Security

The hacking toolkit: 13 essential network security utilities

By // August 11, 2016, 6:02 AM PST // danpatterson

Image 1 of 14

  • A slideshow of the top tools hackers use to snoop, swipe, and attack corporate systems

    Image: iStock / TeamOktopus

    Hacking grabs headlines because it's very easy to visualize shadowy cabals of nefarious Bad Guys perched behind glowing monitors pecking at secret sauce software that will soon cripple your network, or swipe critical corporate data.

    To be clear, this does happen every day. Corporate and SMB networks are at risk at all times of being penetrated and exploited. However, with a few exceptions, hacking teams rarely conspire in the shadows. Most groups function more like businesses that rely on time-tested software to achieve tactical goals.

    SEE: Enterprise encryption: Trends, strategic needs, and best practices (Tech Pro Research story)

    "Magic bullet" software does not exist. There is no single app that will be used to attack, or help defend all desktop, mobile, and IoT networks. Instead, a suite of open source and commercial software is used to map networks, sniff packets, and crack passwords. These are the most widely used exploitation tools.

    Read more

    ​Image: iStock / TeamOktopus

  • The Social Engineer Toolkit

    Humans are often the weakest link in the security chain. The Social Engineer Toolkit is a suite of apps that will send spearfishing attacks, spoof SMS messages, and mask malware as media files.

    Image: http://www.social-engineer.org

  • Metasploit

    The world-famous Metasploit by Rapid7 is network penetration software for IT professionals and network managers that features updated exploit lists, as well as spearfishing, network mapping, and password brute force tools.

    Image: Rapid7

  • Nmap

    Nmap is a great way to map a network. The free, open source auditing tool identifies network shape, and locates firewalls, IP filters, and other network ports.

    Image: http://Nmap.org

  • Cain and Abel

    Need to retrieve a lost a password? Cain and Abel will sniff your network, locate password files, then crack the encryption. The decryption app works with other types of locked files, including Wi-Fi passwords and cached voice conversations.

    Image: http://www.oxid.it/

  • John the Ripper

    John the Ripper is a speedy, open source password decryption utility for Linux and Macs that can autodetect password hashes, then automatically apply a variety of attacks, including dictionary and brute force hacks.

    Image: http://www.openwall.com/

  • Hash Suite

    Hash Suite is a fast and powerful password cracking application for Windows. The software isn't free but is reasonably priced and, for SMBs in particular, worth the investment.

    Image: http://openwall.net

  • Wireshark

    Wireshark is a widely used packet sniffer that can identify, track, and visualize all network IP traffic.

    Image: https://www.wireshark.org/

  • Ettercap

    Ettercap is an unambiguous, unapologetic man-in-the-middle exploitation tool that can intercept IP traffic, grab passwords, and eavesdrop on network activity.

    Image: https://ettercap.github.io

  • Burp Suite

    Need to manage your network and perform a number of security tests? Try the Burp, a comprehensive, modular, and automated network scanning application.

    Image: https://portswigger.net

  • GnuPG

    If you're a network admin, you need to be familiar with how email encryption works. GnuPG, an open source security app, is compatible with most major email clients and makes the PGP learning process simple.

    Image: https://www.gnupg.org/

  • PuTTY

    Ditch the kludgey Windows command line and communicate with servers and telnet securely using PuTTY, the popular, open source terminal emulator.

    Image: http://www.putty.org/

  • Maltego

    Maltego is a network data mining, forensics, and link visualization tool developed by security firm Paterva.

    Image: https://www.paterva.com

    Lenovo

  • Kali Linux

    Kali is a privacy-focused Linux distribution that's easy to install using your Windows box and runs from a common flash drive on nearly every machine. The distribution is loaded with several hundred network administration, forensics, and penetration tools. And like the Tails OS, Kali leaves no trace of use and is hyper-encrypted.

    Image: https://www.kali.org/

A slideshow of the top tools hackers use to snoop, swipe, and attack corporate systems

Image: iStock / TeamOktopus

Hacking grabs headlines because it's very easy to visualize shadowy cabals of nefarious Bad Guys perched behind glowing monitors pecking at secret sauce software that will soon cripple your network, or swipe critical corporate data.

To be clear, this does happen every day. Corporate and SMB networks are at risk at all times of being penetrated and exploited. However, with a few exceptions, hacking teams rarely conspire in the shadows. Most groups function more like businesses that rely on time-tested software to achieve tactical goals.

SEE: Enterprise encryption: Trends, strategic needs, and best practices (Tech Pro Research story)

"Magic bullet" software does not exist. There is no single app that will be used to attack, or help defend all desktop, mobile, and IoT networks. Instead, a suite of open source and commercial software is used to map networks, sniff packets, and crack passwords. These are the most widely used exploitation tools.

Read more

​Image: iStock / TeamOktopus

Related Topics:

Security Software CXO Hardware Mobility Data Centers Cloud

By Dan Patterson

Dan is a Senior Producer for CNET and CBS News.