Skip to content
geeksforgeeks
  • Tutorials
    • Python
    • Java
    • Data Structures & Algorithms
    • ML & Data Science
    • Interview Corner
    • Programming Languages
    • Web Development
    • CS Subjects
    • DevOps And Linux
    • School Learning
    • Practice Coding Problems
  • Courses
    • DSA to Development
    • Get IBM Certification
    • Newly Launched!
      • Master Django Framework
      • Become AWS Certified
    • For Working Professionals
      • Interview 101: DSA & System Design
      • Data Science Training Program
      • JAVA Backend Development (Live)
      • DevOps Engineering (LIVE)
      • Data Structures & Algorithms in Python
    • For Students
      • Placement Preparation Course
      • Data Science (Live)
      • Data Structure & Algorithm-Self Paced (C++/JAVA)
      • Master Competitive Programming (Live)
      • Full Stack Development with React & Node JS (Live)
    • Full Stack Development
    • Data Science Program
    • All Courses
  • Shell Scripting
  • Kali Linux
  • Ubuntu
  • Red Hat
  • CentOS
  • Docker in Linux
  • Kubernetes in Linux
  • Linux interview question
  • Python
  • R
  • Java
  • C
  • C++
  • JavaScript
  • DSA
Open In App
Next Article:
Footprinting with Nmap in Kali Linux
Next article icon

What is the Metasploit Framework in Linux?

Last Updated : 07 Nov, 2022
Comments
Improve
Suggest changes
Like Article
Like
Report

A Metasploit framework is a tool that is used by ethical hackers, security researchers, and pentester to testing of the vulnerability. It helps us to find vulnerabilities in networks, systems, and IoT. It's an open-source tool. It can be customized with the operating system. It's a bunch of exploits for various platforms. This Framework is written in a ruby programming language. A user may set up an exploit module, combine it with a payload, aim at a target, and fire it against the target system using the different tools, libraries, user interfaces, and modules of Metasploit. Hundreds of exploits and different payload choices are contained in the vast and comprehensive database of Metasploit. 

Let's understand the Metasploit Framework through various types of examples.

Example 1: Hack FTP Server Using Metasploit

Here we will be using a vulnerable machine called Metasploitable 2. Follow the below steps to Hack FTP Server.

Step 1: Scanning all the open ports and services using Nmap (Nmap is a network scanning tool)

nmap -Pn -sV 192.168.29.94
 

Command Explanation 

  • nmap:- Tool
  • -Pn:- Treat all hosts as online -- skip host discovery
  • -sV:- Probe open ports to determine service/version info

Step 2: Exploit with Metasploit Framework.

msfconsole

In the below screenshot, we are stating the Metasploit console using the msfconsole command.

 

Step 3: Here we can see the FTPftp service is open called vsftpd (Very Secure FTP Daemon) is an FTP server for Unix-like systems, including Linux, and the port number is 21. Let's get into the server. Search for Version which is FTP server used on it. Here I'm Searching for vsftpd. Here We use the search option for the search exploit.

search vsftpd
 

Command Explanation

  • search:- for searching any exploit by name or keyword.

Step 4: Now, we will be selecting the exploit by using the use command.

use 0
 

Command Explanation

  • use: we use this option because we can use the exploit by using their index number. 

Step 5: Now we will see what are the requirements of run this exploit.

show options
 

Command Explanation:- 

  • show options:- for knowing what are the requirements of run this exploit.
  • Set RHOSTS:- set the target IP.
  • exploit:- for running this exploit

Step 6: Now we will run the exploit and get access to the FTP server.

exploit

We have got access to the FTP server of the target machine Metasploitable 2

 

Example 2: Using Metasploit for DOS attack

Step 1: Type Command msfconsole for entering Metasploit Framework

msfconsole
 

Step 2: Use the payload auxiliary/dos/http/slowloris to perform DOS attack on victim.

use auxiliary/dos/http/slowloris

 

Slowloris tries for many connections to the target machine or web server open and holds them open as long as possible. This accomplishes by opening connections to the target web server and sending requests. Periodically, it will send HTTP request headers. Eventually denying additional connection attempts from client.

