Showing posts with label Latest updates. Show all posts
Showing posts with label Latest updates. Show all posts
7 top Hacker tools and software gadgets


Batman! Probably the Superhero with the most gadgets and tools. Without his numerous tools, he’ll probably won’t raise his shoulders high in the mist of fellow Heroes.


Same is said of a Hacker lad. Without the hacker tools, there’s very little he/she can do. There’s a saying that says; “a Hacker is as good as his tools”.


If you absolutely know nothing on hacking, then you'd be needing a beginners' guide.


This article tries to do justice to some of the gadgets a hacker should have in his toolkit, covering perhaps the favourite pentesting tools as used by various types of Hackers and geeks.


NOTE: Most of these gadgets ship with common pentesting Linus distro’s like BackBox or Kali Linux, so I think it proper you install a Linux hacking box.


Alright! In no specific order, below is the list of hacker tools I’ve compiled.




Disclaimer; post contains affiliate links.

  1.  THC Hydra(password cracking tool)

THC HYDRA Hacker tools and software gadgets

Most times abbreviated to simply Hydra. This is perhaps one of the most popular password cracking tool, topping it with a very experienced development team.


THC Hydra uses a dictionary or brute force attacks when trying various login combinations on a login page. This is basically a very fast and flexible login cracker which supports plenty of protocols.


Plus new modules are pretty easy to add. This tool is completely FREE and can be downloaded.


Features of THC Hydra hacker tool

This tool currently supports;

Ø  SOCKS5

Ø  VNC

Ø  POP3

Ø  IMAP

Ø  CVS

Ø  Cisco AAA

Ø  Cisco auth

Ø  Cisco enable

Ø  SSH2

Ø  TELNET

Ø  FTP

Ø  HTTP-GET

Ø  HTTP-HEAD

Ø  HTTPS-GET

Ø  HTTP-PROXY

Ø  LDAP2 and lots more



2. OWASP ZED(web vulnerability scanner)

OWASP ZED Hacker tools and software gadgets


If you’re relatively competent in Cybersecurity, then it’s highly likely you’re quite familiar with OWASP ZED, being one of the most popular OWASP projects.


When used as a proxy server, the ZED allows you to manipulate pretty much all the traffic that goes through it, including https traffics. Cool right?


This is largely considered as being the guide of web security. The OWASP ZED is an efficient hacking tool that finds vulnerabilities in web applications. The best part is that it can be used by both professional penetration testers and those new to application security.


Features of the OWASP ZED

Some of the built-in features of this hacker tool include;


Ø  Automated scanner

Ø  Passive scanner

Ø  Forced browsing

Ø  Fuzzer

Ø  Intercepting proxy server

Ø  Traditional and AJAX web crawlers

Ø  WebSocket support

Ø  Scripting languages

Ø  Plug-n-hack support


The architecture is plugin-based, and it also contains an online marketplace which allows updated features to be added. Plus its totally free.


I’d totally recommend you adding this to the list of your gadget.


3. NMAP(network mapper)

NMAP Hacker tools and software gadgets


The network mapper, a popular open source hacker tool mainly used for security auditing and network discovery, thus building a map of the network.


The tool uses IP packets to determine the hosts available on a network and the kind of services those hosts provide data about.


One of the core benefits of using NMAP is that you’ll be able to determine whether or not the network is in need of patching. There’s another version of this tool called Zenmap. This is actually the GUI version of NMAP, both performing almost the same.


I’d say; first learn NMAP, since it’s easier for beginners to learn. You can choose to move over to Zenmap when you feel like it.


NMAP is a multipurpose gadget which can function on many different OS including; BSD, Linux and Mac.

Features of NMAP


Ø  Port scanning

Ø  Version detection

Ø  OS detection

Ø  Host discovery

Ø  Scriptable interaction with the target

Ø  Auditing the security of a firewall

Ø  Network mapping

Ø  Finding and exploiting vulnerabilities in a network


How the result is reported


NMAP provides 4 output formats which are all saved to a file. All but the interactive output. Let’s take a look at different ways NMAP gives its output;


Ø  XML: This is a format that is processed by XML tools. Using XSLT, it can be further converted into an HTML report.


Ø  Interactive: Presented and updated when you run NMAP from the command line.


Ø  Normal: This is the output you see while operating NMAP from the command line.


Ø   Grepable: This is the output that is shaped to line-oriented processing gadget i.e awk, sed or grep.


