linux_auditing_map.html

## Best Practice Auditd Configuration

https://github.com/Neo23x0/auditd


<div vgroup>
<pre title>
Real Time 
Auditing
</pre>

<pre zoom>
<a href="https://github.com/auditNG/">auditNG</a>
 Tool for ºcontainerº level system call auditing made effective with selective reporting
- auditNG suite is a dockerized open source stack with customizations of 
  fleetmanagers, Elasticsearch with specific stored queries, TensorFlow and 
  reporting daemon into several sinks like PagerDuty, JIRA, etc, based on 
  learning from using several open source tools.
- This tool is a service end component for the client side daemon
@[https://github.com/ubercoolsec/go-audit-container]
</pre>


<pre zoom TODO>
<span xsmall>Pax Test</span>
<span xsmall>System</span>
<span xsmall>Security</span>
<span xsmall>Audit</span>

@[https://pax.grsecurity.net/]
Pax Test Output Example

PaXtest - Copyright(c) 2003,2004 by Peter Busser
Released under the GNU Public Licence version 2 or later

Mode: blackhat
Linux svr1 2.6.31-14-generic-pae #48-Ubuntu SMP Fri Oct 16 15:22:42 UTC 2009 i686 GNU/Linux

Anonymous mapping randomisation test : 17 bits (guessed)
Executable anonymous mapping : Killed 
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss : Killed
Executable bss (mprotect) : Killed
Executable data : Killed
Executable data (mprotect) : Vulnerable
Executable heap : Killed
Executable heap (mprotect) : Vulnerable
Executable shared library bss : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data : Killed
Executable shared library data (mprotect): Killed
Executable stack : Killed
Executable stack (mprotect) : Killed
Heap randomisation test (ET_DYN) : 23 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Main executable randomisation (ET_DYN) : 10 bits (guessed)
Main executable randomisation (ET_EXEC) : 10 bits (guessed)
Return to function (memcpy, RANDEXEC) : Vulnerable
Return to function (memcpy) : Vulnerable
Return to function (strcpy) : paxtest: bad luck, try different compiler options.
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try different compiler options.
Return to function (strcpy) : Vulnerable
Shared library randomisation test : 17 bits (guessed)
Stack randomisation test (PAGEEXEC) : 23 bits (guessed)
Stack randomisation test (SEGMEXEC) : 23 bits (guessed)
Writable text segments : Killed
Writable text segments : Vulnerable
</pre>
</div>


<div groupv>
<pre title>
Forensic
Auditing
</pre>

<pre zoom labels="">
<span xsmall>Dshell</span>
@[https://github.com/USArmyResearchLab/Dshell]
- extensible network forensic analysis framework.
- Enables rapid development of plugins to support the dissection of network packet captures
- Robust stream reassembly IPv4 and IPv6 supportCustom output handlersChainable decoders
</pre>
</div>

<div groupv kali>
<pre title>
Kali
Linux
(<a href="https://tools.kali.org/tools-listing">tools</a>)
</pre>

<pre zoom>
<span xsmall>Information Gathering</span>
- <a href="https://tools.kali.org/information-gathering/acccheck">acccheck</a>
  password dictionary attack that targets windows authentication via the SMB protocol
- <a href="https://tools.kali.org/information-gathering/ace-voip">ace-voip</a>  
- <a href="https://tools.kali.org/information-gathering/amap">Amap</a>  
- <a href="https://tools.kali.org/information-gathering/apt2">APT2</a>
  perform an NMap scan, or import the results of a scan from Nexpose, Nessus, 
  or NMap. The processesd results will be used to launch exploit and enumeration
  modules according to the configurable Safe Level and enumerated service information. 
- <a href="https://tools.kali.org/information-gathering/arp-scan">arp-scan</a>  
  root@kali:~#ºarp-scan -lº
  ...
  172.16.193.1    00:50:56:c0:00:08   VMware, Inc.
  172.16.193.2    00:50:56:f1:18:a8   VMware, Inc.
  172.16.193.254  00:50:56:e5:7b:87   VMware, Inc.
  192.168.86.1    70:3a:cb:68:51:4c   (Unknown)
  192.168.86.3    00:08:9b:f6:f6:2f   ICP Electronics Inc.
  192.168.86.2    84:1b:5e:e5:66:af   NETGEAR
  192.168.86.4    00:11:32:4b:04:8a   Synology Incorporated
  192.168.86.7    b8:27:eb:89:ac:c3   Raspberry Pi Foundation
- <a href="https://tools.kali.org/information-gathering/automater">Automater</a>  
- <a href="https://tools.kali.org/information-gathering/bing-ip2hosts">bing-ip2hosts</a>
  search for websites hosted on a specific IP address
  root@kali:~# bing-ip2hosts -p microsoft.com
  [ 65.55.58.201 | Scraping 1 | Found 0 | / ]
  http://microsoft.com
  http://research.microsoft.com
  http://www.answers.microsoft.com
  http://www.microsoft.com
  http://www.msdn.microsoft.com

root@kali:~# bing-ip2hosts -p 173.194.33.80
[ 173.194.33.80 | Scraping 60-69 of 73 | Found 41 | | ]| / ]
http://asia.google.com
http://desktop.google.com
http://ejabat.google.com
http://google.netscape.com
http://partner-client.google.com
http://picasa.google.com
  
- <a href="https://tools.kali.org/information-gathering/braa">braa</a> SNMP Scanner

root@kali:~# braa public@192.168.1.215:.1.3.6.*
192.168.1.215:122ms:.1.3.6.1.2.1.1.1.0:Linux redhat.biz.local 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686
192.168.1.215:143ms:.1.3.6.1.2.1.1.2.0:.1.3.6.1.4.1.8072.3.2.10
192.168.1.215:122ms:.1.3.6.1.2.1.1.3.0:4051218219
192.168.1.215:122ms:.1.3.6.1.2.1.1.4.0:Root ˂root@localhost˃ (configure /etc/snmp/snmp.local.conf)
192.168.1.215:143ms:.1.3.6.1.2.1.1.5.0:redhat.biz.local

  
- <a href="https://tools.kali.org/information-gathering/casefile">CaseFile</a> visual intelligence
   application that can be used to determine the relationships and real world links between hundreds of different types of information. Quickly view second, third and n-th order relationships and find links otherwise undiscoverable with other types of intelligence tools.
  CaseFile can be used for the information gathering, analytics and intelligence phases of almost all types of investigates, from IT Security, Law enforcement and any data driven work. It will save you time and will allow you to work more accurately and smarter.

  
- <a href="https://tools.kali.org/information-gathering/cdpsnarf">CDPSnarf</a>  
- <a href="https://tools.kali.org/information-gathering/cisco-torch">cisco-torch</a>  
- º<a href="https://tools.kali.org/information-gathering/cookie-cadger">Cookie Cadger</a>º 
    helps identify information leakage from applications that utilize insecure HTTP GET requests.  
  
- <a href="https://tools.kali.org/information-gathering/copy-router-config">copy-router-config</a>  
- <a href="https://tools.kali.org/information-gathering/dmitry">DMitry</a>  
- <a href="https://tools.kali.org/information-gathering/dnmap">dnmap</a> distributed nmap amongst N clients
 
- <a href="https://tools.kali.org/information-gathering/dnsenum">dnsenum</a>  
- <a href="https://tools.kali.org/information-gathering/dnsmap">dnsmap</a>  
- <a href="https://tools.kali.org/information-gathering/dnsrecon">DNSRecon</a>  
- <a href="https://tools.kali.org/information-gathering/dnstracer">dnstracer</a>  
- <a href="https://tools.kali.org/information-gathering/dnswalk">dnswalk</a> DNS debugger, checks the database for internal consistency
- <a href="https://tools.kali.org/information-gathering/dotdotpwn">DotDotPwn</a> intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.  
- <a href="https://tools.kali.org/information-gathering/enum4linux">enum4linux</a>  
- <a href="https://tools.kali.org/information-gathering/enumiax">enumIAX</a>  
- <a href="https://tools.kali.org/information-gathering/eyewitness">EyeWitness</a> designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible 
- º<a href="https://tools.kali.org/information-gathering/faraday">Faraday</a>º 
      Integrated Penetration-Test Environment (IDE for auditing). Designed for distribution, indexation 
      and analysis of the data generated during a security audit,  re-using available tools in the community.
  
