In one of my previous posts, I talked about ethical hacking and how to become a hacker. In this post, I will be talking about tools used by both white-hat and black-hat hackers.
Hacking has been a part of the technology world since its inception. Hacking has evolved from manual attempts at accessing systems has evolved into a complex and sophisticated practice.
Over time the tools have evolved from ping
for checking an open port to sophisticated command line tools such as nmap
for sending custom packets to the port and application listening on those ports. The realm of ethical hacking and penetration testing has changed completely with the advent of myriad automated tools.
See Also
Let’s get into details of various tool categories and go over list of tools used for each.
Types of Ethical Hacking Tools
Following is a list for categorizing different types of ethical hacking tools.
- Passive reconnaissance Tools
- Active reconnaissance tools
- Vulnerability scanning tools
- Exploitation tools
- Password cracking tools
- Web application hacking tools
Let’s go over each one of these in detail.
What is Passive Reconnaissance?
Passive reconnaissance (PR) is used to gather information about a target without directly interacting with it. The tools typically used collect information passively from publicly available sources, such as websites, network traffic, and DNS records.
Some of the most commonly used passive reconnaissance tools include:
- Whois: Whois information is used to about domain names and IP addresses and the domain owner. You can get the contact information to reach out to the administrative and technical contact, as well as the registration date and expiration date for the domain. Lately, many domain owners have started to use Whois masking with private protection making it harder to get this information.
- Traceroute: Traceroute is used to map the network path between a source and a destination. It provides information about the network infrastructure between two points, including all hop IP addresses to identify network bottlenecks or failures.
- DNS Lookup: DNS info is used to gather information about a domain’s DNS records. The response from a DNS server provides information about the domain’s public IP addresses, information on email servers, and other relevant information that can be used to identify vulnerabilities.
Passive reconnaissance tools are a crucial first step in any type of ethical or malicious hacking process.
Active Reconnaissance Tools
Active reconnaissance (AR) tools are used to find weaknesses in the target system by sending traffic directly using either manual or automated attempts to gather information. AR tools generate traffic to the target system to discover vulnerabilities.
Note: Scanning attempts can be discovered by the target if the target system has tools and processes in place to detect port scans.
Some of the most commonly used active reconnaissance tools include:
- Nessus is a widely used vulnerability scanning tool. It’s a commercial tool sold by Tenable.
- Nmap is one of the best open-source network port scanning tool. It is fast and supports many platforms.
- OpenVAS: OpenVAS is an open-source vulnerability scanning tool that provides similar capabilities to Nessus. It’s known for its robust scanning capabilities and support for a wide range of platforms.
With active reconnaissance, the following strategies are used.
- Port Scanning is a technique to identify open ports and services on a target system. This information can identify vulnerable services to target.
- Vulnerability Scanning is used to identify known vulnerabilities in a target system. Databases of known vulnerabilities are used to targets found after a successful port scanning attempt.
- Network Mapping is used to map the network infrastructure of a target system. Using scanning techniques the goal is to identify the network topology, devices, and services to target for further scan or attack.
Active reconnaissance techniques provide powerful methods to identify vulnerabilities in a target system and use those to plan and execute an attack.
One weak point of using scanning tools is that the traffic it generates can be detected at the target system.
For my post on how target systems can detect port scans.
Remember that for ethical hacking you need advanced authorization from the owner of the target system. Read the full post on ethical and legal considerations of hacking.
Application and Network Scanning
Vulnerability Scanning Tools
Vulnerability scanning techniques use automated tools to identify potential security vulnerabilities in the target system. Vulnerability scanning works by analyzing a target system and comparing it against known vulnerabilities in a database.
Some of the most commonly used vulnerability scanning tools include:
- Core Impact is paid software with a vast library of known exploits. One strength of Core Impact is that it can import data and validate vulnerabilities from multiple third-party scanners
- Metasploit comes in both open source and paid versions. It does vulnerability scanning and includes tools to manage security assessments.
- Qualys is a commercial vulnerability scanning tool. It automates the process of scanning and critical misconfigurations across the network.
Vulnerability scanning tools are used to identify and remediate potential security risks. By automating the process of vulnerability identification one can quickly and efficiently identify threats and take mitigation actions.
One limitation of these tools is that they are only able to identify known threats. Since there is usually a delay in getting the latest threats added to the vulnerability databases, one is always exposed to a new kid (threat) on the horizon.
Another challenge with vulnerability scanning tools is that they require a lot of customization to work correctly and therefore are resource intensive.
Exploitation Tools
Exploitation tools are tools that hackers use to take advantage of vulnerabilities in a target system. These tools are used to execute malicious code, steal sensitive data, or gain unauthorized access to the target system.
