TOP 10 Hacker Tools

Hello everyone! Today I bring to your attention a selection of tools that will be useful for a very wide range of tasks. This collection has been tested by time and is used everywhere. If you are a novice hacker and even an advanced specialist, it will not be superfluous for you to look through this list and perhaps take on board something new!

Network security tools and penetration testing tools are most commonly used by security agencies to check for vulnerabilities in networks and applications. In this article, you can find a comprehensive list of penetration testing tools that includes penetration testing in all environments.

Top 10 hacker tools for hacking, penetrating and protecting systems

1. Scanners for various tasks, penetration tests, hacking.

• OpenVAS - OpenVAS is a framework of several services and tools offering a comprehensive and powerful solution for vulnerability testing and vulnerability management.
• Metasploit Framework - A tool for developing and executing exploit code against a remote target machine. Other important subprojects include the Opcode database, shellcode archive and related research.
• Kali - Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. Kali Linux comes preinstalled with numerous penetration testing programs, including nmap (a port scanner), Wireshark (a packet sniffer), John the Ripper (a password cracker), and Aircrack-ng (a wireless LAN testing software suite)

• pig - Tool for processing Linux packages.
• scapy - Scapy: python-based interactive batch manipulation program and library.
• Pompem - Pompem is an open source tool designed to automate the search for exploits in major databases. Developed in Python, it has an advanced search engine that makes it easier for pentesters as well as ethical hackers. In its current version it searches databases: Exploit-db, 1337day, Packetstorm Security ...
• Nmap - Nmap is a free and open source utility for network exploration and security auditing.

2. Network monitoring, collection of data from open sources

• justniffer - Justniffer is a network protocol analyzer that captures network traffic and creates logs individually, can emulate Apache web server log files, track response times, and extract all intercepted files from HTTP traffic.
• httpry - httpry is a specialized packet sniffer designed to display and log HTTP traffic. It is not intended for the analysis itself, but only for collecting, processing and recording traffic for its subsequent analysis. It can be run in real time, displaying traffic as it is parsed, or as a daemon process that logs to an output file. httpry is written to be as lightweight and flexible as possible, so it can be easily adapted to different applications.
• ngrep - ngrep aims to provide most of the common GNU grep features, applying them at the network level. ngrep is a pcap capable tool that will allow you to specify extended regular or hexadecimal expressions to match the payloads of the package data. It currently recognizes IPv4 / 6, TCP, UDP, ICMPv4 / 6, IGMP and Raw over Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same way as more common tools like tcpdump and snoop.

• passivedns - A tool for passively collecting DNS records to help with incident handling, network security monitoring (NSM) and general digital forensics. PassiveDNS examines traffic from an interface, or reads a pcap file and writes DNS server responses to a log file. PassiveDNS can cache / merge duplicate DNS responses in memory, limiting the amount of data in the log file, without losing the essence of the DNS response.
• sagan - Sagan uses a "Snort like" engine and rules for parsing logs (syslog / event log / snmptrap / netflow / etc).
• Node Security Platform - Has a similar feature set as Snyk, but is free in most cases and very cheap for other kinds of cases.
• ntopng - Ntopng is a network traffic explorer that shows network usage, similar to what the popular Unix command does.
• Fibratus - Fibratus is a tool for exploring and tracking the Windows kernel. It is capable of capturing most of the Windows kernel activity - process / thread creation and termination, file system I / O, registry, network activity, DLL loading / unloading, and more. Fibratus has a very simple CLI that encapsulates mechanisms for starting a kernel event collector, installs kernel event filters, or runs lightweight Python modules called filaments.

3. Anti-intrusion and protection systems (IDS, IPS, Host IDS, Host IPS)

• Snort - Snort is an open source Network Intrusion Prevention System (NIPS) and Network Intrusion Detection System (NIDS), created by Martin Roesch in 1998. Snort is now developed by Sourcefire, where Roche is the founder and CTO. In 2009, Snort was inducted into the InfoWorld Hall of Fame as one of the "largest open source software projects of all time."

