Skip to main content

Get manual pen testing and more by the hacking team

Hacking team's tools

This is a list of some of the tools we use during our hacking stages, delivering the power of automation with expert human interaction to provide the most accurate benefits for our customers.

  • Aircrack-ng: Suite of tools to assess WiFi network security
  • AltServer: Is a companion application that allows AltStore to sideload apps onto IOs devices
  • Amass: The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques
  • AndroidStudio: Official IDE for development of android apps
  • APKLab: Set of scripts and tools to perform Reverse Engineering on Android applications
  • APKTool: A tool for reverse engineering Android apk files
  • AWS CLI: Is a unified tool for managing AWS services
  • BeEF: The Browser Exploitation Framework, a penetration testing tool that focuses on the web browser
  • Bettercap: Is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and IPv4/IPv6 networks
  • BloodHound: BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify
  • Burp Suite Professional: Toolkit to automate, find and assist web vulnerability discovery and exploitation
  • Checkr1n: Is a community project to provide a high-quality semi-tethered jailbreak to all, based on the ‘checkm8’ bootrom exploit
  • Ciphey: An automated decryption tool that uses AI to identify encryption types and deliver the plaintext
  • Covenant: .NET command and control framework
  • CrackMapExec: Is a post-exploitation tool that helps automate assessing the security of large Active Directory networks
  • Dbeaver: Multi-platform tool for database management
  • DNSRecon: Python script to perform DNS attacks, including Zone transfers, DNS records enumeration, TLD expansion and Wildcard resolution among other techniques
  • dnSpy: Is a debugger and .NET assembly editor
  • enumerate-iam: Tries to brute force all API calls allowed by the IAM policy. The calls performed by this tool are all non-destructive (only get* and list* calls are performed)
  • ffuf: Fast web fuzzer
  • Fiddler: Is a web debugging proxy tool
  • Frida: Dynamic instrumentation toolkit to intercept and debug software that is closed-source or locked down
  • GDB-Peda: Python Exploit Development Assistance for GDB
  • Ghidra: Software Reverse Engineering (SRE) suite of tools developed by NSA's Research Directorate
  • Gitleaks: Open-source tool for detecting secrets and sensitive data in Git repositories
  • hashcat: Fast, efficient and versatile hacking tool that assists offline brute-force attacks
  • HashID: Software to identify the different types of hashes used to encrypt data
  • Hydra: This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.
  • Hopper: Is the reverse engineering tool that lets you disassemble, decompile and debug your applications
  • HTTP Toolkit: Is an open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac. You can use it to intercept, inspect & rewrite HTTP(S) traffic, from everything to anywhere
  • Interactsh: Is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions
  • Jadx: Command line and GUI tools for producing Java source code from Android Dex and Apk files
  • Jmeter: Is open source software, a 100% pure Java application designed to load test functional behavior and measure performance
  • John the Ripper: Password recovery tool
  • Magisk: Is a suite of open source software for customizing Android, supporting devices higher than Android 6.0. Some highlight features: MagiskSU - Magisk Modules - MagiskBoot - Zygisk
  • Magiks modules: Are a simple way to apply system-level mods to your device without having to get your hands dirty and make changes to system files manually
  • Metasploit: Framework to help launching and developing exploits and offensive tasks
  • mimikatz: Windows x32/x64 program to extract passwords, hash, PINs, and Kerberos tickets from memory
  • Mitmproxy: Is a free and open source interactive HTTPS proxy
  • MobSF: Is an automated, all-in-one mobile application (Android/iOS/Windows) pentesting, malware analysis and security assessment framework capable of performing static and dynamic analysis
  • ngrok: Cross-platform application that exposes local server ports to the Internet
  • Nmap: Utility for network discovery and security auditing
  • Objection: Is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak
  • OpenVAS: Full-featured vulnerability scanner
  • OWASP ZAP: ZAP is what is known as a “man-in-the-middle proxy. ” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process
  • Pacu framework: An open source AWS Exploitation Framework designed to aid in the exfiltration, enumeration, lateral movement, escalation, persistence, exploitation, and evasion process
  • Postman: Is an API platform for building and using APIs
  • PwnDBG: Is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers
  • reFlutter: This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way
  • Rubeus: Toolset for raw Kerberos interaction and abuses
  • SoapUI: Is a testing tool for SOAP and REST APIs
  • sqlmap: Automatic SQL injection and database takeover tool
  • Trufflehog: Tool for uncovering high entropy strings and secrets in Git history
  • Uber Apk Signer: A tool that helps to sign, zip aligning and verifying multiple Android application packages (APKs) with either debug or provided release certificates (or multiple)
  • Vega: Web security scanner and web security testing platform that helps validate SQLi, XSS, etc.
  • Wireshark: Network protocol analyzer
  • x64dbg: Open-source x64/x32 debugger for Windows
  • WinDbg: Windows default debugger that we use for kernel debugging
  • wpscan Is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites

How to report false negatives

In the course of the penetration testing done by our hackers in the Advanced plan, there may be occasions where you notice an open vulnerability that was not reported by them; this would be a false negative. When this happens, to handle this incident with the utmost care, both parties must follow the following protocol.

  1. The client reports the incident over any of the available communication channels.
  2. The project manager suspends the billing and any pending charges with the administrative area.
  3. Fluid Attacks appoints a two-hour meeting with the client in less than eight office hours.
    • The account manager and an ethical hacker will attend the meeting.
    • Fluid Attacks will proceed to analyze and understand the client's report.
    • If possible, Fluid Attacks will try to replicate the issue in the environments.
  4. Fluid Attacks schedules a weekly meeting about the postmortem status.
    • The meetings will be scheduled for 11:55 AM (GMT-5) and will last 10 minutes.
    • The first meeting will be seven days after the initial two-hour meeting.
    • The meetings will be recurring with no specified end date.
    • From the client's side, at least the reporter of the incident and their two immediate superiors will attend the meetings.
    • From Fluid Attacks' side, at least the account manager and their two immediate superiors will attend the meetings.
    • The meeting will be led by Fluid Attacks' account manager.
    • The agenda for the day would be pending postmortem of both parties and report dates.
  5. Fluid Attacks gives the client the potential leak form.
  6. The client fills the potential leak form.

Note: This page is under development. Come back later for the full content.