Hacker Software Developers

In this evergreen post, I place all the interviews I’ve done with real Hackers (‘Developers’) that created and maintain some pretty amazing tools that have had an impact on us all.

Most of their tools ship with Kali Linux, Backbox and all those other pentesting and forensic Linux Distro’s out there, and we use them all on an often daily basis.

This post and resource sprung to life when I realized that it was about time we showed some love to the folks that made the pentesting tools that we all use and love.

Legendary Hacking Tools

Some of these tools have legendary status.

Edward Snowden, for example, used Kismet (I interview the developer – see below).

He used it to make contact with journalists pre-whistleblowing; specifically, he used it whilst wardriving in Hawaii trying to find some random WiFi connection.

So, pretty cool when you think about it, well it is to me at least!

Edward Snowden used Kismet pre-exile

My favorite hacking tool is SN1PER.

I interviewed the developer at the end of last year, 2019, and listed as being one of the Best Hacker Tools Of 2020.

Other noteworthy mentions in this ever-growing list include SIPViscious, WPScan for WordPress Hacking, CowPAtty for WiFi Hacking and theHarvester for Email Scraping and Reconnaissance.

All these tools are used daily by Penetration Testers, so, let’s meet the crew!

List of Hackers I’ve Interviewed

These are the folks that make the hacking tools listed included in Kali Linux and other penetration testing Linux Distro’s.

FYI: Where possible I link to their project on GitHub.

* Many of them are looking for help to develop their hack tools so get in contact with them, and thank you for checking out this resource.

xer0dayz
SN1PER
Joshua Wright
KillerBee, KillerZee, Asleap, CoWPAtty
Matteo Cantoni
snmpcheck
Elias Oenal
multimon-ng
Filip Waeytens
dnsenum
Davide Del Vecchio
Bluesnarfer
Gil Dabah
diStorm, diStormx
Mike Kershaw
Kismet
Andrew Hortons WhatWeb, URLCrazy & Username AnarchyChristophe Grenier
TestDisk
Nikhil Mitta
Kautilya
Francisco Rodriguez
Plecost
Anders
mfterm
Daniel Roethlisberger
SSLsplit
Aldo Cortesi
mitmproxy
Adam M. Swanda
Intersect Framework
Ryan Dewhurst
WPScan, DVWA
Sandro Gauci
SIPVicious
Christian Navarrete
DotDotPwn
Andres Riancho
w3af & nimbostratus
Tasos Laskos
CDPSnarf, raw2vmdk, Arachni
Lars Brinkhoff
httptunnel
Emanuele “crossbower” Acri
HexInject
Christian Martorella
theHarvester
Andrew Smith
Bluepot
Jose Miguel Esparza
peepdf
Julio Gomez Ortega
findmyhash, Oauzz & Iker
Robin Wood
40+ Tools!

Tool: SN1PER

Developer: xer0dayz

Developer Profile:
xer0dayz (the Hacker who developed Sn1per) is an Offensive Security Pro. He’s a highly skilled pentester and developer of the really popular Sn1per tool!

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I created Sn1per in 2014 to automate and leverage the latest pentesting tools and techniques. There really wasn’t a good “point and shoot” solution at the time, so I decided to make my own.

What language did you develop your tool in and why did you choose that particular language?

I built most of Sn1per myself, but there have also been a few developers on Github which have contributed along the way. Sn1per started out using mostly Bash scripting but has since become a hybrid of Bash, Python, and PHP with the development of Sn1per Professional.

Which is your favorite hacking tool? Is it a framework?

My favorite hacking tool of all time was created in the early/mid-’90s called “Aftermath 2000”. It is where I got my start in the world of hacking.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

The future of Sn1per will focus on Sn1per Professional and growing the XeroSecurity product line. We have a number of products that we’ll be releasing over the next few months that will further enhance Sn1per – so we’re excited about that. We’re always on the lookout for new tools and techniques that can be included in Sn1per, so if there’s a tool that can further enhance Sn1per, we’re always open to suggestions.

I published a Sn1per tutorial post here with an excellent video from SaintDrug.


Tool: dnsenum

Developer: Filip Waeytens

Developer Profile:
Filip is a Penetration Tester at NATO Communications and Information Agency (NCI Agency). Filip is also the developer of dnsenum, included in Kali Linux.

He is also the founder or Brucon which is a Hacking/IT Security convention, taking place in Ghent, Belgium. Brucon features Internationally renowned Cybersecurity speakers and aims to become the best and most fun of it’s kind in Europe.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I develop tools if they don’t exist yet, or if the existing tools don’t do what I want or simply don’t have the functionality that I want. I started with dnsenum a long time ago and at that time there was no tool that did DNS enumeration. Of course, you can do most of the stuff with ‘dig’ or ‘nslookup’ and some bash-fu, but a good tool compiles what you need.

It took some years before similar tools showed up and I guess it wasn’t too bad since people seem to use it.

What language did you develop your tool in and why did you choose that particular language?

Perl: In 2003 it was still the most popular scripting language. It had libraries for DNS and I was familiar with the language. These days, if I had to redo it, it would probably be Python.

Which is your favorite hacking tool? Is it a framework?

Since I do mostly web app stuff lately, it’s Burpsuite Pro.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

It’s on GitHub and it’s opensource.

People can contribute to it and fix bugs, make it more stable, add stuff … This is what has happened over time as well when I got contacted by tix, a hacker I didn’t know who I worked with to extend the functionality and who is a far better coder than I am.


Tools: WhatWeb, URLCrazy & Username Anarch

Developer: Andrew Hortons

Developer Profile:
Andrew is a Cyber Security Expert, from New Zealand living in Melbourne, Australia. I currently work as a security consultant for HackLabs.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I developed WhatWeb to be a web scanner that would quickly and intelligently recognize websites. It is like Nmap for the web and now has over 1700 plugins. I developed it because I wanted to be able to scan the websites of an entire nation and no tools existed at the time.

