RED Kali Linux – pen testing OS
nmap – recon, scan for ip, services, host and ports
dirb – Scan the web server for directories using a dictionary file
ffluf – Scan the web server for directories using a dictionary file
linpeas – access elevation
pspy64 – process snooping
Searchsploit – if the application or webapp use this to look for exploits
exploit-db – webversion of seachsploit
Metasploit – payload, listener for exploits
MSFvenom
crack the zip folder by using the FCrackZip tool
fcrackzip -v -u -D -p /usr/share/wordlists/rockyou.txt save.zip’
showmount -e <IP address> – showmount tool to check if there are any files that has been shared in the network.
ssh -I id_rsa username@<IP address> – using rsa to remote
zip exploit Run zip with the command “sudo zip 1.zip raj.txt -T –unzip-command=”sh -c /bin/bash”
BLUE Analysis
FLARE VM – windows environment sandbox
REMNUXS – Linux environment sandbox
https://app.any.run/ – analyse malware
https://www.virustotal.com/gui/home/upload – online scanner
https://gchq.github.io/CyberChef/ – hashes
CY - Technical Memory extension 