What are some commonly used tools for security testing?

This article has compiled several commonly used tools and related learning materials for security testing. I hope it will be helpful to everyone.

(Learning video sharing: Programming video)

Port scanner: Nmap

Nmap is the abbreviation of "Network Mapper", as we all know , which is a very popular free and open source hacking tool. Nmap is used for network discovery and security auditing. According to statistics, thousands of system administrators around the world use nmap to discover networks, check open ports, manage service upgrade plans, and monitor host or service uptime. Nmap is a tool that uses raw IP data packets to determine in a very innovative way which hosts are on the network, which services (application name and version) on the hosts provide what data, what operating system, what type, what version of the packet Filtering/Firewall is being used by the target. One of the benefits of using nmap is that the administrator user can determine whether the network needs to be packed. nmap has appeared in all hacker movies, especially the recent Mr. Robot series.

Nmap learning materials

Videos: https://www.concise-courses.com/hacking-tools/videos/category/2/nmap

Books: https: //www.concise-courses.com/books/nmap/

Similar tools: https://www.concise-courses.com/hacking-tools/port-scanners/

Network Vulnerability Scanner: Acunetix

Acunetix is ​​a very popular and widely used automatic vulnerability scanner. Acunetix crawls and scans websites and web applications for SQL injection, XSS, XXE, SSRF and host header attacks. and over 500 other web vulnerabilities. renew! Acunetic enthusiasts have released a 100% free video course so you can effectively learn how to use this awesome network vulnerability scanner! Links to more information about Acunetix and to register for Acunetix.

Acunetix learning materials

Videos: https://www.concise-courses.com/learn/how-to-scan-for-vulnerabilities/

Books: https ://www.concise-courses.com/books/

Vulnerability Monitoring Tool: Metasploit

The Metasploit project is a very popular and widely used penetration testing and attack framework. If you are new to Metasploit, you will think of it as a "collection of hacking tools" that can be used to perform a variety of tasks. Metasploit is used by professional cybersecurity researchers as well as a large number of hackers, and it is considered a must-learn for security researchers. Metasploit is essentially a computer security project (framework) that provides users with primary information about known security vulnerabilities, and Metasploit helps specify penetration testing and IDS monitoring plans, strategies, and exploitation plans. Metasploit has so many advantages that I won’t list them all. I hope the video below can help you learn Metasploit. If you are a beginner, here are more beginner tutorials for you.

Metasploit learning materials

Videos: https://www.concise-courses.com/hacking-tools/videos/category/3/metasploit

Books: https: //www.concise-courses.com/books/metasploit/

Similar tools: https://www.concise-courses.com/hacking-tools/vulnerability-exploitation-tools/

Forensics:Maltego

Maltego is different from other forensic tools because it works within the scope of digital forensics. Maltego is a platform designed to deliver a comprehensive cyber threat picture to the local environment of an enterprise or other organization conducting forensics. The great thing about Maltego, and the reason why it is so popular (as it is in the top 10 in Kali) is its unique perspective because it provides both entity-based networks and sources, aggregating information from the entire network - both Whether it's the current configuration of your network's vulnerable routes or your employees' current international access, Maltego can locate, aggregate and visualize this data! The editor recommends that interested students also learn OSINT network security data.

Maltego learning materials

Videos: https://www.concise-courses.com/hacking-tools/videos/category/13/maltego

Books: https: //www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/hacking-tools/forensics/

Network vulnerability scanner: OWASP Zed

Zed's Proxy Attack (ZAP) is one of the most popular OWASP projects now. The fact that you are seeing this page means that you are probably an experienced network security researcher, so you are probably very familiar with OWASP. Of course, OWASP ranks in the top ten of the threat list, and it is used as a guide to learning web application security. This penetration tool is very effective and very simple to use. ZAP is popular because it has many extensions supported, and the OWASP community is a really great resource for cybersecurity research. ZAP offers automated scanning as well as many tools that allow you to professionally discover network security vulnerabilities. Understanding this tool well and becoming a master at using it can greatly benefit a penetration tester's career. If you are a developer, this tool will make you a great hacker.

