Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There are a variety of such hack tools available in the market. Some of them are open source while others are commercial.
Nmap or “Network Mapper” is tool used for information gathering. In other words, to get insights about the host, its IP address, OS detection, and similar network security details (like the number of open ports and what they are). Nmap provides a lot of features for probing computer networks, including host discovery, service enumeration and detection.
- Scan Open Ports using Ss, Netstat, Lsof and Nmap
- Top 10 NMAP Widely Used Commands
- Top 30 Basic NMAP Commands for Beginners
- 19 Useful NMAP Commands You Should Know
- 5 Most Commonly Used Nmap Commands
- Save Nmap Output to a File with 4 different ways
- 5 Books Considered the “Best Nmap Books Ever Written”
It is used for security auditing, compliance testing, and system hardening. It performs an extensive health scan of your systems to support system hardening and compliance testing.
Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include: Security auditing, Compliance testing (e.g. PCI, HIPAA, SOx), Penetration testing, Vulnerability detection and System hardening
- Sniffing with Xerosploit – An Advanced MITM Framework
- Windows/Linux Useful Commands
- Windows and Linux Privilege Escalation Tools – Compiled List 2019
- 6 Linux Distributions For Forensics Investigation
WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes.
WPScan uses the vulnerability database called wpvulndb.com to check the target for known vulnerabilities. The team which develops WPScan maintains this database. It has an ever-growing list of WordPress core, plugins and themes vulnerabilities.
- Detect WordPress User/Version/Theme/Plugins with WP-Grab-Info Tool
- Most Useful WordPress Plugins for your Websites
- How to Choose an Impressive WordPress Themes for Essay Writing Websites
- Bruteforce WordPress with XMLRPC Python Exploit
- How to Fix Common SSL Issues on WordPress
- Top 5 Image Optimization Plugins for WordPress
Aircrack-ng is a complete suite of tools to assess WiFi network security. Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs.
The aircrack-ng software suite includes: aircrack-ng, airdecap-ng, airmon-ng, aireplay-ng, airodump-ng, airtun-ng, packetforge-ng, ivstools, airbase-ng, airdecloak-ng, airolib-ng, airserv-ng, buddy-ng, easside-ng, tkiptun-ng and wesside-ng
- Crack WPA2-PSK with Aircrack – Dictionary Attack Method
- Crack WPA/WPA2-PSK using Aircrack-ng and Hashcat – 2017
- Evil Twin Attack with DNSMASQ – Wireless WPA2-PSK Cracking
- Exploitation of WPA/WPA2-PSK with WiFiBroot – Kali Linux 2018
- WEP Cracking with Kali Linux 2018.1 [Tutorial]
- Top 5 Wireless Penetration Testing Tools
Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
- 10 Most Popular Useful Kali Linux Hacking Tools
- Bruteforce SSH using Hydra, Ncrack and Medusa – Kali Linux 2017
- Bruteforce Password Cracking with Medusa – Kali Linux
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
The best alternatives of Wireshark are: Savvius Omnipeek, Ettercap, Kismet, Smartsniff And EtheApe.
- Analyzing Deauthentication Packets with Wireshark
- Sniff HTTP Post Data with Wireshark
- About Wireshark – A Packet Sniffer and its Components
7. Metasploit Framework
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
Metasploit Framework can be easily installed on a Windows based operating system. However, Windows is usually not the platform of choice for deploying Metasploit Framework, the reason being, that many of the supporting tools and utilities are not available for Windows platform.
- [Metasploit] Upgrading Normal Command Shell to Meterpreter Shell
- Exploitation of UnreaIIRCd 220.127.116.11 by using Metasploit and Perl Script
- JAVA RMI (Remote Method Invocation) Exploitation with Metasploit Framework
- Top 10 Metasploit Modules for Exploitation of ShellShock Vulnerability
- Drupal 7 Exploitation with Metasploit Framework [SQL Injection]
- Exploit Windows with Malicious MS-OFFICE File [Metasploit Framework]
- Exploitation of EternalBlue DoublePulsar [Windows 7 – 64bit] with Metasploit Framework
- Find Vulnerable Webcams with Shodan [Metasploit Framework]
- Windows 10 Exploitation with an Image [Metasploit Framework – 2018]
- Hack Android using Metasploit over LAN/WAN
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
- Top 6 Web Application Vulnerability Scanners
- Mitigations for Common Web Application Flaws
- Web Application Hacking Methodology
Maltego is an impressive data mining tool to analyze information online and connect the dots. Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.
Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.
Of course, if you are an administrator for multiple computers connected to a network, you can make use of it and secure those computers.
- Biggest Hacking & Security E-Books Collection – FREE Download
- Top 4 Network Vulnerability Scanners
- Online Port Scanning – Top 5 Resources
- Most Commonly Used Ports assigned by IANA
- Find Open Ports in Kali Linux with Netstat Utility
11. Burp Suite Scanner
Burp Suite Scanner is a fantastic web security analysis tool. Unlike other web application security scanner, Burp offers a GUI and quite a few advanced tools.
Burp Suite is the world’s most widely used web application security testing software. Burp comes as two versions – Burp Suite Professional for hands-on testers, and Burp Suite Enterprise Edition with scalable automation and CI integration.
- ShellShock Exploitation with BurpSuite [PentesterLab] – CVE-2014-6271
- 19 Most Useful Plugins for Burp Suite [Penetration Testing]
- [Solution] Disable the detectportal.firefox.com requests in Burp Suite
- [Solution] SSL Handshake Alert Error – Burp Suite
BeEF (Browser Exploitation Framework) is yet another impressive tool. It has been tailored for penetration testers to assess the security of a web browser. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.
- ShellShock and BeEF Framework – Exploitation Tutorial
- Complete Understanding of Web Application Security – 2017
Apktool is indeed one of the popular tools found on Kali Linux for reverse engineering Android apps. APKTool is a powerful piece of software developed by XDA Senior Member ibotpeaches. The tool allows you to reverse engineer APK files, allowing you to decode resource files so you can modify them and then recompile the application.
- Top 10 Essential CTF Tools for Solving Reversing Challenges
- Top 7 Online Android APK Malware analyzers – FREE
- Mobile Application Penetration testing Checklist 2016
SQLmap is an open-source tool used in penetration testing to detect and exploit SQL injection flaws. It automates the process of exploiting SQL injection flaws and helps you take over database servers.
- Anonymity of SQLMAP with TOR Proxy – Kali Linux 2018
- Live SQL Injection Exploitation with SQLMap – A Detailed Guide
- Familiar With SQL Injection Vulnerability – Meet Ihsan Sencan
- 4 Best ways to Prevent SQL Injection Vulnerability [PHP]
- Privilege Escalation via SQL Injection in Joomla 3.8.3 – Live Exploitation
- Simple Tips to Prevent SQL Injection Vulnerability
- Advanced Error Based SQL Injection Exploitation – Manually
- Scan SQL Injection vulnerability on whole server
15. John the Ripper
John the Ripper is a popular password cracker tool available on Kali Linux. John the Ripper works by using the dictionary method favored by attackers as the easiest way to guess a password. It takes text string samples from a word list using common dictionary words.
It can also deal with encrypted passwords, and address online and offline attacks.
Through protocol analysis and content searching and matching, Snort detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate ‘alerts’ file, or to a pop-up window.
17. King Phisher
King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content.
King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
- Important Links – Report Phishing Links & Suspicious Emails
- General Knowledge about Internet Website Names and Phishing
It is a powerful web server scanner checks in against potentially dangerous files/programs, outdated versions of server, and many more things. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over thousands of servers, and version specific problems on over 200+ servers.
It is an interesting framework which perform Layer 2 attacks and focuses on Layer 2 and a variety of network protocols that include STP, CDP, DTP, and so on.
Yersinia – is a network security/hacking tool for Unix-like operating systems, designed to take advantage of some weakness in different network protocols. Yersinia is considered a valuable and widely used security tool.
20. Social Engineering Toolkit (SET)
The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.