Ø  Script kiddie: This is an amusing way to format the interactive output. In this type of output, you replace letters with visually alike number representations. E.g Interacting ports becomes int3eract1ng p0rtz


 4.  Keyllama USB Keylogger tools


Keyllama USB Keylogger

Arguably the most undetectable software out there, the Keyllama USB Keylogger is definitely the flash drive you don’t want anywhere near any of your computers.


As one of the leading names in Keyloggers, the Keyllama is used in settling legal matters where reliability is absolutely crucial. They centre on hardware-centric method, not relying on any software to carry out any hack, and activates immediately it is plugged in.


The Keyllama tool comes with a 16mb, 8mb or 4mb storage types. Topping it with an extremely low failure rate and is capable of storing quite a lot of data(not minding the storage size).


The coolest stuff about this Keylogger is that it can easily be inserted into wireless keyboards as well.

Design

Hacker tools and software gadgets

This cool hacker tool is designed to be discreet; appearing not more than a tiny USB memory key(it extends 1.8” from the back of your computer/machine).


I’d say it is the most minimalist looking keylogger on the market right now.

Security


This Keylogger assesses the data being transmitted by the keyboard, records all of it, then pushes the information back to the computer. There is utterly no way the software can detect this tool.


You’ll be needed to choose a password when you’re first setting it up. This password, however, isn’t just to allow you to access data, but also to set up a complex encrypted algorithm.


This is so, in the event that someone manages to get their hands on this Keylogger, they absolutely wouldn’t have any idea what information was inside. It’ll completely look like gibberish.


This is essential for hackers, as it combines swiftness and reliability. 


You can check it out right here on Amazon.


5. Metasploit penetration testing software

metasploit top Hacker tools and software gadgets


If you’re new to Metasploit, then think of it as a list of hacker tools and frameworks used to execute various tasks.


Metasploit along with NMAP is probably the two most common hacking software out there. This software is a must learn if you’re interested in venturing into penetration testing.


IT security courses such as CEH and OSCP always include a Metasploit component. Metasploit is a project that provides you with crucial information regarding computer security vulnerabilities and helps devise IDS testing and penetration testing strategies.


The Metasploit runs on Unix and Windows, but the easiest way to use this tool is to get a penetration testing arsenal that includes the Metasploit framework such as the OS, Kali Linux.


Metasploit framework


The steps for exploiting a system using the framework includes;

Ø  Choosing and setting up an exploit.

Ø  Optionally checking if the proposed target system is prone to the chosen exploit.

Ø  Choosing and setting up a payload.

Ø  Choosing the encoding method.

Ø  Executing the exploit.


This method, allowing the blending of exploits to any payload is the main driving factor of the Framework. It facilitates the task of payload writers, exploits writers and attackers.


One can’t really explain everything there is on this subject. There’re tons of good Metasploit information on the net, but probably not as good as this book, as it is well written and guides perfectly.

You'd probably need to know some list of hacker terms.

6. John the Ripper(hacker password cracking tool)

john the ripper hacker tools and softwares gadgets


The coolest name yet for a Hacker software. Often abbreviated as ‘JTR’, or called just ‘John’, this piece of software is designed to crack very complicated passwords. This tool is very similar to THC Hydra.


John is a common password cracking pentesting tool that is used mainly when performing a dictionary attack. It combines various password crackers into a single package, includes a customizable cracker and autodetects password hash types.


This free password hacking software was first created for just the Unix OS. It now runs on 15 other platforms, 11 of which are architecture-specific versions of Unix.


The JTR runs against plenty encrypted password formats, including different hash types crypt password. These are commonly found on the Windows NT/2000/XP/2003 LM hash, Unix versions and the Kerberos AFS.


If you’re a bit confused between THC Hydra and John the Ripper, then think of JTR as an offline password cracker, while Hydra is an online cracker.


7. Cain and Abel Hacking software


cain and abel hacker tools and software gadget

Often abbreviated as Cain, this is a password recovery tool for Windows. It’s able to recover many types of passwords using techniques such as cracking various password hashes(using dictionary attack), network packet sniffing, cryptanalysis and brute force.


This hacking tool is often mentioned in variety of hacking tutorials. Cain and Abel were primarily built as a password recovery tool for Microsoft, but it can also be used in a variety of uses.

Some features of Cain and Abel


Ø  WEP cracking

Ø  Calculating hashes

Ø  Revealing password boxes

Ø  Uncovering cached passwords

Ø  Ability to record VoIP conversations

Ø  Dumping protected storage passwords


Stopping here doesn't give accolade to the several hacking tools and software out there. Some great ones weren't named due to them having very similar characteristics with the above mentioned.

Nevertheless, let's check out the other tools worth mentioning, shall we?