OWASP Zed learning materials

Videos: https://www.concise-courses.com/hacking-tools/videos/category/14/owasp-zed

Books ：https://www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/hacking-tools/web-vulnerability-scanners/

Manual analysis package tool: Wireshark

If we say nmap ranking The number one hacking tool, then Wireshark must be the second most popular tool. Wireshark has been around for a long time and is used by thousands of security researchers to troubleshoot and analyze network problems and network intrusions. Wireshark is a packet capture tool, or more precisely, it is an effective open source platform for analyzing packets. It is worth mentioning that Wireshark is cross-platform. We originally thought that it could run in GNU/Linux, but we were wrong. Wireshark is available in both Windows, Linux and even OS X. There is also a terminal version similar to Wireshark called Shark. There is a lot of information about Wireshark to help you become a Wireshark expert.

Wireshark learning materials

Videos: https://www.concise-courses.com/hacking-tools/videos/category/16/wireshark

Books: https: //www.concise-courses.com/books/wireshark/

Similar tools: https://www.concise-courses.com/hacking-tools/packet-crafting-tools/

Network Vulnerability Scanner: Burp Suite

Burp Suite is a lot like Maltego in a way, in that it also has a bunch of tools to help penetration testers and hackers. There are two commonly used applications in Burp Suite. One is called "Burp Suite Spider", which can enumerate and draw each page of a website and its parameters by monitoring cookies and initializing the connections of these web applications; the other is called "Intruder". It can automate web application attacks. Likewise, if you are a network security researcher or doing penetration testing, Burp Suite is also a must-learn tool.

Burp Suite learning materials

Video: https://www.concise-courses.com/hacking-tools/videos/category/7/burp-suite

Books : https://www.concise-courses.com/books/burp-suite/

Similar tools: https://www.concise-courses.com/hacking-tools/web-vulnerability-scanners/

Password Cracker: THC Hydra

THC Hydra is a very popular password cracker developed by a very active and experienced development team. Basically THC Hydra is a fast and stable network login attack tool that uses dictionary attacks and brute force attacks to try a large number of password and login combinations to log in to the page. The attack tools support a range of protocols, including mail (POP3, IMAP, etc.), databases, LDAP, SMB, VNC and SSH.

THC Hydra learning materials

Videos: https://www.concise-courses.com/hacking-tools/videos/

Books: https://www. concise-courses.com/books/

Similar tools: https://www.concise-courses.com/hacking-tools/password-crackers/

Password cracking: Aircrack-ng

The Aircrack component for Wifi cracking is a legend among attack tools because it is so effective! For the newbies who don't know much about invalidation attacks, Aircrack-ng is an 802.11 WEP and WPA-PSK key cracking attack tool and can recover keys when enough packets are captured. For those who are studying the penetration and auditing of wireless networks, aircrack-ng will become your best partner. Aircrack-ng optimizes the KoreK attack using standard FMS attacks and makes PTW attacks more effective. If you are an average hacker, you can crack WEP in a few minutes, and you should be very proficient at cracking WPA/WPA2. If you are interested in wireless network attacks, we highly recommend you check out Reaver, which is also a very popular hacking tool.

Aircrack-ng learning materials

Video: https://www.concise-courses.com/hacking-tools/videos/category/12/aircrack-ng

Books: https://www.concise-courses.com/books/aircrack-ng/

Similar tools: https://www.concise-courses.com/hacking-tools/password-crackers/

Code Breaking: John The Ripper

John The Ripper wins the award for coolest name! Commonly known as "John", it is also a very popular password cracking penetration testing tool and is often used to perform dictionary attacks. John the Ripper uses text strings as samples (samples from text files, called word lists, containing popular and complex words found in dictionaries or words that have been used in previous cracks), using the same encryption method The cracking method (including encryption algorithm and key) is used to crack, and then the output of the encrypted string is compared to obtain the cracking key. This tool can also be used to perform variations of dictionary attacks.

John The Ripper learning materials

Video: https://www.concise-courses.com/hacking-tools/videos/category/1/john-the-ripper

Books: https://www.concise-courses.com/books/

Similar tools: https://www.concise-courses.com/books/

Related recommendations: Website Security Tutorial

The above is the detailed content of What are some commonly used tools for security testing?. For more information, please follow other related articles on the PHP Chinese website!