URLCrazy is a domain name threat discovery tool. I built this to discover and defend against domain attacks including typo-squatting and bit-flipping.

This was the first open-source tool developed to study these attacks and is arguably still the most sophisticated. Username Anarchy is a tool to generate possible usernames.

I developed it so that I could find weak Windows domain accounts during external penetration tests. There’s always someone with the password of Welcome1 or Password1.

I have written other tools but WhatWeb and URLCrazy are the best known and are both included in Kali Linux.

What language did you develop your tool in and why did you choose that particular language?

I prefer to code in Ruby.

The language is designed according to a set of conventions that make coding a more natural and enjoyable experience. Ruby literally brings the coding closer to English.

Which is your favorite hacking tool? Is it a framework?

Rather than pick a favorite that everyone knows about, I’ll give a shoutout to MiTM attack tools. The weakest attack surfaces have shifted from the server-side in the early 2000s to the client-side, and now it is shifting to the network communications. For MiTM attacks, I use BetterCap, evilgrade, and yersinia.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I’ve literally got more plans and ideas than I could achieve in a lifetime. I’m very interested in domain threat intelligence and am working on that at the moment and it may become a successor to URLCrazy.


Tools: mfterm

Developer: Anders

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

The tool is called mfterm which comes from the Mifare NFC tag type it can be used with and “term” from the terminal CLI UI.

When NFC tags started showing up everywhere, from public transport to key cards, I became interested in finding out how they worked. I soon discovered that Mifare 1k/4k tags were really common. I used tools like mfoc and mfcuk to recover keys, but didn’t find any convenient tool to edit and read the tags data. So I started developing mfterm for myself and my friends. I rely heavily on libnfc and couldn’t have done it without the work done by people in that project.

What language did you develop your tool in and why did you choose that particular language?

mfterm is written in C. It was convenient since the canonic library libnfc was a C library.

Which is your favorite hacking tool? Is it a framework?

Hackers are the MacGyver’s of the world and we try to not get hung up on particular tools, but instead, try to find the best tool for the task at hand (or create a new tool if we can’t find one). However, some tools that I keep coming back to are Nmap, burpsuite, sqlmap, Metasploit as well as the “basic” Linux programs nc, whois, traceroute, ping, ssh, curl, etc.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

mfterm is now a “mature” tool and active development has slowed down. Currently, I consider it a feature-complete for the use cases I have. However, I still fix bugs and some times merge requests from contributors that contact me. Recently it was added to homebrew by a person that contacted me and wanted to do it. That part is great! When someone finds your tool and contacts you with a suggestion or wants to contribute some little part.


Over 40+ Tools!

Developer: Robin Wood

Developer Profile:
Freelance Security Consultant, Researcher, co-founder of SteelCon. Robin has developed over 40 tools! Hacker, coder, climber and co-founder of SteelCon, which is a Cybersecurity Conference in the UK freelance tester and researcher.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I’ve got over 40 tools published so far. The majority have been developed during testing to help make the test easier or to squeeze more data out for the report.

What language did you develop your tool in and why did you choose that particular language?

I use many languages. Always choose the one that is appropriate for the job, don’t try to get the language to fit the project.

Which is your favorite hacking tool? Is it a framework?

Firefox – the majority of my work is web app testing and so it all starts in the browser.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I want to see the tools used. How they develop is up to the people using them and their feedback.


Tools: WPScan and DVWA

Developer: Ryan Dewhurst

Developer Profile:
Founder of Dewhurst Security, DVWA and WPScan. Ryan has been working in the security industry since 2009. He has completed a BSc Hons in Ethical Hacking for Computer Security with a First class honours.

When he’s not helping his clients build more secure software he enjoys managing and contributing to various Open Source software projects. Some of his own projects include Damn Vulnerable Web App (DVWA), WPScan and others. Born in the UK, brought up in Spain and now lives on the French side of the Basque Country.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

WPScan back in 2009.

I was running my own WordPress blog and saw a vulnerability posted for WordPress on the Full Disclosure mailing list. I wrote a quick script to exploit the vulnerability. I started investigating what other issues affected WordPress.

This lead to adding additional code to the initial script and thinking of expanding the script into a more robust tool. I released the code, started getting feedback from users and other developers got involved. The other developers, now known as the WPScan Team, helped make the WPScan tool what it is today. Damn Vulnerable Web App (DVWA) – I wrote this tool when I was at university. The course did not cover web security until the later stages and I was eager to learn sooner. I thought the best way to teach myself web security was to write deliberately insecure code examples for specific vulnerabilities.

This way I knew what the insecure code looked like and could also practice exploiting vulnerabilities in a legal environment. I started to create a web application with all the vulnerable code, attempting to make the application a little realistic and not just a bunch of vulnerable pages. I released the code, which at the time was horrible, but soon someone came on board and helped me mature the project.

What language did you develop your tool in and why did you choose that particular language?

For WPScan I wrote it in Ruby from the beginning. It was a language I wanted to learn at the time. For DVWA, I wrote it in PHP as it was easy to learn and easy to implement vulnerabilities.

Which is your favorite hacking tool? Is it a framework?

Nikto, Burp Suite, cURL, Nmap.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

To have a commercial SaaS offering for non-technical users.


Tools: CDPSnarf, raw2vmdk, Arachni

Developer: Tasos Laskos

Developer Profile:
Tasos is an experienced InfoSec expert with a demonstrated history of working in the information technology and services industry. Strong information tech/IT professional skilled in Vulnerability Management, Ruby, Black Box Testing and Cybersecurity.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

CDPSnarf is a sniffer for the CDP (Cisco Discovery Protocol) and was created as an educational exercise during my BSc Network Computing studies. One of the courses included Cisco networking and at some point, we were studying the CDP protocol; in order to get a better understanding of it, I decided to write a packet sniffer for it. raw2vmdk is a forensic utility that generates VMDK files from ‘dd’ disk images to allow for those images to be loaded in a VM for analysis.

