Jump to content

💎 ⛏️ Hacking tools

From Wikibooks, open books for an open world


General tools

[edit | edit source]
Kali Linux, Pentoo are operating systems for penetration testing.
Metasploit Project — provides information about security vulnerabilities and aids in penetration testing and IDS signature development
Metasploit Unleashed – Free Ethical Hacking Course
Armitage — GUI for Metasploit
Veil generates Metasploit payloads that bypass common anti-virus solutions
Nessus is a proprietary vulnerability scanner.
NASL — The Nessus Attack Scripting Language — a scripting language that is used by vulnerability scanners like Nessus and OpenVAS.
https://beefproject.com/ The Browser Exploitation Framework.
Burp Suite
https://NoDistribute.com/ — privately scans files online with multiple different anti-viruses
Maltego for open-source intelligence and forensics
Google hacking — advanced search
Shodan — search engine for the Internet of Everything
nmap discovers hosts and services on a computer network by sending packets and analyzing the responses.
traceroute displays route and measures transit delays of packets across an IP network.
dig — a network administration command-line tool for querying the Domain Name System (DNS)
nslookup queries the DNS to obtain the mapping between domain name and IP address, or other DNS records.
iproute2 — collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers
netdiscover — arp based network address discovering tool
EtherApe is a packet sniffer/network traffic monitoring tool.
netsniff-ng is a free Linux network analyzer and networking toolkit.
Ettercap is a free and open source network security tool for MITM attacks on LAN.
Xerosploit — MITM framework. Powered by bettercap and nmap.
cloudflare-scrape to bypass Cloudflare's anti-bot page
dSniff — set of password sniffing and network traffic analysis tools
BDFProxyBackdoorFactory + mitmProxy
Netcraft
https://www.robtex.com/
OWASP ZAP — open-source web application security scanner

General purpose tools

packet analyzers: tcpdump, Wireshark
iptables — packet filter rules configuration


Defense

http://www.XArp.net — advanced ARP spoofing detection
HTTPS Everywhere
VPN

Wi-Fi tools

[edit | edit source]
https://github.com/ZerBea/hcxtools converts Wi-Fi dump files to hashcat formats
https://github.com/brannondorsey/wifi-cracking cracks WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
Hashcat
John the Ripper
Hydra
Aircrack-ng
https://sourceforge.net/projects/crunch-wordlist/ - wordlist generator

Other

[edit | edit source]
https://github.com/laramies/theHarvester — E-mails, subdomains and names Harvester - OSINT
dirb — Web Content Scanner
https://sqlmap.org/ — detecting and exploiting SQL injection
https://app.any.run/ — interactive online malware analysis service

Targets

[edit | edit source]
https://www.vulnhub.com/
https://www.root-me.org/?lang=en
http://www.vulnweb.com/
https://dvwa.co.uk/ - Damn Vulnerable Web Application
https://github.com/rapid7/metasploitable3 - target for testing exploits with Metasploit
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/


Further reading

https://sectools.org/
Decoding Obfuscated JavaScript Using Google Chrome.
Phishing.
Social engineering (security).
https://github.com/topics/security
https://outpost24.com/blog/wps-cracking-with-reaver
https://kalilinuxtutorials.com/mdk3/
25 Best Ethical Hacking Tools & Software for Hackers (2021)
https://medium.com/hacker-toolbelt