Archives: Hacking Tools

Acunetix WVS

Acunetix is a web vulnerability scanner that automatically checks web applications. This tool is particularly good at scanning for vulnerabilities such as cross-site scripting, SQL injections, weak password strength on authentication pages and arbitrary file creation. It has a great GUI that has the ability to create compliance reports, security audits, and tools for advanced manual web app testing.

Is Acunetix WVS Free?

It is a commercial program but it’s fast and cheap.

Does Acunetix WVS Work on all Operating Systems?

It currently works on Windows operating systems.

What are the Typical Uses for Acunetix WVS?

Acunetix WVS is used to discover if your website is secure by crawling and analyzing your web applications to find if there are SQL injections. By doing this, its detailed report can identify where web applications need to be fixed.

AppScan

AppScan gives security testing throughout the application development lifecycle.

This tool can also assist with security assurance early in the development phase and easing unit testing. This tool can scan for many common vulnerabilities such as HTTP response splitting, cross-site scripting, hidden field manipulation, parameter tampering, buffer overflows, backdoors/debug options and many more.

Is AppScan Free?

The commercial version of this tool is available. Free trial versions might also be offered.

Does AppScan Work on all Operating Systems?

It only works on Microsoft Windows operating systems.

What are the Typical Uses for AppScan?

AppScan is used to the enhanced mobile application and web application security. It is also used to strengthen regulatory compliance and improve application security program management. This tool will also help users in identifying security vulnerabilities, generate reports and fix recommendations.

Burp Suite

Burp Site is a platform that contains different kinds of tools with many interfaces between them that are designed to facilitate and speed up processes of attacking applications.

All these tools share the same framework for displaying and handling HTTP messages, authentication, persistence, logging, alerting, proxies and extensibility.

Is Burp Suite Free?

A paid version is available. Free/trial versions may also be available.

Does Burp Suite Work on all Operating Systems?

Burp Suite Works on Linux, MAC OS X, and Windows operating systems.

What are the Typical Uses for Burp Suite?

This tool is used primarily to attack pentest web applications. It can also be used to read web traffics. Not only this app is useful and reliable. It also offers a lot of features.

Nikto

An open-source web server scanner, Nikto performs tests for over 6700 potentially dangerous files and programs on web servers.

It is also designed to check for over 1250 outdated server versions and specific version problems on over 2700 servers. Aside from that, it also checks server configuration items like the presence of multiple index files, HTTP server options and it will try to identify installed software and web servers. Plugins and scan items are frequently and can be automatically updated.

Although it is not designed to be a stealthy tool, it can test web servers in the fastest time possible. Nonetheless, there is also support for LibWhisker’s anti-IDS methods in case you want to try it by testing your IDS system for example.

Not all checks are security problems but security engineers and webmasters sometimes are not aware of the “info only” type of checks are present on their server. By using Nikto , these “info type” checks are marked in the information printed appropriately. Some check is also being scanned for unknown items in log files.

Is Nikto Website Vulnerability Scanner Free?

Yes, this tool is free to use and in fact, a lot of pentesters like this tool a lot.

Does Nikto Website Vulnerability Scanner Work on all Operating Systems?

Since Nikto is a perl based security testing tool, it will run on most systems with Perl interpreter installed.

What are the Typical Uses for Nikto Website Vulnerability Scanner?

Even if this scanner is free, it still has a lot of uses. Some of the uses include SSL Support, full HTTP proxy support, checking of outdated server components, save reports in various formats like XML, HTML, CSV or NBE, easily customize reports by using Template Engine, multiple ports scanning on a server or multiple servers via input file, identifies the software installed via header, files and favicons, host authentication with NTLM and Basic, checking of common “parking” sites, auto-pause at a specific time and a lot more….

Netsparker

We’ve covered this tool throughout our site on several occasions.

Rather than duplicate the content we recommend that you hit this link for detailed information and more resources on this tool.

OWASP Zed Attack Proxy

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools for scanning web applications.

This hacking tool is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.

BeEF

Browser Exploitation Framework (Beef) is another great professional security tool. This tool will give the experienced penetration tester pioneering techniques.

