Hacking Tools
 |
| Hacking Tools |
Know the personal and technical limitations. Many security-assessment tools generate false positives and negatives (incorrectly identifying vulnerabilities). Others may miss vulnerabilities. If you're performing tests such as social engineering or physical-security assessments, you may miss weaknesses.
Hacking Tools
Many Hacking tools focus on specific tests, but no one tool can test for everything. For the same reason that you would't drive in a nail with a screwdriver, you shouldn't use a word processor to scan your network for open ports. This is why need a set of specific tools that you can call on for the task at hand. The more tools you have, the easier your ethical hacking efforts are.Make sure you that you're using the right tool for the task:
- To crack passwords, you need a cracking tool such as LC4, john the ripper, or pwdump.
A general port scanner, such a SuperScan, may not crack passwords.
- For an in-depth analysis of a Web application, a Web application assessment tool (such as Whisker or Weblnspect) is more appropriate than a network analyzer (such as Ethereal).
When selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people online. A simple Groups search on google or persual of security portals. such as SecurityFocus.com, SearchSecurity.com, and ITsecurity.com, oftem produces great feedback from other security experts.
Hundreds, if not thousands, of tools can be used for ethical hacking from your own words and actions to software-based vulnerabilities-assessment programs to hardware based network analyzers. The following list runs down some of my favorite commercial, freeware, and open-source security tools:
- Nmap
- EtherPeek
- SuperScan
- QualysGuard
- Weblnspect
- LC4 (formerly called L0phtcrack)
- LANguard Network Security Scanner
- Network Stumbler
- ToneLoc
Here are some other popular tools:
I discuss these tools and many others in parts II through V when I go into the specific hack attacks. Appendix A contains a more comprehensive listing of these tools for your reference.
The capabilities of many security and hacking tools are often misunderstood. This misunderstanding has shed negative light on some excellent tools, such as SATAN (Security Administrator Tool For Analyzing Networks) and Nmap (Network Mapper).
Some of these tools are complex. Whichever tools you use, Familiarize yourself with them before you start using them. Here are ways to do that:
Read the readme and/or online help files for your tools.
Study the user's guide for your commercial tools.
consider formal classroom training from the security-tool vendor or another third-party training provider, if available.
Look for these characteristics in tools for ethical hacking:These features can save you time and effort when you're writing the report.
Adequate documentation
Detailed reports on the discovered vulnerabilities, including how they may be exploited and fixed
Update and support when needed
High-level reports that can be presented to managers or nontechie types
No comments:
Post a Comment