Tool Name

Description Enumeration

Attack Methodology

Syntax Example

1.1.1 Ass 1.1.2 DMitry 1.1.3 DNS-Ptr

ASS, the autonomous system scanner, is designed to find the AS of the router. It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF. In passive mode (./ass -i eth0), it just listens to routing protocol packets (like broadcast and multicast hellos). In active mode (./ass -i eth0 -A), it tries to discover routers by asking for information. This is done to the appropriate address for each protocol (either broadcast or multicast addresses). If you specify a destination address, this will be used but may be not as effective as the defaults. EIGRP scanning is done differently: While scanning, ASS listens for HELLO packets and then scans I'm surprised at how useful this sounds and how much I want to play the AS directly on the router who advertised himself. You can force EIGRP with it. To be able to instantaneously sniff out routing packets can be scanning into the same AS-Scan behavior as IGRP uses by giving a used to quickly identify network endpoints and map potential hosts for destination or into multicast scanning by the option -M. For Active mode, DNS or ARP spoofing. Especially useful when the default gateways you can select the protocols you want to scan for. If you don't select them, all do not have typical addresses ( or or when are scanned. they're not responding to ICMP ping requests.

./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12] -a <autonomous system start> -b <autonomous system stop> [-S <spoofed source IP>] [-D <destination ip>] [-T <packets per delay>] Passive Mode: ./ass -I eth0 (listens to routing protocol packets) Active Mode: ./ass -i eth0 -A (tries to discover routers by asking for info)

1.1.4 dnswalk

A DNS Debugger that performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency. Requires Per and the NET:DNS Perl Package KW(zone transfer)

Zone Transfers are used to transfer the DNS cache from a DNS server that has Zone Transfers enabled.

1.1.5 dns-bruteforce

Useful to identify "hidden" hosts on a domain. This can lead to more Used to make a brute force on name resolution domains. This tool resolved machines that were originally planned by the administrators to remain <domain> <list of name servers> <hostfile> possible machine names from the supplied file on the specified domain. hidden by staying "unpublished". servers.lst hosts-txt

DNS enummeration is important for mapping networks and identifying potentially vulnerable hosts on a network or within a domain Currently dnsenum can perform: 1) Get the host's addresse (A record). 2) Get the namservers (threaded). 3) Get the MX record (threaded). 4) Perform axfr queries on nameservers (threaded). 5) Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain"). 6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded). 7) Calculate C class domain network ranges and perform whois queries on them (threaded). 8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded). 9) Write to domain_ips.txt file ip-blocks.

1.1.6 dnsenum 1.1.9 Finger Google

Multithreaded Perl script to enumerate DNS information on a doman and to discover non-contiguous IP blocks

see man or help file associated with tool ./ localhost -f dns.txt

1.1.10 Firewalk

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response. host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options. name is the domain name that is to be looked up. It can also be a dotteddecimal IPv4 address or a colon-delimited IPv6 address, in which case host will by default perform a reverse lookup for that address. server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf.

Firewalk (or its methodology because BT4 doesn’t have it) should be used when first testing a router or firewall to analyze the ports it will allow and on what protocol. Some of the common protocols should be tested first. Using this methodology, its also important to either know or established a trusted host in which to spoof to gain more credibility firewalk [-dhinprSsTtvx] target_gateway metric within the firewall.

1.1.15 Host

host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-4] [-6] [ -s ] {name} [server]