It was created around the same time as CDPSnarf and the reason for its creation was to help a friend analyze HDD dumps of a honeynet we had created as a means to gather attack data for his Ph.D. research. The honeynet nodes were real machines, once we were done we took HDD images using the ‘dd’ utility and raw2vmdk helped extract HDD geometry and other data needed to create a VMDK file in order to load those images in a VM for forensic analysis.

Arachni is a Web Application Security Scanner and was created shortly after raw2vmdk, as an educational exercise, in order to pass the time during a free summer.

I wanted to learn Ruby for quite some time and always had an interest in webapp scanners, so I decided to kill 2 birds with one stone by writing a webappsec scanner in Ruby.

The system and the problems it presented turned out to be very interesting, so I basically started working on it and never stopped.

What language did you develop your tool in and why did you choose that particular language?

CDPSnarf was developed in C because I was interested in C at the time and also that was the easiest way for me to access the pcap library which was necessary for the CDP packet capture. raw2vmdk was developed in Java because I wanted the utility to be platform-independent and because a supporting library that does most of the disk image analysis was written in Java. Arachni was developed in Ruby simply because I wanted to learn Ruby.

Which is your favorite hacking tool? Is it a framework?

Call me biased, but my favorite tool is Arachni and it’s also a framework. I’ve been exclusively dealing with web application security for a long time and Arachni provides a lot of functionality to help in that arena, not only as a scanner but also as a set of libraries that one can use to write their own pentesting scripts, tools or even custom scanners.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I think that all aforementioned tools have reached their goals, especially CDPSnarf and raw2vmdk which have been done for a long time now. With Arachni there’s still a lot of room for improvement, especially when it comes to performance and I’m constantly working on that, but by and large, I’d say that the project has reached its goal. It’s feature complete and based on independent industry-wide benchmarks it provides the best crawl coverage, vulnerability identification and accuracy of any alternative; of course, YMMV in real-world cases, but based on the feedback I’ve received by and large it performs similarly well there too.


Tools: Bluepot

Developer: Andrew Smith

Developer Profile:
Andrew is a highly experienced Cybersecurity Professional.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

The hacking tool’s name is Bluepot.

What language did you develop your tool in and why did you choose that particular language?

The tool was written in Java.

Which is your favorite hacking tool? Is it a framework?

Nmap would be my favorite tool.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I’d like someone to help fix it!


Tools: KillerBee, KillerZee, Asleap, CoWPAtty

Developer: Joshua Wright

Developer Profile:
Joshua Wright is a hacker, a public speaker, an educator, and an author. Josh’s publications include [Amazon] “Hacking Exposed: Wireless” (McGraw-Hill) and articles for technical publications, trade magazines, and academic journals. As a senior instructor for the SANS Institute, Josh has authored and teaches classes on mobile and wireless hacking techniques to private and government institutions.

As a public speaker, Josh regularly presents information security trends and innovative attack techniques at public conferences and private audiences including RSA, ShmooCon and DEF CON. As a hacker, Josh has disclosed critical vulnerabilities in major technology products and standards affecting companies including Oracle Corporation, Apple Corporation, and Cisco Systems, as well as vulnerabilities affecting standards-based projects including WiFi, ZigBee, Z-Wave, and RFID, while contributing widely-used attack tools and exploits to the penetration testing community.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

All of the tools I’ve created were born from an opportunity to demonstrate a flaw or a weakness, fulfilling a gap where a tool did not already exist. Major tools include KillerBee, KillerZee, Asleap, and CoWPAtty.

What language did you develop your tool in and why did you choose that particular language?

I choose whichever language makes sense depending on the technique at hand. Sometimes it’s 8086 assemblers; sometimes it’s Python.

Which is your favorite hacking tool? Is it a framework?

My favorite tool is my brain.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

My end goal is to demonstrate a flaw, let people use my tools to reproduce the flaw on their own, then to let the community take over my source and continuing to develop the tools to make them better than I could have imagined.


Tools: Bluesnarfer

Developer: Davide Del Vecchio

Developer Profile:
My name is Davide Del Vecchio aka Dante and I work in Bologna (Italy) as Head of Enterprise Security for YNAP (Yoox Net a Porter Group) the world leader e-retailer of fashion and luxury.

I am a co-founder of the “Hermes Center for Transparency and Digital Human Rights” a nonprofit association that develops and promotes Transparency and Freedom-Enabling Technologies. I love to spread the word of security and privacy in the information technology field, speaking at congresses and writing articles since I believe in the power of awareness. I am also a freelance author for WIRED, ICT Security Magazine, Fastweb and other magazines and active member of many associations like ISACA, CLUSIT, CSA (Cloud Security Alliance) and co-authored the “Italian information security Association Report” since 2012.

Before becoming a manager I have been an independent security researcher and I published some advisories (mostly on HP-UX), researches and the (in)famous tool Bluesnarfer.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

Bluesnarfer is a tool to basically exploit a vulnerability in the Bluetooth implementation of some mobile phones. The idea came out after the first vulnerabilities started to come out in the while. There was not a tool to exploit them easily.

What language did you develop your tool in and why did you choose that particular language?

The tool has been developed in C because it was the language I knew better at that time.

Which is your favorite hacking tool? Is it a framework?

I guess the old good Nmap is still one of my favorite so far.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I think my tool will be just a “module” of somebody else tool one day.


Tools: TestDisk

Developer: Christophe Grenier

Developer Profile:
As IT Operations Manager, I am in charge of a 15 Engineers and Technicians team. On a day to day basis, my team and I are working to provide IT services (Cloud computing) to more than 1,000 companies and 30,000 end-users.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

TestDisk has been created in 1998 to recover lost partitions.

Today it can recover data in a lot more situations. PhotoRec is born in 2002 when I bought my first digital camera to recover, if the need arose, my pictures. It can recover more than 400 file family.

