Ethical Hacking Tools - What Every Noob Should Learn

Internally, we have a motto for all new hires and testers who join the team - “Don’t get left behind.”

As time elapses, so does technology.  What may be the latest and greatest today will always be replaced by something better (sometimes). But some tools are mandatory learning and have been around since the beginning.  So, what ethical hacking tools should you be well versed in as a noob, or an aspiring noob with an interest in information security?  Just about all of them as every penetration test and tester have different goals and/or objectives.  Below is a short list of common ethical hacking tools every aspiring IT folk should be familiar with.

NMAP

Most, if not all, information technology folks should have heard of and/or used a version of NMAP, the holy grail of network mapping and auditing tools.  NMAP is an open-sourced, freely available tool that runs on most OS flavors including Microsoft Windows!  No excuses, the developers even made it GUI based for those of you who cannot stand a terminal screen, complete with your choice of font and colors, that you manually type your commands out.  Yes, the color-coded terminals make you look cooler, but if that is not your cup of tea, the Zenmap GUI help guides you on how to run your custom scans via a drop-down and/or checkbox selection for the IP address(es) in range.  NMAP is just more than what meets the eye, check out the NMAP scripts, they will transform your penetration test.  As is, NMAP may just do about everything and anything, and yes, it can be dangerous.

For more information regarding NMAP, visit https://nmap.org/

Disclaimer:  Obtain permission before performing or attempting any type of scans against public-facing or external IP addresses, even if you do have the best intentions in mind, or even if you’re testing against a domain you own, or your company owns.  Internet Service Providers, web hosting companies and law enforcement don’t always respond well to “good intentions”.

 Wireshark

Wireshark is another network tool that’s free and open source for all OS platforms.  It is common to Information Technology folks with a networking background, but you may be wondering why Wireshark for ethical hacking?  Before I attempt to shed light on that question, first let us define what Wireshark is for those who may not know.  Wireshark is a packet analyzer commonly used for network troubleshooting as well as analyzing client/software communications.  It captures network traffic (i.e. packets) as they traverse the network from one system to another.  Now that we have a better understanding of what Wireshark is, let’s attempt to answer that earlier question - Wireshark for ethical hacking?  Why not?  How is that for an answer?  Seriously now, with all kidding aside, setting up Wireshark is easy.  Just download, install, ensure you have a hardwire connection to your network, and go start listening to all your network traffic and even capture them and save it off to a file for viewing at a later time.  When starting to dig through your packet capture, you may be surprised at what flies through your network unencrypted and in plain-text format.  A simple way to filter through your network traffic is to use http.request.method==”POST”.  Take a gander after running Wireshark for a couple hours.  If packet capture storage space is not an issue, consider running a capture for the day.

For more information regarding Wireshark, visit https://www.wireshark.org/

Disclaimer:  Obtain permission before performing any type of packet capturing.  Network sniffing as it’s more commonly called is often considered unauthorized behavior in some companies.  Simply having Wireshark downloaded or installed may land you in hot water as well.

 Burp Suite (free edition)

Burp Suite Community Edition (Free), is a web application security scanner with limited (community edition) options, but it’s loaded with a handful of manual tools/options for testing.  For noobs, Burp Suite Community edition would be a fantastic starting point on how to configure proxies, capture your HTTP/HTTPS traffic for your web browser and/or applications, spider/crawl website, passive/active scan websites, manipulate header/body data and view how your data is being passed from client to server/services,  or for just performing a point and click scan for a quick vulnerability assessment.  There is plenty of online material, books, and videos about how to use Burp Suite.  Bear in mind, Burp Suite could be a passive tool and/or a very loud tool that an IDS/IPS will catch depending on your behavior.   For optimal results, the Pro edition can be purchased that enables other functions and features necessary for web application testing.  The benefit is that the Pro edition can be had relatively cheaply, less than $500 for a license.

Free online training for Burp Suite provided - https://hackademy.aetherlab.net/p/burp-suite

For more information on Burp Suite, https://portswigger.net/

Disclaimer:  Please use Burp Suite against internal web applications you own, or obtain permission prior to testing elsewhere.

Nikto

Nikto is an open source, free, automated web server vulnerability scanner – starting to see a trend yet? But in my opinion, it’s a fantastic information gathering tool.  Nikto is packed with many options such as authenticated scans, CGI scans, directory scanner, URL/IP lookup, web crawler and much more.  These features are well documented within Nikto’s site located in the link below.  Bear in mind, Nikto is a very loud tool, so you may not be flying under the radar and slowed down or halted by an IDS/IPS.  Do not worry, at the end of the Nikto scan, it will tell you how many requests were made and how many were reported to the external server you ran the scan against.

