Although it is not yet the end of 2023, it does not prevent us from compiling a list of tools commonly used by white hats around the world in 2023, hoping to bring some reference and reference to white hats and enterprise security personnel.
On the one hand, the importance of tools is self-evident, and the white hats of major SRCs also have a deep personal experience. The improvement brought by a useful and reliable tool is like the red rabbit horse under Lu Bu's crotch, and the golden cudgel in the hands of Sun Xingzhe, which can achieve twice the result with half the effort, further amplify the original technical strength of the white hat, and effectively improve the loopholes mining efficiency.
On the other hand, the global network security situation is becoming more and more severe, various advanced security threats occur frequently, attack methods tend to be intelligent and concealed, and attack methods tend to be automated and instrumentalized, resulting in doubled pressure on corporate security. Only tools can fight against tools, and only intelligence can fight against intelligence. Better use of tools can help us continuously strengthen the enterprise security system.
For decades, the tools of attackers, white hats, and security practitioners have continuously evolved, becoming the most technical beacon in the long history of network security, and to a certain extent, controlling the development and evolution of the network security industry, becoming an indispensable one of the key elements.
Not much to say, the TOP 10 global white hat commonly used tools list in 2023 is as follows:
1、Burp Suite
Burp
Suite is one of the best tools for web application testing. Its multiple functions can help white hats handle various tasks, including request interception and modification, scanning web application vulnerabilities, brute force cracking login forms, etc. Burp
Suite provides numerous interfaces to speed up the penetration testing process for security personnel. All tools share a request and can handle corresponding HTTP
messages, persistence, authentication, proxying, logging, and alerting.
For white hats, Burp
Suite is full of functions and powerful, including Proxy agent, Repeater (repackage, replay), Intruder (blasting), Target, position, Payloads and other modules are very easy to use, which can be called penetration A must-have product for testing and vulnerability mining. In 2023,
the latest version of Burp Suite has been released.
2、Acunetix
Acunetix is an automated tool dating back to 1997, its purpose is to analyze and detect the weaknesses of the website. After years of development and improvement, Acunetix has played an important role in web security tools. It can automatically test websites and web applications, and find thousands of web application vulnerabilities such as SQL injection, XSS, XXE, and SSRF. Its unique
AcuSensor
technology will pinpoint the vulnerability in the code and report additional debugging information.
As part of a website audit,
the online version of Acunetix will perform a cybersecurity audit of the server hosting the website. This web security scan will identify any services running on the scanned server by running a port scan on the system. Acunetix
will report detected operating systems and software hosting services. This process will also identify Trojans that may be lurking on the server.
AcuSensor is quick to deploy and easy to expand. It can be installed into pre-compiled . net and JAVA assemblies. It does not require . net or JAVA
source code, nor does it require a compiler. Acunetix also integrates with the popular OpenVAS network scanner to scan for vulnerabilities. During network scanning, Acunetix utilizes various port probing and OS
fingerprinting techniques to identify a large number of devices, operating systems and server products. In 2023, Acunetix has been updated to the latest version.
3、Nmap
The full name of Nmap is Network Mapper, which was launched in September 1997. It supports Linux, Windows, Solaris, BSD, Mac OS
X, and AmigaOS systems. It uses the GPL license. It was originally used to scan open network connections and determine which services are running on those connection end.
As a very popular free open-source port scanning tool for large-scale networks, Nmap can detect whether the target host is online, open the host port, detect the service type and version information running on the host, detect the operating system and device type, etc. Compatible with
all operating systems including Linux, Mac OS and Windows, it is one of the must-use software for network administrators.
Nmap is also a favorite tool of many white hats and script kiddies, and can be used to detect unapproved servers in the work environment. Nmap is usually used in the information collection phase to collect basic status information of the target host. Scan results can be used as input for vulnerability scanning, exploit and privilege escalation stages. Not only can it be used to scan a single host, but it can also be used to scan large-scale computer networks. In 2023, Nmap
has been updated to version 7.93, which also commemorates the 25th anniversary of Nmap's release.
4、Metasploit
Metasploit is a very popular security vulnerability detection and penetration testing tool (security framework), currently there are two kinds of paid version and free version. The tool was developed in 2003 and made its debut at the Black Hat conference in 2004.
It is one of the few tools that can be used to perform many penetration testing steps, helping security personnel identify security issues, verify vulnerability mitigations, and more.
Metasploit is very powerful and can be used with the web
UI or the command prompt to perform basic penetration testing of small networks, import scan data and identify networks, conduct spot checks for exploitability of vulnerabilities, and perform single exploits on hosts And browse through exploit modules and more.
Metasploit greatly reduces the difficulty for security personnel to detect vulnerabilities and penetration tests. As long as you master its use method, you can use this tool to scan for vulnerabilities that have not been patched or have just been patched. The urgency of publishing patches related to the vulnerability. In January 2023, Metasploit released a new version 4.21.0, which added a new vulnerability exploitation module, realized shadow attacks, and SMB direct session takeover.
5、Sqlmap
sqlmap is an automated open source penetration testing tool that can automatically detect and exploit SQL
injection vulnerabilities and take over database servers, equipped with a powerful detection engine, many niche features for the ultimate penetration tester, and fingerprinting from the database, obtaining from the database Extensive switching from data to accessing the underlying file system, to executing commands on the operating system via output.
There are 6 kinds of SQL injection techniques used by sqlmap by default, namely Boolean-based blind injection, time-based blind injection, error-based injection, joint query injection, stack injection and out-of-band, fully supporting MySQL, Oracle, Microsoft Access,
IBM Data management systems of mainstream brands such as DB2.
sqlmap supports enumeration of users, password hashes, permissions, roles, databases, tables and columns, automatically recognizes password hash formats and supports using dictionary-based attacks to crack; supports full dump of database tables, a series of entries according to user selection or a specific column; supports searching for a specific database name, a specific table across all databases, or a specific column across all database tables, etc.
6、Nessus
Nessus claims to be the most popular vulnerability scanner in the world, with more than 75,000 organizations using it. The tool provides a complete computer vulnerability scanning service and keeps its vulnerability database updated. Nessus is different from traditional vulnerability scanning software. Nessus can be remotely controlled on the local or remote side at the same time to perform system vulnerability analysis and scanning. For penetration testers, Nessus is one of the essential tools.
Nessus is very powerful, includes a variety of scanning options, and has an easy-to-use graphical interface and effective reports, which is loved by white hats. The performance of Nessus can be adjusted according to the resources of the system. Users can define their own plug-ins and fully support SSL. In 2023, the latest plug-in package of Nessus has been updated in May.
7、Hashcat
Hashcat is an open source tool. In its official introduction, Hashcat claims to be the world's fastest password cracking tool and the only kernel rule engine. Some call it one of the best white hat tools available to help users recover lost passwords, audit password security, and find out what data is stored in hashes.
Hashcat supports Linux, Windows, macOS mainstream operating systems, CPU, GPU, APU and other multi-platform support, allowing users to use multiple devices in the same system, use mixed device types in the same system, support distributed cracking networks, and support interactive Pause/resume, support session and resume, built-in benchmarking system, integrated thermal monitor, support automatic performance tuning, etc.
In 2023, Hashcat has been updated to the latest version 6.2.6. Its core developer Sam Croley said that through a graphics array composed of eight NVIDIA RTX 4090 GPUs
, the password cracking time is shortened to less than 60 minutes, which is half of the RTX 3090. Using only one
RTX 4090 GPU, it took 6.1 hours to successfully crack a standard eight-character password consisting of numbers, uppercase and lowercase letters, and symbols.
