Showing posts with label Latest updates. Show all posts
Showing posts with label Latest updates. Show all posts
Do you know that 96% of the internet is not indexed by search engines such as Bing, Yahoo and  Google? that basically means that only a very tiny proportion of the World Wide Web(www) is available to you through normal means. Most things happen at the deep / dark web.

The average internet user only utilizies a small portion of the internet's potential.
Accessing the deep web and the dark web

The deep / dark web 

deep web

The famous deep web is exactly like it sounds — just below the surface but not completely dark.

In other words, the deep web is any web address that cannot be found by regular search machines. Regular search engines are only able to search and index websites because of links. Links are used in ranking all search results according to things like keywords, relevancy and inbound links. Search engines search the “surface web”, but that’s where the search ends.

Accessing the deep web and the dark web

For instance, say you searched a public library's catalogue to find a specific book, you couldn’t just type the title into your search engine's search bar and expect it to return a meaningful result. That boss level of information would only be gotten in the deep web.

Instead, you would locate this data by going to the public library’s official website and use their own search bar.

The sole reason regular search engines can’t provide you with this data is simply because there are no links. 

how indexing works

Google’s indexing system starts with a process known as “crawling.”

Visualize a virtual robot insect that begins at the home page, then crawls to and back from all the pages on the same site that are accessed by clicking on the links.

Google then examines the entire data and renders the content of the site to send to Google’s index servers. Google then builds the data by context and enters each one into a base of algorithms.

the surface web

Just like the movie "Aquaman", the surface world is known and beautiful.This is your normal, etc. But the wonders that lie below it are breath-taking.

Food for thought

Far past the boundaries of Google-able information is every sort of information you can think of. It accommodates a wide array of data and information, from unlisted videos and articles that are blocked in certain countries to the inner-dashboard of your very own bank account just after you log in to password-protected, private websites.

Below the “surface web”, there are thousands of possibilities. You just have to find them.

the dark web

The dark web is probably what you might have thought the deep web was if you saw it on TV or read about it in a newspaper... But always recall, the deep web and the dark web are two distinct things.

Though these two have always been used interchangeably, the deep web — comprises of mostly harmless data and digitized records, while the dark web — has raised concern around the world about criminal activity.

Accessing the deep web and the dark web

Common web browsers can’t access the dark web. The dark web makes use of what’s called; The Onion Router service protocol. Tor 'in short'  — can't be detected by search engines and help give users complete anonymity while surfing the web.

When you visit the dark web, you’re not in any way in the interconnected servers you normally interact with. Instead, all things stay internal on the Tor network, providing privacy and security to all users equally.

Because of these reasons, the dark web is home to things that don’t wish to be found.

Note: Dark web website addresses end with .onion instead of .com for example.

Consider this image:
Accessing the deep web and the dark web

The deep web vs the dark web

what's on the deep web?

The deep web carries the searches that are invisible to search engines. Here are a few examples:

  • The content of your online banking accounts
  • The content of your personal email accounts
  • The content of your social media accounts
  • Data that companies store on their private databases
  • Legal documents
  • User-to-user communications on any social media, messaging platforms, chat services etc.
Lots of contents that exist on the deep web carries information that you probably wouldn’t wish to come up in a web search — like your account information and details — because it’s private and might be misused.

If you have to log in to any account, the information you access in that account is on the deep web.

That’s a good thing since the deep web helps protect your personal information.

What's on the dark web?

The dark web runs with a very high level of anonymity. It entertains harmless activities and content, as well as criminal ones.

For example, the dark web could very well include a site that provides complex riddles. Another could be a kind of book club that gets eBooks to look more professional. Another could also offer a forum for individuals who believe free speech is threatened.

The dark web is however known for dark content like illegal and disturbing content. Here’s are examples of illegal contents you can find on the dark web.

  • Stolen information and data: In cases of a data breach, there’s a high probability the accessed information — from bank card numbers to Social Security numbers. — will show up on the dark web's market.
  • Disturbing and dangerous contents: Things like hitmen-for-hire, gores, human trafficking, child pornography, counterfeit goods, body parts, illegal drugs and illegal guns for sale can all be found on the dark web's market.
How come users can do business on the dark web without being traced? Financial transactions are mostly done with Bitcoin, the cryptocurrency that assures buyers and sellers complete anonymity.

How to access the dark web

Getting into the dark web is a lot simpler than you might think. What you gotta do is download a dark web browser, just like the Tor browser.

