Linux Security

Top 10 Ethical Hacking Tools

Hacking is the art of exploitation, it should always be used an ethical process. There are certain tools which can ease you through the exploitation process. These tools help in performing repetitive actions & target enumeration. Nevertheless, tools should be the only refuge of any expert penetration tester. One should be able to write own tools & automate the processes in order to better float through any exploitation phase. We will discuss today the top 10 tools admired and mostly used by the Hacking Society.

Nmap

Ports are the entry points of any machine. To scan any machine for the open ports, Network Mapper(nmap) is used. It comes with certain modes like aggressive scan, full port scan, common port scan,stealth scan etc. Nmap can enumerate OS, services running on a particular port and will tell you about the state(open, closed,filtered etc) of each port. Nmap also has a scripting engine which can help automate simple network mapping tasks. You can install nmap using the following command;

$ sudo apt-get install nmap

Here is a result of common port scan using nmap;

SQLmap

Finding vulnerable databases & extracting the data from them has become a huge security risk today. SQLmap is a tool to check any vulnerable databases and dumping the records from them. It can count rows, check vulnerable row & enumerate database. SQLmap can perform Error Based SQL injections, Blind SQL injection, Time Based SQL injection & Union Based attacks. It also has several risk & levels for increasing the severity of the attack. You can install sqlmap using the following command;

sudo apt-get install sqlmap

Here’s a dump of password hashes retrieved from a vulnerable site using sqlmap;

Netcat

As stated by PWK, Netcat is the swiss army knife of the hackers. Netcat is used for file (exploit) transfer, finding open ports & remote administration (Bind & Reverse Shells). You can manually connect to any network service like HTTP using netcat. Another utility is to listen on any udp/tcp ports on your machine for any incoming connections. You can install netcat using the following command;

sudo apt-get install netcat

Here’s an example of file transfer;

BurpSuite

BurpSuite is a proxy which intercepts incoming & outgoing requests. You can use it to repeat & replay certain requests and analyse the response of the web pages. Client side sanitization & validation can be bypassed using Burpsuite. It’s also used for Brute force attacks, web spidering, decoding & request comparing. You can configure Burp to be used with Metasploit & analyse each payload and make required changes to it. You can install Burpsuite by following this link. Here’s an example of Password Brute Force using Burp;

Metasploit Framework

Metasploit Framework is the very first tool hackers consult after finding a vulnerability. It contains information about vulnerabilities, exploits & lets hackers develop and execute codes against a vulnerable target. Armitage is the GUI version of Metasploit. While exploiting any remote target just provide the required fields like LPORT, RPORT, LHOST, RHOST & Directory etc and run the exploit. You can further background sessions & add routes for further exploitation of internal networks. You can install metasploit using the following command;

sudo apt-get install metasploit-framework

Here’s an example of remote shell using metasploit;

Dirb

Dirb is directory scan which enumerates the directories in any web application. It contains a generic dictionary which contains the most commonly used directory names. You can also specify your own word dictionary. Dirb scan will often omit useful information like robots.txt file, cgi-bin directory, admin directory, database_link.php file, web app information files & users’ contact information directories. Some misconfigured websites may also expose hidden directories to dirb scan. You can install dirb by using the following command;

sudo apt-get install dirb

Here’s an example of a dirb scan;

Nikto

Outdated servers, plugins, vulnerable webapps & cookies can be captured by a nikto scan. It also scans for XSS protections, clickjacking, browsable directories & OSVDB flags. Always be aware of false positives while using nikto.You can install nikto by using the following command;

sudo apt-get install nikto

Here’s an example of a nikto scan;

BEeF (Browser Exploitation Framework)

Getting a shell from XSS is not quite possible. But there is a tool which can hook the browsers & get a lot of tasks done for you. You just need to find out a stored XSS vulnerability, and the BEeF will do the rest for you. You can open webcams, take screenshots of the victim machine, pop up fake phishing messages & even redirect the browser to a page of your choice. From stealing cookies to clickjacking, from generating annoying alert boxes to ping sweeps and from getting Geolocation to sending metasploit commands, everything is possible.  Once any browser is hooked, it comes under your army of bots. You can use that army to launch DDoS attacks as well as send any packets using the identity of the victim browsers. You can download BEeF by visiting this link. Here’s an example of a hooked browser;

Hydra

Hydra is a very famous login brute force tool. It can be used to bruteforce ssh, ftp & http login pages. A command line tool which supports custom wordlists & threading. You can specify the number of requests to avoid triggering any IDS/Firewalls. You can see here all  the services & protocols which can be cracked by Hydra. You can install hydra by using the following command;

sudo apt-get install hydra

Here’s a Brute Force example by hydra;

Aircrack-ng

Aircrack-ng is a tool which is used for wireless penetration testing. This tool makes it easy to play with beacons & flags which are exchanged during wi-fi communication & manipulate this to trick users into taking the bait. It’s used to  monitor, crack, test & attack any Wi-Fi network. Scripting can be done to customize this command line tool as per the requirements. Some features of aircrack-ng suite are replay attacks, deauth attacks, wi-fi phishing (evil twin attack), packet injection on the fly, packet captures (promiscuous mode) & cracking basic WLan protocols like WPA-2 & WEP. You can install aircrack-ng suite using the following command;

sudo apt-get install aircrack-ng

Here’s an example of sniffing wireless packets using aircrack-ng;

CONCLUSION

There are many ehtical hacking tools, i hope this top ten list of the best tools will get you going faster.

About the author

Usama Azad

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14