23 SMTP-Vrfy 1. EIGRP scanning is done differently: While scanning. A lot of network administrators keep ICMP available for troubleshooting purposes and it's barely ever turned off. nikto.1. the autonomous system scanner. If you don't select them./ass -i eth0).2./ass -i eth0 -A (tries to discover routers by asking for info) . Relay Scanner 1. This is done to the appropriate address for each protocol (either broadcast or multicast addresses) Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a precursor to nmap. DNS or ARP spoofing. by identifying a trust that is allowed to pass through a firewall TCtrace is like itrace a traceroute(1) brother ./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12] -a <autonomous system start> -b <autonomous system stop> [-S <spoofed source IP>] [-D <destination ip>] [-T <packets per delay>] Passive Mode: .1 or 192. For Active mode. Again.222.2. Some protocols have vulnerabilies built in. is designed to find the AS of the router. a an IP and Netmask.3 -v running on the host. and choose the appropriate protcol automatically.99_R1 ASS. Because it uses DNS primarily you will often find misconfigured networks that leak internal address space. holes to poke through. Especially useful when the default gateways you can select the protocols you want to scan for. To be able to instantaneously sniff out routing packets can be scanning into the same AS-Scan behavior as IGRP uses by giving a used to quickly identify network endpoints and map potential hosts for destination or into multicast scanning by the option -M.24 TCtrace Just as useful as itrace. Normal output for a Windows host looks like this: 10. etc. You can force EIGRP with it.1 Amap 5./netenum 10.16 Itrace itrace is a traceroute program that traces through networks to find network paths using ICMP Echo Request Packets instead of ICMP The security benefit here is the attack is under the disguise of the ICMP protocol which is generally considered safe. nessus.20.1. In passive mode (.pl -dns example. This makes it possible for you to trace through firewalls if you know very useful when enumerating inside of a firewall or looking for firewall one TCP service that is allowed to pass from the outside.example.11 -a cisco -g 1 -I eth0 used in scripts. it tries to discover routers by asking for information. it just listens to routing protocol packets (like broadcast and multicast hellos). RIPv2. ASS listens for HELLO packets and then scans I'm surprised at how useful this sounds and how much I want to play the AS directly on the router who advertised himself. since all of those require that you already know what IP space you are looking for. but using another crafty covert method. Ultimately this gives you a precursor at to what attacks you might want to perform based on what and what's not .1 may be running (did not negate): ICMP IPenc TCP IGP UDP GRE SWIPE MOBILE SUN-ND EIGRP IPIP This allows you to see what protocols are running on a -search corpcompany.2.4 may be running (did not negate): ICMP IGMP TCP UDP While a cisco router supports more: 10. it just prints an IP address per line.168. this will be used but may be not as effective as the defaults.4/16 1. If you specify a destination address. That's especially useful in targeted malware.blahcompany perl fierce.254) or when are scanned. HSRP and OSPF. .com -wordlist dictionary.11/23' with CIDR notation.20 Protos 1. but it's simple./tctrace -i eth0 -d www.2. In active mode (. I'll be using this program to buff up on my CIDR notation . It's not as powerful as other ping-sweep tools. the program will try to resolve the name given. When giving a -range -dns examplecompany. RIPv1.168. .1. all do not have typical addresses (192. it uses ICMP echo request to find available hosts.1. ./netmask -d destination for sure. This can be used to do quickly produce lists of IP addresses for a specified range. Can use version IPv4 or IPv6 for tracerouting.1.17 Netenum netenum can be used to produce lists of hosts for other programs. EIGRP./hsrp -d ${i} -v172. done This is valuable for interpreting CIDR notation because it allows you to visually see the mask that gets applied to the IP address to compute the routing.but it uses TCP SYN packets you can spoof a service or packet to get to a destination -dns examplecompany. This is to trace. they're not responding to ICMP ping requests.1.3 Network Mapping 1. perl fierce.1.1./ass -i eth0 -A). It is meant specifically to locate likely targets both inside and outside a corporate network.1.phenoelit.18 Netmask 1.txt perl fierce. IGRP.txt Fierce v1./protos -i eth0 -d 10.1. and an IP for I in 'netenum 192. Protos is a IP protocol scanner.1.1. By default. This can either narrow your search for a vulnerability or increase the possibility of finding one.0.19 Pirana Netmask simply displays all the values of a netmask based on the input. IP packets sent through a firewall with a spoofed address of a known trust would be able to traverse the network using just the ICMP protocol thus rendering the firewall useless in network mapping and enummeration attempts.1./ass -I eth0 (listens to routing protocol packets) Active Mode: . 1./netmask -d 192. This script produces a list of IP addresses in a given range. It supports the following protocols: IRDP.2 Ass 1.1. unicornscan.0-255 -dnsserver ns1. It also takes hostnames. This does not perform exploitation and does not scan the whole internet indiscriminately. .2. so you can use them in shell scripts.3 Autoscan 0.2 1. traceroute will use -connect headers.333.1. If resolving a hostname returns both IPv4 and IPv6 addresses. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.0. If you don't supply a timeout. and this also allows you to see the type of communication that might be traversing the wire. perl fierce. and to be .3/25 1. It can HSRP attack: take the network range as a single IP.

. Discover and fingerprint IKE hosts (Ipsec. The target machines must either: connect to the network either spontaneously or in an induced manner (trying to establish an ftp data stream. only it can be used in scripts and loops. No seriously… Really? I'm not even kidding… really? C'mon Protos is a IP protocol scanner.4. nmap has a 1001 and one uses.168. Nmap does everything from network scanning to OS identification. performing authentication lookup.2. netdiscover -r (range) 1. Traceroute-like under different protocols. or all the words in the dictionary have been tried.10 NmapFE A virtual swiss army knife. packet size. In the default mode.4 may be running (did not negate): ICMP IGMP TCP UDP While a cisco router supports more: 10. Low-level packet manipulation allows for crafty hacks and command line quips for automation.2.1 may be running (did not negate): ICMP IPenc TCP IGP UDP GRE SWIPE MOBILE SUN-ND EIGRP IPIP This allows you to see what protocols are running on a device. using auto-scan mode.2./protos -i eth0 -d 10.1. Path MTU discovery Transferring files between even really fascist firewall rules. VPN Servers) by sending IKE Phase-1 requests to the specified hosts and displays any responses received Useful in identifying network entry points. Normal output for a Windows host looks like this: 10.168. fping also supports sending a specified number of pings to a target.1.2.8 Netdiscover An active / passive arp reconnaissance tool.3 -v 1.1.66 1.fping is a like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding. hping2 is a network tool able to send custom TCP/IP packets and to display TCP/IP stack auditing.2. TCP/IP packet to determine the operating system and other configuration external html mail image reference. It can also be used on switched networks. See documentation for more syntax information. target replies like ping program does with ICMP replies.5 Hping Test firewall rules Advanced port scanning Test net performance using different protocols. using IRC DCC. and this also allows you to see the type of communication that might be traversing the wire. .1. etc.2.2. mainly developed to gain information about wireless networks without dhcp servers in wardriving scenarios. Some protocols have vulnerabilies built in. Fping works just like regular ping be easy to parse. psk-crack tries all possible psk-crack attempts to crack IKE Aggressive Mode pre-shared keys that have combinations of a specified character set up to a given length. Good shit.2.) or be contacted by some properties of a remote host.2.4 Fping Its always a good idea to have a program that allows for multiple Unlike ping . it is noted and removed from the list of targets to check. or specify a file containing the lists of targets to ping. This can either narrow your search for a vulnerability or increase the possibility of finding one.1.11 P0f Generates absolutely no suspicious network traffic. been previously gathered using ike-scan with the --pskcrack option Really?.1. fping is meant to be used in scripts. retrurning Versitile passive OS fingerprinting tool based on analyzing the structure of a a bounced mail.2.7 IKEProbe See Documentation for more sytax information 1.2. it can passively detect online hosts or seach for them by sending Best used to inspect a network's ARP traffic.14 Protos .13 Ping 1) Dictionary cracking mode: this is the default mode in which pskcrack tries each candidate word from the dictionary file in turn until it finds a match.168. 1. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.2. 1. identifying the specific IKE implementation.2.4 192. transfer files encapsulated under supported protocols. 2) Brute-force cracking mode: in this mode. so its output is designed to inputs and easy output for parsing. browsing) see documentation 1. which will scan for common local networks. if a target does not respond within a certain time limit and/or retry limit it is designated as unreachable.12 PSK-Crack 1.5 192.1... arbitrary packets body and size and can be used in order to Its a good idea to learn TCP/IP inside and out to be able to take See documentation for more information. fping 192. Firewalk-like usage.9 Nmap 1.1/24 [monitors arp packets on the given range] See man page for more granular specification and syntax 1.2. Built on top of libnet and libcap. hping2 handle fragmentation. Fyodor's Nmap network scanning is a great resource. Instead of sending to one target until it times out or replies. The process is compeltely passive and does entity on your network using some standard means (such as web not generate any suspcious network traffic. 1. The command line network mapping utility no security professional should be without. TOS (type of service) and fragmentation. if a target replies. fping differs from ping in that you can specify any number of targets on the command line. fping will send out a ping packet and move on to the next target in a round-robin fashion. Ultimately this gives you a precursor at to what attacks you might want to perform based on what and what's not running on the host. or looping indefinitely (as in ping ). or find addresses with arp requests.6 IKE-Scan 1. complete advantage of this tool. Remote OS fingerprinting.

Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability [8] . self-explanitory unicornscan -msf -s 1.Cisco 675 Web Administration Denial of Service Vulnerability [7] .0 Encoding IDS Bypass Vulnerability (UTF) has probably patched all of the vulnerabilities this script can exploit.3.3 Genlist Program for running nmap scans and storing the results in a PBNJ 2.Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability [6] .8 Cisco Torch 1. IOS devices. Looks interesting… experimentation will ensue. but it's [14] .19 UnicornScan pgsql 0. Looks interesting… experimentation will ensue.Cisco Catalyst Memory Leak Vulnerability [12] . and it allows for continuity when using previous scans that might have been performed.1.0 database Genlist returns a list of hosts by sending out ping probes. PBNJ uses Nmap to perform scans. It does this by checking for changes on the target machine(s). Modules 1 and 2 whichj are reachability tests will be disabled.3.4. [1] . ntp. It works by profiling response pages as true or false from known IOS HTTP Configuration Arbitrary Administrative Access Vulnerability [5] . and snmp services. which it most likely is. and it allows for continuity when using previous scans that might have been performed. advanced use of this program allows scriptable html parsing and output. Cisco [13] . and it allows for continuity when using previous scans that might have been performed.4 Cisco Auditing Tool 1. bruteforcing. then moves on to identify unknowns as true or false.2. I wonder if the PBNJ database is a flat file. tftp.9 Curl See documentation .3 0r 340 -Iv -epgsqldb www. which includes the details about the services running on them as well as the service state.1. and snmp services. multiple matches simultaneously.1 Absinthe Logical blind SQL inject attacks 1. Apart of the PBNJ 2.2. it's easily extendable.3. Vulnerability Identification GUI based tool designed to automate the process of blind SQL injection.04 1. scanning multiple hosts.2.3. Looks interesting… experimentation w 1. ntp.0 suite of tools to monitor changes on a network. TCP/UDP Fuzzer Useful for password guessing. Because it uses nmap for scanning.2 Bed 1.03 Asynchronous network stimulus delivery / response recoring tool Automated unicornscan startup script Active operating system fingerprinting tool with a different approach to operating system fingerprinting.20 XProbe2 One of the many OS fingerprinting tools out there Because it uses nmap for scanning.3 Launches an OS fingerprinting attempt targeting 1.33 at a rate of 340 packets per second. I wonder if the PBNJ database is a flat file.3.21.5 Cisco Enable Bruteforcer Auditor for cisco network devices (IOS devices) Bruteforce tool that attempts unbridaled access to an IOS device 1. Bruteforce Attack Tool for Cisco Devices enabler <ip> [-u user] <pass> <passlist> [port] 1.Cisco IOS Router Denial of Service Vulnerability [3] .21. tftp.php 1. but bombarding the server with random strings of varying Basically a remote exploit fuzzer with no real logic behind it's "user" length.6e module version 1.2. Relying on fuzzy signature matching. it's easily extendable. 1. see man file or instructions Scans a network range for Cisco IOS devices Scans for cisco devices on a network range.Cisco IOS Software HTTP Request Denial of Service Vulnerability [9] .7 Cisco Scanner Exploits the IOS authentication protocol for IOS devices.Cisco 514 UDP Flood Denial of Service Vulnerability [10] .21 PBNJ 2. GUI application --.0x90. I wonder if the PBNJ database is a flat file.Cisco IOS HTTP Auth Vulnerability [4] . it's easily extendable.1.21.1. which it most likely is.2 ScanPBNJ 1. which it most likely is.3.domain.1.Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability Script that targets vulnerabilities in IOS devices and catalyst products. Output will be verbose.1 OutputPBNJ Program for querying an existing PBNJ database 1.CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability [11] . Results will be displayed as they are found -I and the ouput will be verbose -v TBD xprobe2 -v -D 1 -D2 dictionary attacks.6 Cisco Global Exploiter 1.Cisco IOS HTTP Denial of Service Vulnerability good for practice. PBNJ parses the data from a scan and stores it in a database. http source dump utility that allows specified tag filtering on the command line A mass scanning application layer fingerprinting and exploitation tool to discover and attack remote Cisco hosts running telnet. Even has a quiet mode attribute. This list can be used to perfom a scan of machines using PBNJ or genlist [input type] [general options] nmap.18 UnicornScan 1. and a signature database PBNJ is a suite of tools to monitor changes on a network over time.1. ssh.3 CIRT Fuzzer Bruteforce Exploit Detector (BED) is a suite of scripts that automatically tests implementations of different protocols for buffer-overflows and format string vulnerabilities. web. web. probabilsitic guesses. supplied data.2.1.see documentation or: http://www.tld/21:80 runs in connect mode with an apparent source address of 1.1. Because it uses nmap for scanning.3.Cisco 677/678 Telnet Buffer Overflow Vulnerability [2] . so probes will be sent even if target is down. ssh. ciscos <ip> <class> [option] A mass scanning application layer fingerprinting and exploitation tool to discover and attack remote Cisco hosts running telnet.2.3. Useful for scraping pages of specific content 1.2.

