In recently, a hacking interest are being developed quickly. There are many ways as SQL-Injection, Code Injection, and so on. When a programmer writes a code, he or she should think about all of these. I am just gonna write about TOP 10 useful hacking tools and how they works because we can check our programs ourselves. It means we can find vulnerabilities and fix it.
1. Nmap
(http://nmap.org/download.html)
Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running.
2. Nessus Remote Security Scanner
(http://www.nessus.org/)
Nessus is the worlds most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
3. John the Ripper
(http://www.openwall.com/john/)
John the Ripper is a fast password cracker. Its primary purpose is to detect weak Unix passwords. Besides several crypt password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and
Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
4. Nikto
(http://www.net-security.org/software.php?id=223)
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items. Scan items and plugins are frequently updated and can be automatically updated. Nikto is a good CGI scanner, there are some other tools that go well with Nikto.
5. SuperScan
Powerful TCP port scanner, pinger, resolver. If you need an alternative for nmap on Windows with a decent interface, I
suggest you check this out, it’s pretty nice.
6. p0f
P0f can identify the operating system on:
- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
7. Wireshark
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
8. Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
9. Eraser
Eraser is an advanced security tool, which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
10. PuTTY
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4. 0r wanting to telnet or SSH from Windows without having to use the crappy default MS command
line clients.
Before, I used NMAP, Nessus, John the Ripper and PuTTy. PuTTy is also useful for SSH and Telnet connection. I think the best program is Nessus because it can show what kind of holes and bugs is in my program and what I should do. You guys should try do use yourself. I mean these programs are very useful.