I developed CmosPwd in 1998 to recover BIOS passwords stored in CMOS memory.

What language did you develop your tool in and why did you choose that particular language?

C language is good to deal with low-level disk access under MS-DOS, Windows, Linux, Mac OS X.

Which is your favorite hacking tool? Is it a framework?

pwntools is great to craft exploits to hack vulnerable binaries.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

More developers will be cool: a GUI for testdisk, a better Bruteforce mode in PhotoRec to recover fragmented jpg.


Tools: SSLsplit

Developer: Daniel Roethlisberger

Developer Profile:
As IT Operations Manager, I am in charge of a 15 Engineers and Technicians team. On a day to day basis, my team and I are working to provide IT services (Cloud computing) to more than 1,000 companies and 30,000 end-users.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I wrote the initial code that would later become SSLsplit to scratch an itch I had during my time as a pentester.

Later I polished and published it when I had the need to replace other tools that did not support modern TLS features, were not portable and abandoned by their original developers.

FakeIKEd I wrote much earlier to prove a point when I was studying at a university that at the time had an insecure group password setup.

In both cases, writing a tool not only provided me with the tool I needed but also proved to be a very valuable learning exercise.

This is also true for contributions to existing security tools that I had made in the past, such as SCTP support for Fyodor’s venerable Nmap.

What language did you develop your tool in and why did you choose that particular language?

Plain old C.

These days I also write a lot of Python and I have been developing in numerous other programming languages in the past.

For SSLsplit, the choice of using c was mostly because I wanted it to perform well, I needed to be as close to OpenSSL as possible in order to overcome some of its API design limitations from a MitM attacker perspective, and I needed to be able to access low-level APIs of different NAT engines on different platforms.

Which is your favorite hacking tool? Is it a framework?

There are so many awesome tools and frameworks out there, but I don’t have a favorite hacking tool.

Different tools are best suited for different tasks. I think it’s important to be flexible enough to pick up how to use new tools quickly, and if necessary, to be able to hack together your own if there is no tool that fits the job at hand.

If I had to name one tool that I would bring if I were to be stranded on a deserted island, it would be a Unix shell environment including a c compiler and a python interpreter.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I hope to be able to support my tools, especially SSLsplit, for as long as possible, and implement some improvements, but there is no big development roadmap. They served their purpose and I hope to keep them working as long as they are useful.


Tools: SIPVicious

Developer: Sandro Gauci

Developer Profile:
Sandro Gauci founded Enable Security in 2008.

He’s helped protect clients from hacker attacks for 15 years as an authority in information security and penetration testing. He’s written advisories and suggested fixes for Microsoft, Cisco, and Juniper Networks, among others. Sandro’s published works include topics on attacking Web Application Firewalls, VOIP (Voice over IP) systems, and HTTP sessions. His open source security tools are used by other penetration testers and security auditors, and his work is cited in published security literature.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

SIPVicious suite is a set of tools that can be used to audit SIP based mobile VoIP systems. It was created when I was testing some SIP-based PBX systems and noticed that the tools out there were not covering my needs. Various excellent friends helped me polish these tools, which were then collectively published as SIPVicious.

The aim was that other pentesters and security folks too can efficiently demonstrate basic security vulnerabilities that affect various SIP systems. WAFW00F is another tool that I, together with Wendel G. Henrique, published. It allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

It was created since, as a pentester, I was often being told, that my attacks are not effective because of WAFs. I guess I just wanted to show how obviously detectable WAFs are so that security researchers could then bypass the WAF.

What language did you develop your tool in and why did you choose that particular language?

Python which is quite a neat language and makes it easy for pentesters to rapidly develop code to demonstrate a number of attacks.

Which is your favorite hacking tool? Is it a framework?

Nmap.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Community support and contributions are welcome, especially for wafw00f.


Tools: httptunnel

Developer: Lars Brinkhoff

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

httptunnel

What language did you develop your tool in and why did you choose that particular language?

C

Which is your favorite hacking tool? Is it a framework?

Lisp

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

It’s quite stable, so there’s no pressing need for future development.


Tools: peepdf

Developer: Jose Miguel Esparza

Developer Profile:
Head of Threat Intelligence at Blueliv.

I am leading the Fox-IT InTELL team where we gather intelligence from threat actors and botnets, we analyze new malware and threats, and we warn and protect customers from them. I have experience managing a highly technical team and keeping it motivated and happy. My background is analysis of banking malware, exploit kits, vulnerabilities, etc. and design/build a malware lab from scratch.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

The tool I developed is called peepdf and it is a tool to analyze PDF files.

It all started when I was attending a Black Hat Conference talk in 2008 about PDF analysis and the guys presenting told the audience that they would release a tool that they did not release at the end. Then I thought that it was a good idea to develop it myself.

However, for several reasons, it took me a while until I released it, in 2011, and there were already more tools out there. But still, I tried to do something different, putting together all the functionalities needed when you are analyzing a malicious PDF file so the users don´t need to use 5 different tools for that.

This plus the good feedback, the fact that it was developed in Python (cross-platform) and that it was doing some things other tools were not doing was a good motivation to continue dedicating time to it.

What language did you develop your tool in and why did you choose that particular language?

peepdf is written in Python. I chose that language because at that time I was more familiar with it, it was easy and fast to develop and there was a big community supporting it.

My tool did not need high performance at that time so it was a good option.

Which is your favorite hacking tool? Is it a framework?

That’s a difficult question…It really depends on the task you want to do. I am more familiar with tools related to the malware and threat analysis, so I tend to like debuggers and disassemblers like IDA Pro, radare, OllyDbg. If we are speaking about pen-testing and exploiting Metasploit is a great framework that can be extended with your own modules too, so I would choose that one.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Maybe this sounds quite unrealistic, but I would like to reach a point where the tool is completely stable and robust, so just new features need to be added. There are a lot of things to do like improving the performance, support some more PDF specifications, full support for JSON and maybe in the future being able to extend the functionality with custom commands the users can develop.


