Hello everyone. This article will give you an inventory of the network security tools we have played together in those years.
1. Anti-malware software
1.Malwarebytes
This is a software that detects and removes malware, including worms, Trojans, backdoors, rogues, dialers, spyware, and more. Lightning-fast scanning, isolation, and easy recovery. Contains additional utilities to aid in manual malware removal. Divided into two versions, Pro and Free, the Pro version has more functions than the Free version: real-time monitoring protection; heuristic protection; malicious website protection, blocking access to known zero-day malicious Web content;
2.ClamAV
ClamAV is an open source virus scanning tool developed in C language for detecting Trojans/viruses/malware, it provides a flexible and extensible multi-threaded daemon, command line scanner and tools for automatic updates over the Internet.
3.VirusTotal
VirusTotal is a well-known online virus Trojan and malware analysis service that analyzes submitted files for known viruses and other malware. Because it is an online virus checking website, its performance may not be as powerful as software virus checking.
2. Scanning tool
1.Ike-scan
This is a command-line tool that uses the IKE protocol to discover, identify and test IPsec VPN servers.
2.THC Amap
THC Amap is a great tool for determining which applications are listening on a given port, and it even knows how to parse Nmap output files. Also, it is a command-line tool.
3.NBTScan
NBTScan, a program that scans an IP network for NetBIOS name information, sends a NetBIOS status query to each address in the provided range. For each responding host, it lists the IP address, NetBIOS computer name, logged-in user name, and MAC address. Similarly, it is also a command-line tool.
3. Encryption tools
1.OpenSSH/PuTTY
These three must have been touched by everyone more or less, and they are mainly used for login and connection to remote server encryption. Most Linux users are running OpenSSH, while Windows users prefer Putty. OpenSSH is mainly command-line based, while Putty has a GUI interface.
2.TrueCrypt
This tool is available for Linux Mac and Windows systems and is an open source disk encryption system .
3.OpenVPN
OpenVPN is an open source SSL VPN software package that can accommodate a variety of configurations, including remote access, site-to-site VPN, WiFi security, and with load balancing. It is also a command line tool.
4.KeePass
KeePass is a free password manager that's easy to use. It stores many passwords unlocked by one master password. The idea is to only have to remember one high-quality password and still be able to use unique passwords for various accounts. It has the ability to automatically fill in passwords in web forms.
4. Intrusion Detection System
1.Snort
This network intrusion detection and prevention system is good at traffic analysis and packet recording on IP networks, through protocol analysis, content search and various preprocessors, Snort can detect thousands of worms, exploit attempts, port scans and other suspicious behaviors .
2
OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools that, when working together, can provide network/security administrators with a detailed view of every aspect of the network, hosts, physical access devices and servers.
5. Port Scanner
1.Angry IP Scanner
Angry IP Scanner is a small open source Java application that can perform ping scans and port scans.
2.NetScanTools
NetScanTools is a collection of over 40 network utilities for Windows designed with a simple user interface in mind. It includes DNS tools, Ping and port scanners, Traceroute and other utilities.
6. Vulnerability Exploitation Tools
1. W3af
W3af is a very popular, powerful and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend, and has dozens of web evaluation and development plug-ins.
2.Sqlmap
This editor told you before that it is a very powerful SQL injection and vulnerability finding tool.
3.Social Engineer Toolkit
Social-Engineer Toolkit is an open source penetration testing framework designed for social engineering. The SET in it has many custom attack vectors, allowing you to quickly conduct believable attacks. This is the download address of a Python installation file. Unfortunately, only Linux and Mac Os X systems are currently supported.
4.Netsparker
Netsparker is a web application security scanner that supports both detection and exploitation of vulnerabilities. It aims to be error-free by only reporting confirmed vulnerabilities after they have been successfully exploited or otherwise tested.
7. Monitoring tools
1.Ettercap
Ettercap is a suite for intermediate LAN attackers. It features real-time connection sniffing, dynamic content filtering, and many other interesting tricks. It supports active and passive dissection of many protocols (even encrypted ones), and includes many functions for network and host analysis.