3. GFI LANguard N.3. GFI LANguard Network Security Scanner ( -h <host> -l <file> /pentest/web/put. see documentation or http://peachfuzz.16 Httprint GUI 1.3. httprint is a graphical web server fingerprinting tool.12 GetSids 1. Includes an OpenSSL vulnerability scanner scans for a remote exploit for the KEY_ARG OpenSSL vulnerability scanner and a detailed vulnerability a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform.33 Paros Proxy 1.30 OAT 1. It can be used to read SNMP MIB files as well as simple ASN.S. Metacoretex 1.0 1.26 Mezcal HTTP/S 1. Uses http based signature strings to identify targeted web servers. when searching for buffer overflows.3.3.31 Onesixtyone 1.3. such as: wireless aps. It relies on web server characteristics to accurately identify web servers.3.11 GFI LanGuard 2. based on pre-defined patterns.25 Metoscan 1. For example.20 Lynx allows for the identification of certain classess of security vulnerabilities. a tester can simply generate data of various sizes and send it to one of the application entry points to observe how the application handles it.asp -f cmdasp.) checks your network for all potential methods that a hacker might use to attack it.3.15 Httprint 1.3.14 Halberd Usage: /pentest/web/put. Mibble is an open-source SNMP MIB parser (or SMI parser) written in Java.3. routers.18 Jbrofuzz 1. identifies possible security holes.6d and older Only Linux/x86 targets are supported.3. It works testing a URL and checking the responses for the different probes.S.23 Merge Router Config scanner is an extremely modular plugin based security scanner written entirely in JAVA to allow the use of JDBC Type IV drivers when scanning databases Metoscan is a tiny tool for scanning the HTTP methods supported by a web server. By analyzing the operating system and the applications running on your network.35 RPCDump .28 Mistress see man page or http://net-square. Java developed web proxy Python based cross-platform application fuzzer very versitile fuzzer RPCDUMP is a program which provides console access to the RPC APIs in Windows. It is recommended that the project site be visited for further documentation and use cases.3.29 Nikto 1.10 Fuzzer 1.1. Mezcal is an HTTP/HTTPS bruteforcing tool allowing the crafting of requests and insertion of dynamic variables on-the-fly. Mistress in an 'Application Sadism Environment' and can also be called a fuzzer.sourceforge.3.9. It relies on web server characteristics to accurately identify web servers.32 OpenSSL-Scanner 1. Gives a remote nobody shell on Apache and remote root on other servers.2 What this tool does: "Fuzzing" is an automated software testing technique that generates and submits random or sequential data to various areas of an application in an attempt to uncover security vulnerabilities.3. cable modems. network protocol in question consume the data. Retieves the Form data from a web page see man page or http://net-square.asp Halberd discovers HTTP load balancers. by means of creating malformed data and having the JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration 1.3. Form data is useful for identifying xss vulnerabilities and performing MITM attacks 1. It is useful for web application security auditing and for load balancer configuration testing. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items OAT (Oracle Auditing Tools) .27 Mibble MIB Browser 1. SNMP Scanner Tested against most major Linux distributions. overflow in OpenSSL 0.19 List-Urls 1.htm 1.3. It is written in Python and was created for probing file formats on the fly and protocols with malformed data.3.3.S.1 files.13 HTTP PUT 1.17 ISR-Form httprint is a web server fingerprinting tool. useful for scraping webpages and websource of embedded links text based web browser useful for non-taxing web functionality 1.34 Peach 1.3. Alerts you to weaknesses before a hacker can find them Getsids tries to enumerate Oracle Sids by sending the services command to the Oracle TNS listener See documentation 1. Useful for web application security auditing and for load balancer configuration testing Can be used to detect web enabled devices which do not have a server banner string.S. parse out urls from a webpage and list them on -h target -r /cmdasp.

