As the website says, SQLmap is an "automatic SQL Injection and database takeover tool." This description really explains the heart of the tool itself. It supports all the common and widely used database platforms – MySQL, MSSQL, Access, DB2, PostgreSQL, Sybase, SQLite – and six different attacks.
7. CME (CrackMapExec)
CME is a post-exploitation tool that will help automate the task of assessing the security of large Active Directory networks. Its author, a hacker known as 'byt3bl33d3r' says the tool follows the concept of living off the land by "abusing built-in Active Directory features/protocols to achieve its functionality and allowing it to evade most endpoint protection/IDS/IPS solutions."
While the red team case for using CME is clear, blue teams can also use the tool to assess account privileges, simulate attacks, and find misconfigurations. CME also makes use of the PowerSploit Toolkit and the Impacket library.
Impacket, which is used by CME, is a collection of Python classes for low-level programmatic access to protocols like SMB1-3, or TCP, UDP, ICMP, IGMP, and ARP on IPv4 / IPv6. Packets can be constructed from scratch or parsed form raw data.
PowerSploit is a collection of modules that can be used during assessments. As the name suggests, the modules themselves are for PowerShell on Windows. Some of the features include persistence, AV bypasses, exfiltration, code execution, script modification, reconnaissance, and more.
Luckystrike, from curi0usJack, is a generator of malicious Excel (.xls) and Word (.doc) documents. Luckystrike can work with standard shell commands, PowerShell scripts, and EXEs. Additional information and usage details are available here.
11. BeEF (Browser Exploitation Framework)
BeEF is a handy tool to assess "actual security posture of a target environment by using client-side attack vectors." Several professionals mentioned BeEF in passing, and noted that it was rather easy to use given the number of features and options the tool offers. You can learn more about BeEF here.
THC-Hydra is a network login cracker that supports several services. In fact, it supports more than four dozen of them, including Cisco auth, Cisco enable, IMAP, IRC, LDAP, MS-SQL, MYSQL, Rlogin, Rsh, RTSP, and SSH (v1 & v2). The tool isn't overly complex, and the extensive README file covers plenty of detail to get users started.
13. Immunity Inc. – Debugger
The Immunity Debugger is a tool that will help security professionals write exploits, analyze malware, and reverse engineer binaries. There are a ton of features, but the two writeups that best cover a majority of them are an overview by Igor Novkovic and a SANS Reading Room paper on basic reverse engineering. If reversing or exploit writing are in your wheelhouse, this tool is likely something you're familiar with already, if it isn't – it's worth a look.
Sign up for Computerworld eNewsletters.