Merge pull request #3 from pwnwiki/reorg

Reorganization of current files and template creation

config.json

@@ -1,5 +1,5 @@
 {
-    "title": "KaliWiki"
+    "title": "KaliWiki",
     "useSideMenu": true,
     "additionalFooterText": "All content and images © by Pwn Wiki Team",
 }

infogathering/index.md

@@ -1,23 +1,142 @@
+# Information Gathering 
+
 DNS Analysis
 ------------
 
-### dnsdict6
+ * [dnsdict6](../tools/dnsdict6.md)
+ * [dnsenum](../tools/dnsenum.md)
+ * [dnsmap](../tools/dnsmap.md)
+ * [dnsrecon](../tools/dnsrecon.md)
+ * [dnsrevenum6](../tools/dnsrevenum6.md)
+ * [dnstracer](../tools/dnstracer.md)
+ * [dnswalk](../tools/dnswalk.md)
+ * [fierce](../tools/fierce.md)
+ * [maltego](../tools/maltego.md)
+ * [nmap](../tools/nmap.md)
+
+IDS / IPS Identification
+------------
+
+ * [fragroute](../tools/fragroute.md)
+ * [fragrouter](../tools/fragrouter.md)
+ * [ftest](../tools/ftest.md)
+ * [lbd](../tools/lbd.md)
+ * [wafw00f](../tools/wafw00f.md)
+
+Live Host Identification
+------------
+
+ * [alive6](../tools/alive6.md)
+ * [arping](../tools/arping.md)
+ * [cdpsnarf](../tools/cdpsnarf.md)
+ * [detect-new-ip6](../tools/detect-new-ip6.md)
+ * [detect_sniffer6](../tools/detect_sniffer6.md)
+ * [dmitry](../tools/dmitry.md)
+ * [dnmap-client](../tools/dnmap-client.md)
+ * [dnmap-server](../tools/dnmap-server.md)
+ * [fping](../tools/fping.md)
+ * [hping3](../tools/hping3.md)
+ * [inverse_lookup6](../tools/inverse_lookup6.md)
+ * [miranda](../tools/miranda.md)
+ * [ncat](../tools/ncat.md)
+ * [netdiscover](../tools/netdiscover.md)
+ * [nmap](../tools/nmap.md)
+ * [passive_discovery6](../tools/passive_discovery6.md)
+ * [thcping6](../tools/tchping6.md)
+ * [wol-e](../tools/wol-e.md)
+ * [xprobe2](../tools/xprobe2.md) 
+
+Network Scanners
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+OS Fingerprinting
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+OSINT Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+Route Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+Service Fingerprinting
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+SMB Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+SMTP Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+SNMP Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+SSL Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+Telephony Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+Traffic Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+VoIP Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
+
+VPN Analysis
+------------
+
+ * [first]()
+ * [second]()
+ * [third]()
 
->dnsdict6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
->
->Syntax: dnsdict6 [-d46] [-s|-m|-l|-x] [-t THREADS] [-D] domain [dictionary-file]
->
->Enumerates a domain for DNS entries, it uses a dictionary file if supplied
->or a built-in list otherwise. This tool is based on dnsmap by gnucitizen.org.
->
->Options:
-> -4      also dump IPv4 addresses
-> -t NO   specify the number of threads to use (default: 8, max: 32).
-> -D      dump the selected built-in wordlist, no scanning.
-> -d      display IPv6 information on NS and MX DNS domain information.
-> -S      perform SRV service name guessing
-> -[smlx] choose the dictionary size by -s(mall=50), -m(edium=796) (DEFAULT)
-> -l(arge=1416), or -x(treme=3211)
 
