Hacking grabs headlines because it’s very easy to visualize shadowy cabals of nefarious Bad Guys perched behind glowing monitors pecking at secret sauce software that will soon cripple your network, or swipe critical corporate data.
To be clear, this does happen every day. Corporate and SMB networks are at risk at all times of being penetrated and exploited. However, with a few exceptions, hacking teams rarely conspire in the shadows. Most groups function more like businesses that rely on time-tested software to achieve tactical goals.
“Magic bullet” software does not exist. There is no single app that will be used to attack, or help defend all desktop, mobile, and IoT networks. Instead, a suite of open source and commercial software is used to map networks, sniff packets, and crack passwords. These are the most widely used exploitation tools.
1- The Social Engineer Toolkit
Humans are often the weakest link in the security chain. The Social Engineer Toolkit is a suite of apps that will send spearfishing attacks, spoof SMS messages, and mask malware as media files.
The world-famous Metasploit by Rapid7 is network penetration software for IT professionals and network managers that features updated exploit lists, as well as spearfishing, network mapping, and password brute force tools.
Nmap is a great way to map a network. The free, open source auditing tool identifies network shape, and locates firewalls, IP filters, and other network ports.
4- Cain And Abel
Need to retrieve a lost a password? Cain and Abel will sniff your network, locate password files, then crack the encryption. The decryption app works with other types of locked files, including Wi-Fi passwords and cached voice conversations.
5- John The Ripper
John the Ripper is a speedy, open source password decryption utility for Linux and Macs that can autodetect password hashes, then automatically apply a variety of attacks, including dictionary and brute force hacks.
6- Hash Suite
Hash Suite is a fast and powerful password cracking application for Windows. The software isn’t free but is reasonably priced and, for SMBs in particular, worth the investment.
Wireshark is a widely used packet sniffer that can identify, track, and visualize all network IP traffic.
Ettercap is an unambiguous, unapologetic man-in-the-middle exploitation tool that can intercept IP traffic, grab passwords, and eavesdrop on network activity.
9- Burp Suite
Need to manage your network and perform a number of security tests? Try the Burp, a comprehensive, modular, and automated network scanning application.
If you’re a network admin, you need to be familiar with how email encryption works. GnuPG, an open source security app, is compatible with most major email clients and makes the PGP learning process simple.
Ditch the kludgey Windows command line and communicate with servers and telnet securely using PuTTY, the popular, open source terminal emulator.
Maltego is a network data mining, forensics, and link visualization tool developed by security firm Paterva.
13- Kali Linux
Kali is a privacy-focused Linux distribution that’s easy to install using your Windows box and runs from a common flash drive on nearly every machine. The distribution is loaded with several hundred network administration, forensics, and penetration tools. And like the Tails OS, Kali leaves no trace of use and is hyper-encrypted.
TechGeek365 is one of the MENA’s leading technology news platforms, producing & publishing content related to technology, gadgets, cybersecurity, social media & so much more!
We’re a team of young tech savvy individuals who work towards the one goal of bringing you, our amazing readers the best quality tech articles on the internet.
If you’re a young, tech savvy individual with extensive knowledge in any of the categories we write about and would like to join our growing team of authors, then send us an email and tell us a little more about yourself! We’d love to have you on board!
Let’s put your brand in front of an audience that wants to listen! A number of advertising opportunities are available on TechGeek365, ranging from in-house custom campaigns to basic advertising solutions.
Custom campaign inquiries should be directed to: ads[at]techgeek365[dot]com