We once had infinite fantasies and fears about the hacker world, but with the rise of technology and the advancement of the security field, hacking technology has become increasingly common.
We once had infinite fantasies and fears about the hacker world, but with the rise of technology and advances in the security field, hacking technology has become more and more common. In fact, many hacking tools are used for network security testing and security testing. Therefore, as a programmer, it is necessary to understand and even try these open-source hacking tools. But please do not use them for illegal purposes.
1. penetration test environment Metasploit
Metasploit Framework is a complete environment for writing, testing, and using exploit code. This environment provides a reliable platform for penetration testing, shellcode writing, and Vulnerability Research. this framework is mainly written by the object-oriented Perl programming language and includes the C language, optional components written in assembler and Python.
Metasploit Framework is used as an auxiliary tool for buffer overflow testing. it is also a platform for exploits and testing vulnerabilities. It integrates common overflow vulnerabilities and popular shellcode on various platforms and is constantly updated, making it easy and easy to test buffer overflow.
Metasploit security testing tools can be used to perform many tasks in penetration testing. you can save your operation logs and even define how each server load clears itself after it is run. It is worth mentioning that this powerful tool is free of charge. its development team is composed of two full-time members and a few part-time contributors, metasploit Framework has evolved from the first version of 1.0 to the current version of 3.0 for automatic vulnerability detection!
2. website and server vulnerability scan software Acunetix
Acunetix Web Vulnerability is a website and server Vulnerability scanning software. It includes two versions: paid and free.
Acunetix Web Vulnerability capabilities:
● AcuSensor technology
● The Automatic client script Analyzer allows security testing for Ajax and Web 2.0 applications.
● The most advanced and in-depth SQL injection and cross-site scripting tests in the industry
● Advanced Penetration testing tools, such as HTTP Editor and HTTP Fuzzer
● Visual macro recorder helps you easily test web tables and password-protected areas
● Support CAPTHCA-containing pages, single start command and Two Factor (Two-Factor) verification mechanism
● Rich reporting functions, including visa pci Compliance Report
● High-speed multi-thread scanners can easily retrieve thousands of pages
● Intelligent crawling programs detect web server types and application languages
● Acunetix searches and analyzes websites, including flash content, SOAP and AJAX.
● Port Scan web server and perform security check on network services running on the server
3. network security audit tool Nmap
Nmap is a network connection scanning software used to scan the network connection end opened by online computers. Determine which service is running on the connected end and determine which operating system computer is running (also known as fingerprinting ). It is one of the necessary software for network administrators and is used to evaluate the security of network systems.
Just as most tools are used for network security, nmap is also a popular tool for many hackers and hackers (also known as script kids. System administrators can use nmap to detect unapproved servers in the work environment, but hackers will use nmap to collect network settings of the target computer and plan the attack methods.
Nmap is often confused with the system vulnerability assessment software Nessus. Nmap uses a secret technique to avoid intrusion into the monitoring system, and does not affect the daily operations of the target system as much as possible.
In The Matrix, Nmap, together with The SSH1 32-bit cyclic redundancy verification vulnerability, was intruded into The energy management system of The power station by Cui NIDI.
4. Network Protocol detection program Wireshark
Wireshark (formerly known as Ethereal) is a network packet analysis software. The function of the network packet analysis software is to capture network packets and display the most detailed network packet information as much as possible.
The function of the network package analysis software can be imagined as "an electrician uses an electric meter to measure current, voltage, and resistance"-simply porting the scenario to the network and replacing the wire with a network line. In the past, network packet analysis software was very expensive or specially used by enterprises. The emergence of Ethereal has changed all of this. Under the protection scope of the GNUGPL general license, users can obtain the software and its source code at a free cost, and have the right to modify and customize its source code. Ethereal is one of the most widely used network packet analysis software in the world.
Network administrators use Wireshark to detect network problems. network security engineers use Wireshark to check information security issues. developers use Wireshark to debug new communication protocols, ordinary users use Wireshark to learn the knowledge of network protocols. of course, some people will also use it to find some sensitive information ......
Wireshark is not an Intrusion detection software (IDS ). Wireshark will not generate any warning or prompt for abnormal traffic behavior on the network. However, careful analysis of Wireshark captured packets can help users better understand network behavior. Wireshark does not modify the content of network packets. it only reflects the current packet information. Wireshark itself does not send packets to the network.
5. Hashcat
Hashcat oclHashcat is a tool used to crack hash values. it supports MD5 and SHA1.
OclHashcat is the world's fastest and most advanced cryptographic restoration tool based on GPGPU. it supports five unique attack modes and over 170 highly optimized hash algorithms. OclHashcat currently supports AMD (OpenCL) and Nvidia (CUDA) graphics processors, and supports GNU/Linux and Windows 7/8/10 platforms.
6. Vulnerability Scan Program Nessus
Nessus is known as "the world's most popular vulnerability scanning program, which is used by more than 75,000 organizations around the world ". although this scanner can be downloaded for free, the annual direct purchase fee is $1,200 to update all the latest threat information from Tenable Network Security. linux, FreeBSD, Solaris, Mac OS X, and Windows can both use Nessus.
7. Internet intelligence aggregation tool Maltego
Sometimes you may have thought that, from an Email, Twitter, website, or even name, you can find people who are closely related to each other and integrate and use these connections? Maltego is such an excellent and powerful tool. Maltego allows you to update, integrate data, and customize data from servers, so as to integrate the "intelligence topology" most suitable for users ".
8. web application security scanning tool Netsparker
Netsparker is a comprehensive web application security vulnerability scanning tool. it is divided into professional edition and free edition, and the free edition has powerful functions. Compared with other comprehensive web application security scanning tools, Netsparker can better detect SQL Injection and Cross-site Scripting security vulnerabilities.
9. Web application attack and check framework W3af
W3af is a Web application attack and check framework. This project has more than 130 plug-ins, including SQL injection, cross-site scripting (XSS), local and remote files. The goal of this project is to establish a framework to find and develop Web application security vulnerabilities, which are easy to use and expand.
Functions and features
Support proxy
Proxy Authentication (basic and summary)
Website authentication (basic and summary)
Timeout processing
Counterfeit user agent
New custom title request
Cookie processing
Local cache GET and header
Local DNS cache
Maintain and support http and https connections
Use multiple POS to request file Upload
Supports SSL certificates
Partially compiled from: https://fossbytes.com/best-hacking-tools-of-2016-windows-linux-mac-osx/