Unlike other tools, Beef focuses on leveraging browser vulnerabilities to check the security posture of a target. This tool is created solely for penetration testing and lawful research.

Is Beef Free?

Beef is free to use.

Does Beef Work on all Operating Systems?

Beef is available for Windows, Linux, and Mac OS X operating systems.

What are the Typical Uses for Beef?

This tool that can demonstrate the collecting of browser vulnerabilities or zombie browsers in real-time. It gives a control and command interface which facilitates the targeting of groups or individuals of zombie browsers. It is built to make the creation of new exploit modules easy.

Core Impact

Core Impact is considered to be the greatest exploitation tool available.

It has a huge and regularly updated database of exploits and can do neat tricks like exploiting one computer system than building an encrypted tunnel through that system to reach and exploit other machines.

Is Core Impact Free?

No, and this tool is expensive (about $30,000).

Does Core Impact Work on all Operating Systems?

Core Impact is natively working on Microsoft Windows.

What are the Typical Uses for Core Impact?

With this tool, users can: Leverage true multi-vector testing capabilities across network, web, mobile, and wireless. Run and check for a high level of unique CVEs (in some cases more than other multi-purpose tools) and validate patching efforts to ensure vulnerabilities were remediated correctly.

Dradis

Dradis Framework is an open-source tool that enables users to have effective information and data sharing especially during security assessments. Features include an easy report generation, attachment support, integration with existing systems and tools through server plugins and platform-independent.

Is Dradis Free?

Dradis is free.

Does Dradis Work on all Operating Systems?

Dradis is compatible with Linux, MAC OS X, and Windows operating systems.

What are the Typical Uses for Dradis?

Dradis is used to enable effecting the sharing of information or data among participants in a penetration test. Dradis is also a self-contained web tool that gives a centralized repository of data to keep track of what has been done and what is still ahead.

Metasploit

Metasploit is a very popular hacking framework with hundreds (if not thousands) of scripts that you can use to find and progress with your hack. We’ve already covered this tool on our site and we’d encourage you to visit this link here for more details.

Social Engineer Toolkit

Written by the founder of TrustedSec, Social-Engineer Toolkit (SET) is an open-source Python-based tool aimed at penetration testing around Social Engineering.

SET has been discussed and presented at conferences including DerbyCOn, Defcon, ShmooCon, and Blackhat. This tool has over two million downloads, this engineering toolkit is the standard for penetration tests and is support by the security community. SET has also been featured in a number of books such as “Metasploit: The Penetration’s Tester’s Guide” that is also written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.

Is the Social-Engineer Toolkit Free?

Yes, all official versions are free of use.

Does Social-Engineer Toolkit Work on all Operating Systems?

SET works on Linux, MAC OS X, and Microsoft operating systems.

What are the Typical Uses for Social-Engineering Toolkit?

The main purpose of the set is to improve and automate a lot of the social engineering attacks out there. This tool can automatically generate exploit hiding email messages or web pages.

sqlmap

sqlmap is an open-source tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It includes a powerful detection engine, a lot of niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Is Sqlmap free?

Yes, sqlmap is free to use and works out of the box with Python version 2.6.x and 2.7.x on any platform

1. Fully support MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.

2. Fully support for 6 SQL injection techniques which are boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.

3. It contains support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port, and database name.

4. Contains support to enumerate users, password hashes, privileges, roles, databases, tables, and columns.

5. Contains an automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.

6. Contains support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.

7. Contains support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.

8. Contains support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.

9. Contains support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.

10. Contains support to create an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.

11. Contains support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.

Some options for python sqlmap.py

Helpful Stuff

-h, –help Show basic help message and exit
-hh Show advanced help message and exit
–version Show program’s version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)

Target: At least one of these options has to be provided to define the target(s)
-d DIRECT Connection string for direct database connection
-u URL, –url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1”)
-l LOGFILE Parse target(s) from Burp or WebScarab proxy log file
-x SITEMAPURL Parse target(s) from remote sitemap(.xml) file
-m BULKFILE Scan multiple targets given in a textual file
-r REQUESTFILE Load HTTP request from a file
-g GOOGLEDORK Process Google dork results as target URLs
-c CONFIGFILE Load options from a configuration INI file

What are the Typical Uses for sqlmap?

