Hacking can be used both for malicious purposes as well as a means for finding flaws in a system and notify the authorities to help them fortify their defences better. However, the tools and scripts used for hacking are known to all hackers for their own purposes. They help them greatly in their task by performing specific functions to gain leverage over a user’s system in case of non-ethical hackers and against malicious users in case of ethical hackers. Today we have covered some of them below.
ANGRY IP SCANNER
A hacker can track people and snoop for their data using their IP address. Angry IP Scanner also goes by the name of ”ipscan” and helps someone scan IP addresses and ports to look for doorways into a user’s system. It is an open source and cross-platform software and one of the most efficient hacking tools present in the market. Network administrators, as well as system engineers, are known to use Angry IP Scanner quite frequently.
Kali Linux was released in August 2015. It has a major release known as Kali Linux 2.0. This app is packed with distribution and interface tools. It has an improved hardware and supports a large number of Desktop environments. Kali Linux is a security-focused operating system you can run off a CD or USB drive, anywhere. With its security toolkit, you can crack Wi-Fi passwords, create fake networks, and test other vulnerabilities.
CAIN & ABEL
Cain & Abel is a password recovery and hacking tool, primarily used for Microsoft systems. It helps with password recovery by cracking encrypted passwords using a few brute force methods like the dictionary method. Cain & Abel can also record VoIP conversations and recover wireless network keys.
Burp Suite Spider, which is used to map out and list the different parameters and pages of a website merely by examining the cookies and initiating connections with applications residing in the website, is arguably the most important component of Burp Suite. Vulnerabilities in the web applications can be easily identified using Burp Suite, and many hackers employ this method to find a suitable point of attack.
Widely popular tool, Ettercap helps deploy a Man in the Middle attack. Attackers can use different attack methods on a victim’s system if its functioning is successful.
JOHN THE RIPPER
John the Ripper is a password cracking tool and uses the method of a dictionary attack, where different combinations of the words in a dictionary are matched against an encrypted string to find a hit. John the Ripper is obviously a brute force technique, and its viability depends on the strength of the password chosen by the user. Like all brute force methods, it will give a positive result, though the time it spends in doing so helps one decide whether to opt for it or not. It is a common tool used by hackers, though.
Metasploit is another cryptographic tool that is hugely popular with hackers, whether they are black hat or white hat. It helps hackers gain knowledge about known security vulnerabilities. Its evasion tools are one of the many applications of Metaspoilt.
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.
Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX, QNX/Blackberry, and is made available under GPLv3 with a special OpenSSL license expansion. Currently this tool supports: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported. This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.
Other noteworthy tools include Nmap, Wireshark, Aircrack-ng, Nessus, Netcat, and Putty.