Once you finish installing this browser on your system, it operates just like any other regular browser: type in any URL, and access it.

However, you can't easily find the material you’re looking for on the dark web. It doesn't work the way using search engines like Google works. The dark web has no ranking system or index to help you find what you need.

Instead, you can use darknet search engines. One known as the Uncensored Hidden Wiki largely suggests some guidance to content on the dark web, including illegal websites.

Surfing the dark web can be harmful

  • Webcam hijacking: A site on the many corners of the dark web may try to get a remote administration tool — also called “RAT” — onto your system. That can allow someone to hack into your webcam — essentially, giving them access to your camera lens.
  • Viruses: Some websites tend to infect your system with viruses, and there are many types of viruses to be on the lookout for. Remember to never download stuff from sites you don’t trust.


Both the deep web and the dark web offer an extent of anonymity and privacy.

The deep web protects your private information. But in a case that you access your online bank account, it’s not completely private. The bank knows.

The dark web on the other hand function on the policy of total anonymity. Whatever you do in there is your business. With some precautions, what you do there can’t ever be tracked or traced to you by anyone or organisation.
Gotta use Tor browser properly right? Yeah, being anonymous while surfing online is a great idea.

NIPE: How to Anonymize your system completely with Tor

Tor is arguably the most popular onion browser out there, being able to run on Apple MacOS, Microsoft Windows and GNU/Linux(without installing any software).

Confused on what Tor actually is? Lemme put it this way; 

Tor browser protects your anonymity by bouncing your communications around a range of distributed networks of relay runs by aides all around the globe: it prohibits and ensures that somebody watching your Internet connection does not learn what sites you visit, it prevents the websites you browse through from knowing your physical location, and also lets you visit blocked websites.

Now, what is Nipe?

Nipe simply put, is a script to make Tor Network your Default Gateway.

This little Perl Script gives you access to route all your traffic directly from your
computer to the Tor Network. 

After it is all done, you can successfully surf the Internet Anonymously
without any worries of being tracked or traced back.

Let's get to it!

Download and install:

    cd nipe
    cpan install Switch JSON LWP::UserAgent

Commands needed:

    install                Install dependencies
    start                   Start routing
    stop                   Stop routing
    restart                Restart the Nipe process
    status                 See status


    perl install
    perl start
    perl stop
    perl restart
    perl status
7 important truth on Man in the middle attack

Wanna know all the stuff you need to know about Man in the middle(MITM) attack? including the basic concepts, types, prevention, etc. If your answer is yes, I suggest you read further.

This particular topic is one of the most asked cyber-security questions on the net. Just like most search terms, I'm gonna break it this way;

  1. What is Man in the middle attack?
  2. How does it work?
  3. Typical example
  4. Real life instances
  5. Different forms of MITM attack?
  6. What are the types of MITM attack?
  7. How do I prevent a MITM attack?

To better understand this concept, you'll be reading this from a victim's perspective rather than the attacker. Pay attention!

1. What is Man in the middle attack?

A man-in-the-middle attack is a known cybercrime where a malicious actor secretly inserts himself into an online conversation between two individuals(sometimes more), impersonates both parties involved and accesses information that is being sent by the two parties to one another.

This type of cyber attack basically requires three players to be carried out; the victim, the individual/s the victim is trying to communicate with, and the hacker(Man in the middle), who ’s trying to intercept the victim’s communications with the purpose of getting critical information.

7 important truth on Man in the middle attack

Note that the victim in this scenario isn’t aware of the man in the middle.

A practical example of a MITM attack is active eavesdropping. In this example, the hacker attempts independent links with the victims and conveys messages between them, making them think they're communicating directly with each other over a secure private connection, when in truth, the whole conversation is being controlled by the attacker.

MITM attack is one of the forms of session hijacking. Other forms similar to a MITM attack are:

  • Sidejacking - This involves sniffing of data packets with the purpose of stealing session cookies and in the process hijack a user’s session. These cookies login information in some cases are unencrypted, even if the website was secure.

  • Evil Twin - This can be called a rogue Wi-Fi network appearing to be from a legitimate network. When a user joins a rogue network, an attacker can launch a MITM attack, thereby intercepting useful data sent between you and the network.

  • Sniffing - This is when a malicious actor uses a readily available tool or program to intercept data being transmitted from or to your device.

