7 top Hacker tools and software gadgets


Batman! Probably the Superhero with the most gadgets and tools. Without his numerous tools, he’ll probably won’t raise his shoulders high in the mist of fellow Heroes.




Same is said of a Hacker lad. Without the hacker tools, there’s very little he/she can do. There’s a saying that says; “a Hacker is as good as his tools”.


If you absolutely know nothing on hacking, then you'd be needing a beginners' guide.


This article tries to do justice to some of the gadgets a hacker should have in his toolkit, covering perhaps the favourite pentesting tools as used by various types of Hackers and geeks.


NOTE: Most of these gadgets ship with common pentesting Linus distro’s like BackBox or Kali Linux, so I think it proper you install a Linux hacking box.


Alright! In no specific order, below is the list of hacker tools I’ve compiled.




Disclaimer; post contains affiliate links.

  1.  THC Hydra(password cracking tool)

THC HYDRA Hacker tools and software gadgets

Most times abbreviated to simply Hydra. This is perhaps one of the most popular password cracking tool, topping it with a very experienced development team.


THC Hydra uses a dictionary or brute force attacks when trying various login combinations on a login page. This is basically a very fast and flexible login cracker which supports plenty of protocols.


Plus new modules are pretty easy to add. This tool is completely FREE and can be downloaded.


Features of THC Hydra hacker tool

This tool currently supports;

Ø  SOCKS5

Ø  VNC

Ø  POP3

Ø  IMAP

Ø  CVS

Ø  Cisco AAA

Ø  Cisco auth

Ø  Cisco enable

Ø  SSH2

Ø  TELNET

Ø  FTP

Ø  HTTP-GET

Ø  HTTP-HEAD

Ø  HTTPS-GET

Ø  HTTP-PROXY

Ø  LDAP2 and lots more



2. OWASP ZED(web vulnerability scanner)

OWASP ZED Hacker tools and software gadgets


If you’re relatively competent in Cybersecurity, then it’s highly likely you’re quite familiar with OWASP ZED, being one of the most popular OWASP projects.


When used as a proxy server, the ZED allows you to manipulate pretty much all the traffic that goes through it, including https traffics. Cool right?


This is largely considered as being the guide of web security. The OWASP ZED is an efficient hacking tool that finds vulnerabilities in web applications. The best part is that it can be used by both professional penetration testers and those new to application security.


Features of the OWASP ZED

Some of the built-in features of this hacker tool include;


Ø  Automated scanner

Ø  Passive scanner

Ø  Forced browsing

Ø  Fuzzer

Ø  Intercepting proxy server

Ø  Traditional and AJAX web crawlers

Ø  WebSocket support

Ø  Scripting languages

Ø  Plug-n-hack support


The architecture is plugin-based, and it also contains an online marketplace which allows updated features to be added. Plus its totally free.


I’d totally recommend you adding this to the list of your gadget.


3. NMAP(network mapper)

NMAP Hacker tools and software gadgets


The network mapper, a popular open source hacker tool mainly used for security auditing and network discovery, thus building a map of the network.


The tool uses IP packets to determine the hosts available on a network and the kind of services those hosts provide data about.


One of the core benefits of using NMAP is that you’ll be able to determine whether or not the network is in need of patching. There’s another version of this tool called Zenmap. This is actually the GUI version of NMAP, both performing almost the same.


I’d say; first learn NMAP, since it’s easier for beginners to learn. You can choose to move over to Zenmap when you feel like it.


NMAP is a multipurpose gadget which can function on many different OS including; BSD, Linux and Mac.

Features of NMAP


Ø  Port scanning

Ø  Version detection

Ø  OS detection

Ø  Host discovery

Ø  Scriptable interaction with the target

Ø  Auditing the security of a firewall

Ø  Network mapping

Ø  Finding and exploiting vulnerabilities in a network


How the result is reported


NMAP provides 4 output formats which are all saved to a file. All but the interactive output. Let’s take a look at different ways NMAP gives its output;


Ø  XML: This is a format that is processed by XML tools. Using XSLT, it can be further converted into an HTML report.


Ø  Interactive: Presented and updated when you run NMAP from the command line.


Ø  Normal: This is the output you see while operating NMAP from the command line.


Ø   Grepable: This is the output that is shaped to line-oriented processing gadget i.e awk, sed or grep.


Ø  Script kiddie: This is an amusing way to format the interactive output. In this type of output, you replace letters with visually alike number representations. E.g Interacting ports becomes int3eract1ng p0rtz


 4.  Keyllama USB Keylogger tools


Keyllama USB Keylogger

Arguably the most undetectable software out there, the Keyllama USB Keylogger is definitely the flash drive you don’t want anywhere near any of your computers.


As one of the leading names in Keyloggers, the Keyllama is used in settling legal matters where reliability is absolutely crucial. They centre on hardware-centric method, not relying on any software to carry out any hack, and activates immediately it is plugged in.


The Keyllama tool comes with a 16mb, 8mb or 4mb storage types. Topping it with an extremely low failure rate and is capable of storing quite a lot of data(not minding the storage size).