- <a href="https://tools.kali.org/information-gathering/fierce">Fierce</a>  
- <a href="https://tools.kali.org/information-gathering/firewalk">Firewalk</a>  
- <a href="https://tools.kali.org/information-gathering/fragroute">fragroute</a>  
- <a href="https://tools.kali.org/information-gathering/fragrouter">fragrouter</a>  
- <a href="https://tools.kali.org/information-gathering/ghost-phisher">Ghost Phisher</a>  
- <a href="https://tools.kali.org/information-gathering/golismero">GoLismero</a> 
    Report critical/high/... vulneravilities on Web servers
$ golismero scan http://mydomain.com -o - -o report.html
   Future versions will include integration with Metsploit, w3af, ZAP, ...
  
- <a href="https://tools.kali.org/information-gathering/goofile">goofile</a> search for specific files in a remote http domain
- <a href="https://tools.kali.org/information-gathering/hping3">hping3</a> inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features  
- <a href="https://tools.kali.org/information-gathering/ident-user-enum">ident-user-enum</a>  
- º<a href="https://tools.kali.org/information-gathering/inspy">InSpy</a>º Python-based LinkedIn 
    enumeration tool with two functionalities: TechSpy and EmpSpy. TechSpy crawls LinkedIn job listings for technologies
    used by the target company. InSpy attempts to identify technologies by matching job descriptions to keywords from a
    newline-delimited file.
    EmpSpy crawls LinkedIn for employees working at the provided company. InSpy searches for employees by title and/or 
    department from a newline-delimited file. InSpy may also create emails for the identified employees if the user 
    specifies an email format
  
- <a href="https://tools.kali.org/information-gathering/intrace">InTrace</a>  
- <a href="https://tools.kali.org/information-gathering/ismtp">iSMTP</a>  
- <a href="https://tools.kali.org/information-gathering/lbd">lbd</a>  
- º<a href="https://tools.kali.org/information-gathering/maltego-teeth">Maltego Teeth</a>º
    can be used to determine the relationships and real world links between:
  - People
  - Groups of people (social networks)
  - Companies
  - Organizations
  - Web sites
  - Internet infrastructure such as:
  - Domains
  - DNS names
  - Netblocks
  - IP addresses
  - Phrases
  - Affiliations
  - Documents and files
  - These entities are linked using open source intelligence.
  - Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and Linux.
  - Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate – making it possible to see hidden connections.
  - Using the graphical user interface (GUI) you can see relationships easily – even if they are three or four degrees of separation away.
  - Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.

  
- <a href="https://tools.kali.org/information-gathering/masscan">masscan</a>: the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.  
- <a href="https://tools.kali.org/information-gathering/metagoofil">Metagoofil</a> information gathering
    tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.
  
- <a href="https://tools.kali.org/information-gathering/miranda">Miranda</a>
    Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices, particularly 
    Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible 
    vulnerabilities. Some of its features include:
  - Interactive shell with tab completion and command history
  - Passive and active discovery of UPNP devices
  - Customizable MSEARCH queries (query for specific devices/services)
  - Full control over application settings such as IP addresses, ports and headers
  - Simple enumeration of UPNP devices, services, actions and variables
  - Correlation of input/output state variables with service actions
  - Ability to send actions to UPNP services/devices
  - Ability to save data to file for later analysis and collaboration
  - Command logging

   
- <a href="https://tools.kali.org/information-gathering/nbtscan-unixwiz">nbtscan-unixwiz</a>  
- <a href="https://tools.kali.org/information-gathering/nikto">Nikto</a> 
    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple
    items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers,
    and version specific problems on over 270 servers 
- <a href="https://tools.kali.org/information-gathering/nmap">Nmap</a>  
- º<a href="https://tools.kali.org/information-gathering/ntop">ntop</a> º
    shows the network usage, similar to what the popular top Unix command does 
- <a href="https://tools.kali.org/information-gathering/osrframework">OSRFramework</a> set of
     libraries to perform Open Source Intelligence tasks, including references to a bunch of different applications
     related to username checking, DNS lookups, information leaks research, deep web search, regular expressions
     extraction, and many others 
- <a href="https://tools.kali.org/information-gathering/p0f">p0f</a>  
- <a href="https://tools.kali.org/information-gathering/parsero">Parsero</a> is a free script
    written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow 
    entries tell the search engines what directories or files hosted on a web server mustn’t be indexed. For example, 
    "Disallow: /portal/login" means that the content on www.example.com/portal/login it’s not allowed to be indexed by 
    crawlers like Google, Bing, Yahoo… This is the way the administrator have to not share sensitive or private 
    information with the search engines.
    But sometimes these paths typed in the Disallows entries are directly accessible by the users without using a search
     engine, just visiting the URL and the Path, and sometimes they are not available to be visited by anybody… Because
     it is really common that the administrators write a lot of Disallows and some of them are available and some of
    them are not, you can use Parsero in order to check the HTTP status code of each Disallow entry in order to check 
    automatically if these directories are available or not. 
- <a href="https://tools.kali.org/information-gathering/recon-ng">Recon-ng</a> full-featured Web Reconnaissance framework written in Python 
- <a href="https://tools.kali.org/information-gathering/set">SET</a>  
- <a href="https://tools.kali.org/information-gathering/smbmap">SMBMap</a>  
- <a href="https://tools.kali.org/information-gathering/smtp-user-enum">smtp-user-enum</a>  
- <a href="https://tools.kali.org/information-gathering/snmp-check">snmp-check</a>  
- <a href="https://tools.kali.org/information-gathering/sparta">SPARTA</a>  
- <a href="https://tools.kali.org/information-gathering/sslcaudit">sslcaudit</a>utility to automate testing SSL/TLS clients for resistance against MITM attack  
- º<a href="https://tools.kali.org/information-gathering/sslsplit">SSLsplit</a>º  man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing. 
- <a href="https://tools.kali.org/information-gathering/sslstrip">sslstrip</a> transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links. 
- <a href="https://tools.kali.org/information-gathering/sslyze">SSLyze</a> analyze the SSL configuration of a server by connecting to it. 
- <a href="https://tools.kali.org/information-gathering/sublist3r">Sublist3r</a>  
- <a href="https://tools.kali.org/information-gathering/thc-ipv6">THC-IPV6</a> complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library 
- <a href="https://tools.kali.org/information-gathering/theharvester">theHarvester</a>  
- <a href="https://tools.kali.org/information-gathering/tlssled">TLSSLed</a> script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation 
- <a href="https://tools.kali.org/information-gathering/twofi">twofi</a> password cracker 
- <a href="https://tools.kali.org/information-gathering/unicornscan">Unicornscan</a>  
- <a href="https://tools.kali.org/information-gathering/urlcrazy">URLCrazy</a> Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. 
- º<a href="https://tools.kali.org/information-gathering/wireshark">Wireshark</a>º  
- <a href="https://tools.kali.org/information-gathering/wol-e">WOL-E</a> tools for the Wake on LAN  
- <a href="https://tools.kali.org/information-gathering/xplico">Xplico</a>  extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, H323), FTP, TFTP, and so on.

| root@kali:~# xplico -m rltm -i eth0
| xplico v1.0.1
| Internet Traffic Decoder (NFAT).
| ..
| GeoLiteCity.dat found!
| ...
  
