Free Ethical Hacker Toolkit

 Free Ethical Hacker Toolkit

There are several hundred utilities for real hacking and penetration testing.
Separately, I would like to note that the arsenal of hackers cannot be replaced by any one, even a commercial scanner, therefore, for full security testing, it is necessary to use several tools.

The undisputed leader among such tools "in one box" is the Kali Linux build .

Here's a list of the most useful freeware that ethical hackers use most often:

NMAP - a port scanner, can be used as a vulnerability scanner and even a password guessing tool in case of using NSE;
OpenVAS - vulnerability scanner;
Metasploit Framework - a framework for penetration testing, containing both exploits and specialized modules (for example, to search for "shared" folders, to generate backdoors, brute-force passwords, etc.);
Burp Suite Free Edition - local proxy / scanner for analyzing the security of Web applications;
THC-Hydra - utility for guessing passwords for network services;
HashCat - utility for guessing passwords by hashes;
Ettercap - sniffer for intercepting and analyzing network traffic;
Wireshark - sniffer for intercepting and analyzing network traffic;
Aircrack-ng is a suite of utilities for testing wireless security.

There are also a lot of utilities that solve highly specialized tasks. A good list of such tools is included in the already mentioned Kali Linux build: .

Oh, that dreadful command line ...

The main problem that a specialist faces when working with such tools is that most of them have a non-trivial user interface, and often, it is just a command line and a million incomprehensible parameters. This is precisely the moment that fosters the stereotype that penetration testing is the lot of real geeks.

At NPO Echelon, we were able to solve this problem and create a product that allows comprehensive security testing without having to face a complex interface of hacker utilities. The new version of the Scanner-VS security testing complex has a convenient Web interface that allows, without leaving one workspace, to conduct:

port scanning and identification of network services;
scanning for vulnerabilities (with and without administrative privileges);
selection of passwords for various network services;
search for suitable exploits;
and, of course, generate a single report with the verification results.

Conducting security testing using Scanner-VS

Previous Post Next Post