Networking

General

• attacksurfacemapper
• yaptest
  • This automates everything

Vuln Scanning

• Nettacker

Port Scan

• nmap
  • NSE script index
  • Libraries: https://nmap.org/nsedoc/lib/
• nmapAutomator
  • Shell script that handles nmap scanning for you
• zmap
  • WARNING: This doesn't work over VPN as of writing due to lack of support in libpcap (source). See burritun for a potential workaround.
• rustscan
• masscan
• udp-proto-scanner
  • Faster than UDP scan w/ nmap

DNS

• zdns
• dnsrecon
• hakrevdns
• quagga (may be dead)
• NSE dns-brute
• MSF auxiliary/gather/enum_dns
• dnsdumpster.com
  • All the DNS enum
• crt.sh
• whois
• Hurricane Electric BGP Toolkit
• networksdb
• ssl transparency report
• robtex
• SecLists
• massdns

References

• (All) DNS Resource Records

Databases

• SQLRecon
  • MSSQL recon/post-exploit toolkit
• tnscmd10g
  • Perl script for enumerating Oracle DB TNS listener
• oscanner
  • Oracle DB enumeration
  • No source...
• odat
  • Oracle DB attacking tool

VoIP

• SIPTools
  • Main toolkit
• viproy
  • Metasploit module
• sipvicious
  • Mainly useful for sipcrack?
• VoIPHopper
  • VLAN hopping
• inviteflood
  • SIP INVITE flood
  • WARNING: Haven't 100% read into this, but may be meant purely for DoS
• SeeYouCM Thief
  • Grab config files from Cisco Unified Call Manager (CUCM)
• iCULeak.py
  • Find/extract creds from phone config files hosted on Cisco Unified Call Manager (CUCM)

References

• Practical VoIP Penetration Testing
• SeeYouCM-Thief: Exploiting Common Misconfigurations in Cisco Phone Systems
• Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)

Wireless

• aioblescan
  • Scan/decode BLE info
• aircrack-ng
  • WiFi auditing suite
• BlueZ
  • Bluetooth stack for Linux
• btsnoop
  • Parse BtSnoop pcap files + encapsulted Bluetooth packets
  • Also, what's this? No source is linked. btsnoop | PyPi

References

• How to Snoop on Bluetooth Devices Using Kali Linux

NAC

• NACKered
• nac_bypass
• macchanger

References

• Bypassing NAC: A Handy How-To Guide

VPN

• vortex
  • VPN enum/exploitation toolkit

Other

TODO: Better categorization. This is just a placeholder since they're all (mostly) related.

• cotopaxi
  • Testing more esoteric protocols
• routopsy
  • Another toolkit for more esoteric protocols
• Netenum
  • Passively discover active hosts by monitoring ARP traffic
• habu
  • Framework for lots of networking shenanigans
  • Just look at the README
• EtherPuppet
  • TCP tunneling via virtual interfaces...?
  • Need to read more
• Chiron
  • IPv6 shenanigans
  • Likely better as a library
• rsh-grind
  • Brute-force rsh
• Some user enum scripts from pentestmonkey:
  • smtp-user-enum
  • ident-user-enum
  • ftp-user-enum
  • finger-user-enum
• TIP: use pftp
  • No clue what this is, but may be handy later
• UDP hole punching
  • NAT traversal technique
• Enumerating Unix RPC Services
  • Because I always forget what I'm even looking at.
• Router Penetration Testing