8、Ettercap
Ettercap is a free open source tool for network sniffing based on ARP address spoofing, mainly suitable for switched LANs. In many people's minds, Ettercap is considered an artifact of "man-in-the-middle" attacks. White hats can rely on this tool to perform common "man-in-the-middle" penetration tests such as ARP spoofing, interceptors, and DNS spoofing.
Ettercap is capable of intercepting traffic on network segments, capturing ciphers and supports active and passive dissection of many protocols, and includes many features for network and host analysis.
Its features are also very obvious. It can insert characters into the server in real-time connection, sniff SSH connection in full-duplex mode , perform HTTP SSL data sniffing, use ettercap API
to create custom plug-ins, etc. With the help of Ettercap sniffing software, penetration testers can detect the security of plaintext data communication within the network, and take timely measures to prevent sensitive user names/passwords and other data from being transmitted in plaintext. In 2023, the Ettercap tools have been updated to version v0.7.4.
9、Cain & Abel
Cain &
Abel is a password tool for Microsoft operating systems. It can recover VoIP conversations, crack encrypted passwords, and recover Wi-Fi keys, show password box, discover cached passwords and be able to analyze routing protocols, etc.
This tool is very friendly for white hats and penetration testers, its latest version provides identification of switched LANs and man-in-the-middle penetration testing, analysis of encrypted protocols such as SSH-1 and HTTPS, routing protocol province verification monitor and route extractor, applicable Some common hash algorithms and some specific authentication functions, etc. Additionally, the latest version of Cain
&
Abel includes filters that capture credentials from various authentication mechanisms, provides dictionary-based password identification and password brute force programs, and other cybersecurity-related features. In July 2023, the Cain
& Abel tools have been updated to version v4.9.2.
10、Angry IP Scanner
Angry IP Scanner is an efficient cross-platform open source IP scanning tool, with which white hats can scan the IP
addresses and ports of the local network and the Internet. This tool is suitable for
mainstream operating systems such as Windows, Mac, and Linux. It is a lightweight program that can be used without installation, and the scan results can be exported to various file formats.
Angry IP has a unique advantage in scanning IP addresses. It can create a separate thread for each IP address, thereby improving scanning speed and accuracy. It can also determine each IP address to find out if it is active or dormant, then resolve its hostname to scan ports and determine the MAC
address. The tool is currently widely used by white hats and enterprise security personnel, involving enterprises, institutions and government units. In August 2023, Angry IP Scanner has been updated to version 3.5.1.
The above is the TOP 10 list of commonly used tools for white hats in the world in 2023. If there are any deficiencies, please feel free to give pointers. It should be noted that the tool ranking TOP
10 is only for industry reference. If readers have better and more useful tools, please leave a message at the end of the article to share.
New to version 3.5.1.
The above is the TOP 10 list of commonly used tools for white hats in the world in 2023. If there are any deficiencies, please feel free to give pointers. It should be noted that the tool ranking TOP
10 is only for industry reference. If readers have better and more useful tools, please leave a message at the end of the article to share.
at last
Share a quick way to learn [Network Security], "maybe" the most comprehensive learning method:
1. Network security theoretical knowledge (2 days)
① Understand the industry-related background, prospects, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missing scan, etc.)
Congratulations, if you learn this, you can basically work in a network security-related job, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. The salary range is 6k-15k.
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: 282G, the most complete network security data package on the entire network, for free!
Scan the QR code below and get it for free
With these foundations, if you want to study in depth, you can refer to the super-detailed learning roadmap below. Learning according to this route is enough to support you to become an excellent intermediate and senior network security engineer:
High-definition learning roadmap or XMIND file (click to download the original file)
There are also some video and document resources collected in the study, which can be taken by yourself if necessary:
supporting videos for each growth path corresponding to the section:
of course, in addition to supporting videos, various documents, books, materials & tools are also organized for you , and has helped everyone to classify.
Due to the limited space, only part of the information is displayed. If you need it, you can [scan the QR code below to get it for free]