Command Explanation:

  • use: for using payload 

Step 3: Show the requirements to run the exploit.

show options
 

Command Explanation:

  • show options:- use to show the requirements for running the exploit. We can see this in the image.

Step 4: Set the target IP to run this exploit.

set rhost 192.168.29.94
 

Command Explanation:

  • set host:- set the target IP for exploit.

Step 5: Run this Exploit to run the dos attack.

exploit

Multiple requests are been hit to the victim machine.

 

Command Explanation:

  • exploit:- run the attack.

Example 3: Using Metasploit to hack through Samba Usermap Script vulnerability 

Step 1: Enter the Metasploit Framework using the following command.

msfconsole
 

Command Explanation:- 

  • msfconsole:- enter the metasploitable framework.

Step 2: Use exploit for the Samba Usermap Script vulnerability.

use exploit/multi/samba/usermap_script
 

Command Explanation:

  • use: use the exploit by name or by the index of the exploit.

Step 3: Show the requirements of the exploit.

show options
 

Command Explanation:-

  • show options: show the requirements for the exploit.

Step 4: Set the credentials to run the exploit.

set RHOSTS 192.168.29.47
 

Command Explanation : 

  • set:- set the required things.

Step 4: Exploit the vulnerability by running the payload.

exploit
 

We have successfully hacked the Samba Usermap Script vulnerability .