The coolest stuff about this Keylogger is that it can easily be inserted into wireless keyboards as well.

Design

Hacker tools and software gadgets

This cool hacker tool is designed to be discreet; appearing not more than a tiny USB memory key(it extends 1.8” from the back of your computer/machine).


I’d say it is the most minimalist looking keylogger on the market right now.

Security


This Keylogger assesses the data being transmitted by the keyboard, records all of it, then pushes the information back to the computer. There is utterly no way the software can detect this tool.


You’ll be needed to choose a password when you’re first setting it up. This password, however, isn’t just to allow you to access data, but also to set up a complex encrypted algorithm.


This is so, in the event that someone manages to get their hands on this Keylogger, they absolutely wouldn’t have any idea what information was inside. It’ll completely look like gibberish.


This is essential for hackers, as it combines swiftness and reliability. 


You can check it out right here on Amazon.


5. Metasploit penetration testing software

metasploit top Hacker tools and software gadgets


If you’re new to Metasploit, then think of it as a list of hacker tools and frameworks used to execute various tasks.


Metasploit along with NMAP is probably the two most common hacking software out there. This software is a must learn if you’re interested in venturing into penetration testing.


IT security courses such as CEH and OSCP always include a Metasploit component. Metasploit is a project that provides you with crucial information regarding computer security vulnerabilities and helps devise IDS testing and penetration testing strategies.


The Metasploit runs on Unix and Windows, but the easiest way to use this tool is to get a penetration testing arsenal that includes the Metasploit framework such as the OS, Kali Linux.


Metasploit framework


The steps for exploiting a system using the framework includes;

Ø  Choosing and setting up an exploit.

Ø  Optionally checking if the proposed target system is prone to the chosen exploit.

Ø  Choosing and setting up a payload.

Ø  Choosing the encoding method.

Ø  Executing the exploit.


This method, allowing the blending of exploits to any payload is the main driving factor of the Framework. It facilitates the task of payload writers, exploits writers and attackers.


One can’t really explain everything there is on this subject. There’re tons of good Metasploit information on the net, but probably not as good as this book, as it is well written and guides perfectly.

You'd probably need to know some list of hacker terms.

6. John the Ripper(hacker password cracking tool)

john the ripper hacker tools and softwares gadgets


The coolest name yet for a Hacker software. Often abbreviated as ‘JTR’, or called just ‘John’, this piece of software is designed to crack very complicated passwords. This tool is very similar to THC Hydra.


John is a common password cracking pentesting tool that is used mainly when performing a dictionary attack. It combines various password crackers into a single package, includes a customizable cracker and autodetects password hash types.


This free password hacking software was first created for just the Unix OS. It now runs on 15 other platforms, 11 of which are architecture-specific versions of Unix.


The JTR runs against plenty encrypted password formats, including different hash types crypt password. These are commonly found on the Windows NT/2000/XP/2003 LM hash, Unix versions and the Kerberos AFS.


If you’re a bit confused between THC Hydra and John the Ripper, then think of JTR as an offline password cracker, while Hydra is an online cracker.


7. Cain and Abel Hacking software


cain and abel hacker tools and software gadget

Often abbreviated as Cain, this is a password recovery tool for Windows. It’s able to recover many types of passwords using techniques such as cracking various password hashes(using dictionary attack), network packet sniffing, cryptanalysis and brute force.


This hacking tool is often mentioned in variety of hacking tutorials. Cain and Abel were primarily built as a password recovery tool for Microsoft, but it can also be used in a variety of uses.

Some features of Cain and Abel


Ø  WEP cracking

Ø  Calculating hashes

Ø  Revealing password boxes

Ø  Uncovering cached passwords

Ø  Ability to record VoIP conversations

Ø  Dumping protected storage passwords


Stopping here doesn't give accolade to the several hacking tools and software out there. Some great ones weren't named due to them having very similar characteristics with the above mentioned.

Nevertheless, let's check out the other tools worth mentioning, shall we?


  • Wireshark(web vulnerability scanner)

  • Aircrack-ng(password cracking tool)

  • Nikto website vulnerability scanner

  • Maltego(Digital forensics)

  • DS logic pro(logic analyzer)

  • oclHashcat(password cracking tool)

  • Nessus vulnerability scanner

  • Social Engineering tool kit(framework for simulating multiple types of attacks)

The list goes on and on. 


Subscribe to my mailing list

* indicates required

how to hack a wifi password using kali linux


Frequently asked question online, how to hack a wifi password! Most people will probably answer by referring you to funny phone apps lol. I’m not gonna do that, instead, I’ll share with you a better and more efficient way of pulling off this hack; How to hack a wifi password and get connected using Kali Linux.


Plus this method is a bonus since it exposes you a little to the hack hood.


I didn’t want to give you, my audience what you can easily find elsewhere on the net, so I went to work and manipulated some commands using Kali.


I’m sure you’re quite familiar with and already installed Kali Linux, if not, you’re in luck because I’ve pretty much covered it here.


