💎 ⛏️ Hacking tools

From Wikibooks, open books for an open world
Jump to navigation Jump to search

General tools[edit | edit source]

Kali Linux, Pentoo are operating systems for penetration testing.
Metasploit Project — provides information about security vulnerabilities and aids in penetration testing and IDS signature development
Metasploit Unleashed – Free Ethical Hacking Course
Armitage — GUI for Metasploit
Veil generates Metasploit payloads that bypass common anti-virus solutions
Nessus is a proprietary vulnerability scanner.
NASL — The Nessus Attack Scripting Language — a scripting language that is used by vulnerability scanners like Nessus and OpenVAS.
https://beefproject.com/ The Browser Exploitation Framework.
Burp Suite
https://NoDistribute.com/ — privately scans files online with multiple different anti-viruses
Maltego for open-source intelligence and forensics
Google hacking — advanced search
Shodan — search engine for the Internet of Everything

Network tools[edit | edit source]

nmap discovers hosts and services on a computer network by sending packets and analyzing the responses.
traceroute displays route and measures transit delays of packets across an IP network.
nslookup queries the DNS to obtain the mapping between domain name and IP address, or other DNS records.
dig — a network administration command-line tool for querying the Domain Name System (DNS)
iproute2 — collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers
netdiscover — arp based network address discovering tool
EtherApe is a packet sniffer/network traffic monitoring tool.
netsniff-ng is a free Linux network analyzer and networking toolkit.
Ettercap is a free and open source network security tool for MITM attacks on LAN.
Xerosploit — MITM framework. Powered by bettercap and nmap.
cloudflare-scrape to bypass Cloudflare's anti-bot page
dSniff — set of password sniffing and network traffic analysis tools
BDFProxyBackdoorFactory + mitmProxy
OWASP ZAP — open-source web application security scanner

General purpose tools

packet analyzers: tcpdump, Wireshark
iptables — packet filter rules configuration


http://www.XArp.net — advanced ARP spoofing detection
HTTPS Everywhere

Wi-Fi tools[edit | edit source]

https://github.com/ZerBea/hcxtools converts Wi-Fi dump files to hashcat formats
https://github.com/brannondorsey/wifi-cracking cracks WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat

Password[edit | edit source]

John the Ripper
https://sourceforge.net/projects/crunch-wordlist/ - wordlist generator

Other[edit | edit source]

https://github.com/laramies/theHarvester — E-mails, subdomains and names Harvester - OSINT
dirb — Web Content Scanner
https://sqlmap.org/ — detecting and exploiting SQL injection
https://app.any.run/ — interactive online malware analysis service

Targets[edit | edit source]

https://dvwa.co.uk/ - Damn Vulnerable Web Application
https://github.com/rapid7/metasploitable3 - target for testing exploits with Metasploit

Further reading

Decoding Obfuscated JavaScript Using Google Chrome.
Social engineering (security).
25 Best Ethical Hacking Tools & Software for Hackers (2021)