Next Article
Footprinting with Nmap in Kali Linux

R
rajnandi5045
Improve
Article Tags :
  • Linux-Unix
  • Linux-Tools

Similar Reads

    Penetration Testing Tools

    DARKARMY - Penetration Testing Tools
    The Darkarmy provides you with a list of tools used for penetration testing all in one place. It saves time for searching for tools under different circumstances. It makes pen testing more straightforward and more user-friendly. It doesn't have built-in tools, but tools will be installed according t
    7 min read
    Validating a Vulnerability Metasploit in Kali Linux
    Metasploit is a popular open-source platform for developing, testing, and executing exploits and payloads. It is widely used by security professionals and researchers to identify and exploit vulnerabilities in systems and networks. Metasploit consists of a large database of exploits and payloads tha
    6 min read
    Creating a Persistent Reverse Shell with Metasploit in Kali Linux
    A reverse shell is a type of network connection in which a command shell is executed on a remote machine, and the input and output of the shell are transmitted over the network back to the local machine. This allows a user on the local machine to execute commands on the remote machine and receive th
    4 min read
    Working with Payload Metasploit in Kali Linux
    The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinel
    5 min read
    Using Metasploit and Nmap to Scan for Vulnerabilities in Kali Linux
    The Metasploit framework is a penetration testing tool for exploiting and validating vulnerabilities. It includes the fundamental architecture, particular content, and tools required for penetration testing and extensive security evaluation. It is a well-known exploitation framework that is routinel
    3 min read
    Evil Twin in Kali Linux
    Evil Twin Attack is a Wi-Fi hacking technique that tricks the user into connecting to a spoofed targeted network, making it nearly impossible to determine whether the network is real or fake, resulting in the user entering their password in the fake network hosted by the Hacker. How does Evil Twin A
    3 min read
    How to use a Reverse Shell in Metasploit in Kali Linux
    Metasploit is not just a single tool. It is a complete framework. It is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code, it is flexible and extremely robust and has tons of tools to perform various simple and complex tasks. Metasploit Fram
    4 min read
    Linux - Metasploit Command
    Metasploit is an open-source penetration testing framework and a suite of security tools used for a myriad of purposes like information gathering, scanning, pen testing, exploiting, encoding, firewall evasion, and even post-exploitation phase. The framework is constituted of different categories and
    5 min read
    What is the Metasploit Framework in Linux?
    A Metasploit framework is a tool that is used by ethical hackers, security researchers, and pentester to testing of the vulnerability. It helps us to find vulnerabilities in networks, systems, and IoT. It's an open-source tool. It can be customized with the operating system. It's a bunch of exploits
    4 min read
    Footprinting with Nmap in Kali Linux
    Footprinting is the technique of gathering information about a targeted network or computer system such as the version of OS the target is using, the kernel version (for Linux-based targets), the version of web hosting software (for server targets), etc. Footprinting could be both active and passive
    5 min read
    How to use Hydra to Brute-Force SSH Connections?
    Let's explore using Hydra to brute-force SSH. One of the most popular tools in a hacker's toolbox is Hydra. It is a great tool for brute force attacks, and you can use it both as a blue team to audit and test ssh passwords against popular password lists like rockyou.txt and crack station wordlists a
    5 min read
    Autopsy - Cyber Forensic Browser in Kali Linux
