Top-Ethical-Hacking-Resources
Stay up-to-date with the latest and greatest ethical hacking resources.
Please read the Guidelines for contributors first
Table of contents
- Wireless Hacking
- Pen Testing
- SQL Injection
- DDOS Attacks
- Social Engineering
- Password Hacking
- TCP/IP Hijacking
- Trojan Attacks
- Other
This project follows the all-contributors specification. Contributions of any kind welcome!
Wireless Hacking
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Kismet | Kismet is a powerful tool for wireless sniffing that is found in Kali distribution. Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware. | How to use kismet |
| WireShark | Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level | How to use Wireshark |
| Aircrack | Aircrack is one of the most popular wireless passwords cracking tools which you can use for 802.11a/b/g WEP and WPA cracking. Aircrack uses the best algorithms to recover wireless passwords by capturing packets. | How to use Aircrack |
| CloudCracker | CloudCracker is the online password cracking tool for cracking WPA protected wi-fi networks. This tool can also be used to crack different password hashes. | How to use CloudCracker |
| Wifite | This tool is fantastic and being able to attack multiple WEP, WPA, and WPS encrypted networks in a row. It’s fast becoming the industry’s favorite WiFi Hacking Tool for Pentesters. | How to use Wifite |
| KisMAC | KisMac is tool very much similar to Kismet. It offers features similar to Kismet and is used as wireless network discovery hacking tool.This tool is only available for Mac. It scans for networks passively only on supported wireless cards and then try to crack WEP and WPA keys by using brute force or exploiting any flaw. | How to use KisMAC |
| NetStumbler | NetStumbler is a popular Windows tool to find open wireless access points. This tool is free and is available for Windows. A trimmed down version of the tool is also available. It is called MiniStumbler. Basically NetStumblet is used for wardriving, verifying network configurations, finding locations with a poor network, detecting unauthorized access points, | How to use NetStumbler |
| Wifiphisher | Wifiphisher is a tool designed to perform man-in-the-middle attacks by exploiting Wi-Fi association. By convincing wireless users to connect to the rogue access point, Wifiphisher provides an attacker with the ability to intercept and monitor or modify their wireless traffic. | How to use Wifiphisher |
| inSSIDer | inSSIDer is a popular Wi-Fi scanner for Microsoft Windows and OS X operating systems. The inSSIDer wi-fi scanner can do various tasks, including finding open Wi-Fi access points, tracking signal strength and saving logs with GPS records. | How to use inSSIDer |
| CoWPAtty | CoWPAtty is an automated dictionary attack tool for WPA-PSK. It runs on Linux OS. This program has a command-line interface and runs on a word list that contains the password to use in the attack. | How to use CoWPAtty |
| AirSnort | AirSnort is free WiFi hacking software that captures the packets and tries to decrypt the keys. The monitoring is done in promiscuous mode and records enough packets to reliably decrypt the key. It is a simple tool and supports both Windows and Linux platforms. | How to use AirSnort |
| Fern Wifi Cracker | Fern WiFi Cracker is a python based tool that can be used for WEP/WPA/WPA2 cracking, session hijacking, ARP request replays, and performing brute force attacks. It is able to save the key in the database on a successful attack. It is compatible with various Linux OS and can also be run on Windows 10 using virtualization. | How to use Fern Wifi Cracker |
| OmniPeek | OmniPeek is a packet sniffer and a protocol analyzer tool. Developed by Savvis organization, It is available only for the Windows platform. The tool has a lot to offer if you have an understanding of the protocols. | How to use OmniPeek |
| Airgeddon | Airgeddon is one of the latest and advanced wireless hacking tools. Similar to other hacking solutions it is capable of switching your interface mode from “Monitor” to “Managed”. Its core purpose is to audit wireless networks by using multi-use bash scripts for Linux systems. | How to use Airgeddon |
| Yersinia | Yersinia is an open-source wireless hacking software designed for Unix-like operating systems. This tool is capable of detecting susceptibilities in Layer 2 network protocols. It is a powerful tool for analyzing and testing the deployed wifi networks. | How to use Yersinia |
| Reaver | Reaver is an open-source password-cracking tool. It performs a brute-force attack against WPS to break the security of Wi-Fi networks.Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. | How to use Reaver |
Pen Testing
Black Box