2. How does Man in the middle attack work?

How does this work? what actually happens in the background is that the hacker manages to have some form of control over the network topology thereby being able to insert himself in-between the client and the server.

A befitting example of this is DNS spoofing. The attacker convinces your computer system that doesn’t map to any of the Amazon server IPs, but to his(the attacker) server IP. The client not knowing what's going on then connects to the attacker instead of Amazon. The hacker can then decide to forward the client’s traffic to Amazon servers or not

Address Resolution Protocol(ARP) is another interesting example. This is used to map a network address to a physical address like a MAC address. An IPv4 address is an example of the network address.
7 important truth on Man in the middle attack
Check out the ARP cache of one’s computer system.
ARP comes with a flaw though, it being that you can't verify that the ARP packet is telling the truth.

Check this out;

The Router asks, “Who and where is”, a system at replies, “ is at ff:ff:ff:ff:ff:ff (’s MAC)”. The router doesn't know that this packet is coming from a totally different system. For the router, is This is known as ARP spoofing.

So what basically happens in a man in the middle attack is that the attacker continuously sends ARP packets to the victim claiming that the attacker’s system is the router.
Here, the attacker is sending ARP replies to the victim ( saying that he's the router. It says is at 8:0:27:f1:77:4e(attackers MAC)
The victim’s computer goes ahead and sends all the packets to the attacker’s computer, all the while thinking it is actually the router and the attacker then forwards those messages to the actual router. Editing and taking the information he needs in the process.

There’s a more complex and sophisticated MITM attack involving Border gateway protocol(BGP) where you can divert the routing to the internet for an entire domain.

3. Typical example?

7 important truth on Man in the middle attack

An example? Let’s say your friend receives an email that seems to be from his bank, encouraging him to sign into his account dashboard to confirm his contact information. 

He clicks on a link(saying maybe click here to sign in) in the email and is redirected to what looks like his bank’s website. Then he signs in and carries out the requested task and in the process unknowingly giving out his info.

In this scenario, the MITM sent your friend the email, making it appear to be legitimately from his bank. This particular attack involves phishing i.e tricking him to click on a link in the email that appears to come from his bank. 

Note that the hacker had to create a replica of your bank's website

Another analogy:

Let's say Debra and Justice are having a conversation online; Mary intends to eavesdrop on the conversation but at the same time remain transparent.

Mary could tell Debra that she is Justice and tell Justice that she is Debra. This would consequently make Debra believe she’s currently texting Justice while revealing her version of the conversation to Debra.

Mary then gathers needed information from the conversation, alter and twist the response,  and pass the message across to Justice (who still thinks he’s having a good talk with Debra). As a result, Mary transparently hijacked their entire conversation.

4. Real life instances of a MITM attack?

Enough of made up scenarios. Let's look at a few real life man in the middle attacks;

7 important truth on Man in the middle attack

  • In 2013, the Browser owned by Nokia Xpress was made known to be decrypting HTTPS traffic on the Nokia's proxy servers, enabling the company to access its customers' encrypted browser traffic. Nokia, however, said that the content was only stored temporarily and they have technical and organizational measures put in place to prevent unwarranted access to private information. cite

  • In 2003, a remarkable non-cryptographic man in the middle attack was carried out by a Belkin wireless network router. Periodically, it hijacks HTTP connections being routed through it to a destination and self-respond as the intended server. After the reply is sent, instead of the of the web page the user requested, was a commercial for a Belkin product. After several complaints from technically literate users, this particular 'feature' was removed from the router's firmware. cite
Other notable mentions are;
  • Comcast uses a man in the middle attacks to inject JavaScript code into 3rd party web pages, displaying their ads on top of the pages. cite

  • NSA impersonation of Google. cite

5. Different forms of Man in the middle attack

MITM attacks are of two forms; one that involves malware, and another that involves physical proximity to the proposed target. The first form, just like the fake bank scenario above, is also referred to as a man in the browser attack.

  • Man in the browser attack

With a MITB attack, the attacker requires a way to inject malicious programme into the victim’s computer system. This can be achieved by conducting a phishing attack.

The malware installs on the browser without the user ’s consent and knowledge. The malware then records the data/information sent between websites and the victim, such as online shops, and forwards it to the attacker.

Going back to the forms of MITM attack. Hackers execute a MITM attack in 2 phases — interception and decryption.

