💎 ⛏️ Hacking tools

From Wikibooks, open books for an open world
Jump to navigation Jump to search

General tools

[edit | edit source]
Kali Linux, Pentoo are operating systems for penetration testing.
Metasploit Project — provides information about security vulnerabilities and aids in penetration testing and IDS signature development
Metasploit Unleashed – Free Ethical Hacking Course
Armitage — GUI for Metasploit
Veil generates Metasploit payloads that bypass common anti-virus solutions
Nessus is a proprietary vulnerability scanner.
NASL — The Nessus Attack Scripting Language — a scripting language that is used by vulnerability scanners like Nessus and OpenVAS.
https://beefproject.com/ The Browser Exploitation Framework.
Burp Suite
https://NoDistribute.com/ — privately scans files online with multiple different anti-viruses
Maltego for open-source intelligence and forensics
Google hacking — advanced search
Shodan — search engine for the Internet of Everything
nmap discovers hosts and services on a computer network by sending packets and analyzing the responses.
traceroute displays route and measures transit delays of packets across an IP network.
dig — a network administration command-line tool for querying the Domain Name System (DNS)
nslookup queries the DNS to obtain the mapping between domain name and IP address, or other DNS records.
iproute2 — collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers
netdiscover — arp based network address discovering tool
EtherApe is a packet sniffer/network traffic monitoring tool.
netsniff-ng is a free Linux network analyzer and networking toolkit.
Ettercap is a free and open source network security tool for MITM attacks on LAN.
Xerosploit — MITM framework. Powered by bettercap and nmap.
cloudflare-scrape to bypass Cloudflare's anti-bot page
dSniff — set of password sniffing and network traffic analysis tools
BDFProxyBackdoorFactory + mitmProxy
OWASP ZAP — open-source web application security scanner

General purpose tools

packet analyzers: tcpdump, Wireshark
iptables — packet filter rules configuration


http://www.XArp.net — advanced ARP spoofing detection
HTTPS Everywhere

Wi-Fi tools

[edit | edit source]
https://github.com/ZerBea/hcxtools converts Wi-Fi dump files to hashcat formats
https://github.com/brannondorsey/wifi-cracking cracks WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
John the Ripper
https://sourceforge.net/projects/crunch-wordlist/ - wordlist generator


[edit | edit source]
https://github.com/laramies/theHarvester — E-mails, subdomains and names Harvester - OSINT
dirb — Web Content Scanner
https://sqlmap.org/ — detecting and exploiting SQL injection
https://app.any.run/ — interactive online malware analysis service


[edit | edit source]
https://dvwa.co.uk/ - Damn Vulnerable Web Application
https://github.com/rapid7/metasploitable3 - target for testing exploits with Metasploit

Further reading

Decoding Obfuscated JavaScript Using Google Chrome.
Social engineering (security).
25 Best Ethical Hacking Tools & Software for Hackers (2021)