53 Spike see http://www.55 SuperScan 1.e. resolver.39 SMB Serverscan Absolutely necessary when testing or infiltrating a primarily windows based network Absolutely necessary when testing or infiltrating a primarily windows based network 1.57 Taof Taof is a GUI cross-platform Python generic network protocol fuzzer See man pages 1.3. Enumerates information about databases.56 TNScmd Used to communicate with Oracle's TNS listener protocol. Session IDs are commonly used to track authenticated users. Powerful TCP port scanner.3. injecting payloads to see if a script is vulnerable. 1200 logins/sec on Windows 2000 because of the timeout bug.3.shtml 1. • getmail : module that search on internet for mail adress see documentation or: http://www. NT. pinger.3. • vhh : We use search engine that return host that are on an IP (Virtual Host hacking) • Findsubdomains : module that returns subdomains of a domains. users. • Getdirectories : look on search engine for directories that are on a host (no connection to the host). The TNS listener (aka tnslsnr) is the network interface between a database client and the database server. • subnet : look for IP that have the same tech contact. SuperScan is a powerful connect-based TCP port scanner.3. looking for scripts and forms where it can inject data. Perl written script to enumerate information on machines running SNMP Linux based network protocol analysis tool.immunitysec.3.3.46 SQL Scanner 1.1.36 RevHosts 1. respectively. Once it gets this list. it does not study the source code of the application but will scans the webpages of the deployed webapp. .3. It is capable of enumerating shares and make break-in attempts using a (user-provided) list Absolutely necessary when testing or infiltrating a primarily windows of users and Very loud and will easily get identified by most IDS systems Smb4K is a SMB/CIFS share browser for KDE. based network Absolutely necessary when testing or infiltrating a primarily windows Netbios Auditing Tool to dump users of remote windows hosts based network Netbios Auditing Tool to retrieve serverside information about a windows Absolutely necessary when testing or infiltrating a primarily windows host based network 1. whenever they’re predictable or simply vulnerable to brute-force attacks. and as such. nmap-services lists these as ncube-lm and rds2. and error based exploit on Oracle.37 SMB Bruteforcer Python based tool to accelerate Passive Information Gathering A SMB bruteforcer which tries approx. 1. pinger and hostname .3. Scans for machines running Samba servers.3. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.61 sqlanlz see man pages or http://.50 Smb4K 1. tnslsnr listens on port 1521/tcp.3.41 SMBdumpusers 1. i. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented Useful for legacy machine penetration attempts 1.44 SNMP Walk 1. It use multithread (1 thread for each dns server) and made dns resolution of hostnames of a domain.42 SMBgetserverinfo 1. extended stored procedures etc.47 SQLLibf Netbios Auditing Tool This tool can perform various security checks on remote servers running NetBIOS file sharing services.3. we do have a problem. 1.3. A LanManager-like simple client for Unix The Samba software suite is a collection of programs that implements the SMB protocol for unix systems.48 SQLbrute SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities.60 Yersinia 1. Wapiti acts like a fuzzer.3.45 SQL Inject 1. but the DBA can change this (I've seen listeners on port 1541/tcp as well. It performs "black-box" scans. 1.40 SMB-NAT 1. OS/2 and DOS clients.59 Wapiti Wapiti allows you to audit the security of your web applications. • Dnsbruteforce : dnsbruteforce is now a module of revhosts.3.3.54 Stompy A free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. The tool has already revealed several problems in proprietary software platforms such as BEA WebLogic and Sun Java System Web Server (both have problems with their JSESSIONIDs).yersinia.52 Snmp Enum 1. Multithreaded and asynchronous techniques make this program extremely fast and versatile.revhosts. outputting into an HTML report.) fwiw.38 SMB Client 1. 1. allowing you to serve files and printers to Windows. . Yersinia is a network tool designed to take advantage of some weakeness in different network protocols.3. It supports time based and error based exploit types on Microsoft SQL Server. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood.

15 Hydra Password cracker Uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. msgsnarf. Quick offline password cracker The tool supports both session.5. Tested against most major Linux distributions.6 Milw0rm Archive 1.5.5 Init Pgsql (autopwn) 1. rsh.18 ICMPush 1.25 Medusa 1.23 Lodowep 1.). and a generic wrapper module. Dump all user accounts from the MS SQL Server. SSHv2. useful for obtaining PoC code Metasploit command line interface The msfconsole interactive command-line interface provides a command set that allows the user to manipulate the framework environment. due to layer-2 switching). testing and Don’t leave home without it using exploit code Metasploit utility to update Metasploit using SVN Metasploit command line interface Quickest interface to use Metasploit interactive webserver and interface Cycles through every potentail metasploit exploit in attempts to Metasploit autopown engine successfully compromise the host An archive of exploitable code from Passively monitors a network for interesting data being sent across the network.g.11 OpenSSL-To-Open 1. Useful for sniffing out Mailsnarf Passively monitor a network for interesting data being sent across pop and smtp protocols.4.5. IMAP. Msgsnarf shall capture messages on a network/interface.3 Framework3-Msfcli 1. etc. Framework3-MsfC 1.5.14 Httpcapture dsniff is a collection of tools for network auditing and penetration testing. e-mail. 1. rlogin. EtherApe is a graphical network monitor for Unix modeled after etherman A powerful and flexible tool for man-in-the-middle attacks.3. Very useful in semi-blind recon of a network a network/interface range. dnsspoof. SMB.4 Framework3-Msfweb 1. Password cracker Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system. mailsnarf. can from TCP streams it observes. Gives a remote nobody shell on Apache and remote root on other servers.26 Msgsnarf Medusa is a speedy. filesnarf. and macof facilitate the interception of network traffic normally unavailable to an attacker (e. HTTP. a user can run reconnaissance tools without having to leave the console Uses SVN to update Metasploit code and exploits.1. POP3.5.17 ICMP Redirect 1.8 MsfConsole 1. SVN.20 IRDP Responder 1. 1. and their communication see documentation links. useful for visually identifying hosts a network.5. MySQL. SNMP.2 Framework3-MsfUpdate 1. Attempts to upload files to a MS SQL Server. openssl-too-open is a remote exploit for the KEY_ARG overflow in OpenSSL 0. massively parallel.5. and webspy passively monitor a network for interesting data (passwords. It runs 20 simultaneous connection guessing passwords specified in a dictionaryfile against the supplied userfile see documenation see documenation 1. Interactive query tool.64 sqlquery 1. in this way. Unrecognized commands are passed to the underlying operating system.4.62 sqldict 1.19 IGRP Spoofer 1. PcAnywhere. modular. login brute-forcer for network services. 1.12 HSRP Spoofer 1.9 MsfUpdate 1.5.13 Hash Collision IRDP Spoofer 1.5. NCP (NetWare).8 Dsniff 1. Sends out periodic updates.4.and basic-authentication. Uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. sshmitm and webmitm implement active monkey-in-themiddle attacks against redirected SSH and HTTPS sessions by see documentation exploiting weak bindings in ad-hoc PKI.10 EtterCap 1.5.milw0rm. created by the geeks at Foofus.4. arpspoof.5. also be used to hijack social networking pages/profiles dsniff. MS-SQL.4. PostgreSQL.6d and older.63 sqldumplogins 1. and ultimately deploy the 1.16 Hydra GTK 1. 1.4.22 John Front end GUI to the command line Hyrdra application Sniffer. It currently has modules for the following services: CVS. which listens to IRDP requests (solicitation) and answers. rexec.7 MsfCli Penetration Metasploit framework is an open-source platform for developing.7 Driftnet Privilege Escalation Driftnet is a program which listens to network traffic and picks out images useful for sniffing out image files of other users on the network. Includes an OpenSSL vulnerability scanner and a detailed vulnerability analysis.9. set exploit options.4. urlsnarf.3. SMTP (VRFY). FTP. . It can filter traffic to be shown in realtime.24 Mailsnarf Passively monitoring email traffic on a network.4.4. VmAuthd.5. http://www.65 sqlupload Carries out a dictionary based attack on the user(s) specified. files.3. Only Linux/x86 targets are supported.5.3.5. Telnet.5.5.9 Etherape 1.