In a traditional man in the middle attack, attackers need access to a vulnerable Wi-Fi router. These types of connections are likely to be found in public places with free Wi-Fi hotspots, and in some cases, in some people’s homes, i.e when they fail to protect their network properly. Attackers will go ahead to scan the router in search for specific vulnerabilities such as a weak password.

Once a vulnerability is found, attackers use some hacking tools to intercept and read the victim’s transmitted data

A successful MITM attack doesn't stop after it intercepts. The victim’s encrypted data needs to be unencrypted, that way, the attacker can read and act upon it.

6. What are the types of man in the middle attack?

IP spoofing 

Each computer online has an internet protocol (IP) address, which is somewhat similar to the street address of your home. By spoofing an IP address(changing the IP), a hacker is able to trick you into thinking you’re interacting with someone or a website you’re not, probably allowing the attacker to have access to sensitive information you’d otherwise not share.

DNS spoofing

Domain Name Server(DNS) spoofing is a type of MITM attack that forces a victim to a fake website instead of the real one the victim intends to visit. Victims of DNS spoofing think they’re visiting a safe, trusted site, instead, they’re unknowingly interacting with a fraudster. Here, the attacker's mission is to divert traffic from the real website and capture user login details.

HTTPS(Hypertext Transfer Protocol Secure) spoofing

When doing online transactions, be on the lookout for “HTTPS” in the website URL, rather than “HTTP”. This shows that the site is secure and trusted. A hacker can trick your browser into believing it’s visiting a secure site when it’s not.

SSL hijacking

If your computer connects to an unsecured server specified by “HTTP”, the server can on its own redirect you to the secure version of the server, specified by “HTTPS.”

Connecting to a secure and trusted server basically means standard security protocols are in order, protecting all the data you have in common with that server.

SSL is short for Secure Sockets Layer, a protocol that sets up encrypted links between the web server and your browser.

In an SSL hijacking, the hacker uses a different computer and a secure server to intercept all the data passing through the server to the user’s computer.

Email hijacking

Attackers can target email accounts of financial institutions like banks. Once access is gained, they are able to monitor transactions between the customers and the institution.

The attackers can then decide to spoof the bank’s email address and email to customers. This convinces the victim to follow the hackers’ instructions instead of the bank’s. As a result, an unwitting victim may end up sending money to the attacker.

Stealing browser cookies

To better grab the concept of a stolen browser cookie, you first need to understand what one is; a browser cookie is simply a  piece of information a website stores on your computer system.

online retailers like Amazon might store the personal info you enter and cart items you’ve selected on a cookie, that way, you need not re-enter same information when you return.

A hacker can steal your browser cookies and gain access to sensitive information.

7. How do I protect my system from a MITM attack?

7 important truth on Man in the middle attack

Strong WEP/WAP Encryption on Access Points

Having a very strong encryption mechanism on wireless access points(WAP) helps prevent unwanted persons from connecting to your network. A somewhat weak encryption mechanism allows a hacker to easily brute-force his way into a network and starts MITM attacking. 

The stronger the encryption, the safer.

Virtual Private Network

VPNs is used to create a secure browsing environment for information within a LAN(local area network). They create a subnet using key-based encryption for secure communication. If this is done properly, the attacker will not be able to decipher the traffic in the VPN even if he happens to get on a network that is shared.


HTTPS is used to safely communicate over HTTP with the help of public-private key exchange. This helps prevent an attacker from making sense from the data he may be sniffing. 

Webmasters should not provide HTTP alternatives.

Public Key Pair Based Authentication

A man in the middle attack involves spoofing something. RSA public key pair authentication can be used in numerous layers of the stack in ensuring that the people or website you are in communication with are actually the people you want to be communicating with.


It is all scary from a victim's perspective of man in the middle (MITM) attack. Sometimes times the fear is due to knowing little or no info on the topic. 

After reading through this, most users might panic with the knowledge that they have been keeping their devices vulnerable and might have fallen victim to an attack. The best thing to do in such a scenario is to keep calm.

Join us on facebook if you appreciate this post.
Got a spare old android phone? read on and you're gonna know how to put it to good use; turning it into a security camera. Great to be used as a baby monitor✌

Is it really possible to use a smartphone as a monitoring device without any knowledge of I.T? The short answer is YES. You don't need any sort of Cyber training to use your smartphone as a spy device.

How is this practicable? By installing necessary security applications and using them in the manner I'll show you as you scroll down the page.

How to use your android phone as a security camera

What you're about to read further is common sense for some experienced individuals, but alien to many. For the experienced ones, I'll gladly welcome any form of contribution to the methods I'm gonna use here. For the not-so-experienced, read on!

