Eight Handy Security Tools for a Novice
Here is a compilation of a few tools that we need to be aware of. The power, the performance and the capabilities of these tools are limited only to the creativity of the attacker. Let's dig in to the list.
1. Maltego:
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
Following the well-defined hacker cycle, let's start off with reconnaissance tools. Maltego is a very well-known tool for information gathering. The tool comes with personal reconnaissance and infrastructure reconnaissance. With personal reconnaissance, a person is able to obtain another person's profile from the email address, name, or phone number using the search engines. The Maltego framework comes in two versions – a commercial version and a community edition. Registration is mandatory for using this tool. Only the commercial version allows saving the output from the reconnaisance. With infrastructure reconnaissance a person can get information related to subdomains and servers of a network. This information is gathered using what we call transformations in Maltego. Various transformations give results depending on the way the results are manipulated, grepped, and translated into new search queries.
2. Metasploit:
Following this, we move on to the exploitation tools. The most used exploit development framework is the Metasploit framework by Rapid 7. Initially developed as a game, it has evolved into one of the most powerful exploit development frameworks. It allows using custom exploits by using something called "porting of exploits".
Porting exploits involves taking a proof of concept exploit which just delivers some particular shellcode, commonly a calc.exe launcher or notepad launcher, and weaponizing it to be used in the framework with features. These features include things like custom payloads, encoders, and other benefits.
The Metasploit framework is not just an exploit delivery vehicle. It also contains some tools for exploit development.
It can also be used for generating offsets, writing exploits, and exploitation of different operating systems and architectures. It has various modules and exploits.
A third party extension that provides a GUI is Armitage. The commercial has its own GUI, which is not included in the community edition.
Backdooring executables can be carried out by a module named as msfpayload.
3. GHDB
GHDB stands for Google Hacking DataBase. Google is the most powerful tool for a user to perform attacks. Specially crafted words given as input to Google are named as Dorks or Google dorks. These dorks can be used to reveal vulnerable servers on the Internet. They can be used to use to gather sensitive data, files that are uploaded, sub domains, and more. GHDB can make it easier to find the right Google dorks for your needs.
Offensive Security maintains a collection of Google dorks under a section called GHDB.
4. Social Engineering Toolkit:
This tool is built into Backtrack. It presents the social engineering attacks in an automated fashion. Is it encoding of scripts, binding Trojans to legitimate files, creating fake pages, harvesting credentials? This tool is a one stop shop for all these requirements. It has the ability to use Metasploit based payloads in the attack, making the framework all the more lethal with all professional exploits from the Metasploit framework.
5. HULK – A web server DoS Tool
Brainchild of Barry Steinman, this tool distinguishes itself from many of the other tools out in the wild. According to its creator, the tool was the result of his conclusion that most tools out there produce repeated patterns which can easily be mitigated. The principle behind HULK is to introduce randomness to the requests to defeat cache-ing and host identification technologies. This is to increase the load on the servers as well as evade the IDS/IPS systems.
6. Fear The FOCA
The FOCA is a metadata harvesting tool. It can analyze meta data from various files like doc, pdf, ppt etc. From this data it can enumerate users, folders, emails, software used, operating system, and more. There are customization options available in the tool too. The crawl option allows you to search the related domain website for additional information. The meta data can be extracted from a single file or from multiple files. Thus FOCA is a great tool in the reconnaissance phase to extract information from the meta data.
7. W3af – Web application attack and audit framework
This project is a web application attack framework sponsored by the same company that makes Metasploit. W3af is used to exploit web applications. It presents information regarding the vulnerabilities and supports in the penetration testing process. It is mainly divided into two parts: core and plugins. Currently it's partnered with Rapid7, the team that maintains the Metasploit framework. There is a plugin for saving reports to disk for later reference. The plugins can be custom written. Communication between plugins can be automated.
8. EXIF Data viewers
Smartphones and digital cameras use a standard to specify additional meta data for images and sounds that are recorded using them. This standard is called Exchangeable Image File Format. Various EXIF data viewers are available. The data recorded can include details about type of camera. More importantly, they can contain the geo-location information within them. In fact, by default all smartphones have the GPS setting switched ON. This can potentially leak your location when the image was taken. The accuracy is such that the latitude and longitude will be provided when extracting the EXIF data, thus leaking possibly private information.
Conclusion
Become a Certified Ethical Hacker, guaranteed!
Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.
These are a few handy tools that a beginner in info-sec needs to be aware of. Other tools and their capabilities will be followed in the continuing articles.
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Eight Handy Security Tools for a Novice
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