Sqlmap is written in python and is considered as one of the most powerful and popular sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. This hacking tool can even read and write files on the remote file system under certain conditions. sqlmap is like Metasploit of sql injections.

How To Install Sqlmap?

This tool works best on Linux, preferably something like Kali Linux, Backbox or any other flavours therein for Pentesting Purposes.

Step 1: sqlmap -u “http://www.yourwebsiteurl.com/section…(without quotation marks)” –dbs

Step 2: sqlmap -u “http://www.yourwebsiteurl.comsection….(without quotation marks)” -D database_name –tables

Step 3: sqlmap -u “http://www.yourwebsiteurl.com/section…(without quotation marks)” -D database_name -T tables_name –columns

Step 4: sqlmap -u “http://www.site.com/section.php?id=51(without quotation marks)” -D database_name -T tables_name -C column_name –dump

sqlninja

SQL Ninja enables users to exploit web applications that use a Microsoft SQL Server as its database backend.

It focuses on getting a running shell on a remote host. This tool automates the exploitation process once an SQL injection has been discovered.

Is SQL Ninja Free?

Yes! all versions of this tool are free of charge.

Does SQL Ninja Work on all Operating Systems?

SQL Ninja works on Linux and Mac OS X operating systems.

What are the Typical Uses for SQL Ninja?

This tool is best used by cyber professionals to assist in automating the process of taking over a database server when a SQL Injection vulnerability has been discovered. If you are interested in this tool then you should go ahead and also take a look at SQL Map.

w3af

w3af is one of the most popular, flexible and powerful tools for finding and exploiting web application vulnerabilities.

It is very easy to use and it offers dozens of features of exploitation and web assessment plugins. Others call it a web-focused Metasploit. w3af is divided into 2 main parts which are the core and the plugins. Plugins are categorized into different types and these are discovery, bruteforce, audit, evasion, grep, Attack, output and mangle.

Is w3af Free?

All versions of this tool are free.

Does w3af Work on all Operating Systems?

It works on Windows, Linux and Mac OS X operating systems.

What are the Typical Uses for w3af?

The use of this goal is to create a framework that will help users secure web applications by discovering and exploiting all web application vulnerabilities.

Aircrack

By far the most popular and best-known tool (actually it is a “suite” of tools) when it comes to hacking WiFi. In fact, this is an old-school tool that has been around for ages.

This Wireless Hacking Tool is actually a suite and has various different entities within the package. This tool actually ships with Kali Linux and for most Penetration Testers is considered as “the go-to” tool when it comes to testing clients’ WiFi networks.

Aircrack is a “must-learn” if you are serious about a career as a network engineer or Penetration Tester.

Wifite

This tool is fantastic and being able to attack multiple WEP, WPA, and WPS encrypted networks in a row. It’s fast becoming the industry’s favorite WiFi Hacking Tool for Pentesters.

If you just need “one” tool to test your clients’ Wireless Network for security vulnerabilities. If you need a tool to get going and test your WiFi Hacking Skills, then I’d certainly recommend Wifite.

Airgeddon

Probably one of the more exciting and recent WiFi Hacking Tools that we’ve listed within this resource. This software comes highly recommended.

Airgeddon is a multi-use bash script for Linux systems to audit wireless networks. This tool, like other WiFi hacking software in this resource, can switch your interface mode from “Monitor” to “Managed”.

But, this tool does a whole lot more. For example, a security engineer (Penetration Tester) you can execute a DoS attack over a wireless network using different methods (mdk3, mdk4 and by using another popular Wireless tool called aireplay-ng). The tool is also able to work as a MITM “Evil Twin” Wireless attack.

This tool offers full support for 2.4Ghz and 5Ghz bands and can easily capture WPA/WPA2 personal network handshakes as well as cleaning and optimizing the handshake captured files.

What makes this tool different is that it can decrypt offline passwords that have been captured and then they can be brute-forced.

This is an excellent tool and one we’d certainly recommend you get to learn.

Wifiphisher

Wifiphisher is a WiFi hacking tool that can execute speedy automated phishing attacks against Wireless/WiFi networks with the intention of discovering user and password credentials The difference with this wireless tool (compared with the others) is that it launches a Social Engineering attack which is a completely different attack vector to take when attempting to breach WiFi networks.