2.P0f
P0f is able to identify the operating system of a target host just by examining captured packets, even if the device is behind a packet firewall. P0f will not generate any other network traffic, directly or indirectly. No name lookups, no cryptic sniffing, no ARIN lookups, nothing. In the hands of advanced users, P0f can detect the presence of firewalls, the use of NAT, the presence of load balancers, and more!
3.Nagios
Nagios is a system and network monitoring application. It monitors the hosts and services you specify and alerts you when things go bad or get better. Its many features include monitoring network services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring host resources (processor load, disk usage, etc.).
4.NetWitness NextGen
NetWitness NextGen is a network security monitor. At the heart of the monitor is the decoder subsystem, which records network traffic for analysis.
8. Network agent
1. Paros proxy
Java-based web agent for assessing web application vulnerabilities. It supports instant editing/viewing of HTTP/HTTPS messages to change items like cookies and form fields. It includes a web traffic recorder, web crawler, hash calculator, and scanner to test for common web application attacks such as SQL injection and cross-site scripting.
1. Paros proxy
Ratproxy is a semi-automated, largely reactive web application security auditing tool. It is designed to complement active crawlers and human agents commonly used for this task, and is specifically designed for accurate, sensitive detection and analysis of potential issues and security-related design patterns based on observations of existing users, users, and users. Automatically annotated and optimized. Initiate traffic in complex Web 2.0 environments.
3.Sslstrip
Sslstrip is an SSL stripping proxy designed to make unencrypted HTTP sessions look as much like HTTPS sessions as possible. It converts https links to http or https with a known private key. It even features a padlock icon for the illusion of safe passage. Often, many HTTPS sites are accessible from redirects on HTTP pages, and many users don't notice without upgrading their connections.
9. Web Vulnerability Scanning
1.Burp Suite
Burp Suite is an integrated platform for attacking web applications. It consists of various tools with numerous interfaces between them, designed to facilitate and speed up the process of attacking applications. All tools share the same framework for processing and displaying HTTP messages, persistence, authentication, proxying, logging, alerting and extensibility.
2. W3af
W3af is a very popular, powerful and flexible framework for finding and exploiting web application vulnerabilities.
10. Wireless Tools
1.Aircrack
Aircrack is a suite of tools for 802.11a /b/g WEP and WPA cracking. Once enough encrypted packets are collected, it implements the most famous cracking algorithms to recover the wireless key. . The suite contains over a dozen discrete tools, including airodump (802.11 packet capture program), aireplay (802.11 packet injector), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).
2.Netstumbler
Netstumbler, the best-known Windows tool for finding open wireless access points, is currently free, but Windows-only and not sourced.
3. The kismet
Kismet is a console based 802.11 layer 2 wireless network detector, sniffer and intrusion detection system. It identifies networks by passive sniffing and can even hide hidden networks in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP and DHCP packets.
4.InSSIDs
InSSIDer is a wireless network scanner for Windows, OS X and Android. And it runs fine on 64-bit Windows and Windows Vista. InSSIDer finds open wireless access points, tracks signal strength over time, and keeps a log with GPS logging.
11. Rootkit detector
1.Sysinternals
Sysinternals provides a number of small Windows utilities that are useful for low-level Windows hackers.
2.Tripwire
Tripwire is a tool that helps system administrators and users monitor a specified set of files for any changes.
3.AIDE
AIDE (Advanced Intrusion Detection Environment) is a rootkit detector, a free alternative to Tripwire. It cryptographically hashes important system files and stores them in a database. And it is a free tool, but there are more ads.
12. Packet Sniffer
1.Wireshark
I won’t say much about this. Anyone who has used it knows that it is a very powerful network sniffing and packet capture tool. It is precisely because it is too powerful that we have not used it deeply enough.
2.Tcpdump
He is not as powerful as Wireshark and has a beautiful GUI interface, but he is more practical and has a small resource footprint.
13. Summary
After reading these, I believe that everyone will be very interested in the content, because as a novice in network security, it is still necessary to get in touch with these tools. After all, only by using these functions first can we understand these functions better.
14. Network Security Learning Route
If the picture is too large and can't be seen clearly due to the compression of the platform, please remember to pay attention. After paying attention, the background will automatically send it to everyone!