    The Autopsy is a cyber forensic tool used for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS). It can also be used to recover deleted files and also show various sectors of uploaded images making it easier to make an in-depth analysis of the image. In this article,
    2 min read
    Xcapy - Tool For XSS Detection Suite for CTFs games
    Xcapy is a free and open-source tool available on GitHub that was developed to find cross-site scripting (XSS Vulnerabilities) on web applications and websites. Cross-site scripting is a vulnerability found in the javascript code of web applications and websites. This tool is written in python langu
    2 min read
    BrokenSMTP – Python Script to look common vulnerabilities on SMTP server
    SMTP (Simple Mail Transfer Protocol) is a protocol for email clients to move messages between servers, on the way to the end-users. What if the security is been breached in middle? All the messages will be leaked and there will be privacy issues which can lead to financial and personal losses for en
    3 min read
    Tool-X - Hacking Tool Installer in Kali Linux
    Tool-X is a free and open-source tool written in python that is available on GitHub. Tool-X is used by security researchers and pen-testers in the early stages of reconnaissance and pen-testing. It is an installer framework for Kali Linux that has approximately 300 tools available on its menu. It wi
    2 min read
    Kaboom - Automatic Pentest Bash Script
    Kaboom is an automated cyber-security tool developed in the Bash Script which can perform the task of Information Gathering on the target host and also can perform Vulnerability Assessment. Kaboom tool has support to multiple target scanning simultaneously, we can pass the range to target IP address
    2 min read
    Fast Google Dorks Scan - Automatic Dork Hacking Tool
    Fast Google Dorks Scan also known as Google Dorking, is a hacker technique that employs Google Search and other Google tools to identify security flaws in website setup and computer code. The OSINT project's main goal is to gather all possible Google dorks search combinations and identify informatio
    2 min read
    How to Install and Use Radio Tray on Linux?
    Radio Tray is not the traditional software. This is not software that is generally needed by any developer. It is the software that can only fulfill your musical needs. It is online radio-like software. It can be able to play songs online. But there are many other software presents that perform the
    5 min read
    HackerTarget ToolKit - Tools To Help Organizations With Attack Surface Discovery
    Information Gathering is an important part of Penetration Testing of web applications or any network application. Collecting more information about the target can help the attacker to easily gain access to the target domain server. HackerTarget is a python-based tool that is fully automated for Info
    2 min read
    Longtongue - Customized Password/Passphrase List Inputting Target Info
    Usernames and Password values are the most commonly used techniques for authentication pursuits in almost every web application or any type of application. When the credentials provided in this type match the values stored at the target domain server, only the user is authenticated to the website fe
    3 min read
    NXcrypt - Python Backdoor Framework
    NXcrypt is a polymorphic crypter with Python backdoors. The output is completely unnoticeable. NXcrypt uses a multi-threading mechanism to inject a malicious python file into a regular file. Use the superuser's permissions to run it. The output of NXcrypt is completely untraceable and is python base
    2 min read
    Zydra - Recover Password Protected PDF, ZIP, and RAR
    If you have lost your password of any zip, pdf, rar file, then here is an interesting tool for recovering passwords of the pdf file, zip, rar files. We use to save our crucial data in PDF, ZIP, RAR files as in encrypted format, but sometimes we forget the password and lost our data. Password encrypt
    3 min read

