Content Written By Henry Dalziel, 2020
WTF Is This Post?
I list my favorite Hacking Tools and Hacking Software of 2020 that I used throughout last year and continue to use them.
I’ve been updating this resource since 2012, yep, that long, and I thought it would be a shame to break with this tradition.
The list originally started by a vote and this list haven’t really much changed since then. However, in the true spirit of our eroding freedoms, I decided to remove the voting system and have adopted a more dictatorial approach.
I base the list on whichever tools I feel are the best supported, most loved but importantly, referred to within the pentesting community.
This resource is updated (pretty much) on a weekly basis.
On the agenda is to re-add a voting system so that we can let y’all vote on what tool is hot and what’s not.
Specific Hacker Tool Categories
Before we dig into my Top Tools list of 2020 let me just remind you that I also have a bunch of other lists and recommended tools from these categories:
Hack Tools Listed On This Page:
OK, so, moving on, let’s start with the 2020 list!
PS, although the URL of this resource does state “top ten” there are actually eleven and it will probably grow to many more of the course of the year.
* Remember that you can also click through to tutorials that I’ve recommended if you’d like to learn more about how to use these tools.
This tool is amazing and I love it! Highly recommended.
I interviewed the developer and hacker who made SN1PER!
To learn how (why!) he created the rapidly growing tool click here.
Sn1per is a vulnerability scanner that is ideal for penetration testing when scanning for vulnerabilities.
✓ A majorly popular tool that is like a Swiss Army Knife;
✓ Rammed full of useful commands for your profiling;
✓ Very active community and developers updating the tool
It’s a total pleasure to work with and it’s regularly updated.
The team behind the software, which is easily loaded into Kali Linux, has a free (community version) and a paid plan as well.
The tool is particularly good at enumeration as well as scanning for known vulnerabilities.
If you’re studying for the OSCP (which requires a ton of enumeration), we’d recommend that you get your head around using Sn1per.
We’d suggest using this tool in tandem with Metasploit or Nessus so that way if you get the same result then you definitely know that you’re onto something.
Sn1per is probably the most recently popular tool of 2020 and for good reason. It’s all an all-round OSINT/Reconnaissance hackers tool.
This tool gets the most attention on our site for obvious reasons; it works well.
#2 JOHN THE RIPPER (“JTR”)
JOHN THE RIPPER Review
If you need to crack an offline .zip folder, for example, then John is your friend. 10/10 and an old favorite for hackers around the world.
Quite frankly – this is the coolest named tool out there: John the Ripper.
✓ Probably the best known and loved “Password Cracker”;
✓ Huge community (even StackOverflow will be good for support);
✓ Cracks literally every offline type of file
Often you’ll see it abbreviated as ‘JTR’. JTR is an awesome bit of hacking software that is designed to crack even highly complex passwords.
John the Ripper, mostly just referred to as simply, ‘John’ can be considered as being a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks.
John the Ripper takes text string samples (from a text file, referred to as a ‘wordlist’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string.
This tool can also be used to perform a variety of alterations to dictionary attacks.
If you are somewhat confused between John the Ripper vs THC Hydra then think of John the Ripper as an ‘offline’ password cracker whilst THC Hydra is an “online” cracker. Simple. They both have tremendous value and if you can crack learning them then you’ll be in an advantageous position for your career in 2020.
#3 THC HYDRA
THC HYDRA Review
Comparable to John The Ripper but this is an online password cracker. Popularly used to crack into WordPress accounts. Regularly updated and loved by many.
✓ Total classic “Old School” Hackers “Hack” tool;
✓ Very likely the web’s favorite tool to hack WordPress;
✓ A versatile and robust syntax that gets the job done.
I’ve purposely placed THC Hydra underneath John The Ripper because they often go ‘hand-in-hand’. THC Hydra (we’ve abbreviated to simply ‘Hydra’ throughout our site) is a hugely popular password cracker and has a very active and experienced development team.
Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use a dictionary or brute-force attacks to try various passwords and login combinations against a login page.
This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.) and databases such as LDAP, SMB, VNC, and SSH.
