Application Management
Arrow Control includes a tool library with 30+ pre-configured security and penetration testing applications. Install professional-grade tools with a single click—no manual setup required.
Accessing App Management
Section titled “Accessing App Management”- Log into Arrow Control
- Click Apps in the sidebar navigation
- The tool library opens showing available applications
Screenshot Coming Soon
App management interface showing available security tools Screenshot
Understanding the Tool Library
Section titled “Understanding the Tool Library”The tool library provides:
- Pre-configured tools - Tested and ready to use
- Categorized organization - Tools grouped by function
- One-click installation - Automated setup process
- Verification badges - Indicates tested and confirmed working tools
Tool Categories
Section titled “Tool Categories”Tools are organized into six categories:
| Category | Description | Example Tools |
|---|---|---|
| Reconnaissance | Information gathering and discovery | Nmap, Subfinder, Amass |
| Vulnerability Scanning | Automated vulnerability detection | Nuclei, Nikto |
| Web Application Testing | Web security assessment tools | Burp Suite, SQLmap, Ffuf |
| Network Tools | Network analysis and protocol tools | Wireshark, Aircrack-ng, Impacket |
| Exploitation Frameworks | Post-exploitation and privilege escalation | Metasploit, John the Ripper, Hashcat |
| Digital Forensics | Forensic analysis and investigation | LinPEAS, WinPEAS |
Browsing Available Tools
Section titled “Browsing Available Tools”Filtering by Category
Section titled “Filtering by Category”- Click a category tab to filter tools
- Only tools in that category display
- Click All to show all tools
Searching for Tools
Section titled “Searching for Tools”- Type in the search box
- Results filter as you type
- Matches tool names and descriptions
Screenshot Coming Soon
Tool browser with category filter and search Screenshot
Tool Status Indicators
Section titled “Tool Status Indicators”| Status | Indicator | Meaning |
|---|---|---|
| Not Installed | Gray | Tool available but not installed |
| Installing | Spinning | Installation in progress |
| Installed | Green checkmark | Tool ready to use |
| Update Available | Orange badge | Newer version available |
Installing Tools
Section titled “Installing Tools”Installation Workflow
Section titled “Installation Workflow”- Browse or search for the desired tool
- Click the tool card to view details
- Review the tool description and category
- Click Install
- Monitor installation progress
- Receive completion notification
Screenshot Coming Soon
Tool installation progress indicator Screenshot
Installation Progress
Section titled “Installation Progress”During installation:
- Progress indicator shows current status
- Installation logs display in real-time
- Success or failure notification on completion
- Tool status updates to “Installed” when complete
Installation Methods
Section titled “Installation Methods”Different tools use different installation methods, but all are automated:
| Method | Used For | Examples |
|---|---|---|
| System Package | Standard Linux packages | Nmap, Wireshark, John |
| Go Install | Go-based tools | Nuclei, Subfinder, httpx |
| Python (PIPX) | Python tools in isolation | Dirsearch, CrackMapExec |
| Git Clone | Repository-based tools | SecLists, Impacket |
| Rust (Cargo) | Rust-based tools | RustScan, Feroxbuster |
| Direct Download | Pre-built binaries | Burp Suite, OWASP ZAP |
Note: Installation methods are handled automatically. Simply click Install and the system manages dependencies and setup.
Popular Tools
Section titled “Popular Tools”Reconnaissance Tools
Section titled “Reconnaissance Tools”| Tool | Description | Command |
|---|---|---|
| Nmap | Network discovery and security auditing | nmap |
| Masscan | Fast TCP port scanner | masscan |
| Subfinder | Fast subdomain discovery | subfinder |
| Amass | Attack surface mapping and asset discovery | amass |
| Gobuster | Directory and DNS brute-forcing | gobuster |
Vulnerability Scanning
Section titled “Vulnerability Scanning”| Tool | Description | Command |
|---|---|---|
| Nuclei | YAML-based vulnerability scanner | nuclei |
| Nikto | Web server scanner | nikto |
Web Application Testing
Section titled “Web Application Testing”| Tool | Description | Command |
|---|---|---|
| SQLmap | SQL injection and database takeover | sqlmap |
| Ffuf | Fast web fuzzer | ffuf |
| Feroxbuster | Recursive content discovery | feroxbuster |
| Burp Suite | Web vulnerability scanner and proxy | java -jar /opt/burpsuite/burpsuite_community.jar |
| OWASP ZAP | Web application security scanner | /opt/zap/zap.sh |
Network Tools
Section titled “Network Tools”| Tool | Description | Command |
|---|---|---|
| Wireshark | Network protocol analyzer | wireshark |
| Aircrack-ng | WiFi network security tools | aircrack-ng |
| Impacket | Python network protocol library | Scripts in /opt/impacket |
Exploitation Frameworks
Section titled “Exploitation Frameworks”| Tool | Description | Command |
|---|---|---|
| Metasploit | Exploitation framework | msfconsole |
| John the Ripper | Password cracker | john |
| Hashcat | Advanced password recovery | hashcat |
| CrackMapExec | Active Directory post-exploitation | crackmapexec |
Screenshot Coming Soon
Popular tools section showing commonly used applications Screenshot
Managing Installed Tools
Section titled “Managing Installed Tools”Viewing Installed Tools
Section titled “Viewing Installed Tools”- Click the Installed filter button
- Only installed tools display
- View installation date and version
Screenshot Coming Soon
Installed tools view showing tool status and actions Screenshot
Removing Tools
Section titled “Removing Tools”- Locate the installed tool
- Click Uninstall in the tool card
- Confirm removal
- Tool is removed from the system
Tool Verification
Section titled “Tool Verification”Tools marked with a Verified badge have been:
- Tested on Arrow VMs
- Confirmed working with automated installation
- Validated for expected functionality
Non-verified tools may still work but have not been formally tested.
