Cybersecurity Training Foundational Courses EC Council Secure Computer User Specialist CyberSAFE (Securing Assets For End-Users) CyberSec First Responder™ Advance Courses CompTIA Security Certified Ethical Hacker v9 Certified Information Security Systems Professional (CISSP) EC Council Security Analyst (ECSA) v9 Training EC-Council Certified Secure Programmer.NET (ECSP EC Council.
In past decades, ethical hacking and penetration testing were performed by only a few security experts. Now almost anyone can report security incidents. Ethical hacking tools allow you to scan, search and find the flaws and vulnerabilities within any company to help make their systems and applications more secure (as seen in the recent Top CVE’s exploited in the wild post published a few weeks ago).
- So in this list we will be seeing the top best hacking tools for windows, Linux and/or Mac OS x users. Disclaimer: HackeRoyale is publishing this article just for educational purposes and we don’t promote malicious practices. Top Best Hacking tools for Windows, Linux & Mac: Metasploit. Metasploit is a big tool very often used for multiple.
- Mac OS X; Linux; Windows; 3. Nmap (Network Mapper) is a free open source security tool used by infosec professionals to manage and audit network and OS security for both local and remote hosts. Despite being one of the oldest security tools in existence (launched in 1997), it continues to be actively updated and receives new improvements.
Today we’ll explore the best ethical hacking tools used by modern security researchers.
15 Ethical Hacking Tools You Can’t Miss
We’ve compiled some of the most popular penetration testing tools to help you through the first steps of a security investigation. You’ll find some of the classic tools that seem to have been around forever and some new tools that might not be familiar.
1. John the Ripper
John the Ripper is one of the most popular password crackers of all time. It’s also one of the best security tools available to test password strength in your operating system, or for auditing one remotely.
This password cracker is able to auto-detect the type of encryption used in almost any password, and will change its password test algorithm accordingly, making it one of the most intelligent password cracking tools ever.
This ethical hacking tool uses brute force technology to decipher passwords and algorithms such as:
- DES, MD5, Blowfish
- Kerberos AFS
- Hash LM (Lan Manager), the system used in Windows NT / 2000 / XP / 2003
- MD4, LDAP, MySQL (using third-party modules)
Another bonus is that JTR is open source, multi-platform and fully available for Mac, Linux, Windows and Android.
![Mac Os X Wireless Hacking Tools Mac Os X Wireless Hacking Tools](/uploads/1/2/6/0/126022977/615457269.jpg)
Stay in the loop with the best infosec news, tips and tools
Follow us on Twitter to receive updates!
2. Metasploit
Metasploit is an open source cyber-security project that allows infosec professionals to use different penetration testing tools to discover remote software vulnerabilities. It also functions as an exploit module development platform.
One of the most famous results of this project is the Metasploit Framework, written in Ruby, which enables you to develop, test and execute exploits easily. The framework includes a set of security tools that can be used to:
- Evade detection systems
- Run security vulnerability scans
- Execute remote attacks
- Enumerate networks and hosts
Metasploit offers three different versions of their software:
- Pro: ideal for penetration testing and IT security teams.
- Community: used by small companies and infosec students.
- Framework: the best for app developers and security researchers.
Supported platforms include:
- Mac OS X
- Linux
- Windows
3. Nmap
Nmap (Network Mapper) is a free open source security tool used by infosec professionals to manage and audit network and OS security for both local and remote hosts.
Despite being one of the oldest security tools in existence (launched in 1997), it continues to be actively updated and receives new improvements every year.
It’s also regarded as one of the most effective network mappers around, known for being fast and for consistently delivering thorough results with any security investigation.
What can you do with Nmap?
- Audit device security
- Detect open ports on remote hosts
- Network mapping and enumeration
- Find vulnerabilities inside any network
- Launch massive DNS queries against domains and subdomains
Supported platforms include:
- Mac OS X
- Linux, OpenBSD and Solaris
- Microsoft Windows
4. Wireshark
Wiresharkis a free open-source software that allows you to analyze network traffic in real time. Thanks to its sniffing technology, Wireshark is widely known for its ability to detect security problems in any network, as well as for its effectiveness in solving general networking problems.
While sniffing the network, you’re able to intercept and read results in human-readable format, which makes it easier to identify potential problems (such as low latency), threats and vulnerabilities.