If you’re interested in THC Hydra, you should also take a look at John the Ripper as well.
I interviewed the developer and hacker who made THC Hydra!
To learn how (why!) he created the rapidly growing tool click here.
#4 CAIN & ABEL
CAIN & ABEL Review
Classic old school hack tool, which can helps with attacks such as MITM (Man In The Middle).
✓ Another classic tool loved by Pentesters;
✓ Actively updated and supported tool.
Cain and Abel (often simply abbreviated to Cain) is a hugely popular hacking tool and one that is very often mentioned online in a variety of ‘hacking tutorials’.
At its’ heart, Cain and Abel is a password recovery tool for Microsoft Windows but it can be used off-label in a variety of uses, for example, white and black hat hackers use Cain to recover (i.e. ‘crack’) many types of passwords using methods such as network packet sniffing and by using the tool to crack password hashes.
Cain, for example, when used to crack password hashes would use methods such as dictionary attacks, brute force, rainbow table attacks, and cryptanalysis attacks.
#5 METASPLOIT (PENETRATION TESTING SOFTWARE)
Say no more. If you had to live on a desert island with only one hacking tool then it would have to be Metasploit. Remembering of course that Metasploit works with other tools listed in this resource, for example, Nmap also pipes into the framework.
✓ The “mother” of all Hacker Tools;
✓ Gigantic resource of exploits just waiting to be used;
✓ A “must-learn” tool if you’re serious about becoming an Ethical Hacker.
Metasploit is probably the most famous tool in our opinion, probably because it has such a vibrant community, it’s absolutely well-maintained and also packs a ton of options with being able to deploy payloads into vulnerabilities.
A serious Penetration Tester should know how to use this Pentesting Tool inside-out. If you had to learn one tool to use in 2020 we’d definitely push you to learn Metasploit.
The Metasploit Project is a hugely popular pentesting or hacking framework.
Metasploit, along with Nmap (see below) and Wireshark (see below) and probably the ‘best known’ three hacker software tools out there.
If you are new to Metasploit think of it as a ‘collection of hacking tools and frameworks’ that can be used to execute various tasks. Also – we should also add that if you have never heard of Metasploit and are interested in getting into the Cybersecurity Industry, especially as a Penetration Tester, then this is a ‘must-learn’ tool.
Most practical IT Security courses such as OSCP and CEH include a Metasploit component.
Widely used by cybersecurity professionals and penetration testers this is an awesome piece of software that you really out to learn.
Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation.
There’s a ton of incredibly useful Metasploit information out there and we hope that the books that we’ve chosen go some way to help you on your journey, not least if you are a beginner just starting out and looking for beginners tutorials in how to use Metasploit.
This tool really is the Social Engineers tool of choice. This tool runs on intelligent software that can map out all connected social profiles. It’s a must-learn for any budding Security Professional.
✓ Actively supported;
✓ One of the main tools for Social Engineering hacks
Maltego is different in that it works within a digital forensics sphere. Maltego is a platform that was designed to deliver an overall cyber threat picture to the enterprise or local environment in which an organization operates.
One of the awesome things about Maltego which likely makes it so popular (and included in the Kali Linux Top Ten) is its’s unique perspective in offering both network and resource-based entities are the aggregation of information sourced throughout the web – whether it’s the current configuration of a vulnerable router within a network or the whereabouts of your staff members on their international visits, Maltego can locate, aggregate and visualize this data!
For those interested in learning how to use Maltego we’d also recommend learning about OSINT cybersecurity data procurement.
#7 OWASP ZED
OWASP ZED Review
This is another old school classic. All the times I’ve used it its worked well. Zero complaints.
✓ Supported by the mighty OWASP (i.e. these folks know a thing or two about web app security);
✓ Huge library of exploits and hacks.
The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security.
This hacking and pen-testing tool is very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security.
ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually. Understanding and being able to master this tool would also be advantageous to your career as a penetration tester. If you are a developer then you have it’s obviously highly recommended that you learn how to become very proficient with this ‘hacker tool!’
