#3 Popular Hacking Tools and their Applications

Penetration  testing  ,colloquially referred to as Pen-testing essentially refers to testing software system to find weaknesses or potential security breach points.In the Past,Pen testing was restricted to elite circle  of a few security experts.But now with loads of high-abstraction tools that have been developed with cyber-security in mind,this fief has become more democratized.One can get started and perform basic to advanced pen testing with in comforts of their couch .

Pen testing tools can be broadly classified in to two,"scanners"or attackers".As the names would suggest ,one set of tools help in pointing out the threats while the other finds and attack those threats for data collection purposes.So let's have a look at few of the more popular ones that helps someone through the initial steps of cyber-security investigation.

1.John The Ripper:

Regarded as one of the best password crackers of all time ,it's arguably one of the better security tools available to not only test password strength in one's operating system ,but also to check up on one remotely over a network .It works by auto-detecting the type of encryption used in almost any password ,and them changes its password test ,algorithm based on it thereby making it one of the most automated and aware password cracking tools of all time.

2.Metasploit:

It's an open source cyber-security project that specialists in providing deficient pen-testing tools to discover vulnerabilities in remote software .Its popularly used as an "exploit module development platform ".

Written in Ruby,Metasploit framework is the most popular product of this project ,which enables one to develop,test and execute exploits easily.The framework provides a suite of security tools that can be used to:

• Evade detection systems
• Scan for security vulnerabilities 
• Execute large volumes of remote attacks 
• Scan through all forms networks and hosts regardless of protocols Metasploit ,in this with a freemium approach ,offer three version of their software.

Pro(ideal for massive scale penetration testing and big-size information Technology security terms),Community(useful for small companies ),framework(ideal for app developers and security researches ).Available Platforms -Being open -source ,its platform agnostic to a high degree and therefore available for Mac,Linux(Ubuntu,Fedora)and windows.It's not available for use on mobile platform.

3.Nmap(Network Mapper)

A free and open-source security tool mostly used in professional circles.It is generally used to manage,audit and scan through networks and OS security for both locally hosts.

Its was launched way back in 1997,and despite being one of the oldest tools in this segment ,continues to be actively updates ,receiving new improvements all year round ,thereby ensuring  a loyal and active user base.

Regarded as one of the most efficient network mappers around ,it has been bench-marked and found to be fast,and consistently delivers complete results with any form of a security investigation .with optimum memory man-agreement as one of its core development options,it has wide acclaim as one of the most effective and clean network mappers around .

It can be used in the  following ways:

• Auditing a devices'security
• detecting open ports on remote hosts
• Mapping networks and enumerating errors
• Finding vulnerabilities inside any network regardless of protocol 
• Execute large scale DNS queries against domains/sub-domains 

Available platforms: All major  operating systems including Mac OS X,Linux OpenBSD and Solaris,Microsoft Windows 10.

4. Wireshark

Another free, open -source software ,it specializes in being able to analyze network traffic in real time.Its USP being its sniffing technology. Wireshark is popular for its ability to scan though and detect security problems in any network and hence, its effectiveness in solving

general network routing problems.

Its main features include:

• Support for offline inspection through analyses that are saved 
• Packer browser (Package based ,inspired from Linux based  package manages)
• feature-rich graphical user interface 
• Well-documented VoIP analysis 
• Inspection and decompression of .gzip/.zip/.tar files
• Reals and supports other file formats,including Sniffer Pro,tepdump(libcap),Microsoft network monitor ,Cisco Secure IDS ziplog,etc.
• Supports a wide variety of ports and networks devices: Ethernet,IEEE 802.11,PPP/HDLC,ATM,Bluetooth ,USB Token Ring, Frame Relay,FDDI.
• Protocol decryption includes but not limited to IPsec ,ISAKMP,Kerberos ,SNMPv3,SSL/TLS,WEP,WAP/WAP2 and other endemic protocols as well .
• Can export result to XML,PostScript,CSV,or plain text with options of a high degree of custmizability

Available Platform : with support for over 2000+ different network protocols its available on all major operating system including Linux ,Windows,Mac OS X,FreeBSD,NetBSD

5.OpenVas:

Previously popular as the much loved "Nessus",it is an open sourced network scanner used to detect vulnerability scanners,it has remained very popular Develops,system administrators,Tech Collaborators. Its core features include:

• Powerful simple web app user interface.
• Can perform 50000+types of test on network vulnerability.
• Can simultaneously scan multiple hosts.
• Able to pause and resume scan tests with support for palatalization available.
• Management of fales positives and negatives. 
• Can schedule scans based on available resources.
• Graphics and statistics generation. 
• Can export result to plain text ,XML ,HTML,or LateX.
• platform agnostic,powerful command-line interface.
• End to end integration with Nagios monitoring software Available Platforms: With its web app user-interface,it can be run from any operating system .However ,a command Line Interface is also available and works well for all Linux/Unix operating systems and all bash based windows OS.