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Netsparker | A common automated web program for black box and all penetration testing is the Netsparker Security Scanner. From cross-site scripting to SQL injection, the program can recognize anything from This tool can be used by developers on blogs , online servers, and web apps. | How Netsparker Can Help |
| Wireshark | Once known as Ethereal 0.2.0, with 600 contributors, Wireshark is an award-winning network analyzer. You can do BlackBox pen testing with wireshark easily. The tool is open-source and is available for Windows, Solaris, FreeBSD, and Debian, among other platforms. | Black Box Network Penetration Testing Walkthrough |
| Metasploit framework | The architecture for Metasploit is structured into modules. Exploit is the first sort of module. To take advantage of device vulnerabilities, Exploit modules are built. Buffer overload, program exploits and insertion of code are examples. Auxiliary modules carry out acts that do not take advantage of vulnerabilities explicitly. | Introduction to Penetration Testing & Metasploit With Windows |
| Selenium | One of the well-known and popular tools among the testers is Selenium. It is an open-source tool that helps with browser automation. Selenium eases the pain to check whether an application works fine across the browsers and various versions. | The Selenium Browser Automation Project |
| Appium | Selenium doesn’t suffice mobile app testing, and thus Appium is present. It acts as a sweet companion to help extensive mobile testing. Appium works for cross platforms like iOS and Android. | Getting Started Appium |
| Acunetix | Acunetix is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS.It complements the role of a penetration tester by automating tasks that can take hours to test manually, delivering accurate results with no false positives at top speed. | How to perform security testing using Acunetix |
| Hackerone | Hackerone is one of the top security testing platforms. It can find and fix critical vulnerabilities. More and more Fortune 500 and Forbes Global 1000 companies choose HackerOne as it provides fast on-demand delivery. You can get started in just 7 days and get results in 4 weeks. | From beginner to submitting 5 reports to HackerOne |
| Intruder | Intruder is a powerful vulnerability scanner that finds cybersecurity weaknesses in your digital estate, and explains the risks & helps with their remediation before a breach can occur. It is the perfect tool to help automate your penetration testing efforts. | Intruder Pricing, Features, Reviews & Comparison of Alternatives |
| Core Impact | Core impact: With over 20 years in the market, Core Impact claims the largest range of exploits available in the market, they also let you run the free Metasploit exploits within their framework if they are missing one. They automate a lot of processes with wizards, have a complete audit trail including PowerShell commands, and can re-test a client simply by re-playing the audit trail. | Core Impact Tutorial |
| NMAP | This tool is used primarily for discovering just about kind of weaknesses or holes in the network environment of a business or a corporation. It can also be used for auditing purposes as well. NMAP can take the raw data packets.This tool can be used at any stage of the Pen Testing process, and even has built in scripting features available to help automate any testing process. | How to Scan Your Network Using Nmap |
| W3af | This Pen Testing suite has been created by the software developers at Metasploit, and its main purpose is to find, ascertain, and exploit any Security weaknesses or holes in Web based applications. The results of the Pen Test are displayed in both easy to understand graphical and text based formats. | W3af walkthrough and tutorial |
| Ettercap | The Ettercap suite is designed to prevent man in the middle attacks. Using this application, you will be able to build the packets you want and perform specific tasks. The software can send invalid frames and complete techniques which are more difficult through other options. | Ettercap and middle-attacks tutorial |
| Indusface WAS | Indusface WAS provides both manual Penetration testing bundled with its own automated web application vulnerability scanner that detects and reports vulnerabilities based on OWASP top 10 and also includes a Website reputation check of links, malware and defacement checks of the website in every scan. | How To Perform Web Application Security Testing Using AppTrana |
| IBM (formerly Watchfire and Santum) Appscan | IBM Security AppScan, previously known as IBM Rational AppScan, is a family of web security testing and monitoring tools from the Rational Software division of IBM. AppScan is intended to test Web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. The product learns the behavior of each application, whether an off-the-shelf application or internally developed, and develops a program intended to test all of its functions for both common and application-specific vulnerabilities. | How to use IBM Security AppScan |
