1.Nmap
It is
one of the must-use software for network administrators and is used to evaluate network system security. Like most tools used for network security, nmap is also a
favorite tool of many hackers and crackers (aka script kiddies). System administrators can use nmap to detect unapproved servers in the work environment, but hackers will use nmap to collect the network settings of the target computer to plan the attack method. Nmap is often confused with Nessus, a system vulnerability assessment software. Nmap uses stealth to avoid the monitoring of intrusion detection systems and does not affect the daily operation of the target system as much as possible.
It has three basic functions, one is to detect whether a group of hosts are online; the second is to scan host ports and sniff the network services provided; it can also infer the operating system used by the host. Nmap can be used to scan a LAN with as few as two nodes, up to a network with more than 500 nodes. Nmap also allows users to customize scanning techniques. Usually, a simple ping operation using the ICMP protocol can meet the general needs; it can also deeply detect UDP or TCP ports, up to the operating system used by the host; it can also record all detection results in logs of various formats for further Analysis operation.
nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the traditional command-line executables, the nmap suite includes an advanced graphical user interface and results viewing tool (Zenmap), a flexible data transfer, redirection, and debugging tool (NCAT), a utility for comparing scan results (NDIFF), and a packet generation and response analysis tool (nping).
Nmap was used by Trinity in
The Matrix, along with SSH1's 32-bit cyclic redundancy check vulnerability, to hack into a power station's energy management system. It's even been featured in a dozen movies, including Reloaded, Die Hard 4
, The Girl with the Dragon Tattoo
, and Ultimatum.
Nmap ("Network Mapper") is a free and open source (license) practical network discovery and security auditing tool. Nmap is a network connection terminal scanning software
, which is used to scan open network connection terminals of computers on the Internet. Determining which services are running on which connections and inferring which operating system the computer is running (this is also known as fingerprinting).
2.Wireshark
Wireshark is the most important and widely used network protocol analyzer in the world. It lets you see what's happening on your network on a micro level, and is the standard for many commercial and non-profit businesses, government agencies, and educational institutions.
Wireshark has grown thanks to the voluntary contributions of networking experts around the world and is a continuation of a project started by Gerald Combs in 1998 .
Wireshark (formerly known as Ethereal) is a network packet
analysis software. The function of network packet analysis software is to capture network packets and display the most detailed network packet information as possible. Wireshark uses WinPCAP as an interface to directly exchange data packets with the network card. The function of network packet analysis software can be imagined as the work of "electrician technicians use electric meters to measure current, voltage, and resistance" - just transplant the scene to the network and replace the wires with network wires. In the past, network packet analysis software was very expensive, or it was dedicated to profit-making software. The emergence of Ethereal changed all that. Under the protection scope of the GNUGPL general license, users can obtain the software and its source code at a free cost, and have the right to modify and customize the source code. Ethereal is one of the most extensive network packet analysis software in the world.
3.Metasploit
Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments to provide real security risk intelligence. These features include intelligent development, code auditing, web application scanning, social engineering.
Metasploit, developed by HD Moore in 2003, is one of the few tools that can be used to perform many steps of penetration testing. Metasploit monitors Rapid7 when new vulnerabilities are discovered (which is quite common), and Metasploit's 200,000+ users add vulnerabilities to Metasploit's catalog. Then, anyone using Metasploit can use it to test a particular system for this vulnerability.
The Metasploit framework makes Metasploit have good scalability. Its control interface is responsible for discovering vulnerabilities, attacking vulnerabilities, submitting vulnerabilities, and then adding post-attack processing tools and reporting tools through some interfaces. The Metasploit framework can
import data from a vulnerability scanner, use detailed information about vulnerable hosts to discover exploitable vulnerabilities, and then use the payload to launch an attack on the system. All of these operations can be managed through Metasploit's web interface, which is just one of the management interfaces, as well as command-line tools and some commercial tools.
An attacker can import the results of the vulnerability scanner into Armitage, an open source security tool of the Metasploit framework, and then determine vulnerabilities through Metasploit modules. Once a vulnerability is discovered, an attacker can take one of the available methods to attack the system by taking control of the system through a shell or launching Metasploit's meterpreter.