In addition to the free  version available for download from the OpenVAS website,there is also an enterprise licence for commercial uses available on the website of green-bone security,and it's the parent company.

6.IronWASP

Free ,open-sourced and multi-Platform,IronWASP is treated as the quintessential tool to audit one's web servers and public applications.

One of the most well received thigs about Iron WASP is that it has been made keeping novieces in mind and is a great tool to learn the nuts and bolts of ethical hacking .

It's all graphics user interface based with drag and drop option ,and so complete scans can be performed in only a few clicks.This allows people who have in-depth knowledge of network systems or hardware based tasks but lack coding skills to get involved on ethical hacking and pen-testing .

A few of its main core features include.

• Simple to use ,feature rich GUI -based with drag and drop options.
• Can record sequence of web scans over some time and sort the data based on the host.
• Can export result mainly into HTML and RTF file format with fewer options for customization.
• support for 25+ varied web vulnerabilities .
• Support for management of false positive and negatives and negatives. 
• Support for management of false its scripting engine across programming language with dominant support and an active community in python and Ruby.
• Can be extended by using modules written in C#,Ruby,JavaScript and Python.

Available platform It's natively available only on windows but can be used on other platforms with third-pirty modules (for instance,Linux with Wine ,and MacOS using cross using.

7.Nikto:

Popular as a native part of the kali Linux Distribution ,Nikto is one of the all-time favourites in ethical hacking circles so much so that even  other popular developer-friendly Linux distributions such as fedora have also started to come with Nikto pre-installed in thier software repositories.

This security tool is used to scan web servers and perform varied tests on specific remote hosts.

As can be seen in the above screenhot Nikto's simple and clean CLI makes it very convenient and easy to launch any vulnerability testing against one's target.

Nikto's core feature, as stated on thier webpage,that makes it very popular are:

• Can detect default installation files on any OS
• Can easily detect software applications that need to be upgraded or deleted 
• support to run XSS vulnerability test 
• Can launch dictionary-based brute force attacks on entire databases 
• Can expot result into plin text ,CSV or HTML files to support offline analysis 
• LibWhisker based intrusion detection system evasion 
• support for end integration in other language(Python,C#,Objective-c) with Ruby programming language based metasploit framwork 

Available Platforms:Endemic to Popular Linux distributions(Ubuntu,kali,Fedora)

8.AirCrack-ng

The most respected WIFI security suite for home and corporate security investigations, AirCrack-ng includes full support for 802.11 WEP and WPA-PSK network and essentially functions by capturing network packets.It then performs  analyses analyses on them and uses it to crack WiFi access.

For old-school heavy duty securityprofessionals,it comes with a fancy terminal-based interface along with a few more intersting featuers-

• Extensively developer-friendly documentation (Wiki,Manpages,dynamic tutorials )
• Actively involved and welcoming community (forums,RSS feeds,IRC channels )
• Launches PTW,WEP and fragmentation attacks
• Supports WPA migration Mode 
• Cracking speed is the market (hacker-rank benchmark tests)
• Support for multiple Wifi cards
• Can be easily integrated with third -party tools 
• As a bonus ,it comes bundled with a suite of wifi auditing tools including:
• airbase-ng
• aircrake-ng
• airdecap-ng
• airdecloak-ng
• airdriver-ng
• airdriver-ng
• airdriver-ng
• aireplay-ng
• airmon-ng
• airodump-ng
• airolib-ng
• airserv-ng 
• airtun-ng
• easside-ng
• packetforge-ng
• tkiptun-ng
• wesside-ng
• airdecloak-ng

The suite of wifi tools makes it possible for both novice and experienced users who have just installed WiFi systems at their home /workplace to be able to monitor their security system and create private channels for enhanced security if need be .

9.Maltego:

It's gained fame as the perfect tool for gathering intelligence and reconnaissance of data while one is performing the initial analysis of one's target.

It essentially works by cor-relating and determining relationships between different field of personal  data like names ,phone numbers,emails addresses,companies,organizations and social network profiles.

It passes through all forms of online resources like personal data on whois ,Domain Name Search records ,social networking sites online and cached records,search engines ,geoloacation service and online API service and users it to inverstigate the correlation between internet based infrastructures.

As stated on their webpage ,the features that make them unique include:

• A GUI-based interface with support for drag and drop options 
• Can analyse up to 10k entities/graph 
• Built in extensions for handling correlated data 
• Supports sharing of data in real-time 
• Can expo graphs to GraphML for further automated self-learning analyses
• Can generate lists for varied entities Can Copy and paste information

Available Platform: It's available for use on all major platform including windows ,Linux and macOS with the only prerequisite being Java 1.8 or greateral already installed.