Several tools commonly used in security testing

Source: Internet
Author: User
Tags maltego

The main features of these tools, as well as tutorials, books, videos, and more, are described below.

Port Scanner: Nmap

Nmap is the "Network Mapper" abbreviation, it is known that it is a very popular free open source Hack tool. Nmap is used to discover network and security audits. According to statistics, thousands of system administrators around the world use Nmap to discover networks, check open ports, manage service upgrade plans, and monitor the uptime of hosts or services. Nmap is a tool that uses raw IP packets to determine in a very innovative way which hosts are on the network, what services (application names and versions) are available on the host, what operating systems, what types, and what versions of packet filters/firewalls are being used by the target. One of the benefits of using Nmap is that an administrator user can determine whether the network needs to be packaged. All the hacker movies have appeared in the form of nmap, especially in the recent Mr.robot series.

Nmap Learning Materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/2/nmap

Book: https://www.concise-courses.com/books/nmap/

Similar tools: https://www.concise-courses.com/hacking-tools/port-scanners/

Network Vulnerability Scanner: Acunetix

Acunetix is a very popular and highly used automated vulnerability scanner that Acunetix SQL injection, XSS, XXE, SSRF, and host header attacks and other 500 web vulnerabilities by crawling and scanning web sites and Web applications. Update! Acunetic enthusiasts have released a 100% free video course, so you can effectively learn how to use this awesome network vulnerability scanner! More links to Acunetix information and registration Acunetix.

Acunetix Learning Materials

Video: https://www.concise-courses.com/learn/how-to-scan-for-vulnerabilities/

Book: https://www.concise-courses.com/books/

Vulnerability monitoring tool: Metasploit

The Metasploit project is a very popular and popular penetration test as well as an attack framework. If you've just touched Metasploit, you'll think it's a "hacker toolset" that can be used to perform various tasks. Metasploit is used by professional cyber security researchers and a large number of hackers, and it is considered a must-learn content for research security. Metasploit is essentially a computer security project (framework) that provides users with key information about known security vulnerabilities, and Metasploit helps specify penetration testing and IDs monitoring plans, strategies, and utilization plans. Metasploit the advantages of too much, the small part of the list is not listed, hope that the following video can help you learn Metasploit. If you are a beginner, there are more beginner tutorials for you to use.

Metasploit Learning Materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/3/metasploit

Book: https://www.concise-courses.com/books/metasploit/

Similar tools: https://www.concise-courses.com/hacking-tools/vulnerability-exploitation-tools/

Forensics: Maltego

Maltego is different from other forensics tools because it works within the scope of digital forensics. Maltego is designed to pass a comprehensive network threat picture to the local environment of the enterprise or other forensic organization, which is a platform. Maltego is great, and it's very popular (because it's the top ten in Kali) because of its unique perspective because it provides both an entity-based network and a source that aggregates the entire network of information-whether it's the current configuration of the network's fragile routes or the current international access of your employees, Maltego can locate, summarize and visualize the data! Small series of suggestions are interested students also learn OSINT network security data.

Maltego Learning Materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/13/maltego

Book: https://www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/hacking-tools/forensics/

Network Vulnerability Scanner: OWASP Zed

Zed's agent Attack (ZAP) is now one of the most popular owasp projects. You see this page stating that you may be an experienced cyber security researcher Oh, so you may be very familiar with owasp. Of course, Owasp is ranked top 10 in the threat list, and it is used as a guide to learning Web Application security. This attack penetration tool is very effective and easy to use. Zap is popular because it has a lot of extended support, and the owasp community is really a great resource for cyber security research. ZAP provides automated scanning and a number of tools that allow you to professionally discover network security vulnerabilities. Having a good understanding of the tool and becoming a master of this tool is very beneficial for the penetration tester's career. If you are a developer, then this tool will make you a great hacker.

