Update: Part 2 of this series has released a shell script that automates the installation process of these tools on Ubuntu.

Interested in security? Well, here’s a list of nice hacking tools for Linux (no Windows support, sorry) for all you budding hackers out there (see this article from University of Utah on Hackers vs. Crackers).

The best way to learn about hacking is to learn by doing: download some existing tools, play with them, and get to know them well. If you can, look them up on Google or Wikipedia to see what makes them tick if you want to see their internals (I’d recommend this for people with some form of programming experience).

Coming up in part 2 will be a convenient shell script for Ubuntu and its derivatives to install the programs listed here. Note that if you choose to use this on pure Debian, some programs may not be installed as they might not be in the repositories. And without further ado, the list is as follows:

Core:

  • bum
    • Boot-Up Manager is a program which allows you to tweak startup services on your system.
  • firestarter
    • An iptables program for advanced firewalling.
  • ipcalc
    • IP address, broadcast, Cisco mask, and host range calculator. Very handy.
  • p7zip-full
    • Allows you to extract 7-Zip archives.
  • startupmanager
    • A utility which lets you configure grub and boot splash screens.
  • todos/fromdos (tofrodos)
    • Convert text files from DOS format to UNIX format, and vice versa by using the commands “fromdos” and “todos”.
  • unp
    • General Perl-based extraction tool.
  • unrar
    • Extract .rar archives.
  • unzip
    • Extract .zip archives.
  • uuencode/uudecode
    • Prepares a file for transmission over a network, but mangles the bits for secure transfer over the uucp mail system.
  • xclip
    • Command-line clipboard manager.
  • xinetd
    • An extended and more secure version of the original inetd (InterNET Daemon) with extra features.
  • zip
    • Create .zip archives.

Libraries:

  • build-essential
    • Necessary for compiling most programs with GCC.
  • dpkg-dev
    • Development tools to unpack, build, and upload .deb packages.
  • fakeroot
    • A library which gives applications a fake root environment to operate in.
  • g++
    • Extension for GCC for compiling C++ programs (version 4.4).
  • gcc
    • The best, most extensible, and most popular free software compiler on the planet.
  • libpcap
    • A popular library which provides a flexible API for network-related activities (used in tools like Nmap and Aircrack-ng).
  • libssl
    • Library which contains headers for the common OpenSSL encryption framework.
  • libregistry0
    • SAMBA based library which enables UNIX systems to read and understand the Win32 registry.
  • openssh-blacklist
    • Library of blacklisted dangerous and/or vulnerable SSH keys for OpenSSH.
  • openssh-blacklist-extra
    • An extension for the OpenSSH Blacklist library.
  • patch
    • A program that can apply updates encapsulated in diff files to the original file.

Basics:

  • apf-client
    • An SSL-enabled client for port forwarding.
  • iptables
    • Versatile IP packet/address manipulation tool. Can be used to build a makeshift firewall or just for manipulating ports.
  • openssh-client
    • Well-known OpenSSH remote login client.
  • putty
    • Flexible Telnet/SSH client for X-based systems. Install “putty-tools” to give extra command-line features.
  • telnet-ssl (telnet)
    • An SSL-enabled telnet client. Command is still “telnet”, conveniently.
  • traceroute
    • Classic UNIX tool that traces the route that IPv4/6 packets are taking (where they came from and where they’re going).
  • vinagre
    • Remote desktop client for GNOME, which supports VNC and SSH.
  • vpnc
    • Cisco VPN remote login client. Install “network-manager-vpnc-gnome” plugin to get a GUI frontend.

Tunneling:

  • corkscrew
    • Tunnels TCP connections securely via HTTP proxying.
  • cryptcat
    • Twofish-encrypted version of netcat.
  • netcat (OpenBSD rewrite)
    • The first and best tunneling tool ever, been around since 1995! Well, not exactly, as this version was rewritten by the OpenBSD developers. 🙂
  • netread/netwrite (netrw)
    • Netcat-like tool with networked file transfer features.
  • socat
    • Yet another netcat clone, but with many nice, modernized features.
  • stunnel4
    • Allows you to connect to various servers like HTTP/FTP/POP2/POP3/etc. but over a secure SSL channel.
  • udptunnel
    • A small program which lets you tunnel UDP packets over a TCP/IP connection.

