A binary or tool may support one or more of the following functions:
Fuzzing or fuzz testing is an automated technique that involves providing a large variety of input data, hoping to induce an unexpected response.
Privilege escalation involved exploiting a bug, design flaw or misconfiguration to gain elevated access and perform unauthorized actions. For example, escalating from a restrictive shell as user www-data, to a session as root.
Code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Techniques to either guess or confirm valid directories. Directory enumeration is often a web application attack, though it can also be leveraged on any system with a directory structure.
Recovering plaintext passwords from cryptographic hashes. Rapid and automatic guessing of password, comparison to hash, check for match, and repeat. Time for attack completion highly dependant on password complexity and hashing algorithm.
Rapid and automatic attempts to log in using a list of passwords and/or usernames. Can apply to any service or process requiring authentication.
A shell is a user interface for access to an operating system’s services. Different services allow sending commands to remote hosts across networks. A shell can also refer to an active session / connection to a target.
Obfuscation involves obscuring information by making it difficult to understand and detect. Weaker than encryption, these methods can usually be reverse engineered and are intended as a more temporary method of disguising payloads or network communications.