Main features:
- Saves analysis for offline inspection
- Packet browser
- Powerful GUI
- Rich VoIP analysis
- Inspects and decompresses gzip files
- Reads other capture files formats including: Sniffer Pro, tcpdump (libpcap), Microsoft network monitor, Cisco Secure IDS iplog, etc.
- Supported ports and network devices: Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI.
- Protocol decryption includes but not limited to IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Exports results to XML, PostScript, CSV, or plain text
Wireshark supports up to 2000 different network protocols, and is available on all major operating systems including:
- Linux
- Windows
- Mac OS X
- FreeBSD, NetBSD, OpenBSD
5. OpenVAS
OpenVAS (also known as the old classic “Nessus”) is an open-source network scanner used to detect remote vulnerabilities in any hosts. One of the best-known network vulnerability scanners, it’s very popular among system administrators and DevOps and infosec professionals.
Main features
- Powerful web-based interface
- +50,000 network vulnerability tests
- Simultaneous multiple host scanning
- Able to stop, pause and resume scan tasks
- False positive management
- Scheduled scans
- Graphics and statistics generation
- Exports results to plain text, XML, HTML or LateX
- Powerful CLI available
- Fully integrated with Nagios monitoring software
While its web-based interface allows it to be run from any operating system, a CLI is also available and works well for Linux, Unix and Windows operating systems.
The free version can be downloaded from the OpenVAS website, but there is also a commercial enterprise license available from the Greenbone Security (parent company) website.
6. IronWASP
If you’re going to perform ethical hacking, IronWASP is another great tool. It’s free, open source and multi-platform, perfect for those who need to audit their web servers and public applications.
One of the most appealing things about IronWASP is that you don’t need to be an expert to manage its main features. It’s all GUI-based, and full scans can be performed in only a few clicks. So, if you’re just getting started with ethical hacking tools, this is a great way to start.
Some of its main features include:
- Powerful GUI-based interface
- Web scan sequence recording
- Exports results into HTML and RTF file format
- 25+ different web vulnerabilities
- False positive and negative management
- Full Python and Ruby support for its scripting engine
- Can be extended by using modules written in C#, Ruby, and Python
- Supported platforms: Windows, Linux with Wine, and MacOS using CrossOver
7. Nikto
Nikto is another favorite, well-known as part of the Kali Linux Distribution. Other popular Linux distributions such as Fedora already come with Nikto available in their software repositories as well.
This security tool is used to scan web servers and perform different types of tests against the specified remote host. Its clean and simple command line interface makes it really easy to launch any vulnerability testing against your target, as you can see in the following screenshot:
Nikto’s main features include:
- Detects default installation files on any OS
- Detects outdated software applications.
- Runs XSS vulnerability tests
- Launches dictionary-based brute force attacks
- Exports results into plain text, CSV or HTML files
- Intrusion detection system evasion with LibWhisker
- Integration with Metasploit Framework
8. SQLMap
sqlmap is a cool cyber-security tool written in Python that helps security researchers to launch SQL code injection tests against remote hosts. With SQLMap you can detect and test different types of SQL-based vulnerabilities to harden your apps and servers, or to report vulnerabilities to different companies.
Its SQL injection techniques include:
- UNION query-based
- time-based blind
- boolean-based blind
- error-based
- stacked queries
- out-of-band
Main features:
- Multiple database server support: Oracle, PostgreSQL, MySQL and MSSQL, MS Access, DB2 or Informix.
- Automatic code injection capabilities
- Password hash recognition
- Dictionary-based password cracking
- User enumeration
- Get password hashes
- View user privileges and databases
- Database user privilege escalation
- Dump table information
- Executes remote SQL SELECTS
Check out the next video to see the true power of SQLMap using the sqlmap out-of-band injection working with Metasploit integration against Microsoft SQL Server:
9. SQLNinja
SQLNinja is another SQL vulnerability scanner bundled with Kali Linux distribution. This tool is dedicated to target and exploit web apps that use MS SQL Server as the backend database server. Written in Perl, SQLNinja is available in multiple Unix distros where the Perl interpreter is installed, including:
- Linux
- Mac OS X & iOS
- FreeBSD
SQLninja can be run in different types of modes such as:
- Test mode
- Verbose mode
- Fingerprint remote database mode
- Brute force attack with a word list
- Direct shell & reverse shell
- Scanner for outbound ports
- Reverse ICMP Shell
- DNS tunnelled shell
10. Wapiti
Wapiti is a free open-source command-line based vulnerability scanner written in Python. While it’s not the most popular tool in this field, it does a good job of finding security flaws in many web applications.