Scanning:

  • hping3
    • A feature-packed ping clone on steroids.
  • nmap
    • Very popular port-scanning/network exploration tool.
  • tcptraceroute
    • Clone of the classic “traceroute” tool, but better geared towards firewall evasion.
  • sslscan
    • Queries open SSL services and outputs ciphers supported on that system. Useful if you need to know what password algorithm a server is using so you will know which pass cracker to use.
  • xprobe2
    • A tad noisier clone of p0f, but with spoofing, firewall protection, and more features to compensate.
  • zenmap
    • Graphical GTK+ frontend for nmap.

Passive Scanning:

  • p0f
    • Fingerprints remote hosts to find out their OS.
  • pads
    • Passively detects remote hosts and their assets.

Sniffing:

  • dsniff
    • Cleartext detection and exploitation toolbox for finding unencrypted passwords on a network.
  • ettercap
    • Popular sniffer and man-in-the-middle tool. You can also install ettercap-gtk frontend for a GUI, if you like.
  • flowscan
    • Monitors and graphs real-time network activity.
  • fprobe
    • Probes the network and collects data and outputs it as a NetFlow.
  • ngrep
    • A grep clone… but for the network!
  • ssldump
    • Network activity SSL decryption program. Based on tcpdump.
  • tcpdump
    • Famous libpcap-based program which dumps all network activity to your terminal or to a file.
  • tcpreplay
    • Replays real background traffic in order to hide tcpdump activity.
  • tcpslice
    • Extracts segments of and/or pastes together tcpdump packet-trace files.
  • tcptrace
    • Tool which helps glean useful information, lays out, and organizes tcpdump output for easier analysis.

Network Monitoring:

  • darkstat
    • Sniffs packets and outputs statistical info to a web browser. It’s considered an alternative to  the ntop system.
  • ntop
    • A clone of “top”, but for networks! Visually displays all network activity. Includes command line application and Web interface.
  • tcpflow
    • Records data flows on a network.
  • tcpspy
    • Stealthy incoming/outgoing TCP/IP activity logger.
  • tshark
    • Command-line version of Wireshark.
  • wireshark
    • Formerly named “Ethereal” until a copyright dispute, this tool captures incoming/outgoing packets for each port and allows you to log, dump, and analyze them.

Password Cracking:

  • aircrack-ng
    • A suite of WEP/WPA access point password cracking tools.
  • john
    • “John the Ripper”, a powerful general-purpose password cracker.
  • medusa
    • A remote login brute-force password cracker.

Penetration Testing:

Protection:

  • bleachbit
    • Cleans sensitive/private data (frees up lots of disk space, too).
  • snort
    • Everyone’s favorite IDS (Intrusion Detection System)!

MS Windows Manipulation:

  • chntpw (aka ntpasswd)
    • Recovers Win32 passwords from SAM registry hives.
  • registry-tools
    • Edit local or remote Win32 machines’ registry.
  • reglookup
    • Read and query local or remote Win32 machines’ registry.

Extraction:

  • cabextract
    • Enables you to extract Micrsoft CAB archives.
  • fcrackzip
    • Crack password-protected .zip archives.
  • orange
    • Extracts .cab files from Microsoft Windows self-extracting installers.

Web/P2P Snarfing:

  • apt-p2p
    • Downloads .deb packages via APT-P2P connections.
  • nikto
    • Web/CGI server security scanning tool.
  • curl
    • Advanced wget-like tool with more features.
  • snarf
    • Yet another wget clone, but with pause/resume, HTTP/FTP authentication, and redirects.
  • wget
    • GNU utility to grab files from a remote host.
  • wput
    • Tiny client that imitates wget, except for one thing: it uploads files to FTP. Supports proxies and custom bandwidth speed limits.

Pretty long, right? Now that you have this list, keep a copy of it handy if you wish to Google these tools and/or use as a reference to install it to a non-Ubuntu distro. If you are interested in network security, penetration testing and the like and you want to learn some hacking techniques and do hands-on experiments, I’d recommend you’d read this print source and this web source.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s