• Bro is a powerful network analysis framework that is very different from the typical IDS you might know.
• OSSEC stands for Comprehensive Open Source HIDS. Not for the faint of heart. It will take a long time to understand how it works. It is capable of performing log analysis, file integrity checking, rootkit detection, and provides real-time alert and proactive response. It works on most operating systems including Linux, macOS, Solaris, HP-UX, AIX, and Windows. There is a lot of helpful documentation to get you familiar with how it works.
• Suricata - Suricata is a high performance network IDS, IPS and network security monitoring engine. It is open source and owned by a community-based non-profit foundation called the Open Information Security Foundation (OISF). Suricata is being developed by OISF and its supporting vendors.
• Security Onion - Security Onion is a Linux distribution for intrusion detection, network security monitoring and log management. It is based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner and many more security tools. An easy-to-use setup wizard lets you create an army of sensors for your enterprise in minutes!
• sshwatch - IPS for SSH, similar to DenyHosts, written in Python. It can also collect information about the attacker in the log during the attack.
• Stealth - Provides you with a file integrity checker that leaves virtually no traces. The controller is launched from another computer, which makes it difficult for an attacker to understand the fact that the file system is checked at certain pseudo-random intervals over SSH. Highly recommended for small to medium volumes of work.
• AIEngine - AIEngine is a next generation interactive / programmable Python / Ruby / Java / Lua packet tracking engine with non-human learning capabilities, Network Intrusion Detection System (NIDS) functionality, DNS domain classification, network collector, network forensics and many others.
• Denyhosts - Successfully resists SSH dictionary brute force attacks, as well as brute force attacks.
• Fail2Ban - Scans log files and takes appropriate action against those IP addresses that show certain signs of malicious behavior.
• SSHGuard - Service security software in addition to SSH, written in C.
• Lynis is an open source security inspection and monitoring tool for Linux / Unix.

4. Network intelligence tools Honey Pot, Honey Net

• HoneyPy - HoneyPy is a low to medium interaction honeypot. It is designed for easy deployment, extending functionality with plugins, and applying custom configurations.
• Conpot - ICS / SCADA Honeypot. Conpot is a small, interactive server honeypot designed for easy deployment, modification, and expansion. By providing a set of generic manufacturing control protocols, we have created the foundations for building your own system capable of emulating complex infrastructures to convince an attacker that he has just found a huge industrial complex.
• Amun - Amun is a low interaction Python-based Honeypot.
• Glastopf - Glastopf is a Honeypot that emulates thousands of vulnerabilities to collect data on attacks targeting web applications. The principle behind it is very simple: Answer the correct answer to an attacker using the web application.
• Kippo - Kippo is a mid-tier SSH honeypot designed to log brute force attacks and, most importantly, all shell interaction performed by an attacker.
• Kojoney - Kojoney is a low interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.
• HonSSH - HonSSH is a high interaction Honey Pot. HonSSH will sit between the attacker and the honey pot, creating two separate SSH connections between them.
• Bifrozt - Bifrozt is a DHCP server NAT device that is typically deployed with one network adapter connected directly to the Internet and one network adapter connected to the internal network. What sets Bifrozt apart from other standard NAT devices is its ability to act as a transparent SSHv2 proxy between an attacker and your honeypot.
• HoneyDrive - HoneyDrive is the premier Linux distribution for honeypots. This is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS installed. It contains over 10 pre-installed and pre-configured honeypots such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low interaction honeypots, Glastopf and Wordpot web honeypots, SCPAD / ICS Conpot honeypot, Thug honeyclients and PhoneyC other.
• Cuckoo Sandbox - Cuckoo Sandbox is an open source software for automating the analysis of suspicious files. To do this, custom components are used that monitor the behavior of malicious processes while working in an isolated environment.

