------

102
tools/hping3.md Normal file
View File

@ -0,0 +1,102 @@
# hping3
Notes
-------
Help Text
-------
```
usage: hping3 host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
Mode
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
IP
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set don't fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+]<port> destination port(default 0) ctrl+z inc/dec
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-mss enable the TCP MSS option with the given value
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
```
Example Usage
-------
Links
-------

21
tools/inverse_lookup6.md Normal file
View File

@ -0,0 +1,21 @@
# inverse_lookup6
Notes
-------
Help Text
-------
```
inverse_lookup6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: inverse_lookup6 interface mac-address
Performs an inverse address query, to get the IPv6 addresses that are assigned
to a MAC address. Note that only few systems support this yet.
```
Example Usage
-------
Links
-------

19
tools/lbd.md Normal file
View File

@ -0,0 +1,19 @@
# lbd
Notes
-------
Help Text
-------
```
lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
Written by Stefan Behte (http://ge.mine.nu)
Proof-of-concept! Might give false positives.
usage: /usr/bin/lbd [domain]
```
Example Usage
-------
Links
-------

24
tools/miranda.md Normal file
View File

@ -0,0 +1,24 @@
# miranda.md
Notes
-------
Help Text
-------
```
Command line usage: /usr/bin/miranda [OPTIONS]
-s <struct file> Load previous host data from struct file
-l <log file> Log user-supplied commands to log file
-i <interface> Specify the name of the interface to use (Linux only, requires root)
-u Disable show-uniq-hosts-only option
-d Enable debug mode
-v Enable verbose mode
-h Show help
```
Example Usage
-------
Links
-------

65
tools/ncat.md Normal file
View File

@ -0,0 +1,65 @@
# ncat
Notes
-------
Help Text
-------
```
Ncat 6.40 ( http://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
--lua-exec <filename> Executes the given Lua script
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--ssl Connect or listen with SSL
--ssl-cert Specify SSL certificate file (PEM) for listening
--ssl-key Specify SSL private key (PEM) for listening
--ssl-verify Verify trust and domain name of certificates
--ssl-trustfile PEM file containing trusted SSL certificates
--version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples
```
Example Usage
-------
Links
-------

31
tools/passive_discovery6.md Normal file
View File

@ -0,0 +1,31 @@
# passive_discovery6
Notes
-------
Help Text
-------
```
passive_discovery6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: passive_discovery6 [-Ds] [-m maxhop] [-R prefix] interface [script]
Options:
-D do also dump destination addresses (does not work with -m)
-s do only print the addresses, no other output
-m maxhop the maximum number of hops a target which is dumped may be away.
0 means local only, the maximum amount to make sense is usually 5
-R prefix exchange the defined prefix with the link local prefix
Passivly sniffs the network and dump all client's IPv6 addresses detected.
Note that in a switched environment you get better results when additionally
starting parasite6, however this will impact the network.
If a script name is specified after the interface, it is called with the
detected ipv6 address as first and the interface as second option.
```
Example Usage
-------
Links
-------

38
tools/thcping6.md Normal file
View File

@ -0,0 +1,38 @@
# thcping6
Notes
-------
Help Text
-------
```
thcping6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: thcping6 [-af] [-H o:s:v] [-D o:s:v] [-F dst] [-t ttl] [-c class] [-l label] [-d size] [-S port|-U port] interface src6 dst6 [srcmac [dstmac [data]]]
Craft your special icmpv6 echo request packet.
You can put an "x" into src6, srcmac and dstmac for an automatic value.
Options:
-a add a hop-by-hop header with router alert option.
-q add a hop-by-hop header with quickstart option.
-E send as ethertype IPv4
-H o:s:v add a hop-by-hop header with special content
-D o:s:v add a destination header with special content
-D "xxx" add a large destination header which fragments the packet
-f add a one-shot fragementation header
-F ipv6address use source routing to this final destination
-t ttl specify TTL (default: 64)
-c class specify a class (0-4095)
-l label specify a label (0-1048575)
-d data_size define the size of the ping data buffer
-S port use a TCP SYN packet on the defined port instead of ping
-U port use a UDP packet on the defined port instead of ping
o:s:v syntax: option-no:size:value, value is in hex, e.g. 1:2:feab
Returns -1 on error or no reply, 0 on normal reply or 1 on error reply.
```
Example Usage
-------
Links
-------

