Our 2013 recommended penetration testing tools

Update for 2014 – 2015! We have a new Hacker Tools Directory! – with our Top Ten Hacking Tool here!

Click here for a full and comprehensive list of over 100 popular and commonly used pentesting tools.

This blog page you are now reading is a bit old now – so you’d be better to visit our directory since it is updated on a regular basis!


The below applies to 2013…click here for an updated hacking tools page (which is constantly updated).


Here is our recommended list of pentesting tools used by ethical hackers and penetration testers – or anyone with an interest in information security. Our list is a mix of open source and paid or licensed solutions.

We scoured the web for similar posts and made quite a long list, so what we did was we filtered the most common and popular security tools and summarized it into our top-ten.

We have to mention that since 2002, Nmap have been curating an excellent security tools list. The site they manage lists the most commonly used hacking tools and rates them. Our list is less detailed but we’d like think it is still nonetheless concise, just like our name!

OK moving on, generally speaking security tools fall into one or more of the following categories:

We are constantly amazed by the quantity, quality and communities that surround these information security tools. We’d appreciate it if you can let us know in the comments below if we have missed out a tool or service that really ought to be in this list. Enjoy!

(In alphabetical order):

1. Acunetix has a free and paid version. This hacking tool has many uses but in essence it tests and reports on SQL injection and Cross Site scripting testing. It has a state of the art crawler technology which includes a client script analyzer engine. This security tool generates detailed reports that identify security issues and vulnerabilities. The latest version, Acunetix WVS version 8, includes several security features such as a new module that tests slow HTTP Denial of Service. This latest version also ships with a compliance report template for ISO 27001. This is useful for penetration testers and developers since it allows organizations to validate that their web applications are ISO 27001 compliant.


2. Aircrack-ng is a comprehensive set of network security tools that includes, aircrack-ng (which can cracks WEP and WPA Dictionary attacks), airdecap-ng (which can decrypts WEP or WPA encrypted capture files), airmon-ng (which places network cards into monitor mode, for example when using the Alfa Security Scanner with rtl8187), aireplay-ng (which is a packet injector), airodump-ng (which is a packet sniffer), airtun-ng (which allows for virtual tunnel interfaces), airolib-ng (which stores and manages ESSID and password lists), packetforge-ng (which can create encrypted packets for injection), airbase-ng (which incorporates techniques for attacking clients) and airdecloak-ng (which removes WEP cloaking). Other tools include airdriver-ng (to manage wireless drivers), airolib-ng (to store and manages ESSID and password lists and compute Pairwise Master Keys), airserv-ng (which allows the penetration tester to access the wireless card from other computers). Airolib-ng is similiar to easside-ng which allows the user to run tools on a remote computer, easside-ng (permits a means to communicate to an access point, without the WEP key), tkiptun-ng (for WPA/TKIP attacks) and wesside-ng (which an an automatic tool for recovering wep keys).

Like most of the security tools in our list, Aircrack also has a GUI interface – called Gerix Wifi Cracker. Gerix is a freely licensed security tool under the GNU General Public License and is bundled within penetration testing Linux distributions such as BackTrack and Backbox. The Gerix GUI has several penetration testing tools that allow for network analysis, wireless packet capturing, and SQL packet injection.


3. Cain & Abel, or just Cain for short, has a reputation of being a bit of a script-kiddie tool, but it is still awesome nonetheless. Cain & Abel is defined as being a password recovery tool. This tool allows a penetration tester to recover various types of passwords by sniffing the network, and cracking encrypted passwords using either a dictionary or brute-force attacks. The tool can also record VoIP conversations and has the ability to decode scrambled passwords, discover WiFi network keys and cached passwords. With the correct usage and expertise, a penetration tester can also analyze routing protocols. The security tool does not inherently exploit any software vulnerabilities or holes, rather it identifies security weaknesses in protocol’s standards.

Students studying for IT information security certificates will use the tool to learn about APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks (often abbreviated to MITM). The sniffer features in the latest version of Cain allow for the analysis of encrypted protocols such as SSH-1 and HTTPS. The new version also contains routing protocols authentication monitors, dictionary and brute-force crackers for all popular hashing algorithms, password calculators, cryptanalysis attacks and password cracking decoders.


