Let's start with an analogy:A carpenter with many years of experience goes to a house to perform a job. He knows the tools at his disposal. When he needs to shave the bottom of the cabinet, for example, he goes to the truck and gets a belt sander. In short, he is able to use a wide range of tools to perform various tasks and make the effort he must exert much less.A "newbie" carpenter, on the other hand, isn't intimately acquainted with these tools, so he sticks to the five tools he knows and tries to do everything with them. He finds himself with an orbital saw trying to shave a little bit off of the bottom of the cabinet.As a cybersecurity professional, you don't want to find yourself with a limited knowledge of the tools that attackers are using and consequently handicapped.Let's look at some hacking tools you should learn to use. These are not necessarily the most common hacking tools. In fact, I have intentionally chosen some that I use that you may not have heard of before. Hopefully, this will help you increase your knowledge.BONUS
: While space is limited in this article, check out the Hacking Tools: For Penetration Testing
article where nearly 100 hacking tools
Shodan is like Google for hackers. There is a ton of valuable information. Open ports, webcams, refrigerators, unsecured devices, etc.
Official Website: https://www.shodan.io/
Maltego is an OSINT (Open Source Intelligence) tool for collecting data about potential targets. When you are preparing for a social engineering attack or simply want to make connections between personnel, the tool is amazing.
Official Website: https://www.paterva.com/web7/downloads.php
Mimikatz is a tool that was built for collecting Windows passwords and hashes. It’s a well-known tool and can also perform pass-the-hash, pass-the-ticket or build Golden tickets.
Official website: https://github.com/gentilkiwi/mimikatz
WiFi Phisher is one of the best hacking tools for setting up a rogue access point to gain wireless credentials during red team engagements. It has a ton of functionality and can do pretty much anything you need. Some of the captive portal configurations are just amazing.
Official Website: https://wifiphisher.org/
GoPhish was designed for creating phishing campaigns for user security awareness training. However, it can be a powerful tool for phishing and credential collection. The tools make it super easy to clone any login page or email.
Official website: https://getgophish.com/
HexorBase is a database application that was developed for auditing and maintaining several databases simultaneously. It is also able to perform SQL
queries and brute force attacks against the common database types.
Official Website: https://github.com/savio-code/hexorbase
Armitage is a fantastic Java-based GUI front-end for one of the most well known hacking tools – the Metasploit Framework. It was developed to help security professionals understand hacking and the power of Metasploit better.
Official Website: http://www.fastandeasyhacking.com/
If you want to be a master hacker, you have to learn the tools of your trade.There are a ton of hacking tools, so which ones should you start with?That's a good question. Hopefully, this article will give you a starting point so that you can diversify your knowledge and become a master hacker.Happy hacking!
Start our Ethical Hacking course >>