Breaking it down in these steps;
  1. Get IP Webcam
  2. Setting it up
  3. Streaming
  4. Positioning your camera
  5. Mounting

1. How to use android phone as a security camera

Let's dive in to the topic at hand;

Step 1: Get a security camera app for android

To kick this off, you need an app used as a security camera. Most such app offers the same features as; cloud streaming, motion detection and alerts. local streaming and recording/storing footage locally or remotely.

Despite lots of options online, the best for me is IP webcam. Now the pro version cost $3.99 to unlock all features, but there's also a free-to-use version. Though this version can't be compared to the paid one, it still got some cool features.

IP Webcam broadcasts both over the cloud and locally with the help of a service called Ivideon, so you can watch your stream, live from anywhere. Get the Ivideon app for android on Playstore.

In short, IP Webcam is used for videoing and Ivideon for streaming.

Step 2. To set up your Android phone as a security camera:

After you must have downloaded and installed IP webcam, follow the below procedures to set it up:

  • Open IP Webcam

  • Set your video preference, effects, power management settings, and motion and sound detecting.

How to use your android or ios phone as a security camera

  • Go to Local broadcasting>>login/password to set up your unique login details when streaming locally. Streaming locally is public. Reason why you should have a password. That way only you can stream your video.

  • Now, to broadcast the stream remotely, you have to register or log in to Ivideon(if already registered).
How to use your android or ios phone as a security camera
Ivideon on PC after sign in

How to use your android or ios phone as a security camera
Ivideon on Android after sign in

  • Locate cloud streaming from your IP Webcam app, then select Ivideon and log in to connect your Ivideon account to the IP Webcam.

  • To begin streaming, select Start server at the very bottom of the app of your IP Webcam.

Step 3. Streaming your video from anywhere

Now to the fun part;

  • To view the stream locally:

you'll see an IP at the bottom of the video like type it in the web address bar of your pc or phone. It'll tell you insecure url but don't worry since you have your own dedicated password. Continue with the login.

A pop up will show asking for your username and password. After successful login, you'll be directed to your dashboard.

How to use your android or ios phone as a security camera
Streaming locally from PC

Locate Video renderer and select Browser to start streaming.

Note: make sure that your android phone is currently videoing on IP Webcam

  • To view the stream using Ivideon

Alternatively, you can stream directly from your Ivideon account. This is even better because it increases privacy(private not public)

To do this is very simple. Start the server in your IP Webcam(you must have linked your Ivideon account to IP Webcam by now), then login to your Ivideon account from your pc/desktop/android. You'll see a thumbnail of the current stream. Click on it and watch.

Step 4: Choosing a spot to position your camera

Choosing the best spot to place your phone is very challenging as you'll be careful to make sure it won't fall off or get seen. You may wanna position it at the main entrance to your home or wherever you think might be particularly vulnerable.

You can also set up an IP camera as a baby monitor.

If you have multiple old phones lying around, you can set up multiple cameras for fairly robust video coverage if you have multiple old phones lying around.

Step 5: Mounting and powering up your camera(s)

To mount the camera, a little smartphone tripod or suction car mount works perfectly and helps you fix the android in an inconspicuous place.

smartphone tripod
Loha smartphone tripod
Joby mini tripod
Best tripod for height

To broaden the view, you might consider purchasing a wide angle lens for your phone. These ones below are my top pick:

How to use your android or ios phone as a security camera

Note that streaming takes a lot of power since the phone will be turned on for a long time. To solve this issue, you might wanna position the phone close to a power source. A long Micro-USB or lightning cable will add some flexibility to your camera positioning.

Make sure you put your phone on silent. Putting it on airplane mode is advisable. Don't forget to on your wifi right back in order to access the internet.

If you really want to use your phone as a security camera, mostly for photographers, then a tripod(very important) and a lens(less important) will be useful. You can check them out from the below links:


Hopefully, by now you should know all you need to know on how to use your android phone as a security camera. You can go ahead and monitor your household when you're not at home.

7 top Hacker tools and software gadgets

Batman! Probably the Superhero with the most gadgets and tools. Without his numerous tools, he’ll probably won’t raise his shoulders high in the mist of fellow Heroes.

Same is said of a Hacker lad. Without the hacker tools, there’s very little he/she can do. There’s a saying that says; “a Hacker is as good as his tools”.