5. tcpick -I eth0 -C -bCU -T1 "port 25" hexdump + ascii. jpeg. Additional.40 TcPick 1. Don’t leave home without see documentation or it.5.35 SIPdump 1. It can display all the stream on the terminal. It also sniffs the VNC challenge/response handshake.5.5.45 Wireshark Wifi 1.5. LDAP. to crack a password file offline Best free graphical traffic analyzer there is.somehost.46 WyD Wireshark with Wifi Injection Patch allows the user to select a packet opened with wireshark and edit it and reinject throught LORCON injection library. Telnet. ppt.28 NetSed 1. RIP. 1.5. ntop users can use a a web browser (e. doc. blinds to port 21 SOCKS 4/5 proxy.txt [options] to crack an online host Brute force the hell out of a server. binds to port 3128 FTP proxy server.31 Ntop A network traffic probe that shows the network usage PHoss is a sniffer designed to find HTTP.1 3proxy proxy ftppr socks pop3p tcppm udppm Combined proxy server. mp3. 0 TCP port mapping.37 Sing 1.36 SMB Sniffer SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a When snatching voice traffic off the network these two tools have no wordlist or standard input.33 PackETH 1. 1. only printable charachters.43 WebCrack 1.5. In the latter case.1.44 Wireshark An extremely loud brute force tool to be used on servers or password files (passwd) GUI based network traffic analyzer 1. DNS. substitute.txt 1. odp/ods/odp and extracting raw strings. IP.5. when the connection is closed in different display modes like hexdump.30 Netmask .38 TFTP-Brute 1. 1.g. blinds to port 110. packETH is a Linux GUI packet generator tool for ethernet. ICMP packets fully customized from command line. set someuser@host. by default every hundredth of a second.vnc/passwd VNCrack and it does this simple fixed key decryption for you. you may pass a Registry key with the encrypted password or the UNIX password file to vncrack 0C /home/some/user/.org 1. rcrack *. which "grab" the keyboard to shut off events being sent out. or identification spoof from the attacker useful for exploiting a trust relationship after an interface.5.5.5. or identification spoof from the attacker In username configuration for your email reader.42 VNCrack 1.32 PHoss 1. HTTP proxy server.39 THC PPTP A fully programmable ping replacement see documenation for ping enhancements via proxy . and so it is useful to sniff files that are transmitted log http data in unique files (client and server mixed together) via ftp or http. RainbowCrack tool is a hash cracker.6.5. and UDP packets. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. Nemesis is a packet-crafting program that can forge raw packets up from the ICP.5. 1. Maps some UDP port on local machine to UDP port on a remote host Installs and starts as a proxy service in NT/2k/XP binds to proxy just like squid =) self explanatory self exlanatory Must speficy POP3 username as user@target[:port] useful for exploiting a trust relationship after an interface. It supports crafting ARP. TCP.5. Uses a config file to read its configuration. blinds localhost to port 1080 POP3 proxy server. files and directories pdf.27 Nemesis Spoofer chntpw Maintaining Access net start 3proxy net stop 3proxy 1. It's handy for when you just want to sit down and specify exactly what packets you want to craft. raw mode and so on display client data only of the first smtp connection vncrack -h target.47 XSpy Xspy takes advantage of an oversight in X Windows (R5 & R6) to find out about keypresses even in "secure mode". IMAP4 and POP3 logins/passwords on your network. www.yes to obtain mail for somuser from -w wordlist. Polling the keyboard is not affected by any secure modes.rt -h hast. Similar in concept to the Ethernet layer up and put them on the wire "hping" program.5.5. based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.5. FTP. Rainbow Tables crack hashed passwords in a fraction of the time.34 Rcrack It allows you to create and send any possible packet or sequence of packets on the ethernet.5.5. wyd is a password profiling tool that extracts words/strings from supplied It supports different filetypes: Netenum 1.41 URLsnarf A TCP stream sniffer and connection tracker Tcpick is able to save the captured flows in different files or displays tcpick -I eth0 "port 80" -wRub them in the terminal.wireshark. IGMP. Chntpw is my memory works good is a Windows NT 2K XP user pasword tool for delete passwords and restrictions from SAM database on installed system theirs not crack like brute force passwords just only delete passwords and restrictions for Administrators and simple user in SAM database .5. ntop can be seen as a simple RMON-like agent with an embedded web interface. It works by polling the keyboard. Maps some TCP port on local machine to TCP port on remote host UDP port mapping. html. Ethernet. The main purpose is to replace/complement the nice ping command sipdump [options] <dumpfile> 1. php (partially).

