1. SN1PER – WEB VULNERABILITY SCANNING TOOL
Sn1per is a vulnerability scanner that is ideal for penetration testing when scanning for vulnerabilities.
The team behind the software, which is easily loaded into Kali Linux, have a free (community version) and a paid plan as well.
The tool is particularly good at enumeration as well as scanning for known vulnerabilities.
If you’re studying for the OSCP (which requires a ton of enumeration), we’d recommend that you get your head around using Sn1per.
We’d suggest using this tool in tandem with Metasploit or Nessus so that way if you get the same result then you definitely know that you’re onto something.
2.JOHN THE RIPPER – PASSWORD CRACKING TOOL
Quite frankly – this is the coolest named tool out there: John the Ripper.
Often you’ll see it abbreviated as ‘JTR’ this is an awesome bit of hacking software that is designed to crack even very complicated passwords.
John the Ripper, mostly just referred to as simply, ‘John’ is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a ‘wordlist’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks.
If you are somewhat confused between John the Ripper and THC Hydra then think of John the Ripper as an ‘offline’ password cracker whilst THC Hydra is an “online” cracker. Simple.
3.THC HYDRA – PASSWORD CRACKING TOOL
Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. Take a look at John the Ripper as well.
4. CAIN AND ABEL HACKING TOOL – PASSWORD CRACKER/ PASSWORD HACKING
Cain and Abel (often simply abbreviated to Cain) is a hugely popular hacking tool and one that is very often mentioned online in a variety of ‘hacking tutorials’.
At its’ heart, Cain and Abel is a password recovery tool for Microsoft Windows but it can be used off-label in a variety of uses, for example, white and black hat hackers use Cain to recover (i.e. ‘crack’) many types of passwords using methods such as network packet sniffing and by using the tool to crack password hashes.
Cain, for example, when used to crack password hashes would use methods such as dictionary attacks, brute force, rainbow table attacks and cryptanalysis attacks.
5. METASPLOIT PENETRATION TESTING SOFTWARE – VULNERABILITY EXPLOITATION TOOL
The Metasploit Project is a hugely popular pentesting or hacking framework.
Metasploit, along with nmap and Wireshark and probably the ‘best known’ three hacker software tools out there.
If you are new to Metasploit think of it as a ‘collection of hacking tools and frameworks’ that can be used to execute various tasks. Also – we should also add that if you have never heard of Metasploit and are interested in getting into the Cybersecurity Industry, especially as a Penetration Tester, then this is a ‘must-learn’ tool.
Most practical IT Security courses such as OSCP and CEH include a Metasploit component.
Widely used by cybersecurity professionals and penetration testers this is an awesome piece of software that you really out to learn.
Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation.