Welcome back, my aspiring cyber warriors!
Often when students start down the path towards becoming a master hacker, they can become overwhelmed by the plethora of tools that are available to them. Often times, this can lead to frustration and inertia or worse, as the number of tools seems more than one can address and master.
For that reason, I have put together this list of essential tools a hacker needs (for more information on essential hacker skills, see this article) to master. This does not mean that the others do not have value or that you should ignore them, but rather focus on these first to build your hacker/infosec skills.
Essential Tools of the Master Hacker
Although their are literally thousands of infosec and hacking tools, here is my list of the most important tools for the aspiring master hacker. This is not meant to be an exhaustive list--I could have listed hundreds of excellent tools--but a list of what I consider essential tools. Of course, depending upon the task, choose the appropriate tool.
In no particular order, my choices are;
nmap is an essential tool for port scanning and much more. Among the very first port scanners developed, it is still going strong after over 20 years. nmap's primary purpose was to probe a target system for open ports and services, but in recent years Fyodor and the nmap community have added additional capability including nmap scripts that expand this tool in many new directions.
Wireshark is one of those fabulous tools that nearly everyone in the IT industry should be familiar with it. Wireshark is a sniffer that enables us to examine every packet and thereby analyze what is wrong with our network or what the intruder was trying to do.
Wireshark enables you to interactively browse the data, develop display filters, and view a reconstructed stream of TCP session. It literally can interpret hundreds of different protocols and each of those protocols' structures. Unfortunately, Wireshark has had its own issues with security vulnerabilities in recent years.
Metasploit is the work's most popular exploitation framework. It packages nearly everything you need to conduct a pentest into a single software package from scanning, exploitation and post-exploitation.
The Metasploit framework is extensible with modules for payloads, auxiliary, exploits, encoders, post-exploitation and no-operation (NOP) generators. Metasploit is free, but does have commercial versions with additional features and costs.
Metasploit 5 was just released in late 2018 and has several new features including new evasion modules.
BurpSuite is an excellent tool for attacking web applications. It has numerous tools integrated into this suite all for attacking a web application. There is a limited capability free version and the Pro version is $299 year.
aircrack-ng suite is the premier wireless technology analysis and cracking tool. Many of the other Wi-Fi tools on the market are simply scripts and GUI's that enable the use of aircrack-ng. aircrack-ng is a suite of tools for monitoring, dumping, cracking, and even creating an Evil Twin and more.
Sysinternals was first developed by Mark Russinovich and when Microsoft purchased Russinovich's firm in 2006, they became a part of Microsoft. These are among the best tools to analyse what is actually taking place internally in your Microsoft operating system. Sysinternals are designed to manage, diagnose, troubleshoot, and monitor Windows operating systems. Among the most useful of these tools is Process Explorer and Process Monitor.
Snort is the world's most widely used network intrusion detection system (NIDS). Begun by Marty Roesch as a open-source project, then sold to SourceFire and purchased by the networking giant Cisco in 2014, it is now built into many of the Cisco products. Since Snort is still community open-source project, it is also used in many other IDS products.
sqlmap is probably the best tool for automating SQL injection (SQLi) attacks against web forms. It is capable of database fingerprinting, dumping data from the database into .csv files, and even accessing the underlying OS of the web server.
Ettercap is a tool for conducting a MiTM attack on a LAN. Its user-friendly GUI makes this process relatively easy and enables the attacker to alter messages and packets.
OWASP-ZAP is a free and open-source web application vulnerability scanning tool from the folks at the venerable OWASP project. Written in Java (therefore platform independent) with an excellent easy-to-use GUI, it can be mastered by even the novice in minutes. It is terrific for scanning web applications in search of known vulnerabilities.
John the Ripper
John the Ripper is the granddaddy of Linux based password cracking tools. Lightweight and fast, it can auto-detect the type of hash and then begin a dictionary attack first followed by a brute force attack, if dictionary attack fails. This command line tool is short on pretty user interfaces, but long on ease-of-use and effectiveness.
hashcat in another Linux-based password cracker. Although not as easy to use as John the Ripper, many consider it the world's fastest. Among it's many capabilities include using a GPU for faster cracking (hashcat 3.0).
BeeF is the Browser Exploitation Framework. This tool enables the attacker to exploit the target's browser and then conduct a multitude of nefarious activities in their browser.
THC-Hydra is one of the leading remote password cracking tools. It is capable of dictionary attacks against multiple protocols most notably http, https, smb and ftp.
Nessus is the most popular vulnerability scanner. Originally developed as a open source project, it is now owned by Tenable. Nessus utilizes a vast database of known vulnerabilities and then probes the systems for evidence of their existence.
Although the commercial version is over $2000, you can still find the Home version for free on their web site than enables you to scan up to 16 IP's without charge.
Shodan is the world's most dangerous search engine. Shodan scans the Internet not for keywords, but instead for web banners. It pulls the banner from nearly every IP address and then indexes that banner information for searching. This is a an essential tool for finding sites that have useful characteristics such as a particular web server, operating system, type of IoT or protocol.
OllyDbg is a 32-bit (x86) debugger for Microsoft Windows. It can be used to analyze and decipher software where the source code is unavailable. OllyDbg is free to download and use.
OllyDbg is often used in reverse engineering of software as well as by programmers to make certain their programs are working as expected and for reverse engineering malware.
There are thousands of excellent tools for hacking and cyber security. So many, in fact, that it can be overwhelming to the novice. It is my advice to start with these essential tools, master them and then move on to the many other powerful tools at your disposal. In that way, you will have a solid foundation towards becoming a master hacker.