| Ranorex | Ranorex Ranorex Studio is a commercial Windows platform that provides testing for desktop, web, and mobile applications. It was launched in 2007 by Ranorex GmbH, an Austria-based software development firm.Ranorex does not require any additional scripting programs. It is built on the Microsoft.NET platform. Ranorex is compatible with the industry-standard programming languages C# and VB.NET, allowing for the editing of recordings and the creation of custom tests. | How To use Ranorex |
| Nessus | An open-source online vulnerability and configuration scanner for IT infrastructure.Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer connected to a network. | How To use Nessus |
White Box
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Veracode | Veracode’s white box testing tools will help you in identifying and resolving the software flaws quickly and easily at a reduced cost. It supports several application languages like .NET, C++, JAVA etc and also enables you to test the security of desktop, web as well as mobile applications. | Getting Started to use Veracode |
| EclEmma | EclEmma was initially designed for test runs and analysis within the Eclipse workbench. It is considered to be a free Java code coverage tool and has several features as well. | Getting Started to use EclEmma |
| RCUNIT | A framework which is used for testing C programs is known as RCUNIT. RCUNIT can be used accordingly based on the terms of the MIT License. RCUNIT is a small framework for testing C programs. It uses non-local jumps to emulate exceptions and handles program terminating signals (e.g. SIGILL) during test runs. RCUNIT allows creation of test fixtures, either per test or per test group. | Getting Started to use RCUNIT |
| cfix | cfix is one of the unit testing frameworks for C/C++ which solely aims at making test suites development as simple and easy as possible. Meanwhile, cfix is typically specialized for NT Kernel mode and Win32. | Getting Started to use cfix |
| NUnit | NUnit is a unit-testing framework for all .Net languages. Initially ported from JUnit, the current production release, version 3, has been completely rewritten with many new features and support for a wide range of .NET platforms. | Getting Started to use NUnit |
SQL Injection
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| SQLmap | SQLMap is the open source SQL injection tool and most popular among all SQL injection tools available. This tool makes it easy to exploit the SQL injection vulnerability of a web application and take over the database server. It comes with a powerful detection engine which can easily detect most of the SQL injection related vulnerabilities. | SQLmap Tutorial |
| SQLninja | SQLninja is a SQL injection tool that exploits web applications that use a SQL server as a database server. This tool may not find the injection place at first. But if it is discovered, it can easily automate the exploitation process and extract the information from the database server. | Sqlninja user manual |
| whitewidow | Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, ability to launch sqlmap from the program, and a fun environment. | whitewidow user manual |
| SQLSus | SQLSus is another open source SQL injection tool and is basically a MySQL injection and takeover tool. This tool is written in Perl and you can extend the functions by adding your own codes. This tool offers a command interface which lets you inject your own SQL queries and perform SQL injection attacks. | SQLsus – MySql Injection Tutorial |
| explo | explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable format. | Telekom-security-explo Tutorial |
| SQLSus | SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. | SQLsus – MySql Injection Tutorial |
| NoSQLMap | t NoSQLMap — a tool that is designed to find and exploit various NoSQL vulnerabilities. NoSQLMap is largely oriented towards testing MongoDB and CouchDB, but support for other NoSQL databases such as Redis and Cassandra is planned for future releases. | NoSQLMap – MySql Injection Tutorial |
| Blisqy | Blisqy is a tool to aid Web Security researchers to find Time-based Blind SQL injection on HTTP Headers and also exploitation of the same vulnerability.The exploitation enables slow data siphon from a database (currently supports MySQL/MariaDB only) using bitwise operation on printable ASCII characters, via a blind-SQL injection. For interoperability with other Python tools and to enable other users utilise the features provided in Blisqy, the modules herein can be imported into other Python based scripts. | Blisqy Injection Documentation |
| BBQSQL | BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast. | BBQSQL Package Documentation |