  • Wireshark(web vulnerability scanner)

  • Aircrack-ng(password cracking tool)

  • Nikto website vulnerability scanner

  • Maltego(Digital forensics)

  • DS logic pro(logic analyzer)

  • oclHashcat(password cracking tool)

  • Nessus vulnerability scanner

  • Social Engineering tool kit(framework for simulating multiple types of attacks)

The list goes on and on. 



Subscribe to my mailing list

* indicates required

google chrome feature password absolute



Good news for internet users as Google now gives websites the alternative to remove the need for password logins in the latest version of its web browser, Chrome 67.

Websites that choose to enable the new feature will let you register and log-in using any biometric information that your phone supports. iPhone owners, for instance, would be able to use their fingerprint to verify that it's actually them that are signing in to a site from their desktop. Additional options include facial recognition, a photo, or even retina scanner. 


However, Chrome users won't be able to access this new development immediately after it is released in the coming days. Instead, the update means that Google has opened up the required code to website developers and owners, so they can integrate the new feature into their own websites.


The passwordless alternative will now be the default setting on sites that enable it. Though, you'll still have the option to turn it off if you prefer typing your qualifications in, and on again if not.


By choosing to enable it, websites will not only be relieving you of the boring task of recalling and typing in passwords each time you log in but will also make it more convenient for you to create a new and unique password. Using the same password more than once in many websites(while much easier than remembering multiple) is a known security hazard that many people become a victim of, and is even becoming more and more difficult with all of the different password requirements.


Google, Mozilla and Microsoft had been pushing for the Web Authentication standards for years with the hopes of increasing security, which made this update possible. They devoted to using them on their own web browsers even before the standards were released in April. Chrome is the last of the three companies' products to do so.


Apple, however, has made no such commitment for Safari, but it might be on its way very soon. The browser is labelled as "In development" in Chrome's status update and a great number of Apple staff members are in the connected working group.

password


So, fellas, keep surfing the internet with ease.



Subscribe to my mailing list

* indicates required

how to install kali linux in 2018



Hi, do you have trouble installing Kali Linux on your desktop/laptop? are you here just to see what all the hype on the Operating system is about?  What if I tell you Kali Linux isn’t just an OS? -)

Yeah I know you might be thinking, “here we go again”, “what does he have to share that I can’t get elsewhere online”.

For that I tell you; get a chair, grab a cup of coffee if you can, and watch me blow your mind.

What you need to know about Kali Linux

Kali Linux is a Debian Linux distribution, intended to carry out digital forensics and penetration testing. It is funded by Offensive Security Ltd. Mati Aharoni, Raphaël Hertzog and Devon Kearns are the core developers, and blah blah blah!



Do you understand 70% of what I just said up there? I wouldn’t. My job is to speak English when explaining stuff like this, otherwise, you’ll most likely not grab anything new from this article.

Let’s try again, now, in English.

Debian is comprised entirely of free software and a Unix-like OS. Which basically means that it operates in a manner similar to a Unix system, while not automatically conforming to versions of the Single UNIX Specification.

Digital forensics is a branch of forensic science(use of technology to establish facts and evidence) surrounding the recovery and investigation of material found in digital devices, often in relation to cybercrime.

A penetration test(also known as a pen test), is an authorized virtual attack on a computer system, performed to review and evaluate the security of the system. The test is carried out to identify vulnerabilities, as well as strengths.

Now let’s go back to what Kali Linux is, shall we?

Kali in a layman’s term is a free-to-download OS(as free as getting a beer at a party), that is used to check the strengths and weaknesses of a computer. It can also be used to recover data in any digital device.


installing kali linux made easy


Kali Linux includes security tools, such as

  • Aircrack-ng
  • Burp suite(Burp or Burp Suite is a graphical tool for testing Web application security)
  • Ettercap(It can be used for computer network protocol analysis and security auditing)
  • John the Ripper(a free password cracking software tool
  • Kismet(this is a network detector)
  • Maltego(a proprietary software used for open-source intelligence and forensics)
  • Metasploit framework(This is a computer security project that provides information on security vulnerabilities and helps in penetration testing and IDS signature development)
  • Nmap(a security scanner that is basically used to discover hosts and services on any computer network)
  • OWASP ZAP(an open-source web application security scanner)
  • Social engineering tools.
  • Wireshark(used for network troubleshooting, analysis, software and communications protocol development)
  • Hydra
  • Reverse Engineering tools
  • Forensics tools like Binwalk, Foremost, Volatility e.t.c


Should I install and use Kali Linux?

Have I aroused your interest? Wanna jump right in the Kali Linux hood? Not so fast buddy.
Kali is great but complicated. Even for experienced users, the operating system can pose some challenges.

