Aircrack-ng: Wireless WEP/WPA cracking utilities
Aircrack-ng is a complete suite of tools to assess WiFi network security.
Monitoring: Packet capture and export of data to text files for further processing by third party tools
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
Testing: Checking WiFi cards and driver capabilities (capture and injection)
Cracking: WEP and WPA PSK (WPA 1 and 2)
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.
BeEF: Browser Exploitation Framework
Penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.
BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.
BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Operating System: Mac OSX 10.5.0 or higher / modern Linux. Ruby 2.3+ and Gems. SQLite 3.x. Node.js 6+.
Burp Suite Community Edition: Graphical application web application security
Burp Suite Community Edition is a feature-limited set of manual tools for exploring web security. Proxy your HTTPS traffic, edit and repeat requests, decode data, and more.
For the best experience, use a machine with at least 8 GB of memory and 2 CPU cores. If you are performing large amounts of work, or testing large or complex applications, you may need more memory than this.
If you're a newbie it is highly recommended to join PortSwigger's Web Security Academy.
Hydra Parallelized Login Cracker
Hydra supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.
Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.
Maltego uses Java and runs on Windows, Mac and Linux operating systems. The Client requires at minimum of 4GB of RAM. Any modern multi-core processor (i3 or above) will have more than enough processing power. 4GB of disk space. KVM w/1080p display.
Metasploit gives you insight that’s backed by a community of well over 200,000 users and contributors: It’s the most impactful penetration testing solution on the planet. With Metasploit you can uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.
Simulate real-world attacks to find your weak points before a malicious attacker does. Metasploit seamlessly integrates with the open-source Metasploit Framework, giving you access to exploitation and reconnaissance modules to save you effort and accelerate testing. Use attacker techniques to evade antivirus, find weak credentials, and pivot throughout the network.
Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit can run brute-force attacks against over 15 account types, including databases, web servers, and remote administration solutions.
The most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. This course is a perfect starting point for Information Security Professionals who want to learn penetration testing and ethical hacking, but are not yet ready to commit to a paid course. We will teach you how to use Metasploit, in a structured and intuitive manner. Additionally, this free online ethical hacking course makes a wonderful quick reference for penetration testers, red teams, and other security professionals.
If you enjoy this free ethical hacking course, we ask that you make a donation to the Hackers For Charity non-profit 501(c)(3) organization. A sum of $9.00 will feed a child for a month, so any contribution makes a difference.
Nikto2 Command-line Vulnerability Scanner
Nikito scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received.
Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
Any system which supports a basic Perl installation should allow Nikto to run. Windows (using ActiveState Perl and Strawberry Perl). Some POSIX features, such as interactive commands may not work under Windows.
Mac OSX and Various Linux and Unix installations (including RedHat, Solaris, Debian, Ubuntu, Kali, etc.)
NIST Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover
5 functions provide top-level descriptions of the cybersec dev process.
The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
It will assist in determining which activities are most important to assure critical operations and service delivery. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity.
By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization. That includes improving communications, awareness, and understanding between and among IT, planning, and operating units, as well as senior executives of organizations. Organizations also can readily use the Framework to communicate current or desired cybersecurity posture between a buyer or supplier.
Nmap: Network Mapper
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
OWASP Offensive Web Testing Framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.
See the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas.
Demonstrate true impact despite the short timeframes we are typically given to test. The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.
This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.
OWTF is developed on Kali Linux and macOS but it is made for Kali Linux (or other Debian derivatives). OWTF supports Python3. Homebrew required for OSX.
Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.
A bootable Linux environment designed to make life easier. Tools useful when examining mobile malware. Tools to forensically acquire and analyze data. Supporting security assessment of mobile apps.
Tsurugi Linux is a heavily customized Linux distribution based on Ubuntu 16.04 LTS version (64-bit with a 5.4.2 custom kernel) and is designed to support DFIR investigations, malware analysis and OSINT activities. Since 2019 has been added also a special section dedicated to computer vision investigations with many custom tools.
Two repositories (master and development) have been created to be able to deliver bugfix, improvements and custom updates. Other security updates are guaranteed by officials Ubuntu repositories. The main idea behind the Tsurugi Linux project is about simplicity as far as the topics can be really complex, however basic Linux skills are mandatory to be able to work correctly and make the most of it.
Minimum requirements: 2 GHz dual core processor or better. 4 GB system memory. 30 GB of free hard drive space.
Wireshark Network Protocol Analyzer
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
Deep inspection of hundreds of protocols, with more being added all the time. Live capture and offline analysis. Standard three-pane packet browser. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility. The most powerful display filters in the industry
Rich VoIP analysis. Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others.
Capture files compressed with gzip can be decompressed on the fly. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform). Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.
Coloring rules can be applied to the packet list for quick, intuitive analysis. Output can be exported to XML, PostScript®, CSV, or plain text. Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others.