43
tools/wafw00f.md Normal file
View File

@ -0,0 +1,43 @@
# wafw00f
Notes
-------
Help Text
-------
```
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Usage: wafw00f url1 [url2 [url3 ... ]]
example: wafw00f http://www.victim.org/
Options:
-h, --help show this help message and exit
-v, --verbose enable verbosity - multiple -v options increase
verbosity
-a, --findall Find all WAFs, do not stop testing on the first one
-r, --disableredirect
Do not follow redirections given by 3xx responses
-t TEST, --test=TEST Test for one specific WAF
-l, --list List all WAFs that we are able to detect
--xmlrpc Switch on the XML-RPC interface instead of CUI
--xmlrpcport=XMLRPCPORT
Specify an alternative port to listen on, default 8001
-V, --version Print out the version
```
Example Usage
-------
Links
-------

50
tools/wol-e.md Normal file
View File

@ -0,0 +1,50 @@
# wol-3
Notes
-------
Help Text
-------
```
[*] WOL-E 1.0
[*] Wake on LAN Explorer - A collection a WOL tools.
[*] by Nathaniel Carew
-m
Waking up single computers.
If a password is required use the -k 00:12:34:56:78:90 at the end of the above command.
wol-e.py -m 00:12:34:56:78:90 -b 192.168.1.255 -p <port> -k <pass>
Defaults:
Port: 9
Broadcast: 255.255.255.255
Pass: empty
-s
Sniffing the network for WOL requests and passwords.
All captured WOL requests will be displayed on screen and written to /usr/share/wol-e/WOLClients.txt.
wol-e.py -s -i eth0
-a
Bruteforce powering on WOL clients.
wol-e.py -a -p <port>
Place the address ranges into the bfmac.lst that you wish to bruteforce.
They should be in the following format:
00:12:34:56
Default port: 9
-f
Detecting Apple devices on the network for WOL enabling.
This will output to the screen and write to /usr/share/wol-e/AppleTargets.txt for detected Apple MAC's.
wol-e.py -f
-fa
Attempt to wake all detected Apple targets in /usr/share/wol-e/AppleTargets.txt.
This will send a single WOL packet to each client in the list and tell you how many clients were attempted.
wol-e.py -fa
```
Example Usage
-------
Links
-------

43
tools/xprobe2.md Normal file
View File

@ -0,0 +1,43 @@
# xprobe2
Notes
-------
Help Text
-------
```
Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
usage: xprobe2 [options] target
Options:
-v Be verbose
-r Show route to target(traceroute)
-p <proto:portnum:state> Specify portnumber, protocol and state.
Example: tcp:23:open, UDP:53:CLOSED
-c <configfile> Specify config file to use.
-h Print this help.
-o <fname> Use logfile to log everything.
-t <time_sec> Set initial receive timeout or roundtrip time.
-s <send_delay> Set packsending delay (milseconds).
-d <debuglv> Specify debugging level.
-D <modnum> Disable module number <modnum>.
-M <modnum> Enable module number <modnum>.
-L Display modules.
-m <numofmatches> Specify number of matches to print.
-T <portspec> Enable TCP portscan for specified port(s).
Example: -T21-23,53,110
-U <portspec> Enable UDP portscan for specified port(s).
-f force fixed round-trip time (-t opt).
-F Generate signature (use -o to save to a file).
-X Generate XML output and save it to logfile specified with -o.
-B Options forces TCP handshake module to try to guess open TCP port
-A Perform analysis of sample packets gathered during portscan in
order to detect suspicious traffic (i.e. transparent proxies,
firewalls/NIDSs resetting connections). Use with -T.
```
Example Usage
-------
Links
-------