    System Monitoring and Management

    How to Find Top Running Processes by Memory and CPU Usage
    Every current (running) instance of a program is referred to as a process in Linux. There are running processes on every instance of the Linux operating system. , SSHd, SSH processes, and cron jobs are a few examples. A process is started by any application that has to be used. These processes frequ
    6 min read
    Neofetch In Linux – Snap cool screenshots of your Linux
    Neofetch is a fancy, highly customizable, and aesthetic command-line system information screenshot utility tool. Written in the Bash scripting language, it works inside a terminal window, on triggering up the command it by default displays the operating system, software, and hardware of your system
    4 min read

    Networking and Security

    OS Detection in Nmap in Kali Linux
    NMAP stands for Network Mapper which is an open-source tool used for network exploration and security auditing, in comparison to this, a tool named Nessus is used by industry professionals. These tools are mainly used by cybersecurity experts and hackers. Its main purpose is: Provide the list of the
    3 min read
    Smap - A Drop-In Replacement For Nmap Powered By Shodan.Io
    So we all know about the tool Nmap (Network Mapper) and just like the NMAP tool, Smap is also a network scanner that is used to discover any host and services running on a target system by sending packets and analyzing the responses. Smap is a passive Nmap-like scanner built with shodan.io, it is a
    2 min read
    Subjs - Fetches javascript file from a list of URLS or subdomains
    The web-based application is the collection of various hosted files like CSS, HTML, JS, etc. JS files are the core or essential files which can contain some secrets of the web application. Undocumented endpoints information is also crucial, and it can be available in the form of JS files. Subjs is a
    3 min read
    Pathprober - Probe And Discover HTTP Pathname
    Pathprober is an automated tool developed in the Python language which aims to probe and discover HTTP and HTTPS path names by using the technique of brute-forcing and also filters the specific word or can filter more than 2 words. Brute-forcing website directories or HTTP path-name and authenticati
    3 min read
    Subdomains.Sh - Wrapper Around Tool used to find Subdomains
    Subdomains are the part of the main domain that comes before the main domain name and domain extension. The functionality of web applications is been divided into various subdomains. In cyber-security subdomains plays an important role, as the bugs which are not detected in the main domain can be id
    2 min read
    Pymeta - Search The Web For Files On A Domain To Download And Extract Metadata
    PyMeta tool is an automated cyber-security tool which is developed in the Python language that has the potential to search for queries, identify and get the following file types (pdf, xls, xlsx, csv, doc, docx, ppt, pptx) from a given target domain using Google and Bing scraping engines. PyMeta tool
    2 min read
    Dome – Python Script To Obtain Subdomains And Search For Open Ports
    Dome is an automated cyber-security tool developed in the Python language that is used in the process of subdomain enumerations. This subdomain can be tested for getting the bugs out of it. The Dome tool has an active and passive mode for the enumeration process. Dome tool is available on the GitHub
    3 min read
    GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser
    GONET-Scanner tool is an automated cyber-security tool that is developed in the Golang language and can be used in the process of Network Scanning. GONET-Scanner tool has the potential to find the open ports on the specified IP address range. This tool is available on the GitHub platform for free. I
    2 min read
    nrich - Tool to Quickly Analyze all IPs
    Nrich tool is a terminal-based cyber security tool that has the potential to quickly analyze all IPs in a file or from direct input and see which ones have open ports/ vulnerabilities. This tool is a completely automated tool that is developed in the Shell Script language. This tool is officially av
    2 min read
    CyberScan - Network's Forensics ToolKit
    CyberScan is an open-source penetration testing tool that can analyze packets, decoding, scanning ports, pinging, and geolocation of an IP including (latitude, longitude, region, country.) CyberScan tool is an automated tool developed in Python. CyberScan tool is fully automated and it is available
    3 min read
    IP Rover - OSINT tool to get information of any IP address
    IP Rover is a free and open-source tool available on GitHub. IP Rover is one of the famous tools to find information about an IP address and domain. It is used by security researchers and penetration testers in the early stages of penetration testing and reconnaissance. IP Rover is an (OSINT) which
    2 min read
    Ipsourcebypass - Python Script To Bypass IP Source Restrictions Using HTTP Headers
    Ipsourcebypass tool is an automated cyber security tool that can be used in the process of bypassing IP source restrictions using HTTP headers. Ipsourcebypass tool is developed in the Python language and it supports Python3. This tool is also available on the GitHub platform for free. Ipsourcebypass
    2 min read
    DircoverRB - Passive subdomains and web directories recon using Bing
    Google search engine preferably dislikes the scrapers which are used for the information collection or for crawling. So to get the information Bing search engine is been used. DircoverRB is an automated cyber security tool developed in the Ruby language which finds the passive subdomains and also di
    2 min read
    CloudBuster – A Cloudflare Resolver
    Securing Web applications from DOS, DDOS, XSS, SQL Injection attack is very much essential in this digital era. Many web applications use a wall in front of their server to save the server from these types of attacks, and this wall is known as Cloudflare. To detect whether the target application use
    2 min read
    Astsu - Network Scanner Tool
    Astsu is a free and open-source tool available on GitHub. Astsu is written in python language. You must have python language installed in your kali Linux operating system in order to use this tool. Astsu works as a scanner on the network. Astsu is used to scan a network using the IP address. Astsu c
    3 min read
    Crawpy - Yet Another Content Discovery Tool
    Crawpy is a free and open-source tool available on GitHub. This tool is a free and open-source tool this means you can download and install this tool free of cost. This tool is also called yet another content discovery tool written in python language. Crawpy is developed to work asynchronously this
    2 min read
    Espionage - Network Packet And Traffic Interceptor
    Espionage is a free and open-source tool available on GitHub. This is a free tool that can be downloaded and installed free of cost. Espionage is a network sniffer. Espionage performs sniffing on data packets of the network. Espionage is used to intercept data packets at the time when data is passed
    2 min read
    UDP-Hunter - Network Assessment Tool
    UDP-Hunter is a free and open-source tool available on GitHub. UDP-Hunter is written in python language. You must have python language installed in your kali Linux operating system in order to use the tool. UDP-Hunter is used for UDP scanning. UDP-Hunter scans all the UDP services on a network. UDP-
    2 min read