| Mole | Mole, often known as (The Mole), is a free automatic SQL injection tool. This is a Sourceforge-hosted open source project. All you have to do now is discover the vulnerable URL and enter it into the program. Using Union-based or Boolean-based query techniques, this program can discover the vulnerability from the given URL. Although this utility has a command line interface, it is simple to use. Auto-completion is available for both commands and command arguments. As a result, this tool is simple to use. | Mole Documentation |
| Safe3 SQL Injector | Another strong but simple to use SQL injection tool is Safe3 SQL Injector. It, like other SQL injection tools, automates the SQL injection process and aids attackers in exploiting the SQL injection vulnerability to obtain access to a remote SQL server. It features a strong AI engine that can quickly identify the database server, injection type, and the best strategy to exploit the flaw. | Safe3 Package Documentation |
| BSQL Hacker | BSQL Hacker is a useful SQL injection tool for performing SQL injection attacks on online sites. This solution is for individuals who need a SQL injection tool that works automatically. It's designed specifically for blind SQL injection. This program is quick and uses a multi-threaded approach to provide better and faster results. | BSQL Hacker Download |
| jSQL Injection | Java Tool For Automatic SQL Database Injection. A lightweight application used to find database information from a distant server. It is free, open source and cross-platform. | How to use jSQL Injection |
DDOS Attacks
Volume-based Attacks
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| LOIC | Low Orbit Ion Cannon (LOIC) is a widely available, open-source application developed by Praetox Technologies used for network stress testing, as well as denial of service (DoS) and distributed denial of service (DDoS) attacks.It works by flooding a target server with TCP, UDP, or HTTP packets with the goal of disrupting service. | Guide to use LOIC |
| SYN flood | LA SYN Flood is analogous to a worker in a supply room receiving requests from the front of the store.The worker receives a request, goes and gets the package, and waits for confirmation before bringing the package out front. The worker then gets many more package requests without confirmation until they can’t carry any more packages, become overwhelmed, and requests start going unanswered. | Guide to use SYN flood |
Protocol Attacks
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| aSYNCrone | aSYNCrone is a tool fro making TCP SYN Flooding attack. A denial-of - service attack that exploits the three-way handshake used by TCP / IP to create a link is SYN flooding. Basically, by generating several half-open links, SYN flooding disables a targeted scheme. | How To Perform TCP SYN Flood DOS Attack using Kali Linux |
| HULK | HULK stands for HTTP Unbearable Load King. It is a DoS attack tool for the web server. It is created for research purposes. This tool targeted for stress testing and may really down badly configured server or badly made app. | How to use HULK |
| Arbor Edge Defense | Arbor Edge Defense (AED) is an inline security appliance deployed at the network perimeter (i.e. between the internet router and firewall). AED’s unique position on the network edge, its stateless packet processing engine and the continuous reputation-based threat intelligence it receives from NETSCOUT’s ATLAS Threat Intelligence feed enable it to automatically detect and stop both inbound threats and outbound communication from internal compromised hosts – essentially acting as the first and last line of defense for organizations. | |
| Best Practices Using Arbor Edge Defense | ||
| XOIC | XOIC is another nice DoS attacking tool. It performs a DoS attack an any server with an IP address, a user-selected port, and a user-selected protocol. In many ways, XOIC's developers claim, XOIC is more powerful than LOIC. It, like LOIC, has a user-friendly interface, so even a novice can use it to launch attacks against other websites or servers. | XOIC DDoS tool download |
Application Layer Attacks
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Slowloris | Slowloris is basically an HTTP Denial of Service attack that affects threaded servers.This exhausts the servers thread pool and the server can't reply to other people. | Performing a genuine slowloris attack |
| RUDY | RUDY stands for R-U-Dead-Yet. This tool makes the attack using a long form field submission through POST method.It works at a very slow rate, hence it is time-consuming. Because of the slow rate, it can be detected as abnormal and can get blocked. | R-u-dead-yet |
External Penetration Testing
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Nmap | Nmap is the most popular method for network mapping in the world. It helps you to discover active hosts within any network and to gain other knowledge related to penetration testing (such as open ports). | Penetration Testing for Beginners: Nmap |
| NetCat | Netcat is a network discovery program that is common in the fields of network and device management, not just for those in the security industry. | How to use netcat (nc), ncat - Ethical hacking and penetration |
