Special Targets

Hardware and IOT

https://swisskyrepo.github.io/HardwareAllTheThings/

IPV6 and ICMPV6

thc-ipv6 - Attack toolkit for testing IPv6 and ICMPv6 protocol weaknesses.
- www.thc.org/thc-ipv6/

Cisco Products

Cisco OCS Scanner

A mass Cisco scanning tool.

# cisco-ocs [Start IP] [Stop IP]

Cisco Auditing Tool (CAT)

Perl script which scans cisco routers for common vulnerabilities.

# CAT -h 192.168.99.230 -p 23 -a /usr/share/wordlists/nmap.lst

cisco-global-exploiter

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool.

# Show all available Attacks
# cge.pl -h
# Attack
# cge.pl [Target IP] [Attack ID]

cisco-torch

Cisco device vulnerability scanner

# cisco-torch -A [Target IP]

Cisco copy-router-config

Copies configuration files from Cisco devices running SNMP.

# copy-router-config.pl [Router IP] [TFTP Server IP] [Community String]

VoIP (SIP)

SeeYouCM-Thief - Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials. Will also optionally enumerate active directory users from the UDS API.
- https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
sipvicious - SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.
- https://www.kali.org/tools/sipvicious/
protos-sip - The purpose of this test-suite is to evaluate implementation level security and robustness of Session Initiation Protocol (SIP) implementations.
iaxflood - Voip flooding tool
ohrwurm - ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones.
siparmyknife - SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.
sipp - SIPp is a free Open Source test tool / traffic generator for the SIP protocol.
sipsak - sipsak is a small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications. It can be used for some simple tests on SIP applications and devices.
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Endler.pdf
https://downloads.avaya.com/elmodocs2/mm_r2_0/cd_frontend/a_mss_mas/se_pbxsec.htm
Penetration Testing on VoIP Asterisk Server
- Penetration Testing on VoIP Asterisk Server (Part 2)

Lync Server

lyncsmash - A collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations
LyncSniper - LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365.
https://www.mdsec.co.uk/2017/04/penetration-testing-skype-for-business-exploiting-the-missing-lync/

Thick Clients

Mobile Devices

https://akenofu.gitbook.io/hackallthethings/mobile-applications/android
https://owasp.org/www-project-mobile-security-testing-guide/
OWASP Mobile Security Testing Guide - Bernhard Mueller et al.
Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
- https://opensecurity.in/
quark-engine - Quark-Engine is a full-featured Android analysis framework written in Python for hunting threat intelligence inside the APK, DEX files.
Hacking: The next generation - Abusing mobile devices: Targeting your mobile workforce, pg. 149

Networking Devices

RouterHunterBR - Unauthenticated Remote DNS change/ users & passwords.
routersploit - an open-source exploitation framework dedicated to embedded devices

Printers

https://tryhackme.com/room/printerhacking101

PreviousWeb Application Firewall NextExploit Dev/Buffer Overflow

Last updated 1 year ago