Using Wapiti can help you to discover security holes including:
- XSS attacks
- SQL injections
- XPath injections
- XXE injections
- CRLF injections
- Server side request forgery
Other features include:
- Runs in verbose mode
- Ability to pause and resume scans.
- Highlights vulnerabilities found inside the terminal
- Generates reports and export into HTML, XML, JSON and TXT
- Activates and deactivates multiple attack modules
- Removes parameters from certain URLs
- Excludes URLs during an attack
- Bypasses SSL certificate verification
- URL extractor from javascript
- Timeout configuration for large scans
- Sets custom user-agent and HTTP headers
11. Maltego
Maltego is the perfect tool for intel gathering and data reconnaissance while you’re performing the first analysis of your target.
In this case, it can be used to correlate and determine relationships between people, names, phone numbers, email addresses, companies, organizations and social network profiles.
Along with online resources like Whois data, DNS records, social networks, search engines, geolocation services and online API services it can also be used to investigate the correlation between internet-based infrastructures including:
- Domain names
- DNS servers
- Netblocks
- IP addresses
- Files
- Web Pages
Main features include:
- GUI-based interface
- Analyzes up to 10.000 entities per graph
- Extended correlation capabilities
- Data sharing in real time
- Correlated data graphics generator
- Exports graphs to GraphML
- Generates entity lists
- Can copy and paste information
This application is available for Windows, Linux, and Mac OS, and the only software requirement is to have Java 1.8 or greater installed.
12. AirCrack-ng
AirCrack-ng is a respected Wifi security suite for home and corporate security investigations. It includes full support for 802.11 WEP and WPA-PSK networks and works by capturing network packets. It then analyzes and uses them to crack Wifi access.
For old-school security professionals, AirCrack-ng includes a fancy terminal-based interface along with a few more interesting features.
Main features:
- Extensive documentation (wiki, manpages)
- Active community (forums and IRC channels)
- Support for Linux, Mac and Windows Wifi detection
- Launches PTW, WEP and Fragmentation attacks
- Supports WPA Migration Mode
- Fast cracking speed
- Multiple Wifi card support
- Integration with 3rd party tools
As a bonus, it comes bundled with a lot of Wifi auditing tools including:
Mac Os X Wireless Hacking Tools Reviews
- airbase-ng
- aircrack-ng
- airdecap-ng
- airdecloak-ng
- airdriver-ng
- aireplay-ng
- airmon-ng
- airodump-ng
- airolib-ng
- airserv-ng
- airtun-ng
- easside-ng
- packetforge-ng
- tkiptun-ng
- wesside-ng
- airdecloak-ng
13. Reaver
Reaver is a great open-source alternative to Aircrack-ng that allows you to audit the security of any Wifi with WPA/WPA2 pass keys. It uses brute force Wifi attack techniques like Pixie dust attacks to crack Wifi-protected setups through common Wifi flaws and vulnerabilities.
Depending on how well-configured the router-level Wifi security is, it can take between 3 to 10 hours to get an effective brute-force cracking result.
Until recently, the original Reaver version was hosted at Google Cloud. After the release version of version 1.6,a forked community edition was launched in Github.
Build-time dependencies
- build-essential
- libpcap-dev
Runtime-time dependencies
- pixiewps (required for pixiedust attack)
It runs well on most Linux distributions.
14. Ettercap
Ettercap is a network interceptor and packet sniffer for LAN networks. It supports active and passive scans as well as various protocols, including encrypted ones such as SSH and HTTPS.
Other capabilities include network and host analysis (like OS fingerprint), as well as network manipulation over established connections -- which makes this tool great for testing man-in-the-middle attacks.
Main features
- Active and passive protocol analysis
- Filters based on IP source and destination, Mac and ARP addresses
- Data injection into established connections
- SSH and HTTPS encryption-based protocols
- Sniffs remote traffic over GRE tunnel
- Extensible with plugins
- Protocol supports include Telnet, FTP, Imap, Smb, MySQL, LDAP, NFS, SNMP, HTTP, etc.