While Kali Linux is architected to be greatly customizable, don’t presume you’ll be able to add random unrelated packages and repositories that are “out of band” of the normal Kali software sources and expect it work just fine.

If you are alien with Linux, if you lack at least, an essential level of competence in managing a system, if you are searching for a Linux-distribution only for learning purposes, if you want it just to get to know your way around Linux, or if you want a tool that you can use as a general purpose desktop installation.

Then, my friend, Kali Linux is probably not what you are looking for just yet. You may want to start with UbuntuMint, or Debian instead.



Now, let's dive into the main topic fam; how to install Kali Linux in 15 simple steps.

Setup to install Kali Linux

  • ·         Virtual Machine (VMWare, VirtualBox)
  • ·         μTorrent/BitTorrent


Step 1

Install VirtualBox version 4.3.12. The latest updates tend to have little issues with antivirus, so Ignore for now.

Step 2

Download Kali Linux 32 bit ISO’, with the torrent. The direct version will take too long to download. REMEMBER, torrent.

Step 3

Now, open your VirtualBox and click on New(top left). Name it Kali Linux 1.0.7(or whatever version you downloaded) and it’ll automatically choose the type(Linux) and the version. All you need do now is change it to Debian(32 bits).



Step 4

Tap the Next button and choose the RAM you want to use in this OS. Let’s say 1GB of RAM, though think 500MB should be enough.

Step 5

Tap Next again. Now, choose 'Create a virtual hard drive now' option and click 'Create' choose VMDK option, and hit 'Next' once again, choose 'Dynamically allocated', and 'Next' again.

Step 6

Next thing to do is to choose the size of the compartition you'll be using to make the Virtual Machine. I’ll say choose 30GB for that, but 20GB will do just fine. After that, find your way to the top area, where you’ll choose the location of the compartition. Hit 'Create'.

Step 7

By now you’ve successfully created the partition. Next, is to click on that partition, and hit Settings at the top left. Click on System>Processor and check the box Enable PAEX/NX. Now, go to storage>Controller: IDE you’ll find a little CD that’ll indicate Empty. Click on the little CD with an Add symbol and select choose Disk. Now, browse the ISO File you just downloaded(the Kali Linux ISO File), once you've done that click Ok.

Step 8

Go to Network, you’ll find where it says 'Attached to:', there, you choose 'Host-only Adapter'.

Step 9

Exit the Settings Menu, and start the Virtual Machine by clicking the 'Start' button at the top left. Right now, a window must have appeared where you’ll have to make a choice. Go down to the option 'Install' and hit Enter to continue.

Step 10

At this stage, you’ll be prompted to state your country, language and the keyboard. Select the right information! Now Kali Linux will load.

When that is complete, you’ll be asked for the hostname and domain name. But that doesn’t really matter, go ahead and choose kalilinux for the hostname and kalilinux01 for the domain name.

Now, you’ll be asked for the Root Password. Type in 'toor', which is root written backwards. Re-type it when it asks you again. Use root as username if your's ask for it.

Select your Time Zone, then, it’ll load for a bit. Select the 'Partitioning method' as the 'Guide - use entire disk'.

Keep hitting Enter to choose the defaults. After that, hit 'Finish partitioning and write changes to disk'.

You’ll be asked 'Write changes to disks?', select 'Yes'. Now, the OS will start installing. Take a break, because it’ll take like 20-30 minutes.

Step 11

After some time, it’ll ask you, 'Use a network mirror?', click yes. Then you’ll be asked for HTTP Proxy Information, leave it empty. It’ll go ahead and download some files from the network mirror.

Step 12

After that is done, it’ll ask you, 'Install the GRUB boot loader to the master boot record?', select 'Yes', then finally you’ll see 'Installation Complete'. Hit 'Continue'.

Step 13

Kali Linux will restart, after that, a window will appear with the option 'Other...', click on it and you’ll be asked for username and password. Recall that the username is 'root' and the password is 'toor'.

Step 14

Kali Linux is installed. But don’t rejoice just yet -) now, my friend, you will update and upgrade.
For that, go to: Applications (top left) >Acessories>Terminal, and a window like cmd will open, write on it: apt-get update && apt-get -y upgrade && apt-get -y install dkms | I hope you made no mistake in typing those? It’s really important you didn’t.

Now, hit Enter. After the installation is complete, write power off, and the Virtual Machine will turn off.

Step 15

Your Kali Linux OS is installed, and good to go. Recall, you’ll be using root as username and toor as password.


Enjoy your Kali Linux


Subscribe to my mailing list

* indicates required