Misunderstandings and pitfalls of self-study network security learning
1. Don’t try to learn programming first and then start learning
In my previous answers, I have repeatedly emphasized not to start learning network security based on programming. Generally speaking, learning programming is not only a long learning cycle, but also there are not many key knowledge available after the actual transition to security
If ordinary people want to learn programming well and start learning network security, it often takes a long time, and it is easy to give up halfway. And learning programming is just a tool, not an end. Our goal is not to become a programmer. It is suggested that in the process of learning network security, what will not be filled, which is more purposeful and less time-consuming
2. Don’t take deep learning as the first lesson
Many people are aiming to learn network security well and solidly, so it is easy to use too much force and fall into a misunderstanding: it is to learn all the content in depth, but taking deep learning as the first lesson of network security is not good idea. The reasons are as follows:
[1] The black-box nature of deep learning is more obvious, and it is easy to learn and swallow
【2】Deep learning has high requirements on itself, it is not suitable for self-study, and it is easy to enter a dead end
3. Don’t Collect Too Much Data
There are a lot of learning materials about network security on the Internet, and there are several gigabytes of materials that can be downloaded or watched at every turn. And many friends have "collection addiction", buying more than a dozen books at once, or collecting dozens of videos
Many online learning materials are extremely repetitive and most of the content has not been updated a few years ago. During the introductory period, it is recommended to choose "small but refined" materials. Below I will recommend some learning resources that I think are good for Xiaobai. Read on patiently.
Some preliminary preparations for learning network security
1. Hardware selection
I am often asked "Do I need a computer with a high configuration to learn network security?" The answer is no, the computer used by hackers does not need any high configuration, as long as it is stable. Because some programs used by hackers, low-end CPUs are also It can run very well, and it doesn’t take up much memory. There is another one, the hacker is done under the DOS command, so the computer can be used in the best condition! So, don’t re-purchase the machine in the name of learning...
2. Software selection
Many people will be entangled in learning hackers whether to use Linux, Windows or Mac system. Although Linux looks cool, it is not friendly to newbies. The Windows system can also use the virtual machine to install the target machine for learning
As for the programming language, Python is the most recommended because of its good expansion support. Of course, many websites on the market are developed by PHP, so it is also possible to choose PHP. Other languages include C++, Java...
Many friends will ask if they want to learn all languages? the answer is negative! To quote my sentence above: Learning programming is just a tool, not an end, our goal is not to become a programmer
(An extra thing to mention here is that although learning programming cannot get you started, it can determine how far you can go on the road of network security, so I recommend you to learn some basic programming knowledge by yourself)
3. Language ability
We know that computers were first invented in the West, and many nouns or codes are in English. Even some existing tutorials were originally translated from English, and it usually takes a week for a bug to be translated into Chinese. Vulnerabilities may have been patched at this time difference. And if you don’t understand some professional terms, you will have obstacles when communicating technology or experience with other hackers, so you need a certain amount of English and hacker professional terms (you don’t need to be particularly proficient, but you must be able to understand the basics)
For example: broiler, hanging horse, shell, WebShell, etc.
The first stage: getting started with basic operations and learning basic knowledge
The first step to getting started is to learn some current mainstream security tool courses and supporting books on basic principles. Generally speaking, this process takes about 1 month.
At this stage, you already have a basic understanding of cybersecurity. If you have finished the first step, I believe you have theoretically understood the above is sql injection, what is xss attack, and you have also mastered the basic operations of security tools such as burp, msf, and cs. The most important thing at this time is to start laying the foundation!
The so-called "foundation" is actually a systematic study of basic computer knowledge. If you want to learn network security well, you must first have 5 basic knowledge modules:
1. Operating system
2. Protocol/Network
3. Database
4. Development language
5. Principles of Common Vulnerabilities
What is the use of learning these basics?
The level of knowledge in various fields of computer determines the upper limit of your penetration level.