 ### dnsenum
 
@@ -43,7 +162,7 @@ DNS Analysis
 ### zenmap
 
 IDS/IPS Identification
-----------------------
+
 
 ### fragroute
 
@@ -56,7 +175,7 @@ IDS/IPS Identification
 ### wafw00f
 
 Live Host Identification
-------------------------
+
 
 ### alive6
 
@@ -100,7 +219,7 @@ Live Host Identification
 ### zenmap
 
 Network Scanners
-----------------
+
 
 ### dmitry
 
@@ -116,7 +235,7 @@ Network Scanners
 ### zenmap
 
 OS Fingerprinting
------------------
+
 
 ### dnmap-client
 
@@ -130,7 +249,7 @@ OS Fingerprinting
 ### zenmap
 
 OSINT Analysis
---------------
+
 
 ### casefile
 
@@ -149,7 +268,7 @@ OSINT Analysis
 ### urlcrazy
 
 Route Analysis
---------------
+
 
 ### 0trace
 
@@ -164,7 +283,7 @@ Route Analysis
 ### trace6
 
 Service Fingerprinting
-----------------------
+
 
 ### dnmap-client
 
@@ -188,7 +307,7 @@ Service Fingerprinting
 ### zenmap
 
 SMB Analysis
-------------
+
 
 ### acccheck
 
@@ -200,7 +319,7 @@ SMB Analysis
 ### zenmap
 
 SMTP Analysis
--------------
+
 
 ### nmap
 [include](infogathering/nmap.md)
@@ -212,7 +331,7 @@ SMTP Analysis
 ### zenmap
 
 SNMP Analysis
--------------
+
 
 ### braa
 
@@ -234,7 +353,7 @@ SNMP Analysis
 ### zenmap
 
 SSL Analysis
-------------
+
 
 ### sslcaudit
 
@@ -259,12 +378,12 @@ SSL Analysis
 ### tlssled
 
 Telephony Analysis
-------------------
+
 
 ### ace
 
 Traffic Analysis
-----------------
+
 
 ### 0trace
 
@@ -285,13 +404,13 @@ Traffic Analysis
 ### wireshark
 
 VoIP Analysis
--------------
+
 
 ### ace
 
 ### enumiax
 
 VPN Analysis
-------------
+
 
 ### ike-scan

infogathering/nmap.md

@@ -1 +0,0 @@
-This is a test include for nmap

tools/_template.md

@@ -0,0 +1,13 @@
+# Template Tool
+
+Notes
+-------
+
+Help Text
+-------
+
+Example Usage
+-------
+
+Links
+-------

tools/dnsdict6.md

@@ -0,0 +1,55 @@
+# dnsdict6
+
+Notes
+-------
+
+Has a pretty good built in list. But the SRV service enumeration doesn't seem to do anything. Ran it against att.com and all I got was:
+```
+dnsdict6 -t 32 -S att.com
+Starting DNS enumeration work on att.com. ...
+Starting SRV service enumeration
+Estimated time to completion: 1 to 4 minutes
+Found 582 services with 1164 entries altogether
+```
+Then it started brute forcing as it normally would
+
+Help Text
+-------
+```
+dnsdict6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
+
+Syntax: dnsdict6 [-d46] [-s|-m|-l|-x] [-t THREADS] [-D] domain [dictionary-file]
+
+Enumerates a domain for DNS entries, it uses a dictionary file if supplied or a built-in list otherwise. This tool is based on dnsmap by gnucitizen.org.
+
+Options:
+ -4      also dump IPv4 addresses
+ -t NO   specify the number of threads to use (default: 8, max: 32).
+ -D      dump the selected built-in wordlist, no scanning.
+ -d      display IPv6 information on NS and MX DNS domain information.
+ -S      perform SRV service name guessing
+ -[smlx] choose the dictionary size by -s(mall=50), -m(edium=796) (DEFAULT)
+ -l(arge=1416), or -x(treme=3211)
+```
+
+Example Usage
+-------
+```
+root@kali:~# dnsdict6 google.com
+Starting DNS enumeration work on google.com. ...
+Starting enumerating google.com. - creating 8 threads for 798 words...
+Estimated time to completion: 1 to 2 minutes
+www.google.com. => 2607:f8b0:4004:804::1011
+ipv6.google.com. => 2607:f8b0:4004:803::1012
+mail.google.com. => 2607:f8b0:4004:803::1015
+news.google.com. => 2607:f8b0:4004:803::1002
+dns.google.com. => 2607:f8b0:4004:803::1002
+blog.google.com. => 2607:f8b0:400d:c04::bf
+
+```
+
+Links
+-------
+* Source: https://www.thc.org/thc-ipv6/
+* How-To: http://ultimatepeter.com/how-to-hack-using-dnsdict6-to-enumerate-dns-records-ip-ns-mx-subdomains-etc/
+* Video: http://www.youtube.com/watch?v=czJuAshZWho

