KEMBAR78
Hacking Tools | PDF | Internet Protocols | Security Engineering
Scribd
Upload
30 views3 pages

Hacking Tools

The document provides an overview of various hacking tools used for security testing and penetration testing, including Burp Suite, Nmap, Wireshark, and Metasploit Framework. It details the functionalities of each tool, such as web application security testing, network scanning, packet analysis, and password cracking. Additionally, it mentions tools for social engineering, SQL injection, and WordPress security scanning.

Uploaded by

rohanrathnakaran1998
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views3 pages

Hacking Tools

The document provides an overview of various hacking tools used for security testing and penetration testing, including Burp Suite, Nmap, Wireshark, and Metasploit Framework. It details the functionalities of each tool, such as web application security testing, network scanning, packet analysis, and password cracking. Additionally, it mentions tools for social engineering, SQL injection, and WordPress security scanning.

Uploaded by

rohanrathnakaran1998
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

HACKING TOOLS

1. Burp Suite
One of the most widely used web application security testing tools is Burp Suite. It is
utilized as a proxy, which means all requests from the proxy's browser pass via it. And,
because the request runs through the burp suite, we can make changes to it as
needed, which is useful for testing vulnerabilities such as XSS and SQLi, and other
web-related issues

2. Nmap
Nmap is an open-source network scanner for reconfiguring and scanning networks.
It is used to find ports, hosts, and services along with their versions over a network. It
sends packets to the host and then examines the responses to get the intended
outcomes. It might also be used to discover hosts, detect operating systems,
and scan for open ports. It is one of the most widely used reconnaissance tools.

3. Wireshark
Wireshark is a network security tool that analyses and manipulates data transferred
across a network. It is used to examine packets sent across a network.
The source and destination IP addresses, the protocol used, the data, and the
various headers may all be included in these packets. The packets usually have
a ".pcap" extension and can be read using the Wireshark tool.

4. Metasploit Framework
Metasploit is an open-source tool that was developed by Rapid7 technologies. It is
one of the most widely used penetration testing frameworks globally. It includes a
large number of exploits for exploiting the vulnerabilities over a network or operating
system. Metasploit is often used on local networks; however, we may utilize Metasploit
for hosts over the internet using "port forwarding". Metasploit is primarily
a command-line tool, but it also includes a graphical user interface (GUI) package
called "Armitage" that makes using the Metasploit more convenient and feasible.
HACKING TOOLS

5. aircrack-ng
Aircrack is an all-in-one packet sniffer, WEP, and WPA/WPA cracker, analyzing tool
and a hash capturing tool. It is a tool that is mainly used to hack WIFI. Using this, we
can capture the package, and read the hashes out of them as well as the cracking of
those hashes by various attacks such as dictionary attacks. It supports almost all
modern wireless interfaces.

6. Netcat
Netcat is a network tool for working with ports and performs tasks such as port
scanning, listening, and redirection. This command is useful
for debugging and testing network daemons. This tool is known as the Swiss army
knife of networking tools. It could also be used to perform TCP, UDP, or UNIX-
domain sockets or to open remote connections, and much more.

7. John the Ripper


John the Ripper is a fantastic tool for cracking passwords utilizing well-known brute-
force attacks such as dictionary attacks, or custom wordlist attacks, etc. It can also
be used to crack hashes or passwords for zipped or compressed files and locked files.
It includes a lot of options for cracking hashes and passwords.

8. sqlmap
One of the greatest tools for performing SQL injection attacks is sqlmap. It simply
automates the process of testing a parameter for SQL injection, as well as the process
of exploiting the vulnerable parameter.

It is a fantastic tool because it automatically detects the database, so all we have to do


is provide a URL to see if the parameter in the URL is vulnerable. We could even utilize
the requested file to check for POST arguments.

9. Social Engineering Toolkit


HACKING TOOLS

The Social Engineering Toolkit is a set of tools which we can use to perform social
engineering attacks. These tools gather information by exploiting and manipulating
human behavior. It is also a fantastic tool for phishing websites. It is an open-
source penetration testing framework designed for social engineering. SET includes a
number of unique attack vectors that permit us to launch a convincing attack in a
matter of seconds

10.skipfish

Skipfish is an active web application security reconnaissance tool. It uses a


recursive crawl and dictionary-based probes to create an interactive sitemap for the
chosen site. The resulting map is then annotated with the output of several active (but
hopefully non-disruptive) security checks.

11.wpscan

What is WPScan used for?


WPScan is an open source WordPress security scanner. You can use it to scan
your WordPress website for known vulnerabilities within the WordPress core,
as well as popular WordPress plugins and themes. Since it is a WordPress black
box scanner, it mimics a real attacker

12.HYDRA

Hydra is a pre-installed tool in Kali Linux used to brute-force username and password
to different services such as ftp, ssh, telnet, MS-SQL, etc. Brute-force can be used to try
different usernames and passwords against a target to identify correct credentials. Below is
the list of all protocols supported by hydra.

13. What is the OSINT framework?

OSINT is a term that refers to a framework of processes, tools, and techniques


for collecting data passively from open or publicly available resources (not to
be confused with open-source software)

You might also like