The purpose of this particular attack is to capture as many traffic as we can get using airodump-ng. Each data packet has an associated 3-byte Initialization Vector called IV’s.

The goal after the hack is initiated is to obtain as many encrypted IV’s as possible, then use aircrack-ng on the captured file to reveal the password.


Don’t know much about hacking? Worry not bro/sis, because we’re gonna do it together.




Get your computer.



STEP 1


The very first thing we’ll need to do is to verify the router configuration. Normally we wouldn’t have this option in a real penetration test, but we got some flexibility since we’re operating in a home lab.


For the purpose of this tutorial, the passphrase Cisco123 is used in the lab access point to secure the wireless network with WPA2-PSK.


Use any wireless router to set up your wireless lab.

Setup an old router, log in and set it up as WEP, so wireless security can use it as a test router.

Connect your phone or any other device to its wireless. This is so to capture the encrypted data between the two.



STEP 2


The iwconfig command will show all wireless cards in any system. We'll use a RealTek wireless card(this is a Linux plug and play wireless card).


The operating system will recognize a wireless interface called Wlan0

how to hack a wifi password using kali linux




STEP 3


The next step we’ll make is to enable the wireless interface. This is done using the ifconfig wlan0 up command.

how to hack a wifi password using kali linux



STEP 4


Now, you need to know the specific wireless network your wireless card sees. So carry out the iwlist wlan0 scanning command.

how to hack a wifi password using kali linux

This command instructs the wireless card to reveal all wireless networks in your area.
You’ll clearly see in the below image that it found my target network; wireless lab.


It found also the MAC address of my access point; 0E:18:1A:36:D6:22. It’s important you note yours’s because you’d want to limit your attack to a specific access point to ensure you’re not breaking into anyone’s password(Illegal bruh).



Also, note the fact that the AP is transmitting on channel 36. This is important because it allows you to know what wireless channel you’ll want your wireless card to capture traffic from.

how to hack a wifi password using kali linux



STEP 5


Change the wireless card to monitoring mode. This allows the wireless card to check all the packets available.


You can do this by creating a monitor interface using airmon-ng. Issue this command to verify that airmon-ng sees your wireless card.


Create the monitor interface by writing the command; airmon-ng start wlan0

how to hack a wifi password using kali linux



Run the ifconfig command to verify that the monitor interface has been created.

how to hack a wifi password using kali linux



Now verify that the mono interface has been created.

how to hack a wifi password using kali linux


STEP 6


Use the airodump-ng to capture the WPA2 handshake. Airodump-ng will show a valid handshake when it captures it. This will be shown in the upper right-hand corner of your computer screen.


You’ll have to manually connect to the wireless to force a handshake. I’ll soon write an article describing how to force a reauthorization, making a device automatically disconnect and reconnect with no need for a manual intervention.


Use the command in this format; airodump-ng mon0 --bssid 20:aa:4b:1f:b0:10 =used to capture packets from your AP

--channel 6 =limits channel hopping

--write BreakingWPA2 =the name of the file you wish to save to


Airodump-ng mon0 --bssid 0E:18:1A:36:D6:22 --channel 36 --write breakingWPA2


NOTE: MAKE SURE YOU LIVE NO SPACE BETWEEN “_ _”




To successfully capture the handshake, you’re gonna monitor a legitimate client to authenticate to the network.


To fix the hassle of having to wait for a client to legitimately authenticate. I’m gonna show you to force a client to re-authenticate.


Look out for the WPA Handshake Command, this tells you that you just captured a valid handshake.




STEP 7


Now, we’re gonna use aircrack-ng together with the dictionary file to crack the password.
Our chances of breaking into the password are largely dependent on the password file.


The command is; aircrack-ng “title of the cap file you created and stored” –W “title of your dictionary file”




The BreakingWPA2-01.cap file was created when we ran the airodump-ng command. The valid WPA2 captured airodump handshake is saved in the BreakingWPA2-01.cap file


Backtrack 5 comes with a basic dictionary, darkc0de.lst. This is a popular worldlist that ships with BackTrack5. We used our password Cisco123 in this file to make the test run smoother. Many hackers use large dictionaries which increases their chances of cracking passwords. Lots of dictionaries contain passwords from real users and websites that was cracked and posted on the web.


You can download the darkc0de.Ist here since Kali Linux does not come with it preinstalled.

If the password is found in the dictionary file, rest assured that aircrack-ng will crack it and you'll be able to connect.

how to hack a wifi password using kali linux


SUCCESS!


Whew, just got that out of the way.

Now, let's hope my hack also works for you. If it doesn't, hit me up. We'll figure it out together.

Now check out how you can hack into a computer

how to hack a wifi password using kali linux
Learning how to hack a wifi password using Kali linux is only complicated when you try to use someone else's hacking technique.

My job is to turn you into a real hacker, that way you can also manipulate your own hacks.

Don't forget to join me on Facebook.




Subscribe to my mailing list

* indicates required