Cyber Tools


  1. Familytreenow
  2. Meterpreter - Whenever posible use this. Use this behind a tunel like ngrok so the exploit does not connect back to your local host directly
    • msfconole
    • use exploit/multi/misc/java_rmi_server
    • set RHOST
    • set payload
    • exploit
    • sessions -l
    • sessions -i l
  3. haveibeenpwned - has an email address been compromised
  4. google hack google dorks database
  5. nslookup
  6. shoden
  7. Netcraft 
  8. shodan
  9. arin - 
  10. edgar - company registration information
  11. google hacking - tricks for using google search PDF Book Cheatsheet
  12. httrack - copy a persons web site
  13. maltigo 
  14. harvester 
  15. metagoofil
  16. - Show what a web site was built with
  17. nslookup - search DNS servers
  18. Nmap - scan for open ports
  19. Digg
  20. insecam - insecure webcams
  21. - find email address
  22. for cryptography like ceasers
  23. convert
  24. cyptography can convert encodings
  25. Cyberchef
  26. Encrypt and Decypt with openssl 
  28. hash generators for base64 MD5 SHA1 SHA256 SHA512 
  29. metasploitable server for practicing hacking. login: msfadmin/msfadmin
  30. Learn Ethical Hacking Tutorials

Attach web application

  1. Use DirBuster Project


Metagoofil is a Linux based information gathering tool designed for extracting metadata of public documents (.pdf, .doc, .xls, .ppt, .odp, .ods).

Screenshot Here The command to run metagoofil is as follows: -d <client domain> -l 100 -f all -o <client domain>.html -t micro-files

The Harvester

TheHarvester is a tool, written by Christian Martorella, that can be used to gather e-mail accounts and subdomain names from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective.

root@pentest:/pentest/enumeration/theharvester# ./

Examples:./ -d -l 500 -b google
         ./ -d -b pgp
         ./ -d microsoft -l 200 -b linkedin

TheHarvester will search the specified data source and return the results. This should be added to the OSINT document for use at a later stage.

root@pentest:/pentest/enumeration/theharvester# ./ -d -b google -l 500


Once the appropriate Registrar was queried we can obtain the Registrant information. There are numerous sites that offer WHOIS information; however for accuracy in documentation, you need to use only the appropriate Registrar.


Nmap ("Network Mapper") is the de facto standard for network auditing/scanning. Nmap runs on both Linux and Windows. Nmap is available in both command line and GUI versions. For the sake of this document, we will only cover the command line.

  nmap -v -A
  nmap -v -sn
  nmap -v -iR 10000 -Pn -p 80

Nmap has dozens of options available. Since this section is dealing with port scanning, we will focus on the commands required to perform this task. It is important to note that the commands utilized depend mainly on the time and number of hosts being scanned. The more hosts or less time that you have to perform this tasks, the less that we will interrogate the host. This will become evident as we continue to discuss the options.

Based on the IP set being assessed you would want to scan both the TCP and UDP ports across the range 1 to 65535. The command that will be utilized is as follows: 

nmap -A -PN -sU -sS -T2 -v -p 1-65535 <client ip range>/<CIDR> or <Mask> -oA NMap_FULL_<client ip range>
nmap -A -PN -sU -sS -T2 -v -p 1-65535 -oA NMap_FULL_client

Starting Nmap 5.51 ( ) at 2011-04-22 22:27 Eastern Daylight Time

NSE: Loaded 57 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 22:27
Completed Parallel DNS resolution of 1 host. at 22:27, 0.10s elapsed
Initiating SYN Stealth Scan at 22:27
Scanning ( [65535 ports]
Discovered open port 80/tcp on

On large IP sets, those greater than 100 IP addresses, do not specify a port range. The command that will be utilized is as follows: 

nmap -A -O -PN <client ip range>/<CIDR> or <Mask> -oA NMap_<client ip range>
nmap -A -O -PN -oA NMap_client

Starting Nmap 5.51 ( ) at 2011-04-22 22:37 Eastern Daylight Time

Nmap scan report for (
Host is up (0.13s latency).
rDNS record for
Not shown: 999 filtered ports
80/tcp open  http    Apache httpd 2.2.3 ((CentOS))
| http-robots.txt: 2 disallowed entries
|_/click.php /ud.php
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-favicon: domain parking
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 2.6.X (92%), OpenBSD 4.X (88%), FreeBSD 6.X (88%)

Google Hacking PDF Cheatsheet