|Linux is the hacker operating system par excellence. This is so not because it is "complicated" to use but because of the huge amount of hacking and security tools developed for this system. In this post, we list just some of the most important ones.|
1. John the Ripper: password cracking tool. It is one of the best known and most popular (it also has a Windows version). In addition to autodetecting the password hash, you can configure it however you want. You can use it in encrypted passwords for Unix (DES, MD5 or Blowfish), Kerberos AFS and Windows. It has additional modules to include password hashes encrypted in MD4 and stored in LDAP, MySQL and others.
2. Nmap: Who does not know Nmap? Without a doubt the best program for network security. You can use it to find computers and services on a network. It is mostly used for port scanning, but this is only one of its possibilities. It is also capable of discovering passive services on a network as well as giving details of the discovered computers (operating system, time that it has been connected, software used to execute a service, presence of a firewall or even the brand of the remote network card). It works on Windows and Mac OS X too.
3. Nessus: tool to find and analyze software vulnerabilities, such as those that can be used to control or access data on the remote computer. It also locates default passwords, patches not installed, etc.
4. chkrootkit: basically it is a shell script to allow discovering rootkits installed in our system. The problem is that many current rootkits detect the presence of programs like this so as not to be detected.
5. Wireshark: Packet sniffer, used to analyze network traffic. It's similar to tcpdump (we'll talk about it later) but with a GUI and more sorting and filter options. Put the card in promiscuous mode to be able to analyze all network traffic. It is also for Windows.
6. untroubled: tool that allows opening TCP / UDP ports on a remote computer (afterwards it listens), associating a shell to that port and forcing UDP / TCP connections (useful for port tracing or bit-by-bit transfers between two computers).
7. Kismet: network detection, packet sniffer and intrusion system for 802.11 wireless networks.
8. hping: packet generator and analyzer for the TCP / IP protocol. In the latest versions, scripts based on the Tcl language can be used and it also implements a string engine (text strings) to describe TCP / IP packets, in this way it is easier to understand them as well as being able to manipulate them in a fairly easy way .
9. Snort: It is a NIPS: Network Prevention System and a NIDS: Network Intrusion Detetection, capable of analyzing IP networks. It is mainly used to detect attacks such as buffer overflows, access to open ports, web attacks, etc.
10. Tcpdump: debugging tool that runs from the command line. It allows you to see the TCP / IP packets (and others) that are being transmitted or received from the computer.
11. Metasploit: this tool that provides us with information on security vulnerabilities and allows penetration tests against remote systems. It also has a framework to make your own tools and is for both Linux and Windows. There are many tutorials on the net where they explain how to use it.