Nikto itself is easy to use on Kali Linux (It is a pre-installed tool within Kali – Kali Linux is a free penetration testing operating system that is the gold standard used in the industry). Simply pass the following syntax via command line filling in the variables:

nikto -h (domain or IP) -p (port # the web service is running) -o (output .xml or .txt)

For more information on Nikto visit - https://cirt.net/nikto2-docs/

Disclaimer:  Obtain permission before performing any of web services scanning.

 Firefox

A web browser?  Yes, a web browser indeed that has plenty of options and add-ons to make ethical hacking a bit easier whether it is a network or application testing.  Here are a few samples why:

-          Foxy Proxy

o   A simple, free, Firefox add-on that directs your Firefox internet traffic to a proxy setting you have configured.  This takes the work out of always having to configure your browser with just a flip of a switch.

-          Cookie Manager

o   An extension add-on that allows you to view, edit, delete and even search for cookies within a web application.  Also, if your needing to copy and paste session cookies, this tool does it for you as well, even in .json format or text.

-          User-Agent Switcher

o   This extension will come in handy when testing a legacy application or even a mobile supported browser.  After selecting your options, you can copy the user agent string and plug that into other tools as well.

-          Retire.js

o   Scan websites for vulnerable JavaScript libraries.  This extension provides the name of the vulnerable JavaScript file, the version, and references with links of the vulnerability in greater detail.

Firefox offers a wide variety of security add-ons as well as configuring Firefox’s security settings to accept vulnerable websites that other browsers purposely block.

Firefox pen testing add-ons: https://addons.mozilla.org/en-us/firefox/tag/pentest

Disclaimer:  Obtain permission before performing any type of scanning even if you do have the best intentions in mind.  These add-ons are not made for hacking but aid in the efforts. 

Note:  If you can, avoid using Firefox Quantum for testing as not all plug-ins or add-ons are supported

SSLSCAN

Unsure what SSL services you have in your environment or even externally facing?  SSLScan is a free tool, native on Kali Linux, that performs a wide variety of SSL protocol checks.  Unsure what to check for?  No problem, SSLScan could check all ciphers, protocols, key strengths and much more and report all that are safe and unsafe services.  SSLScan is perfect for mitigation purposes as well for self-checks.  Some key vulnerabilities that SSLScan checks for are: Heartbleed, SSLV2, SSLV3, low bit ciphers, unsupported ciphers as well as certificates. 

Give it a try with the following syntax within a Kali instance:

sslscan domain/IP:port#

For more information on SSLScan and its options, check out https://github.com/DinoTools/sslscan

 Disclaimer:  Obtain permission before performing any type of scanning even if you do have the best intentions in mind.

 DirBuster

So, you hid some directories and application pages thinking you’d be clever and avoid attack that way?  Are you sure they cannot be found?  Like Pokémon, you gotta catch them all!  Unsure now?  Well DirBuster may be able to help you and your developers out.  DirBuster is a fantastic tool that searches for hidden pages and directories on a web server that are commonly known, and you can even add to that list to tailor it to your specification.  DirBuster is not the quickest tool in the bunch, but hey, hackers have all the time to look for your vulnerabilities, so slow is purely relative!  DirBuster is GUI based and straight-forward, enter the target’s details and view the results as they come across.

For more information on DirBuster, check out, https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

Disclaimer:  Obtain permission before performing any type of scanning even if you do have the best intentions in mind.

Final Thoughts (just like Jerry Springer)

There are plenty of tools out there, some old, some new, some that may never fail you.  This short list of tools is geared to educate noobs and even seasoned IT folks who love to dabble around.  These tools are fantastic for information gathering, for pre-exploitation, or for just performing self-checks where you may be vulnerable.  Use them to help pinpoint where you could self-improve, or even help educate yourself or others on remediation efforts.

Remember, “Don’t get left behind.”

Interested in our services and what we have to offer? Check us out at - https://www.emagined.com/

Have any questions, concerns or need further information, just let us know – ish@emagined.com or info@emagined.com

Ten Windows 10 Tools Attackers Know That You Probably Should

Does Your Last Penetration Test Have You Seeing Red?

0