Ethical Hacking – Tools
Some of the tools that are used for ethical hacking are given below:
NMAP
NMAP stands for Network Mapper. It is an open source tool used for network discovery and security auditing. It can be used to scan large or single both hosts. It is also useful for network inventory, managing service upgrade schedule and monitoring host. NMAP is used to determining what operating systems they are running on, what type of firewalls are in use, what services those ate offering, etc.
Metasploit
It is one of the most powerful exploit tools which is produced by Rapid7. Its most components and information can be found in www.matasploit.com. It comes in commercial and free edition. It can be used with command prompt or with Web UI. It is used for conducting basic penetration tests on smallnetworks, running spot checks on the exploitability of vulnerabilities, importing scans browsing exploit modules, etc.
Burp Suit
It is a popular platform that is used for performing security testing of web applications. It has various tools that work in collaboration to support the testing process. Burp is easy to use and provides the administrators full of control to combine advanced manual techniques with automation.
Angry IP Scanner
It is a IP address and port scanner. It can scan IP addresses in any range. It can be freely copied. It uses multi threaded approach. It simply pings each IP address to check if it is alive, and then, it resolves its host name, determines the MAC address, scans ports, etc. The data can be saved to TXT, XML, CSV, or IP-Port list files.
Cain & Abel
It is a password recovery tool for Microsoft Operating Systems. It helps in easy recovery of various kinds of passwords by employing any methods like sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoLP conversations, decoding scrambled passwords, revealing password boxes, etc. It is a useful tool for security consultants, professional penetration testers and everyone else who plans to use it for ethical reasons.
Ethercap
It stands for Ethernet Capture. It is a network security tool for Man-in-the-Middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. Ethercap has inbuilt features for network and host analysis.
EtherPeek
it is a wonderful tool that simplifies network analysis in a multi protocol network environment. It is a small tool that can be easily installed in a matter of few minutes. It sniffs traffic packets on a network. By default, EtherPeek supports protocols such as IP, IP address Resolution Protocol (ARP), NetWare, TCP, UDP, NwtBEUI, and NBT packets.
SuperScan
It is a powerful tool for scanning TCP ports and resolve host names. It has a user friendly interface that is used to scan ping using IP range, scan any port range from built- in list, view responses from connected hosts, merge port lists to build new ones, assign a custom helper application to any port.
QualysGuard
It is an integrated suite of tools that can be utilized to simplify security operations. It delivers critical security intelligence on demand and automates the full spectrum of auditing and preservation for IT systems and web applications. It is used to detect, monitor and protect global network.
Weblnspect
It is a web application security assessment tool that helps to identify known and unknown vulnerabilities within the web application layer. It can attempts common attacks such as parameter injection, cross-site scripting, directory traversal, and more.
LC4
It was formerly known as L0phtCrack. It is a password auditing and recovery application. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, and hybrid attacks. It recovers user account passwords to streamline migration of users to another authentication system.
ToneLoc
It stands for Tone Locator. It was a popular war dialing computer program written for MS-DOS in the early 90’s. War dialing is a process of using a modem to scan a list of telephone number in a local area code. Malicious hackers use the resulting lists in breaching computer security. It can be used by security personnel to detect unauthorized devices on a telephone network.