- Determines OS name and version
- Able to kill established LAN connections
- DNS Hijacking
15. Canvas
Canvas is a great alternative to Metasploit, offering more than 800 exploits for testing remote networks.
Mac Hacking Tools
Main features
- Remote network exploitation
- Targets different kind of systems
- Targets selected geographic regions
- Takes screenshots of remote systems
- Downloads passwords
- Modifies files inside the system
- Escalates privileges to gain administrator access
This tool also lets you use its platform to write new exploits or use its famous shellcode generator. It also integrates an alternative to nmap called scanrand, which is especially useful for port scanning and host discovery over mid to large networks.
Supported platforms include:
- Linux
- MacOSX (requires PyGTK)
- Windows (requires Python and PyGTK)
Summary
Software companies reap the most benefits from the rise of automated ethical hacking tools and penetration testing utilities, giving them more ways to increase system security every day.
Automated tools are changing the way hacking is evolving, making ethical penetration testing easier, faster and more reliable than ever. Penetration testing and reporting activities now play a crucial role in the process of identifying security flaws in remote or local software — enabling company owners to quickly prevent vulnerabilities from running wild all over the Internet.
Like many of these valuable tools, we’ve developed SecurityTrails from scratch, combining different domain automation lists and tons of forensic data so you can audit your domain names, DNS and online applications.
Are you ready to unveil the true power of our security toolkit? Grab a free API account today or contact us for consultation.
Do you want to access the ultimate OSINT tool?Fill out the form to learn how SurfaceBrowser™ can help you to explore Domains, DNS Servers, IP addresses and much more. Fill out my form.
Content Written By Henry Dalziel, 2020
Web Vulnerability Scanners For Use In 2020
Web Applications are hugely attractive to hackers and for a million different reasons not least because when they are mismanaged and unpatched then they suddenly become very easy to attack. What we’ve done in this resource is to list a bunch of Web Application Hacking Software that would be able to penetrate and pwn a Website (for example).
In order of priority, we note that these are the most popular Content Management Systems being used today.
- WordPress 28.6%
- Joomla 3.3%
- Drupal 2.3%
- Magneto 1.1%
- Blogger 1.0%
- Shopify 0.8%
So, clearly, with WordPress being the Internet’s #1 most popular CMS there is little doubt nor lack of evidence which shows just how many hackers go after WordPress.
WordPress hacking software is therefore plentiful and in this resource, we try to outline a bunch of tools and software that will help identify how secure your CMS really is.
Acunetix WVS
Acunetix is a web vulnerability scanner that automatically checks web applications. This tool is particularly good at scanning for vulnerabilities such as cross-site scripting, SQL injections, weak password strength on authentication pages and arbitrary file creation. It has a great GUI that has the ability to create compliance reports, security audits, and tools for advanced manual web app testing.
Is Acunetix WVS Free?
It is a commercial program but it’s fast and cheap.
Does Acunetix WVS Work on all Operating Systems?
It currently works on Windows operating systems.
What are the Typical Uses for Acunetix WVS?
Acunetix WVS is used to discover if your website is secure by crawling and analyzing your web applications to find if there are SQL injections. By doing this, its detailed report can identify where web applications need to be fixed.
AppScan
AppScan gives security testing throughout the application development lifecycle.
This tool can also assist with security assurance early in the development phase and easing unit testing. This tool can scan for many common vulnerabilities such as HTTP response splitting, cross-site scripting, hidden field manipulation, parameter tampering, buffer overflows, backdoors/debug options and many more.
Is AppScan Free?
The commercial version of this tool is available. Free trial versions might also be offered.
Does AppScan Work on all Operating Systems?
It only works on Microsoft Windows operating systems.
What are the Typical Uses for AppScan?
AppScan is used to the enhanced mobile application and web application security. It is also used to strengthen regulatory compliance and improve application security program management. This tool will also help users in identifying security vulnerabilities, generate reports and fix recommendations.
Burp Suite
Burp Site is a platform that contains different kinds of tools with many interfaces between them that are designed to facilitate and speed up processes of attacking applications.
All these tools share the same framework for displaying and handling HTTP messages, authentication, persistence, logging, alerting, proxies and extensibility.
Is Burp Suite Free?
A paid version is available. Free/trial versions may also be available.
Does Burp Suite Work on all Operating Systems?
Burp Suite Works on Linux, MAC OS X, and Windows operating systems.
What are the Typical Uses for Burp Suite?