</pre>

<pre zoom>
<span xsmall>Vulnerability</span>
<span xsmall>Analysis</span>

- <a href="https://tools.kali.org/vulnerability-analysis/bbqsql" title="BBQSQL">BBQSQL</a> blind SQL injection framework 
- <a href="https://tools.kali.org/vulnerability-analysis/bed" title="BED">BED</a> Designed to check daemons for potential buffer overflows, format strings et. al. 
  root@kali:~#ºbed -s HTTP -t 192.168.1.15º
  
   BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )
  
   + Buffer overflow testing:
          testing: 1  HEAD XAXAX HTTP/1.0
  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-auditing-tool" title="cisco-auditing-tool">cisco-auditing-tool</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-global-exploiter" title="cisco-global-exploiter">cisco-global-exploiter</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-ocs" title="cisco-ocs">cisco-ocs</a>  
- <a href="https://tools.kali.org/information-gathering/cisco-torch" title="cisco-torch">cisco-torch</a>  
- <a href="https://tools.kali.org/information-gathering/copy-router-config" title="copy-router-config">copy-router-config</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/dbpwaudit" title="DBPwAudit">DBPwAudit</a> online audits of
   password quality for several database engines. The application design allows for easy adding of additional database 
   drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the 
   aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error 
   messages from the scan.  The tool has been tested and known to work with SQL Server 2000/2005, Oracle 8/9/10/11,
    IBM DB2 Universal Database, MySQL
  
- <a href="https://tools.kali.org/vulnerability-analysis/doona" title="Doona">Doona</a> Bruteforce Exploit Detector Tool, fork of BED with number of features/changes  
- <a href="https://tools.kali.org/information-gathering/dotdotpwn" title="DotDotPwn">DotDotPwn</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/hexorbase" title="HexorBase">HexorBase</a> database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ). HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets 
- <a href="https://tools.kali.org/vulnerability-analysis/inguma" title="Inguma">Inguma</a> penetration testing toolkit entirely written in python 
- <a href="https://tools.kali.org/vulnerability-analysis/jsql" title="jSQL Injection">jSQL Injection</a> lightweight application used to find database information from a distant server.  
- º<a href="https://tools.kali.org/vulnerability-analysis/lynis" title="Lynis">Lynis</a>º audit and harden Unix and 
    Linux based systems. It scans the system by performing many security control checks. Examples include searching for
    installed software and determine possible configuration flaws 
    <a href="http://www.kitploit.com/2016/09/lynis-234-security-auditing-tool-for.html">
       REF</a>
    - Security Auditing Tool for Unix/Linux Systems 
      
    - Lynis scanning is opportunistic: it uses what it can find.
        For example if it sees you are running Apache, it will perform an initial 
       round of Apache related tests.  When during the Apache scan it also discovers
        a SSL/TLS configuration, it will perform additional auditing steps on that.
       While doing that, it then will collect discovered certificates, so they can 
       be scanned later as well.
    - In-depth security scans
        By performing opportunistic scanning, the tool can run with almost no 
        dependencies.  The more it finds, the deeper the audit will be. In other 
        words, Lynis will always perform scans which are customized to your system.
    Use cases
    - Security auditing
    - Compliance testing (e.g. PCI, HIPAA, SOx)
    - Vulnerability detection and scanning
    - System hardening

- <a href="https://tools.kali.org/information-gathering/nmap" title="Nmap">Nmap</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/ohrwurm" title="ohrwurm">ohrwurm</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/openvas" title="openvas">openvas</a> framework of several 
    services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks’ commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.  
- <a href="https://tools.kali.org/vulnerability-analysis/oscanner" title="Oscanner">Oscanner</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/powerfuzzer" title="Powerfuzzer">Powerfuzzer</a>
    Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based 
    on many other Open Source fuzzers available and information gathered from numerous security resources and websites.
    Currently, it is capable of identifying these problems:
    - Cross Site Scripting (XSS)
    - Injections (SQL, LDAP, code, commands, and XPATH)
    - CRLF
    - HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

  
- <a href="https://tools.kali.org/vulnerability-analysis/sfuzz" title="sfuzz">sfuzz</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/sidguesser" title="SidGuesser">SidGuesser</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/siparmyknife" title="SIPArmyKnife">SIPArmyKnife</a>  
- º<a href="https://tools.kali.org/vulnerability-analysis/sqlmap" title="sqlmap">sqlmap</a>º sqlmap is an 
    open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and
    taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate 
    penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from 
    the database, to accessing the underlying file system and executing commands on the operating system via out-of-band
    connections
    - Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
    - Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
    - Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
    - Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
    - Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
    - Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
    - Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
    - Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
    - Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
    - Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
    - Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.
  
- <a href="https://tools.kali.org/vulnerability-analysis/sqlninja" title="Sqlninja">Sqlninja</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/sqlsus" title="sqlsus">sqlsus</a>  
- <a href="https://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/tnscmd10g" title="tnscmd10g">tnscmd10g</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/unix-privesc-check" title="unix-privesc-check">unix-privesc-check</a> 
    Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).
    It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users 
    or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and 
    run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it 
    does a better job when running as root because it can read more files).
  
- <a href="https://tools.kali.org/vulnerability-analysis/yersinia" title="Yersinia">Yersinia</a>  
</pre>

<pre zoom>
<span xsmall>Exploitation</span>
<span xsmall>Tools</span>
- <a href="https://tools.kali.org/exploitation-tools/armitage" title="Armitage">Armitage</a>  
- <a href="https://tools.kali.org/exploitation-tools/backdoor-factory" title="Backdoor Factory">Backdoor Factory</a>  
- <a href="https://tools.kali.org/exploitation-tools/beef-xss" title="BeEF">BeEF</a>: ºBrowser Exploitation Frameworkº. It is a penetration testing tool that focuses on the web browser.  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-auditing-tool" title="cisco-auditing-tool">cisco-auditing-tool</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-global-exploiter" title="cisco-global-exploiter">cisco-global-exploiter</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-ocs" title="cisco-ocs">cisco-ocs</a>  
- <a href="https://tools.kali.org/information-gathering/cisco-torch" title="cisco-torch">cisco-torch</a>  
- <a href="https://tools.kali.org/exploitation-tools/commix" title="Commix">Commix</a>  
- <a href="https://tools.kali.org/wireless-attacks/crackle" title="crackle">crackle</a>  
- <a href="https://tools.kali.org/exploitation-tools/exploitdb" title="exploitdb">exploitdb</a>  
- <a href="https://tools.kali.org/web-applications/jboss-autopwn" title="jboss-autopwn">jboss-autopwn</a> deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session. 
- <a href="https://tools.kali.org/exploitation-tools/linux-exploit-suggester" title="Linux Exploit Suggester">Linux Exploit Suggester</a>  
- <a href="https://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a>  
- <a href="https://tools.kali.org/exploitation-tools/metasploit-framework" title="Metasploit Framework">Metasploit Framework</a>
   penetration testing platform that enables you to find, exploit, and validate vulnerabilities. It provides the 
   infrastructure, content, and tools to perform penetration tests and extensive security auditing and thanks to the 
   open source community and Rapid7’s own hard working content team, new modules are added on a regular basis, which 
   means that the latest exploit is available to you as soon as it’s published. 
- <a href="https://tools.kali.org/exploitation-tools/msfpc" title="MSFPC">MSFPC</a> Payload Creator (MSFPC) is a wrapper that generates multiple types of payloads, based on user-selected options 
- <a href="https://tools.kali.org/exploitation-tools/routersploit" title="RouterSploit">RouterSploit</a>  
- <a href="https://tools.kali.org/information-gathering/set" title="SET">SET</a>  
- <a href="https://tools.kali.org/exploitation-tools/shellnoob" title="ShellNoob">ShellNoob</a>
  - convert shellcode between different formats and sources. Formats currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty, safeasm, completec, shellstorm. (All details in the “Formats description” section.)
  - interactive asm-to-opcode conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode and you want to figure out if a specific assembly instruction will cause problems.
  - support for both ATT &amp; Intel syntax. Check the –intel switch.
  - support for 32 and 64 bits (when playing on x86_64 machine). Check the –64 switch.
  - resolve syscall numbers, constants, and error numbers (now implemented for real! :-)).
  - portable and easily deployable (it only relies on gcc/as/objdump and python). It is just one self-contained python script, and it supports both Python2.7+ and Python3+.
  - in-place development: you run ShellNoob directly on the target architecture!
  - built-in support for Linux/x86, Linux/x86_64, Linux/ARM, FreeBSD/x86, FreeBSD/x86_64.
  - “prepend breakpoint” option. Check the -c switch.
  - read from stdin / write to stdout support (use “-” as filename)
  - uber cheap debugging: check the –to-strace and –to-gdb option!
  - Use ShellNoob as a Python module in your scripts! Check the “ShellNoob as a library” section.
  - Verbose mode shows the low-level steps of the conversion: useful to debug / understand / learn!
  - Extra plugins: binary patching made easy with the –file-patch, –vm-patch, –fork-nopper options! (all details below)
  