[1] For example: if you have a high level of programming, you will be better than others in code auditing, and the exploit tools you write will be easier to use than others;
[2] For example: if you have a high level of database knowledge, then when you are conducting SQL injection attacks, you can write more and better SQL injection statements, which can bypass WAF that others cannot bypass;
【3】For example: if your network level is high, then you can understand the network structure of the target more easily than others when you infiltrate the internal network. You can get a network topology to know where you are, and get the configuration of a router. file, you will know what routes they have made;
【4】For another example, if your operating system is good, your privilege will be enhanced, your information collection efficiency will be higher, and you can efficiently filter out the information you want.
The second stage: practical operation
1. Mining SRC
The purpose of digging SRC is mainly to put the skills into practice. The biggest illusion of learning network security is to feel that you know everything, but when it comes to digging holes, you can’t do anything. SRC is a very good opportunity to apply skills.
2. Learn from technical sharing posts (vulnerability mining type)
Watch and study all the 0day mining posts in the past ten years, and then build an environment to reproduce the loopholes, think and learn the author's digging thinking, and cultivate your own penetrating thinking
3. Range practice
Build a shooting range by yourself or go to a free shooting range website to practice. If you have the conditions, you can buy it or apply to a reliable training institution. Generally, there are supporting shooting range exercises.
Phase 3: Participate in CTF competitions or HVV operations
Recommended: CTF Competition
CTF has three points:
【1】A chance close to actual combat. Now the network security law is very strict, unlike before, everyone can mess around
[2] Topics keep up with the frontiers of technology, but many books lag behind
【3】If you are a college student, it will be very helpful for finding a job in the future
If you want to play a CTF competition, go directly to the competition questions, if you don’t understand the competition questions, go to the information according to what you don’t understand
Recommended: HVV (network protection)
HVV has four points:
[1] It can also greatly exercise you and improve your own skills. It is best to participate in the HVV action held every year
【2】Be able to meet many bigwigs in the circle and expand your network
【3】The salary of HVV is also very high, so you can earn a lot of money if you participate
[4] Like the CTF competition, if you are a college student, it will also be very helpful for finding a job in the future
15. Recommended Network Security Resources
Book list recommendation:
Computer operating system:
[1] Coding: the language hidden behind computer software and hardware
【2】In-depth understanding of the operating system
【3】In-depth understanding of windows operating system
【4】Linux kernel and implementation
Programming development class:
【1】windows programming
【2】windwos core becomes
【3】Linux programming
【4】Unix environment advanced into
【5】IOS becomes
[6] The first line of code Android
【7】C programming language design
【8】C primer plus
[9] C and pointers
[10] C expert programming
[11] C traps and defects
[12] Assembly language (Wang Shuang)
【13】java core technology
【14】java programming ideas
【15】Python core programming
[16] Linux shell script strategy
[17] Introduction to Algorithms
[18] Compilation principle
[19] Compilation and decompilation technology practice
[20] The way to clean code
[21] Code Encyclopedia
[22] TCP/IP Detailed Explanation
【23】Rootkit: Lurkers in the gray area of the system
【24】Hacking Attack and Defense Technology Collection
【25】Encryption and decryption
【26】C++ Disassembly and Reverse Analysis Technique Revealed
[27] web security testing
【28】White hat talks about web security
【29】Proficient in script hacking
【30】Web front-end hacking technology secret
[31] Programmer's application
【32】English Writing Handbook: Elements of Style
Common Internet Security and Forums
- Kanxue Forum
- safety class
- safety cow
- Safety internal reference
- Green League
- prophetic community
- XCTF Alliance
epilogue
The network security industry is like a river and lake, where people of all colors gather. Compared with many decent families with solid foundations in European and American countries (understand encryption, know how to protect, can dig holes, and are good at engineering), our talents are more heretics (many white hats may not be convinced), so in the future Talent training and In terms of construction, it is necessary to adjust the structure and encourage more people to do "positive" "system and construction" that combines "business" and "data" and "automation" in order to quench the thirst for talents and truly serve the society in an all-round way. Internet provides security.
Special statement:
This tutorial is purely technical sharing! The purpose of this tutorial is in no way to provide and technical support for those with bad motives! Nor does it assume joint and several liability arising from the misuse of technology! The purpose of this tutorial is to maximize everyone's attention to network security and take corresponding security measures to reduce economic losses caused by network security.