Checks wifi interfaces status and places the interface into monitor mode. a program.3 Air Crack 1. Only TCP/IP communication is supported. and pseudo terminals.8. Privoxy has application for both standalone systems and multi-user networks. 1. Part of the aircrack suite. program execution (-e option). pipe.mycrypt dighosts Program to obtain a crypted password from cleartext. or a pseudo terminal).1. but the system resources required to run a more demanding HTTP proxy are unavailable.6. It runs on Unixlike operating systems and on Microsoft Win32.5 HttpTunnel Server 1. aircrack-ng based wireless cracking script.6.6.14 socat Each of these data channels may be a file. and some other nice features.11 packet capture program. allowing activity that would otherwise be restricted iodine [-v] [-h][-f][-u user] [-t chrootdir] [-d device] [nameserver] topdomain 1.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured decrypts WEP/WPA capture files.13 sbd sbd is a Netcat-clone 1.1. 1.8. It implements the standard FMS attack along with some optimizations like KoreK attacks. TCP).6.8 NSTX Tunnelling tool that performs IP traffic over DNS Privoxy is a web proxy with advanced filtering capabilities for protecting privacy. we look for any TCP data packets starting with "GET" or Airpwn requires two 802. and removing ads. IP6 . pop-ups and other obnoxious Internet junk that connects stdin and stdout to a server somewhere on the network. In fact.11b hotspots-snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP. through a standard HTTPS proxy. and cryptix. IP4.1.8.7 Airpwn It uses a config file with multiple config sections to respond to specific data packets with arbitrary content. controlling access.8. a proof-of-concept to demonstrate weaknesses in the LEAP and PPTP protocols .6. modifying web page data. This is a piece of software that lets you tunnel IPv4 data through a DNS server.1. Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots.6. aircrack is a set of tools for auditing wireless networks. Twofish is courtesy of counterpane. it is an ideal solution for sites where a full-featured HTTP proxy is required.).4 HttpTunnel Client 1. For example. managing cookies.1.7 Iodine Netcat with encryption functionality built in. or a combination of two of socat is a relay for bidirectional data transfer between two independent data these. but DNS queries are allowed (as usual). Part of the aircrack suite. a file descriptor (stdin etc.6.1.10 ProxyTunnel 1.6. thus making the attack much faster compared to other WEP cracking tools. in the HTML goatse example. These modes include generation of "listening" sockets. Part of the aircrack suite.raw. see documentation or man file designed to be portable and offer strong encryption.8. 802. Useful in situations where internet access is firewalled and therefore limited. banners.8. 1.4 Air Decap 1.11 Rinetd 1. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes.6. device (serial line etc.8.6. sbd features AESCBC-128 + HMAC-SHA1 encryption (by Christophe Devine). is a SoftAP acting much like karma it will respond to any request probe allowing may client side attacks to be preformed 802. choosing source port. proxy CONNECT connection.1. 1. UDP. continuous reconnection with delay.1.6 ICMPTX 1.8. Utility for building networks list from a web page Supports both MD5/crypt and NT password.3 CryptCat 1.8.11 Airoscript .8 AirSnarf 1.8. BSD and Linux.1.1.9 Privoxy 1.1.10 Airodump 1. Execellent utility for formatting output from dig 1.12 TinyProxy tinyproxy is a lightweight HTTP proxy Designed from the ground up to be fast and yet small. 1. named channels.5 Air Replay 1.11 interfaces in the case where driver can't inject in "POST" and respond with a valid server response including a monitor mode (lots of chipsets do reference to the canonical goatse image. pipes.6.7.11 packet injection program. the GNU line editor (readline). an SSL socket. a socket (UNIX.2 Backdoors Cryptcat is the standard netcat enhanced with twofish encryption with ports for WIndows NT.8.6 Airmon Script Aircrack is an 802. Covering Tracks 1. but DNS queries are allowed (as usual). Useful in situations where internet access is firewalled and therefore limited.1 AFrag 1.2 ASLeap 1.6. Demonstrates an inherent vulnerability of public 802.9 Airbase 1.6. 1.1 Housekeeping Radio Network Access First implementation of the Fragmentation Attack on Linux. Part of the aircrack suite. Use can include tunnelling SSH sessions through HTTP(S) proxies. works by using monitor mode and injection allowing a simulated master mode. Genpmk As part of a honeypot or as an instrument of your site security plan.24 MacChanger 1.1 PcapSipDump 1. Script Kiddies.8.8. and infering the presence of nonbeaconing networks via data traffic. 802. SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input. Even if there are thousands of concurrect SIP sessions. From there. and will compare it to command.4 SIPdump .20 Load IPW3945 1. and other perl fakeap.28 WifiTap Wifitap is a proof of concept for communication over WLAN networks using traffic injection Wifitap allows direct communication with an associated station to a given access point directly. possibly a script to kick off a DHCP daemon and other a supplied list of common hotspot network names scanning against the new victim.8.12 Airsnort Kismet 1.30 Wlassistant When user wants to connect to a network. Unload Drivers 1.1. Once associated.9. AirSnort operates by passively monitoring transmissions.11b access points.txt 1.1.1. and intrusion detection system.29 Wicrawl wicrawl is an automated wifi scanner and auditor.1. After a Wireless Assistant scans for wireless access points and displays link quality.1.8.27 Wep_decrypt Kismet is an 802. 1.13 CowPatty AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys Designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol Black Alchemy's Fake AP generates thousands of counterfeit 802.8. decloaking) hidden networks.1. lists/stefan-maclist. etc) against the discovered access point list based on profile settings.8.15 GenKeys 1.2 SIPSak It can be used for some simple tests on SIP applications and devices.8. Wireless Assistant opens up its wizards and guides the user through Wi-Fi settings. the data is saved with one file per SIP session. bruteforcing wpa-psk.1. 1. time the user won't have to enter them again. whilst not being being associated ourselves or being handled by access point.8.22 MDK2 1. . NetStumblers.1. detecting (and given --interface wlan0 --words lists/stefan-wordlist. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.8. Sipsak is a small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications.3 SIPcrack 1.14 FakeAP 1.1.txt --vendors undesirables.11 Probe Request frames.8. each goes to separate file 1. Hotspotter can be configured to run a identify the preferred networks of Windows XP clients.11b. dhcp.1. Fake AP confuses Wardrivers.26 Wep_crack 1.8. computing the encryption key when enough packets have been gathered.17 Hotspotter If the probed network name matches a common hotspot name. 1. wep cracking. and 802. Karma KARMA is a set of tools for assessing the security of wireless clients at multiple layers.8.8. individual clients can be targetted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.21 Load acx100 1.1. SIPcrack is a SIP login sniffer/cracker that contains 2 programs: sipdump to capture the digest authentication and sipcrack to bruteforce the hash using a wordlist or standard input. 1.9.11a. and can sniff 802. sniffer.1. VOIP & Telephony Analysis Pcapsipdump is a tool for dumping (recording) SIP sessions (and RTP traffic.8.23 MDK2 for Broadcom 1.8.11 layer2 wireless network detector. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host. 1. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode. It implements common tools to perform checks (association. successful connection is made the settings are remembered so next encryption and other useful information. if available) to disk in a fashion similar to "tcpdump -w" (the format is exactly the same). Kismet identifies networks by passively collecting packets and detecting standard named networks. Hotspotter will act as an access point to allow the client to authenticate Hotspotter passively monitors the network for probe request frames to and associate. It can use multiple cards to run checks against multiple APs at the same time. 1. A GNU/Linux utility for viewing/manipulating the MAC address of network interfaces 1.11g traffic.

