Category Archives: Tools

Wireshark/tcpdump: Write trace to a ringbuffer file

Hi,

sometimes it is necessary to only dump the network traffic before an event happend. For this cases wirkshark has the command line option for a ringbuffer.

Continue reading Wireshark/tcpdump: Write trace to a ringbuffer file

Advertisment to support michlstechblog.info

Tools & Sites: Tools & Sites overview

This is a list of useful tools and links

Processes

Process Hacker -> Can show Windows firewall matches
Sysinternals Process Monitor
Sysinternals Process Explorer

Network
Sniffing

Ettercap
Wireshark
netsh – netsh trace
Microsoft Message Analyzer
wifite – Recover WiFi credentials
Nzyme – WLAN intrution detection

Get lost login/Credentials/Password

Hydra -> Login-Cracker
Windows Login Unlocker -> Reset account in WinPE
chntpw -> Reset account in WinPE
LaZagne -> – Python open source application used to retrieve lots of passwords
John the Ripper
John the Ripper
zip2john -> extract hash from zip -> Get pass with John the Ripper
DPAPI explained (used for Windows Vault)

Clone OS/Disk Imaging

clonezilla
Rufus – Create USB Bootstick

Recover files

photorec -> recover files
TestDisk -> recover partitions
OSFMount -> Mount images created by dd or ddrescue under Windows

Check webserver

DIRB – Search for well known folders and look for credentials…
WPScan – Check WordPress for known vulnarbiliteies
SQLmap – Check for SQL Injections

Intercept and inspect https traffic

OWAP Zed Attack Proxy (ZAP)
Fiddler
Burp
mitmproxy

Security Tools

metasploit -> Check again vulnarbiliteies
PowerShell Empire
mimikatz -> Extract credentials from Windows
Ghidra -> Reverse engineering
Reko – Decompiler/Reverse engineering
JD – Java Decompiler
Rubeus -> Raw Kerberos interaction
Windows Privilege Escalation – Scripts , etc…
Analyze physical Memory, memory dumps -> Volatility, Redline, Rekall, MemGator
nmap – Port scanner

Post Explotation Frameworks

Covenant
Powersploit

Tool collections

WSCC

Windows 10

Sophia Script -> Disable some Windows 10 functions

Boot Manager

Ventoy – Can boot iso, wim images….

Docker

Trivy – Scans docker images for vulnerabilities

Copy Tools

rcrypt – Copies files to various targets, can also encrypted data (webdav,s3, ….). Available for Windows, Linux..

CAD


Tinkercad
FreeCAD
LibreCAD

Electronic

Kicad – electronic design automation (EDA)
QElectroTech – create electric diagrams. Usefull for drawing electric diagrams for your home

Audio CD ripping/grapping

RipperX – Linux
CDex – Windows Newer Version comes with adware
Fre:ac – Windows

QR codes

Qreator – Generates WLAN, URL QRCodes (Linux)
SimpleCodeGenerator – Nirsoft quickly generate QR Code (Windows)

Multimedia center, Internet radio

Kodi – Media center
Volumio – Raspberry Audio Player
Pi Core Player
moodeaudio – Raspberry Audio Player
BubbleUPnP Server – Chromecast server, UPNP renderer….

Programming

ILSpy – .NET/C# decompiler

Testing

Testing/control Websites  РSelenium

Hypervisor

Harvestor

Performance
DIskperformance

IOMeterSurface that takes some getting used to, old,  but still working.

DiskSpd – Microsoft tool for checking DIsk IO

Networkperformance

iperf – Supports TCP/UDP, differnet packet sizes…