If you absolutely know nothing on hacking, then you'd be needing a beginners' guide.

This article tries to do justice to some of the gadgets a hacker should have in his toolkit, covering perhaps the favourite pentesting tools as used by various types of Hackers and geeks.

NOTE: Most of these gadgets ship with common pentesting Linus distro’s like BackBox or Kali Linux, so I think it proper you install a Linux hacking box.

Alright! In no specific order, below is the list of hacker tools I’ve compiled.

Disclaimer; post contains affiliate links.

  1.  THC Hydra(password cracking tool)

THC HYDRA Hacker tools and software gadgets

Most times abbreviated to simply Hydra. This is perhaps one of the most popular password cracking tool, topping it with a very experienced development team.

THC Hydra uses a dictionary or brute force attacks when trying various login combinations on a login page. This is basically a very fast and flexible login cracker which supports plenty of protocols.

Plus new modules are pretty easy to add. This tool is completely FREE and can be downloaded.

Features of THC Hydra hacker tool

This tool currently supports;






Ø  Cisco AAA

Ø  Cisco auth

Ø  Cisco enable








Ø  LDAP2 and lots more

2. OWASP ZED(web vulnerability scanner)

OWASP ZED Hacker tools and software gadgets

If you’re relatively competent in Cybersecurity, then it’s highly likely you’re quite familiar with OWASP ZED, being one of the most popular OWASP projects.

When used as a proxy server, the ZED allows you to manipulate pretty much all the traffic that goes through it, including https traffics. Cool right?

This is largely considered as being the guide of web security. The OWASP ZED is an efficient hacking tool that finds vulnerabilities in web applications. The best part is that it can be used by both professional penetration testers and those new to application security.

Features of the OWASP ZED

Some of the built-in features of this hacker tool include;

Ø  Automated scanner

Ø  Passive scanner

Ø  Forced browsing

Ø  Fuzzer

Ø  Intercepting proxy server

Ø  Traditional and AJAX web crawlers

Ø  WebSocket support

Ø  Scripting languages

Ø  Plug-n-hack support

The architecture is plugin-based, and it also contains an online marketplace which allows updated features to be added. Plus its totally free.

I’d totally recommend you adding this to the list of your gadget.

3. NMAP(network mapper)

NMAP Hacker tools and software gadgets

The network mapper, a popular open source hacker tool mainly used for security auditing and network discovery, thus building a map of the network.

The tool uses IP packets to determine the hosts available on a network and the kind of services those hosts provide data about.

One of the core benefits of using NMAP is that you’ll be able to determine whether or not the network is in need of patching. There’s another version of this tool called Zenmap. This is actually the GUI version of NMAP, both performing almost the same.

I’d say; first learn NMAP, since it’s easier for beginners to learn. You can choose to move over to Zenmap when you feel like it.

NMAP is a multipurpose gadget which can function on many different OS including; BSD, Linux and Mac.

Features of NMAP

Ø  Port scanning

Ø  Version detection

Ø  OS detection

Ø  Host discovery

Ø  Scriptable interaction with the target

Ø  Auditing the security of a firewall

Ø  Network mapping

Ø  Finding and exploiting vulnerabilities in a network

How the result is reported

NMAP provides 4 output formats which are all saved to a file. All but the interactive output. Let’s take a look at different ways NMAP gives its output;

Ø  XML: This is a format that is processed by XML tools. Using XSLT, it can be further converted into an HTML report.

Ø  Interactive: Presented and updated when you run NMAP from the command line.

Ø  Normal: This is the output you see while operating NMAP from the command line.

Ø   Grepable: This is the output that is shaped to line-oriented processing gadget i.e awk, sed or grep.

Ø  Script kiddie: This is an amusing way to format the interactive output. In this type of output, you replace letters with visually alike number representations. E.g Interacting ports becomes int3eract1ng p0rtz

 4.  Keyllama USB Keylogger tools

Keyllama USB Keylogger

Arguably the most undetectable software out there, the Keyllama USB Keylogger is definitely the flash drive you don’t want anywhere near any of your computers.

As one of the leading names in Keyloggers, the Keyllama is used in settling legal matters where reliability is absolutely crucial. They centre on hardware-centric method, not relying on any software to carry out any hack, and activates immediately it is plugged in.

The Keyllama tool comes with a 16mb, 8mb or 4mb storage types. Topping it with an extremely low failure rate and is capable of storing quite a lot of data(not minding the storage size).