These payloads are simply a series of commands executed after gaining access to the local system. This process requires referring to some documents and using some database technology to develop a feasible attack method after the vulnerability is discovered. The payload database contains modules for extracting local system passwords, installing additional software, or controlling hardware, much like previous tools such as BO2K.
4.Aircrack-ng
Aircrack-ng is a security software related to 802.11 standard wireless network analysis, the main functions are: network detection, packet sniffing, WEP and WPA/WPA2-PSK cracking. Aircrack-ng can work on any wireless network card that supports monitor mode and sniff 802.11a, 802.11b, 802.11g data. The program runs on Linux and Windows. The Linux version has been ported to the Zaurus and Maemo system platforms, and the proof of concept can be ported to the iPhone.
Aircrack-ng is a fork of the Aircrack project.
5.Burp Suite
Burp Suite is an integrated platform for attacking web applications. It contains many tools and designed many interfaces to these tools to facilitate the process of attacking applications faster.
All tools share a powerful extensible framework for handling and displaying HTTP messages, persistence, authentication, proxying, logging, and alerting.
Toolbox:
Burp Suite - Application Security Testing Software - PortSwigger
Get Burp Suite. The class-leading vulnerability scanning, penetration testing, and web app security platform. Try for free today.
Proxy - is a proxy server that intercepts HTTP/S
, acts as a middleman between the browser and the target application, allowing you to intercept, view, and modify raw data streams in both directions.
Spider - is an application intellisense web crawler
, which can fully enumerate the content and functions of the application.
Scanner [Pro version only] - is an advanced tool that, when executed, automatically finds security holes in web applications.
Intruder - is a custom highly configurable tool for
automated attacks on web applications, such as: enumerating identifiers, collecting useful data, and using fuzzing techniques to detect general vulnerabilities.
Repeater - is a tool for manually reissuing individual HTTP requests and analyzing application responses.
Sequencer - is a tool for analyzing the randomness of unpredictable application session tokens and important data items.
Decoder - is a tool for manual execution or intelligent decoding and encoding of application data.
Comparer - is a practical tool, usually through some related requests and responses to get a visual "difference" of two pieces of data.
6.SQLMap
SQLMap is a free open source tool for detecting and exploiting SQL injection vulnerabilities. It supports automatic processing of detection and exploitation (database fingerprinting, accessing the underlying file system, executing commands), etc.
sqlmap supports five different injection modes:
1. Boolean-based blind injection, that is, the injection that can judge whether the condition is true or false according to the returned page.
2. Blind injection based on time, that is, you cannot judge any information based on the content returned by the page, and use conditional statements to check whether the time delay statement is executed (that is, whether the page return time increases).
3. Based on error reporting, that is, the page will return an error message, or the result of the injected statement will be directly returned to the page.
4. Joint query injection can be injected in the case of union.
5. Heap query injection, which can execute the injection of multiple statements at the same time.
The databases supported by sqlmap are:
MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase和SAP MaxDB
You can provide a simple URL, a Burp or WebScarab request log file, a complete http request in a text document or a Google search to match the result page, or you can define a regularity to determine which address to test.
Test GET parameters, POST parameters, HTTP Cookie parameters, HTTP User-Agent header and HTTP Referer header to confirm whether there is SQL injection, it can also specify specific parameters in a comma-separated list to test.
The concurrent number of HTTP(S) requests can be set to improve the efficiency of blind injection.
7.John The Ripper
John the Ripper is a free open source software. It is a fast password cracking tool. It is used to try to crack the plaintext password cracking software when the ciphertext is known. It supports most current encryption algorithms, such as DES and MD4. , MD5, etc. It supports many different types of system architectures, including Unix, Linux, Windows, DOS mode, BeOS and OpenVMS, and its main purpose is to crack Unix/Linux system passwords that are not strong enough.
8.THC Hydra
THC Hydra is a very popular password cracker developed by a very active and experienced development team. THC Hydra is a fast and stable web login attack tool that uses dictionary and brute force attacks to try a large number of password and login combinations to login pages. The attack tool supports a range of protocols, including mail (POP3, IMAP, etc.), databases, LDAP, SMB, VNC and SSH. ———————————————
Seeing this shows that you really want to learn hacking techniques. I have prepared the installation packages for all the tools mentioned above. Pay attention to the automatic sending.