Some of the most commonly used exploitation tools include:
- Aircrack-ng is a suite of tools that are used for wireless network security testing. It focuses on attacking, cracking, monitoring, and testing wireless networks.
- ExploitDB is a database of exploits that can be used with a variety of tools, including Metasploit. The database is updated regularly with new exploits and is widely used by the hacking community.
- Metasploit comes in both open source and paid versions. It does vulnerability scanning and includes tools to manage security assessments. MSFVenom is used to generate payloads for Metasploit, which are small pieces of code that can be executed on a target system to perform malicious actions.
- sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.
- Wireshark is a packet capture and analysis tool that is used by all types of hackers to monitor network traffic and identify potential security issues. It is the most popular network protocol and packet analyzer.
- Social Engineering Toolkit (SET) is an open source Python toolset aimed at social engineering. The SET toolkit includes a wide range of tools and techniques for performing social engineering attacks, and it is widely used by the hacking community.
Password Cracking Tools
Password cracking tools are used to crack passwords and gain access to protected systems. They are used in combination with other hacking techniques to gain access to sensitive information.
Some of the most common password cracking tools are:
- John the Ripper is a popular password cracking tool to break passwords. It can be used to crack passwords for a wide range of systems, including Linux, Unix, and Windows systems.
- Cain and Abel is an old tool used to recover or crack passwords for Windows systems. It has not been updated since 2014, but can be used to break older system which has not yet updated their software.
- Ophcrack is a password cracking tool based on rainbow tables and comes with a GUI based interface. It is fast and can run on Linux, Mac or Windows.
- Hashcat is probably the fastest open source password cracking tool that can utilize APU, CPU or GPU to crack passwords. It can run on Linux, Mac or Windows.
- Brutus is a brute-force attack password cracker tool, which simply generates a sequence of words following the predefined character combination, and attempts to decrypt the file with each password until the correct one is found. This tool is limited to being functional with simple passwords.
Web Application Hacking Tools
Web application hacking tools are used to identify weaknesses of web applications. They are used to gain unauthorized access to sensitive information. Some of the most common web application hacking tools include:
- Burp Suite is can be used for automated dynamic scanning and for enhanced manual testing. Similar to some other tools it is used to perform various types of attacks, including reconnaissance, scanning, and exploitation. They have an open source version as well as paid versions with available support.
- Metasploit comes in both open source and paid versions. It does vulnerability scanning and includes tools to manage security assessments. MSFVenom is used to generate payloads for Metasploit, which are small pieces of code that can be executed on a target system to perform malicious actions.
- OWASP ZAP is another application hacking tool used to perform web app scanning. This is is an open source tool which is also a top 1000 GitHub project.
- sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.
- w3af is web application attack and audit framework to find and identify web application vulnerabilities.
Fishing and other Social Engineering Techniques
Social Engineering Techniques and Tools for Hacking
Social engineering tools can be used by security professionals and hackers alike to manipulate individuals into divulging information that can be used to identify weaknesses in the security chain of a target system. There are several tools in this category, including:
- Baiting involves utilizing some incentive, such as a physical that someone will want to acquire or use. This exposes either that person or through them to targeted processes or systems that can be utilized to gain unauthorized access.
- Code injection is a technique used to insert malicious code into seemingly benign websites and software to compromise the integrity of targeted systems.
- Dumpster diving involves going through the trash in search of sensitive information for acquiring information or assets to use for access or blackmailing.
- Phishing tools are used to create fake communications and interfaces that appear to be from a trustworthy source in order to trick the target into providing sensitive information or to directly get access to targeted systems.
- Pretexting techniques involve creating a false story or scenario in order to gain the trust of the target and trick them into providing sensitive information.
- Quid pro quo: This technique involves offering the target a reward or compensation in exchange for sensitive information or access to a secure system.
- Tailgating: This technique involves following an authorized individual into a secure area without proper authentication, often by pretending to be a fellow employee or delivery person.
- USB drop tools are used to spread malware by physically placing an infected USB drive in a public place and counting on someone to use it. Once attached to a computing device, the infected USB will inject some form of malware into the system.
- Voice phishing aka vishing, is used to impersonate a trustworthy source over the phone in order to trick the target into providing sensitive information.
Many of the strategies and techniques used in social engineering are not new and has been around for a long time. These do not necessarily require digital tools and networks and work directly through weaknesses in human behavior. To counter these techniques regular training of human resources is required. But even then I feel that irrespective of advanced tools we will never eliminate this category of attacks to gain access to malicious activities.
Conclusion
All tools and techniques used for ethical and non-ethical hacking serve as powerful instruments for both white and black hat hackers. These tools can be used to either remediate vulnerabilities or exploit them.
It is important to be aware of the ethical and legal implications of hacking and to choose tools and practices that align with ethical principles.