The coolest stuff about this Keylogger is that it can easily be inserted into wireless keyboards as well.


Hacker tools and software gadgets

This cool hacker tool is designed to be discreet; appearing not more than a tiny USB memory key(it extends 1.8” from the back of your computer/machine).

I’d say it is the most minimalist looking keylogger on the market right now.


This Keylogger assesses the data being transmitted by the keyboard, records all of it, then pushes the information back to the computer. There is utterly no way the software can detect this tool.

You’ll be needed to choose a password when you’re first setting it up. This password, however, isn’t just to allow you to access data, but also to set up a complex encrypted algorithm.

This is so, in the event that someone manages to get their hands on this Keylogger, they absolutely wouldn’t have any idea what information was inside. It’ll completely look like gibberish.

This is essential for hackers, as it combines swiftness and reliability. 

You can check it out right here on Amazon.

5. Metasploit penetration testing software

metasploit top Hacker tools and software gadgets

If you’re new to Metasploit, then think of it as a list of hacker tools and frameworks used to execute various tasks.

Metasploit along with NMAP is probably the two most common hacking software out there. This software is a must learn if you’re interested in venturing into penetration testing.

IT security courses such as CEH and OSCP always include a Metasploit component. Metasploit is a project that provides you with crucial information regarding computer security vulnerabilities and helps devise IDS testing and penetration testing strategies.

The Metasploit runs on Unix and Windows, but the easiest way to use this tool is to get a penetration testing arsenal that includes the Metasploit framework such as the OS, Kali Linux.

Metasploit framework

The steps for exploiting a system using the framework includes;

Ø  Choosing and setting up an exploit.

Ø  Optionally checking if the proposed target system is prone to the chosen exploit.

Ø  Choosing and setting up a payload.

Ø  Choosing the encoding method.

Ø  Executing the exploit.

This method, allowing the blending of exploits to any payload is the main driving factor of the Framework. It facilitates the task of payload writers, exploits writers and attackers.

One can’t really explain everything there is on this subject. There’re tons of good Metasploit information on the net, but probably not as good as this book, as it is well written and guides perfectly.

You'd probably need to know some list of hacker terms.

6. John the Ripper(hacker password cracking tool)

john the ripper hacker tools and softwares gadgets

The coolest name yet for a Hacker software. Often abbreviated as ‘JTR’, or called just ‘John’, this piece of software is designed to crack very complicated passwords. This tool is very similar to THC Hydra.

John is a common password cracking pentesting tool that is used mainly when performing a dictionary attack. It combines various password crackers into a single package, includes a customizable cracker and autodetects password hash types.

This free password hacking software was first created for just the Unix OS. It now runs on 15 other platforms, 11 of which are architecture-specific versions of Unix.

The JTR runs against plenty encrypted password formats, including different hash types crypt password. These are commonly found on the Windows NT/2000/XP/2003 LM hash, Unix versions and the Kerberos AFS.

If you’re a bit confused between THC Hydra and John the Ripper, then think of JTR as an offline password cracker, while Hydra is an online cracker.

7. Cain and Abel Hacking software

cain and abel hacker tools and software gadget

Often abbreviated as Cain, this is a password recovery tool for Windows. It’s able to recover many types of passwords using techniques such as cracking various password hashes(using dictionary attack), network packet sniffing, cryptanalysis and brute force.

This hacking tool is often mentioned in variety of hacking tutorials. Cain and Abel were primarily built as a password recovery tool for Microsoft, but it can also be used in a variety of uses.

Some features of Cain and Abel

Ø  WEP cracking

Ø  Calculating hashes

Ø  Revealing password boxes

Ø  Uncovering cached passwords

Ø  Ability to record VoIP conversations

Ø  Dumping protected storage passwords

Stopping here doesn't give accolade to the several hacking tools and software out there. Some great ones weren't named due to them having very similar characteristics with the above mentioned.

Nevertheless, let's check out the other tools worth mentioning, shall we?

  • Wireshark(web vulnerability scanner)

  • Aircrack-ng(password cracking tool)

  • Nikto website vulnerability scanner

  • Maltego(Digital forensics)

  • DS logic pro(logic analyzer)

  • oclHashcat(password cracking tool)

  • Nessus vulnerability scanner

  • Social Engineering tool kit(framework for simulating multiple types of attacks)

The list goes on and on. 

Subscribe to my mailing list

* indicates required