Using Installed Tools
Section titled “Using Installed Tools”Accessing via Terminal
Section titled “Accessing via Terminal”After installation, tools are available in the terminal:
- Open a terminal session in Arrow Control
- Type the tool command (e.g.,
nmap,sqlmap,nuclei) - The tool executes with its help or interface
# Example: Run Nmap scannmap -sV 192.168.1.1
# Example: Run Nuclei scannuclei -u https://example.com
# Example: Run SQLmapsqlmap -u "https://example.com/page?id=1"Tool Installation Locations
Section titled “Tool Installation Locations”| Method | Default Location |
|---|---|
| System packages | Standard PATH (/usr/bin, /usr/local/bin) |
| Go tools | ~/go/bin |
| PIPX tools | ~/.local/bin |
| Git repositories | /opt/[tool-name] |
| Direct downloads | /opt/[tool-name] |
Note: Refer to each tool’s documentation for usage instructions and options.
Wordlists and Resources
Section titled “Wordlists and Resources”The tool library includes essential wordlists for security testing:
| Resource | Description | Location |
|---|---|---|
| SecLists | Collection of multiple security testing lists | /opt/SecLists |
| Wordlists | Commonspeak2 wordlists | /opt/wordlists |
Use these with tools like Gobuster, Ffuf, and John:
# Directory brute-force with SecListsgobuster dir -u https://example.com -w /opt/SecLists/Discovery/Web-Content/common.txt
# Password cracking with wordlistjohn --wordlist=/opt/SecLists/Passwords/Common-Credentials/10k-most-common.txt hashes.txtTroubleshooting
Section titled “Troubleshooting”| Issue | Solution |
|---|---|
| Installation fails | Check disk space (df -h). Verify network connectivity. Review installation logs for errors. |
| Tool not found after install | Open a new terminal session. Check if tool is in PATH. For Go tools, verify ~/go/bin is in PATH. |
| Permission errors | Some tools require sudo. Check tool documentation for privilege requirements. |
| Installation stuck | Network timeout possible. Cancel and retry. Check internet connectivity. |
| Dependencies missing | Re-run installation—dependencies install automatically. Report persistent issues. |
| Tool crashes on startup | Verify system requirements. Check available memory. Review tool documentation. |
Best Practices
Section titled “Best Practices”- Install only needed tools - Avoid bloating the system with unused applications
- Review tool descriptions - Understand what each tool does before installing
- Monitor disk space - Some tools and wordlists are large
- Keep tools updated - Re-install or update when new versions are available
- Remove unused tools - Free up space by uninstalling tools no longer needed
- Use tools responsibly - Only test systems you own or have explicit permission to test
Security and Legal Considerations
Section titled “Security and Legal Considerations”Warning: Security and penetration testing tools are powerful and can cause harm if misused.
- Authorization required - Only use these tools on systems you own or have explicit written permission to test
- Legal implications - Unauthorized access to computer systems is illegal in most jurisdictions
- Professional responsibility - Follow ethical guidelines and industry standards
- Scope limitations - Stay within the boundaries of your authorized testing scope
Misuse of these tools may result in legal consequences. Always obtain proper authorization before testing.
Related Documentation
Section titled “Related Documentation”- Arrow Control Overview - Complete feature overview
- Terminal & VNC Access - Running tools from the command line
- File Management - Managing tool output and wordlists
- Troubleshooting - General troubleshooting guide