OWASP Zed Learning Materials

Video: https://www.concise-courses.com/hacking-tools/videos/category/14/owasp-zed

Book: https://www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/hacking-tools/web-vulnerability-scanners/

Manual Analysis Package Tool: Wireshark

If Nmap ranks first in the Hack tool, that Wireshark is certainly the second most popular tool. Wireshark has been around for a long time, and he has been used by thousands of security researchers to troubleshoot, analyze network problems, and network intrusions. Wireshark is a grab bag tool, or rather, it is an open source platform for effective analysis of packets. It is worth mentioning that, Wireshark cross-platform, we would have thought it was smart to run in Gnu/linux, but we are wrong, whether it is Windows or Linux or even OS X has Wireshark, There is also a terminal version similar to Wireshark called Tshark. There's a lot of information about Wireshark that can help you become a Wireshark expert.

Wireshark Learning Materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/16/wireshark

Book: https://www.concise-courses.com/books/wireshark/

Similar tools: https://www.concise-courses.com/hacking-tools/packet-crafting-tools/

Network Vulnerability Scanner: Burp Suite

Burp Suite is somewhat like Maltego because it also has a bunch of tools to help infiltrate testers and hackers. Burp Suite has two popular apps, called the Burp Suite Spider, that can enumerate and map the various pages of a Web site and its parameters by monitoring cookies, initializing the connections to those Web applications, and another called "Intruder", It can automate web app attacks. Similarly, if you are a cyber security researcher or are conducting penetration testing, burp suite is also a must-learn tool.

Burp Suite Learning Materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/7/burp-suite

Book: https://www.concise-courses.com/books/burp-suite/

Similar tools: https://www.concise-courses.com/hacking-tools/web-vulnerability-scanners/

Password hack: THC Hydra

THC Hydra is a very popular password hack that was developed by a very active and experienced development team. Basically THC Hydra is a fast and stable network login attack tool that uses dictionary attacks and brute force attacks to try a large number of passwords and login combinations to log on to the page. The attack tool supports a range of protocols, including mail (Pop3,imap, etc.), databases, Ldap,smb,vnc, and SSH.

THC Hydra Learning Materials

Video: https://www.concise-courses.com/hacking-tools/videos/

Book: https://www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/hacking-tools/password-crackers/

Password hack: aircrack-ng

The Aircrack component of the WiFi hack is a legend in the attack tool, because it works very well! For beginners who are less aware of invalid attacks, Aircrack-ng is a 802.11 wep and WPA-PSK key hack attack tool and can recover the key when enough packets are captured. For friends who are delving into the penetration and auditing of wireless networks, Aircrack-ng will be your best partner. Aircrack-ng uses standard FMS attacks to optimize Korek attacks and make PTW attacks more effective. If you are a regular hacker, you can hack WEP in a few minutes and you should be very proficient in cracking wpa/wpa2. If you are interested in a wireless network attack, we strongly recommend that you look at Reaver, which is also a very popular hack tool.

Aircrack-ng Learning Materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/12/aircrack-ng

Book: https://www.concise-courses.com/books/aircrack-ng/

Similar tools: https://www.concise-courses.com/hacking-tools/password-crackers/

Password hack: John the Ripper

John the Ripper (Ripper John) won the coolest name award! It is generally used as a "John", and it is also a very popular password-cracking penetration test tool that is often utilized to perform dictionary attacks. John the Ripper takes a text string as a sample (a sample from a text file, called a list of words, contains a popular, complex vocabulary found in a dictionary, or a word used in a previous hack), and uses the same decryption methods as encryption (including cryptographic algorithms and keys) to crack, Then compare the output of the encrypted string to get a cracked key. This tool can also be used to perform variants of dictionary attacks.

John The Ripper learning materials

Video: Https://www.concise-courses.com/hacking-tools/videos/category/1/john-the-ripper

Book: https://www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/books/

---------------------This article from huangmr0610 csdn blog, full-text address please click: 52453137?utm_source=copy security Test several common tools

Several tools commonly used in security testing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.