| Unicornscan | Registered under a GPL license, Unicornscan is one of the best methods used for capturing information and correlating data. It provides advanced asynchronous scanning functionality for TCP and UDP, together with very helpful patterns of network exploration that will help you identify remote hosts. It will even disclose information about the program that each of them is using. | Unicorn - Downgrade Attack & Inject Shellcode Into Memory |
Social Engineering
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| social-engineer-toolkit | The Social-Engineer Toolkit (SET) is a social engineering open-source penetration testing platform. In a fraction of time, SET has a variety of custom attack vectors that allow you to make a credible attack. This kinds of instruments use human actions to lure the attack vectors into them. | Let’s learn how to use the Social Engineer Toolkit. |
| Watering hole | A watering hole attack involves launching or downloading malicious code from a legitimate website, which is commonly visited by the targets of the attack. For example, attackers might compromise a financial industry news site, knowing that individuals who work in finance and thus represent an attractive target, are likely to visit this site. The compromised site typically installs a backdoor trojan that allows the attacker to compromise and remotely control the victim’s device.. | infecting websites with malware that the targeted victims were likely to visit. |
| Maltego toolkit | Maltego is an OSINT (open-source intelligence) analysis tool that visualizes the relationships between various pieces of information. Maltego enables you to discover associations between people and other types of information assets, such as email addresses, social profiles, screen names, and other identifiers that connect a person to a service or organization. | Tutorial for Maltego - Automated Information Gathering. |
Password Hacking
Dictionary Attack
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Hydra | Hydra is a parallelized network logon cracker. Hydra works by using different approaches of generating possible passwords, such as wordlist attacks, brute-force attacks and others. | Brute force attack with Hydra |
| Medusa | Medusa is an online password-cracking tool similar to THC Hydra. It claims to be a speedy parallel, modular and login brute-forcing tool. It supports HTTP, FTP, CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin, SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet | Medusa Parallel Network Login Auditor |
| Pydictor | Pydictor is one other great dictionary hacking powerful tool. When it comes to long and password strength tests, it can astonish both novices and professionals. It’s a tool that attackers can’t dispense in their armory. Besides, it has a surplus of features that enable you to enjoy really a strong performance under any testing situation. | Basic Guide for Pydictor |
| CrackStation | CrackStation is a free online service for password hash cracking. This technique is a variation of the Dictionary Attack that contains both dictionary words and passwords from public password dumps. The service cracks password hashes by using pre-computed lookup tables consisting of over 15-billion entries that have been extracted from various online resources. | Basic Guide for crackstation |
| Ophcrack | Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. | How to Use Ophcrack - YouTube |
| Cain and Abel | OCain and Abel (often abbreviated to Cain) was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.Cryptanalysis attacks were done via rainbow tables which could be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel was maintained by Massimiliano Montoro and Sean Babcock. | How to Use Cain and Abel - YouTube |
| Aircrack-ng | Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic | How to Use Aircrack-ng - YouTube |
| L0phtCrack | L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. | How to Use L0phtCrack |
Brute-Force Attack
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| aircrack-ng | Aircrack-ng is a complete suite of tools to assess WiFi network security. All tools are command line which allows for heavy scripting.A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X,FreeBSD,OpenBSD,NetBSD as well as Solaris and even eComStation2. | How to use aircrack-ng |
| John the Ripper | John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types. | Brute force attack with John the Ripper |
| L0phtCrack | L0phtCrack is a password audit and recovery program originally developed by Mudge from L0pht Heavy Industries. Using dictionaries, brute-force, hybrid attacks, and rainbow tables, it is used to test password strength and also to recover missing Microsoft Windows passwords. | Quick Start with the L0phtCrack 7 |