Tools: snmpcheck

Developer: Matteo Cantoni

Developer Profile:
I’m employed as security analyst. My jobs include network security, penetration testing, policy auditing, vulnerability research, forensic analysis of a compromised system, DDos mitigation and IP lawful interception.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I developed snmpcheck, a tool useful to automate the process of gathering information on any devices with SNMP protocol during a penetration test.

What language did you develop your tool in and why did you choose that particular language?

At first in Perl, later it was rewritten in Ruby being more powerful.

Which is your favorite hacking tool? Is it a framework?

Metasploit.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Keep it updated by incorporating new functions. The ideal goal is to become a valuable tool in every penetration test activity.


Tools: diStorm, diStormx

Developer: Gil Dabah

Developer Profile:
Gil is an Entrepreneur, Manager, Programmer, Reverser and more! He is also a Senior Director and Head of SW Security at Magic Leap.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

diStorm and diStormx.

What language did you develop your tool in and why did you choose that particular language?

C. Because it’s a very strong language and can be easily ported to so many other platforms. As diStorm supports to be compiled to many target architectures. In hindsight, it could have been C++ also. C felt cleaner to me for this specific tool. Also, I wanted speed hence the choice.

Which is your favorite hacking tool? Is it a framework?

Probably IDA.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I’m really past that tool already. I am happy to see people use it. I started it for fun to learn how the x86 and x64 architectures work, and it was a really great experiment.

After I finished the first version, I decided it’s time to publish it and I got great feedback and many people and companies around the world use it.

It was very important for me to have high standards there, like performance, memory and disk footprints, clean and documented code, lots of documentation and support for other platforms and bindings for many other languages. I wish more people have contributed to it with new instruction sets.


Tools: Kautilya

Developer: Nikhil Mitta

Developer Profile:
Nikhil Mittal is a hacker, infosec researcher, speaker, and enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post exploitation research. He has 7+ years of experience in Penetration Testing for his clients which include many global corporate giants.

He is also a member of Red teams of selected clients. He specializes in assessing security risks at secure environments that require novel attack vectors and “out of the box” approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation.

He is the creator of Kautilya, a toolkit that makes it easy to use HIDs in penetration tests and Nishang, a post-exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held training and boot camps for various corporate clients (in the US, Europe, and SE Asia), and at the world’s top information security conferences. He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest, HITB and more.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

Kautilya, which is a tool that makes it easy to use Human Interface Devices in penetration tests.

I created this tool during a red team engagement years ago when I was asked to run a social engineering campaign to test security awareness of a client’s employees. The client had mass storage devices blocked in its environment and that is when I created Kautilya.

Using HID for security testing was already public knowledge, I just created (hopefully) an easy to use tool for that. Nishang – A tool that makes it easy to use PowerShell during red team engagements and penetration tests.

I created this tool as most of my existing payloads were getting detected during penetration tests. I also wanted to have some custom post-exploitation scripts on Windows boxes outside the Metasploit framework.

What language did you develop your tool in and why did you choose that particular language?

I used Ruby for Kautilya as I was comfortable with it. I used PowerShell for Windows payloads of Kautilya and developed Nishang completely in PowerShell as it is available by default on all modern Windows boxes and provides access to Windows API, .Net, WMI, Registry, FileSystem and other boxes on the network.

Which is your favorite hacking tool? Is it a framework?

PowerShell. It is a Windows scripting language.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Make the tools more useful for the community which enables me to learn new and interesting things.


Tools: mitmproxy

Developer: Aldo Cortesi

Developer Profile:
I make software, break software, and make software that breaks software. You can find my various projects here. The most widely used tool I work on is mitmproxy.

Aldo is also the CEO at Netograph.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

[I built] mitmproxy [which can] inspect and tamper with traffic from mobile and embedded devices. The tool has since grown to be useful in a wide variety of other circumstances too.

What language did you develop your tool in and why did you choose that particular language?

Python – it’s a good, general high-level programming language with a mature library ecosystem.

Which is your favorite hacking tool? Is it a framework?

Everything I do relates to or is underpinned by code.

My favorite hacking tool – the only thing without which I absolutely couldn’t do my job – is a good, productive programming language.

For quick scripts, I use Python, for network services and places where a bit more heft is required I use Go.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

The next steps for mitmproxy is to solidify general TCP interception, work on fostering an addon ecosystem, and mature our web interface.


Tools: DotDotPwn

Developer: Christian Navarrete

Developer Profile:
My name is Christian Navarrete and I am a Security Researcher from Mexico. My core skills are related to Pentesting, Ethical Hacking, Reverse Engineering Malware Analysis and Vulnerability Research.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

The tool’s name is DotDotPwn.

The idea behind the tool became a long time ago while I was performing pen testing on Web applications. I realized that some of the parameters passed to certain pages were including files and such files were requested from the file system to then later, being displayed on the screen.

I recall Directory Traversal vulnerabilities and then I decided to use some of the regular traversal payloads and luckily it worked. I started to think about how many other methods exist to take advantage of this vulnerability type and here is when I started researching Directory Traversal vulnerabilities in deep.

Sometime later, I came back to re-test the security fixes provided by the development team and of course, didn’t work, but when trying a different set of payloads it worked – again. Here is where I said. “Man, that was Dot-Dot Pwn!” and that’s why the name.

I was more interested in what’s next and then after more research on the topic, I realized that this type of vulnerability affected not only web-based applications but also network software – and even not-networked software – that can suffer from the same problem. After that. I was wondering how to perform – in an automated fashion – a complete (tons of payloads and customizations) discovery of Directory Traversal vulnerabilities in any software or web application that performs calls to the file system in any way.

My first attempt was to do it by supporting HTTP and FTP servers.

The first version (1.0) was released in August 2010, then after some talks with my friend Alejandro Hernandez (@nitr0usmx) he decided to join the coding effort and started to work on version 2.0, which was released soon after the previous one. 2.0 introduced new protocol support as well as flexible parameters to configure the scans.

