The following is a checklist and set of information for use when attempting CTF or Hackfest style challenges. This checklist was created by using Stephen McNabb's Dark Soul Cheat Sheet code along with the initial content dump from Orangepeelbeef's hacking_ctf_tools, and my own limited ctf experience.
This tool works in many categories, Encode/Decode, file detection, file carving, etc. Very very very handy
extract all strings from a file
strings myfile
strings myfile -n10 (get all strings with length at least 10)
unix file command, determine file type
file Templeton_Peck.jpg
Templeton_Peck.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 224x280, components 3
there are a lot of good hex editors out there, and sometimes examining a file manually is enough to find the data you need
bless is pretty good, but 010 editor knows binary file signatures so it's pretty much the best
foremost
foremost myfile -o outputdir
binwalk
binwalk -e myfile
syn scan all tcp ports
nmap -sS -p1:65535 somehost
scan all TCP & UDP ports
nmap -sU -sT -p- somehost
Hydra
Wfuzz
wfuzz -z file,${WORDLIST} -b cookie=value -d "title=FUZZ&body=FUZZ" --sc 500 https://host/api/entry
nessus
nikto (web app vuln scanner)
exiftool myfile
hexdump -C myfile
strings myfile
crunch 3 3 ABCDEFGHIJKLMNOPQRSTUVWXYZ (all combinations of uppercase letters of length 3)
john itself is pretty good at cracking although a bit slow, however it comes with a ton of great tools for getting hashes out of files
john filename
hashcat is generally much faster than john because it uses GPU instead of CPU, it is a lot more complicated and has a ton of modes and rules. hashcat can use the hashes gathered with office2john, etc
ex cracking word 2013 document pw:
hashcat -a 0 -m 9600 --username office_hash.txt rockyou.txt -O
ex usage of rules, you can use multiple
hashcat -a 0 -m 0 cracklist.db wordlist.txt -r /usr/share/hashcat/rules/best64.rule -O
ex combination attack left and right wordlists (change the order if you want to try them flipped)
hashcat -a 1 -m 0 cracklist.db biology rockyou.txt
ex incremental mask attack (adds digits and symbols to the end of everything in wordlist)
hashcat -a 6 -m 0 cracklist.db francais.txt -1 ?d?s ?1?1?1?1?1 -i
ex incremental mask attack (add digits and symbols to the front of everything in wordlist)
hashcat -a 7 -m 0 cracklist.db -1 ?d?s ?1?1?1?1?1 francais.txt -i
dnsrecon -d somehost
dnsrecon -d somehost -t brt wordlist.txt
fierce somehost
you can get data straight from the sound card with fldigi
reads from an SDR or recorded SDR files and can do a lot of things
can also output to a network stream for piping into multimon-ng
dirsearch
dirb
decoders for a ton of different signal types
https://www.acunetix.com/websitesecurity/directory-traversal/
https://www.greycampus.com/opencampus/ethical-hacking/enumeration-and-its-types
https://0xrick.github.io/lists/stego/
https://www.bastibl.net/pocsag/
https://overthewire.org/wargames/bandit/
https://gchq.github.io/CyberChef/
https://www.sweetscape.com/download/010editor/
https://www.tutorialspoint.com/unix_commands/xxd.htm
https://www.rapid7.com/info/nexpose-community/
https://charcharbinks.com/post/ctf_crypto_for_beginners/
https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/big-list-of-naughty-strings.txt