- <a href="https://tools.kali.org/vulnerability-analysis/sqlmap" title="sqlmap">sqlmap</a>  
- <a href="https://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/yersinia" title="Yersinia">Yersinia</a>  

  ºWireless Attacksº
  - <a href="https://tools.kali.org/wireless-attacks/airbase-ng" title="Airbase-ng">Airbase-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/aircrack-ng" title="Aircrack-ng">Aircrack-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airdecap-ng-and-airdecloak-ng" title="Airdecap-ng and Airdecloak-ng">Airdecap-ng and Airdecloak-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/aireplay-ng" title="Aireplay-ng">Aireplay-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airmon-ng" title="Airmon-ng">Airmon-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airodump-ng" title="Airodump-ng">Airodump-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airodump-ng-oui-update" title="airodump-ng-oui-update">airodump-ng-oui-update</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airolib-ng" title="Airolib-ng">Airolib-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airserv-ng" title="Airserv-ng">Airserv-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/airtun-ng" title="Airtun-ng">Airtun-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/asleap" title="Asleap">Asleap</a>  
  - <a href="https://tools.kali.org/wireless-attacks/besside-ng" title="Besside-ng">Besside-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/bluelog" title="Bluelog">Bluelog</a>  
  - <a href="https://tools.kali.org/wireless-attacks/bluemaho" title="BlueMaho">BlueMaho</a>  
  - <a href="https://tools.kali.org/wireless-attacks/bluepot" title="Bluepot">Bluepot</a>  
  - <a href="https://tools.kali.org/wireless-attacks/blueranger" title="BlueRanger">BlueRanger</a>  
  - <a href="https://tools.kali.org/wireless-attacks/bluesnarfer" title="Bluesnarfer">Bluesnarfer</a>  
  - <a href="https://tools.kali.org/wireless-attacks/bully" title="Bully">Bully</a>  
  - <a href="https://tools.kali.org/wireless-attacks/cowpatty" title="coWPAtty">coWPAtty</a>  
  - <a href="https://tools.kali.org/wireless-attacks/crackle" title="crackle">crackle</a>  
  - <a href="https://tools.kali.org/wireless-attacks/eapmd5pass" title="eapmd5pass">eapmd5pass</a>  
  - <a href="https://tools.kali.org/wireless-attacks/easside-ng" title="Easside-ng">Easside-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/fern-wifi-cracker" title="Fern Wifi Cracker">Fern Wifi Cracker</a>  
  - <a href="https://tools.kali.org/wireless-attacks/freeradius-wpe" title="FreeRADIUS-WPE">FreeRADIUS-WPE</a>  
  - <a href="https://tools.kali.org/information-gathering/ghost-phisher" title="Ghost Phisher">Ghost Phisher</a>  
  - <a href="https://tools.kali.org/wireless-attacks/giskismet" title="GISKismet">GISKismet</a>  
  - <a href="https://tools.kali.org/wireless-attacks/gqrx" title="Gqrx">Gqrx</a>  
  - <a href="https://tools.kali.org/wireless-attacks/gr-scan" title="gr-scan">gr-scan</a>  
  - <a href="https://tools.kali.org/wireless-attacks/hostapd-wpe" title="hostapd-wpe">hostapd-wpe</a>  
  - <a href="https://tools.kali.org/wireless-attacks/ivstools" title="ivstools">ivstools</a>  
  - <a href="https://tools.kali.org/wireless-attacks/kalibrate-rtl" title="kalibrate-rtl">kalibrate-rtl</a>  
  - <a href="https://tools.kali.org/wireless-attacks/killerbee" title="KillerBee">KillerBee</a>  
  - <a href="https://tools.kali.org/wireless-attacks/kismet" title="Kismet">Kismet</a>  
  - <a href="https://tools.kali.org/wireless-attacks/makeivs-ng" title="makeivs-ng">makeivs-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/mdk3" title="mdk3">mdk3</a>  
  - <a href="https://tools.kali.org/wireless-attacks/mfcuk" title="mfcuk">mfcuk</a>  
  - <a href="https://tools.kali.org/wireless-attacks/mfoc" title="mfoc">mfoc</a>  
  - <a href="https://tools.kali.org/wireless-attacks/mfterm" title="mfterm">mfterm</a>  
  - <a href="https://tools.kali.org/wireless-attacks/multimon-ng" title="Multimon-NG">Multimon-NG</a>  
  - <a href="https://tools.kali.org/wireless-attacks/packetforge-ng" title="Packetforge-ng">Packetforge-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/pixiewps" title="PixieWPS">PixieWPS</a>  
  - <a href="https://tools.kali.org/wireless-attacks/pyrit" title="Pyrit">Pyrit</a>  
  - <a href="https://tools.kali.org/wireless-attacks/reaver" title="Reaver">Reaver</a>  
  - <a href="https://tools.kali.org/wireless-attacks/redfang" title="redfang">redfang</a>  
  - <a href="https://tools.kali.org/wireless-attacks/rtlsdr-scanner" title="RTLSDR Scanner">RTLSDR Scanner</a>  
  - <a href="https://tools.kali.org/wireless-attacks/spooftooph" title="Spooftooph">Spooftooph</a>  
  - <a href="https://tools.kali.org/wireless-attacks/tkiptun-ng" title="Tkiptun-ng">Tkiptun-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wesside-ng" title="Wesside-ng">Wesside-ng</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wifi-honey" title="Wifi Honey">Wifi Honey</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wifiphisher" title="wifiphisher">wifiphisher</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wifitap" title="Wifitap">Wifitap</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wifite" title="Wifite">Wifite</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wpaclean" title="wpaclean">wpaclean</a>  
</pre>

<pre zoom>
<span xsmall>Forensics</span>
<span xsmall>Tools</span>
- <a href="https://tools.kali.org/forensics/binwalk" title="Binwalk">Binwalk</a> Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc. 
- <a href="https://tools.kali.org/forensics/bulk-extractor" title="bulk-extractor">bulk-extractor</a> 
  extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital 
  evidence files. It is a useful forensic investigation tool for many tasks such as malware and intrusion investigations,
  identity investigations and cyber investigations, as well as analyzing imagery and pass-word cracking.
   
- <a href="https://tools.kali.org/forensics/capstone" title="Capstone">Capstone</a> disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community, Provide semantics of the disassembled instruction, such as list of implicit registers read & written 
- <a href="https://tools.kali.org/password-attacks/chntpw" title="chntpw">chntpw</a>  
- <a href="https://tools.kali.org/forensics/cuckoo" title="Cuckoo">Cuckoo</a>  
- <a href="https://tools.kali.org/forensics/dc3dd" title="dc3dd">dc3dd</a>  
- <a href="https://tools.kali.org/forensics/ddrescue" title="ddrescue">ddrescue</a>  
- <a href="https://tools.kali.org/forensics/dff" title="DFF">DFF</a>  
- <a href="https://tools.kali.org/reverse-engineering/distorm3" title="diStorm3">diStorm3</a>  
- <a href="https://tools.kali.org/forensics/dumpzilla" title="Dumpzilla">Dumpzilla</a> 
  extract all forensic interesting information of Firefox: 
  Cookies + DOM Storage , User preferences (Domain permissions, Proxy settings...), Downloads.
  Web forms (Searches, emails, comments..), Historial, Bookmarks, Cache HTML5 Visualization 
  / Extraction (Offline cache),
  visited sites “thumbnails” Visualization / Extraction , Addons / Extensions and used paths or urls,
  Browser saved passwords, SSL Certificates added as a exception, Session data (Webs, reference URLs and text used in forms),
  Visualize live user surfing, Url used in each tab / window and use of forms.
- 
- <a href="https://tools.kali.org/forensics/extundelete" title="extundelete">extundelete</a> utility that can recover deleted files from an ext3 or ext4 partition 
- <a href="https://tools.kali.org/forensics/foremost" title="Foremost">Foremost</a> forensic program to recover lost files based on their headers, footers, and internal data structures, can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive
- <a href="https://tools.kali.org/forensics/galleta" title="Galleta">Galleta</a>  
- <a href="https://tools.kali.org/forensics/guymager" title="Guymager">Guymager</a>  
- <a href="https://tools.kali.org/forensics/iphone-backup-analyzer" title="iPhone Backup Analyzer">iPhone Backup Analyzer</a>
  utility designed to easily browse through the backup folder of an iPhone
  