    File and Data Manipulation

    Woof - Easily Exchange Files Over a Local Network in Linux
    In order to easily share single files between Linux systems in a home network where we don't need to worry too much about security. Woof is an acronym for Web Offer One File. It is used to share files over a local area network. The recipient need not have any special software installed on his system
    3 min read
    Create Custom Wordlists Using Crunch in Kali Linux
    In order to crack a password, we have to try a lot of passwords to get the right one. When an attacker uses thousands or millions of words or character combinations to crack a password, there is no surety that any of those combinations will work. This collection of different combinations of characte
    2 min read

    Web Application Security and Exploitation

    SQLiv – Massive SQL Injection Scanner
    SQL Injection is one of the trending and high impactful attacks on the web application. We can perform the scanning process of SQL Injection through automated tools like SQLMap etc. But, there is one of the best tools known as SQLiv tool which is a massive SQL Injection Scanner that can also find th
    2 min read
    XIRA - XSS Vulnerablity Scanner
    XIRA is a clever XSS detection tool that looks for reflected cross-site scripting (XSS) vulnerabilities using human methodologies. This tool based on python3 is a Python-based automated cyber-security program that can search for queries, and identify XSS vulnerabilities. XIRA Tool, You can use the G
    2 min read
    WhatWaf - Detect And Bypass Web Application Firewalls And Protection Systems
    WhatWaf is a cyber-security tool with an automated approach built to detect the firewall and protection details on the target domain server. This tool can help the tester to understand the security system used by the target server and can prepare the attack plan through these details. WhatWaf tool i
    2 min read
    PyPhisher - Simple Python Tool for Phishing
    Phishing is a social-engineering attack in which the attacker targets the victim's brain for getting critical details like usernames, passwords, etc. In Phishing the clone of the genuine page is been created to bluff the victim and capture the credentials. For example, we can create a phishing page
    2 min read
    Packer-Fuzzer - Fast And Efficient Scanner For Security Detection Of Websites
    Packer-Fuzzer is a scanning tool for fast and efficient security detection of websites constructed by front-end packaging tools such as Webpack. This tool is developed in the Python Language and is available on the GitHub platform for free. It's an open-source tool so you can also contribute to it.
    2 min read
    Second-Order - Subdomain Takeover Scanner
    The Second-Order tool is a cyber security-based tool that is used in the scanning of web applications for crawling the application and collecting the sensitive parameterized URLs and other data which match certain patterns and rules. This tool is developed in the Golang language and is available on
    2 min read
    Shellfinder - Simple Tool to Find Shells and Endpoints in Websites
    A shell is a malicious PHP file executed by accessing it via a web browser. It is a PHP script allowing the attacker to control the server - essentially a backdoor program, similar in functionality to a Trojan for personal computers. Shellfinder tool finds the route through which this malicious file
    2 min read
    SpoofThatMail - Check If Domain(s) Can Be Spoofed Based In DMARC Records
    DMARC is a standard email authentication protocol that is designed to assign email domain owners the power to save their respected domains from unauthenticated uses which are also known as spoofing of email. So to check whether the domain is vulnerable to email spoofing we have an automated scanner
    2 min read
    Tplmap - Tool For Automatic Server Side Template Injection Exploitation
    Server-side template injection is a security flaw in which the hacker injects malicious input into a template to run commands on the server-side. We can use various automated tools to perform this vulnerability exploitation. Tplmap is an automated cyber security tool that can perform checking and ex
    2 min read
    Tulpar - Web Vulnerability Scanner Tool
    Tulpar tool is an automated cyber security tool that is used to gather basic information about the target domain along with this. Tulpar tool is also used in the phase of Vulnerability Scanning. This tool can find security flaws like XSS, SQL Injection, Command Injection, and many more. Tulpar tool
    2 min read
    Altair - Open Source Modular Web Vulnerability Scanner
    Vulnerability Scanning is the methodology to detect the security flaws in the target domain. We can detect these flaws by the manual method in which we can test the HTML elements like buttons, input boxes, and many more. But this approach is a bit lengthy approach, so we can use automated tools. Alt
    2 min read
    Blazy – Open Source Modern Login Brute-forcer
    Brute-Forcing is the most lengthy password cracking process, but the Blazy tool is not just a brute-force tool, it can also check for CSRF (Cross-Site Request Forgery), Clickjacking, Cloudflare hosts, and even for WAF Vulnerabilities in the target application. Blazy tool is a multi-threading tool an
    2 min read
    SQLbit - Automatize Boolean-Based Blind SQL Injections
    SQL Injection or SQLi is the web application security flaw where the hacker or intruder can mislead with the SQL queries that a web application makes to its storage database. This can lead to viewing data, inserting data, manipulating data without having authorized access. The data which is manipula
    3 min read
    WhatCMS - CMS Detection and Exploit Kit
    Whatcms tool is an automated tool that is capable of detecting the CMS information about the target domain. This tool also gas the exploit kit with multiple sub-tools integrated into it. In the current scenario, the Whatcms tool can detect 33- different CMS applications and services. All the results
    2 min read
    Smuggler - HTTP Request Smuggling / Desync Testing Tool
    Smuggler is a free and open-source tool available on GitHub. The smuggler tool is used to perform HTTP request smuggling attacks on a domain. HTTP request smuggling is an attack that is performed when a website is processed from the server to the browser. This vulnerability can be used by hackers fo
    2 min read
    NTLMRecon - Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
    NTLMRecon is a free and open-source tool available on GitHub. This tool is used for the NTLM reconnaissance tool without the installation of dependencies. This tool is very useful for security researchers while reconnaissance about NTLM endpoints. The tool needs potential IP addresses and domains. T
    2 min read
    Blackeye Phishing Tool in Kali Linux
    Blackeye is a powerful open-source tool Phishing Tool. Blackeye is becoming very popular nowadays that is used to do phishing attacks on Target. Blackeye is an easy Social Engineering Toolkit. Blackeye contains some templates generated by another tool called Blackeye. This tool makes it easy to perf
    2 min read
    X Attacker Tool - Website Vulnerability Scanner and Auto Exploiter
    XATTACKER tool is an automated approach tool used for scanning and also exploiting the target web applications. XATTACKER tool is developed in the Perl language and it's faster to use. You need to specify the target domain list and the rest of the work is done by the tool. This tool has the capabili
    2 min read