After that, several enhancements and modules were included as well and then version 2.1 was released at the BugCon Security Conference in October 2010. For 3.0 we had two major dates, the first one was the BETA release which was at the Black Hat USA – Arsenal and a live demo at Campus Party in Mexico.

The official 3.0 release was at the BugCon Security Conference in February 2012. I thought that it would be very interesting to share the tool with the community and then I decided to contact the BackTrack Linux staff to request a tool added to the distro.

Voting for the tool was in place in the tool section of their forum and after a couple of days, we received their answer that the tool was accepted and that will be included soon and it was ready for BackTrack R2. Now, the tool is included in Kali Linux and recently also added to the BlackArch Linux, an Arch-based distro.

The feedback from many people was great and in March 2013 started more code contributions from some twitter followers and also the main repo was created on Github. Since then, new features and support were introduced thanks to such contributions that have been playing a crucial role in the evolution of the tool. The tool became very popular in the community and we started to find that some Internet magazines and a research paper mentioned the tool.

In September 2014, the OWASP Testing Guide v4.0 mentioned the tool under the tool section for Testing Directory traversal/file include (OTG-AUTHZ-001). During testing of the tool, we released 9 security advisories and we heard that many other people discovered vulnerabilities using this tool as well.

What language did you develop your tool in and why did you choose that particular language?

At that time, I was basically playing a lot with Perl, that was my first scripting language so I decided to write it using it. There’s no particular reason for the language, but we are planning to rewrite the tool in Python, which will be including new enhancements and fixes.

Which is your favorite hacking tool? Is it a framework?

I am a very very old school and I like such a way as of today.

My best “Framework” includes a HEX editor, ASCII table, Compiler/Interpreter, Disassembler, Debugger, the Internet and for sure a great brain. I usually don’t use frameworks or at least, I try to not rely entirely on them. I see Frameworks as a compliment, and for sure Metasploit will be on that list too. Nowadays, people rely too much on using Frameworks, but I think that there are cases where certain customization will be required at a certain point.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

We have had very good cooperation in the shape of code contributions and I think that with the upcoming additions to the tool will create more interest of more people to contribute to the project.


Tools: HexInject

Developer: Emanuele “crossbower” Acri

Developer Profile:
I’ve always been a very reserved guy, not linking to be in the spotlight. Our society is now inextricably tangled with the “cyber” world: manipulating the virtual deeply affects the real. This may be the motive I approached the security field: being able to uncover the weaknesses and the assumptions that lie under our reality. For the same reason, I find much more pleasure in dealing with the low-level aspects of networks and programming. My tools reflect this attitude.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

HexInject and the Complemento Suite are both tools to manipulate networks at a very low level. HexInject makes it very easy to inject and sniff frames and packets on a network. It has been created to facilitate and extend the possibilities of the user: for example, it only deals with the annoying things of injecting packets on a network (such as calculating checksums for injected packets) leaving all the creativity of the user unconstrained.

It is also designed to easily cooperate with other tools the user may already use. Complemento is similar, but more focused on specific weaknesses of networks and OS’ protocol stacks. A different tool, but still reflecting my preference for the low-level, is Cymothoa.

It is a stealth backdooring tool, that injects backdoor’s shellcode into an existing process. It also allowed me to try some different approaches to backdooring, for example, the possibility of executing a parasite inside a process, without forking it but simulating an internal scheduler.

What language did you develop your tool in and why did you choose that particular language?

I do not have a favorite programming language, but I prefer languages that have a simple, but flexible core, C for example.

These languages tend to be portable to many systems, and do not have many dependencies. In the security fields, you often face very restricted and exotic systems, so you need languages that adapt easily.

Which is your favorite hacking tool? Is it a framework?

You do not need much more than a UNIX-like operating system, with a compiler and a scripting language, to carry out more of the 80% of the penetration testing work. There are of course some great tools out there, that really simplify many tasks. For example, I like sqlmap very much, because is a very smart tool, that learns a lot of things on the target, without asking too many questions to you.

It is a tool that extends your possibilities, without limiting your creativity. Metasploit is also great, but I find framework a bit overkill to me, and they force you to think in a constructed way. I tend to use smaller, more focused tools.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

The ideal is to develop a tool that is a perfect extension of the mind of the user. This is not easily done, but often involves not only the features that should be implemented but also those that should be left out. This quote is very inflationary, but nevertheless is true, especially in our over-complex today systems: “Perfection is finally attained not when there is no longer anything to add, but when there is no longer anything to take away.”


Tools: findmyhash, Oauzz & Iker

Developer: Julio Gomez Ortega

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

The three most important tools I’ve developed are findmyhash (a script that uses online resources to crack password hashes. The idea came when I was tired of wasting hundreds of hours brute forcing hashes and I thought about using commercial rainbow tables, some of them accessible from the Internet); Oauzz (a fuzzer to analyze the security of Oauth based applications); and iker (a script that automates most of the tests that are usually carried out during a IPSec assessment).

What language did you develop your tool in and why did you choose that particular language?

I use Python because it’s a multiplatform language and very easy to use in scripting.

Which is your favorite hacking tool? Is it a framework?

Nmap, sqlmap and Metasploit.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Although I worked in version 2.0 of findmyhash (and it is almost finished), it never was published. The version 2.0 was a full framework of password cracking, implementing cracking algorithms and connecting with external tools such as John The Ripper.


Tools: multimon-ng

Developer: Elias Oenal

Developer Profile:
I’ve always been a very reserved guy, not linking to be in the spotlight. Our society is now inextricably tangled with the “cyber” world: manipulating the virtual deeply affects the real. This may be the motive I approached the security field: being able to uncover the weaknesses and the assumptions that lie under our reality. For the same reason, I find much more pleasure in dealing with the low-level aspects of networks and programming. My tools reflect this attitude.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I started multimon-ng in 2012 when I first got into SDR (Software Defined Radio).