This tool is the mac-daddy of all network monitoring tools on the market today. It’s so big that there is even a security conference dedicated to it called SharkFest!
Update! SharkFest 2020 has been cancelled due to COVID-19.
✓ A hugely important tool that you must learn if you want to be an Ethical Hacker;
✓ A massive community so don’t worry about being able to ask questions and master this tool.
Wireshark is a very popular pentesting tool and for over a year it was not included on our list, however, by popular demand, we added it in late June 2016 and it remains a constant fixture on our list, even in 2020.
It is difficult to place Wireshark in any specific category but in most cases, it is used to monitor traffic.
Wireshark essentially captures data packets in a network in real-time and then displays the data in a human-readable format (verbose).
The tool (platform) has been highly developed and it includes filters, color-coding and other features that let the user dig deep into network traffic and inspect individual packets. If you’d like to become a penetration tester or work as a Cyber Security practitioner, then learning how to use Wireshark is a must.
There are a ton of resources out there to learn Wireshark, and, of particular interest, there’s also a Wireshark Certification which you can achieve and place on your LinkedIn profile.
By far the most popular WiFi Hacking Tool on the Internet. Period. This is one of those “must-learn” hacking tools.
The Aircrack suite is the defacto bad-boy toolkit for any Wireless Hacking Deployment. It’s a classic and spawned a generation of hackers on the Interwebs.
✓ Fantastically written efficient tools that work great;
✓ Not difficult to learn and easy to modify and tweak.
The Aircrack suite of Wifi (Wireless) hacking tools are legendary because they are very effective when used in the right hands.
For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode).
For those tasked with penetrating and auditing wireless networks Aircrack-ng will become your best friend. It’s useful to know that Aircrack-ng implements standard FMS attacks along with some optimizations like KoreK attacks, as well as the PTW attacks to make their attacks more potent.
If you are a mediocre hacker then you’ll be able to crack WEP in a few minutes and you ought to be pretty proficient at being able to crack WPA/ WPA2. For those interested in Wireless Hacking we’d also highly recommend taking a look at the very awesome Reaver, another very popular hacking tool that alas we couldn’t add to our list.
#10 NMAP (NETWORK MAPPER)
Nmap is equally as iconic as Metasploit. A total “must-learn” tool. Go check out Zenmap if you prefer the GUI.
Nmap is reliable and fascinating once you master it. There’s also a GUI version for those that don’t want to use the command line. A lot of other tools actually incorporate Nmap (for example Metasploit) so you’ll have to learn it eventually. In fact – you’ll want to learn it because it is fun and of course provides the hacker with a lot of useful and actionable data.
✓ Iconic tool loved and used by millions (well, maybe not millions but definitely a lof of InfoSec folk);
✓ Easy to use and frankly, awesome!
✓ Extremely useful!
Nmap is an abbreviation of “Network Mapper”, and it’s a very well known free open source hackers tool. Nmap is mainly used for network discovery and security auditing.
Literally, thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime.
Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target.
There are dozens of benefits of using nmap, one of which is the fact that the admin user is able to determine whether the network (and associated nodes) need patching.
Nmap’s been featured in literally every hacker movie out there, not least the
recent Mr. Robot series.
#11 NIKTO (WEBSITE VULNERABILITY SCANNER)
One of the most effective web applications hacking tools out there.
✓ Loyal hardcore community backed by first-class developers;
✓ Easy to use and fun once you get the hang of it.
Nikto is another classic ‘Hacking Tool’ that a lot of pentesters like to use.
Worth mentioning that Nickto is sponsored by Netsparker (which is yet another Hacking Tool that we have also listed in our directory). Nikto is an Open Source (GPL) web server scanner which is able to scan and detect web servers for vulnerabilities.
The system searches against a database of over 6800 potentially dangerous files/ programs when scanning software stacks. Nikto, like other scanners out there, also scans for outdated (unpatched) versions of over 1300 servers, and version specific problems on over 275 servers.