- <a href="https://tools.kali.org/information-gathering/p0f" title="p0f">p0f</a>  
- <a href="https://tools.kali.org/forensics/pdf-parser" title="pdf-parser">pdf-parser</a>  
- <a href="https://tools.kali.org/forensics/pdfid" title="pdfid">pdfid</a>  
- <a href="https://tools.kali.org/forensics/pdgmail" title="pdgmail">pdgmail</a>
  python script to gather gmail artifacts from a pd process memory dump. 
  It’ll find what it can out of the memory image including contacts, 
  emails, last acccess times, IP addresses etc... 
- <a href="https://tools.kali.org/forensics/peepdf" title="peepdf">peepdf</a>  
- <a href="https://tools.kali.org/forensics/regripper" title="RegRipper">RegRipper</a>  
- <a href="https://tools.kali.org/forensics/volatility" title="Volatility">Volatility</a> 
  pen collection of tools, implemented in Python under the GNU General Public License, for 
  the extraction of digital artifacts from volatile memory (RAM) sample
  Read the given memory image (-f /root/xp-laptop-2005-07-04-1430.img) and display the processes that were running (pslist):
  root@kali:~# volatility -f /root/xp-laptop-2005-07-04-1430.img pslist
  Volatility Foundation Volatility Framework 2.4
  Offset(V)  Name                    PID   PPID   Thds     Hnds   Sess  Wow64 Start                         
  ---------- -------------------- ------ ------ ------ -------- ------ ------ ----------------------------
  0x823c87c0 System                    4      0     62     1133 ------      0                             
  0x8214b020 smss.exe                400      4      3       21 ------      0 2005-07-04 18:17:26 UTC+0000
  0x821c11a8 csrss.exe               456    400     11      551      0      0 2005-07-04 18:17:29 UTC+0000
  0x814dc020 winlogon.exe            480    400     18      522      0      0 2005-07-04 18:17:29 UTC+0000
  0x815221c8 services.exe            524    480     17      321      0      0 2005-07-04 18:17:30 UTC+0000
  0x821d8248 lsass.exe               536    480     20      369      0      0 2005-07-04 18:17:30 UTC+0000
  0x814f0020 svchost.exe             680    524     19      206      0      0 2005-07-04 18:17:31 UTC+0000
  0x821daa88 svchost.exe             760    524     10      289      0      0 2005-07-04 18:17:31 UTC+0000
  0x821463a8 svchost.exe             800    524     75     1558      0      0 2005-07-04 18:17:31 UTC+0000
  0x8216c9b0 Smc.exe                 840    524     22      421      0      0 2005-07-04 18:17:32 UTC+0000
  0x81530228 svchost.exe             932    524      6       93      0      0 2005-07-04 18:17:33 UTC+0000
  0x81534c10 svchost.exe             972    524     15      212      0      0 2005-07-04 18:17:34 UTC+0000
  0x8202e7e8 spoolsv.exe            1104    524     11      145      0      0 2005-07-04 18:17:38 UTC+0000
  0x8152f9a0 ati2evxx.exe           1272    524      4       38      0      0 2005-07-04 18:17:39 UTC+0000
  0x820ac020 Crypserv.exe           1356    524      3       34      0      0 2005-07-04 18:17:40 UTC+0000
  0x81521da0 DefWatch.exe           1380    524      3       27      0      0 2005-07-04 18:17:40 UTC+0000
  0x820b5670 msdtc.exe              1440    524     15      164      0      0 2005-07-04 18:17:40 UTC+0000
  0x81fcf460 Rtvscan.exe            1484    524     37      312      0      0 2005-07-04 18:17:40 UTC+0000
  0x8204b8e0 tcpsvcs.exe            1548    524      2      105      0      0 2005-07-04 18:17:41 UTC+0000
  0x82027a78 snmp.exe               1564    524      5      192      0      0 2005-07-04 18:17:41 UTC+0000
  0x8204c558 svchost.exe            1588    524      5      122      0      0 2005-07-04 18:17:41 UTC+0000
  0x8202f558 wdfmgr.exe             1640    524      4       65      0      0 2005-07-04 18:17:42 UTC+0000
  0x81fb5da0 Fast.exe               1844    524      2       33      0      0 2005-07-04 18:17:43 UTC+0000
  0x81fe9da0 mqsvc.exe              1860    524     23      218      0      0 2005-07-04 18:17:43 UTC+0000
  0x82022760 mqtgsvc.exe             712    524      9      119      0      0 2005-07-04 18:17:47 UTC+0000
  0x81fe6a78 alg.exe                 992    524      5      105      0      0 2005-07-04 18:17:50 UTC+0000
  0x8202c6a0 ssonsvr.exe            2196   2172      1       24      0      0 2005-07-04 18:17:59 UTC+0000
  0x8146e860 explorer.exe           2392   2300     18      489      0      0 2005-07-04 18:18:03 UTC+0000
  0x820d1b00 Directcd.exe           2456   2392      4       40      0      0 2005-07-04 18:18:05 UTC+0000
  0x81540da0 TaskSwitch.exe         2472   2392      1       24      0      0 2005-07-04 18:18:05 UTC+0000
  0x8219dda0 Fast.exe               2480   2392      1       23      0      0 2005-07-04 18:18:05 UTC+0000
  0x81462be0 VPTray.exe             2496   2392      2      111      0      0 2005-07-04 18:18:06 UTC+0000
  0x8219d960 atiptaxx.exe           2524   2392      1       51      0      0 2005-07-04 18:18:06 UTC+0000
  0x814ecc00 jusched.exe            2548   2392      1       22      0      0 2005-07-04 18:18:07 UTC+0000
  0x820d1718 EM_EXEC.EXE            2588   2540      2       80      0      0 2005-07-04 18:18:09 UTC+0000
  0x814b8a58 WZQKPICK.EXE           2692   2392      1       17      0      0 2005-07-04 18:18:15 UTC+0000
  0x81474510 wuauclt.exe            3128    800      3      157      0      0 2005-07-04 18:19:11 UTC+0000
  0x81f7fb98 taskmgr.exe            3192   2392      3       65      0      0 2005-07-04 18:19:33 UTC+0000
  0x8153f480 cmd.exe                3256   2392      1       29      0      0 2005-07-04 18:20:58 UTC+0000
  0x8133d810 firefox.exe            3276   2392      7      189      0      0 2005-07-04 18:21:11 UTC+0000
  0xff96b860 PluckSvr.exe           3352    680      6      206      0      0 2005-07-04 18:21:42 UTC+0000
  0x813383b0 PluckTray.exe          3612   3352      3      102      0      0 2005-07-04 18:24:00 UTC+0000
  0x81488350 PluckUpdater.ex         368   3352      0 --------      0      0 2005-07-04 18:24:30 UTC+0000
  0x81543870 dd.exe
 