| Rainbowcrack | RainbowCrack is a computer program that creates a rainbow table that can be used to crack a password. RainbowCrack differs from "conventional" brute force crackers in that it uses huge pre-computed tables called rainbow tables to reduce the time required to crack a password significantly. | Brute force attack with Rainbowcrack |
| Dirsearch | Dirsearch is an advanced brute force tool based on a command line. It’s an AKA web path scanner and can brute force directories and files in webservers.Dirsearch recently becomes part of the official Kali Linux packages, but it also runs on Windows, Linux, and macOS. It’s written in Python to be easily compatible with existing projects and scripts.It’s also much faster than the traditional DIRB tool and contains many more features. | Brute force attack with Dirsearch |
| Mask attack | By incorporating part of the password that a hacker already knows in the attack, a mask attack minimizes the burden of a brute force attack. If a hacker knows your password is 10 characters long, for example, they can narrow down the assault to only those passwords. Mask attacks can be used to filter passwords based on specific words, numbers within a specified range, the user's preferred special characters, or any other password features the hacker is confident in. If any of your data is exposed, you become more vulnerable to a full-fledged data breach. | Hachcat Mask Attack Tutorial |
| Gobuster | Gobuster is one of the most powerful and speed brute-force tools that doesn’t need a runtime. It uses a directory scanner programmed by Go language; it’s faster and more flexible than interpreted script. | Gobuster simple guide by null-byte |
Hybrid Dictionary Attack
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| hashcat | Hashcat, which supports five separate attack modes for over 200 highly optimized hashing algorithms, is the world's best and most advanced password recovery utility. Hashcat currently supports Linux, Windows, and OSX CPUs, GPUs, and other hardware accelerators, and has facilities to allow distributed password cracking. | How to use HashCat |
| windows_password_recovery_hybrid_dictionary_attack | Windows Password Recovery distribution kit comes with extended sets of password mutation rules:
|
Tutorial in passcape official website |
Rainbow Tables
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Ophcrack | Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. | How to Use Ophcrack |
| RainbowCrack | RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables. | How to Use RainbowCrack |
TCP/IP Hijacking
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| Ettercap | Ettercap is a comprehensive suite for man in the middle attacks.It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. | Ettercap user mannual |
| Morpheus | Morpheus it's a Man-In-The-Middle (mitm) suite that allows users to manipulate tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications. But this tool main objective its not to provide an easy way to exploit/sniff targets, but ratter a call of attemption to tcp/udp manipulations technics (etter filters). | What is TCP/IP Hijacking? |
Trojan Attacks
| Tool | Description | Example / Tutorial (link) |
|---|---|---|
| trojan-banker | Trojan-Banker applications are designed to steal information from consumer accounts linked to internet banking, e-payment and plastic card schemes. | How to create Undetectable Trojan Using a Domain Name |
| metasploit | Metasploit is a program that is pre-installed on all Kali Linux devices that allows you to produce custom payloads from the victim's device that will connect back to your device. The payload is our RAT in this situation. A hacker will build a payload using metasploit, save it to a file, and trick some innocent user by social engineering into clicking on it. | How to Create a Trojan Virus in Kali Linux |
| ArcBombs | These Trojans represent special archives that are designed to behave abnormally when users try to unpack them. ArcBomb archives either freeze or seriously slow the system. Malicious archives use different techniques to achieve their goal. They may use malcrafted headers or corrupt data that lead to a malfunction of an archiver or an unpacking algorithm. They may also contain a heavyweight object that consists of identical, repeating data that can be packed into a small archive. For example, 10 GB of data is packed into a 400 KB archive. | TROJAN-ARCBOMB |
What is Buffer Overflow Attack?
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
Attackers exploit buffer overflow issues by overwriting the memory of an application. This changes the execution path of the program, triggering a response that damages files or exposes private information. For example, an attacker may introduce extra code, sending new instructions to the application to gain access to IT systems.
Contributors ✨
Thanks goes to these wonderful people (emoji key):