4. Ettercap often accompanies Cain (third in our list). Ettercap is a free and open source network security tool for man-in-the-middle attacks (MITM) on LAN. The security tool can be used to analyze computer network protocols within a security auditing context. Ettercap has four methods of functionality:

Security scanning by filtering IP-based packets, MAC-based: whereby packets are filtered based on MAC address, (this is useful for sniffing connections through a gateway). ARP-based scanning by using ARP poisoning to sniff on a switched LAN between two hosts (known as full-duplex). PublicARP-based functionality: Ettercap uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (known as half-duplex).


5. John The Ripper has the coolest name on our Concise Courses 2013 Security Pentesting Tools list! John the Ripper was written by Black Hat Pwnie Winner Alexander Peslyak. This very popular security tool, often abbreviated just to “John” is a free password cracking software tool. Originally created for the UNIX operating system, it currently works on every major operating system. By far, this tool is one of the most popular password testing and breaking programs used by information security professionals. The pentesting tool combines various password crackers into one concise package which is then able to identify password hash types through its own customizable cracker algorithm.


6. Metasploit is huge. Developed by Rapid7 and used by every pentester and ethical hacker in the world. Period. The Metasploit Project is a security project which delivers information about security vulnerabilities and helps penetration testing and Intrusion detection. The open source project – known as the Metasploit Framework, is used by security professionals to execute exploit code against a remote target machine – for penetration testing of course!

Another cool project is Metasploitable which is an intentionally vulnerable version of Ubuntu Linux built on purpose for testing security tools, like all of ones listed here, and demonstrating common vulnerabilities.


7. Nessus is another giant – a security tool that focuses on vulnerability scanning. There is a free and paid version – free for personal use. Started in 1998 by Renaud Deraison is has evolved into one of the world’s most popular security tools – particularly as a vulnerability scanner. The organization behind Nessus, Tenable Security, estimates that it is used by over 75,000 organizations worldwide.

Essentially Nessus scans for various types of vulnerabilities: ones that check for holes that hackers could exploit to gain control or access a computer system or network. Furthermore, Nessus scans for possible misconfiguration (e.g. open mail relay, missing security patches, etc.). The tools also scans for default passwords and common passwords which is can use execute through Hydra (an external tool) to launch a dictionary attack. Other vulnerability scans include denials of service against the TCP/IP stack.


8. Nmap is another massive giant of a security tool which has been around for forever and is probably the best known. Nmap has featured on many movies including the Matrix – just Google it and you’ll see what we mean. Written in C, C++, Python, Lua by Gordon Lyon (Fyodor) starting from 1997, Nmap (Network Mapper) is the defacto security scanner which is used to discover hosts and services on a computer network. To discover hosts on a network Nmap sends specially built packets to the target host and then analyzes the responses. The program is really sophisticated because unlike other port scanners out there, Nmap sends packets based upon network conditions by taking into account fluctuations, congestion and more.


9. Kismet is a wireless network detector, sniffer, and intrusion detection security pentesting tool. Kismet can monitor and sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. There are many sniffing tools out there but what makes Kismet different and very popular is the fact that it works passively – meaning that the program does not send any loggable packets whilst being able to monitor wireless access points and wireless clients. It is open source and widely used.


10. Wireshark Wireshark has been around for ages and is extremely popular. Wireshark allows the pentester to put a network interface into a promiscuous mode and therefore see all traffic. This tool has many features such as being able to capture data from live network connection or read from a file that saved already-captured packets. Wireshark is able to read data from a wide variety of networks, from Ethernet, IEEE 802.11, PPP, and even loopback. Like most tools in our 2013 Concise Courses Security List the captured network data can be monitored and managed via a GUI – which also allows for plug-ins to be inserted and used. Wireshark can also capture VoIP packets (like Cain & Able – see tool 3) and raw USB traffic can also be captured.

Summary
If you are a keen hobbyist or a professional penetration tester then you must understand how to use these tools effectively. These security tools are awesome and fun to learn and use – the folks that make them are simply brilliant programers and make the penetration testing job a lot easier to manage. What do you think? What tools do you use the most and why – have we missed any out? Let us know in the comments below!