- <a href="https://tools.kali.org/information-gathering/xplico" title="Xplico">Xplico</a>
  ºWeb Applicationsº
  - <a href="https://tools.kali.org/web-applications/apache-users" title="apache-users">apache-users</a>  
  - <a href="https://tools.kali.org/web-applications/arachni" title="Arachni">Arachni</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/bbqsql" title="BBQSQL">BBQSQL</a>  
  - <a href="https://tools.kali.org/web-applications/blindelephant" title="BlindElephant">BlindElephant</a>  
  - <a href="https://tools.kali.org/web-applications/burpsuite" title="Burp Suite">Burp Suite</a>  
  - <a href="https://tools.kali.org/web-applications/cutycapt" title="CutyCapt">CutyCapt</a>  
  - <a href="https://tools.kali.org/web-applications/davtest" title="DAVTest">DAVTest</a>  
  - <a href="https://tools.kali.org/web-applications/deblaze" title="deblaze">deblaze</a>  
  - <a href="https://tools.kali.org/web-applications/dirb" title="DIRB">DIRB</a>  
  - <a href="https://tools.kali.org/web-applications/dirbuster" title="DirBuster">DirBuster</a>  
  - <a href="https://tools.kali.org/web-applications/fimap" title="fimap">fimap</a>  
  - <a href="https://tools.kali.org/web-applications/funkload" title="FunkLoad">FunkLoad</a>  
  - <a href="https://tools.kali.org/web-applications/gobuster" title="Gobuster">Gobuster</a>  
  - <a href="https://tools.kali.org/web-applications/grabber" title="Grabber">Grabber</a>  
  - <a href="https://tools.kali.org/web-applications/hurl" title="hURL">hURL</a>  
  - <a href="https://tools.kali.org/web-applications/jboss-autopwn" title="jboss-autopwn">jboss-autopwn</a>  
  - <a href="https://tools.kali.org/web-applications/joomscan" title="joomscan">joomscan</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/jsql" title="jSQL Injection">jSQL Injection</a>  
  - <a href="https://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a>  
  - <a href="https://tools.kali.org/information-gathering/nikto" title="Nikto">Nikto</a>  
  - <a href="https://tools.kali.org/web-applications/padbuster" title="PadBuster">PadBuster</a>  
  - <a href="https://tools.kali.org/web-applications/paros" title="Paros">Paros</a>  
  - <a href="https://tools.kali.org/information-gathering/parsero" title="Parsero">Parsero</a>  
  - <a href="https://tools.kali.org/web-applications/plecost" title="plecost">plecost</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/powerfuzzer" title="Powerfuzzer">Powerfuzzer</a>  
  - <a href="https://tools.kali.org/web-applications/proxystrike" title="ProxyStrike">ProxyStrike</a>  
  - <a href="https://tools.kali.org/information-gathering/recon-ng" title="Recon-ng">Recon-ng</a>  full-featured Web Reconnaissance framework written in Python  
  - <a href="https://tools.kali.org/web-applications/skipfish" title="Skipfish">Skipfish</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/sqlmap" title="sqlmap">sqlmap</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/sqlninja" title="Sqlninja">Sqlninja</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/sqlsus" title="sqlsus">sqlsus</a>  
  - <a href="https://tools.kali.org/web-applications/ua-tester" title="ua-tester">ua-tester</a>  
  - <a href="https://tools.kali.org/web-applications/uniscan" title="Uniscan">Uniscan</a>  
  - <a href="https://tools.kali.org/web-applications/vega" title="Vega">Vega</a>  
  - <a href="https://tools.kali.org/web-applications/w3af" title="w3af">w3af</a>  
  - <a href="https://tools.kali.org/web-applications/webscarab" title="WebScarab">WebScarab</a>  
  - <a href="https://tools.kali.org/web-applications/webshag" title="Webshag">Webshag</a>  
  - <a href="https://tools.kali.org/web-applications/webslayer" title="WebSlayer">WebSlayer</a>  
  - <a href="https://tools.kali.org/web-applications/websploit" title="WebSploit">WebSploit</a>  
  - <a href="https://tools.kali.org/web-applications/wfuzz" title="Wfuzz">Wfuzz</a>  
  - <a href="https://tools.kali.org/web-applications/whatweb" title="WhatWeb">WhatWeb</a>  
  - <a href="https://tools.kali.org/web-applications/wpscan" title="WPScan">WPScan</a>  
  - <a href="https://tools.kali.org/web-applications/xsser" title="XSSer">XSSer</a>  
  - <a href="https://tools.kali.org/web-applications/zaproxy" title="zaproxy">zaproxy</a>  
  ºStress Testingº
  - <a href="https://tools.kali.org/stress-testing/dhcpig" title="DHCPig">DHCPig</a>  
  - <a href="https://tools.kali.org/web-applications/funkload" title="FunkLoad">FunkLoad</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/iaxflood" title="iaxflood">iaxflood</a>  
  - <a href="https://tools.kali.org/stress-testing/inundator" title="Inundator">Inundator</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/inviteflood" title="inviteflood">inviteflood</a>  
  - <a href="https://tools.kali.org/stress-testing/ipv6-toolkit" title="ipv6-toolkit">ipv6-toolkit</a>  
  - <a href="https://tools.kali.org/wireless-attacks/mdk3" title="mdk3">mdk3</a>  
  - <a href="https://tools.kali.org/wireless-attacks/reaver" title="Reaver">Reaver</a>  
  - <a href="https://tools.kali.org/stress-testing/rtpflood" title="rtpflood">rtpflood</a>  
  - <a href="https://tools.kali.org/stress-testing/slowhttptest" title="SlowHTTPTest">SlowHTTPTest</a>  
  - <a href="https://tools.kali.org/stress-testing/t50" title="t50">t50</a>  
  - <a href="https://tools.kali.org/stress-testing/termineter" title="Termineter">Termineter</a>  
  - <a href="https://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a>  
  - <a href="https://tools.kali.org/stress-testing/thc-ssl-dos" title="THC-SSL-DOS">THC-SSL-DOS</a>  
  ºSniffing &amp; Spoofingº
  - <a href="https://tools.kali.org/web-applications/burpsuite" title="Burp Suite">Burp Suite</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/dnschef" title="DNSChef">DNSChef</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/fiked" title="fiked">fiked</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/hamster-sidejack" title="hamster-sidejack">hamster-sidejack</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/hexinject" title="HexInject">HexInject</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/iaxflood" title="iaxflood">iaxflood</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/inviteflood" title="inviteflood">inviteflood</a>  
  - <a href="https://tools.kali.org/information-gathering/ismtp" title="iSMTP">iSMTP</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/isr-evilgrade" title="isr-evilgrade">isr-evilgrade</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/mitmproxy" title="mitmproxy">mitmproxy</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/ohrwurm" title="ohrwurm">ohrwurm</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/protos-sip" title="protos-sip">protos-sip</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/rebind" title="rebind">rebind</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/responder" title="responder">responder</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/rtpbreak" title="rtpbreak">rtpbreak</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/rtpinsertsound" title="rtpinsertsound">rtpinsertsound</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/rtpmixsound" title="rtpmixsound">rtpmixsound</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/sctpscan" title="sctpscan">sctpscan</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/siparmyknife" title="SIPArmyKnife">SIPArmyKnife</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/sipp" title="SIPp">SIPp</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/sipvicious" title="SIPVicious">SIPVicious</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/sniffjoke" title="SniffJoke">SniffJoke</a>  
  - <a href="https://tools.kali.org/information-gathering/sslsplit" title="SSLsplit">SSLsplit</a>  
  - <a href="https://tools.kali.org/information-gathering/sslstrip" title="sslstrip">sslstrip</a>  
  - <a href="https://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/voiphopper" title="VoIPHopper">VoIPHopper</a>  
  - <a href="https://tools.kali.org/web-applications/webscarab" title="WebScarab">WebScarab</a>  
  - <a href="https://tools.kali.org/wireless-attacks/wifi-honey" title="Wifi Honey">Wifi Honey</a>  
  - <a href="https://tools.kali.org/information-gathering/wireshark" title="Wireshark">Wireshark</a>  
  - <a href="https://tools.kali.org/sniffingspoofing/xspy" title="xspy">xspy</a>  
  - <a href="https://tools.kali.org/vulnerability-analysis/yersinia" title="Yersinia">Yersinia</a>  
  - <a href="https://tools.kali.org/web-applications/zaproxy" title="zaproxy">zaproxy</a>  
</pre>