    Information Gathering and OSINT

    openSquat - Domain Squatting and Phishing Watchdog
    openSquat is an Open-source Intelligence (OSINT) cyber-security tool to specify cybersquatting dangers to specific companies or domains, such as Phishing campaigns, Domain squatting, Typosquatting. This tool supports saving the results in the JSON and CSV file format. openSquat tool is developed in
    3 min read
    Mr.Holmes - Information Gathering OSINT Tool
    Mr.Holmes is a free and open-source tool available on GitHub. Mr.Holmes is used for information gathering. Mr.Holmes is a tool that is used to perform reconnaissance on domains, usernames, and phone numbers. Mr.Holmes works on open-source technology. Mr.Holmes gathers all information that is open so
    2 min read
    Labsecurity - Framework for ethical hacking and computer security
    Labsecurity is a free and open-source tool available on GitHub. Labsecurity Is a framework that is used by security researchers and pen-testers in the early stages of reconnaissance. Labsecurity is used for scanning IP and extracting useful information from the website. Labsecurity is a framework th
    2 min read
    Onex - Hacking Tools Library
    Onex is a free and open-source tool available on GitHub. Onex is a complete installer library for Kali Linux which has 370 tools. onex allows installing any of these tools or all the tools simultaneously. These tools are very useful to security researchers and penetration testers. Onex gives the fun
    2 min read
    SourceLeakHacker - Multi Threads Web Application Source Leak Scanner
    SourceLeakHacker is a multi-thread web directories scanner. This tool is a fully automated cyber security tool that is designed and developed in Python. This tool is freely available on the GitHub platform. You can also contribute to it. This tool can also work with a list of multiple target URLs at
    2 min read
    ShonyDanza - Tool For Researching, Pen Testing, And Defending With The Power Of Shodan
    Shodan is a special search engine that collects data about the device connected to the internet. It is a beneficial tool for Bug Bounty Hunters, Penetration Testers, Hackers, and many security-related actors. We can use the CLI version of Shodan through the means of an automated tool named ShonyDanz
    2 min read
    sigurlfind3r - Passive reconnaissance tool for known URLs discovery
    URLs can be beneficial to security researchers for getting a valid bug. URLs carry the information from the client to the server. Various parameters are been used in the URL. These parameters can be used to inject XSS malicious code, Open Redirection check, and many more. So to discover these URLs,
    2 min read
    Snallygaster - Scan For Secret Files On HTTP Servers
    Some of the files present on the server need to be kept safe from public access, as these can have a bunch of sensitive data like version details, certificates, API keys, and a lot more. So to identify these secret files we have an automated tool names snallygaster. Snallygaster tool is a fully auto
    2 min read
    Webscreenshot - Simple Script To Screenshot A List Of Websites
    Penetrating a large scope domain can be difficult, as this domain can consist of various subdomains. So to visit each subdomain manually is a very much challenging task, as some of the subdomains may be dead subdomains. So what if we can click a screenshot of all subdomains in a single click. Yes, t
    2 min read
    Token-Hunter: Collect OSINT for GitLab groups and members
