Any cybersecurity specialist knows that malicious hackers have all kinds of computer tools at their disposal, allowing them to deploy multiple malicious tasks.
In this article, specialists from the International Institute of Cyber Security (IICS) ethical hacking course will show you some of the most popular hacking tools, employed by both novice hackers and advanced threat actors. Some of these tools are seen in depth in the IICS cybersecurity course.
As usual, we remind you that this article was prepared for informational purposes only and should not be taken as a call to action; IICS is not responsible for the misuse that may occur to the information contained herein.
Scanners
The tools listed below allow you to deploy various hacking tasks, including network scanning, pentesting, and vulnerability scanning.
- OpenVAS: This is a framework of several services and tools that offer a comprehensive and powerful solution for pentesting tasks, very common for ethical hacking
- Metasploit: This is a popular tool for developing and executing exploit code against a target remote system. Other important subprojects include the opcode database the shellcode file and related research
- Kali Linux: This is a Debian-based Linux distribution designed for ethical hacking, digital forensics, and pentesting tasks. Kali Linux comes pre-installed on programs like Nmap, Wireshark, John the Ripper, and Aircrack-ng
- Pig: This tool allows you to handle Linux packages
- Scapy: That’s a Python-based interactive library and program for batch manipulation
- Pompem: This is an open source tool designed to automate the search for exploits in major databases. Developed with Python, it has an advanced search engine that makes it very useful, both for cybercriminals and for specialists in ethical hacking
- Nmap: This is a free and open source utility for cybersecurity specialists
Monitoring
These are the most popular tools for network monitoring and open source data collection.
- Justniffer: This is a network protocol analyzer for capturing network traffic and generating logs individually, plus it can emulate Apache web server log files, track response times, and extract all captured files from HTTP traffic
- HTTPRY: This is a packet crawler designed to display and log HTTP traffic. This is not technically an analysis tool as it relies on the collection, processing and recording of traffic for further analysis
- NGREP: Ethical hacking experts can use this tool to find most of the common features of GNU grep by applying them at the network layer. in addition this tool supports pcap which will allow you to specify extended regular or hexadecimal expressions to match the payloads of the package data
- PassiveDNS: This tool allows you to passively collect DNS records to help with incident handling, network security monitoring, and general digital forensics. PassiveDNS examines the traffic of an interface or reads a pcap file and sends the dns server’s responses to a log file, cybersecurity course experts mention
- Node Security Platform: This is a set of tools with functions similar to Snyk, with the advantage that it is free or, failing that, very economical to use
- Ntopng: This is a network traffic scanner that shows network usage, similar to what the popular Unix command does
- Fibratus: This is a tool for exploring and monitoring the Windows kernel. It is capable of capturing most of the activity of the Windows kernel: creation and completion of processes/threads, file system inputs and outputs, registry, network activity, DLL upload/download and more, mention the experts of the ethical hacking course
Honeypots
In this section, we’ll review some popular honeypot and network intelligence solutions.
- HoneyPy: This is a low to medium interaction honeypot designed for easy implementation, high compatibility with other plugins and the application of custom configurations
- Conpot: Ethical hacking specialists define it as a small interactive back-end honeypot environment designed for easy implementation, modification and expansion. By providing a range of common industrial control protocols, it is possible to create the basis for building a single system, capable of emulating complex computing structures and deceiving threat actors.
- Amun: This is a Python-based honeypot with little interaction
- Glastopf: This is a honeypot that emulates thousands of vulnerabilities to collect data on attacks targeting web applications that works on a basic principle: giving the right answer to an attacker who is using a web application
- Kippo: This is a honeypot with mid-level SSH communication designed to record brute force attacks and other hacking variants
- Kojoney: This low-interaction honeypot emulates an SSH server, ethical hacking experts mention. The daemon is written in Python using the Twisted Conch libraries
- HonSSH: This is a high-interaction Honey Pot located between the attacker and the honeypot, creating two connections, ethical hacking experts say
- Bifrozt: This is a NAT device with a DHCP server that is typically deployed with a NIC connected directly to the Internet and a NIC connected to the internal network
- HoneyDrive: This is the main Linux distribution for honeypots. According to the experts of the cybersecurity course, this is a virtual device with Xubuntu Desktop 12.04.4 LTS installed and containing more than 10 pre-installed and preconfigured software packages of honeypot
- Cuckoo Sandbox: This is an open source software to automate the analysis of suspicious files
Packet capture
In this section, we will discuss the best solutions for packet capture and some system forensics tasks.
- Tcpflow: This is a program that captures data transmitted as part of TCP connections and stores the data in a convenient way for protocol analysis and debugging
- Xplico: According to experts in ethical hacking, this tool allows you to extract application data from Internet traffic. Xplico is not a network protocol analyzer, but an open source forensic analysis tool
- Moloch: This is an open source IPv4 packet capturer (PCAP) with indexing and database systems. Moloch users have access to a simple but effective web interface, as well as support for HTTPS passwords. According to the experts of the cybersecurity course, Moloch is designed to be implemented in many systems and increase their performance, handling a large amount of traffic per second.
- OpenFPC: This is a set of tools that come together to provide a buffering system and network traffic recorder. the goal of the project is to allow non-expert users to deploy a distributed network traffic logger on cots computers while integrating into existing log management and alerting tools
- Dshell: This is a solution for the forensic analysis of computer networks that, according to experts in ethical hacking, allows the development of plugins to support the division of network packet captures
- Steganographer: This tool is designed to capture packets and provide simple and quick access to various types of subsets of these packets
Trackers
This list includes some of the best network trackers to work on local and global networks.
- Wireshark: This is a free and open source package tracker employed for troubleshooting, analysis, software development and network communications, and education, ethical hacking experts mention
- Netsniff-ng: This is a free toolset for Linux that employs zero copy mechanisms, so when receiving and transmitting packets, the kernel will not need to copy packages from kernel space to user space and vice versa
Traffic encryption using a VPN
VPN solutions can also prove critical in these cases.
- OpenVPN: This is an open source application for creating secure connections. Cybersecurity course experts point out that OpenVPN uses its own SSL/TLS security protocol for key exchange
There are many other hacking tools, but this is a selected set of the most popular and that can prove useful for any researcher at various stages of security analysis.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.