This tool is used primarily to attack pentest web applications. It can also be used to read web traffics. Not only this app is useful and reliable. It also offers a lot of features.
Nikto
An open-source web server scanner, Nikto performs tests for over 6700 potentially dangerous files and programs on web servers.
It is also designed to check for over 1250 outdated server versions and specific version problems on over 2700 servers. Aside from that, it also checks server configuration items like the presence of multiple index files, HTTP server options and it will try to identify installed software and web servers. Plugins and scan items are frequently and can be automatically updated.
Although it is not designed to be a stealthy tool, it can test web servers in the fastest time possible. Nonetheless, there is also support for LibWhisker’s anti-IDS methods in case you want to try it by testing your IDS system for example.
Not all checks are security problems but security engineers and webmasters sometimes are not aware of the “info only” type of checks are present on their server. By using Nikto , these “info type” checks are marked in the information printed appropriately. Some check is also being scanned for unknown items in log files.
Is Nikto Website Vulnerability Scanner Free?
Yes, this tool is free to use and in fact, a lot of pentesters like this tool a lot.
Does Nikto Website Vulnerability Scanner Work on all Operating Systems?
Since Nikto is a perl based security testing tool, it will run on most systems with Perl interpreter installed.
What are the Typical Uses for Nikto Website Vulnerability Scanner?
Even if this scanner is free, it still has a lot of uses. Some of the uses include SSL Support, full HTTP proxy support, checking of outdated server components, save reports in various formats like XML, HTML, CSV or NBE, easily customize reports by using Template Engine, multiple ports scanning on a server or multiple servers via input file, identifies the software installed via header, files and favicons, host authentication with NTLM and Basic, checking of common “parking” sites, auto-pause at a specific time and a lot more….
Netsparker
We’ve covered this tool throughout our site on several occasions.
Rather than duplicate the content we recommend that you hit this link for detailed information and more resources on this tool.
OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools for scanning web applications.
This hacking tool is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.
BeEF
Browser Exploitation Framework (Beef) is another great professional security tool. This tool will give the experienced penetration tester pioneering techniques.
Unlike other tools, Beef focuses on leveraging browser vulnerabilities to check the security posture of a target. This tool is created solely for penetration testing and lawful research.
Is Beef Free?
Beef is free to use.
Does Beef Work on all Operating Systems?
Beef is available for Windows, Linux, and Mac OS X operating systems.
What are the Typical Uses for Beef?
This tool that can demonstrate the collecting of browser vulnerabilities or zombie browsers in real-time. It gives a control and command interface which facilitates the targeting of groups or individuals of zombie browsers. It is built to make the creation of new exploit modules easy.
Core Impact
Core Impact is considered to be the greatest exploitation tool available.
It has a huge and regularly updated database of exploits and can do neat tricks like exploiting one computer system than building an encrypted tunnel through that system to reach and exploit other machines.
Is Core Impact Free?
No, and this tool is expensive (about $30,000).
Does Core Impact Work on all Operating Systems?
Core Impact is natively working on Microsoft Windows.
What are the Typical Uses for Core Impact?
With this tool, users can: Leverage true multi-vector testing capabilities across network, web, mobile, and wireless. Run and check for a high level of unique CVEs (in some cases more than other multi-purpose tools) and validate patching efforts to ensure vulnerabilities were remediated correctly.
Dradis
Dradis Framework is an open-source tool that enables users to have effective information and data sharing especially during security assessments. Features include an easy report generation, attachment support, integration with existing systems and tools through server plugins and platform-independent.
Is Dradis Free?
Dradis is free.
Does Dradis Work on all Operating Systems?
Dradis is compatible with Linux, MAC OS X, and Windows operating systems.
What are the Typical Uses for Dradis?
Dradis is used to enable effecting the sharing of information or data among participants in a penetration test. Dradis is also a self-contained web tool that gives a centralized repository of data to keep track of what has been done and what is still ahead.
Metasploit
Metasploit is a very popular hacking framework with hundreds (if not thousands) of scripts that you can use to find and progress with your hack. We’ve already covered this tool on our site and we’d encourage you to visit this link here for more details.
Social Engineer Toolkit
Written by the founder of TrustedSec, Social-Engineer Toolkit (SET) is an open-source Python-based tool aimed at penetration testing around Social Engineering.
