19.9 C
Thursday, June 13, 2024

Awesome Free Hacking Tool for Red Teams and Pentesters

Lets check out this awesome free hacking tool which can be extremely useful for red teams and pentesters during their penetration testing or red team exercises.

The tool is called HackTools and it is a web extension which includes cheat sheets which you can quickly use during an engagement.

- Advertisement -

The cheat sheets and tools include:

Reverse Shell Generator

Quickly generate, copy and/or encode a reverse shell using bash, zsh, netcat, php, powershell, perl, python and telnet.

Simply enter the target’s IP address and the port you want to use in the fields and you will instantly get the respective commands below:

Useful Linux Commands

Cheat sheet of useful linux commands are included in this tool. SUID commands, system information commands, cron jobs lookup commands, privilege escalation commands, port forwarding commands etc.

Powershell Commands

You will not waste time looking up powershell commands online. HackTools have several commands which can help you enumerate:

  • system
  • active directory
  • group policy
  • password
  • computer
  • admin groups and accounts
  • ACLs

Transfer Methods

Small collection of file transfer command cheat sheet using bash, netcat, python and scp.

Local File Inclusion (LFI) and Useful Files

Commands to check for Local File Inclusion (LFI) vulnerability and a list of useful files to access, in case you actually have a system vulnerable to LFI, so you can gain more information about the systems and perform further exploitation.

Cross Site Scripting Payloads

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Hacktools include payloads for XSS in markdown, SVG, HTML and web applications and more.

SQL Injection Payloads

SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things by tricking the application into sending unexpected SQL commands.

HackTools include SQL injection payloads for database, tables, columns enumeration, error and time based injections and authentication based payloads.

Data Encoding

Easily encode and decode data to make the content of the traffic more difficult to detect.

Obfuscated Files or Information

HackTools help you obfuscate you bash,cmd or powershell scripts.

Obfuscation is the default way to make malicious code unreadable, not only to the human researcher but also to the various antimalware products that can hardly afford themselves the downtime that’s entailed in real time deobfuscation to reveal a payload’s actual intent.

Hash Generator

Generate MD5, SHA1, SHA256, SHA512, SM3 hashes.

MSF Venom Builder

Msfvenom is a standalone payload generator. It is a combination of Msfpayload and Msfencode. It is used to generate and output all of the various types of shellcode that are available in Metasploit.

Enter your desired settings in HackTools and get the MSF Venom command and Launch Console and Load Handler commands.

How to Install

Installation is as simple as installing any other addon on your browser.

Go to https://addons.mozilla.org/en-US/firefox/addon/hacktools/ and add this addon to your firefox web browser:

Click “Add”

You can now access this tool and quickly lookup commands and other cheat sheets while you are engaging in your red team exercise or during your penetration testing engagement.

Website | + posts

Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.


Also Read