Scanning the spectrum for signals I noticed pager communications and was disappointed to learn there wasn’t an easy way to decode such data on Linux.

I tried multimon which came bundled with Debian, yet the project had been unmaintained for many years and the 64-bit builds were completely non-functional. In turn, the initial work was focused on fixing bugs and porting it to different operating systems, like Windows and macOS X. Once I got the basics working again, others joined the development and helped me to extend the functionality greatly.

What language did you develop your tool in and why did you choose that particular language?

I’m not sure whether I have a favorite, but working with a lot of hardware I am quite fond of the open-source signal analysis software sigrok.

Which is your favorite hacking tool? Is it a framework?

I will say Vim and GCC, with those you can do what you need…

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I never had particular plans for multimon-ng, but I really like how it seems to develop naturally according to people’s demands. It has been used for anything from decoding firing sequences of professional pyrotechnics to satellite communications.


Tools: Kismet

Developer: Mike Kershaw

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

[I created] Kismet, [which is a] wireless packet capture, IDS tool – Kismet started as a fork of the original Airsnort, hacked to display SSIDs.

There were only a handful of wireless cards at the time (2001/2002) and they had incompatible packet formats, so it made sense to write a tool with a common processing layer and multiple input layers, and it’s just grown since then.

After some time off while being swamped with Real Work, Kismet development has kicked back up, with new methods for storing the data and a new shiny web UI and scriptable REST interface, and the ability to easily capture other protocols that aren’t 802.11 based.

Which is your favorite hacking tool? Is it a framework?

Kismet is written in C++ – at the time, the processing and memory cost incurred by a fully interpreted system would have been too high (originally running on 200 – 500mhz systems with 64 or 128 meg of RAM). C++ incurred a memory cost as well (template expansion and C++ runtime) but much less than a fully dynamic scripting language of the day.

Today, Kismet is still in C++, but has adopted a much more flexible model for storing data with the tradeoff of some additional processing and memory, and by exporting data over REST with JSON or msgpack formats, the user interface duties can be easily moved to a web-based system, or any other scripting language presenting the UI.

Which is your favorite hacking tool? Is it a framework?

When it comes to packet analysis, Wireshark has to be the number one go-to tool.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

At this point, Kismet is old enough to get its learners a permit to drive – but the biggest changes have come in the past year with the transition to a web UI and a much more flexible system. Ultimately, I’d like Kismet to handle anything wireless – now that SDRs have become cheap, monitoring non-Wi-Fi wireless is affordable and sometimes even trivial.


Tools: Plecost

Developer: Francisco Rodriguez

Developer Profile:
Francisco is a Cybersecurity Advisor at Devo & MrLooquer Founder

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

Plecost is a WordPress vulnerabilities finder.

In early 2010, WordPress was growing rapidly.

Every day new blogs were creating and plugins count increasing every hour. In the same way, bugs and vulnerabilities were discovered, we needed a tool to scan new WordPress installations in order to detect vulnerable versions, those days we performed penetration testing in a Tiger Team and the reconnaissance phase is fundamental. The first version of Plecost was just a proof of concept developed in a few hours, Plecost first release came a few weeks later thanks to my co-worker @ggdaniel.

It included a global scan across Google looking for vulnerable WordPress plugins (this feature is no longer available).

What language did you develop your tool in and why did you choose that particular language?

Plecost is coding in Python because we were familiar with this language and we used to use it.

Which is your favorite hacking tool? Is it a framework?

Scapy

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

The ideal goal for Plecost is to create a collaborative framework to create a huge knowledge database about WordPress installations.


Tools: Intersect

Developer: Adam M. Swanda

Developer Profile:
Adam is a Principal Threat Intelligence Analyst.

Security researcher with a strong focus on cybercrime investigation, malware research and reverse engineering, and Python software development to design collections and analysis systems that aid in cyber security research and investigation tasks. Lately that development has involved various aspects of machine learning such as; classification and clustering, similarity learning, and natural language processing.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

At the time there was a large gap in tools that covered this area of penetration testing even though the actual tasks are something every penetration tester needs to do.

I built the tool [Intersect] with the idea that if I could help others automate the Linux post-exploitation process, make it freely available, and hopefully get feedback and input from the community then the professional and up-and-coming pentesting community would be better off for it.

It was also very much my way of giving back to a community that has given me some great tools I’ve used, and contributing is one of the best ways to get involved and keep the innovation and contributions going.

What language did you develop your tool in and why did you choose that particular language?

Intersect is developed in Python, primarily due to it being the language I had the most experience with at the time, and the language is very widely used among professional developers, adhoc scripters, and it is easy for beginners to understand and extend upon.

The framework itself was designed to be modular and Python seemed to allow that the best way possible.

Which is your favorite hacking tool? Is it a framework?

Veil Framework.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Intersect has not been actively developed publicly for a few years now, but ideally, I was hoping for it to be a pure Python framework for payload building, post-exploitation tasks, and provide users with a variety of communication mechanisms in a “plug and play” fashion. In 2016, I restarted the project privately from the ground up to entirely revamp the project and take my coding knowledge from the past several years to make that truly happen. Perhaps sometime in 2017 we will see this finished and released publicly.


Tools: w3af and nimbostratus

Developer: Andres Riancho

Developer Profile:
Andres Riancho is an application security expert that currently leads the community-driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.

In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.

His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andres has spoken and holds training at many security conferences around the globe, like PHDays (Moscow), SecTor (Toronto), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).

Andres founded Bonsai, web security-focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I created two very interesting tools: w3af and nimbostratus.

w3af was my first open-source tool, a web application scanner with exploitation capabilities. It was created when there were no good open source solutions for web scanning and I worked full-time doing application security testing.

Nimbostratus was the result of an AWS hacking research I did in 2014 and presented at various conferences. The tool allows an attacker to extract AWS credentials from EC2 instance meta-data and escalate privileges in the AWS account to gain root.