Is Wifiphisher free?

Yes. This WiFi ‘cracking tool’, as it is often referred to – is completely free and available from GitHub.

Does Wifiphisher work on all Operating Systems, and what are the requirements?

1. Kali Linux is the officially supported Linux distro, but according to the developers GitHub page some users have been able to get the framework to work on other platforms. To be safe though we’d always recommend trying it either on Kali and almost certainly Linux since that is where you’ll get the most support.
   
2. You’ll also need a wireless network adapter that supports ‘Access Point’ (AP) mode, and your driver should also support Netlink.
   
3. Wireless network adapters are required that can be placed in ‘Monitor Mode’ and that are able to perform injection attacks.

What are the Typical Uses for Wifiphisher?

Wifiphisher can be used to a crack WiFi password. This tool takes the following steps: Wifiphisher deauthenticates the user from their legitimate AP. The framework then allows the user to authenticate to the Evil Twin AP that must be set up for the attack to be successful. Wifiphisher will then offer an HTML webpage to the user on a proxy that will notify them that an upgrade on the firmware has taken place and will ask them to authenticate again. The wifi password is passed to the hacker while the user will continue browsing the web not knowing what happened.

How To Install Wifiphisher

This WiFi hacking tool should ship with Kali Linux, but if it doesn’t then you will need to take the following steps to install the software:

Step 1: apt -get update (good hygiene to update your system pre-installation)

Step 2: cd Desktop (done to change to a directory where you can find the software afterward installation)

Step 3: git clone https://github.com/sophron/wifiphisher.git (clones the ‘repo’ from GitHub)

Step 4: cd wifiphisher (change to the newly installed directory)

Step 5: ls (list the items in the directory

Step 6: sudo phython setup.py install (install the python script, password might be required for non-Kali folks)

Step 7: wifiphisher (this will execute the software.)

Fern WiFi Wireless Cracker

Fern Wifi Cracker is a Wireless attack software and security auditing tool that is written using the Python Qt GUI library and Python Programming Language. This tool can recover and crack WPA/WEP/WPS keys and can run other network-based attacked on ethernet or wireless-based networks.

Is Fern WiFi Wireless Cracker Free?

Yes Fern Wifi Cracker is free of charge.

Does Fern WiFi Wireless Cracker Work on all Operating Systems?

This works on Kali Linux operating systems.

What are the Typical Uses for Fern WiFi Wireless Cracker?

This tool helps in assisting with Network security by enabling the user to view and discover network traffic in real-time and therefore can identify the hosts and network data discovery. With the network server data features, it will help toughen your server and discover vulnerabilities before they are exploited.

inSSIDer

inSSIDer is a Wi-Fi network scanner app for Microsoft Windows and OS X which has won a ton of awards. This tool has won many awards such as a 2008 Infoworld Bossie Award for “Best of Open Source Software in Networking”, but as of inSSIDer 3, it is no longer open-source. This tool has rave reviews when working alongside other wireless hacking tools.

KisMAC

KisMAC is a wireless network discovery tool for Mac OS X which is the mac version of Kismet. Although not as novice-friendly as similar applications this WiFi Hacking tool has a very popular following.

Kismet

Kismet is a wireless network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs and other technologies. Kismet will work with any wireless card which supports raw monitoring mode and is able to sniff the packets on 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X.

Telegram

Released in 2013, Telegram was the most popular end-to-end messenger app for ISIS and other terrorist groups. In fact, in many ways, ISIS made Telegram “well known”.

Telegram added “channels” to its app usage in 2014 – some features of the channels include “short-invite” sand the ability to download.

Telegram was developed by Nikolai and Pavel Duro. According to Telegram’s founder: “The number 1 reason for me to support and help launch Telegram was to build a means of communication that can’t be accessed by the Russian secret agencies.” So, clearly, the founders are not fans of FAGCI (the Russian equivalent of the NSA or GCHQ).

As of February 2016, Telegram’s members grew to a staggering 100 million – so clearly the app is popular and the technology is (was) very welcome.

Some countries have tried to ban Telegram. The Iranian government has cracked down on Telegram users by arresting over 100 group administrators and charged them with “immoral content” propagation.