SET has been discussed and presented at conferences including DerbyCOn, Defcon, ShmooCon, and Blackhat. This tool has over two million downloads, this engineering toolkit is the standard for penetration tests and is support by the security community. SET has also been featured in a number of books such as “Metasploit: The Penetration’s Tester’s Guide” that is also written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.
Is the Social-Engineer Toolkit Free?
Yes, all official versions are free of use.
Does Social-Engineer Toolkit Work on all Operating Systems?
SET works on Linux, MAC OS X, and Microsoft operating systems.
What are the Typical Uses for Social-Engineering Toolkit?
The main purpose of the set is to improve and automate a lot of the social engineering attacks out there. This tool can automatically generate exploit hiding email messages or web pages.
sqlmap
sqlmap is an open-source tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It includes a powerful detection engine, a lot of niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Is Sqlmap free?
Yes, sqlmap is free to use and works out of the box with Python version 2.6.x and 2.7.x on any platform
1. Fully support MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
2. Fully support for 6 SQL injection techniques which are boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
3. It contains support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port, and database name.
4. Contains support to enumerate users, password hashes, privileges, roles, databases, tables, and columns.
5. Contains an automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
6. Contains support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
7. Contains support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
8. Contains support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
9. Contains support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
10. Contains support to create an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
11. Contains support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.
Some options for python sqlmap.py
Helpful Stuff
-h, –help
Show basic help message and exit-hh Show
advanced help message and exit–version
Show program’s version number and exit-v VERBOSE
Verbosity level: 0-6 (default 1) Target:
At least one of these options has to be provided to define the target(s) -d DIRECT
Connection string for direct database connection -u URL, –url=URL Target URL (e.g. “http://www.site.com/vuln.php?id=1”)
-l LOGFILE
Parse target(s) from Burp or WebScarab proxy log file -x SITEMAPURL
Parse target(s) from remote sitemap(.xml) file -m BULKFILE
Scan multiple targets given in a textual file -r REQUESTFILE
Load HTTP request from a file -g GOOGLEDORK
Process Google dork results as target URLs -c CONFIGFILE
Load options from a configuration INI fileWhat are the Typical Uses for sqlmap?
Sqlmap is written in python and is considered as one of the most powerful and popular sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. This hacking tool can even read and write files on the remote file system under certain conditions. sqlmap is like Metasploit of sql injections.
How To Install Sqlmap?
This tool works best on Linux, preferably something like Kali Linux, Backbox or any other flavours therein for Pentesting Purposes.
Step 1: sqlmap -u “http://www.yourwebsiteurl.com/section…(without quotation marks)” –dbs
Step 2: sqlmap -u “http://www.yourwebsiteurl.comsection….(without quotation marks)” -D database_name –tables
Step 3: sqlmap -u “http://www.yourwebsiteurl.com/section…(without quotation marks)” -D database_name -T tables_name –columns
Step 4: sqlmap -u “http://www.site.com/section.php?id=51(without quotation marks)” -D database_name -T tables_name -C column_name –dump
sqlninja
SQL Ninja enables users to exploit web applications that use a Microsoft SQL Server as its database backend.
It focuses on getting a running shell on a remote host. This tool automates the exploitation process once an SQL injection has been discovered.
Is SQL Ninja Free?
Yes! all versions of this tool are free of charge.
Does SQL Ninja Work on all Operating Systems?
SQL Ninja works on Linux and Mac OS X operating systems.
What are the Typical Uses for SQL Ninja?
This tool is best used by cyber professionals to assist in automating the process of taking over a database server when a SQL Injection vulnerability has been discovered. If you are interested in this tool then you should go ahead and also take a look at SQL Map.
w3af
w3af is one of the most popular, flexible and powerful tools for finding and exploiting web application vulnerabilities.
It is very easy to use and it offers dozens of features of exploitation and web assessment plugins. Others call it a web-focused Metasploit. w3af is divided into 2 main parts which are the core and the plugins. Plugins are categorized into different types and these are discovery, bruteforce, audit, evasion, grep, Attack, output and mangle.
Is w3af Free?
All versions of this tool are free.
Does w3af Work on all Operating Systems?
It works on Windows, Linux and Mac OS X operating systems.
What are the Typical Uses for w3af?
The use of this goal is to create a framework that will help users secure web applications by discovering and exploiting all web application vulnerabilities.