Tools for hacking

9 Free and Open Source Ethical Hacking Tools to Use:

There is an ocean of ethical hacking tools to choose from – the real challenge is to find the best ones for the job. These nine tools offer just a slice of the available offerings, but they are some of the most popular and most well-regarded – and all of them are free. If you’re looking for a wider range of network security tools, NMap project author Fyodor maintains a list of 125 of the top tools on SecTools.org.

 

  • Armitage

Designed as a more user-friendly front-end version for the Metasploit framework, Armitage has quickly risen the ranks to become one of the most loved penetration testing frameworks for networks and IT infrastructure.

 

Read more about Armitage and download here.

 

  • NMap

Nmap, which stands for Network Mapper is another beloved, free and open-sourced utility, serving as a network discovery and security auditing tool. It’s used to discover a networks services and hosts to create a map of the network, which it then analyzes.

 

If you’ve never heard of NMap, you’ve probably seen it, as it’s been featured as the go-to hacking tool in many movies and TV shows. But don’t take Matrix Reloaded’s word – try out the tool here and see its’ powers for yourself.

 

  • WireShark

WireShark is another industry standard, offering network protocol capture and real-time analysis. The tool gives ethical hackers a deep look into network traffic and zoom in on individual packets, and offers beginners a nice intro to TCP/IP.

 

Download WireShark here, where you will also find training materials, including info on online webcasts and in-person conferences, which may come to your area. How-To Geek also offers a nice guide to capturing, filtering and inspecting packets here.

 

  • Faraday

Faraday’s pentest environment, which recently ranked #6 on the top security tools list by ToolsWatch.org, offers a new way to perform pentesting – in an IDE. The tool is built for the analysis, indexation and distribution of the data.

 

Get Faraday’s pentest environment here.

 

  • IronWASP

Built with a bundle of other security modules integrated, IronWASP is a web app security scanning system that detects over 25 common vulnerabilities with the ability to add custom scanning tools for your own security testing needs. Its’ simplicity makes it a great tool for beginners, as well.

 

Download IronWASP here.

 

  • Drozer

Android apps are becoming more mainstream in organizations, and more organizations are building Android apps. Security is a major concern when it comes to the Android platform, and Drozer can help mobile ethical hackers find the weak spots in Android apps.

 

Read more about Drozer and download the tool here.

 

  • Clutch

While Android apps are notoriously vulnerability-ridden, their Apple counterpart has enough issues of its own. Use Clutch to decrypt iOS apps and see if any security vulnerabilities exist.

 

See this post from Digital Forensics Tips for a handy guide on using Clutch to decrypt iOS apps, and get Clutch here.

 

  • BeEF (The Browser Exploitation Framework)

A pentest tool designed specifically for web browser vulnerabilities, including those within mobile environments, BeEF was created to assess target environments using client-side attack vectors.

 

Download BeEf here, and read more on the Github Wiki here.

 

  • Social Engineering Toolkit

We already noted that ethical hackers won’t only be testing networks, systems and applications. They’ll also need to test the security awareness of employees. The Social Engineering Toolkit, or SET for short, is a tool with multiple attack vectors, all specifically designed for social engineering.

Possible uses include spear-phishing, malicious USB attempts, and various types of web app attacks – all aimed at helping find the weak spots in your employees. SET even integrates into Metasploit for an even wider range of functionalities.