1. tracert/traceroute: tracert (Windows) and traceroute (Linux) are utilities that allow you to track the path of packets from your device to a destination on the Internet. They show the route the packets take and the time it takes for the packets to reach each hop in the route.
2. nslookup/dig: nslookup and dig are DNS (Domain Name System) query tools that allow you to find information about a domain name or IP address. You can use them to resolve IP addresses from hostnames or vice versa.
3. ipconfig/ifconfig: ipconfig (Windows) and ifconfig (Linux) are utilities that display information about the network configuration of your device. They show information about the IP address, subnet mask, default gateway, and DNS servers assigned to your device.
4. nmap: nmap is a popular open-source network mapping tool that can be used to perform a variety of tasks, including network inventory, host discovery, and port scanning.
5. ping/pathping: ping is a utility that allows you to test the connectivity between your device and another device on the network. Pathping is a more advanced version of ping that provides information about network latency and packet loss along the route.
6. hping: hping is a command-line tool that allows you to perform various network-related tasks, such as network scanning, network testing, and network reconnaissance.
7. netstat: netstat is a utility that shows information about the network connections on your device, including the status of active connections, the local and remote addresses and ports of each connection, and the protocol used.
8. netcat: netcat is a versatile network utility that can be used for a variety of tasks, including network testing, network scanning, and network reconnaissance.
9. IP scanners: IP scanners are tools that scan a network for active hosts and gather information about the IP addresses, hostnames, and open ports of the hosts.
10. arp: arp is a protocol used to map an IP address to a physical address, such as a MAC address. It is used by the operating system to resolve IP addresses to MAC addresses for communication on a local network.
11. route: route is a utility that allows you to view and modify the routing table on your device. You can use it to see the routes used by your device to reach destinations on the network.
12. curl: curl is a command-line tool that allows you to transfer data to or from a server using various protocols, including HTTP, FTP, and SMTP.
13. theHarvester: theHarvester is an open-source reconnaissance tool that can be used to gather information about a target domain, including email addresses, hostnames, and IP addresses.
14. sn1per: sn1per is a reconnaissance tool that automates the process of information gathering and vulnerability assessment for penetration testing.
15. scanless: scanless is a reconnaissance tool that allows you to perform network reconnaissance from a remote server, making it more difficult for the target to detect the scan.
16. dnsenum: dnsenum is a reconnaissance tool that can be used to enumerate information about a target domain, including subdomains, hostnames, and IP addresses.
17. Nessus: Nessus is a popular vulnerability scanner that can be used to scan a network for security vulnerabilities and provide a report with recommendations for remediation.
18. Cuckoo: Cuckoo Sandbox is an open-source automated malware analysis system. It allows you to analyze the behavior of malware in a controlled environment to determine its potential impact and determine appropriate countermeasures. Cuckoo can analyze a wide variety of file types, including Windows executables, dynamic-link libraries (DLLs), and office documents. The system provides detailed information about the behavior of the malware, including the files it creates, the registry keys it modifies, and the network connections it establishes. This information can be used to identify the functions and goals of the malware and to develop appropriate countermeasures. Cuckoo Sandbox is widely used by security researchers, incident responders, and malware analysts to better understand and combat malicious software.
Though simple explanation is given in the above, one needs to practice the commands for knowing more about the usage and output. For example, tracert command is detailed below:
The tracert command is used to display the path that packets take from your device to a destination on the Internet. Here's an example of how to use the tracert command on a Windows command prompt:
1. Open the command prompt by clicking the Start button and typing cmd in the search box.
2. In the command prompt, type the following command:
tracert [destination hostname or IP address]
For example, to display the path to www.google.com, you would type:
tracert www.google.com
3. Press Enter to run the command.
The output of the tracert command will show the list of hops that the packets take from your device to the destination, along with the IP address and the round-trip time for each hop. Here's an example of the output for a tracert to www.google.com:
Tracing route to www.google.com [216.58.194.174]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms Router [192.168.1.1]
2 1 ms 2 ms 2 ms 10.0.0.1
3 20 ms 19 ms 19 ms 10.0.0.2
4 18 ms 18 ms 18 ms 72.14.236.73
5 19 ms 19 ms 19 ms 216.58.194.174
Trace complete.
In this example, the first hop (192.168.1.1) is the router on the local network, and each subsequent hop is a router along the path to the destination (216.58.194.174). The round-trip time for each hop is displayed in milliseconds (ms).