Does Telegram as “a company” assist law enforcement?

Well, they do, and they don’t.

They do because in July 2016 they agreed to remove 600 pro-ISIS Telegram channels, and no, because they prove the security of their app by offering up to $300,000 to anyone that was able to crack into the communications over their end-to-end messaging encrypted mobile app. No one has to date been successful.

Whilst Telegram is considered “unhackable”, two Cybersecurity Experts, Ola Flisback and Zuk Avraham were able to discover certain vulnerabilities within the metadata and data being stored within the process memory.

Hong Kong

I live in Hong Kong and when the protests kicked off in June 2019, I noticed that large amounts of people were suddenly using Telegram, in fact, I have a post on that here.

Update: The Hong Kong Telegram account administrator, aged 26, has been denied bail. His account had over 100,000 members. It just shows how much power and influence you can have with one social media account. He is accused of inciting users to damage police property and interfere with traffic in Hong Kong during the anti-government protests. It is important for me to stress that he is innocent until proven guilty.

Wickr

Released in late 2014, Wickr is another popular mobile encryption app that was founded by American security experts.

Wickr is similar to (oddly) SnapChat because messages “self-destruct”.

Wickr messages can be set to expire within minutes or days. Wickr scores highly for its’ ability to erase message by default and therefore all timestamps as well.

WhatsApp

Clearly the industry leader which now ships with default encryption.

It has a reputation of “not being very secure” and perhaps for good reasons.

Released in 2010, WhatsApp is now owned by Facebook. Founders Brian Acton and Jan Koum didn’t launch their app as a messaging mobile application, rather, it was meant to let the user know if their contacts were online.

WhatsApp evolved into a messaging app and the company grew rapidly (over time) and was purchased by Facebook for $19 billion in 2014. A few years later Facebook merged WhatsApp metadata with their social media platform.

Compared to Telegram, WhatsApp has a gigantic user base, claiming to have over one billion users.

Of concern is that the fact that all messaging (and associated media) is timestamped with the metadata so it is possible for Digital Forensic experts to build a picture and pattern of communications if they so wished (and of course with legal enforcement).

WhatsApp was banned in Brazil which results in removing approximately 94 million people off the system after the company (Facebook) refused to comply with court orders to hand over the logs of WhatsApp messaging in the government’s war on drugs.

WhatsApp has also been previously banned in Bangladesh (along with other social media platforms too) as a result of political instability.

A security researcher, Bas Bosschert, was able to demonstrate that WhatsApp was vulnerable to being hacked. The WhatsApp hacking tool was called WhatsSpy and was able to track target status online and edit/ view their privacy settings and more.

All told, WhatsApp has a reputation as not being completely secure compared to the other end-to-end mobile encryption apps on the market.

Signal

Available for download since July 2016, Signal is free end-to-end encryption that works on both iOS and Android.

Edward Snowden made Signal popular by stating that he used it for his communication.

Since Signal is open sourced it can be forked into other projects or even white-labeled, should that be deemed necessary.

Surespot

Like Signal, Surespot is an open-source mobile encryption messaging app.

It is similar to Wickr in the sense that messages can be timed to be automatically ‘erased’ and, working on both iOS and Android, the app also facilitates ‘multiple identities’.

SilentCircle

This mobile encrypted tool was named by ISIS as being their preferred mobile messaging application!

This app was designed by the ex-US military.

Upon hearing that their app was being used by Islamic State, the time behind SilentCircle decided to make creating an account more rigorous.

Viber

Viber is actually very secure since they claim that they can’t read or listen to any of your chats and calls.

The creators and engineers who maintain Viber claim that they access messages since they use end-to-end encryption by default. This means that all private and group communications are completely encrypted so that only users can read or hear messages.

Threema

Released in December 2012, this Swiss-engineered mobile app has (like all the other encrypted messaging tools listed in this resource), end-to-end encryption.

According to Threema, “messages are stored for up to 14 days if not deleted on servers; whichever comes first”. This makes it impossible for law enforcement to subpoena Threema. Interesting as a tangent to note that Threema joins the list of other notable and successful Cybersecurity companies such as Protonmail.