Mostly tools are used to do the Vulnerability Assessment and Penetration testing of the target application or system. Generally most tools are found on github, an open source community. We will show you some common listed tools which are used by many ethical hacking experts of International Institute of Cyber Security in 2019.
This will covers tools from following areas:
Top Ethical Hacking Tools
Nmap is very popular among every pentester/ security researchers. Nmap scans server for open ports, services of any IP address. Nmap sends no. of packets & rely on responses. Nmap has no. of options to scan for any IP address. This tools has developed for different OS platforms. Nmap has also GUI version.
For downloading tool go to : https://nmap.org/
WPSCAN is used to find vulnerabilities in wordpress. WPScan finds vulnerabilities in wordpress websites. This tool is known for scanning vulnerabilities within the core version, plugins and themes of wordpress website. WPScan even finds weak passwords, users and security configuration issues that are present on web applications.
For downloading WPSCAN : https://github.com/wpscanteam/wpscan
Trape is an OSINT research tool used in tracking people & executes the social engineering attacks in real time. Trape was developed to show how large internet companies can obtain confidential information. Trape can collect information like sessions of website, services to control users through browsers without telling them. The main aim is to help government organization, researchers & companies to find cyber criminals.
For downloading trape : https://github.com/jofpin/trape
Osemdeus is an fully automated offensive tool used for vulnerability scanning and reconnaissance. It allows to run bunch of different scans together & finding vulnerability of your target. Some features which are provided by osmedeus are : subdomain scan. screenshot the target, basic recon like whois, Dig info & many other features, which are required in initial phases of pentesting.
For downloading osmedeus : https://github.com/j3ssie/Osmedeus
Metasploit is another popular used for social engineering attacks, getting reverse shell. This tools is available for all popular platforms. Metasploit comes with pre-build payloads which are used for testing. Metasploit is widely used tool & their are many contributors which have helped metasploit to grow. You can also opt out for Kali Linux where you will find metasploit to be pre-installed.
For downloading metsploit : https://github.com/rapid7/metasploit-framework
Top Digital Forensics Tools
SIFT consists different forensics toolkit based on Ubuntu OS. It includes all the tools you need in forensic of incident response. SIFT can also perform advanced investigations & responds to intrusions using open source tools. SIFT supports many different formats such as Advanced Forensic Format, RAW Formats. Some other features such as timeline from system logs. SIFT provides cross compatibility between Windows & Linux.
For downloading SIFT : https://digital-forensics.sans.org/community/downloads
X-way forensics is an advanced work environment used in computer forensics. X-ways forensics is very reliable & lightweight tool uses very minimum resources. This tool finds deleted files & offers many features that other forensics tools lack. X-ways forensics runs through USB stick on any Windows OS. X-way forensics offers disk cloning & imaging. This tool has feature to read partitioning & file system structures inside raw.
Download X-Way Forensics : http://www.x-ways.net/forensics/
The Sleuth Kit & Autopsy
The Sleuth kit comes with bunch of command line linux tools which analyze different disk images & recover files from disk images. The Sleuth kit is used to find file system data. The plug in allows to incorporate modules. Autopsy is GUI based program used to analyze hard drives & other storage devices. Autopsy has plugin architecture which helps to find modules or develop custom modules.
Download The Sleuth Kit & Autopsy : https://www.sleuthkit.org/autopsy/
Helix is an live CD based forensic suite used in incident response. It comes with many open source digital forensic tools. Helix offers hex editors, data carving, password cracking tools. This tool collects data from physical memory, network connection, user accounts, & many other features. Helix analyzes and compiles results in a reports.
For downloading helix : https://www.e-fense.com/products.php
Caine (Computer Aided Investigative Environment) is another Linux distros which contains many digital forensics tools. The later versions of Caine is based on Ubuntu Linux. Caine offers user friendly interface & optimized environment to conduct a forensic analysis. Caine offers different digital forensic tools FTKImagerLit, Hex_editor, Nirsoft & many other tools which are used to gather or recover different files.
Download Caine : https://www.caine-live.net/
Top Reverse Engineering Tools
OllyDbg is an 32 bit assembler used for analyzing different windows executable. With Ollydbg you can trace the registers, find procedures,. loops, API calls, tables & many other features. Ollydbg debugs multi thread applications. This tools supports MASM & IDEAL formats.
Download OllyDbg : http://www.ollydbg.de/
Ghidra is an popular reverse engineering tool used by NSA in analyzing suspicious or malicious executable. Ghidra is used to reversing the source code of any exe. Ghidra helps to analyze malware, bugs or viruses. Ghidra helps in giving proper understanding to reverse engineers, pentesters.
Download Ghidra : https://ghidra-sre.org/
Distorm3 is designed for fast decomposing libraries. It disassembles instructions in 32 & 64 bit modes. Distorm3 is the fastest dissembler library. Distorm3 offers clean & readable source code. Distorm3 entirely depends on C library. That’s why it can be used in Kernel modules.
Download distorm3 : https://github.com/gdabah/distorm
IDA is designed for static analysis to ollydbg & 64dbg. IDA is an cross platform dissembler. It is mostly used in professional debugging. You can use its non-commercial version in reverse engineering. For using such product commercially you have to purchase commercial license. IDA Pro offers powerful dissembler. It supports different OS’s. IDA Pro supports x86 & x64 architecture. IDA Pro contains built in debuggers.
Download IDA Pro : https://www.hex-rays.com/products/ida/
Winhex is designed for opening windows executable’s. Used as hexadecimal editor. Winhex mostly used by computer forensic investigators. Winhex consumes less memory, recovers deleted files from hard disks. Winhex is also compatible with floppy disks, CD-ROM & DVD. It supports different file formats. Winhex provides access to physical RAM & other resources.
Download Winhex : https://www.x-ways.net/winhex/
Top Mobile Hacking Tools
Kali Linux Net Hunter
Not to mention, Kali Linux most popular OS for penetration testing & also used by many security researchers. You have to install Kali Linux with Wifite for cracking WiFi passwords. Kali Linux net hunter in most android devices. Linux requires very less no. of memory resources to run.
Download Kali Linux net hunter : https://www.offensive-security.com/kali-linux-nethunter-download/
Reaver For Android
Reaver is an popular application for cracking Wifi passwords. Users don’t need any technical expertise to crack wifi password using such applications. Reaver offers easy to use features. Users can view list of access points & stations. Users can see activity of specific user. Reaver shown the AP of any manufacturer device. Saves the packets in .cap file. Sends the de-authentication to all connected users.
Download Reaver : https://forum.xda-developers.com/showthread.php?t=2456888
Dex2jar is designed to decompile the android applications. It is used to read dalvik executable.
Download dex2jar : https://github.com/pxb1988/dex2jar
apktool is another tool designed to reverse engineering Android apk files. Decodes the android apk codes closely to its native original form. Users can even modify android applications with apktool. Apktool also help in repeating the tasks.
Download apktool : https://github.com/iBotPeaches/Apktool
Wifikill is used in banning other users on same network. With wifikill you can block the users, grab traffic, showing websites of grabbed devices. Showing network names of devices. Wifikill supports above 4.x versions.
Download Wifikill : http://paranoid.me/wifikill/downloader/
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator.
He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.