<pre zoom>
<span xsmall>Password</span>
<span xsmall>Attacks</span>
- <a href="https://tools.kali.org/information-gathering/acccheck" title="acccheck">acccheck</a>  
- <a href="https://tools.kali.org/password-attacks/brutespray" title="BruteSpray">BruteSpray</a>  
- <a href="https://tools.kali.org/web-applications/burpsuite" title="Burp Suite">Burp Suite</a>  
- <a href="https://tools.kali.org/password-attacks/cewl" title="CeWL">CeWL</a>  
- <a href="https://tools.kali.org/password-attacks/chntpw" title="chntpw">chntpw</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/cisco-auditing-tool" title="cisco-auditing-tool">cisco-auditing-tool</a>  
- <a href="https://tools.kali.org/password-attacks/cmospwd" title="CmosPwd">CmosPwd</a>  
- <a href="https://tools.kali.org/password-attacks/creddump" title="creddump">creddump</a>  
- <a href="https://tools.kali.org/password-attacks/crowbar" title="crowbar">crowbar</a>  
- <a href="https://tools.kali.org/password-attacks/crunch" title="crunch">crunch</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/dbpwaudit" title="DBPwAudit">DBPwAudit</a>  
- <a href="https://tools.kali.org/password-attacks/findmyhash" title="findmyhash">findmyhash</a>  
- <a href="https://tools.kali.org/password-attacks/gpp-decrypt" title="gpp-decrypt">gpp-decrypt</a>  
- <a href="https://tools.kali.org/password-attacks/hash-identifier" title="hash-identifier">hash-identifier</a>  
- <a href="https://tools.kali.org/password-attacks/hashcat" title="Hashcat">Hashcat</a>  
- <a href="https://tools.kali.org/vulnerability-analysis/hexorbase" title="HexorBase">HexorBase</a>  
- <a href="https://tools.kali.org/password-attacks/hydra" title="THC-Hydra">THC-Hydra</a>  
- <a href="https://tools.kali.org/password-attacks/john" title="John the Ripper">John the Ripper</a>  
- <a href="https://tools.kali.org/password-attacks/johnny" title="Johnny">Johnny</a>  
- <a href="https://tools.kali.org/password-attacks/keimpx" title="keimpx">keimpx</a>  
- <a href="https://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a>  
- <a href="https://tools.kali.org/password-attacks/maskprocessor" title="Maskprocessor">Maskprocessor</a>  
- <a href="https://tools.kali.org/password-attacks/multiforcer" title="multiforcer">multiforcer</a>  
- <a href="https://tools.kali.org/password-attacks/ncrack" title="Ncrack">Ncrack</a>  
- <a href="https://tools.kali.org/password-attacks/oclgausscrack" title="oclgausscrack">oclgausscrack</a>  
- <a href="https://tools.kali.org/password-attacks/ophcrack" title="ophcrack">ophcrack</a>  
- <a href="https://tools.kali.org/password-attacks/pack" title="PACK">PACK</a>  
- <a href="https://tools.kali.org/password-attacks/patator" title="patator">patator</a>  
- <a href="https://tools.kali.org/password-attacks/phrasendrescher" title="phrasendrescher">phrasendrescher</a>  
- <a href="https://tools.kali.org/password-attacks/polenum" title="polenum">polenum</a>  
- <a href="https://tools.kali.org/password-attacks/rainbowcrack" title="RainbowCrack">RainbowCrack</a>  
- <a href="https://tools.kali.org/password-attacks/rcracki-mt" title="rcracki-mt">rcracki-mt</a>  
- <a href="https://tools.kali.org/password-attacks/rsmangler" title="RSMangler">RSMangler</a>  
- <a href="https://tools.kali.org/password-attacks/seclists" title="SecLists">SecLists</a>  
- <a href="https://tools.kali.org/password-attacks/sqldict" title="SQLdict">SQLdict</a>  
- <a href="https://tools.kali.org/password-attacks/statsprocessor" title="Statsprocessor">Statsprocessor</a>  
- <a href="https://tools.kali.org/password-attacks/thc-pptp-bruter" title="THC-pptp-bruter">THC-pptp-bruter</a>  
- <a href="https://tools.kali.org/password-attacks/truecrack" title="TrueCrack">TrueCrack</a>  
- <a href="https://tools.kali.org/web-applications/webscarab" title="WebScarab">WebScarab</a>  
- <a href="https://tools.kali.org/password-attacks/wordlists" title="wordlists">wordlists</a>  
- <a href="https://tools.kali.org/web-applications/zaproxy" title="zaproxy">zaproxy</a>  

ºMaintaining Accessº
- <a href="https://tools.kali.org/maintaining-access/cryptcat" title="CryptCat">CryptCat</a>  
- <a href="https://tools.kali.org/maintaining-access/cymothoa" title="Cymothoa">Cymothoa</a>  
- <a href="https://tools.kali.org/maintaining-access/dbd" title="dbd">dbd</a>  
- <a href="https://tools.kali.org/maintaining-access/dns2tcp" title="dns2tcp">dns2tcp</a>  
- <a href="https://tools.kali.org/maintaining-access/http-tunnel" title="http-tunnel">http-tunnel</a>  
- <a href="https://tools.kali.org/maintaining-access/httptunnel" title="HTTPTunnel">HTTPTunnel</a>  
- <a href="https://tools.kali.org/maintaining-access/intersect" title="Intersect">Intersect</a>  
- <a href="https://tools.kali.org/maintaining-access/nishang" title="Nishang">Nishang</a>  
- <a href="https://tools.kali.org/password-attacks/polenum" title="polenum">polenum</a>  
- <a href="https://tools.kali.org/maintaining-access/powersploit" title="PowerSploit">PowerSploit</a>  
- <a href="https://tools.kali.org/maintaining-access/pwnat" title="pwnat">pwnat</a>  
- <a href="https://tools.kali.org/maintaining-access/ridenum" title="RidEnum">RidEnum</a>  
- <a href="https://tools.kali.org/maintaining-access/sbd" title="sbd">sbd</a>  
- <a href="https://tools.kali.org/maintaining-access/shellter" title="shellter">shellter</a>  
- <a href="https://tools.kali.org/maintaining-access/u3-pwn" title="U3-Pwn">U3-Pwn</a>  
- <a href="https://tools.kali.org/maintaining-access/webshells" title="Webshells">Webshells</a>  
- <a href="https://tools.kali.org/maintaining-access/weevely" title="Weevely">Weevely</a>  
- <a href="https://tools.kali.org/maintaining-access/winexe" title="Winexe">Winexe</a>  

ºHardware Hackingº
- <a href="https://tools.kali.org/hardware-hacking/android-sdk" title="android-sdk">android-sdk</a>  
- <a href="https://tools.kali.org/reverse-engineering/apktool" title="apktool">apktool</a>  
- <a href="https://tools.kali.org/hardware-hacking/arduino" title="Arduino">Arduino</a>  
- <a href="https://tools.kali.org/reverse-engineering/dex2jar" title="dex2jar">dex2jar</a>  
- <a href="https://tools.kali.org/hardware-hacking/sakis3g" title="Sakis3G">Sakis3G</a>  
- <a href="https://tools.kali.org/reverse-engineering/smali" title="smali">smali</a>  