5. Capturing network packets. Forensics systems

• tcpflow is a program that captures data transmitted as part of TCP connections (streams) and stores the data in a way that is convenient for parsing and debugging the protocol.
• Xplico - The purpose of Xplico is to extract application data from internet traffic. For example, from a pcap file, Xplico extracts every email address (POP, IMAP and SMTP), all HTTP content, every VoIP call (SIP), FTP, TFTP, and so on. Xplico is not a network protocol analyzer. Xplico is an open source forensic analysis tool (NFAT).
• Moloch is an open source IPv4 packet capturing (PCAP) with indexing and database systems. A simple web interface is provided for viewing, searching and exporting PCAP. APIs are displayed that allow you to directly load PCAP and JSON session data. Simple security is implemented with HTTPS password support and HTTP digest, or using apache. Moloch is not intended to replace the IDS engine, but instead works with them to store and index all network traffic in a standard PCAP format for fast access. Moloch is designed to be deployed on many systems and can scale up to handle multiple gigabits of traffic per second.
• OpenFPC is a set of tools that combine to provide a lightweight full-band network traffic recorder and buffering system. The goal of the project is to enable non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing log and alert management tools.
• Dshell is a forensic analysis network. Allows you to quickly develop plugins to support network packet capture splitting.
• stenographer - A stenographer is designed to capture packets, the purpose of which is to quickly collapse all of them to disk, and then provide easy and quick access to various kinds of subsets of these packets.

6. Network sniffers for work in local and global networks.

• wireshark - Wireshark is a free open source packet analyzer. It is used for troubleshooting, analysis, software development and network communications, and training. Wireshark is very similar to tcpdump but has a graphical interface and some sorting and filtering options integrated.

• netsniff-ng - netsniff-ng is a free toolbox for Linux. Its performance gains are achieved through zero-copy mechanisms, so the kernel does not need to copy packets from kernel space to user space and vice versa when receiving and transmitting packets.

7. Security information collection systems and event management

• Prelude is a versatile security and event management (SIEM) system. Prelude collects, normalizes, sorts, aggregates, collates, and reports all security events, regardless of product brand or license. Prelude comes agentless.
• OSSIM - OSSIM provides all the features that security professionals need from a SIEM offering - collecting, normalizing and correlating events.
• FIR stands for Fast Incident Response, a cybersecurity incident management platform.

8. Encryption of traffic using VPN

• OpenVPN is an open source application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. site) in routed or bridged configurations and remote access tools. It uses its own security protocol, which uses SSL / TLS for key exchange.

9. Processing a lot of packets

• DPDK is a collection of libraries and drivers for fast packet processing.
• PFQ is a functional networking framework designed for the Linux operating system that allows efficient packet capture / transmission (10G or more), functional processing in the kernel and packets managed through sockets / endpoints.
• PF_RING is a new type of network socket that significantly improves packet capture speed.
• PF_RING ZC (Zero Copy) is a flexible batch processing framework that allows you to achieve burst rates from 1 to 10 Gbps (both RX and TX) at any packet size. It implements zero copy operations, including templates for inter-process and inter-VM communication (KVM).
• PACKET_MMAP / TPACKET / AF_PACKET - It's pretty good to use PACKET_MMAP to improve the performance of the capture and transfer process on Linux.
• netmap is a high-speed batch I / O platform. Together with its VALE soft switch, it is implemented as a single kernel module and is available for FreeBSD, Linux and now also for Windows.

10. Integrated protection systems for workstations and servers - Firewall

• pfSense is a FreeBSD firewall and router distribution.
• OPNsense is an open source, easy-to-use, easy-to-build FreeBSD-based firewall and routing platform. OPNsense includes most of the features found in expensive commercial firewalls, and more in a variety of cases. It brings a rich feature set of commercial offerings with the benefits of open source and verifiable sources.
• fwknop - Protect ports through authorization with a Single Packet Authorization in your firewall.

Categories: Hacking Tool, Linux, Port Scanner, Scanners, Windows