    Token-Hunter is a free and open-source tool available on GitHub. This tool is based upon the technology of OSINT. This tool is a free and open-source tool it means you don't have to give any amount to anyone. Download and install this tool free of cost This tool is used as intended to complement dif
    2 min read
    Maryam v1.4.0 - Open-source Intelligence(OSINT) Framework
    Maryam v1.4.0 is a free and open-source tool available on GitHub. Maryam is based upon Open Source Intelligence (OSINT), the easiest and useful tool for reconnaissance. Maryam interface is very similar to Metasploit 1 and Metasploit 2. Maryam provides a command-line interface that you can run on Kal
    2 min read
geeksforgeeks-footer-logo
Corporate & Communications Address:
A-143, 7th Floor, Sovereign Corporate Tower, Sector- 136, Noida, Uttar Pradesh (201305)
Registered Address:
K 061, Tower K, Gulshan Vivante Apartment, Sector 137, Noida, Gautam Buddh Nagar, Uttar Pradesh, 201305
GFG App on Play Store GFG App on App Store
Advertise with us
  • Company
  • About Us
  • Legal
  • Privacy Policy
  • In Media
  • Contact Us
  • Advertise with us
  • GFG Corporate Solution
  • Placement Training Program
  • Languages
  • Python
  • Java
  • C++
  • PHP
  • GoLang
  • SQL
  • R Language
  • Android Tutorial
  • Tutorials Archive
  • DSA
  • Data Structures
  • Algorithms
  • DSA for Beginners
  • Basic DSA Problems
  • DSA Roadmap
  • Top 100 DSA Interview Problems
  • DSA Roadmap by Sandeep Jain
  • All Cheat Sheets
  • Data Science & ML
  • Data Science With Python
  • Data Science For Beginner
  • Machine Learning
  • ML Maths
  • Data Visualisation
  • Pandas
  • NumPy
  • NLP
  • Deep Learning
  • Web Technologies
  • HTML
  • CSS
  • JavaScript
  • TypeScript
  • ReactJS
  • NextJS
  • Bootstrap
  • Web Design
  • Python Tutorial
  • Python Programming Examples
  • Python Projects
  • Python Tkinter
  • Python Web Scraping
  • OpenCV Tutorial
  • Python Interview Question
  • Django
  • Computer Science
  • Operating Systems
  • Computer Network
  • Database Management System
  • Software Engineering
  • Digital Logic Design
  • Engineering Maths
  • Software Development
  • Software Testing
  • DevOps
  • Git
  • Linux
  • AWS
  • Docker
  • Kubernetes
  • Azure
  • GCP
  • DevOps Roadmap
  • System Design
  • High Level Design
  • Low Level Design
  • UML Diagrams
  • Interview Guide
  • Design Patterns
  • OOAD
  • System Design Bootcamp
  • Interview Questions
  • Inteview Preparation
  • Competitive Programming
  • Top DS or Algo for CP
  • Company-Wise Recruitment Process
  • Company-Wise Preparation
  • Aptitude Preparation
  • Puzzles
  • School Subjects
  • Mathematics
  • Physics
  • Chemistry
  • Biology
  • Social Science
  • English Grammar
  • Commerce
  • World GK
  • GeeksforGeeks Videos
  • DSA
  • Python
  • Java
  • C++
  • Web Development
  • Data Science
  • CS Subjects
@GeeksforGeeks, Sanchhaya Education Private Limited, All rights reserved
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox
Improvement
Suggest Changes
Help us improve. Share your suggestions to enhance the article. Contribute your expertise and make a difference in the GeeksforGeeks portal.
geeksforgeeks-suggest-icon
Create Improvement
Enhance the article with your expertise. Contribute to the GeeksforGeeks community and help create better learning resources for all.
geeksforgeeks-improvement-icon
Suggest Changes
min 4 words, max Words Limit:1000

Thank You!

Your suggestions are valuable to us.

What kind of Experience do you want to share?

Interview Experiences
Admission Experiences
Career Journeys
Work Experiences
Campus Experiences
Competitive Exam Experiences