ºReverse Engineeringº
- <a href="https://tools.kali.org/reverse-engineering/apktool" title="apktool">apktool</a>  
- <a href="https://tools.kali.org/reverse-engineering/dex2jar" title="dex2jar">dex2jar</a>  
- <a href="https://tools.kali.org/reverse-engineering/distorm3" title="diStorm3">diStorm3</a>  
- <a href="https://tools.kali.org/reverse-engineering/edb-debugger" title="edb-debugger">edb-debugger</a>  
- <a href="https://tools.kali.org/reverse-engineering/jad" title="jad">jad</a>  
- <a href="https://tools.kali.org/reverse-engineering/javasnoop" title="javasnoop">javasnoop</a>  
- <a href="https://tools.kali.org/reverse-engineering/jd-gui" title="JD-GUI">JD-GUI</a>  
- <a href="https://tools.kali.org/reverse-engineering/ollydbg" title="OllyDbg">OllyDbg</a>  
- <a href="https://tools.kali.org/reverse-engineering/smali" title="smali">smali</a>  
- <a href="https://tools.kali.org/reverse-engineering/valgrind" title="Valgrind">Valgrind</a>  
- <a href="https://tools.kali.org/reverse-engineering/yara" title="YARA">YARA</a>  

ºReporting Toolsº
- <a href="https://tools.kali.org/information-gathering/casefile" title="CaseFile">CaseFile</a>  
- <a href="https://tools.kali.org/reporting-tools/cherrytree" title="cherrytree">cherrytree</a>  
- <a href="https://tools.kali.org/web-applications/cutycapt" title="CutyCapt">CutyCapt</a>  
- <a href="https://tools.kali.org/reporting-tools/dos2unix" title="dos2unix">dos2unix</a>  
- <a href="https://tools.kali.org/reporting-tools/dradis" title="Dradis">Dradis</a>  
- <a href="https://tools.kali.org/reporting-tools/magictree" title="MagicTree">MagicTree</a>  
- <a href="https://tools.kali.org/information-gathering/metagoofil" title="Metagoofil">Metagoofil</a>  
- <a href="https://tools.kali.org/reporting-tools/nipper-ng" title="Nipper-ng">Nipper-ng</a>
  next generation of nippper, and will always remain free and open source. This
  software will be used to make observations about the security configurations of many different 
  device types such as routers, firewalls, and switches of a network infrastructure. 
- <a href="https://tools.kali.org/reporting-tools/pipal" title="pipal">pipal</a>  
- <a href="https://tools.kali.org/reporting-tools/rdpy" title="RDPY">RDPY</a>
  pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol 
  (client and server side) 
</pre>
</div>

<pre zoom labels="">
<span xsmall>Top 5 linux</span>
<span xsmall>penetration </span>
<span xsmall>testing dist</span>
@[https://www.linux.com/blog/top-5-linux-penetration-testing-distributions-1]
</pre>

</body>
</html>
<!--
https://techarena51.com/blog/confiigure-fail2ban-block-brute-force-ips-scanning-postfix-logs/
How to confiigure fail2ban to block Brute Force IP's by scanning postfix logs

http://www.fail2ban.org/wiki/index.php/Main_Page: 
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that 
show the malicious signs - too many password failures, seeking for exploits, 
etc. Generally Fail2Ban is then used to update firewall rules to reject the 
IP addresses for a specified amount of time, although any arbitrary other 
action (e.g. sending an email) could also be configured. Out of the box 
Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

Fail2Ban is able to reduce the rate of incorrect authentications attempts 
however it cannot eliminate the risk that weak authentication presents. 
Configure services to use only two factor or public/private authentication 
mechanisms if you really want to protect services. 
_____
<a href="http://www.rekall-forensic.com/">Rekall-Forensic</a>
The Rekall Framework is a completely open collection of tools, 
implemented in Python under the GNU General Public License, for the 
extraction of digital artifacts from volatile memory (RAM) samples.
 The extraction techniques are performed completely independent of 
the system being investigated but offer visibilty into the runtime 
state of the system. The framework is intended to introduce people to
the techniques and complexities associated with extracting digital 
artifacts from volatile memory samples and provide a platform for
further work into this exciting area of research."
_________________
TODO ConsoleKit 0.4.1 Documentation http://www.freedesktop.org/software/ConsoleKit/doc/ConsoleKit.html
 ConsoleKit is a framework for keeping track of the various users, sessions, 
 and seats present on a system. It provides a mechanism for software to react 
 to changes of any of these items or of any of the metadata associated with 
 them. 
_________________
Using TCT To Recover Lost Data On Linux Or Unix
://linuxshellaccount.blogspot.com/2009/05/using-tct-to-recover-lost-data-on-linux.html
_____________
cisofy.com/lynis

Auditing, system hardening, compliance testing

Lynis is a battle-tested security tool for systems running Linux, macOS, or 
Unix-based operating system. It performs an extensive health scan of your 
systems to support system hardening and compliance testing. The project is 
open source software with the GPL license and available since 2007.

____________________________________________________
There are a number of open source tools available to help lock down containers
, all of which we cannot cover in this article. But it wouldn't be a useful 
article without discussing a few tools. Using tools like AppArmor and seccomp 
is highly encouraged. Both are components of the Linux kernel and provide 
sane defaults. <a href="https://docs.docker.com/engine/security/apparmor/" 
target="_blank">AppArmor</a> applies mandatory access controls to running 
programs (like Docker itself). <a href="https://docs.docker.com/engine/
security/seccomp/" target="_blank">Seccomp</a> restricts the actions (syscalls
) available within a container. AppArmor and seccomp provide the minimum 
viable protection for systems and containers should a container become 
compromised. Neither will tell you that a piece of software contains vulnerabilities.</p>
<p>Several container registries offer a scanning tool. But if those don't cut 
it, there are other options. CoreOS offers a tool called <a href="https://
coreos.com/clair/docs/latest/" target="_blank">Clair</a>, an open source 
project for the static analysis of vulnerabilities in appc and Docker 
containers. <a href="https://sysdig.com/opensource/falco/" target="_blank">
Sysdig Falco</a> is a behavioral activity monitor designed to detect 
anomalous activity in applications. <a href="https://github.com/
eliasgranderubio/dagda" target="_blank">Dagda</a> (which incorporates Sysdig 
Falco) is a tool that performs static analysis of known vulnerabilities, 
trojans, viruses, malware, and other malicious threats in Docker images/
containers. There are also <a href="https://www.cisecurity.org/cis-benchmarks
/" target="_blank">CIS Benchmarks</a> for Docker and Kubernetes (in addition 
to operating systems). These are just a handful of open source tools; there 
are numerous tools available to help secure containers and container environments.</p>
____________________
https://www.serverwatch.com/server-news/linux-4.17-arrives-with-new-kernel-memory-consistency-module.html
____________________
Escalado de privilegios con LD_LIBRARY_PATH:
ttp://www.hackplayers.com/2018/06/escalado-de-privilegios-en-linux-usando-ldpreload.html?m=1
____________________
https://m.xataka.com/seguridad/como-llegar-a-ser-un-hacker-varios-expertos-en-seguridad-nos-lo-cuentan
____________________
https://www.jobserve.com/es/en/mob/job/3873B7AE6D1A9053?shid=CD642EAD291DF5928A&page=1

Industrial Cyber Security Consultant (Spanish speaking)
Madrid, Spain - EUR60k - EUR90k per annum
Permanent

Profile: cyber security, industrial control systems and operational technology experience 
 - cyber security risks for large scale security infrastructure programmes
 - understanding security risk management and security architect.
 - Engaging with the client to identify, assess and remediate its Cyber related risks etc.

Knowledge/experience with Industrial Cyber Security and Data Communications 
(IEC 62443, IEC 61850, IEC 60870-5-104, OPC) IoT and Industiral IoT 
is highly desirable.

- SCADA control systems, smart metering, PLCs and RTUs.
________________________
https://mobile.serverwatch.com/server-tutorials/tips-and-tricks-for-detecting-insider-threats.html
_______________________
https://suricata-ids.org/

https://beanalytics.wordpress.com/2017/01/31/analyzing-botnets-with-suricata-machine-learning/
_____________________________
https://www.zdnet.com/article/which-is-more-secure-containers-or-virtual-machines-the-answer-will-surprise-you/
________________________
https://linux-audit.com/monitor-file-access-by-linux-processes/
_______________________
http://xmodulo.com/how-to-monitor-file-access-on-linux.html
__________________
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing
__________________
https://andrestc.com/post/cgroups-io/
______________________
Forensic Analisys:
https://github.com/volatilityfoundation/volatility


-->