mboxgrep is a small utility that scans a mailbox for messages matching a regular expression 1. is running at a particular PID.10. they allow you to investigate the file system and volumes of a computer.6 Smap Sipp is a performance testing tool for the SIP protocol. Index.11 Rootkithunter 1.10 Pasco 1.9 Memfetch Find 1. works the same as GDB Don’t leave home without it gdbserver is a control program for Unix-like systems. backdoors. Digital Forensics • Extract unallocted space • Extract strings (ASCII and Unicode) from allocated and unallocated • Sort by file types • Sort by images and create thumbnails • Make foremost run on images • Scheduling 1. and sniffers. and ISO 9660 file systems.10.1 GDB Console GUI 1. where data structures are displayed as graphs. It produces reports that allow you to truncate the output file. . deleted.dat (Internet Explorer history file) reader. video.db files The current focus of the tools is the file and volume systems and TSK supports FAT.7 Mboxgrep 1. by default. and doesn't blocks upon encountering errors. Practical experience (this program was not written for fun) shows. which allows you to connect your program with a remote GDB via target remote---but without linking in the usual debugging stub.10. or TLS over IPv4 or IPv6 over multiple sockets or multiplexed with retransmission management. piped to a shell command or written to another mailbox 1.5 SIPp 1.11.11. Vinetto is a forensics tool to examine Thumbs.that is.13 Vinetto 1. that chunks of 3050MB are not uncommon. Output is comma delimited for analysis in favorite spreadsheet. dcfldd is an enhanced version of GNU dd with features useful for forensics and security.3 GDB Server 1. RTP play (voice. or directly on a drive. Custom perl script that can be used to find strings (regular expression matches) in memfetch dump files in a more useful way then grep could . 1. smap is a mashup of nmap and sipsak It includes a few basic SipStone user agent scenarios (UAC & UAS) and establishes and releases multiple calls with the INVITE and BYE methods. It features the dynamic display of statistics about running tests. It looks at "magic bytes" in file contents. regular expressions and variables in scenario files. and dynamically-adjustable call rates. exactly.10. and internal data structures 1. DDD has become famous through its interactive graphical data display. 1.10. but on very fragmented file systems it can only recover the first chunk of each file. Together. and RFC2833 DTMFs) is also supported. conditional branching. however. Encase. It works on any file system. keep track of bad blocks. finding exact memory locations. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types.12 Sleuthkit 1. so. As long as the file data is there. To sum up functionality in one sentence it aides in both locating and fingerprinting remote SIP devices. 1. footers.10. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.11. The package contains one shell script.6 Magicrescue Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them. it doesn't abort on errors. It also reads XML scenario files describing any performance testing configuration. absent from core files.2 Autospy 1. including the information This is a neat way to see what.10. Found messages can be either displayed on standard output.8 Memfetch Memfetch is a yet another small but useful security tool that allows instant and non-intrusive dumping of ALL process memory. The Sleuth Kit (TSK) is a collection of UNIX-based command line tools that allow you to investigate a computer. Foremost can work on image files.4 DD_Rescue dd_rescue copies data from one file or block device to another. a few text-based databases.2 GDB GNU Debugger Reverse Engineering Console debugger to step through instructions and locate breakpoints in Standard nix console debugger.9.1 Allin1 This tool should help you to make several time consuming tasks in Sleuthkit/autopsy in one row: The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.10. TCP.1. counted. Don’t leave home without it executables GUI Debugger.10. This process is commonly referred to as data carving.3 DCFLDD 1.5 Foremost Foremost is a console program to recover files based on their headers.10. UFS.4 GNU DDD GNU DDD is a graphical front-end for command-line debuggers . etc. periodic CSV statistics dumps. NTFS. . it will find it. Ext2/3.9. but falls back to small for error recovery. Rootkit Hunter scans files and systems for known and unknown rootkits. and optional Perl modules. UDP. Safeback. such as those generated by dd. Besides ``usual front-end features such as viewing source texts. It is intended It uses large block sizes to quicken the copying. so it can be used both as an undelete utility and for recovering a corrupted drive or partition.

The file can be a device as the file is read a piece at a time.5 Hexdump Hexdmup is a simple program for dumping binary files in hexadecimal format. 32-bit Disassembler for Win32 platforms Don’t leave home without it 1.6 Hexedit 1. It provides both hexadecimal and ascii columns.11. View and edit files in hexadecimal or in ASCII. OllyDBG . You can modify the file and search through it.

Sign up to vote on this title
UsefulNot useful