aadit/MIT-Curricular
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update IS/Lab/Lab1/Tools.md

Browse source
This commit is contained in:
aadit 2025-07-22 09:48:47 +05:30
parent 9f7be54f8e
commit f6839485d2
1 changed files with 19 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

27
IS/Lab/Lab1/Tools.md
View file

@ -30,14 +30,25 @@ et cetera
Hydra is a network login hacking tool built into Kali Linux used to gain unauthorized access to a remote system over various protocols and suites of tools, enabling an analyst to possibly establish/take down proxies, gain RCE, modify system resources (or their allocation and therefore cost). It supports SSL-based platforms as well and is easy to build extensions for to add support for a newer communication protocol.
## [Mosquitto](https://mosquitto.org/)
Mosquitto is an OSS MQTT broker designed for messaging/message passing applications, including message stores (to facilitate later delivery to a dormant user). It uses a PubSub model over TCP (which is a byeffect of its roots in MQTT) based on topics each client is subscribed to via JSON/XML.
Mosquitto is an OSS MQTT broker designed for messaging/message passing applications, including message stores (to facilitate later delivery to a dormant user). It uses a PubSub model over TCP (which is a byeffect of its roots in MQTT) based on topics each client is subscribed to via JSON/XML. Mosquitto scanners are used to identify MQTT brokers during a communication stream and mapping them to engineer exploits accordingly.
## [nmap](https://nmap.org/)
NMap (Network Mapper) is a network discovery tool used in security auditing. NMap uses raw IP packets in various ways to map available hosts, services, versions, OSes, firewalls and can do so with scale and for large networks.
NMap (Network Mapper) is a network discovery tool used in security auditing. NMap uses raw IP packets in various ways to map available hosts, services, versions, OSes, firewalls and can do so with scale and for large networks.
## [netcat]
## [sqlmap]
## [sqlninja]
## [msfvenom]
## microsoft threat model (STRIDE)
## [PyCharm]
## [netcat](http://nmap.org/ncat/)
Netcat is used to read and write data across TCP/UDP connections via stdio and is a reliable backend tool to drive programs or scripts that require text passing usage. Ncat, its successor developed by the NMap team adds support for SSL, SOCK4/5 proxies, IPv6 support and other extended functionality. Due to its low level nature, it is easy to obscure and mask with ease.
## [sqlmap](https://sqlmap.org/)
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It supports mosgt major database and database paradigms such as MySQL, PostgreSQL, Microsoft Access etc. It fully supports the following SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. It can connect via DBMS credentials if required, includes functionality to enumerate users, password hasehs, priveleges, roles, tables, columns etc.
## [sqlninja](https://www.kali.org/tools/sqlninja/)
SQLninja is a SQL server injection and takeover tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It supports DB fingerprinting, dagta extraction, Metasploit integration to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter, obtain a DNS based or ICMP tunneled shell and bruteforcing of sa passwords too.
## [msfvenom](https://www.rapid7.com/blog/post/2011/05/24/introducing-msfvenom/)
MSFVenom is a fork off the Metasploit Framework merging both `msfpayload` and `msfencode` into one unified tool and framework instance, with a wider variety of I/O file formats and with refined payload generation.
## [Microsoft Threat Modelling Tool](https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool)
The Microsoft Threat Modeling Tool used as a part of the SDL allowing software architects to identify and mitigate any risks as they happen. It follows the STRIDE methodology: STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation of privilege. A user designs their architecutre in STRIDE and marks the boundaries accordingly, and STRIDE gives us a list of all possible threat scenarios that the system could be exposed to by crossreferencing then Microsoft Security Database.
## [PyCharm](https://www.jetbrains.com/pycharm/)
PyCharm is the Jetbrains IDE for Python built for use in complex corporate workflows, with an entire extensive plugin ecosystem around it. It inlcudes PEP8 compliance checks, linters, treesitters etc to make development faster and more secure.