Interestingly, Nikto can also check server configuration items such as the presence of multiple index files, HTTP server options, and the platform will also try to identify installed web servers and web applications. Nikto will get picked up by any semi-decent IDS tool so it’s really useful when conducting a white-hat/ white-box pentest.
Certainly, a great tool to learn your skills when attacking an open box for training.
We’ve been managing this resource for many years now and its success is determined by all the contributions that our visitors have given us over the years.
Our Hacker Tools “How To” resource works like this: we try to answer all the “reasonable” questions we receive and the ones that are asked the most we include in our sticky FAQ below.
Many of the questions submitted to our resources are repeated and include how to access social media accounts like Facebook, Instagram, Pinterest, etc. The truth is that doing so constitutes a crime, and besides, gaining entry through the front door (i.e. the login page) is never going to work. The “easier” method would be something like keyword logging or similar.
Using penetration testing tools listed throughout our directory, which we’ve we updated for 2020 on someone else’s computer or network without permission is a crime and judges are increasingly happy to give you jail time. Tread with caution and always seek permission!
No Such Thing As A Stupid Question
We also get a ton of messages advertising their hacking skills and saying that you can hire them to hack a Facebook account (for example) – well, never trust them. Hiring some black-hat hacker will not work because, more to the point, how can you trust them?
However, having said that, we LOVE to hear from you so please drop us a question regarding anything related to our hacking tools resource and we’ll happily reply!
Previously Asked Questions (with Answers)
Are “Hacker Tools” and “Hacker Software” illegal?
This is a great question and is asked dozens of times a month.
The easy and simple answer is, it depends.
The tools that we list are absolutely not illegal but they can still be used for nefarious gain.
Think of it like this: a gun can be used for good or bad. A peacekeeper can have a weapon that could be used as a last resort in defending themselves but their initial purpose of having a gun (or weapon) is to “do good”. Of course, the same gun could be used by a criminal or gangster so whilst the tools we list are mostly used by Cybersecurity Professionals, of course, some nefarious individuals may indeed use these tools for illicit gain.
An example of an “illegal hacking tool” would be if it were designed to exploit a widely unknown zero-day vulnerability.
What are hacking tools?
Throughout our directory, we refer to “Hacker Tools” as being any form of software that is designed to identify and repair security vulnerabilities. The “tool” is only as good as its’ user so you can expect to generate instant results by just using these tools; rather, you need to understand the system or machine that you are either auditing or penetrating and also understand the vulnerability that you’ve been able to find using these tools.
Is it difficult to learn how to use these tools?
Nope. Like anything you just have to dedicate time and patience. And – of course, owing to the nature of these tools it is highly recommended that you either seek permission on targets that you scan or attempt to penetrate, or better you create your own hacking lab.
How do I install these tools?
The easiest way, and if you’re serious about learning how to use these security tools, is to install a Linux Operating System (‘Distro’) that ships with all these tools pre-bundled. The most popular of these Linux Distros in Kali Linux (which replaced “Backtrack”), Backbox and DarkArch. There are a bunch more which I’ll add to this sticky question over the course of the year.
The other way, of course, is to install these tools “one by one”.
How do I know which tool to use?
The “best hacker tool” for the task you have at hand is difficult, subjective and may be totally opinionated.
What we do here at Concise Courses is to list the most popular tools and software that are used by security professionals (like Penetration Testers) in the industry.
As ever, your mileage will differ. The best practice is to try several tools when engaging a security audit job or other. That way, if your results keep producing the same result then you can confirm your discovery or the vulnerability for example.
Will you be adding new hacking tools sections over the year?
We have another three categories lined up, plus a bunch of improvements, tutorials, and other information.
How can I make a “Hacker Tool”, or indeed any type of tool?
You need to learn how to code.
Python is the recommended language to use when scripting automation. You’ll likely have to use existing API’s for resources such as pinging “whois” data and geo-coordinates. The other thing you can do of course is to fork existing codebases on GitHub and have a play around yourself to see how it was built.
In fact, we have a resource in which we’ve interviewed dozens of developers that have scripted, coded and promoted their tools. Many of these tools ship with Kali Linux, Backbox and Parrot OS.