What language did you develop your tool in and why did you choose that particular language?

Python is my language of choice. It’s easy to code in Python, there are plenty of libraries and you can write C extensions if performance is a requirement.

Which is your favorite hacking tool? Is it a framework?

Nmap and w3af.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

I would like to see w3af grow into being an “nmap for the web”.


Tools: theHarvester

Developer: Christian Martorella

Developer Profile:
Christian Martorella has been working in the field of Information Security for the last 17 years, currently working as Product Security Engineering Lead in Skyscanner, were he focus in creating secure software in a high growth and at scale business. Previous to his current role, he was Principal Program Manager in Skype Product Security team, Microsoft, where his focus was to make sure that Skype products and services were secure from design, in order to protect more than 500 million users.

He is cofounder an active member of Edge-Security team, where security tools and research is released. Christian has contributed with Open Source Security testing and Information Gathering tools like OWASP WebSlayer, Wfuzz, theHarvester and Metagoofil, all included in Kali the Penetration testing Linux Distribution.

Christian presented at Blackhat Arsenal USA, Hack.Lu, What The Hack!, NoConName, FIST Conferences, OWASP Summits and Meetings (Spain, London, Portugal and Venice) and Open Source Intelligence Conference (OSIRA). Christian recently graduated as Master in Business Administration (MBA) at Warwick Business School, and holds multiple security certifications like CISSP, CISM, CISA, OPSA and OPST.

Can you tell us the name of the tool(s) you developed and why you had the idea to create them?

I have a few tools, but the main ones are theHarvester, a tool to perform Information Gathering about a company.

I came up with the idea a long time ago, when I was doing Penetration tests and I decided that would be good to have a tool that can search in multiple sources for data that will provide me interesting information about my target that will help me in the Pentest, like servers, hostnames, e-mail addresses, etc. and that’s how I started with the Harvester, by collecting mainly information from Google, Bing, PGP key servers, LinkedIn, DNS, Shodan, etc. The tool can be used also by the companies to see what information is on the Internet about their servers, services, and employees.

Another tool related to Information Gathering is the Metagoofil.

Here the idea came after reading a document about Metadata in Office documents, and I thought wouldn’t be nice if I could search for all public documents belonging to a company that is available on the Internet and extract their Metadata? And that’s what Metagoofil does, it performs a search in Google for Office and PDF documents in the target domain, downloads them and extracts metadata like Users that created/modified the documents, servers where the document was stored, etc, pretty interesting findings for a Penetration tester.

Finally, another tool that I created is Wfuzz. Wfuzz (currently maintained and modified by Xavier Mendez), this tool is a web application brute forcer. It basically lets you brute force any part of an HTTP request using dictionaries, ranges, etc. I decided to create this tool after using Dirb (by Ramon Pinuaga) and Burp suite Intruder; I needed something more custom and flexible than those two, and that is when I started developing my own tool for that purpose.

One of the main reasons I wrote my own tools, is that I wanted to learn in the process, understand how other tools worked and give back something to the community.

What language did you develop your tool in and why did you choose that particular language?

I started programming my tools with Perl, but soon after I discovered Python and it has been my language of choice, due to its simplicity to learn it and the number of libraries that you can find that will save you a lot of time in new projects.

Which is your favorite hacking tool? Is it a framework?

It depends on the task at hand, lately, I have been focusing on Web Application security, so my favorites in this area are Burp suite, SQLmap, Zap Proxy, and Wfuzz.

Other tools I like are Nmap and Metasploit.

How would you like to see your tool develop over time, in other words, what is the ‘ideal goal’?

Currently, my tools are in Business as usual mode, I am not creating new features at the moment, I am just maintaining them, making sure they work as expected, and maybe adding some small additions.

Ideally, I would like to see them moving to the cloud in a SaaS model.


In Summary

Let’s round everything up.

What Skills Do You Need To Develop Hacking Tools?

Computer Language (Coding) Skills

There are some clear skills that are required to develop hacking tools like the ones listed below. For example, it really helps to have some sort of programming language like the following:

  • Python definitely helps;
  • C Programming language would be a massive help.

Interestingly it seems that C is the most popular language to build these tools.

Identify A “Problem”

Another skill that you’ll need when it comes to developing tools is the ability to identify “problems” that need automated scripting. For example, if you’re a Penetration Tester and you’re on an assignment, and you notice that there’s a lack of, for example, a Social Engineering methodology or a WiFi Hacking Scan then that’s great – look at ways to create a tool that will efficiently and effectively help you with your job.

How To Make Money From Creating A Tool

The easiest way to do this is to have two versions of the tool, so you go after the “freemium” and “premium” model.

Many hacking tools follow this model; for example Metasploit and Sn1per.

Before you can start to commercialize your project though you’ll have to have a solid bug-free product that does exactly what it will say it will do. Forking the freemium project on GitHub would be quite a wise move in the sense that you can work with other developers to further improve your product and get it ready for show-time.

What Are The Benefits Of Making A Tool?

There are huge benefits to creating a popular and successful tool.

The first benefit that jumps out is the credibility-factor. Having your name associated with a popular tool, for example, one that ships with Kali Linux or another pentesting (or forensics) distro would propel your career and allow you to network with the best of them out there. Furthermore, many hacker conferences, etc all encourage presentations for the latest tools that hackers have developed.

Go for it!

Henry "HMFIC"

I'm Henry, the guy behind this site. I've been Growth Hacking since 2002, yep, that long...

3 thoughts on “Hacker Software Developers

  1. Currently my tools are in Business as usual mode, I am not creating new features at the moment, I am just maintaining them, making sure they work as expected, and maybe adding some small additions. Ideally I would like to see them moving to the cloud in a SaaS model.

  2. I started programming my tools with Perl, but soon after I discovered Python and it has been my language of choice, due to it’s simplicity to learn it and the amount of libraries that you can find that will save you a lot of time in new projects

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts