User:Maffblaster/Drafts/Gentoo for hackers
This article showcases technology available for ethical hacking, and related activities, on Gentoo-based systems. If the software package is not available in Gentoo, then it will likely be available via the Pentoo ebuild repository. If it's not available in Pentoo, then I'll probably try to write an ebuild for it...
- Google Advanced Search Operators: The Complete List (44 Advanced Operators)
- See Google Hacking Database (GHDB) at https://www.exploit-db.com/google-hacking-database.
- Fast Google Dorks Scan GitHub
Risk measurement metrics
Measure risk with timers and updates... if a software project has not been updated in N number of days, increase the risk rating. If the software has an existing CVE for the targeted version, increase risk rating. If the image is 'stale', increase risk rating. Be dynamic.
- THC Hydra net-analyzer/hydra
- SpiderFoot - A FOSS OSINT data collection and analysis tool Available via app-forensics/spiderfoot in pentoo.
- Custom Wordlist Generator - A tool written in ruby that collects useful information from a website for later consumption. Available via app-text/cewl in pentoo.
Possible FOSS options include:
- smbeagle GitHub - Not (yet) available within an ebuild repo.
- Recoll Homepage GitWeb app-misc/recoll - Could integrate for scanning accessible SMB shares as an FOSS alternative to something like Copernic Desktop Search. Missing OCR search.
- Xapian Homepage GitWeb - Same as Recoll.
- Metasploit — provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
- EyeWitness - A tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. Useful for creating reports.
- tls-scan - An Internet scale, blazing fast SSL/TLS scanner (non-blocking, event-driven).
- app-forensics/spiderfoot - An OSINT data collection tool and analysis tool written in Python. Available in the Pentoo overlay.
- freq.py - Mark Baggett's freq.py is used to DGA (Domain Generation Algorithm) hostnames often used by malware.
- volatility3 - An open source memory forensics tool written in Python.
- ChitChatter (GitHub)
- BurnerNote (GitHub)
- https://github.com/punk-security/writehat - "A pentest reporting tool written in Python. Free yourself from Microsoft Word."
- https://github.com/punk-security/pwnspoof - A tool that "generates realistic spoofed log files for common web servers with customisable attack scenarios."
- https://github.com/punk-security/dnsReaper - A sub-domain takeover tool.
- CyberChef [GitHub] - A data encoder/decoder utility for transforming encoded data between forms. Most useful for returning encoded data to its natural form. Available via pentoo
Tools that may require Windows
- Get-NetShare PowerShell script Homepage
It would be nice to have these available on Gentoo...