tools/netdiscover.md

@@ -0,0 +1,139 @@
+# netdiscover  
+
+Notes
+-------
+
+ * Version: 0.3-beta7 [Active/passive arp reconnaissance tool]  
+ * Kali Linux Verison: 1.0.5  
+ * Developers: Jaime Penalba & Alvaro
+
+**Dependency**: libnet 1.1.x & libpcap
+
+**Purpose**: Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless network without dhcp server, when you are wardriving. It can be also used on hub/switched networks.  It can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks. 
+
+Help Text
+----------
+```
+Usage: netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-C]  
+  -i device:  
+	The network interface to sniff and inject packets. If no  interface is specified, first available will be used.
+  -r range:  
+	Scan a given range instead of auto scan. 192.168.6.0/24,/16,/8.  
+  -l file:  
+	Scan the list of ranges contained into the given file, it must contain one range per line.  
+  -p passive mode:  
+	Enable  passive mode. In passive mode, netdiscover does not send anything, but does only sniff.
+  -F filter:  
+	Customize pcap filter expression (default: "arp")  
+  -s time: 
+	Sleep given time in milliseconds between each arp request injection. (default 1) 
+  -n node: 
+	Last ip octet of the source ip used for scanning. You can change it  if  the  default  host is already used. (allowed range: 2 to 253, default 66)  
+  -c count: 
+	Number of times to send each arp request. Useful for networks with packet loss, so it will scan given times for each host.  
+  -f 
+	Enable fast mode scan. This will only scan for .1, .100 and .254 on each network. This mode is usefull while searching for ranges being  used.  After you found such range you can make a specific range scan to find online boxes.  
+  -d 
+	Ignore configuration files at home dir, this will  use  defaults ranges  and ips for autoscan and fast mode. See below for information about configuration files.    
+  -S 
+	Enable sleep time suppression between each request. If set, netdiscover  will  sleep  after having scanned 255 hosts instead of
+sleeping after each one.  This mode was used in netdiscover  0.3 beta4  and  before.  Avoid  this  option in networks with packet loss, or in wireless  networks  with  low  signal  level.  (also called hardcore mode)  
+  -P 
+	Produces output suitable to be redirected  into  a  file  or  be parsed  by  another  program, instead of using interactive mode. Enabling this option, netdiscover will stop after scanning given ranges.   
+  -L 
+	When  using -P, continue program execution after the active scan phase to capture ARP packets passively.    
+
+If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.  
+
+On screen usage keys:  
+
+  h      Show help screen  
+  j      Scroll down (or down arrow)  
+  k      Scroll up (or up arrow)  
+  a      Show arp replys list  
+  r      Show arp requests list  
+  q      Close help screen or end application  
+
+```
+
+Configuration Files
+--------------------
+
+There  are  2  configuration files that netdiscover will look for, each time it is executed, if file doesn't exist it will use  default  values.
+
+You  can use the -d switch to disable reading and loading configuration files.
+
+ * **~/.netdiscover/ranges** - This file contains a list of ranges (one per line) used for auto scan mode instead of default ranges. By default netdiscover will use a list of common ranges used on local networks.
+  * Example:
+```
+192.168.21.0/24
+172.26.0.0/16
+10.0.0.0/8
+```
+
+ * **~/.netdiscover/fastips** - List containing the last octet of the ips to be scanned on each subnet, when using fast mode, by default (1,100,154).
+
+  * Example:
+```
+1
+10
+25
+254
+```
+
+Example Usage
+---------------
+
+Scan a class C network, to see wich hosts are up:
+
+ * `netdiscover -i etho -r 192.168.1.0/24`
+ * `netdiscover i wlan0 -r 10.0.0.1/16`
+
+Auto scan common networks:
+
+ * `netdiscover -i eth1`
+
+Don't send ARP requests, listen only:
+
+ * `netdiscover -i wlan0 -p`
+
+Auto scan in fast mode:
+
+ * `netdiscover -i eth0 -f`
+
+Scan with sleep in-between:
+
+ * `netdiscover -i eth1 -s 30`  
+
+Scan range with count:
+
+ * `netdiscover -r 192.168.1.0/24 -c 50`  
+
+Send output to a file:
+
+Note: netdiscover will stop after scanning given ranges
+
+ * `netdiscover -r 192.168.1.0/24 -P`
+
+Send output to a file and continue scanning:
+
+ * `netdiscover -i eth0 -r 192.168.1.0/24 -L -P`
+
+Scan list of range from a file:
+
+ * `netdiscover -i eth1 -l iprange.txt`  
+
+Filter pcap expression:
+
+Note: looking for system only using telnet
+
+ * `netdiscover -i eth0 -r 10.0.0.1/16 -s 20 -F telnet`  
+
+
+Links
+----------  
+
+* Source: http://sourceforge.net/projects/netdiscover/  
+* Source: http://nixgeneration.com/~jaime/netdiscover/  
+* Video: https://www.youtube.com/watch?v=35BvdXSrfZk  
+* Video: https://www.youtube.com/watch?v=4Ahoj3YafMU

tools/nmap.md

@@ -0,0 +1,13 @@
+# NMap
+
+Notes
+-------
+
+Help Text
+-------
+
+Example Usage
+-------
+
+Links
+-------