CEH tool list

C|EH Tool list

Green = Hands On Labs

Yellow = Important

Red = Optional but important

Chapter 2 Footprinting

• Open source
• Brightly – SamSpade (expires)
• Whois (online)
• Nslookup (built-in)
• ARIN (online)
• Neo Trace (expires)
• VisualRoute Trace
  • VisualLookout
  • eMailTrackerPro
• SmartWhois (dumb) (Expires)
• Google!

http://maps.google.com

Chapter 3 Scanning

• Nmap (window & Linux)
• Nessus

• Retina eEye
• SAINT
• HPING2 (Backtrack 4)
• Firewalk (Backtrack 3-4)
• NIKTO (Linux) Web Scanner (Backtrack 3-4)
• GFI LANGUARD (Backtrack 3-4)
• ISS Security Scanner
• Netcraft
• ipEye, IPSecScan
• NetScan Tools Pro 2003

• SuperScan 2-4

• THC Scan
• Pinger
• Cheops (Backtrack 4)
• SocksChain
• Proxy Servers
• Anonymizers
• Bypassing Firewall using Httptunnel
• HTTPort

Chapter 4 – Enum

• Null Sessions

• countermeasures
• Net use

• DumpSec
• Winfo

• NAT
• SNmp enum
• SNScan
• Snmputil
• Solarwinds (expires)

• Enum

• DNS Zone Transfer
  • Nslookup ls-d

• Sid2User
• User2Sid

• UserInfo
• GetAcct
• DumpReg
• Trout (ping &Tracert)

• Winfingerprint (start menu)

• PSTools
  • PsFile
  • PsLoggedOn
  • PsGetSid
  • PsInfo
  • PsService
  • PsList
  • PsKill and PsSuspend
  • PsLogList
  • PsExec
  • PsShutdown
• Ldp.exe

CH 5 System Hacking

• NTInfoScan
• Legion
• Sniff traffic

• Lophtcrack (expires)
• Pwdump2, pwdump3

• kerbsniff and kerbcrack
• nbtdeputy
• nbname
• john the ripper (backtrack 4)

• syskey

• smbrelay
• SMBGrind
• Smbdie
• getAdmin
• hk.exe
• X

• Alternate Data Streams

• LADS
• MakeStrm.exe (ADS)
• LNS.exe

• Snow
• Outguess

• Stegdetect
• Diskprobe
• AuditPol

• Elsave
• Winzapper

• FU

CH6 Trojans

• Beast

• Phatbot (P2P)
• Amitis
• QAZ

• Back Orifice
• Back Orifice 2000
• Tini
• NetBus
• SubSeven
• Netcat

• Donald Dick
• Let me rule
• RECUB
• fport
• tcpview
• Prcview

• Tripwire

• Sigverif

CH 7 Sniffers

• Ethereal (Wireshark)

• Dsniff (Need Hub environment)
• Sniffit
• Aldebaran

• Hunt (if time exists)

• NGSSniff
• Ntop
• pf
• IPTraf

• Etherape (Unix) / (macof)

• Netfilter (Unix)
• Network Probe
• Maa Tec Network Analyzer
• Snort (IDS)
• Driftnet
• TCPDump / WinDump

CH 7 Tools for Sniffing

• Snort
• Macof, MailSnaraf, URLSnarf, WebSpy
• Windump

• Etherpeek

• Ettercap
• SMAC
• Mac Changer

• Iris
• NetIntercept
• WinDNSSpoof

CH8 Dos

• Jolt2
• Bubonic.c
• Land and LaTierra

• Targa

• Trin00
• Tribe Flow Network (TFN)
• TFN2K

• Stacheldraht
• Shaft
• Trinity
• Knight

• Mstream

• Kaiten

CH 10 Session Hijacking

• Juggernaut
• Hunt
• TTY Watcher (Sun tool)
• IP Watcher

• T-Sight

CH 12 Web app vulnerability

• Instant Source

• Wget

• WebSleuth
• BlackWidow
• WindowBomb
• Burp
• cURL

CH13 Password Cracking

• L0phtCrack
• John The Ripper

• Brutus
• Obiwan
• Authforce
• Hydra
• WebCracker
• Munga Bunga
• PassList
• ReadCookies.html
• SnadBoy
• WinSSLMiM
• RAR
• Gammaprog

• Cain And Abel

CH 14 SQL Injection

• SQLDict (Dictionary Attack)
• SQLScanner.exe
• Osql.exe
• SQLExec (Default SA & Pass)
• SQLbf (Brute Force)
• SQLSmack (Linux)
• SQL2.exe (UDP Buffer Overflow)
• AppDetective
• Database Scanner
• SQLPoke
• NGSSQLCrack , NGSSQuirreL
• SQLPing v2.2

CH15 Wireless

• Redfang 2.5 (Bluetooth)

• Kismet

• THC-WarDrive
• PrismStumbler
• MacStumbler
• Mognet
• WaveStumbler (Linux)
• Stumbverter
• AP Scanner
• SSID Sniff

• Wavemon

• Wireless Security Auditor
• AirTraf
• Wifi Finder
• AirMagnet

Sniffing Tools

• AiroPeek
• NAI Wireless Sniffer

• Ethereal

• VPNmonitorl
• Aerosol v0.65
• vxSniffer
• EtherPEG
• DriftNet

• WinDump  

CEH: OSI model

Hacking and the OSI Model (TCP/IP) 

Layer 7

• URL Obfuscation
• Buffer Overflows
• MITM
• Brute Force
• DNS Poisoning
• DHCP Starvation (application)
• Service Flood Request
• Back Orifice, NetCat, Tini, NetBus, FU, Brutus
• Application Hijacking
• XSS

Commonly Targeted protocols

• HTTP
• POP3
• SMTP
• IMAP
• DNS

Layer 6

• File Type Conversions
• HEX editing

Commonly Targeted Filetypes

• .html
• .doc
• .php
• .xml
• .txt
• .mp3
• .wav

Layer 5

• SMB
• RPC
• NFS
• SQL Injection

Commonly Targeted Protocols

• SQL
• NFS
• RPC

Layer 4

• TCP
  • SRAF UP (Flags)
    • To learn how this works, record a conversation in Wireshark and then play the stream back and watch the flags change from source to destination
  • Syn Flooding with spoofed IP source address
  • Session Hijacking
  • Netstat
• UDP
  • Fraggle
• Tools
  • Hping

Commonly Targeted Protocols

• TCP
• UPD

Layer 3

• IP
• IPSec
  • AH
  • ESP
  • Oakley, ISAKMP, IKE
• Routing Protocols
  • RIP, OSPF, IGRP, BGP, EGP, HRSP
• MITM
• IP Spoofing
• ICMP Flood
• ICMP
  • Smurf Attack – Broadcast address, spoofed source address, large packet
  • Ping Of Death – Large Fragmented packet (>65000)
• Routers
• Some Tools
  • Nmap
  • NetCat
  • Hping

Layer 2

• MAC Flooding
• MAC Spoofing
• MAC Duplicating
• ARP Poisoning
• ARP Spoofing
• Man-In-The-Middle
• Switches / Hubs
• Wan Encapsulations
  • X.25, Frame Relay, HDLC, SDLC, ISDN BRI, ISDN PRI,
• VPN
  • L2f, L2TP, PPTP
• NDIS

Layer 1

• Fiber Optics
• TX/RX
• Cat 5
• WiFi
• Twisted Pair, Coax,